manualshive.com logo in svg

AMX NXA-ENET8-POE+, Инструкция по эксплуатации, Страница: 156 / 283

Поделиться
Скачать
AMX NXA-ENET8-POE+ Скачать руководство пользователя страница 156

Security Measures

156

 Instruction Manual - NXA-ENET8-POE+

Access Control Lists

Access Control Lists (ACL) provide packet filtering for IPv4/IPv6 frames (based on address, protocol, Layer 4 protocol port number 

or TCP control code), IPv6 frames (based on address, DSCP traffic class, or next header type), or any frames (based on MAC 

address or Ethernet type). To filter incoming packets, first create an access list, add the required rules, and then bind the list to a 

specific port.

Configuring Access Control Lists -

An ACL is a sequential list of permit or deny conditions that apply to IP addresses, MAC addresses, or other more specific criteria. 

This switch tests ingress or egress packets against the conditions in an ACL one by one. A packet will be accepted as soon as it 

matches a permit rule, or dropped as soon as it matches a deny rule. If no rules match, the packet is accepted.

Command Usage

The following restrictions apply to ACLs:



The maximum number of ACLs is 512.



The maximum number of rules per system is 2048 rules.



An ACL can have up to 2048 rules. However, due to resource restrictions, the average number of rules bound to the ports 

should not exceed 20.



The maximum number of rules that can be bound to the ports is 64 for each of the following list types: MAC ACLs, IP ACLs 

(including Standard and Extended ACLs), IPv6 Standard ACLs, and IPv6 Extended ACLs.
The maximum number of rules (Access Control Entries, or ACEs) stated above is the worst case scenario. In practice, the 

switch compresses the ACEs in TCAM (a hardware table used to store ACEs), but the actual maximum number of ACEs 

possible depends on too many factors to be precisely determined. It depends on the amount of hardware resources 

reserved at runtime for this purpose.
Auto ACE Compression is a software feature used to compress all the ACEs of an ACL to utilize hardware resources more 

efficiency. Without compression, one ACE would occupy a fixed number of entries in TCAM. So if one ACL includes 25 ACEs, 

the ACL would need (25 * n) entries in TCAM, where n is the fixed number of TCAM entries needed for one ACE. When 

compression is employed, before writing the ACE into TCAM, the software compresses the ACEs to reduce the number of 

required TCAM entries. For example, one ACL may include 128 ACEs which classify a continuous IP address range like 

192.168.1.0~255. If compression is disabled, the ACL would occupy (128*n) entries of TCAM, using up nearly all of the 

hardware resources. When using compression, the 128 ACEs are compressed into one ACE classifying the IP address as 

192.168.1.0/24, which requires only n entries in TCAM. The above example is an ideal case for compression. The worst 

case would be if no any ACE can be compressed, in which case the used number of TCAM entries would be the same as 

without compression. It would also require more time to process the ACEs.



If no matches are found down to the end of the list, the traffic is denied. For this reason, frequently hit entries should be 

placed at the top of the list. There is an implied deny for traffic that is not explicitly permitted. Also, note that a single- entry 

ACL with only one deny entry has the effect of denying all traffic. You should therefore use at least one permit statement in 

an ACL or all traffic will be blocked.
Because the switch stops testing after the first match, the order of the conditions is critical. If no conditions match, the 

packet will be denied.

The order in which active ACLs are checked is as follows:
1.

User-defined rules in IP and MAC ACLs for ingress or egress ports are checked in parallel.

2.

Rules within an ACL are checked in the configured order, from top to bottom.

3.

If the result of checking an IP ACL is to permit a packet, but the result of a MAC ACL on the same packet is to deny it, the 

packet will be denied (because the decision to deny a packet has a higher priority for security reasons). A packet will also be 

denied if the IP ACL denies it and the MAC ACL accepts it.

Showing TCAM Utilization

Use the Security > ACL (Configure ACL - Show TCAM) page to show utilization parameters for TCAM (Ternary Content Addressable 

Memory), including the number policy control entries in use, the number of free entries, and the overall percentage of TCAM in use.

Command Usage

Policy control entries (PCEs) are used by various system functions which rely on rule-based searches, including Access Control 

Lists (ACLs), IP Source Guard filter rules, Quality of Service (QoS) processes, QinQ, MAC-based VLANs, VLAN translation, or traps.
For example, when binding an ACL to a port, each rule in an ACL will use two PCEs; and when setting an IP Source Guard filter rule 

for a port, the system will also use two PCEs.
The following table lists the options on this page:

Security - ACL Options

Pool Capability Code

Abbreviation for processes shown in the TCAM List

Unit

Stack unit identifier

Device

Memory chip used for indicated pools

Pool

Rule slice (or call group). Each slice has a fixed number of rules that are used for the specified 

features.

Total

The maximum number of policy control entries allocated to the each pool.

Содержание NXA-ENET8-POE+

Страница 1: ...INSTRUCTION MANUAL NXA ENET8 POE GIGABIT POE ETHERNET SWITCH...

Страница 2: ...ience receptacles and the point where they exit from the apparatus 11 ONLY USE attachments accessories specified by the manufacturer 12 USE ONLY with a cart stand tripod bracket or table specified by...

Страница 3: ...s device complies with part 15 of the FCC Rules Operation is subject to the following two conditions 1 This device may not cause harmful interference and 2 this device must accept any interference rec...

Страница 4: ...CHINA COMPLIANCE INFORMATION This appliance is labeled in accordance with European Directive 2012 19 EU concerning waste of electrical and electronic equipment WEEE This label indicates that this pro...

Страница 5: ...Port Configuration 18 Port Mirroring 18 Port Trunking 18 Congestion Control 18 Address Table 18 IP Version 4 and 6 18 IEEE 802 1D Bridge 18 Store and Forward Switching 18 Spanning Tree Algorithm 18 V...

Страница 6: ...ack Package and Check Contents 23 Install the Chassis 23 Connect AC Power to Power On 24 Verify Switch Operation 24 Make Initial Configuration Changes 24 Through an RJ 45 Port 24 Through the Console P...

Страница 7: ...onfiguration Options 38 Panel Display 38 Basic Management Tasks 39 Overview 39 System Information 39 Hardware Software Versions 40 System Capabilities 40 Configuring Support for Jumbo Frames 41 Usage...

Страница 8: ...d Usage 66 Displaying Transceiver Data 69 Configuring Transceiver Thresholds 69 Trunk Configuration 71 Command Usage 71 Configuring a Static Trunk 71 Command Usage 71 Configuring a Dynamic Trunk 73 Co...

Страница 9: ...Changing the Aging Time 98 Displaying the Dynamic Address Table 98 Clearing the Dynamic Address Table 99 Issuing MAC Address Traps 100 Spanning Tree Algorithm 101 Overview 101 Configuring Loopback Det...

Страница 10: ...view 131 Configuring VoIP Traffic 131 Command Usage 131 Configuring Telephony OUI 132 Configuring VoIP Traffic Ports 133 Command Usage 133 Security Measures 134 AAA Authentication Authorization and Ac...

Страница 11: ...ring a MAC ACL 163 Configuring an ARP ACL 164 Binding a Port to an Access Control List 165 Showing ACL Hardware Counters 166 ARP Inspection 167 Command Usage 167 Configuring Global Settings for ARP In...

