Bull 1GB Intel Ethernet Switch Module Скачать руководство пользователя страница 233 | Manualshive

Страница: 233 / 308

background image

Command Line Interface Management

207

Security configuration commands

This section describes the commands used to configure and manage the security features of the
NovaScale Blade 1 GB Intel® Ethernet Switch Module. These features include:
•

Authentication commands

•

IEEE 802.1X Port-based network access control

•

Remote Authentication Dial-In User Service (RADIUS)

•

Secure Shell (SSH) commands

•

Secure Socket Layer (SSL) commands

Authentication commands

config authentication login create

Use this command to create an authentication login list. The <listname> is up to 15 alphanumeric
characters and is case sensitive. Up to 10 authentication login lists can be configured on the switch.
When a list is created, the authentication method “local” is set as the first method. Authentication
methods can be changed using the config authentication login set command.

Format

config authentication login create

<listname>

config authentication login delete

Use this command to delete the specified authentication login list. The command will fail if any of
the following conditions are true:
•

The login list name is invalid or does not identify an existing login list

•

The specified login list is currently assigned to a user or to the nonconfigured user

•

The specified login list is the default login list included with the default configuration and was
not created using the

config authentication login set

command.

Format

config authentication login delete

<listname>

config authentication login set

Use this command to configure an ordered list of methods for the specified authentication login list.
You may specify up to three methods. The possible methods are local, radius, and reject.
The value of local indicates that the user’s locally stored ID and password should be used for
authentication. The value of radius indicates that the user’s ID and password will be authenticated
using the RADIUS server. The value of reject indicates that the user is never authenticated.
To authenticate a user, the authentication methods in the user’s login list will be attempted in order
until an authentication attempt succeeds or fails.
Note that the default login list included with the default configuration can not be changed.

Format config

authentication login set

<listname> <local/radius/reject>

[local/radius/reject] [local/radius/reject]

config users defaultlogin

Use this command to assign the authentication login list to be used when a non-configured user
attempts to log in to the system. This setting is overridden by the authentication login list assigned to

«
...
231
232
233
234
235
...
»

Содержание 1GB Intel Ethernet Switch Module

Страница 1: ...1GB Intel Ethernet Switch Module Installation and User Guide NOVASCALE BLADE REFERENCE 86 A1 23ER 00 ...

Страница 2: ......

Страница 3: ...NOVASCALE BLADE 1GB Intel Ethernet Switch Module Installation and User Guide April 2005 BULL CEDOC 357 AVENUE PATTON B P 20845 49008 ANGERS CEDEX 01 FRANCE REFERENCE 86 A1 23ER 00 Hardware ...

Страница 4: ...the Ordering Form also provided at the end of this book Trademarks and Acknowledgements We acknowledge the right of proprietors of trademarks mentioned in this book Intel Pentium Itanium and Intel Xeon are registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries Windows and Microsoft software are registered trademarks of Microsoft Corporation Linux is...

Страница 5: ... ce docu ment avant de suivre toute instruction Consultez le manuel NovaScale Blade Series Boards and Chassis Safety Information Wichtige Sicherhetshinweise Lesen Sie zunächts sämtliche Warn und Sicherheitshinweise in diesem Dokument bevor Sie eine der Anweisungen ausführen Beachten Sie auch dem Buch NovaScale Blade Series Boards and Chassis Safety Information Importanti istruzioni sulla sicurezza...

Страница 6: ...re not in a hazardous position Place removed covers and other parts in a safe place away from all personnel while you are servicing the machine Keep your tool case away from walk areas so that other people will not trip over it Do not wear loose clothing that can be trapped in the moving parts of a machine Ensure that your sleeves are fastened or rolled up above your elbows If your hair is long fa...

Страница 7: ...rming a mechanical inspection Working near power supplies Removing or installing main units Before you start to work on the machine unplug the power cord If you cannot unplug it ask the customer to power off the wall box that supplies power to the machine and to lock the wall box in the off position If you need to work on a machine that has exposed electrical circuits observe the following precaut...

Страница 8: ...ensitive to electrostatic discharge ESD ESD damage can occur when there is a difference in charge between objects Protect against ESD damage by equalizing the charge so that the server the part the work mat and the person handling the part are all at the same charge NOTE Use product specific ESD procedures when they exceed the requirements noted here Make sure that the ESD protective devices you u...

Страница 9: ...any equipment that will be attached to this product When possible use one hand only to connect or disconnect signal cables Never turn on any equipment when there is evidence of fire water or structural damage Disconnect the attached power cords telecommunications systems networks and modems before you open the device covers unless instructed otherwise in the installation and configuration procedur...

Страница 10: ...ble Dispose of the battery as required by local ordinances or regulations CAUTION When laser products such as CD ROMs DVD ROM drives fiber optic devices or transmitters are installed note the following Do not remove the covers Removing the covers of the laser product could result in exposure to hazardous laser radiation There are no serviceable parts inside the device Use of controls or adjustment...

Страница 11: ...e device and the power switch on the power supply do not turn off the electrical current supplied to the device The device also might have more than one power cord To remove all electrical current from the device ensure that all power cords are disconnected from the power source CAUTION Do not place any object weighing more than 82 kg 180 lbs on top of rack mounted devices 2 ...

Страница 12: ...the blade is connected to the power source Always replace the blade cover before installing the blade Safety compliance USA UL 60950 3rd Edition CSA 22 2 No 60950 Canada cUL certified 3rd Edition CSA 22 2 No 60950 for Canada product bears the single cUL mark for U S and Canada Europe Low Voltage Directive 73 23 EEC TUV GS to EN60950 2nd Edition with Amendments A1 A2 A3 A4 International UL CB to IE...

Страница 13: ... the user will be required to correct the interference at his her own expense Electromagnetic compatibility ECM USA FCC CFR 47 Part 2 and 15 Verified Class A Limit Canada IC ICES 003 Class A Limit Europe EMC Directive 89 336 EEC EN55022 Class A Limit Radiated Conducted Emissions EN55024 ITE Specific Immunity Standard EN61000 4 2 ESD Immunity Level 2 Contact Discharge Level 3 Air Discharge EN61000 ...

Страница 14: ...e This is a Class A product based on the standard of the Voluntary Control Council for Interference by Information Technology Equipment VCCI If this equipment is used in a domestic environment radio disturbance may arise When such trouble occurs the user may be required to take corrective actions ICES 003 Canada Cet appareil numérique respecte les limites bruits radioélectriques applicables aux ap...

Страница 15: ...nt so that distributors or users pay attention to this point If the product is sold or purchased improperly please exchange this product to what can be used at home Class B device This device complies with RRL EMC and is operated in a residential area so that it can be used at all other location as well as residential area note Class A device operated in a commercial area Class B device operated i...

Страница 16: ...xiv NovaScale Blade 1 GB Intel Ethernet Switch Module Installation and User s Guide This page intentionally left blank ...

Страница 17: ...e 1GB Intel Ethernet Switch Module 14 3 Information Panel LEDs and External Ports 17 Information panel 17 LEDs 18 4 Switch Management and Operating Concepts 19 NovaScale Blade 1 GB Intel Ethernet Switch Module overview 19 Chassis configuration and operation 19 Switch module management and control 20 IP addresses and SNMP community names 20 Traps 22 Management Information Bases MIB 23 Port mirrorin...

Страница 18: ... 37 Secure Shell SSH 37 Secure Socket Layer SSL 38 Quality of Service QoS 39 Bandwidth provisioning 39 Access Control Lists ACL 40 5 Web Based Network Management 41 Introduction 41 Remotely managing the switch module 41 Getting started 42 System 45 ARP cache 46 Inventory information 47 Configuration 48 System description 48 Network connectivity 50 Telnet 51 User accounts 52 Login configuration 53 ...

Страница 19: ...tching 91 VLAN 92 Configuration 92 Status 94 Port configuration 95 Port summary 96 Reset configuration 97 Protocol based VLAN 97 Configuration 97 Summary 99 Filters 100 MAC filter configuration 100 MAC filter summary 101 GARP 102 Status 102 Switch configuration 103 Port configuration 104 IGMP snooping 105 Configuration and status 105 Interface configuration 106 LAG 107 Configuration 107 Status 108...

Страница 20: ...ccess summary 129 RADIUS 130 Configuration 130 Server configuration 131 RADIUS statistics 133 Server statistics 133 Accounting server configuration 135 Accounting server statistics 136 Clear statistics 137 Secure HTTP 137 Configuration 137 Secure Shell 139 Configuration 139 QoS 140 Access Control Lists 140 Configuration 140 Summary 142 Rule configuration 142 Bandwidth provisioning 145 Bandwidth pr...

Страница 21: ... commands 163 Simple Network Management Protocol SNMP 165 System configuration 168 System description 172 System utilities 180 Trap manager 185 Switching configuration commands 186 Generic Attribute Registration Protocol GARP commands 186 config garp gmrp adminmode 186 config garp gmrp interfacemode 186 config garp gvrp adminmode 187 config garp gvrp interfacemode 187 config garp jointimer 187 con...

Страница 22: ...ce add 195 config protocol interface remove 195 config protocol protocol add 195 config protocol protocol remove 195 config protocol vlan add 196 config protocol vlan remove 196 show protocol detailed 196 Spanning tree commands 196 Spanning tree bridge commands 196 Spanning tree Common Spanning Tree CST commands 198 Spanning tree port commands 200 Spanning tree summary commands 201 Virtual Local A...

Страница 23: ...ests 210 config dot1x port quietperiod 210 config dot1x port reauthenabled 210 config dot1x port reauthenticate 210 config dot1x port reauthperiod 210 config dot1x port servertimeout 210 config dot1x port supptimeout 211 config dot1x port transmitperiod 211 config dot1x port users add 211 config dot1x port users remove 211 show dot1x port detailed 211 show dot1x port stats 212 show dot1x port summ...

Страница 24: ...led 223 show acl summary 223 Bandwidth provisioning commands 224 BW provisioning BW allocation commands 224 BW provisioning traffic class commands 225 A RJ 45 Pin Specifications 229 B Cable Lengths 231 C Run time Switching Software Default Settings 233 D CLI Command Tree 241 E CLI Configuration Examples 251 Bridging configuration example 251 IEEE 802 1w configuration example 253 VLAN configuration...

Страница 25: ...h 271 Unidirectional link 272 Packet corruption 273 Resource errors 273 Identifying a data loop 273 Avoiding network problems 274 G Getting Help and Technical Assistance 277 Before you call 277 Using the documentation 277 Hardware and software service and support 277 ...

Страница 26: ...xxiv NovaScale Blade 1 GB Intel Ethernet Switch Module Installation and User s Guide ...

Страница 27: ...le is ideally suited for networking environments that require superior microprocessor performance efficient memory management flexibility and reliable data storage Performance reliability and expansion capabilities were key considerations in the design of your switch module These design features make it possible for you to customize the system hardware to meet your needs today while providing flex...

Страница 28: ...switch module In addition to this Installation and User s Guide the NovaScale Blade Chassis Boards and Server Chassis Safety Information is included with your switch module This multilingual publication is provided in PDF on the CD ROM NovaScale Blade Chassis Resource CD It contains translated versions of the caution and danger statements that appear in the documentation Depending on your switch m...

Страница 29: ...ions that can be potentially hazardous to you A caution statement is placed just before the description of a potentially hazardous procedure step or situation Danger These statements indicate situations that can be potentially lethal or extremely hazardous to you A danger statement is placed just before the description of a potentially lethal or extremely hazardous procedure step or situation Majo...

Страница 30: ...ASE T ports for making 100 1000 Mbps connections to a backbone end stations and servers Fourteen internal full duplex gigabit ports one connected to each of the blade servers Two internal full duplex 100 Mbps ports connected to the management modules Performance features Transmission method Store and forward Packet filtering forwarding rate Full wire speed for all connections 148k packets per seco...

Страница 31: ...riority Protocol based VLANs Port based VLANs GARP GMRP GVRP IEEE 802 3ac VLAN Tagging IEEE 802 3ad Link Aggregation IEEE 802 1s Spanning Tree IEEE 802 1w Rapid Spanning Tree IEEE 802 1X Port Based Authentication IEEE 802 3X Flow Control RFC 768 UDP RFC 783 TFTP RFC 791 IP RFC 792 ICMP RFC 793 TCP RFC 826 ARP RFC 1321 Message Digest Algorithm RFC 2131 DHCP Client RFC 2865 RADIUS Client RFC 2866 RA...

Страница 32: ...rst Rate MBR Per Port Interface Per VLAN Access Control Lists Inbound Filtering Source IP Destination IP Source L4 Port Destination L4 Port Management RMON Groups 1 2 3 and 9 supported Simple Network Management Protocol SNMP versions 1 2 and 3 Flash memory for software upgrades done using Trivial File Transfer Protocol TFTP Supports Web based management HTML 4 0 Specification December 1997 Java Sc...

Страница 33: ...for SNMP RFC 2573 SNMP v3 Applications RFC 2574 User Based Security Model for SNMP v3 RFC 2575 View based Access Control Model for SNMP RFC 2576 Coexistence between SNMP v1 v2 and v3 RFC 2580 Conformation statements for SMI v2 Configurable management VLAN Secure Socket Layer SSL 3 0 and Transport Layer Security TLS 1 0 RFC 2246 The TLS Protocol Version 1 0 RFC 2818 HTTP over TLS RFC 2346 AES Ciphe...

Страница 34: ... 1X MIB IEEE 802 1 PAE MIB Enterprise MIB QOS SNMP Support in Enterprise MIBs Available through Management Module Private MIBs for full configuration of ACL and Bandwidth Provisioning functionality Network Cable Support 10BASE T UTP Category 3 4 5 100 meters maximum 100 ohm STP 100 meters maximum 100BASE TX UTP Category 5 100 meters maximum EIA TIA 568 100 ohm STP 100 meters maximum 1000BASE T UTP...

Страница 35: ...all a NovaScale Blade 1GB Intel Ethernet switch module in I O module bay 2 If you install an interface option on any blade server you must install a hot swap switch module of the same interface type in I O module bay 3 to obtain connection 1 for the interface option To provide connection 2 for the interface option install a switch module of that interface type in I O module bay 4 The switch module...

Страница 36: ...y of the hot swap modules on the rear of the NovaScale Blade Chassis For more information regarding installing the software for the NovaScale Blade 1GB Intel Ethernet Switch Module see Chapter 6 Command Line Interface Management on page 153 System reliability considerations Attention To help ensure proper cooling and system reliability make sure that Each of the I O module bays on the rear of the ...

Страница 37: ...e Chassis without setting it down If it is necessary to set the device down place it in its static protective package Do not place the device on your NovaScale Blade Chassis platform or on a metal table Take additional care when handling devices during cold weather because heating reduces indoor humidity and increases static electricity Installing the NovaScale Blade 1GB Intel Ethernet Switch Modu...

Страница 38: ...ation in NovaScale Blade safety and regulatory information on page iii and in Installation guidelines on page 10 through Handling static sensitive devices on page 10 2 Remove the acoustic attenuation module if installed from the rear of the NovaScale Blade Chassis platform The following illustrations show how to remove the module from the NovaScale Blade Chassis platform NovaScale Blade Chassis ...

Страница 39: ...ule into the appropriate I O module bay until it stops 9 Push the release latch on the front of the switch module to the closed position 10 Make sure that the LEDs on the switch module indicate that it is operating properly Verify that The DC power LED and the ac power LED on each power module are lit The OK LED on each management module is lit The OK LED on each switch module is lit 11 If you hav...

Страница 40: ... these components If you suspect a problem with one of these parts contact a service technician Complete the following steps to remove the NovaScale Blade 1GB Intel Ethernet Switch Module 1 Select an appropriate I O module bay from which to remove a switch module in accordance with the instructions in Ethernet interface requirements on page 9 2 Unplug any cables from the selected switch module 3 F...

Страница 41: ...le bay and set it aside 5 Place either another switch module or a filler module in the I O module bay within 1 minute 6 If you placed another switch module in the I O module bay reconnect any cables that you unplugged in step 2 7 Replace the acoustic attenuation module option if you removed it in step 1 NovaScale Blade Chassis ...

Страница 42: ...16 NovaScale Blade 1 GB Intel Ethernet Switch Module Installation and User s Guide ...

Страница 43: ... Switch Module contains Comprehensive LEDs which display the status of the switch module and the network see LEDs Fourteen internal ports one connected to each of the processor blades Two internal full duplex 10 100 Mbps ports connected to the management module Four external 1000BASE T Ethernet ports for 10 100 1000 Mbps connections to external Ethernet devices such as backbones end stations and s...

Страница 44: ... the information panel When this LED is on it indicates that the switch module has passed the Power On Self Test POST and is operational Ethernet switch error This amber LED is located next to the OK power on LED on the information panel This LED indicates that the switch module has a fault If the switch module fails the POST this fault LED will be lit Ethernet link This green link status LED is l...

Страница 45: ...he front of the chassis Each switch module has four external 10 100 1000 Mbps Ethernet ports for connection to the external network infrastructure These ports are identified as Ext 1 Ext 2 Ext 3 and Ext 4 in the switch module configuration menus and are labeled 1 through 4 on the switch module see Chapter 3 Information Panel LEDs and External Ports on page 17 for an illustration Depending on the a...

Страница 46: ...e through the Management Module s Ethernet port you can perform a series of management and control tasks These tasks are in the following categories Configuration Modification of the switch module s parameter settings Remote management setup Network monitoring Automatically receive error alerts traps View reset port traffic statistics Monitor data traffic on selected output ports Maintenance Updat...

Страница 47: ...he switch module MAC address is located on one side of the switch module on the same label as the serial number as shown in the following illustration NOTE The MAC address is also located on a separate label on the information panel under the external Ethernet port connectors Table 1 Default IP addresses based on I O module bay numbers I O module bay number Default IP address Switch Module Bay 1 1...

Страница 48: ...u of certain events that occur on the switch module The events can be as serious as a restart for example someone accidentally turned off the switch module or less serious such as a port status change The switch module generates traps and sends them to the network manager trap recipient Trap recipients are special users of the network who are given certain rights and access to oversee the maintena...

Страница 49: ...ion base MIB The switch module uses the standard MIB II management information base module Consequently values for MIB objects can be retrieved using any SNMP based network management software In addition to the standard MIB II module the switch module also supports its own proprietary enterprise MIB as an extended management information base This MIB can also be retrieved by specifying the object...

Страница 50: ...status and current configuration of network devices Modifying the configuration of network devices The switch module has a software program called an agent that processes SNMP requests but the user program that makes the requests and collects the responses runs on a management station a designated computer on the network The SNMP agent and the user program both employ the user datagram protocol In...

Страница 51: ...shed automatically without operator intervention This automatic network reconfiguration provides maximum uptime to network users However the concepts of the Spanning Tree Algorithm and Protocol are complicated and complex subjects and must be fully researched and understood It is possible to cause serious degradation of the performance of the network if the spanning tree is incorrectly configured ...

Страница 52: ...ade servers and the four external ports within the VLAN VLANs can enhance performance by conserving bandwidth and improve security by limiting traffic to specific domains Notes about VLANs on the NovaScale Blade 1GB Intel Ethernet Switch Module No matter what basis is used to uniquely identify blade servers and assign these nodes VLAN membership packets cannot cross VLANs without a network device ...

Страница 53: ...Tree Protocol to be enabled on all ports and work normally The IEEE 802 1Q standard restricts the forwarding of untagged packets to the VLAN of which the receiving port is a member The main characteristics of IEEE 802 1Q are as follows Assigns packets to VLANs by filtering Assumes the presence of a single global spanning tree Uses an explicit tagging scheme with one level tagging IEEE 802 1Q VLAN ...

Страница 54: ...s of user priority are used according to the protocols defined in IEEE 802 1p now part of IEEE 802 1D The VID is the VLAN identifier and its use is defined by the 802 1Q standard Because the VID is 12 bits long 4094 unique VLANs can be identified The tag is inserted into the packet header increasing the length of the entire packet by 4 octets All of the information that was originally contained in...

Страница 55: ...iant These devices are referred to as tag unaware 802 1Q devices are referred to as tag aware 0 Octets 1 2 3 4 Destination Address 6 octets Destination Address 6 octets Source Address 6 octets Source Address 6 octets EtherType 0x8100 EtherType 0x8100 Tag Control Information Tag Control Information MAC Length Type MAC Length Type Begining of Data Begining of Data IEEE 802 1Q Tag IEEE 802 1Q Tag Use...

Страница 56: ...h will examine the VLAN information in the packet header if present to decide whether to forward the packet If ingress filtering is disabled packets will not be dropped based on their VLAN classification If ingress filtering is enabled and the packet is tagged with VLAN information the ingress port will determine whether the ingress port itself is a member of the tagged VLAN If it is not the packe...

Страница 57: ... a group Assign one or more of the protocols IP IPX or ARP to the group Assign a VID to it Specify the port s to which it applies If a tagged packet is received on a port in a PBVLAN group it will be processed using normal IEEE 802 1Q rules If an untagged or priority tagged packet is received and the port is a member of a group with the matching protocol the packet will be assigned the group s VID...

Страница 58: ...l and enable GVRP then process the GPDUs The VLAN registration is made in the context of the port that receives the GPDU The switch module propagates this VLAN membership on all of its other ports in the active topology Thus the end station s VLAN ID is propagated throughout the network GARP Multicast Registration Protocol GMRP Networking devices use the GARP Multicast Registration Protocol to dyn...

Страница 59: ... port is a member of the VLAN concerned GMRP PDUs are transmitted as VLAN tagged frames or untagged frames in accordance with the state of the Untagged Set for that port for the VLAN concerned Where VLAN tagged frames are transmitted the VID field of the tag header carries the VLAN Context Identifier value Internet Group Management Protocol IGMP snooping Internet Group Management Protocol IGMP sno...

Страница 60: ...ection or to ensure fault recovery You can configure up to two trunk connections combining two to four ports into one fat pipe between any two NovaScale Blade Chassiss or other Layer 2 switches However before making any physical connections between devices use the Link Aggregation commands to specify the ports that will belong to the trunking group on both switches When using a port trunk note tha...

Страница 61: ... administrative burden of assigning and maintaining IP address information DHCP provides reliable and simple TCP IP network configuration ensures that address conflicts do not occur and helps to conserve the use of IP addresses through centralized management of address allocation Dynamic address allocation enables a client to be assigned an IP address from a pool of free addresses Each address is ...

Страница 62: ... devices The networks also permit unauthorized users to attempt to access the LAN through existing equipment In such environments you may want to restrict access to the services offered by the LAN This section introduces the concepts associated with the two forms of security available on the NovaScale Blade 1GB Intel Ethernet Switch Module Local Authentication and Remote Authentication Dial In Use...

Страница 63: ...tion received from the supplicant to the switch module s local database The switch module will transmit an EAP Request Identity packet to the supplicant to obtain the combination and if a match is found will then send an EAP Request MD5 packet to the supplicant The supplicant s MD5 response is sent to the authenticator for validation A match results in a successful authentication of the port NOTE ...

Страница 64: ...han an unsecured connection This allows an established protocol e g HTTP to operate in a secure manner on an open network Table 2 Secure Shell Feature Details SSH Feature Component Type Connection Type Interactive Login Authentication Method Password Ciphers 3DES CBC Blowfish CBC Twofish128 CBC AES128 CBC Hash Algorithms MD5 SHA 1 SHA 1 96 Key Exchange Methods Diffie Hellman Compression Algorithms...

Страница 65: ...able If one node is unable to meet the necessary timing requirements this creates a deficiency in the network path and the performance of the entire packet flow is compromised Bandwidth provisioning Bandwidth provisioning allows you to deliver varying levels of allocated bandwidth to users sharing the same physical interface By mapping a subscriber s traffic profile to a predefined policy and then...

Страница 66: ...twork is connected through a firewall router to the Internet This allows you to ensure that only authorized users have access to specific resources while blocking off any unwarranted attempts to reach them You can use ACLs to Provide traffic flow control Determine which types of traffic will be forwarded or blocked Provide network security An ACL consists of one or more rules or filtering criteria...

Страница 67: ...ferent ways to access and configure the same internal switching software Thus all the settings that you encounter in Web based management are the same as those found in the Telnet program If your system application requires that you use the Telnet program see Chapter 6 Command Line Interface Management on page 153 for additional information This chapter explains the menus and parameters used by th...

Страница 68: ...ent of other NovaScale Blade Chassis subsystems through the management module However management access to the NovaScale Blade 1GB Intel Ethernet Switch Module link will be lost if its IP address is not on the same subnet as the management module This chapter contains additional instructions for configuring the NovaScale Blade 1GB Intel Ethernet Switch Module for this mode of operation The two pre...