Страница 12: ...scovery Protocol 190 Setting LLDP Timing Attributes 190 Configuring LLDP Interface Attributes 191 Configuring LLDP Interface Civic Address 194 Command Usage 194 Displaying LLDP Local Device Informatio...

Страница 13: ...Specifying Static Interfaces for a Multicast Router 236 Command Usage 236 Assigning Interfaces to Multicast Services 238 Command Usage 238 Setting IGMP Snooping Status per Interface 239 Command Usage...

Страница 14: ...Usage 259 Displaying the DNS Cache 260 Command Usage 260 Dynamic Host Configuration Protocol 260 Specifying a DHCP Client Identifier 260 Command Usage 260 Configuring DHCP Relay Service 261 Command Us...

Страница 15: ...Support 278 Class of Service 278 Quality of Service 278 Multicast Filtering 278 IP Routing 278 Additional Features 278 Management Features 279 In Band Management 279 Out of Band Management 279 Softwa...

Страница 16: ...For more information see the Connecting to Twisted Pair Copper Ports section on page 30 Port Status LEDs For information on port status LED indicators see the Understanding the Port Status LEDs secti...

Страница 17: ...s NXA ENET8 POE Hardware Specifications Ports 8 1000BASE T RJ 45 ports with Auto negotiation 2 Gigabit SFP transceiver slots Network Interface Ports 1 8 RJ 45 connector auto MDI X Ports 9 10 Gigabit S...

Страница 18: ...per system DHCP DHCPv6 Client Relay Relay Option 82 Port Configuration Speed duplex mode and flow control Port Mirroring 3 sessions one or more source ports to an analysis port Port Trunking Supports...

Страница 19: ...specific ports or use auto negotiation to detect the connection settings used by the attached device Use full duplex mode on ports whenever possible to double the throughput of switch connections Flow...

Страница 20: ...node changes moves by remotely configuring VLAN membership for any port rather than having to manually change the network connection Provide data security by restricting all traffic to the originating...

Страница 21: ...fault_Config cfg To reset the switch defaults this file should be set as the startup configuration file The following table lists some of the basic system defaults NXA ENET8 POE System Defaults Functi...

Страница 22: ...QinQ Tunneling Disabled Traffic Prioritization Ingress Port Priority 0 Queue Mode WRR Queue Weight Queue 0 1 2 3 4 5 6 7 Weight 1 2 4 6 8 10 12 14 Class of Service Enabled IP DSCP Priority Disabled IP...

Страница 23: ...sks Follow these tasks to install the switch in your network For full details on each task go to the relevant chapter or section by clicking on the link CAUTION Before installing your switch first rev...

Страница 24: ...the System Status LEDs section on page 34 for more information Make Initial Configuration Changes At this point you may need to make a few basic switch configuration changes before connecting to the n...

Страница 25: ...29 for more information 1 10 100 1000BASE T RJ 45 Port 2 Twisted pair Cable with RJ 45 Plug Switch Chassis The switch is designed to be installed in a standard 19 inch equipment rack General Installat...

Страница 26: ...o not completely fill the rack or cabinet with equipment allow some unused space within the enclosure for better airflow How to Install the Switch in a Rack When rack mounting the switch pay particula...

Страница 27: ...nto the rack so that it is aligned with the marked holes 4 The second person should secure the switch in the rack using four rack mounting screws not provided 5 If installing a single switch only go t...

Страница 28: ...4 Attach a 6 AWG stranded copper wire to the grounding terminal on the switch The switch chassis is connected internally to 0 V This circuit is connected to the single hole grounding terminal on the r...

Страница 29: ...arate piece of equipment Display a copy of your equipment map including meanings of all abbreviations at each equipment rack Understanding the Port Status LEDs The switch includes LED indicators for e...

Страница 30: ...twork device PCs servers switches routers or hubs The connection requires an unshielded twisted pair UTP or shielded twisted pair STP cable with RJ 45 connectors at both ends Copper Cabling Guidelines...

Страница 31: ...X MDI and MDI X Port Pinouts Pin MDI Signal Name MDI X Signal Name 1 Transmit Data plus TD 52V power Negative Vport Receive Data plus RD GND Positive Vport 2 Transmit Data minus TD 52V power Negative...

Страница 32: ...n to indicate that the connection is valid Connecting to SFP Fiber Optic Ports The switch provides four slots for SFP compliant fiber optic transceivers Note that all 1000BASE fiber optic ports operat...

Страница 33: ...e fiber terminators are clean You can clean the cable plugs by wiping them gently with a clean tissue or cotton ball moistened with a small amount of ethanol Dirty fiber terminators on fiber optic cab...

Страница 34: ...Port The RJ 45 Console port on the front panel of the switch is used to connect a console device to the switch for out of band console configuration The console device can be a PC or workstation runni...

Страница 35: ...est The switch also offers a user friendly web based management interface for the configuration of all the unit s features You can make initial configuration changes by connecting a PC directly to one...

Страница 36: ...s Any unsaved changes in the currently running configuration will be lost and the only the saved settings in the startup configuration file will be used when the switch reboots Resetting to the Factor...

Страница 37: ...ange the settings on any page NOTE If the path between your management station and this switch does not pass through any device that uses the Spanning Tree Algorithm then you can set the switch port a...

Страница 38: ...sure to click on the Apply button to confirm the new setting The following table summarizes the web page configuration buttons Panel Display The web agent displays an image of the switch s ports The...

Страница 39: ...rd Sets thresholds in terms of CPU usage time and number of packets processed per second Displaying Memory Utilization Shows memory utilization parameters Resetting the System Restarts the switch imme...

Страница 40: ...me Configures support for jumbo frames The default setting is disabled Bridge Extension Extended Multicast Filtering Services This switch does not support the filtering of individual multicast address...

Страница 41: ...support Multicast Filtering Traffic Classes and Virtual LANs You can access these extensions to display default settings for the key variables The following table displays the options on this page FI...

Страница 42: ...flash memory space NOTE The file Factory_Default_Config cfg can be copied to a file server or management station but cannot be used as the destination file name on the switch Perform these steps to c...

Страница 43: ...user defined configuration files is limited only by available flash memory space Perform these steps to save the running configuration file 1 Click System File 2 Select Copy from the Action list 3 Sel...

Страница 44: ...n file to be used at startup 4 Click Apply To start using the new firmware or configuration settings reboot the system via the System Reset menu Showing System Files Use the System File Show page to s...

Страница 45: ...gh ECS2100 series bix was requested However keep in mind that the file systems of many operating systems such as Unix and most Unix like systems FreeBSD NetBSD OpenBSD and most Linux distributions etc...

Страница 46: ...ortions of the URL a colon must precede the password and an at symbol must follow the password If the password is omitted then an empty string is the assumed password for the connection host Defines t...

Страница 47: ...from a time server SNTP or NTP Maintaining an accurate time on the switch enables the system log to record meaningful dates and times for event entries You can also manually set the clock If the clock...

Страница 48: ...will query the specified time servers The following table displays the options on this page Perform these steps to set the polling interval for SNTP 1 Click System Time 2 Select Configure General fro...

Страница 49: ...fy the IP address for up to three SNTP time servers The following table displays the options on this page System Time Options Current Time Shows the current time set on the switch Authentication Statu...