Страница 69: ...nter PASSW0RD with a zero in place of the O in the Password field Click the OK button This opens the main page in the management module NOTE The User name and Password fields are case sensitive To increase system security set a password after you log onto the system for the first time and be sure to store the new password in a safe location ...

Страница 70: ...y Configuration menu see 50 The panel on the left side of the screen displays the main menu The main menu contains System Switching Class of service Security QOS Logout All of these main menu options except Logout have sub menus some of which have further sub menus as shown below All of the Web based switch module management features are accessed from these sub menus and are described in the remai...

Страница 71: ...the System Description details in the center of the screen For more details on the information displayed see 48 System The System menu provides access to the following panels and menus Address Resolution Protocol ARP cache Inventory information Configuration Forwarding database Logs ...

Страница 72: ... with the switch MAC Address A unicast MAC address of a device on a subnet attached to one of the switch s interfaces for which the switch has forwarding and or filtering information The format is six two digit hexadecimal numbers separated by hyphens for example 01 23 45 67 89 AB IP Address The IP address associated with the MAC address Port The identification of the port being used for the conne...

Страница 73: ...al Number The unique box serial number for this switch FRU Number The field replaceable unit number Part Number The manufacturing part number Maintenance Level The identification of the hardware change level Manufacturer The code that identifies the manufacturer displayed as two two digit hexadecimal numbers Base MAC Address The burned in universally administered MAC address of this switch display...

Страница 74: ...vice The network processor hardware Additional Packages The list of optional software packages installed on the switch if any For example Quality of Service Configuration The Configuration menu gives you access to panels used for switch module management The options are System description Network connectivity Telnet User accounts Login configuration Login session Login summary User login System de...

Страница 75: ...ible for this switch May be up to 31 alphanumeric characters The factory default is blank IP Address The IP address of the interface The factory default value is 0 0 0 0 System Object ID The base object ID for the switch s enterprise MIB System Up Time The time in days hours and minutes since the last reboot MIBs Supported The list of MIBs supported by the management agent running on this switch C...

Страница 76: ...sk and default gateway via DHCP Once you have established in band connectivity you can change the IP information using any of the following Terminal interface via telnet or SSH connections SNMP based management Web based management IP Address The IP address of the interface The factory default value is 0 0 0 0 Subnet Mask The IP subnet mask for this interface The factory default value is 0 0 0 0 D...

Страница 77: ...ain the new values across a power cycle you must perform a save Telnet Use this panel to configure Telnet settings Telnet Login Timeout minutes Specify how many minutes of inactivity should occur on a Telnet or SSH session before the switch logs off A zero means there will be no timeout You may enter any number from 0 to 160 The factory default is 5 Maximum Number of Telnet Sessions Use the pull d...

Страница 78: ...ional new or changed password for the account It will not display as it is typed only asterisks will show The password is up to eight alphanumeric characters and is case sensitive Default for GUEST is blank and for the admin is PASSW0RD please note the use of zero instead of O Confirm Password Enter the password again to confirm that you entered it correctly The information entered in this field w...

Страница 79: ...the Encryption Protocol field enter the SNMPv3 Encryption Key here Otherwise this field is ignored Valid keys are 0 to 15 characters long The Apply checkbox must be checked in order to change the Encryption Protocol and Encryption Key Click the Apply button to update the switch with the values on this screen If you want the switch to retain the new values across a power cycle you must perform a sa...

Страница 80: ...entication login list If you select a method that does not time out as the first method such as local no other method will be tried even if you have specified more than one method Note that this parameter will not appear when you first create a new login list The options are Local The user s locally stored ID and password will be used for authentication Radius The user s ID and password will be au...

Страница 81: ...ew values across a power cycle you must perform a save Click the Delete button to remove the selected authentication login list from the configuration The delete will fail if the selected login list is assigned to any user including the default user for system login or IEEE 802 1X port access control You can only use this button if you have Read Write access Login session This panel displays the d...

Страница 82: ...t Login Users The users you assigned to this login list on the User Login Configuration screen This list is used to authenticate the users for system login access 802 1X Port Security Users The users you assigned to this login list on the Port Access Control User Login Configuration screen This list is used to authenticate the users for port access using the IEEE 802 1X protocol Click the Refresh ...

Страница 83: ...er If you assign the non configured user to a login list that specifies authentication via the RADIUS server you will not need to create an account for all users on each switch However by default the non configured user is assigned to defaultList which by default uses local authentication User Select the user you want to assign to a login list Note that you must always associate the admin user wit...

Страница 84: ...d out and dynamically learned entries which are removed if they are not updated within a given time You specify that time by entering a value for the Aging Interval Enter any number of seconds between 10 and 1000000 IEEE 802 1D recommends a default of 300 seconds which is the factory default Click the Apply button to cause the changes made on this screen to take effect on the switch If you want th...

Страница 85: ...lick the Search button If the address exists that entry will be displayed as the first entry followed by the remaining greater MAC addresses An exact match is required MAC Address A unicast MAC address for which the switch has forwarding and or filtering information The format is a two byte hexadecimal VLAN ID number followed by a six byte MAC address with each byte separated by hyphens for exampl...

Страница 86: ... instance does not fall into one of the other categories Click the Search button to search for the specified MAC address Click the Refresh button to retrieve and display the database again starting with the first entry in the table Logs This menu provides access to the following two logs Message log Event log The message log tracks non critical error information while the event log tracks critical...

Страница 87: ...em being reported Click the Refresh button to retrieve and display the database again starting with the first entry in the table Event log This panel displays the event log which is used to hold error messages for critical events After the event has been logged and the updated log has been saved in FLASH memory the switch will be reset The log can hold at least 2 000 entries the actual number depe...

Страница 88: ... reporting the event Code The event code passed to the event log handler by the code reporting the event Time The time the event occurred measured from the previous reset in days hours minutes and seconds Click the Refresh button to retrieve and display the database again starting with the first entry in the table Port This menu provides access to port configuration and display options including C...

Страница 89: ...for which data is to be displayed or configured Port Type For normal and LAG ports this field will be blank Otherwise the possible values are Probe Monitoring port participating in Port Mirroring Following is how this panel displays when the port type is Probe ...

Страница 90: ...ctory default is Disabled LACP Mode Selects the Link Aggregation Control Protocol administration state The mode must be Enabled in order for the port to participate in Link Aggregation It may be Enabled or Disabled by selecting the corresponding line on the pull down entry field The factory default is Enabled Physical Mode Use the pull down menu to select the port s speed and duplex mode If you se...

Страница 91: ...whether or not to send a trap when link status changes The factory default is Enabled ifIndex The ifIndex of the interface table entry associated with this port Click the Apply button to update the switch with the values you entered If you want the switch to retain the new values across a power cycle you must perform a save Summary This panel displays the status of all ports in the box ...

Страница 92: ...ding State The port s current spanning tree state This state controls what action a port takes on receipt of a frame If the bridge detects a malfunctioning port it will place that port into the Broken state The other four states are defined in IEEE 802 1s as Disabled Manual Forwarding Learning Forwarding Port Role Each Enabled bridge port is assigned a port role The port role will be one of the fo...

Страница 93: ...egotiation support is selected then the duplex mode and speed will be set by the auto negotiation process Note that the port s maximum capability will be advertised Otherwise you must enter the port s speed and duplex mode manually The factory default is auto Physical Status Indicates the current port speed and duplex mode Link Status Indicates whether the link is Up or Down Link Trap Indicates wh...

Страница 94: ...ffic The probe tool attached to the probe port will not be able to ping the switch or through the switch and nobody will be able to ping the probe tool Port to be Mirrored The interface selected as the Mirror Every packet seen at the mirrored port is copied to the probe port That includes all packets received and admitted received and dropped and transmitted out of the mirrored port Click the Dele...

Страница 95: ... Enable These are well known communities you can use this menu to change the defaults or to add other communities Only the communities that you define using this menu will have access to the switch using the SNMPv1 and SNMPv2c protocols Only those communities with Read Write privileges will have access to this menu via SNMP Use this panel when you are using the SNMPv1 or SNMPv2c protocol if you wa...

Страница 96: ... the requesting entity s IP address before comparison with the Client IP address If the result matches the Client IP address then the address is an authenticated IP address For example if the IP address 9 47 128 0 and the corresponding Subnet Mask 255 255 255 0 a range of incoming IP addresses would match i e the incoming IP address could equal 9 47 128 0 9 47 128 255 The default value is 0 0 0 0 ...

Страница 97: ...ceive traps Disabled trap receivers are inactive not able to receive traps Click the Delete button to delete the currently selected Community Name If you want the switch to retain the new values across a power cycle you must perform a save Click the Apply button to update the switch with the values on this screen If you want the switch to retain the new values across a power cycle you must perform...

Страница 98: ...at trap receiver communities and SNMP communities are separate and distinct IP Address Displays the IP address to receive SNMP traps from this device Status Indicates whether traps are currently Enabled for this community Enable Traps will be sent Disable Traps will not be sent Supported Management Information Bases MIB This panel displays a list of all the MIBs supported by the switch ...

Страница 99: ... the Refresh button to retrieve and display the database again starting with the first entry in the table Statistics This menu provides access to menu options that display various switch statistics including Switch detailed Switch summary Port detailed Port summary Switch detailed This panel displays detailed statistics for all CPU traffic ...

Страница 100: ... of subnetwork unicast packets delivered to a higher layer protocol Multicast Packets Received The number of packets received that were directed to a multicast address Note that this number does not include packets directed to the broadcast address Broadcast Packets Received The number of packets received that were directed to a broadcast address Note that this number does not include packets dire...

Страница 101: ...rded The number of outbound packets that were chosen to be discarded even though no errors had been detected One possible reason for discarding a packet could be to free up buffer space Table Entries Most Address Entries Ever Used The highest number of Forwarding Database Address Table entries used by this switch module since the last reboot Address Entries In Use The number of learned and static ...

Страница 102: ...ays a summary of the statistics for CPU traffic ifIndex This object indicates the ifIndex of the interface table entry associated with the processor of this switch Total Packets Received Without Errors The total number of packets including multicast and broadcast packets received by the processor without an error occurring Broadcast Packets Received The total number of packets received that were d...

Страница 103: ...tch module Time Since Counters Last Cleared The elapsed time in days hours minutes and seconds since the statistics for this port were last cleared Click the Clear Counters button to clear all the counters resetting all summary and switch detailed statistics to defaults except for the counts of discarded packets which cannot be cleared Click the Refresh button to refresh the data on the screen wit...

Страница 104: ...t including FCS octets Packets Received 512 1023 Octets The total number of packets including bad packets received that were between 512 and 1023 octets in length excluding framing bits but including FCS octets Packets Received 1024 1518 Octets The total number of packets including bad packets received that were between 1024 and 1518 octets in length excluding framing bits but including FCS octets...

Страница 105: ...umber of packets received that had a length excluding framing bits but including FCS octets of between 64 and 1518 octets inclusive but had a bad Frame Check Sequence FCS with an integral number of octets Total Received Packets Not Forwarded 802 3x Pause Frames Received A count of MAC Control frames received on this interface with an opcode indicating the PAUSE operation This counter does not incr...

Страница 106: ...ckets that have been transmitted by this port to its segment without an error occurring Unicast Packets Transmitted The total number of packets that higher level protocols requested be transmitted to a subnetwork unicast address including those that were discarded or not sent Multicast Packets Transmitted The total number of packets that higher level protocols requested be transmitted to a multica...

Страница 107: ...BPDUs Transmitted The number of RSTP BPDUs transmitted from the selected port 802 3x Pause Frames Transmitted A count of MAC Control frames transmitted on this interface with an opcode indicating the PAUSE operation This counter does not increment when the interface is operating in half duplex mode GVRP PDUs Received The number of GVRP PDUs received by the Generic Attribute Registration Protocol G...

Страница 108: ...istics for this port to default values Click the Clear All Counters button to clear all the counters for all ports resetting all statistics for all ports to default values Click the Refresh button to refresh the data on the screen with the present state of the data in the switch Port summary This panel displays a summary of the statistics for a specified port ...

Страница 109: ...ed to a higher layer protocol Broadcast Packets Received The total number of packets received that were directed to the broadcast address Note that this does not include multicast packets Packets Transmitted Without Errors The total number of packets transmitted from the interface without an error occurring Transmit Packet Errors The number of outbound packets that could not be transmitted because...

Страница 110: ...configuration to default Reset passwords to default Download file to switch Upload file from switch Ping Save all applied changes Click the Save button to have configuration changes you have made saved across a system reboot All changes submitted since the previous save or system reboot will be retained by the switch System reset Click the Reset button to reset the switch without powering off Rese...

Страница 111: ...n this command is processed All configuration changes that you have made including those saved to NVRAM will be lost You are prompted to confirm that the reset should proceed Reset passwords to defaults Click the Reset button to reset all user passwords to the factory defaults since only the ADMIN can set passwords this is blank You are prompted to confirm that the password reset should proceed ...

Страница 112: ... s Guide Download file to switch Use this panel to configure the information needed to download a file to the switch File Type Specify the type of file to be downloaded to the switch Code Specify code when you want to upgrade the operational flash This is the factory default ...

Страница 113: ...ports the use of a TFTP client The TFTP client path statement requirement is server dependent A path statement is generally required to setup the TFTP client however the client path may remain blank See the example of the path setup TFTP Upload Example The TFTP upload example details three scenarios for TFTP client to server file transfer Each scenario involves uploading the config bin file from t...

Страница 114: ...be uploaded from the switch The switch will remember the last file name used The last row of the table is used to display information about the progress of the file transfer The screen will refresh automatically until the file transfer completes Click the Start File Transfer button to apply any changes made to the fields and initiate the upload Click the Apply button to send the updated screen to ...

Страница 115: ...of the ping If a reply to the ping is not received you will see No Reply Received from IP xxx xxx xxx xxx otherwise you will see Reply received from IP xxx xxx xxx xxx send count 3 receive count n Click the Apply button to initiate the ping Trap manager The following trap related panels are available from this menu Trap flags Trap log Trap flags This panel displays trap conditions When the conditi...

Страница 116: ...set to Enabled Multiple Users Indicates whether a trap will be sent when the same user ID is logged into the switch more than once at the same time either via Telnet or the serial port This field Enables or Disables Multiple User traps When Enabled a multiple user trap message is sent when a user logs in to the terminal interface EIA 232 or Telnet and there is an existing terminal interface sessio...

Страница 117: ...tch etc will cause this counter to be cleared to 0 Log The sequence number of this trap System Up Time The time at which this trap occurred expressed in days hours minutes and seconds since the last reboot of the switch Trap Information identifying the trap Click the Clear Log button to clear all entries in the log Subsequent displays of the log will only show new log entries Switching This menu p...

Страница 118: ...n Configuration This panel displays detailed information including interface information for a specific VLAN You also use it to create new VLANs VLAN ID and Name Select the VLAN to display from the pop down menu or select Create to set up a new VLAN When Create is selected the VLAN ID field changes from non configurable to configurable VLAN ID There is a VLAN Identifier VLAN ID associated with eac...

Страница 119: ...ing discarded The valid range is 0 to 104856000 packets per second Mulitcast Storm Control Mode Configures multicast storm control on the VLAN To Enable multicast storm control on this VLAN select Enable from the pull down list This command Enables or Disables multicast storm control for a particular VLAN If storm control is Enabled storms are controlled by counting the number of multicast packets...

Страница 120: ...e IEEE 802 1Q standard Tagging Use the pull down menu to configure the tagging behavior of this port in this VLAN The default is untagged Tagged All frames transmitted for this VLAN will be tagged Untagged All frames transmitted for this VLAN will be untagged Click the Apply button to update the switch with the values on this screen If you want the switch to retain the new values across a power cy...

Страница 121: ...thin a certain time period If a count limit is exceeded the packets are discarded Broadcast Packets Second The rate level at which the broadcast packets will begin being discarded Multicast Storm Control Mode This field shows the mode of multicast storm control on the VLAN If storm control is Enabled storms are controlled by counting the number of multicast packets within a certain time period If ...

Страница 122: ...ect VLAN tagged frames will be forwarded in accordance with the IEEE 802 1Q VLAN standard The factory default is Admit All Ingress Filtering Specify how you want the port to handle tagged frames If you Enable Ingress Filtering on the pull down menu a tagged frame will be discarded if this port is not a member of the VLAN identified by the VLAN ID in the tag If you select Disable from the pull down...

Страница 123: ...ame When Disabled all frames are accepted and forwarded in accordance with the 802 1Q VLAN bridge specification The factory default is Disabled Port Priority The VLAN Port Priority that this port will assign to untagged frames received on this port Reset configuration All VLAN configuration parameters are reset to their factory default values if you click the Reset button and confirm your selectio...

Страница 124: ...ervice for the delivery of data ARP ARP is a low level protocol that dynamically maps network layer addresses to physical medium access control MAC addresses IPX The Internetwork Packet Exchange IPX is a connectionless datagram network layer protocol that forwards data over a network VLAN VLAN can be any number in the range of 2 to 4094 All the ports in the group will assign this VLAN ID to untagg...

Страница 125: ...cols that belong to the group There are three configurable protocols IP IPX ARP IP IP is a network layer protocol that provides a connectionless service for the delivery of data ARP ARP is a low level protocol that dynamically maps network layer addresses to physical medium access control MAC addresses IPX The Internetwork Packet Exchange IPX is a connectionless datagram Network layer protocol tha...

Страница 126: ...re configured filters MAC Filter This is the list of MAC address and VLAN ID pairings for all configured filters To change the port mask s for an existing filter select the entry you want to change To add a new filter select Create Filter from the top of the list Up to 48 static MAC filters may be created MAC Address The MAC address of the filter in the format 00 01 1A B2 53 4D You can only change...

Страница 127: ...ports that are in the list Click the Delete button to remove the currently selected filter Click the Delete All button to remove all configured filters Click the Apply button to update the switch with the values on the screen If you want the switch to retain the new values across a power cycle you must perform a save MAC filter summary This panel displays the Static MAC filtering information MAC A...

Страница 128: ... port shows as Enabled Switch GVRP Indicates whether the GVRP administrative mode for this switch is Enabled or Disabled The factory default is Disabled Switch GMRP Indicates whether the GMRP administrative mode for this switch is Enabled or Disabled The factory default is Disabled Port Indicates which port is associated with the fields on this line Port GVRP Mode Indicates whether the GVRP admini...

Страница 129: ...rmissible values are 20 to 600 centiseconds 0 2 to 6 0 seconds The factory default is 60 centiseconds 0 6 seconds Leave All Timer centisecs This Leave All Time controls how frequently LeaveAll PDUs are generated A LeaveAll PDU indicates that all registrations will shortly be deregistered Participants will need to rejoin in order to maintain registration An instance of this timer exists for each GA...

Страница 130: ... you select Disable the protocol will not be active and the Join Time Leave Time and Leave All Time will have no effect The factory default is Disable Port GMRP Mode Specify the GMRP administrative mode for the port by selecting Enable or Disable from the pull down menu If you select Disable the protocol will not be active and Join Time Leave Time and Leave All Time have no effect The factory defa...

Страница 131: ...ndom value in the range of LeaveAllTime to 1 5 LeaveAllTime The timer is specified in centiseconds Enter a number between 200 and 6000 2 to 60 seconds The factory default is 1000 centiseconds 10 seconds An instance of this timer exists for each GARP participant for each port Click the Apply button to update the switch with the values you enter If you want the switch to retain the new values across...

Страница 132: ...tween 1 and 3600 seconds The default is 10 seconds The configured value must be less than the Group Membership Interval Multicast Router Present Expiration Time secs Specify the amount of time you want the switch to wait to receive a query on an interface before removing it from the list of interfaces with multicast routers attached Enter a value between 0 and 3600 seconds The default is 0 seconds...

Страница 133: ...guration and status screens Menu options are Configuration Status Configuration Use this panel to configure a new LAG assign a name to it and generate a logical port number for it The logical port number will be displayed after the LAG has been created LAG Name Create Use this pull down menu to select one of the existing LAGs or select Create to add a new one There can be a maximum of 9 LAGs This ...

Страница 134: ...is exclude There can be a maximum of 8 ports assigned to a LAG Membership Conflicts Shows ports that are already members of other LAGs A port may only be a member of one LAG at a time If the entry is blank it is not currently a member of any LAG Click the Refresh button to refresh the data on the screen with the present state of the data in the switch Click the Apply button to update the switch wi...

Страница 135: ...or this LAG Link Trap Indicates whether or not a trap will be sent when link status changes The factory default is Enabled Member Ports A listing of the ports that are members of this LAG in port notation There can be a maximum of 8 ports assigned to a given LAG MFDB The Multicast Forwarding Database MFDB holds the port membership information for all active multicast address entries The key for an...

Страница 136: ...responsible for this entry in the Multicast Forwarding Database Possible values are IGMP Snooping GMRP and Static Filtering Type This displays the type of the entry Static entries are those that are configured by the end user Dynamic entries are added to the table as a result of a learning process or protocol Description The text description of this multicast table entry Ports The list of interfac...

Страница 137: ...he type of the entry Static entries are those that are configured by the end user Dynamic entries are added to the table as a result of a learning process or protocol Description The text description of this multicast table entry Possible values are Management Configured Network Configured and Network Assisted Ports The list of interfaces that are designated for forwarding Fwd and filtering Flt Cl...

Страница 138: ...c entries are those that are configured by the end user Dynamic entries are added to the table as a result of a learning process or protocol Description The text description of this multicast table entry Possible values are Management Configured Network Configured and Network Assisted Ports The list of interfaces that are designated for forwarding Fwd and filtering Flt Click the Clear Entries butt...

Страница 139: ... the MFDB high water mark Current Entries Displays the current number of entries in the MFDB table Click the Refresh button to update the screen with the latest information Spanning tree This menu provides access to spanning tree related configuration and status screens Menu options are Switch configuration status CST configuration status CST port configuration status Statistics Switch configurati...

Страница 140: ...IEEE 802 1D standard and IEEE 802 1w Rapid Reconfiguration Configuration Digest Key A derived value identifying the configuration Click the Refresh button to update the screen with the most recent data Click the Apply button to send the updated screen to the switch and cause the changes to take effect on the switch If you want the switch to retain the new values across a power cycle you must perfo...

Страница 141: ...s 15 Bridge Hello Time secs Specifies the bridge hello timeout value with the value being less than or equal to Bridge Max Age 2 1 The default hello time value is 2 Bridge Forward Delay secs Specifies the time the bridge will spend in Listening and Learning mode before starting to forward packets Bridge Forward Delay must be greater than or equal to Bridge Max Age 2 1 The time range is from 4 seco...

Страница 142: ...tance Forward Delay secs Derived value of the Root Port Bridge Forward Delay parameter Hold Time secs Minimum time between transmission of Configuration BPDUs CST Regional Root Priority and base MAC address of the Common Spanning Tree Regional Root CST Path Cost Path Cost to the CST tree Regional Root Click the Refresh button to update the screen with the most recent data Click the Apply button to...

Страница 143: ...ossible values are Enable or Disable Port Forwarding State The Forwarding State of this port Port Role Each Enabled bridge port is assigned a Port Role within the spanning tree The port role will be one of the following values Root Port Designated Port Alternate Port Backup Port Master Port or Disabled Port Designated Root Root Bridge for the spanning tree Designated Cost Path Cost offered to the ...

Страница 144: ...s Click the Refresh button to update the screen with the most recent data Statistics This panel displays BPDU statistics for the selected port Port Select the port for which information is to be displayed STP BPDUs Received Number of STP BPDUs received at the selected port STP BPDUs Transmitted Number of STP BPDUs transmitted from the selected port RSTP BPDUs Received Number of Rapid Reconfigurati...

Страница 145: ...e the pull down menus to select the internal traffic class for each user priority Click the Apply button to send the updated screen to the switch and cause the changes to take effect on the switch If you want the switch to retain the new values across a power cycle you must perform a save Security This menu describes the web menus used to configure and manage the security features of the NovaScale...

Страница 146: ...on support on the switch In disabled mode the IEEE 802 1X configuration is retained and can be changed but it is not activated Administrative Mode Lists the two options for administrative mode Enable and Disable The default value is Disable Click the Cancel button to reset the page to display the administrative mode that is currently configured by the selected unit Click the Apply button to send t...

Страница 147: ...or PAE unconditionally sets the controlled port to authorized mode Auto The authenticator PAE sets the controlled port mode to reflect the result of the authentication exchanges between the supplicant authenticator and authentication server Quiet Period secs Configures the quiet period for the selected port This command sets the value in seconds of the timer used by the authenticator state machine...

Страница 148: ...Reauthentication Period secs Specify the reauthentication period for the selected port The reauthentication period is the value in seconds of the timer used by the authenticator state machine on this port to determine when reauthentication of the supplicant takes place The reauthentication period range is 1 to 65535 The default value is 3600 Reauthentication Enabled Enable or Disable the reauthent...