Страница 50: ...Time 2 Select Configure Time Server from the Step list 3 Select Show NTP Server from the Action list FIG 35 Specifying SNTP Time Server System Time Options NTP Server IP Address Adds the IPv4 or IPv6...

Страница 51: ...tication keys 1 Click System Time 2 Select Configure Time Server from the Step list 3 Select Show NTP Authentication Key from the Action list System Time Options Authentication Key Specifies the numbe...

Страница 52: ...Summer Time Use the Summer Time page to set the system clock forward during the summer months also known as daylight savings time In some countries or regions clocks are adjusted through the summer mo...

Страница 53: ...our local time when summer time is in effect select the predefined summer time zone appropriate for your location Date Mode Sets the start end and offset times of summer time for the switch on a one t...

Страница 54: ...e timeout interval the connection is terminated for the session Range 10 300 seconds Default 300 seconds Exec Timeout Sets the interval that the system waits until user input is detected If user input...

Страница 55: ...as required 4 Click Apply System Time Options Telnet Status Enables or disables Telnet access to the switch Default Enabled TCP Port Sets the TCP port number for Telnet on the switch Range 1 65535 Def...

Страница 56: ...n the buffer until usage time falls below the low watermark Range 40 100 Default 90 Low Watermark If packet flow has been stopped after exceeding the high watermark normal flow will be restored after...

Страница 57: ...Utilization Use the System Memory Status page to display memory utilization parameters The following table displays the options on this page To display memory utilization click System then Memory Sta...

Страница 58: ...r to system time may need to be refreshed to display the current settings Cancel Cancels the current settings shown in this field System Reload Configuration Reset Mode Restarts the switch immediately...

Страница 59: ...ick System Reset 2 Select the required reset mode 3 For any option other than to reset immediately fill in the required parameters 4 Click Apply 5 When prompted confirm that you want reset the switch...

Страница 60: ...Basic Management Tasks 60 Instruction Manual NXA ENET8 POE FIG 50 Restarting the Switch Regularly...

Страница 61: ...mode or flow control under auto negotiation the required operation modes must be specified in the capabilities list for an interface The 1000BASE T standard does not support forced mode Auto negotiat...

Страница 62: ...d refer to the Configuring by Port List section on page 61 for more information on command usage and a description of the options on the page Perform these steps to configure port connection parameter...

Страница 63: ...Shows if the port is enabled or disabled Oper Status Indicates if the link is Up or Down Shutdown Reason Shows the reason this interface has been shut down if applicable Some of the reasons for shutti...

Страница 64: ...onized data packets FCS Errors A count of frames received on a particular interface that are an integral number of octets in length but do not pass the FCS check This count does not include frames rec...

Страница 65: ...8 Byte Packets 1519 1536 Byte Packets The total number of packets including bad packets received and transmitted where the number of octets fall within the specified range excluding framing bits but i...

Страница 66: ...Trunk Statistics section on page 63 To configure statistical history sampling use the Displaying Statistical History section on page 66 The following table lists the options on this page FIG 55 Showin...

Страница 67: ...entries for a history sample 1 Click Interface Port Statistics or Interface Trunk Statistics 2 Select Show from the Action menu 3 Select an interface from the Port or Trunk list Mode Status Shows the...

Страница 68: ...s or Interface Trunk Statistics 2 Select Show Details from the Action menu 3 Select Current Entry from the options for Mode 4 Select an interface from the Port or Trunk list 5 Select an sampling entry...

Страница 69: ...r and received optical power The switch can display diagnostic information for SFP modules which support the SFF 8472 Specification for Diagnostic Monitoring Interface for Optical Transceivers This in...

Страница 70: ...B of the measured power referenced to one milliwatt mW Threshold values for alarm and warning messages can be configured as described below A high threshold alarm or warning message is sent if the cur...

Страница 71: ...nnections between devices use the web interface or CLI to specify the trunk on the devices at both ends When using a trunk take note of the following points Finish configuring trunks before you connec...

Страница 72: ...5 Set the unit and port for an additional trunk member 6 Click Apply Perform these steps to configure connection parameters for a static trunk 1 Click Interface Trunk Static 2 Select Configure Genera...

Страница 73: ...ACP port admin key matches and 3 the LAG admin key matches if configured However if the LAG admin key is set then the port admin key must be set to the same value for a port to be allowed to join that...

Страница 74: ...General Port Port identifier Range 1 10 26 28 52 LACP Status Enables or disables LACP on a port Configure Aggregation Port Actor Partner Port Port number Range 1 10 28 Admin Key The LACP administrati...

Страница 75: ...namic 2 Select Configure Aggregation Port from the Step list 3 Select Configure from the Action list 4 Click General 5 Enable LACP on the required ports 6 Click Apply Perform these steps to configure...

Страница 76: ...Dynamic Configure Aggregation Port Show Information Counters page to display statistics for LACP protocol messages The following table lists the options on this page FIG 71 Showing Members of a Dynam...

Страница 77: ...e Administrative or operational values of the actor s state parameters Expired The actor s receive machine is in the expired state Defaulted The actor s receive machine is using defaulted operational...

Страница 78: ...Device Configuration Information Partner Admin System ID LAG partner s system ID assigned by the user Partner Oper System ID LAG partner s system ID assigned by the LACP protocol Partner Admin Port N...

Страница 79: ...dress is the same for all traffic Source and Destination IP Address All traffic with the same source and destination IP address is output on the same link in a trunk This mode works best for switch to...

Страница 80: ...e MAC interface is also powered down to save additional energy If energy is detected the switch immediately turns on both the transmitter and receiver functions and powers up the MAC interface Power s...

Страница 81: ...the monitor port The destination port cannot be a trunk or trunk member port Note that Spanning Tree BPDU packets are not mirrored to the target port The following table lists the options on this page...

Страница 82: ...session the switch s role Destination the destination port1 whether or not the traffic exiting this port will be tagged or untagged and the RSPAN VLAN Then specify each uplink port where the mirrored...

Страница 83: ...d must first be reserved for the RSPAN application using the VLAN Static page see page 142 Uplink Port A port on any switch participating in RSPAN through which mirrored traffic is passed on to or rec...

Страница 84: ...rts where security is less likely to be compromised Enabling Traffic Segmentation Use the Interface Traffic Segmentation Configure Global page to enable traffic segmentation The following table lists...

Страница 85: ...o communicate with any other ports If a downlink port is not configured for the session the assigned uplink ports will operate as normal ports The following table lists the options on this page Perfor...

Страница 86: ...ENET8 POE Perform these steps to show the members of the traffic segmentation group 1 Click Interface Traffic Segmentation 2 Select Configure Session from the Step list 3 Select Show from the Action...

Страница 87: ...094 VLANs based on the IEEE 802 1Q standard Distributed VLAN learning across multiple switches using explicit or implicit tagging and GVRP protocol Port overlapping allowing a port to participate in m...

Страница 88: ...ed frame it will pass this frame onto the VLAN s indicated by the frame tag However when this switch receives an untagged frame from a VLAN unaware device it first decides where to forward the frame a...

Страница 89: ...table lists the options on this page FIG 90 Modifying Settings for Static VLANs FIG 91 Showing Static VLANs VLAN Static Options VLAN ID of configured VLAN 1 4094 Interface Displays a list of ports or...

Страница 90: ...does not affect VLAN independent BPDU frames such as GVRP or STP However they do affect VLAN dependent BPDU frames such as GMRP Membership Type Select VLAN membership for each interface by marking th...

Страница 91: ...rface range 1 Click VLAN Static 2 Select Edit Member by Interface Range from the Action list 3 Set the Interface type to display as Port or Trunk 4 Enter an interface range 5 Modify the VLAN parameter...

Страница 92: ...IP subnet based or protocol based VLANs are supported concurrently priority is applied in this sequence and then port based VLANs last Configuring Protocol VLAN Groups Use the VLAN Protocol Configure...

Страница 93: ...ype matches the frame is forwarded to the appropriate VLAN If the frame is untagged but the protocol type does not match the frame is forwarded to the default VLAN for this interface The following tab...

Страница 94: ...et based or protocol based VLANs are supported concurrently priority is applied in this sequence and then port based VLANs last The following table lists the options on this page FIG 98 Showing the In...

Страница 95: ...k to indicate a range of addresses if required 4 Enter an identifier in the VLAN field Note that the specified VLAN need not already be configured 5 Enter a value to assign to untagged frames in the P...

Страница 96: ...static address table see the Setting Static Addresses section on page 97 will be accepted as authorized to access the network through that interface Dynamic addresses stored in the address table when...

Страница 97: ...able The following table lists the options on this page Perform these steps to configure a static MAC address 1 Click MAC Address Static 2 Select Add from the Action list 3 Specify the VLAN the port o...

Страница 98: ...entering the switch When the destination address for inbound traffic is found in the database the packets intended for that address are forwarded directly to the associated port Otherwise the traffic...

Страница 99: ...the options on this page Perform these steps to clear the entries in the dynamic address table 1 Click MAC Address Dynamic 2 Select Clear Dynamic MAC from the Action list 3 Select the method by which...

Страница 100: ...s MAC Notification 2 Select Configure Interface from the Step list 3 Enable MAC notification traps for the required ports 4 Click Apply MAC Address MAC Notification Options Configure Global MAC Notifi...

Страница 101: ...t port on each bridging device except for the root device which incurs the lowest path cost when forwarding a packet from that device to the root device Then it selects a designated bridging device fr...

Страница 102: ...t see the Configuring Multiple Spanning Trees section on page 113 An MST Region may contain multiple MSTP Instances An Internal Spanning Tree IST is used to connect all the MSTP switches within an MST...

Страница 103: ...e the port from the discarding state The following table lists the options on this page Perform these steps to configure loopback detection 1 Click Spanning Tree Loopback Detection 2 Click Port or Tru...

Страница 104: ...ng Tree Status Enables disables STA on this switch Default Disabled When spanning tree is enabled globally or enabled on an interface loopback detection is disabled Spanning Tree Type Specifies the ty...

Страница 105: ...information about topology changes before it starts to forward frames In addition each port needs time to listen for conflicting information that would make it return to a discarding state otherwise...

Страница 106: ...Configure Global from the Step list 3 Select Configure from the Action list 4 Modify any of the required attributes Note that the parameters displayed for the spanning tree types STP RSTP MSTP varies...

Страница 107: ...priority the MST Instance ID 0 for the Common Spanning Tree when spanning tree type is set to MSTP and MAC address where the address is taken from the switch system Designated Root The priority and MA...

Страница 108: ...16 Admin Path Cost This parameter is used by the STA to determine the best path between devices Therefore lower values should be assigned to ports attached to faster media and higher values assigned...

Страница 109: ...ically by the Bridge Detection State Machine described in 802 1D 2004 where the edge port state may change dynamically based on environment changes e g receiving a BPDU or not within the required inte...

Страница 110: ...2 on SW3 is configured changed to 0 these ports will still have the same root path cost and it will be impossible for i2 to become the root port just by changing its path cost on SW3 For RSTP mode the...

Страница 111: ...om the Learning state to the Forwarding state Designated Cost The cost for a packet to travel from this port to the root in the current Spanning Tree configuration The slower the media the higher the...

Страница 112: ...settings for STA 1 Click Spanning Tree STA 2 Select Configure Interface from the Step list 3 Select Show Information from the Action list FIG 119 STA Port Roles FIG 120 Displaying Interface Settings f...

Страница 113: ...ning tree priority for the selected MST instance on the Spanning Tree MSTP Configure Global Add page 3 Add the VLANs that will share this MSTI on the Spanning Tree MSTP Configure Global Add Member pag...

Страница 114: ...t 4 Select an MST ID The attributes displayed on this page are described under the Displaying Global Settings for STA section on page 107 Perform these steps to add additional VLAN groups to an MSTP i...

Страница 115: ...d for this port in the Spanning Tree Protocol If the path cost for all ports on a switch are the same the port with the highest priority i e lowest value will be configured as an active link in the Sp...

Страница 116: ...e Step list 3 Select Configure from the Action list 4 Enter the priority and path cost for an interface 5 Click Apply Perform these steps to display MSTP parameters for a port or trunk 1 Click Spannin...

Страница 117: ...ts that exceed the acceptable amount of traffic are dropped Rate limiting can be applied to individual ports or trunks When an interface is configured with this feature the traffic rate will be monito...

Страница 118: ...trol on the same interface may lead to unexpected results It is therefore not advisable to use both of these features on the same interface The following table lists the options on this page Perform t...

Страница 119: ...default port priority for each interface on the switch All untagged packets entering the switch are tagged with the specified default port priority and then sorted into the appropriate priority queue...

Страница 120: ...e egress ports by defining scheduling weights for WRR or one of the queuing modes that use a combination of strict and weighted queuing The specified queue mode applies to all interfaces The following...

Страница 121: ...ss a queuing problem occurs with a particular application Setting Priority Processing to DSCP or CoS The switch allows a choice between using DSCP or CoS priority processing methods Use the Priority T...

Страница 122: ...p can be used to modify one set of DSCP values to match the definition of another domain The mutation map should be applied at the receiving port ingress mutation at the boundary of a QoS administrati...

Страница 123: ...t arrives with a 802 1Q header but it is not an IP packet then the CoS CFI to PHB Drop Precedence mapping table is used to generate priority and drop precedence values for internal processing Note tha...

Страница 124: ...r any of the CoS CFI combinations 4 Click Apply Perform these steps to show the CoS CFI to internal PHB drop precedence map 1 Click Traffic Priority CoS to DSCP 2 Select Show from the Action list Defa...

Страница 125: ...NOTE You can configure up to 16 rules per class map You can also include multiple classes in a policy map NOTE You should create a class map before creating a policy map Otherwise you will not be able...

Страница 126: ...t 3 Select Show from the Action list Type Only one match command is permitted per class map so the match any field refers to the criteria specified by the lone match command ACL Name of an access cont...

Страница 127: ...5 Specify type of traffic for this class based on an access list DSCP or IP Precedence value VLAN or CoS value You can specify up to 16 items to match when assigning ingress traffic to a class map 6 C...

Страница 128: ...down to the minimum value of 0 else the packet is red and neither Tc nor Te is decremented When a packet of size B bytes arrives at time t the following happens if srTCM is configured to operate in Co...