Страница 149: ...led port s mode to reflect the result of the authentication exchanges between the supplicant authenticator and authentication server Quiet Period secs This field displays the configured quiet period for the selected port This quiet period is the value in seconds of the timer used by the authenticator state machine on this port to define periods of time in which it will not attempt to acquire a sup...

Страница 150: ...cted port The reauthentication period is the value in seconds of the timer used by the authenticator state machine on this port to determine when reauthentication of the supplicant takes place The reauthentication period value range is 1 to 65535 Reauthentication Enabled Indicates whether reauthentication is enabled on the selected port If you select the value true reauthentication will occur Othe...

Страница 151: ...e values are Request Response Success Fail Timeout Initialize Idle Click the Refresh button to update the information on the page Port summary This panel displays a summary of the IEEE 802 1X configuration parameters for all switch ports Port The port whose settings are displayed in the associated table row Control Mode Displays the configured control mode for the port Possible values are ...

Страница 152: ...ontrolled port s to authorized mode Auto The authenticator PAE sets the controlled port s mode to reflect the result of the authentication exchanges between the supplicant authenticator and authentication server Reauthentication Enabled Displays whether reauthentication of the supplicant for the specified port is allowed The possible values are true and false If the value is true reauthentication ...

Страница 153: ...t Frames Received The number of EAPOL start frames that have been received by this authenticator EAPOL Logoff Frames Received The number of EAPOL logoff frames that have been received by this authenticator Last EAPOL Frame Version The protocol version number carried in the most recently received EAPOL frame Last EAPOL Frame Source The source MAC address carried in the most recently received EAPOL ...

Страница 154: ...is authenticator in which the frame type is not recognized Click the Refresh button to update the information on the page Click the Clear All button to reset all statistics for all ports to 0 There is no confirmation prompt When this button is clicked the statistics are immediately cleared Click the Clear button to reset the statistics for the selected port There is no confirmation prompt When thi...

Страница 155: ...pecified port s By default a user is given access to all ports Port Select a port from the pull down menu All physical ports are available for this selection Users Select the users that may have access to the selected port or ports Click the Refresh button to update the information on the page Click the Apply button to send the updated screen to the switch and cause the changes to take effect on t...

Страница 156: ...ver statistics Accounting server configuration Accounting server statistics Clear statistics Configuration Use this panel to configure RADIUS parameters for the switch Consideration should be given to the maximum delay time when configuring RADIUS maximum retransmit and timeout values If multiple RADIUS servers are configured the maximum retransmit value on each is exhausted before the next server...

Страница 157: ...is 0 to 3 Max Number of Retransmits The value of the maximum number of times a request packet is retransmitted The valid range is 1 15 Timeout Duration secs The timeout value in seconds for request retransmissions The valid range is 1 30 Accounting Mode Select whether the RADIUS accounting mode is Enabled or Disabled Click the Refresh button to update the information on the page Click the Apply bu...

Страница 158: ... server to be the Primary or Secondary server Message Authenticator Enable or Disable the message authenticator attribute for the selected server Secret Configured Indicates whether the shared secret for this server has been configured Current Indicates whether this server is currently in use as the authentication server Click the Apply button to send the updated screen to the switch and cause the...

Страница 159: ...are not associated with a specific server or accounting server Invalid Server Addresses The number of RADIUS Access Response packets received from unknown addresses Click the Refresh button to update the information on the page Server statistics This panel displays the statistics for a configured RADIUS server ...

Страница 160: ...this server Access Accepts The number of RADIUS Access Accept packets both valid and invalid received from this server Access Rejects The number of RADIUS Access Reject packets both valid and invalid received from this server Access Challenges The number of RADIUS Access Challenge packets both valid and invalid received from this server Malformed Access Responses The number of malformed RADIUS Acc...

Страница 161: ...is panel to configure the IP address of the accounting server Only a single accounting server can be configured Accounting Server IP Address Select Add to configure an accounting server or the address of an already configured server Port Specifies the UDP Port to be used by the accounting server The valid range is 0 65535 If the user has Read only access the value is displayed but cannot be change...

Страница 162: ...rform a save Click the Refresh button to update the information on the page Accounting server statistics This panel displays the RADIUS statistics for the accounting server Accounting Server IP Address Identifies the accounting server associated with the statistics Round Trip Time secs Displays the time interval in hundredths of a second between the most recent Accounting Response and the Accounti...

Страница 163: ...involving this server Unknown Types Displays the number of RADIUS packets of unknown type that were received from this server on the accounting port Packets Dropped Displays the number of RADIUS packets that were received from this server on the accounting port and dropped for some other reason Click the Refresh button to update the information on the page Clear statistics Use this panel to reset ...

Страница 164: ...rsion 3 0 on or off The currently configured value is shown when the web page is displayed This field cannot be changed while HTTPS Admin Mode is enabled The default value is Enable HTTPS Port Specify the HTTPS Port Number The value must be in the range of 1 to 65535 Port 443 is the default value The currently configured value is shown when the web page is displayed Click the Download Certificates...

Страница 165: ...vel 1 for SSH on or off The currently configured value is shown when the web page is displayed The default value is Enable Either SSH Version 1 or Version 2 must be Enabled at all times SSH Version 2 Select Enable or Disable to turn Protocol Level 2 for SSH on or off The currently configured value is shown when the web page is displayed The default value is Enable Either SSH Version 1 or Version 2...

Страница 166: ...Quality of Service QoS menus Access Control Lists ACLs Bandwidth provisioning Access Control Lists An Access Control List ACL consists of a set of rules which are matched sequentially against a packet When a packet meets the match criteria of a rule the specified rule action Permit Deny is taken and the additional rules are not checked for a match You can specify the interfaces to which an ACL app...

Страница 167: ...ces can be assigned to one ACL Direction Select the packet filtering direction for the ACL from the pull down menu Currently the only choice is Inbound The packet direction for a given ACL is the same for all affected interfaces Table Displays the current and maximum number of ACLs Current Size Max Size Displays the number of existing ACLs and the maximum number of configurable ACLs Click the Appl...

Страница 168: ... the ACL on the interface Click the Refresh button to update the screen with the latest information Rule configuration This panel configures the rules associated with an ACL When the screen first displays you will see the first four fields described below If you select False as the Match Entry criteria and click Apply the screen will be refreshed and you will see the remaining fields Clicking one ...

Страница 169: ...ill be excluded Match Every Select True or False from the pull down menu If you select true you are specifying that all packets will match the selected ACL and Rule and will be either permitted or denied In this case since all packets match the rule you will not be offered the option of configuring other match criteria To configure specific match criteria for the rule remove the rule and re create...

Страница 170: ...where you can select the protocol to be used as the match condition The protocol number is a standard value assigned by IANA and is interpreted as an integer from 1 to 255 Either the Protocol Number field or the Protocol Keyword field can be used to specify an IP protocol value as a match criterion Source IP Address Specify that a packet s source IP address is a match condition for the selected AC...

Страница 171: ...an select the protocol to be used as the match condition The possible values are domain echo FTP ftpdata HTTP SMTP SNMP Telnet TFTP and www Each of these values translates into its equivalent port number which is used as both the start and end of the port range Destination L4 Port Number Specify a packet s destination Layer 4 port number match condition for the selected ACL rule Click the Configur...

Страница 172: ...ic characters and may include the underscore _ or the dash You cannot change the name after the initial configuration Maximum Bandwidth Enter the maximum allowable bandwidth for this bandwidth allocation profile Click the Apply button to send the updated configuration to the switch Configuration changes take effect immediately If you want the switch to retain the new values across a power cycle yo...

Страница 173: ...width profile Allocated Minimum Bandwidth Displays the sum of the minimum guaranteed bandwidth for all bandwidth profiles configured on this interface Maximum Bandwidth Displays the sum of the maximum allowable bandwidth for all bandwidth profiles configured on this interface Traffic class configuration Use this panel to create a traffic class ...

Страница 174: ...ID Enter the ID of the VLAN to be associated with the traffic class This is a value between 2 and 4094 Interface Select the interface to which the Traffic Class will be applied The pull down menu contains the port identification of all interfaces for which a traffic class may be configured Bandwidth Profile Select the Bandwidth Profile for the Traffic Class from the pull down menu The list contain...

Страница 175: ...raffic Class Traffic class summary This panel displays the traffic class information for all Traffic Classes in the system Traffic Class The number of the Traffic Class whose data is displayed in the rest of the line Name The user defined name of this Traffic Class Weight The weight of this Traffic Class Accept Byte Count The number of bytes accepted for the Traffic Class Type The only supported t...

Страница 176: ...h in Mbps This number is only known for physical interfaces Allocated Minimum Bandwidth Mbps The sum of the minimum guaranteed bandwidth for all traffic classes configured on this interface Allocated Maximum Bandwidth Mbps The sum of the maximum allowable bandwidth for all traffic classes configured on this interface Available Bandwidth Mbps The difference between the Nominal and Allocated Minimum...

Страница 177: ...Web Based Network Management 151 ...

Страница 178: ...152 NovaScale Blade 1 GB Intel Ethernet Switch Module Installation and User s Guide ...

Страница 179: ...publications on the NovaScale Blade Chassis Resource CD for more information Command Line Interface CLI conventions The Command Line Interface CLI syntax conventions and terminology are described in this section Each CLI command referenced in this document is illustrated using the structure outlined below Format Some commands such as show inventory do not require parameters Other commands such as ...

Страница 180: ...ameter The square brackets indicate that the parameter is optional and you may choose to enter a value in place of the brackets and text choice1 choice2 Enter one and only one of the values listed Values Some parameters are used frequently This section explains the format you should use when providing values for them ipaddr Enter a valid IP address made up of four decimal digits ranging from 0 to ...

Страница 181: ... ignored by the parser For example Script file for displaying the ip interface Display information about interfaces show ip interface ext 1 Displays information about the first external interface Display information about the next interface show ip interface ext 2 End of the script file Special characters Certain special key combinations speed up use of the CLI They are listed in this section Also...

Страница 182: ...is mode the NovaScale Blade 1GB Intel Ethernet Switch Module does not respond to remote management commands from the four external Ethernet ports on the switch module See the applicable Installation and User s Guide publications on the Resource CD for additional instructions for configuring the NovaScale Blade 1 GB Intel Ethernet Switch Module for this mode of operation You can choose to enable re...

Страница 183: ...e prompted to enter a user ID followed by a password Enter USERID in response to the prompt for a user ID and enter PASSW0RD in response to the prompt for a password notice the use of the zero and not the O This will give you Read write access to the switch module By default the switch module has one Read only account named GUEST The password for the Read only GUEST account is left blank just pres...

Страница 184: ...ted and press Enter 2 Type your password when prompted and press Enter NOTE The passwords used to access the switch module ARE case sensitive Only the user with Read write privileges can add new user accounts or make changes to existing user accounts Before you can update a user account you must also enter the password if any for that user account Complete the following steps to update a user acco...

Страница 185: ...the MAC addresses of the IP stations communicating with the switch Format show arp switch MAC Address A unicast MAC address of a device on a subnet attached to one of the switch s routing interfaces for which the switch has forwarding and or filtering information The format is six two digit hexadecimal numbers separated by hyphens for example 01 23 45 67 89 AB IP Address The IP address associated ...

Страница 186: ...y hyphens for example 00 01 00 23 45 67 89 AB Port The physical interface on which the MAC address was learned ifIndex The ifIndex of the MIB interface table entry associated with the port Status The status of the entry The possible values are Static The value of the corresponding instance was added by the system or a user and cannot be relearned Learned The entry was learned by observing the sour...

Страница 187: ... at least 2 000 entries the actual number depends on the platform and OS and is erased when an attempt is made to add an entry after it is full Format show eventlog File The source code filename identifying the code that detected the event Line The line number within the source file of the code that detected the event Task Id The OS assigned ID of the task reporting the event Code The event code p...

Страница 188: ...162 NovaScale Blade 1 GB Intel Ethernet Switch Module Installation and User s Guide NOTE Message log information is not retained across a switch module reset and wraps after 512 entries ...

Страница 189: ...all enable disable config port lacpmode Use this command to enable or disable the Link Aggregation Control Protocol LACP on one or more ports Default disable Format config port lacpmode port listofports all enable disable config port linktrap Use this command to enable or disable link status traps for one or more ports NOTE This command is valid only when the Link Up Down Flag is enabled see confi...

Страница 190: ...e port then the duplex mode and speed will be set by the auto negotiation process Note that the port s maximum capability full duplex 100M will be advertised The factory default is auto Physical Status Indicates the port speed and duplex mode Link Status Indicates whether the link is up or down Link Trap Indicates whether or not a trap will be sent when link status changes The factory default is e...

Страница 191: ...nfigured Not Configured will be displayed Mirrored Port The port that is configured as the mirrored port If this value has not been configured Not Configured will be displayed Simple Network Management Protocol SNMP SNMP community commands config snmpcommunity accessmode Use this command to configure SNMP access to switch information for a specific community name The access mode can be Read only a...

Страница 192: ...ess 9 47 128 0 and the corresponding IP mask 255 255 255 0 a range of incoming IP addresses would match i e the incoming IP address could equal 9 47 128 0 9 47 128 255 The default value is 0 0 0 0 The parameter name is the applicable community name and may be up to 16 alphanumeric characters Default 0 0 0 0 Format config snmpcommunity ipmask ipmask name config snmpcommunity mode Use this command t...

Страница 193: ... 255 The default value is 0 0 0 0 Access Mode The access level for this community Either Read write or Read only Status The status of this community Either enable or disable SNMP trap commands config snmptrap create Use this command to add an SNMP trap receiver community name and associated IP address The maximum length of name is 16 case sensitive alphanumeric characters Format config snmptrap cr...

Страница 194: ...ty config network javamode Use this command to enable or disable the java applet that displays a picture of the switch module at the top right of the screen when you are using the Web interface If you run the applet you will be able to click on the picture of the switch to select configuration screens instead of using the navigation tree at the left side of the screen The factory default is disabl...

Страница 195: ... command to configure the number of simultaneous Telnet and Secure Shell SSH sessions that can be established A value of 0 indicates that no Telnet session can be established The range is 0 to 5 Default 5 Format config telnet maxsessions 0 5 config telnet mode Use this command to allow or disallow new Telnet and SSH sessions If sessions are enabled new Telnet sessions can be established until ther...

Страница 196: ...g users delete Use this command to remove a user account Format config users delete name NOTE The admin user account cannot be deleted config users passwd Use this command to change the password of an existing user The password is up to eight alphanumeric characters and is case sensitive After you enter this command you will be prompted for the user s current password If none press enter Default B...

Страница 197: ...lt no encryption Format config users snmpv3 encryption user none des key show users info Use this command to display the configured user names and their settings This command is only available for the user with Read write privileges Format show users info User Name The name the user will use to login using the serial port Telnet or Web User Access Mode Shows whether the user is able to change para...

Страница 198: ...ected System description config prompt Use this command to change the prompt that is displayed when you use the CLI You may enter up to 64 alphanumeric characters Format config prompt system prompt config syscontact Use this command to configure the name of the person or organization responsible for the switch The range for name is from 1 to 31 alphanumeric characters Format config syscontact cont...

Страница 199: ...ctets The total number of packets including bad packets received that were between 256 and 511 octets in length excluding framing bits but including FCS octets Packets Received 512 1023 Octets The total number of packets including bad packets received that were between 512 and 1023 octets in length excluding framing bits but including FCS octets Packets Received 1024 1518 Octets The total number o...

Страница 200: ...ts received that had a length excluding framing bits but including FCS octets of between 64 and 1518 octets inclusive but had a bad Frame Check Sequence FCS with a non integral number of octets Rx FCS Errors The total number of packets received that had a length excluding framing bits but including FCS octets of between 64 and 1518 octets inclusive but had a bad Frame Check Sequence FCS with an in...

Страница 201: ...ansmitted Successfully Total Packets Transmitted Successfully The total number of packets that have been transmitted by this port to its segment Unicast Packets Transmitted The total number of packets that higher level protocols requested be transmitted to a subnetwork unicast address including those that were discarded or not sent Multicast Packets Transmitted The total number of packets that hig...

Страница 202: ...02 3x Pause Frames Transmitted The number of MAC Control frames received on this interface with an opcode indicating the PAUSE operation This counter does not increment when the interface is operating in half duplex mode GVRP PDUs Received The number of GARP VLAN Registration Protocol GVRP PDUs received by the Generic Attributes Registration Protocol GARP layer GVRP PDUs Transmitted The number of ...

Страница 203: ...ed show stats switch detailed Use this command to display detailed statistics for all CPU traffic Format show stats switch detailed Received Octets Received The total number of octets of data received by the processor excluding framing bits but including FCS octets Packets Received Without Errors Total number of packets received on the network Unicast Packets Received The number of subnetwork unic...

Страница 204: ...Transmit Packets Discarded The number of outbound packets that were chosen to be discarded even though no errors had been detected One possible reason for discarding a packet could be to free up buffer space Table Entries Most Address Entries Ever Used The highest number of Forwarding Database Address Table entries used by this switch module since the last reboot Address Entries In Use The number ...

Страница 205: ...ted from the switch module Broadcast Packets Transmitted The total number of packets that higher layer protocols requested to be transmitted to the broadcast address including those that were discarded or not sent Transmit Packet Errors The number of outbound packets that could not be transmitted because of errors Address Entries Currently In Use The number of learned and static Forwarding Databas...

Страница 206: ...ration changes that you have made including those saved to NVRAM will be lost You will be prompted to confirm that the reset should proceed Format clear config clear igmpsnooping Use this command to clear the tables managed by the Internet Group Management Protocol IGMP Snooping function The switch will attempt to delete these entries from the Multicast Forwarding Database MFDB You will be prompte...

Страница 207: ...l connection If you have any saved configuration changes you will be prompted to save them If you logout without issuing a save config command any configuration changes you have made will be lost Format logout ping Use this command to have the switch transmit a Ping request to a specified IP address This checks whether the switch can communicate with a particular IP device The switch will send thr...

Страница 208: ...wnloaded to the switch The switch will remember the last file name used You may specify the file path as part of the file name if the string is less than 31 characters Otherwise use the transfer download path command This command is valid only when the Transfer Mode is TFTP See transfer download mode Format transfer download filename name transfer download path Use this command to specify the dire...

Страница 209: ...e shows three ways to specify the same TFTP client to server file transfer Each scenario involves uploading the config bin file from the switch to the location c tftp on the server The different scenarios are shown below The directory path statement can be cleared by issuing the clear config command Format transfer upload path path transfer upload datatype Use this command to specify the type of f...

Страница 210: ...th statement is generally required to setup the TFTP client however the client path may remain blank See the following path setup example transfer upload serverip Use this command to configure the IP address of the server on which a file to be uploaded is to be located It is valid only when the transfer mode is TFTP See transfer upload mode Default 0 0 0 0 Format transfer upload serverip ipaddr tr...

Страница 211: ... Format config trapflags multiusers enable disable config trapflags stpmode Use this command to enable or disable STP traps When enabled topology change notification trap messages will be sent Default enable Format config trapflags stpmode enable disable show trapflags Use this command to display trap conditions When the condition identified by an active trap is encountered by the switch a trap me...

Страница 212: ...ection describes the commands you use to manage the switch and to show the current management settings This section also provides detailed explanations of said switching commands The commands are divided into nine groups Generic Attributes Registration Protocol GARP commands IGMP snooping commands Link Aggregation LAG commands MAC filter commands Mirroring commands Multicast Forwarding Database MF...

Страница 213: ...GVRP is enabled The time may range from 10 to 100 centiseconds Default 20 centiseconds 0 2 seconds Format config garp jointimer port listofports all 10 100 config garp leavealltimer Use this command to configure how frequently LeaveAll PDUs are generated for the specified port s A LeaveAll PDU indicates that all registrations will be unregistered Participants would need to rejoin in order to maint...

Страница 214: ...tribute before deleting the attribute Current attributes are a VLAN or a multicast group This allows time for another station to assert registration for the same attribute in order to maintain uninterrupted service There is an instance of this timer on a per port per GARP participant basis Permissible values are 20 to 600 centiseconds 0 2 to 6 0 seconds in increments of 1 centisecond 0 01 seconds ...

Страница 215: ...r of a LAG IGMP Snooping functionality will be disabled on that interface IGMP Snooping functionality will subsequently be re enabled if routing is disabled or the interface is deleted from the LAG Default disable Format config igmpsnooping interfacemode port listofports all enable disable config igmpsnooping maxresponse Use this command to configure the IGMP Maximum Response time on the NovaScale...

Страница 216: ...es with multicast routers attached Interfaces Enabled for IGMP Snooping This is the list of interfaces on which IGMP Snooping is enabled The following status value is only displayed when IGMP Snooping is enabled Multicast Control Frame Count This displays the number of multicast control packets that have been processed by the CPU Link Aggregation LAG commands config lag addport Use this command to...

Страница 217: ...ters Use this command to modify the name that was associated with the LAG when it was created Format config lag name logical port name show lag Use this command to display an overview of all link aggregation groups LAGs on the switch Format show lag logical port listofports all Logical Port The logical port identifying the LAG in the format lag port LAG Name The name of this LAG Link State Indicat...

Страница 218: ...90 Filters may not be defined for MAC addresses 00 00 00 00 00 00 01 80 C2 00 00 00 to 01 80 C2 00 00 0F 01 80 C2 00 00 20 to 01 80 C2 00 00 21 FF FF FF FF FF FF The vlan parameter must identify a valid VLAN Up to 100 static MAC filters may be created Format config macfilter create macaddr vlan config macfilter deldest Use this command to remove one or more ports from the destination filter set fo...

Страница 219: ...ng the VLAN and six two digit hexadecimal numbers representing the MAC address separated by hyphens for example 00 01 00 23 45 67 89 AB Type Displays the type of the entry Static entries are those that are configured by the end user Dynamic entries are added to the table as a result of a learning process or protocol Description The text description of this multicast table entry Interfaces The list...

Страница 220: ...have been present in the MFDB table since the switch was reset This value is also known as the MFDB high water mark Current Entries Displays the current number of entries in the MFDB table show mfdb table Use this command to display the MFDB information If the command is entered with no parameter the entire table is displayed This is the same as entering the optional all parameter The user can dis...

Страница 221: ...mbination can only be associated with one group If adding an interface to a group causes any conflicts with protocols currently associated with the group this command will fail and the interface s will not be added to the group Format config protocol interface add groupid port listofports all config protocol interface remove Use this command to remove the interface from the protocol based VLAN gro...

Страница 222: ...tocol group All ports in the group will assign this VLAN ID to untagged packets received for the protocols identified for the group Interface s This field lists the port interface s that are associated with this protocol group Note that an interface can only belong to one group for a given protocol Spanning tree commands Spanning tree bridge commands config spanningtree bridge forwarddelay Use thi...

Страница 223: ...to display the STP settings for the bridge Format show spanningtree bridge Bridge Priority The priority component of the bridge identifier Valid values range from 0 61440 in increments of 4096 The lower the number the higher the priority The factory default is 32768 Bridge Identifier The unique identifier associated with this bridge instance It consists of the bridge priority and the bridge s base...

Страница 224: ...port is the port to be affected The priority value is a number in the range of 0 to 240 in increments of 16 Default 128 Format config spanningtree cst port priority port 0 240 show spanningtree cst detailed Use this command to display STP settings for the CST Format show spanningtree cst detailed Bridge Priority The value of the first two octets of the eight octet Bridge ID Valid values are 0 to 6...

Страница 225: ...panningtree cst port detailed Use this command to display the settings and parameters for a specific switch port within the CST The port is the port to be affected Format show spanningtree cst port detailed port Port Identifier The port identifier for this port within the CST Port Priority The priority of the port within the CST Port Forwarding State The forwarding state of the port within the CST...

Страница 226: ...ing and broken Port Role The role of the specified port within the spanning tree Link Status The operational status of the link Possible values are Up or Down Link Trap The link trap configuration for the specified interface Spanning tree port commands config spanningtree port migrationcheck Use this command to force the specified port to transmit RST BPDUs The port parameter specifies the port s ...

Страница 227: ...t config spanningtree adminmode enable disable config spanningtree forceversion Use this command to select which version of the STP will be used The version can be one of the following 802 1D IEEE 802 1D functionality supported STP BPDUs are transmitted rather than R Rapid STP BPDUs 802 1w IEEE 802 1w functionality supported RSTP BPDUs are transmitted rather than STP BPDUs Default IEEE 802 1D Form...

Страница 228: ...d VLAN one that is created by GVRP registration to a static VLAN one that is permanently configured and defined The number identifies an existing VLAN Format config vlan makestatic 2 4094 config vlan mcaststorm Use this command to enable or disable multicast storm control for a particular VLAN If multicast storm control is enabled storms are controlled by counting the number of multicast packets w...