Страница 129: ...Step list 3 Select Show from the Action list Perform these steps to edit the rules for a policy map 1 Click Traffic DiffServ 2 Select Configure Policy from the Step list 3 Select Add Rule from the Ac...

Страница 130: ...policy map and then bind the service policy to the required interface The following table lists the options on this page Perform these steps to bind a policy map to a port 1 Click Traffic DiffServ 2 S...

Страница 131: ...ver connected VoIP devices When VoIP traffic is detected on a configured port the switch automatically assigns the port as a tagged member the Voice VLAN Alternatively switch ports can be manually con...

Страница 132: ...the Action list 4 Enter a MAC address that specifies the OUI for VoIP devices in the network 5 Select a mask from the pull down list to define a MAC address range 6 Enter a description for the devices...

Страница 133: ...entified by source MAC addresses configured in the Telephony OUI list or through LLDP that discovers VoIP devices attached to the switch Packets received from non VoIP sources are dropped Default Disa...

Страница 134: ...s IP Source Guard and then DHCP Snooping AAA Authentication Authorization and Accounting The authentication authorization and accounting AAA feature provides the main framework for configuring access...

Страница 135: ...gin Authentication Servers Use the Security AAA Server page to configure the message exchange parameters for RADIUS or TACACS remote access authentication servers Remote Authentication Dial in User Se...

Страница 136: ...ticate logon access via the authentication server Range 1 30 Default 2 Set Key Mark this box to set or modify the encryption key Authentication Key Encryption key used to authenticate logon access for...

Страница 137: ...erver 5 To set or modify the authentication key mark the Set Key box enter the key and then confirm it 6 Click Apply Perform these steps to configure the RADIUS or TACACS server groups to use for acco...

Страница 138: ...a requested service if no other methods have been defined Range 1 64 characters Note that the method name is only used to describe the accounting method configured on the specified RADIUS or TACACS se...

Страница 139: ...Specify the name of the accounting method and server group name 6 Click Apply Server Group Name Displays the accounting server group Interface Displays the port console or Telnet interface to which t...

Страница 140: ...onfigure the accounting method applied to specific interfaces console commands entered at specific privilege levels and local console Telnet or SSH connections 1 Click Security AAA Accounting 2 Select...

Страница 141: ...how Information from the Step list 3 Click Summary Perform these steps to display basic accounting information and statistics recorded for user sessions 1 Click Security AAA Accounting 2 Select Show I...

Страница 142: ...d Name Specifies an authorization method for service requests The default method is used for a requested service if no other methods have been defined Range 1 64 characters Server Group Name Specifies...

Страница 143: ...lied to local console Telnet or SSH connections 1 Click Security AAA Authorization 2 Select Configure Service from the Step list 3 Enter the required authorization method 4 Click Apply Perform these s...

Страница 144: ...ese commands are equivalent to those available under Normal Exec command mode in the CLI Level 8 14 provide the same default access privileges including additional commands beyond those provided for L...

Страница 145: ...gured in the MAC address format XX XX XX XX XX XX all in upper case Authenticated MAC addresses are stored as dynamic entries in the switch secure MAC address table and are removed when the aging time...

Страница 146: ...nfiguration for the port When a user attempts to log into the network with a returned dynamic QoS profile that is different from users already logged on to the same port the user is denied access Whil...

Страница 147: ...ase of failed authentication and switchport mode is set to Hybrid See the Adding Static Members to VLANs section on page 89 Dynamic VLAN Enables dynamic VLAN assignment for an authenticated port When...

Страница 148: ...the Step list 3 Select Add from the Action list 4 Enter a filter ID MAC address and optional mask 5 Click Apply Perform these steps o show the MAC address filter table for MAC authentication 1 Click S...

Страница 149: ...by entering a specific address in the MAC Address field specifying a port in the Interface field or setting the address type to static or dynamic in the Attribute field 5 Click Query Security Network...

Страница 150: ...onnection The client and server generate session keys for encrypting and decrypting data The client and server establish a secure encrypted connection A padlock icon should appear in the status bar fo...

Страница 151: ...vate password 4 Click Apply Configuring the Secure Shell The Berkeley standard includes remote access tools originally designed for Unix systems Some of these tools have also been implemented for Micr...

Страница 152: ...1 19 4 Set the Optional Parameters On the SSH Settings page configure the optional parameters including the authentication timeout the number of retries and the server key size 5 Enable SSH Service On...

Страница 153: ...switch Default Disabled Version The Secure Shell version number Version 2 0 is displayed but the switch supports management access via either SSH Version 1 5 or 2 0 clients Authentication Timeout Spec...

Страница 154: ...h SSH will revert to the interactive password authentication mechanism to complete authentication The following table lists the options on this page FIG 181 Generating the SSH Host Key Pair FIG 182 Sh...

Страница 155: ...rom the respective drop down boxes input the TFTP server IP address and the public key source file name 5 Click Apply Perform these steps to display or clear the SSH user s public key 1 Click Security...

Страница 156: ...e resources When using compression the 128 ACEs are compressed into one ACE classifying the IP address as 192 168 1 0 24 which requires only n entries in TCAM The above example is an ideal case for co...

Страница 157: ...pe The following filter modes are supported IP Standard IPv4 ACL mode filters packets based on the source IPv4 address IP Extended IPv4 ACL mode filters packets based on the source or destination IPv4...

Страница 158: ...urity ACL Options Type Selects the type of ACLs to show in the Name list Name Shows the names of ACLs matching the selected type Action An ACL can contain any combination of permit or deny rules Addre...

Страница 159: ...t Any Source Destination IP Address Source or destination IP address Source Destination Subnet Mask Subnet mask for source or destination address See the description for Subnet Mask on page 158 Source...

Страница 160: ...P DSCP priority level Range 0 63 Time Range Name of a time range FIG 189 Configuring an Extended IPv4 ACL Security ACL Options Type Selects the type of ACLs to show in the Name list Name Shows the nam...

Страница 161: ...specific host address in the Address field or IPv6 Prefix to specify a range of addresses Options Any Host IPv6 Prefix Default Any Destination Address Type Specifies the destination IP address type Us...

Страница 162: ...Header Identifies the type of header immediately following the IPv6 header Range 0 255 Optional Internet layer information is encoded in separate headers that may be placed between the IPv6 header an...

Страница 163: ...in any combination of permit or deny rules Source Destination Address Type Use Any to include all possible addresses Host to indicate a specific MAC address or MAC to specify an address range with the...

Страница 164: ...IP Source Destination IP Address Type Specifies the source or destination IPv4 address Use Any to include all possible addresses Host to specify a specific host address in the Address field or IP to...

Страница 165: ...dress e g 11 22 33 44 55 66 If you select IP enter a base address and a hexadecimal bit mask for an address range 9 Enable logging if required 10 Click Apply Binding a Port to an Access Control List A...

Страница 166: ...stics for ACL hardware counters 1 Click Security ACL 2 Select Configure Interface from the Step list 3 Select Show Hardware Counters from the Action list 4 Select a port 5 Select ingress or egress tra...

Страница 167: ...for individual VLANs These configuration changes will only become active after ARP Inspection is enabled globally again The ARP Inspection engine in the current firmware version does not support ARP I...