Страница 229: ...able or disable ingress filtering for the specified port s for the specified VLAN If ingress filtering is disabled tagged packets received with VLAN IDs that do not match the VLAN membership of the receiving interface are admitted and forwarded to ports that are members of that VLAN Default disable Format config vlan port ingressfilter enable disable port listofports all config vlan port priority ...

Страница 230: ...lue for broadcast storm control in packets per second Port Indicates which port is associated with the fields on this line Current Displays the degree of participation of this port in this VLAN The permissible values are Include This port is always a member of this VLAN This is equivalent to registration fixed in the IEEE 802 1Q standard Exclude This port is never a member of this VLAN This is equ...

Страница 231: ...on this port When enabled a frame is discarded if this port is not a member of the VLAN with which the frame is associated In a tagged frame the VLAN is identified by the VLAN ID in the tag In an untagged frame the VLAN is the Port VLAN ID specified for the port that received this frame When disabled all frames are accepted and forwarded in accordance with the 802 1Q VLAN bridge specification The ...

Страница 232: ...d by counting the number of multicast packets within a certain time period If a count limit is exceeded the packets are discarded Class of Service commands config classofservice 802 1pmapping Use this command to map an User priority to a Traffic Class priority queue Default see table below Format config classofservice 802 1pmapping 0 7 0 7 show classofservice 802 1pmapping Use this command to show...

Страница 233: ...ist is currently assigned to a user or to the nonconfigured user The specified login list is the default login list included with the default configuration and was not created using the config authentication login set command Format config authentication login delete listname config authentication login set Use this command to configure an ordered list of methods for the specified authentication l...

Страница 234: ...ommand to display the ordered authentication methods for all authentication login lists Format show authentication login info Authentication Login List The login list whose information is displayed on this line Method 1 The first method in the login list if any Method 2 The second method in the login list if any Method 3 The third method in the login list if any show authentication login users Use...

Страница 235: ...ommand to assign the specified authentication login list to the specified user for port security The user must be a configured user and the listname must be a configured login list Format config dot1x login listname config dot1x port controlmode Use this command to configure the authentication mode to be used on the specified port or ports The control mode may be one of the following forceunauthor...

Страница 236: ...5 config dot1x port reauthenabled Use this command to enable or disable reauthentication of the supplicant for the specified port The reauthenabled value must be true or false If the value is true reauthentication will occur Otherwise reauthentication will not be allowed Default false Format config dot1x port reauthenabled port true false config dot1x port reauthenticate Use this command to begin ...

Страница 237: ... By default a user is given access to all ports Default all Format config dot1x port users add user port all config dot1x port users remove Use this command to remove the specified user from the list of users with access to the specified port s Format config dot1x port users remove user port all show dot1x port detailed Use this command to display the details of the IEEE 802 1X configuration param...

Страница 238: ...out the supplicant The value will be in the range of 1 and 10 Reauthentication Period secs The timer used by the authenticator state machine on this port to determine when reauthentication of the supplicant takes place The value is expressed in seconds and will be between 1 and 65535 Reauthentication Enabled Indicates whether reauthentication is enabled for the port Key Transmission Enabled Indica...

Страница 239: ...hat have been received by the authenticator port with an unrecognized frame type EAP Length Error Frames Received The number of EAPOL frames that have been received by the authenticator port with an incorrect length show dot1x port summary Use this command to display a summary of the IEEE 802 1x configuration parameters for the specified port s Format show dot1x port summary port listofports all P...

Страница 240: ...erver The IP address specified must match that of the previously configured accounting server If a port is already configured for the accounting server the new port will replace the previously configured value Default 1813 Format config radius accounting server port ipaddr 0 65535 config radius accounting server remove Use this command to remove a configured accounting server The IP address specif...

Страница 241: ...authenticators Pending Requests The number of RADIUS accounting request packets sent to this accounting server that have not yet timed out or received a response Timeouts The number of RADIUS packets sent to this accounting server that have timed out Unknown Types The number of RADIUS packets of unknown type received from this accounting server Packets Dropped The number of RADIUS packets received...

Страница 242: ...response is received Consideration should be given to the maximum delay time when configuring RADIUS maxretransmit and timeout values If multiple RADIUS servers are configured the maxretransmit value on each will be exhausted before the next server is attempted A retransmit will not occur until the configured timeout value on that server has passed without a response from the RADIUS server Therefo...

Страница 243: ...server Default 1812 Format config radius server port ipaddr 0 65535 config radius server primary Use this command to specify which configured server should be the primary server for this RADIUS client The primary is the server that is used by default for handling RADIUS requests The remaining configured servers are used only if the primary server cannot be reached A maximum of three servers can be...

Страница 244: ...cess Challenges The number of RADIUS access challenge packets both valid and invalid received from this server Malformed Access Responses The number of malformed RADIUS access response packets received from this server including packets with invalid length but not including packets with bad authenticators bad signature attributes or unknown types Bad Authenticators The number of RADIUS access resp...

Страница 245: ...ssh2 both show ssh info Displays the SSH settings Format show ssh info Administrative Mode Indicates whether the administrative mode of SSH is enabled or disabled Protocol Level The protocol level may have the values of version 1 version 2 or both versions 1 and 2 Connections Specifies the current SSH connections Secure Socket Layer SSL commands config http secureport Use this command to configure...

Страница 246: ...oning Access Control List ACL commands An ACL consists of a set of rules which are matched sequentially against a packet When a packet meets the match criteria of a rule the specified rule action permit deny is taken and the additional rules are not checked for a match This section describes the commands you use to specify the interfaces to which an ACL applies whether it applies to inbound or out...

Страница 247: ... IP address and mask match condition for the ACL rule referenced by the aclid and rulenum parameters The ipaddr and ipmask parameters are 4 digit dotted decimal numbers which represent the destination IP address and IP mask respectively Format config acl rule match dstip aclid rulenum ipaddr ipmask config acl rule match dstl4port keyword Use this command to specify a destination layer 4 port match...

Страница 248: ...ues Either this command or the config acl match protocol number command can be used to specify an IP protocol value as a match criterion Format config acl rule match protocol keyword aclid rulenum protocolkey config acl rule match protocol number Use this command to specify a protocol number as a match condition for the ACL rule referenced by the aclid and rulenum parameters The protocolnum parame...

Страница 249: ...e rules that are defined for the ACL The aclid is the number used to identify the ACL Format show acl detailed aclid Rule Number Displays the number identifier for each rule that is defined for the ACL Action Displays the action that will be taken if a packet matches the rule s criteria The choices are permit or deny Protocol Displays which IP protocol if any is a match condition for the rule The ...

Страница 250: ...rface to be associated with this profile The bandwidth allocation profile maximum bandwidth must be greater than or equal to the minimum bandwidth If this value is set to 0 it will not allow any traffic for this bandwidth allocation profile Default 100 Mpbs Format config bwprovisioning bwallocation maxbandwidth name maxbandwidth show bwprovisioning bwallocation detailed Use this command to display...

Страница 251: ...s association with a bandwidth allocation profile is automatically removed Format config bwprovisioning trafficclass delete name config bwprovisioning trafficclass port Use this command to attach a traffic class to a specific interface The port interface must indicate a valid physical or logical interface The sum of the minimum bandwidth allocations of all traffic classes associated with the same ...

Страница 252: ...ttached VLAN ID Displays the VLAN ID with which this traffic class is associated Weight Displays the weight of this traffic class Accept Byte Count Displays the number of bytes accepted Bandwidth Allocation Profile Displays the bandwidth allocation profile associated with this traffic class This field is blank when there is no bandwidth allocation profile associated with this traffic class The fol...

Страница 253: ...e Management 227 Bandwidth Allocation Profile Displays the bandwidth allocation profile associated with this traffic class This field is blank when there is no bandwidth allocation profile associated with this traffic class ...

Страница 254: ...228 NovaScale Blade 1 GB Intel Ethernet Switch Module Installation and User s Guide ...

Страница 255: ...omes with the product you are connecting to for matching cable pin assignments The following illustration and table show the standard RJ 45 receptacle connector and their corresponding pin assignments Table 7 Standard Ethernet cable RJ 45 pin assignment Contact pin number Label Media direct interface signal 1 TPO Tx transmit 2 TPO Tx transmit 3 TP1 Rx receive 4 TP2 Not used 5 TP2 Not used 6 TP1 Rx...

Страница 256: ...230 NovaScale Blade 1 GB Intel Ethernet Switch Module Installation and User s Guide ...

Страница 257: ...le 8 Maximum cable lengths Standard Data transmission rate Media type Maximum distance 1000BASE T 1000 Mbps Category 5e UTP cable Category 5 UTP cable 100 meters 328 1 ft 100BASE TX 100 Mbps Category 5 UTP cable 100 meters 328 1 ft 10BASE T 10 Mbps Category 3 UTP cable 100 meters 328 1 ft ...

Страница 258: ...232 NovaScale Blade 1 GB Intel Ethernet Switch Module Installation and User s Guide ...

Страница 259: ... ACL Rule None config acl rule create Bandwidth Provisioning Bandwidth Allocation Maximum 100 mbps config bwprovisioning bwallocation maximum Traffic Class Weight 1 config bwprovisioning trafficclass weight Security IEEE 802 1X Add users All config dot1x port users add Control Mode Auto config dot1x port controlmode Initialization Disable config dot1x port initialize Maximum of requests 2 config d...

Страница 260: ...nting server port Mode Disable config radius accounting mode Configuration Maximum Retransmits 4 config radius maxretransmits Timeout 5 minutes config radius timeout Server Server Port 1812 config radius accounting server port Secure Shell SSH Mode Disable config ssh adminmode Protocol Both SSH1 and SSH2 config ssh protocol Secure Socket Layer SSL Secure port 443 config http secureport Secure Prot...

Страница 261: ...er GARP leave all timer 1000 centiseconds config garp leavealltimer GARP leave timer 60 centiseconds config garp leavetimer GVRP GVRP administration disable config garp gvrp adminmode GVRP interface disable config gvrp gmrp interfacemode GVRP join timer 20 centiseconds config gvrp jointimer GVRP leave all timer 1000 centiseconds config gvrp leavealltimer GVRP leave timer 60 centiseconds config gvr...

Страница 262: ...ngtree bridge priority Configuration Admin Mode Disable config spanningtree adminmode Configuration name The base MAC address displayed using hexadecimal notation config spanningtree configuration name Forced Version IEEE 802 1D config spanningtree forceversion Revision level 0 config spanningtree configuration revision CST Edgeport False config spanningtree cst port edgeport Pathcost Auto config ...

Страница 263: ...nfig syscontact System Location Blank config syslocation System Name Blank config sysname Forwarding Database Forwarding Database aging time 300 seconds config forwardingdb agetime Port Configuration Auto Negotiation Enable config port autoneg Flow control Disable config port flowcontrol LACP mode Disable config port lacpmode Port Enable Enable config port adminmode Mirroring Mirroring Mode Disabl...

Страница 264: ...sessions Status Enable config telnet mode Ttimeout 5 config telnet timeout User Accounts Password Blank config users passwd SNMPv3 Access Mode R W for admin ReadOnly for others SNMPv3 Authentication No authorization config users snmpv3 authentication SNMPv3 Encryption No encryption config users snmpv3 encryption Utilities Transfer Transfer Upload Download Datatype Code transfer upload download dat...

Страница 265: ...nticate Trapflags Enable config trapflags authentication Trapflags Linkmode Enable config trapflags linkmode Trapflags Multiusers Enable config trapflags multiusers Trapflags STP Enable config trapflags stpmode Table 9 Default settings for run time switching software variables continued Heading Sub heading Variable Default value Command ...

Страница 266: ...240 NovaScale Blade 1 GB Intel Ethernet Switch Module Installation and User s Guide ...

Страница 267: ...aScale Blade 1 GB Intel Ethernet Switch Module SWITCHING clear config igmpsnooping lag dot1x port stats pass radius stats stats port switch transfer traplog vlan config acl create delete interface add remove rule action create delete match dstip dstl4port keyword number every protocol keyword number ...

Страница 268: ...te delete set bwprovisionin g bwallocation create delete maxbandwidth trafficclass bwallocation create delete port vlan weight classofservice 802 1mapping dot1x adminmode defaultlogin login port controlmode initialize maxrequests quietperiod reauthenabled reauthenticate reauthperiod servertimeout supptimeout transmitperiod users add remove ...