Страница 168: ...ase determines their validity The following table lists the options on this page Security ARP Inspection Options ARP Inspection Status Enables ARP Inspection globally Default Disabled ARP Inspection V...

Страница 169: ...tion and adjust the packet inspection rate 4 Click Apply FIG 197 Configuring VLAN Settings for ARP Inspection Security ARP Inspection Options Interface Port or trunk identifier Trust Status Configures...

Страница 170: ...ARP packets in the process of ARP inspection rate limit Count of ARP packets exceeding and dropped by ARP rate limiting ARP packets dropped by additional validation IP Count of ARP packets that faile...

Страница 171: ...esses for the same group i e SNMP web or Telnet the switch will not accept overlapping address ranges When entering addresses for different groups the switch will accept overlapping address ranges You...

Страница 172: ...amically learned entries are cleared from the address table If port security is enabled and the maximum number of allowed addresses are set to a non zero value any device not in the address table that...

Страница 173: ...the client The EAP packet from the RADIUS server contains not only the challenge but the authentication method to be used The client can reject the authentication method and request another depending...

Страница 174: ...ings for 802 1x Use the Security Port Authentication Configure Interface Authenticator page to configure 802 1x port settings for the switch as the local authenticator When 802 1x is enabled you need...

Страница 175: ...ts the timeout for EAP request frames other than EAP request identity frames If dot1x authentication is enabled on a port the switch will initiate authentication when the port link state comes up It w...

Страница 176: ...mber of EAPOL Logoff frames that have been received by this Authenticator Rx EAPOL Invalid The number of EAPOL frames that have been received by this Authenticator in which the frame type is not recog...

Страница 177: ...processed by the switch is 100 packets per second Any DHCP packets in excess of this limit are dropped When DHCP snooping is enabled DHCP messages entering an untrusted interface are filtered based up...

Страница 178: ...igning IP addresses or to set other services or policies for clients It is also an effective tool in preventing malicious network attacks from attached clients on DHCP services such as IP Spoofing Cli...

Страница 179: ...in the remote ID sub option for the DHCP snooping agent i e the MAC address of the switch s CPU This attribute can be encoded in Hexadecimal or ASCII IP Address Inserts an IP address in the remote ID...

Страница 180: ...are removed Set all ports connected to DHCP servers within the local network or fire wall to trusted state Set all other ports outside the local network or fire wall to untrusted state The following...

Страница 181: ...ent Lease Time The time for which this IP address is leased to the client Type Entry types include DHCP Snooping Dynamically snooped Static DHCPSNP Statically configured VLAN VLAN to which this entry...

Страница 182: ...55 255 255 255 all of which uses a spoofed source address of the intended victim The victim should crash due to the many interrupts required to send ICMP Echo response packets Default Disabled TCP Nul...

Страница 183: ...be dropped An entry with same MAC address and a different VLAN ID cannot be added to the binding table Filtering rules are implemented as follows If DHCP snooping is disabled see page 178 IP source gu...

Страница 184: ...binding If there is an entry with the same VLAN ID and MAC address and the type of entry is static IP source guard binding then the new entry will replace the old one If there is an entry with the sam...

Страница 185: ...ngs for each port 5 Click Apply Perform these steps to display static bindings for IP Source Guard 1 Click Security IP Source Guard Static Binding 2 Select Configure ACL Table or Configure MAC Table f...

Страница 186: ...ing 2 Mark the search criteria and enter the required values 3 Click Query Security IP Source Guard Dynamic Binding Options Query By Port A port on this switch Range 1 10 26 28 52 VLAN ID of a configu...

Страница 187: ...you to configure and limit system messages that are logged to flash or RAM memory The default is for event levels 0 to 3 to be logged to flash and levels 0 to 7 to be logged to RAM The following table...

Страница 188: ...ng table lists the options on this page FIG 217 Configuring Settings for System Memory Logs FIG 218 Showing Error Messages Logged to System Memory Administration Log Remote Options Remote Log Status E...

Страница 189: ...destination email addresses and one or more SMTP servers 3 Click Apply FIG 219 Configuring Settings for Remote Logging of Error Messages Administration Log SMTP Options SMTP Status Enables disables th...

Страница 190: ...f it does not transmit updates in a timely manner TTL in seconds is based on the following rule minimum value Transmission Interval Holdtime Multiplier or 65535 Therefore the default TTL is 4 30 120 s...

Страница 191: ...SNMP Notification Enables the transmission of SNMP trap notifications about LLDP and LLDP MED changes Default Enabled This option sends out SNMP trap notifications to designated target stations at th...

Страница 192: ...92 Default Enabled VLAN ID The port s default VLAN identifier PVID indicates the VLAN with which untagged or priority tagged frames are associated see the IEEE 802 1Q VLANs section on page 87 Default...

Страница 193: ...dvertise in LLDP messages 6 Click Apply MED Location Civic Address Configures information for the location of the attached device included in the MED TLV field of advertised messages including the cou...

Страница 194: ...ptions on this page Perform these steps to specify the physical location of the attached device 1 Click Administration LLDP 2 Select Configure Interface from the Step list 3 Select Add CA Type from th...

Страница 195: ...s networkAddress Interface name ifName IETF RFC 2863 Locally assigned locally assigned Chassis ID An octet string indicating the specific identifier for the particular chassis in this system System Na...

Страница 196: ...ntPhysClass has a value of chassis 3 IETF RFC 2737 Port component EntPhysicalAlias when entPhysicalClass has a value port 10 or backplane 4 IETF RFC 2737 MAC address MAC address IEEE Std 802 2001 Netw...

Страница 197: ...ifier for the particular chassis in this system System Name A string that indicates the system s assigned name System Description A textual description of the network entity Port Type Indicates the ba...

Страница 198: ...mber in the respective dot3MauType OID Port Details 802 3 Extension Power Information Remote Power Class The port Class of the given port associated with the remote system PSE Power Sourcing Equipment...

Страница 199: ...f 0 represents use of the default priority Unknown Policy Flag Indicates that an endpoint device wants to explicitly advertise that this policy is required by the device but is currently unknown VLAN...

Страница 200: ...r a maximum length cable based on its current configuration This parameter supports a maximum power required or available value of 102 3 Watts to allow for future expansion Range 0 102 3 Watts Port De...

Страница 201: ...Basic Administration Protocols 201 Instruction Manual NXA ENET8 POE FIG 229 Displaying Remote Device Information for LLDP Port Details...

Страница 202: ...MIB for any reason Neighbor Entries Dropped Count The number of times which the remote database on this switch dropped an LLDPDU because of insufficient resources Neighbor Entries Age out Count The nu...

Страница 203: ...budget Port power can be automatically turned on and off for connected devices and a per port power priority can be set so that the switch never exceeds its power budget When a device is connected to...

Страница 204: ...tion Power Sets a power budget for the switch Range 50000 740000 milliwatts Default 370000 milliwatts Compatible Mode Allows the switch to detect and provide power to powered devices that were designe...

Страница 205: ...ort is not turned on If a device is connected to a critical or high priority port and would cause the switch to exceed its power budget as determined during bootup power is provided to the port only i...

Страница 206: ...ation must first submit a valid community string for authentication Access to the switch from clients using SNMPv3 provides additional security features that cover message integrity authentication and...

Страница 207: ...d before configuring other parameters 4 Use the Administration SNMP Configure View page to specify read and write access views for the switch MIB tree 5 Use the Administration SNMP Configure User page...

Страница 208: ...e remote device where the user resides The remote engine ID is used to compute the security digest for authentication and encryption of packets passed between the switch and a user on the remote host...

Страница 209: ...lists the options on this page FIG 237 Configuring a Remote Engine ID for SNMP FIG 238 Showing Remote Engine IDs for SNMP Administration SNMP Options Add View View Name The name of the SNMP view Rang...

Страница 210: ...Perform these steps to show the SNMP views of the switch s MIB database 1 Click Administration SNMP 2 Select Configure View from the Step list 3 Select Show View from the Action list Perform these ste...

Страница 211: ...iew The configured view for read access Range 1 32 characters Write View The configured view for write access Range 1 32 characters Notify View The configured view for notifications Range 1 32 charact...

Страница 212: ...6 1 4 1 259 6 10 120 2 1 0 45 This notification indicates PSE threshold usage indication is on and the power usage is above the threshold pethMainPowerUsageOffNotification 1 3 6 1 4 1 259 6 10 120 2...

Страница 213: ...hanges of the dynamic MAC addresses on the switch lbdDetectionTrap 1 3 6 1 4 1 259 6 10 120 2 1 0 141 This trap is sent when a loopback condition is detected by LBD lbdRecoveryTrap 1 3 6 1 4 1 259 6 1...

Страница 214: ...unity Add page to configure up to five community strings authorized for management access by clients using SNMP v1 and v2c For security reasons you should consider removing the default strings The fol...

Страница 215: ...notify view The following table lists the options on this page FIG 245 Setting Community Access Strings FIG 246 Showing Community Access Strings Administration SNMP Options User Name The name of user...

Страница 216: ...ord must be specified If the security level is authPriv a privacy password must also be specified 5 Click Apply Perform these steps to show local SNMPv3 users 1 Click Administration SNMP 2 Select Conf...

Страница 217: ...dentify the source of SNMPv3 inform messages sent from the local switch If the security model is set to SNMPv3 and the security level is authNoPriv or authPriv then an authentication protocol and pass...

Страница 218: ...red notification messages page 209 3 Configure the group matching the community string specified on the Configure Trap Add page to include the required notify view page 211 4 Enable trap informs as de...

Страница 219: ...2c or v3 traps Notification Type Traps Notifications are sent as trap messages Inform Notifications are sent as inform messages Note that this option is only available for version 2c and 3 hosts Defau...

Страница 220: ...rform these steps to show configured trap managers 1 Click Administration SNMP 2 Select Configure Trap from the Step list 3 Select Show from the Action list FIG 253 Configuring Trap Managers SNMPv2c F...

Страница 221: ...be logged Based on the default settings used in RFC 3014 a notification log can contain up to 256 entries and the entry aging time is 1440 minutes Information recorded in a notification log and the e...

Страница 222: ...ssfully by the SNMP protocol entity as the result of receiving valid SNMP Set Request PDUs Get request PDUs The total number of SNMP Get Request PDUs which have been accepted and processed or generate...

Страница 223: ...ts the options on this page Administration RMON Options Index Index to this entry Range 1 65535 Variable The object identifier of the MIB variable to be sampled Only variables of the type etherStatsEn...

Страница 224: ...4 Click Alarm 5 Enter an index number the MIB object to be polled etherStatsEntry n n the polling interval the sample type the thresholds and the event to trigger 6 Click Apply Perform these steps to...

Страница 225: ...send with trap messages the name of the person who created this event and a brief description of the event 6 Click Apply Administration RMON Options Index Index to this entry Range 1 65535 Type Speci...

Страница 226: ...for each sample includes input octets packets broadcast packets multicast packets undersized packets oversize packets fragments jabbers CRC alignment errors collisions drop events and network utilizat...

Страница 227: ...for this entry 7 Click Apply Perform these steps to show configured RMON history samples 1 Click Administration RMON 2 Select Configure Interface from the Step list 3 Select Show from the Action list...

Страница 228: ...table lists the options on this page Perform these steps to enable regular sampling of statistics on a port 1 Click Administration RMON 2 Select Configure Interface from the Step list 3 Select Add fro...

Страница 229: ...is within the absolute time range and one of the periodic time ranges A maximum of eight rules can be configured for a time range The following table lists the options on this page Perform these steps...

Страница 230: ...2 Select Add Rule from the Action list 3 Select the name of time range from the drop down list 4 Select a mode option of Absolute or Periodic 5 Fill in the required parameters for the selected mode 6...

Страница 231: ...ies the interval at which to transmit loopback detection control frames Range 1 32767 seconds Default 10 seconds Recover Time Specifies the interval to wait before the switch automatically releases an...

Страница 232: ...ollowing table lists the options on this page Perform these steps to configure interface settings for LBD 1 Click Administration LBD Configure Interface 2 Make the required configuration changes 3 Cli...

Страница 233: ...receive the multicast service The purpose of IP multicast filtering is to optimize a switched network s performance so multicast packets will only be forwarded to those ports containing multicast grou...

Страница 234: ...ch page 238 IGMP Snooping with Proxy Reporting The switch supports last leave and query suppression as defined in DSL Forum TR 101 April 2006 When proxy reporting is disabled all IGMP reports received...

Страница 235: ...e subscribed to different multicast groups flooding may cause excessive packet loss on the link between the switch and the end host Flooding may be disabled to avoid this causing multicast traffic to...

Страница 236: ...ges which use a version different to that currently configured by the IGMP Version attribute Default Disabled IGMP Unsolicited Report Interval Specifies how often the upstream interface should transmi...

Страница 237: ...3 Select the VLAN for which to display this information Port or Trunk Specifies the interface attached to a multicast router Show Static Multicast Router VLAN Selects the VLAN for which to display an...

Страница 238: ...er control it may be necessary to statically configure a multicast service on the switch First add all the ports attached to participating hosts to a common VLAN and then assign the multicast service...

Страница 239: ...ing is enabled These messages are sent unsolicited periodically on all router interfaces on which multicast forwarding is enabled They are sent upon the occurrence of these events Upon the expiration...

Страница 240: ...GMP snooping By Host IP The switch will not send out a group specific query when an IGMPv2 v3 leave message is received But will check if there are other hosts joining the multicast group Only when al...

Страница 241: ...ce specific query message and starts a timer If no reports are received before the timer expires the group record is deleted and a report is sent to the upstream multicast router A reduced value will...

Страница 242: ...P Snooping Interface 2 Select Configure Interface from the Action list 3 Select Port or Trunk interface 4 Enable the required drop functions for any interface 5 Click Apply FIG 283 Showing Interface S...

Страница 243: ...until this entry expires Count The number of times this address has been learned by IGMP snooping FIG 285 Showing Multicast Groups Learned by IGMP Snooping Multicast IGMP Snooping Statistics Options V...

Страница 244: ...S Query The number of group specific or group and source specific query messages received on this interface Drop The number of times a report leave or query was dropped Packets may be dropped due to...

Страница 245: ...g Statistics 2 Select Show VLAN Statistics from the Action list 3 Select a VLAN Perform these steps to display IGMP snooping protocol related statistics for a port 1 Click Multicast IGMP Snooping Stat...

Страница 246: ...ing Filter Configure General page to enable IGMP filtering and throttling globally on the switch The following table lists the options on this page Perform these steps to enable IGMP filtering and thr...

Страница 247: ...icast IGMP Snooping Filter 2 Select Configure Profile from the Step list 3 Select Show from the Action list Perform these steps to add a range of multicast groups to an IGMP filter profile 1 Click Mul...

Страница 248: ...eps to configure IGMP filtering or throttling for a port or trunk 1 Click Multicast IGMP Snooping Filter 2 Select Configure Interface from the Step list 3 Select a profile to assign to an interface th...

Страница 249: ...ill act if elected When serving as the querier the switch uses this IPv6 address as the query source address The querier will not start or will disable itself after having started if it detects an IPv...

Страница 250: ...uring MLD Snooping and Query Parameters section on page 249 before a multicast router port can take effect The following table lists the options on this page FIG 295 Configuring General Settings for M...

Страница 251: ...ticast MLD Snooping Multicast Router 2 Select Show Static Multicast Router from the Action list 3 Select the VLAN for which to display this information Perform these steps to show all the interfaces a...

Страница 252: ...r 2 Select Add Static Member from the Action list 3 Select the VLAN that will propagate the multicast service specify the interface attached to a multicast service through an MLD enabled switch or mul...

Страница 253: ...e 1 4094 Interface Port or trunk identifier Group Address The IP address for a specific multicast service Type The means by which each group was learned MLD Snooping or Multicast Data Filter Mode The...

Страница 254: ...he host does not respond a timeout appears in ten seconds Destination unreachable The gateway for this destination indicates that the destination is unreachable Network or host unreachable The gateway...

Страница 255: ...es off before a response is returned the trace function prints a series of asterisks and the Request Timed Out message A long sequence of these messages terminating only when the maximum timeout has b...

Страница 256: ...ot match the destination IP address in the message However if it does match they write their own hardware address into the destination MAC address field and send the message back to the source hardwar...

Страница 257: ...NS is not yet enabled and the switch receives a DHCP packet containing a DNS field with a list of DNS servers then the switch will automatically enabled DNS host name to address translation The follow...

Страница 258: ...the servers are queried in the specified sequence until a response is received or the end of the list is reached with no response If all name servers are deleted DNS will automatically be disabled Th...

Страница 259: ...e following table lists the options on this page Perform these steps to configure static entries in the DNS table 1 Click IP Service DNS Static Host Table 2 Select Add from the Action list 3 Enter a h...

Страница 260: ...g the TFTP server to access for download and the name of the boot file or boot information for NetBIOS Windows Internet Naming Service WINS Specifying a DHCP Client Identifier Use the IP Service DHCP...

Страница 261: ...provides an option for sending information about its DHCP clients to the DHCP server specifically the interface on the relay server through which the DHCP client request was received Also known as DH...

Страница 262: ...quest packet and the switch then unicasts this packet to the DHCP server If the policy is keep the DHCP request packet s option 82 content will be retained The relay agent address is inserted into the...

Страница 263: ...are not carried by the reply sent from the DHCP server To ask for a DHCP reply with option 66 67 the client can inform the server that it is interested in option 66 67 by sending a DHCP request that...

Страница 264: ...g via DHCP 1 Click IP Service DHCP Dynamic Provision 2 Mark the Enable box if dynamic provisioning is configured on the DHCP daemon and required for boot up 3 Click Apply IP Service DHCP Dynamic Provi...

Страница 265: ...fault IPv4 address for VLAN 1 is set to 192 168 2 10 using the subnet mask 255 255 255 0 To change the switch s default settings to values that are compatible with your network you may need to establi...

Страница 266: ...or DHCP server NOTE The switch will also broadcast a request for IP configuration settings on each power reset IP Address Type Specifies a primary or secondary IP address An interface can have only o...

Страница 267: ...sing this kind of address cannot be passed by any router outside of the subnet A link local address is easy to set up and may be useful for simple networks or basic troubleshooting tasks However to co...

Страница 268: ...prefixes received in IPv6 router advertisement messages and the host portion is automatically generated using the modified EUI 64 form of the interface identifier i e the switch s MAC address If a li...

Страница 269: ...ter advertisements and by the router itself ND Reachable Time The amount of time that a remote IPv6 node is considered reachable after some reachability confirmation event has occurred Range 0 3600000...

Страница 270: ...host portion of the default address is based on the modified EUI 64 Extended Universal Identifier form of the interface identifier i e the physical MAC address Alternatively you can manually configur...

Страница 271: ...ield may include some of the high order host bits if the specified prefix length is less than 64 bits If the specified prefix length exceeds 64 bits then the bits used in the network portion of the ad...

Страница 272: ...6 nodes The interface local multicast address is only used for loopback transmission of multicast traffic Link local multicast addresses cover the same types as used by link local unicast addresses in...

Страница 273: ...last ReachableTime interval that the forward path to the neighbor was functioning While in Reachable state the device takes no special action when sending packets Stale More than the ReachableTime int...

Страница 274: ...ould be found to transmit them to their destination Address Errors The number of input datagrams discarded because the IPv6 address in their IPv6 header s destination field was not a valid address to...

Страница 275: ...hable messages received by the interface Packet Too Big Messages The number of ICMP Packet Too Big messages received by the interface Time Exceeded Messages The number of ICMP Time Exceeded messages r...

Страница 276: ...s The number of ICMPv6 Group Membership Response messages sent by the interface Group Membership Reduction Messages The number of ICMPv6 Group Membership Reduction messages sent by the interface Multi...

Страница 277: ...on this page Perform these steps to show the MTU reported from other devices 1 Click System IPv6 Configuration 2 Select Show MTU from the Action list FIG 330 Showing IPv6 Statistics UDP Show MTU Displ...

Страница 278: ...red per port Port Trunking Static trunks Cisco EtherChannel compliant Dynamic trunks Link Aggregation Control Protocol Spanning Tree Algorithm Spanning Tree Protocol STP IEEE 802 1D 2004 Rapid Spannin...

Страница 279: ...tags IEEE 802 1Q VLAN IEEE 802 1v Protocol based VLANs IEEE 802 1X Port Authentication IEEE 802 3 2005 Ethernet Fast Ethernet Gigabit Ethernet Link Aggregation Control Protocol LACP Full duplex flow...

Страница 280: ...dge MIB RFC 2674P Port Access Entity MIB IEEE 802 1X Port Access Entity Equipment MIB Power Ethernet MIB RFC 3621 Private MIB Q Bridge MIB RFC 2674Q Quality of Service MIB RADIUS Accounting Server MIB...

Страница 281: ...access the management agent in the switch through a connection to any port using Telnet a web browser or other network management software tools However you must first configure the switch with a vali...

Страница 282: ...n is connected with a valid IP address subnet mask and default gateway Be sure the management station has an IP address in the same subnet as the switch s IP interface to which it is connected If you...

Страница 283: ...not assume responsibility for errors or omissions AMX also reserves the right to alter specifications without prior notice at any time The AMX Warranty and Return Policy and related documents can be...

Отзывы:

Нет отзывов