Страница 269: ...eavealltimer leavetimer http secureport secureprotocol secureserver adminmode igmpsnooping adminmode groupmember shipinterval interfacemode maxresponse mcrtexpiretime lag addport adminmode create deletelag deleteport linktrap name loginsession close macfilter adddest create deldest remove mirroring create delete mode ...

Страница 270: ...bmode port adminmode autoneg flowcontrol lacpmode linktrap physicalmode prompt protocol create delete interface add remove protocol add remove vlan add remove radius accounting mode server add port remove secret maxretransmit server add msgauth port primary remove secret timeout snmpcommuni ty accessmode ...

Страница 271: ...dr mode spanningtree adminmode bridge forwarddelay hellotime maxage priority cst port edgeport pathcost priority forceversion port migrationchec k mode ssh adminmode protocol syscontact syslocation sysname telnet maxsessions mode timeout trapflags authentication linkmode multiusers ...

Страница 272: ...ultlogin delete login passwd snmpv3 accessmode authentication encryption vlan bcaststorm create delete makestatic mcaststorm name participation port acceptframe ingressfilter priority pvid tagging help logout ping reset system save config show acl detailed summary arp switch authentication login info users ...

Страница 273: ...dbw detailed summary classofservice 802 1pmappin g dot1x port detailed stats summary user summary eventlog forwardingdb agetime learned table garp info interface history http info igmpsnooping inventory lag loginsession macfilter mfdb gmrp igmpsnooping staticfiltering stats table mirroring ...

Страница 274: ...protocol radius accounting stats summary server stats summary stats summary snmpcommuni ty snmptrap spanningtree bridge cst detailed port detailed summary port summary ssh info stats port detailed summary switch detailed summary sysinfo telnet trapflags traplog users authentication info vlan detailed port ...

Страница 275: ...CLI Command Tree 249 summary transfer download datatype filename path serverip start upload datatype filename path serverip start ...

Страница 276: ...250 NovaScale Blade 1 GB Intel Ethernet Switch Module Installation and User s Guide ...

Страница 277: ... switch s base MAC address The default value is 32768 If all bridges retain their default priority values the bridge with the lowest MAC address will become the root bridge config spanningtree bridge priority 7680 Set new port priority levels Setting the priority level affects the likelihood of the port being elected as the root port of the spanning tree the lower the number the greater the probab...

Страница 278: ...gistration Protocol GMRP and GARP VLAN Registration Protocol GVRP These protocols are disabled by default config garp gmrp adminmode enable config garp gmrp interfacemode all config garp gvrp adminmode enable config garp gvrp interfacemode all While the Spanning Tree Protocol is needed to maintain the network topology forwarding of frames also requires that the switch learn the location of end sta...

Страница 279: ...efined in the base IEEE 802 1D standard While the old and new protocols will successfully interoperate the IEEE 802 1 standards committee recommends the use of the new protocol Configuration of the switch to support IEEE 802 1w is simple In normal operation the bridge timers are not used to control reconfiguration and the default values should be adequate Bridge and port priorities and path costs ...

Страница 280: ...config vlan create 2 config vlan name 2 vlan_two Assign the ports that will belong to vlan_one This will be a tagged VLAN only tagged packets will be accepted by member ports and all packets transmitted from member ports will be tagged config vlan participation include 1 bay 1 bay 2 config vlan port tagging enable 1 bay 1 bay 2 config vlan port acceptframe vlanonly 1 bay 1 bay 2 Assign the ports t...

Страница 281: ...the following example shows you how to configure and enable two LAGs on the same switch Create and name two LAGs config lag create lag_internet config lag create lag_server When the switch creates the LAGs it will assign logical interface IDs that you will use to identify them in subsequent commands Use the following command to find out what IDs have been assigned show lag all Add the physical por...

Страница 282: ...ical interfaces The script in the following example show you how to configure IGMP Snooping Enable IGMP Snooping on the switch config igmpsnooping adminmode enable IGMP Snooping will be enabled with default values for the group membership interval maximum response and multicast router present expiration timers This command overrides the default for the multicast router present expiration timer con...

Страница 283: ...e following example restricts access to the network to UDP and TCP traffic from a defined set of IP source addresses Create Access Control List 1 config acl create 1 Create Rule 1 for ACL 1 config acl rule create 1 1 Define the content of ACL 1 Rule 1 Packets will be accepted only if they are TCP packets from the source IP address set defined by the specified IP address and mask config acl rule ac...

Страница 284: ...8 NovaScale Blade 1 GB Intel Ethernet Switch Module Installation and User s Guide config acl interface add ext 2 inbound 1 config acl interface add ext 3 inbound 1 config acl interface add ext 4 inbound 1 ...

Страница 285: ...o point and ports connected to end stations edge ports to offer faster transitions to the forwarding state The config spanningtree forceversion command is used to switch from IEEE8021D operation to IEEE 802 1w operation The two versions of the protocol can interoperate within the same LAN it is not necessary for all bridges to run the same version Where IEEE 802 1D is mentioned in this document yo...

Страница 286: ... recognizes as the root bridge The path cost to the root from the transmitting port The port identifier of the transmitting port Bridge hello time The length of time between broadcasts of the hello message 2 seconds Bridge maxage time The length of time before topology information or information from BPDUs is discarded because it has aged out 20 seconds Bridge forward delay time The amount of time...

Страница 287: ...n to the same LAN as a designated port do not forward frames and are known as backup ports If all bridges have STP enabled with default settings the bridge with the lowest MAC address in the network will become the root bridge By increasing the priority lowering the priority number of a given bridge STP can be forced to select that bridge as the root bridge When STP is enabled using the default pa...

Страница 288: ... packets except BPDUs and LACPDUs are forwarded from or received by STP enabled ports until the forwarding state is enabled for that port IEEE 802 1w STP port states The IEEE 802 1w protocol definition speeds up the reconfiguration of the spanning tree using two new mechanisms Bridges exchange explicit acknowledgement frames Ports may be configured to transition directly to the forwarding state wh...

Страница 289: ...llo time cannot be longer than the Max Age Otherwise a configuration error will occur Max Age The Max Age can be from 6 to 40 seconds At the end of the Max Age if a BPDU has still not been received from the root bridge your bridge will start sending its own BPDU to all other bridges for permission to become the root bridge If your bridge has the lowest bridge identifier it will become the root bri...

Страница 290: ...cted in a loop is depicted in this section In this example you can anticipate some major network problems if the STP assistance is not applied If bridge A broadcasts a packet to bridge B bridge B will broadcast it to bridge C and bridge C will broadcast it back to bridge A and so on The broadcast packet will be passed indefinitely in a loop potentially causing a network failure STP can be applied ...

Страница 291: ... LAN 2 LAN 2 LAN 3 LAN 3 Bridge ID 15 Bridge ID 15 Bridge ID 30 Bridge ID 30 Port Cost 19 Port Cost 19 Port Cost 19 Port Cost 19 Port Cost 19 Port Cost 19 Port Cost 19 Port Cost 19 Port Cost 4 Port Cost 4 Port Cost 4 Port Cost 4 Port Cost 4 Port Cost 4 Bridge ID 20 Bridge ID 20 A B C Port 1 Port 1 Port 1 Port 1 Port 1 Port 1 Port 2 Port 2 Port 2 Port 2 Port 2 Port 2 Port 3 Port 3 Port 3 Port 3 Por...

Страница 292: ...ially assumes it is the root it then begins the exchange of BPDUs with other bridges This will determine which bridge in the network is the best choice for the root bridge If there is only one bridge on the network no BPDU exchange occurs the forward delay timer expires and the ports move to the learning state All STP enabled ports enter the discarding state following the bridge startup A port in ...

Страница 293: ...om learning to forwarding when its forward delay timer expires A port in the learning state does the following Discards frames received from the network segment to which it is attached Discards packets sent from another port on the bridge for forwarding Learns station location information from the source address of packets and adds this information to its forwarding database Receives BPDUs for the...

Страница 294: ...g state does the following Forwards packets received from the network segment to which it is attached Forwards packets sent from another port on the bridge for forwarding Incorporates station location information into its address database Receives BPDUs and directs them to the system CPU Transmits BPDUs from the system CPU Receives and responds to network management messages The following illustra...

Страница 295: ...Understanding and Troubleshooting the Spanning Tree Protocol 269 ...

Страница 296: ...hat this STP port state should not be confused with the port s administrative state A disabled port does the following Discards packets received from the network segment to which it is attached Discards packets sent from another port on the bridge for forwarding Does not add addresses to its forwarding database Neither receives nor transmits BPDUs The following illustration shows the actions that ...

Страница 297: ...o receive these BPDUs for longer than the Max Age time default of 20 seconds it could start to change its port 2 from the discarding state to the forwarding state NOTE To remain in the discarding state a port must continue to receive BPDUs that advertise superior paths There are several circumstances in which the algorithm can fail mostly related to the loss of a large number of BPDUs These situat...

Страница 298: ...will be dropped If the BPDUs sent from bridge A to bridge B are dropped for longer than the Max Age bridge B will lose its connection to the root bridge A and will unblock its connection to bridge C This will create a data loop Unidirectional link Unidirectional links can be caused by an undetected failure in one side of a fiber cable or by a problem with a port s transceiver Any failure that enab...

Страница 299: ...d of the CPU and other factors to converge If the CPU is over utilized it is possible that BPDUs might not be sent in a timely fashion STP is generally not very CPU intensive and is given priority over other processes so this type of error is rare It can be seen that very low values for the Max Age and the Forward Delay can result in an unstable spanning tree The loss of BPDUs can lead to data loo...

Страница 300: ...nt links can then be built into the network STP is well suited to maintaining connectivity in the event of a device failure or removal but is poorly suited to designing networks Know which links are redundant Organize the redundant links and tune the port cost parameters of STP to force those ports into the discarding state For each VLAN know which ports should be discarding in a stable network A ...

Страница 301: ... B Trunks by default carry all the VLAN traffic from VLAN 1 and VLAN 2 Therefore bridge C is not only receiving traffic for VLAN 1 but also unnecessary broadcast and multicast traffic for VLAN 2 Bridge C is also discarding one port for VLAN 2 Thus there are three redundant paths between bridges A and B and two blocked ports per VLAN This increases the chance of a data loop ...

Страница 302: ...he VLAN definitions are extended to bridges A and B This gives only a single blocked port per VLAN and enables the removal of all redundant links by removing bridge A or B from the network A B C D Blocked Blocked VLAN 1 VLAN 1 VLAN 1 VLAN 1 VLAN 1 VLAN 1 VLAN 2 VLAN 2 VLAN 2 VLAN 2 VLAN 2 VLAN 2 Trunk ...

Страница 303: ...es the diagnostic tests that you can perform Most systems operating systems and programs come with information that contains troubleshooting procedures and explanations of error messages and error codes If you suspect a software problem see the information for the operating system or program Using the documentation Information about your server platform and pre installed software if any is availab...

Страница 304: ...278 NovaScale Blade 1 GB Intel Ethernet Switch Module Installation and User s Guide ...

Страница 305: ...LICATION Your comments will be promptly investigated by qualified technical personnel and action will be taken as required If you require a written reply please include your complete mailing address below NAME Date COMPANY ADDRESS Please give this technical publication remarks form to your BULL representative or mail to Bull Documentation Dept 1 Rue de Provence BP 208 38432 ECHIROLLES CEDEX FRANCE...

Страница 306: ..._ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ The latest revision will be provided if no revision number is given NAME Date COMPANY ADDRESS PHONE FAX E MAIL For Bull Subsidiaries Identification For Bu...

Страница 307: ......

Страница 308: ...BULL CEDOC 357 AVENUE PATTON B P 20845 49008 ANGERS CEDEX 01 FRANCE 86 A1 23ER 00 REFERENCE ...

Отзывы:

Нет отзывов

Похожие инструкции для 1GB Intel Ethernet Switch Module

Бренд: Valve Concepts Страницы: 16

Бренд: Ubisys Страницы: 2

Бренд: Datavideo Страницы: 8

Бренд: Faulhaber Страницы: 66

Бренд: Samson Страницы: 52

Бренд: Harsco Industrial Страницы: 57

Бренд: Quectel Страницы: 95

Бренд: ICAS Страницы: 51

Бренд: Icar Страницы: 40

Бренд: Icar Страницы: 86

Бренд: Icar Страницы: 39

Бренд: IBP Страницы: 12

Бренд: SOMFY Страницы: 112

Бренд: tell Страницы: 11

Бренд: Woodward Страницы: 32

Бренд: Nibe Страницы: 92

Бренд: Yoshitake Страницы: 14

Бренд: Samson Страницы: 32

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды