manualshive.com logo in svg

Corecess R1-SW24L2B, Руководство пользователя

Поделиться
Скачать
Corecess R1-SW24L2B Скачать руководство пользователя страница 217

 

Configuring Security   

10-7 

Defining Access Lists 

The Corecess R1-SW24L2B provides basic traffic filtering capabilities with access control lists. 
You can configure access lists at your system to control access to a network: access lists can 
prevent certain traffic from entering or exiting a network.   
 
To define access lists, enter the following command in Privileged mode: 

Table 10-2    Defining access lists

 

Command 

Task 

configure terminal 

1. 

Enter the Global configuration mode. 

access-list

 <list-number>  

{

permit

|

deny

} <source-ip>  

[<wildcard>]  

access-list

 <list-number>  

{

permit

|

deny

}  

host

 <host-addr> 

access-list

 <list-number> 

{

permit

|

deny

any

 

2. Configure an ACL with the IP addresses you want to allow or 

deny to access the system. 

y

 <list-number>

: Number of the standard access list (1 ~ 

99, 1300 ~ 1999)

 

y

  

permit

: Permits the frame whose source address matches 

the condition.

 

y

  

deny

: Denies the frame whose source address matches the 

condition.

 

y

  

dynamic

: Permits the frame whose source address 

matches the condition dynamically.

 

y

  

<source-ip>

: The IP address of the source network or 

host in hexadecimal form (xxx.xxx.xxx.xxx).

 

y

  

<wildcard>

: Wildcard bit to be applied to 

<source-

ip>

. The wildcard is a four-part value in dotted-decimal 

notation (IP address format) consisting of ones and zeros. 
Zeros in the mask mean the packet's source address must 
match the 

<source-ip>

. Ones mean any value matches.

   

y

 

host

: Indicates only the specified IP address for which the 

access actions are available.

 

y

  

any

: Configures the policy to match on all host addresses.

 

end 

3. Return to the Privileged mode. 

show access-list 

4. Verify the defined access lists. 

 

Note:  

 

x

 The wildcard is a four-part value in dotted-decimal notation (IP address format) consisting of ones and zeros. 

Zeros in the mask mean the packet's source address must match the <source-ip>. Ones mean any value 
matches. For example, the <source-ip> and <wild-card> values 209.157.22.26 0.0.0.255 mean that all 
hosts in the Class C sub-net 209.157.22.x match the policy. 

x

 The packets that do not match any entries in an access list are denied. 

 

Содержание R1-SW24L2B

Страница 1: ...Edition 00 Distribution 2006 06 Corecess Layer2 Ethernet Switch R1 SW24L2B User s Manual...

Страница 2: ...ublisher The specifications and information regarding the products in this manual are subject to changed without notice Trademark Credit Corecess R1 SW24L2B is registered trademark of Corecess Inc Oth...

Страница 3: ...deal for safety in installing and using the product 9 This manual can also be downloaded from Corecess website www corecess com 9 If you have any problems or questions during installation or while usi...

Страница 4: ...urier New y Values entered by user are displayed in bold Courier New Notations in Command Syntax In this manual the following indications are used to explain the syntax of console commands y Console c...

Страница 5: ...e of product reference and its related materials Caution Explains possible situations or conditions of improper operation and possibility of losing data and provides suggestions how to deal with those...

Страница 6: ...ormal operation It also describes the way to unpack the Corecess R1 SW24L2B box and verify the contents Chapter 4 Installation This chapter describes how to mount the Corecess R1 SW24L2B on a rack con...

Страница 7: ...Control Protocol LACP Chapter 13 Configuring STP RSTP This chapter describes how to configure STP Spanning Tree Protocol on the Corecess R1 SW24L2B Appendix A Product Specifications Appendix A descri...

Страница 8: ...Features 1 8 Switching and Routing Performence 1 8 Memory 1 8 Interface 1 8 Two Option Slots 1 8 Software Features 1 8 Layer 2 Switching Function 1 8 QoS Quality of Service 1 8 Security 1 8 Network M...

Страница 9: ...8 Gigabit Ethernet Port LED A B 2 8 Chapter 3 Before Installaion 3 8 Precautions 3 8 General Precautions 3 8 Power Considerations 3 8 AC Power 3 8 Preventing ESD 3 8 Installing and Servicing the Syst...

Страница 10: ...gging out From CLI 5 8 Prompt 5 8 Getting Help 5 8 CLI Command Usage Basics 5 8 Entering CLI Commands 5 8 Specifying Ports 5 8 Editing Commands 5 8 Configuring Basic System Parameters 5 8 Setting the...

Страница 11: ...Port Configuration 6 8 Configuring Ports 6 8 Disabling or Enabling a Port 6 8 Changing the Transmission Mode 6 8 Setting the Port Speed 6 8 Configuring Flow Control on a Port 6 8 Setting the Port Nam...

Страница 12: ...ON 8 8 Enabling RMON 8 8 Configuring History Groups 8 8 Configuring Statistics Groups 8 8 Configuring Event Groups 8 8 Configuring Alarm Groups 8 8 Displaying RMON Information 8 8 SNMP and RMON Config...

Страница 13: ...riority for a Transmission Queue 9 8 Configuring Shaping 9 8 Configuring Broadcast Suppression 9 8 QoS Configuration Commands 9 8 Chapter 10 Configuring Security 10 8 Configuring Password and Session...

Страница 14: ...ace 11 8 Displaying the List of Interfaces IGMP Fast leave is Enabled 11 8 Displaying IGMP Group Membership Time 11 8 IGMP Snooping Commands 11 8 Chapter 12 Configuring LACP 12 8 LACP Link Aggregation...

Страница 15: ...onfiguration Commands 13 8 Appendix A Product Specifications A 8 Hardware Specifications A 8 Software Specifications A 8 Appendix B Connector Cable Specifications B 8 Connector Specifications B 8 RJ 4...

Страница 16: ...Module 2 8 Table 2 15 Specifications of Gigabit Ethernet Port 2 8 Table 2 16 LED Functions of the OPT N2CS Module 2 8 Table 3 1 The Number of Required Person to Lift The System 3 8 Table 3 2 Temperatu...

Страница 17: ...dress to a VLAN 7 8 Table 7 6 Configuring trunk port 7 8 Table 8 1 Types of community strings 8 8 Table 8 2 Default SNMP configuration 8 8 Table 8 3 Setting the system contact and location information...

Страница 18: ...10 5 Filtering DHCP offer 10 8 Table 10 6 Filtering File and Resource Sharing Protocol 10 8 Table 10 7 Filtering Default Traffic 10 8 Table 10 8 Creating a class map 10 8 Table 10 9 Creating a policy...

Страница 19: ...ecess R1 SW24L2B hardware specifications A 8 Table A 2 Corecess R1 SW24L2B software specifications A 8 Table B 1 Pin Configuration of 10 100 1000Base T Port B 8 Table B 2 Pin Configuration of Console...

Страница 20: ...R1 SW24L2B User s Manual XX...

Страница 21: ...view This chapter introduces the Corecess R1 SW24L2B functions and features and describes several kinds of network examples configurable with the Corecess R1 SW24L2B 9 Introduction 1 2 9 Network Confi...

Страница 22: ...24L2B it is easy to configure networks that can flexibly respond to a variety of environmental needs As it can connect to a remotely located large Gigabit Ethernet backbone device by installing option...

Страница 23: ...interface Ethernet RJ 45 Two Option Slots The Corecess R1 SW24L2B provides one option slot in which a variety of option modules can be installed as follows Table 1 1 Types of Uplink module Uplink Modu...

Страница 24: ...y ToS Marking Reclassification y DSCP Marking Reclassification y SP Strict Priority and WRR Weight Round Robin Security The Corecess R1 SW24L2B supports the following security fuctions y System access...

Страница 25: ...is tools y Port Mirroring The Corecess R1 SW24L2B allows you to use the port mirroring feature without effecting the switching performance y Software Maintenance The Corecess R1 SW24L2B provides easy...

Страница 26: ...R1 SW24L2B User s Manual 1 6 Network Configurations This section describes example applications for the Corecess R1 SW24L2B L2 Switch...

Страница 27: ...Overview 1 7 E PON ONU...

Страница 28: ...R1 SW24L2B User s Manual 1 8...

Страница 29: ...chapter introduces the structures of the front and rear side of the Corecess R1 SW24L2B and describes the function and appearance of the cards provided for the Corecess R1 SW24L2B 9 System Chassis 2...

Страница 30: ...tice Power Input The power input is a terminal that connects external AC power of 100 240VAC by using a power cord Power Switch The power switch is used when turning the Corecess R1 SW24L2B on and off...

Страница 31: ...connect the console port to a console terminal use the included console cable A PC or workstation installed with a terminal emulation program or VT 100 terminal can be used as a console terminal Chap...

Страница 32: ...to the devices Flashing Data is being transmitted received through the port LINK ACT Green Off The port is disabled or not connecting to the device Fast Ethernet Port 1 24 The Corecess R1 SW24L2B prov...

Страница 33: ...ort 1000Base PX SFP Maximum cable length 10Km OPT N1EL1CD 1 port 10 100 1000Base TX RJ 45 1 port 100 1000Base LX SX SFP Duplex LC support 100M 1000M 1 port 1000Base PX SFP Maximum cable length 20Km OP...

Страница 34: ...1CD Module LED Color State Description On Indicates that the port have established a valid link with the network Blink Indicates that the port is transmitting or receiving data LINK Green Off Indicate...

Страница 35: ...45 connector and the LC connector SFP module cannot be used as Gigabit Ethernet port at the same time For example if a RJ 45 connector of 10 100 1000Base T port is connected to a Gigabit Ethernet devi...

Страница 36: ...t the port is operating at 1000Mbps speed SPEED 1000 Orange Off Indicates that the port is operating at 100Mbps speed OPT N1EL1CD The OPT N1EL1CD provides one Gigabit Ethernet PON port and one Gigabit...

Страница 37: ...al through an optical splitter The following table lists the specifications of the Gigabit Ethernet PON port on the OPT N1EL1CD module Table 2 10 Specifications of Gigabit Ethernet PON Port on the OPT...

Страница 38: ...000Mbps Connector Type RJ 45 Duplex LC Maximum Transfer Distance 100m y100 1000Base SX 550m y100 1000Base LX 10Km Transfer Media Twisted pair category 5 6 cable y100 1000Base SX 850nm Multi mode y100...

Страница 39: ...45 connector of 10 100 1000Base T port is connected to a Gigabit Ethernet device a LC connector of SFP port is automatically disabled The following table lists the specifications of the Gigabit Ethern...

Страница 40: ...e port is operating at 1000Mbps speed SPEED 1000 Orange Off Indicates that the port is operating at 100Mbps speed OPT N2CS The OPT N2CS module provides two Gigabit Ethernet combo ports RJ 45 SFP The S...

Страница 41: ...ed 10 100 1000Mbps 1000Mbps Connector Type RJ 45 Duplex LC Maximum Transfer Distance 100m y 1000Base SX 550m y 1000Base LX 10Km Transfer Media Twisted pair category 5 6 cable y 1000Base SX 850nm Multi...

Страница 42: ...R1 SW24L2B User s Manual 2 14...

Страница 43: ...ecautions for installation of the Corecess R1 SW24L2B and installation environment for the normal operation It also describes the way to unpack box of the Corecess R1 SW24L2B and verify the contents 9...

Страница 44: ...equipment Keep tie and scarf from getting slack and roll up the sleeves y Avoid any harmful action that damages the people or the equipment y In case that opening the case for repairing or test is req...

Страница 45: ...is a power distribution system with one point connected directly to earth ground The exposed conductive parts of the installation are connected to that point by protective earth conductors y Ensure t...

Страница 46: ...printed circuit board and connector pins y Avoid contact between the cards and clothing The wrist strap only protects the card from ESD voltages on the body ESD voltages on clothing can still cause da...

Страница 47: ...es are present within the power supply even when the power switch is off and the power cord is connected Grounding the System y Connect AC powered systems to grounded power outlets y Do not defeat the...

Страница 48: ...als on the wires y Bad plant wiring can result in radio frequency interference RFI y Strong EMI especially when it is caused by lightning or radio transmitters can destroy the signal drivers and recei...

Страница 49: ...nother equipment rack Heat exhaust from other equipment can enter the inlet air vents and cause an over temperature condition y Equipment near the bottom of a rack might generate excessive heat that i...

Страница 50: ...end at the knees not at the waist y Do not attempt to lift the system with the handles on the power supplies or on any of the cards These handles are not designed to support the weight of the system y...

Страница 51: ...ld always be kept Table 3 2 Temperature and humidity condition Operating Temperature 20 60 Storage Temperature 30 75 Operating Humidity 10 95 40 non condensing Power Supply y The Corecess R1 SW24L2B s...

Страница 52: ...3 And then verify whether there is a plastic bag that contains rack brackets and screws under the shipping carton Recommendation After unpacking do not throw away the box including cushions and keep t...

Страница 53: ...recess R1 SW24L2B on a rack connect the cables to the ports and connect the power 9 Installation Procedure 4 2 9 Rack Mounting 4 3 9 Connecting Network Devices 4 6 9 Connecting a Console Terminal 4 11...

Страница 54: ...esign allows the Corecess R1 SW24L2B to be mounted on a 19 inch rack Rack brackets and screws needed for rack mounting are enclosed with the product 2 Connect network devices Connect the Ethernet port...

Страница 55: ...low these guidelines could lead to an unsuccessful installation and possible damage to the system and components Checking the Rack Mount Space Before installing the Corecess R1 SW24L2B in a 19 inch ra...

Страница 56: ...mm Eight 8 pan head screws M3 6mm Note For more information about ESD refer to the Chapter 3 Before Installation Once all the tools and equipment are prepared mount the Corecess R1 SW24L2B on a 19 inc...

Страница 57: ...rack brackets installed on the Corecess R1 SW24L2B to the holes of the 19 inch rack And fix the brackets using four binder head screws Caution The following explanations should be noticed when install...

Страница 58: ...e described in Chapter 3 Before Installation and Appendix B Connectors and Cables Specifications 10 100Base TX Port The 10 100Base TX port on the front of the Corecess R1 SW24L2B can be connected with...

Страница 59: ...single mode fiber optic cable Rx 1310nm Tx 1490nm then connect the cable to the 1000Base PX SFP port of the OPT N1ES1CS or OPT N1EL1CS module and a Gigabit Ethernet PON device Single Mode Fiber Optic...

Страница 60: ...fiber optic cable Prepare the fiber optic cable of the duplex LC type and then connect to the Gigabit Ethernet network 1000Base LX SFP Module When the 1000Base LX SFP module is installed in the SFP m...

Страница 61: ...LX SFP module is installed in the SFP module slot use the 1310nm Single mode fiber optic cable Prepare the fiber optic cable of the duplex LC type and then connect to the Gigabit Ethernet network R1 S...

Страница 62: ...o 1000Mbps Using the twisted pair cable connect the 10 100 1000Base T port to the Gigabit Ethernet device Note The 10 100 1000Base T port on the uplink module support automatic MDIX feature which allo...

Страница 63: ...is directly connected to a VT 100 terminal or a PC that is to be used as a console terminal using a console cable comes with the Corecess R1 SW24L2B y In Band Access is gained from a PC or a VT 100 te...

Страница 64: ...nal Connect the PC or terminal to the console port on the Corecess R1 SW24L2B using the console cable included with the Corecess R1 SW24L2B Console cable RJ 45 DB 9 y Console cable included with the s...

Страница 65: ...erationts referred to the Chapter 3 Before Installation y Be sure that the power switch on the rear panel is turned off O 1 Check that the power switch is in the OFF O position 2 Connect the power cor...

Страница 66: ...cooling fans are operating 5 If power is properly supplied to the Corecess R1 SW24L2B the RUN LED turns on in green And you will see the following message on the console terminal U Boot 1 1 1 Wed Sep...

Страница 67: ...000000 6 Once the initialization is properly completed in a short while the RUN LED flickers in green And the following login message is displayed on the console screen login Now the Corecess R1 SW24L...

Страница 68: ...R1 SW24L2B User s Manual 4 16...

Страница 69: ...ly be used without additional configuration explained in this chapter If the default configuration should be changed according to user s network environment refer to the contents in this chapter 9 Bef...

Страница 70: ...ed to the console port 1 To access the Corecess CLI on the console screen the console port on the Corecess R1 SW24L2B should be connected to a serial port DB 9 of the console terminal using a console...

Страница 71: ...in Wed Feb 25 14 28 13 on console localhost 5 To configure the Corecess R1 SW24L2B enter the Privileged mode by enable command If you enter Privileged mode the prompt is changed from localhost to loca...

Страница 72: ...features for the specific VLAN interface QoS The QoS configuration mode allows you to configure QoS Quality of Service on the system Class map The Class map configuration mode allows you to configure...

Страница 73: ...localhost disable localhost If you enter the exit privileged mode command you can exit form the CLI corecess exit login Entering Global Configuration Mode Global configuration mode allows you to chang...

Страница 74: ...m the policy map mode by using the exit command localhost config pmap exit localhost config qos exit localhost config exit localhost This example shows how to return to Privileged mode from the policy...

Страница 75: ...le provides the prompt of the main command modes Table 5 3 Prompt of the main command modes Command Mode Prompt User corecess Privileged corecess Global corecess config Interface corecess config if Qo...

Страница 76: ...configure Configuration from vty interface copy Copy from one file to another debug delete Delete diag Diagnosis mode disable Turn off privileged mode command enable enable end End current mode and d...

Страница 77: ...A B C D clear interface vlan id 1 4094 update rootfs image id 1 100 write file write memory write terminal write terminal port fastethernet gigabitethernet adsl vdsl shdsl switchfabric stacking WORD...

Страница 78: ...execute the configure terminal command at Privileged command mode localhost con t localhost config But if you enter only co t the following error message will be displayed Because there are copy and...

Страница 79: ...the following line editing commands To enter a line editing command use the CTRL key combination for the command by pressing and holding the CTRL key then pressing the letter associated with the comma...

Страница 80: ...1 Enter Privileged mode configure terminal 2 Enter Global configuration mode interface management 3 Enter Interface configuration mode for configuring management interface ip address ip address M 4 As...

Страница 81: ...p route default 172 27 1 254 config end config show interface management Interface management index 2 metric 1 mtu 1500 UP BROADCAST RUNNING MULTICAST HWaddr 00 90 a3 cd 0e b0 inet 172 27 68 100 16 br...

Страница 82: ...ble 1 Enter Privileged mode configure terminal 2 Enter Global configuration mode username name password password 8 3 Add a user y name The user ID for entering the CLI y password The password for the...

Страница 83: ...o Privileged mode write memory 4 Save the configuration change The following is an example of changing a password of the user kka configure terminal config username kka password R1SW24L2B config end w...

Страница 84: ...4L2B User s Manual 5 16 The following is an example of deleting the user kka and verify the deletion configure terminal config no username kka config end show username write memory Building Configurat...

Страница 85: ...the hostname command in Global configuration mode Table 5 9 Changing the system name Command Task configure terminal 1 Enter Global configuration mode hostname system name 2 Specify the system name y...

Страница 86: ...mode clock set time date month year 2 Specify the current system time and date y time Current time in hours minutes and seconds in the format hh mm ss example 16 24 00 y day Current day by date in th...

Страница 87: ...acts the same as broadcast client mode only instead of broadcast messages IP address 255 255 255 255 multicast messages are sent IP address 224 0 1 1 y Server mode In server mode the Corecess R1 SW24...

Страница 88: ...not enabled this command has no effect If you enable NTP and do not specify a time zone UTC is shown by default The default time zone is UTC To set the time zone follow this procedure Table 5 12 Sett...

Страница 89: ...ow to set the time zone and the area code to Asis Seoul config ntp region Asia 54 New NTP region area is Asia Seoul Seoul system must be rebooted config end show ntp config ntp region Asia 54 ntp enab...

Страница 90: ...lizes You can upload or download the startup configuration file via FTP or TFTP Caution Whenever you make changes to the Corecess R1 SW24L2B configuration you must save the changes to memory so they w...

Страница 91: ...ving the current running configuration Command Write memory write file copy running config startup config The following example shows how to save the configuration changes to NVRAM using the write mem...

Страница 92: ...following commands in Privileged mode Table 5 14 Restoring default configuration Commands Task copy factory default start up config 1 Restore the default configuration reset system 2 Restart the Corec...

Страница 93: ...following is a sample output of the show cpuinfo command show cpuinfo cpu 405GP clock 200MHz revision 1 69 pvr 4011 0145 bogomips 197 04 machine IBM Walnut plb bus clock 100MHz pci bus clock 33MHz Th...

Страница 94: ...30008 kB HighTotal 0 kB HighFree 0 kB LowTotal 56016 kB LowFree 12108 kB SwapTotal 0 kB SwapFree 0 kB The table below describes the fields shown by the show meminfo command Table 5 16 show meminfo fie...

Страница 95: ...emory in Kilobytes HighTotal Amount of memory which is not mapping to kernel directly This is different according to the type of the used kernel HighFree Amount of free memory which is not mapping to...

Страница 96: ...trol Module active N A 1 2 OPT N1ES1CD insert up N A 2 24 R1 SW24L2B insert up N A Module Version Hw Fw Sw 1 release rev patch N A N A N A 2 release rev patch 0 0 18 N A N A The table below describes...

Страница 97: ...ature C F Current Temperature 30 86 Max Min Threshold 90 80 194 176 Each field shown by the show system command describes the following information about system state Table 5 18 show system field desc...

Страница 98: ...ow ip route 4 If the interface is properly configured check the default gateway configuration This example shows how to ping a host with IP address 172 27 2 49 ping 172 27 2 49 PING 172 27 2 49 172 27...

Страница 99: ...e not been received from the host or network host is unreachable Host is unreachable Network is unreachable 2 Network is unreachable This example shows how to perform a traceroute to the host whose IP...

Страница 100: ...ize of the ICMP datagrams being sent o Indicates the sequence number of the switch router in the path to the host p IP address of the router q Round trip time for each of the three probes that are sen...

Страница 101: ...via 172 19 1 254 management B 100 100 10 0 24 20 0 via 172 19 3 153 management 1d20h55m B 100 100 11 0 24 20 0 via 172 19 3 153 management 1d20h55m B 100 100 14 0 24 20 0 via 172 19 3 153 management 1...

Страница 102: ...laying system logs saved in the log file y Clearing system logs in the log file Specifying Event Level All events occurred in the Corecess R1 SW24L2B don t need to be stored in the system log file You...

Страница 103: ...ileged mode show logging 3 Verify the configuration write memory 4 Save the changed configuration The following example configures the sys events of the lower levels Emergency Alert Critical and Error...

Страница 104: ...rfaces vlan Events related to VLAN Virtual LAN spantree Events related to spanning tree and bridge lacp Events related to LACP Link aggregation Control Protocol igmp Events related to IGMP and IGMP sn...

Страница 105: ...nsole Command Task logging console enable disable 1 Configure whether to display log messages on the console y enable Displays log messages on the console y disable Doesn t display log messages on the...

Страница 106: ...he log messages y ip address IP address of a remote host y host name Host name of a remote host end 2 Return to Privileged mode show logging 3 Check the result write memory 4 Save the changed configur...

Страница 107: ...mmand Task logging session enable disable 1 Configure whether to display log messages on Telnet sessions y enable Displays log messages on Telnet sessions y disable Doesn t display log messages on Tel...

Страница 108: ...ode Table 5 26 Saving log messages in a log file Command Task logging file enable disable 1 Configure whether to save the log messages in a log file y enable Saves log messages in a file y disable Doe...

Страница 109: ...is inserted Nov 14 10 07 09 localhost SYS 6 SYS_MODULE module 2 is inserted Nov 14 10 07 09 localhost SNMP 5 COLDSTART Cold Start Nov 14 10 07 10 localhost PORT 6 LINK_CHANGE 1 1 ifIndex 1 Link Up Up...

Страница 110: ...Privileged mode Table 5 28 Downloading software from a remote TFTP server Command Task copy tftp flash tftp ip image file name 1 Download specified file from the TFTP server y tftp ip IP address of th...

Страница 111: ...base osapp kt_0 0 6 img tftp data 10000 Kbytes show flash image System flash directory File Length bytes Name status 1 10352627 r1sw24l2 base osapp 1 0 13 img 2 10331844 r1sw24l2 base osapp hphong_0...

Страница 112: ...R1 SW24L2B User s Manual 5 44...

Страница 113: ...Chapter 6 Configuring Ports This chapter describes how to configure the Ethernet ports 9 Default Port Configuration 6 2 9 Configuring Ports 6 3 9 Displaying Port Information 6 8...

Страница 114: ...TX Full duplex depending on option modules Port speed Auto STP status Enabled on eth0 default VLAN 10 100Base TX 19 Cost 1000Base PX 1000Base LX 1000Base SX 1000Base TX 4 Port STP priority 32 VLAN Al...

Страница 115: ...in Global configuration mode Command Task port port type slot port admin enable disable 1 Enable or disable the specified port y port type The type of Ethernet port to configure fastethernet Configur...

Страница 116: ...mode of the specified port y port type The type of Ethernet port to configure fastethernet Configures Fast Ethernet port gigabitethernet Configures Gigabit Ethernet port y slot Slot number 1 2 y port...

Страница 117: ...type The type of Ethernet port to configure fastethernet Configures Fast Ethernet port gigabitethernet Configures Gigabit Ethernet port y slot Slot number 1 2 y port Port number 1 24 y port speed Port...

Страница 118: ...l status use the following command in Global configuration mode Command Task port port type slot port flowctl status 1 Configure the flow control of the specified port y port type The type of Ethernet...

Страница 119: ...rt gigabitethernet 1 1 name uplink port config Setting Trap You can enable or disable the operation of the standard SNMP link trap for a port By default the SNMP link trap of the ports on the Corecess...

Страница 120: ...LT notconnect 1 a off a half a 0 100BaseT 2 3 DEFAULT notconnect 1 a off a half a 0 100BaseT 2 4 DEFAULT notconnect 1 a off a half a 0 100BaseT 2 21 DEFAULT notconnect 1 a off a half a 0 100BaseT 2 22...

Страница 121: ...limited 0 M If Index Logical ID 87 access type eferred nt Port 2 23 Statistics Counters All bytes Unicast Multicast Broadcast Discard Error in 0 0 0 0 0 0 out 0 0 0 0 0 0 Port Error Counters input run...

Страница 122: ...er of the outgoing packets on the port Unicast Total number of the outgoing packets on the port Multicast Total number of the outgoing packets on the port Broadcast Total number of the outgoing packet...

Страница 123: ...sion multi Number of frames transmitted without any error following multiple collisions consecutive Number of frames that have experienced 16 consecutive collisions or more not including late collisio...

Страница 124: ...R1 SW24L2B User s Manual 6 12...

Страница 125: ...Chapter 7 Configuring VLAN This chapter describes how to configure the VLAN and VLAN interface 9 VLAN Configuration 7 2...

Страница 126: ...applied immediately without rebooting system or using additional command To maintain the modified configuration after rebooting the system save the configuration using write memory command in Privile...

Страница 127: ...rom 2 to 4094 Enter a vlan command with an unused ID to create a VLAN Enter a vlan command for an existing VLAN to modify the VLAN To create a VLAN perform this task in the Privileged mode Table 7 2 C...

Страница 128: ...in Global configuration mode Table 7 3 Assigning ports to a VLAN Commands Task vlan id vlan id name vlan name port port type slot port 1 Assign the specified ports to the VLAN y vlan id VLAN ID y vlan...

Страница 129: ...the VLAN y network num IP address y M subnet mask end 3 Return to Privileged mode show interface vlan id vlan id name vlan name 4 Verify the VLAN configuration y vlan id Id of the VLAN to display y vl...

Страница 130: ...Task interface vlan id vlan id name vlan name 1 Enter Interface configuration mode y vlan id ID of the VLAN to configure y vlan name Name of the VLAN to configure ip address network num M secondary 2...

Страница 131: ...end show interface vlan id 1 Interface vlan1 index 28 kernel index 4 metric 1 mtu 1500 UP BROADCAST RUNNING MULTICAST HWaddr 00 01 02 00 00 db inet 172 27 2 100 16 broadcast 172 27 255 255 input packe...

Страница 132: ...trip the 802 1Q tags from the frame header instead the tunnel port leaves the 802 1Q tags intact and puts all the received 802 1Q traffic into the VLAN assigned to the tunnel port The VLAN assigned to...

Страница 133: ...and vlan2 configure terminal config vlan id 2 port gigabitethernet 1 2 config dot1q port gigabitethernet 1 2 tag 1 2 config end show dot1q Port allowed 802 1q Static and Dynamic Vlans created by GVRP...

Страница 134: ...R1 SW24L2B User s Manual 7 10...

Страница 135: ...ter 8 Configuring SNMP and RMON This chapter describes how to configure SNMP and RMON on the Corecess R1 SW24L2B 9 Configuring SNMP 8 2 9 Configuring RMON 8 18 9 SNMP and RMON Configuration Commands 8...

Страница 136: ...an for network growth SNMP Basic Components SNMP consists of the following three key components y Managed Device y SNMP Agent and Management Information Base MIB y SNMP Manager Managed Device A manage...

Страница 137: ...g tree topology changes occur and when authentication failures occur The MIB is the information base the SNMP agent must keep available for the managers This information base contains objects whose va...

Страница 138: ...tNext Request Message is an extended type of request message that can be used to browse the entire tree of management objects When processing a Get next request for a particular object the agent retur...

Страница 139: ...ives read and write access to authorized management stations to all objects in the MIB but does not allow access to the community strings Read write all Gives read and write access to authorized manag...

Страница 140: ...R1 SW24L2B has System Contact variable and System Location variable displaying the system contact information and system location information The values of these variables can be browsed or modified v...

Страница 141: ...Administrator at phone 2734 System location information 1st_floor lab configure terminal config snmp server contact Dial System Administrator at phone 2734 config snmp server location 1st_floor lab co...

Страница 142: ...munity strings Command Task configure terminal 1 Enter Global configuration mode snmp server community community string auth 2 Define the SNMP community strings for each access type y community string...

Страница 143: ...hen there are access attempts with unauthorized IP address sysconfig Sends a trap message when the system backup configuration is changed entity Sends a trap message when there is Entity Management In...

Страница 144: ...following example enables the port and auth traps configure terminal config snmp server enable traps port config snmp server enable traps auth config end show snmp server RMON Enabled Extended RMON E...

Страница 145: ...al 1 Enter Global configuration mode snmp server host ip address community port udp port default 2 Add a trap host y ip address The IP address or host name of an SNMP host that has been configured to...

Страница 146: ...ess to the system via SNMP To configure SNMP access group by using access lists use the following commands in Privileged mode Table 8 8 Configuring SNMP access groups Command Task configure terminal 1...

Страница 147: ...r command show snmp server RMON Enabled Extended RMON Extended RMON module is not present sysContact Dial System Administrator at phone 2734 sysLocation 1st_floor lab Community Access Community String...

Страница 148: ...tact string unknown sysLocation SNMP system location string unknown Community Access Configured SNMP communities read only read write community Community String SNMP community strings associated with...

Страница 149: ...ommunity strings show snmp server community list community pubilc access ro community private access rw community corecess access ro The table below describes the fields shown by the show snmp server...

Страница 150: ...rrors Maximum packet size 1500 3 No such name errors 0 Bad values errors 0 General errors 9994 Response PDUs 0 Trap PDUs The table below describes the fields shown by the show snmp server statistics c...

Страница 151: ...er of SNMP set requests that failed due to some other error It was not a noSuchName error badValue error or any of the other specific errors Response PDUs Number of responses sent in reply to requests...

Страница 152: ...ey escalate to crisis situations For example the Corecess R1 SW24L2B can identify the hosts on a network that generate the most traffic or errors The RMON allows you to set up automatic histories whic...

Страница 153: ...up of statistics on Ethernet Fast Ethernet and Gigabit Ethernet interfaces for a specified polling interval 3 Alarm RMON group 3 Monitors a specific management information base MIB object for a specif...

Страница 154: ...the RMON on the Corecess R1 SW24L2B end 3 Return to Privileged mode show snmp server 4 Verify that RMON is enabled This example shows how to enable the RMON on the Corecess R1 SW24L2B and how to veri...

Страница 155: ...ket However you can create additional histories for a specific port This allows you to configure the time interval to take the sample and the number of samples you want to save To configure an RMON hi...

Страница 156: ...nformation on a history group enter the show rmon history command with the history number show rmon history 1 Entry 1 is valid and owned by aaa Monitors ifEntry ifIndex 1 every 10 seconds Requested of...

Страница 157: ...entry in the EtherStatsTable The EtherStatsTable also contains control parameters for this group To configure an RMON statistics group use the following commands in Global configuration mode Table 8 1...

Страница 158: ...To display the detail information on a statistics group enter the show rmon statistics command with the statistics number show rmon statistics 1 Entry 1 is valid and owned by dddd Monitors ifEntry if...

Страница 159: ...ent use the following commands in Privileged mode Table 8 17 Configuring RMON event group Command Task configure terminal 1 Enter Global configuration mode rmon event index description string trap com...

Страница 160: ...alid ifIndex 1 Gi 1 1 2 valid ifIndex 2 Fa 2 1 history index status dataSource 1 valid ifIndex 1 Gi 1 1 alarm index status sample event index status type 10 valid logandtrap To display the detail info...

Страница 161: ...event You can specify rising or falling thresholds indicating network faults such as slow throughput or other network related performance problems You specify rising thresholds when you want to be not...

Страница 162: ...vent index rising event number falling event number owner alarm owner 2 Set an alarm on a MIB object y index Alarm number 1 65535 y interval MIB object monitoring interval 1 2147483647 seconds y type...

Страница 163: ...ch the alarm is reset 0 2147483647 y rising event index Event number to trigger when the rising threshold exceeds its limit 0 65535 y falling event index Event number to trigger when the falling thres...

Страница 164: ...old 1000 100 event index 1 1 owner kimka Can t fetch the MIB values config To display the detail information on an alarm group enter the show rmon alarm command with the alarm number show rmon alarm 1...

Страница 165: ...able y statistics Displays the RMON statistics table If you do not specify any option the contents of the RMON alarm table event table history table and statistics table are displayed The following is...

Страница 166: ...entry statistics dataSource Data source of the RMON statistics entry Index Index of the RMON history entry into the historyTable Status Status of the RMON history entry history dataSource Data source...

Страница 167: ...le history table and statistics table snmp server community Configures the SNMP community strings snmp server contact Specifies the system contact information snmp server disable traps Disable a SNMP...

Страница 168: ...R1 SW24L2B User s Manual 8 34...

Страница 169: ...ng QoS This chapter describes how to configure QoS Quality of Service on the Corecess R1 SW24L2B 9 QoS Ovewview 9 2 9 Configuring QoS 9 17 9 Configuring Non Class map QoS Features 9 32 9 QoS Configura...

Страница 170: ...e such as bandwidth use efficiently QoS consists of the Classifier and the Traffic manager The Classifier classifies traffic and the Traffic Manager processes the classified traffic as follows The Cla...

Страница 171: ...1 IGMP 2 The following values are set in the eight bit of TOS field also called DSCP field in the header of Layer 3 packet MRZ Must Be Zero D Minimum Delay T Maximum Throughput R Maximum Reliability C...

Страница 172: ...IP Address and TCP UDP Port Number y Class based Classification QoS level is marked in the packet Packet Classification using the value of the 802 1p field and IP TOS DSCP IP Prec field Classificatio...

Страница 173: ...y the QoS profile Rule Input Port Output Port Source MAC Destination MAC 802 1P VLAN ID Source IP Destination IP Protocol ID TOS Source TCP UDP Port Destination TCP UDP Port TCP Flag QoS Profile 1 2 3...

Страница 174: ...ate to engaged bandwidth then informs the comparing result to action block Action block decide how to process traffic depending on the result There are three methods to process the result as follows y...

Страница 175: ...nit of bytes Token is filled up in the token bucket for a certain rate When packets are arrived the same amount of tokens is removed from the token bucket The variables of policer can be substituted f...

Страница 176: ...token method uses only one bucket and dual token method uses two bucket In dual token bucket method RFC 2698 tr TCM algorithm the first bucket receives tokens at PIR rate and the second bucket receiv...

Страница 177: ...nerally used y Strict Priority Queuing y WRR Weight Round Robin y WFQ Weight Fair Queuing y DWRR Deficit Weight Round Robin SPQ Strict Priority Queuing In this method each queue has assigned prioritie...

Страница 178: ...acket is transmitted through the second queue Q2 then a packet is transmitted through the third queue Q3 WRR method can specify priority to each queue and prohibit starvation as above The disadvantage...

Страница 179: ...300byte packet can be processed because the queue can process up to 1000bytes Then deficit counter becomes 200 After other queues process their packet the queue become in the order The deficit counter...

Страница 180: ...eficit counter becomes 700 Picture 3 There is no packet in the number 1 of queue so the DWRR scheduler visits the number 2 of queue The deficit counter is set as 500byte and 500byte packet is transmit...

Страница 181: ...r If there is enough bandwidth to transmit the stored traffic is transmitted This method is more flexible than policing but is not useful in real time traffic such as voice traffic because transfer de...

Страница 182: ...p In Tail drop method if there is no space to store packets packets that arrived after full of the queue are discarded The ratio that packets are discarded is 1 when the amount of packet in the queue...

Страница 183: ...cy map Packet Classification Packet classification partitions traffic into multiple priority levels or classes of service The Corecess R1 SW24L2B uses the values in the following fields of the layer 1...

Страница 184: ...ess by which the system limits the bandwidth consumed by a flow of traffic You can limit the bandwidth of a specific traffic flow by using a policy map or limit the full bandwidth of a port Transmit Q...

Страница 185: ...Policy Map Class A class map consists of criteria for classifying traffic into several classes The first task for configuring QoS service policy is defining class maps A policy map consists of classes...

Страница 186: ...e ToS Type of Service value 0 7 ip prec The IP precedence value 0 7 ip sa The source IP address ip da The destination IP address mac sa The source MAC address mac da The destination MAC address tcp dp...

Страница 187: ...SW24L2B should classify traffic enter the following commands in Global configuration mode Table 9 2 Creating a class map Command Task qos 1 Enter QoS configuration mode 8021p classification enable 2...

Страница 188: ...e To delete the criteria enter the no match command in the qos configuration mode The following example shows how to create a class map and define a classification criterion by using the source IP add...

Страница 189: ...ass2 Match Content ip da 10 10 10 1 0 0 0 255 tcp dpn 25 Total Entries 2 write memory Building Configuration OK To delete a class map use the no class map class map name command in the QoS configurati...

Страница 190: ...wings are QoS actions which can be included in a policy map y filter Action for deciding whether the traffic is discarded or forwarded y mark Action for configuring the values to be set in the DSCP IP...

Страница 191: ...it to proc bandwidth bandwidth weight percentage priority value rate limit rate target rate tcflow monitoring 4 Configures Qos actions for the class Refer to the following sections for configuring QoS...

Страница 192: ...map using the no class command in the policy map configuration mode The no class command does not delete the class map but disconnects the relation between the policy map and the class map To delete...

Страница 193: ...r QoS configuration mode policy map policy map name 2 Create a policy map and enter policy map configuration mode y policy map name The name of a policy map class class name 3 Specify the class to whi...

Страница 194: ...Create a policy map and enter policy map configuration mode y policy map name The name of a policy map class class name 3 Specify the class to which the policy map applies and enter policy map class...

Страница 195: ...ap name The name of a policy map class class name 3 Specify the class to which the policy map applies and enter policy map class configuration mode y class name The name of the class to which the poli...

Страница 196: ...he queue precedence command in the QoS configuration mode The following is a procedure for specifying the user defined priority for a traffic class Table 9 7 Specifying a priority of a traffic class i...

Страница 197: ...class class name 3 Specify the class to which the policy map applies and enter policy map class configuration mode y class name The name of the class to which the policy map applies rate limit rate ta...

Страница 198: ...rvice policy service name policy map policy map name input port port type slot port output port port type slot port 2 Attach a policy map to an input port or an output port to be used as the service p...

Страница 199: ...Configuring QoS 9 31 Name service1 Linked PolicyMap policy1 Port In 1 2 Port Out 1 2 Total Entries 1 write memory Building Configuration OK...

Страница 200: ...n the 802 1p CoS is disabled the IP precedence and DSCP values are used for QoS To enable the 802 1p CoS and assign the priority to a interface for 802 1p class of service perform this task in the Glo...

Страница 201: ...rity of 6 to the Gigabit Ethernet port 1 1 which belongs to the default VLAN config qos config qos 8021p user priority 6 vlan 1 port gigiabitethernet 1 1 config qos 8021p enable config qos end show us...

Страница 202: ...ut port port type slot port rate target rate 2 Configure the maximum bandwidth of a specific port y input port Applies rate limiting on an input port y output port Applies rate limiting on a output po...

Страница 203: ...oS field Command Task qos 1 Enter QoS configuration mode 8021p precedence value1 value2 value3 2 Input the values tos user vlan in the order of high priority y value1 Specify the highest priority valu...

Страница 204: ...value4 2 Input the values tos user vlan or class in the order of high priority y value1 Specify the highest priority value y value2 Specify the second highest priority value This value is used when th...

Страница 205: ...figuration mode shaping output port port type slot port rate target rate 2 Configure shaping for traffic that transmits through the specified output port y port type Port type fastethernet gigabitethe...

Страница 206: ...oadcast storm control command in QoS configuration mode Table 9 15 Configuring broadcast suppression Command Task qos 1 Enter QoS configuration mode broadcast storm control port port type slot port vl...

Страница 207: ...Configuring QoS 9 39 8021p enable 8021p user priority 6 vlan 1 port fastethernet 2 1...

Страница 208: ...dence or DSCP field of a traffic class match cos Specifies the CoS as a match criterion of a class map match dscp Specifies the DSCP as a match criterion of a class map match ip da Specifies the desti...

Страница 209: ...ty of a traffic class during network congestion condition rate limit Configures the rate limiting to a traffic class rate limit Applies the rate limiting feature to the specified port service policy D...

Страница 210: ...R1 SW24L2B User s Manual 9 42...

Страница 211: ...chapter describes how to configure security features on the Corecess R1 SW24L2B 9 Configuring Password and Session Timeouts 10 2 9 Configuring Access Lists 10 6 9 Configuring Packet Filtering 10 11 9...

Страница 212: ...The default user name and password are corecess To change the default login password perform the following tasks in User mode passwd Changing password for corecess Old password Enter the new password...

Страница 213: ...asswd command in the Global configuration mode The following example sets the Privileged mode password to R1SW24 by the enable passwd command configuration in the Global mode config enable passwd R1SW...

Страница 214: ...manner so that anyone entering write terminal commands will not be able to determine the clear text password The following example shows how to encrypt a user password and display the password on the...

Страница 215: ...login timeout enter the following command in the global configuration mode Table 10 1 Changing timeout for an unattended telent session Command Task line vty 1 Enter the VTY line configuration mode e...

Страница 216: ...her information Note that sophisticated users can sometimes successfully evade or fool basic access lists because no authentication is required You can use standard access lists to control the Telnet...

Страница 217: ...ynamic Permits the frame whose source address matches the condition dynamically y source ip The IP address of the source network or host in hexadecimal form xxx xxx xxx xxx y wildcard Wildcard bit to...

Страница 218: ...ermit 36 0 0 0 0 255 255 255 config end show access list Standard IP access list 1 permit 192 5 34 0 wildcard bits 0 0 0 255 permit 128 88 0 0 wildcard bits 0 0 255 255 permit 36 0 0 0 wildcard bits 0...

Страница 219: ...nd the addresses in the access list y out Restricts outgoing connections between the system and the addresses in the access list end 3 Return to Privileged mode write memory 4 Save the configuration T...

Страница 220: ...he access list to SNMP access Command Task configure terminal 1 Enter the global configuration mode snmp server group access list number 2 Apply the access list to SNMP access y list number Standard a...

Страница 221: ...DHCP server File and Resource Sharing Protocol Filtering Filter the following protocols to prevent file and resource sharing among hosts in the same VLAN Apple FileSharing Protocol Rendezvous Protoco...

Страница 222: ...nation MAC address The source MAC address The destination IP address The source IP address The destination TCP port number 0 65535 The source TCP port number 0 65535 The destination UDP port number 0...

Страница 223: ...DHCP OFFER packets enter the following command in Global configuration mode Table 10 5 Filtering DHCP offer Command Task qos 1 Enter QoS configuration mode dhcp offer filter discard port port type sl...

Страница 224: ...anual 10 14 The following example configures to discard all the DHCP OFFER packets received config qos config qos dhcp offer filter discard config qos end show dhcp offer filter Dhcp Offer Filter Port...

Страница 225: ...kets apple filesharing protocol filter discard 2 1 Refuse Apple FileSharing packets This command is applied to all ports netbios filter discard port port type slot port 2 2 Refuse NetBIOS packet recei...

Страница 226: ...config qos config qos apple filesharing protocol filter discard config qos netbios filter discard config qos rendezvous filter discard config qos upnp filter discard config qos end show running config...

Страница 227: ...ng To filter default traffic use the following commands Table 10 7 Filtering Default Traffic Command Task qos 1 Enter QoS configuration mode default traffic deny 2 Set default traffic to be refused en...

Страница 228: ...ification criteria for the class map 2 Creating a Policy Create a policy map specify the class to which the policy map applies and define the actions that you want the system to take for the particula...

Страница 229: ...fy the destination TCP port number as a match criterion of a class map y tcp port num The destination TCP port number 0 65535 match tcp spn tcp port num 6 Specify the source TCP port number as a match...

Страница 230: ...R1 SW24L2B User s Manual 10 20 show classmap class101 ClassMap Name class101 Match Content ip da 10 10 10 1 0 0 0 255 tcp dpn 25 write memory Building Configuration OK...

Страница 231: ...on mode y class name Class map name filter deny permit 4 Specify whether to filter the traffic class or not y deny Discards the class of traffic belonging to a policy map y permit Permits the class of...

Страница 232: ...The name of a service policy y policy map name The name of a policy map to be applied end 3 Return to the Privileged mode show service policy service policy name 4 Verify that the policy map is appli...

Страница 233: ...e to configure class maps Default traffic deny Discard all packets that is not classified by class map dhcp offer filter discard Discards the all DHCP OFFER packets received packets received through t...

Страница 234: ...R1 SW24L2B User s Manual 10 24...

Страница 235: ...ing This chapter describes how to configure IGMP snooping on the Corecess R1 SW24L2B 9 IGMP Internet Group Management Protocol 11 2 9 Configuring IGMP Snooping 11 3 9 Configuring IGMP Information 11 1...

Страница 236: ...of IP multicast traffic Switches can use IGMP snooping to configure Layer 2 interfaces dynamically so that IP multicast traffic is forwarded only to those interfaces associated with IP multicast devic...

Страница 237: ...ally enabled or disabled it is also enabled or disabled in all existing VLAN interfaces IGMP snooping is by default disabled on all VLANs but can be enabled and disabled on a per VLAN basis Global IGM...

Страница 238: ...is not a multicast route but a system that provides IGMP snooping functions and recognizes it as a multicast router it may stop its role as the IGMP querier if the IP address of the Corecess R1 SW24L2...

Страница 239: ...ethernet 1 1 config Note Multicast routers that support only IGMPv1 cannot process host membership report messages received from devices that support IGMPv2 In addition multicast routers which support...

Страница 240: ...rt port type slot port vlan id vlan id y port type Type of the port to enable IGMP fast leave fastethernet Fast Ethernet port gigabitethernet Gigabit Ethernet port y slot port Slot number and port num...

Страница 241: ...o configure of a member port fastethernet Fast Ethernet port gigabitethernet Gigabit Ethernet port y slot port Slot number and port number y vlan id VLAN ID 1 4094 This example shows how to add the Fa...

Страница 242: ...the absence of a group report The default value of IGMP group membership time is 260 seconds To change IGMP group membership time use the following command in Global configuration mode Command Task i...

Страница 243: ...igabit Ethernet port y slot port Slot number and port number The following example shows how to specify the number of multicast groups for the Fast Ethernet port 2 1 to 2048 and verify the result conf...

Страница 244: ...to the Corecess R1 SW24L2B and that were learned via IGMP snooping use the show ip igmp snoop command in Privileged mode Command Description show ip igmp snoop vlan id vlan id y vlan id VLAN ID 1 409...

Страница 245: ...criptions Filed Description vlan VLAN ID of the multicast group mac group MAC Address of the multicast group group ip IP Address of the multicast group In case of a static multicast group 0 0 0 0 is d...

Страница 246: ...rmation on all multicast router interfaces on the Corecess R1 SW24L2B show ip igmp snoop mrouter port vlan router ip 2 1 1 172 19 2 1 Total Number 1 The following table describes the fields in the sho...

Страница 247: ...ely removes a port when it detects an IGMP version 2 leave message on that VLAN or port The following is the sample output from show ip igmp snoop fast leave command show ip igmp snoop fast leave vlan...

Страница 248: ...as a member of a multicast group ip igmp snoop mrouter Configures a static router port show ip igmp snoop Displays the multicast groups with receivers that are directly connected to the router and tha...

Страница 249: ...roup which allows several ports to be connected together to operate as a single link This chapter describes how to configure a trunking group by using LACP Link Aggregation Control Protocol 9 LACP Lin...

Страница 250: ...n this case it is considered that several ports are connected between two systems But if there are several connections links between systems only one link is used automatically by STP protocol because...

Страница 251: ...plied to all trunks y Configured trunking groups by LACP can be connected regardless a device vendor QoS of Trunk Group When QoS is configured a trunk group acts as single port Instead the maximum ban...

Страница 252: ...t can exchange standard LACP Protocol Data Unit LACPDU messages to negotiate trunk group configuration with the port on the other side of the link In addition the Corecess R1 SW24L2B port actively sen...

Страница 253: ...value 0 65535 y port type The type of the port fastethernet Fast Ethernet port gigabitethernet Gigabit Ethernet port y slot port The slot number and port number of the port y active Enables active mod...

Страница 254: ...st Ethernet port configure terminal config lacp key 10 port fastethernet 2 1 mode active config end show lacp port fastethernet 2 1 Link State down Port Index 769 Oper Mode Active Actor Port Admin Key...

Страница 255: ...to be assigned to the port on the other side of the aggregation link perform this task in the Privileged mode Table 12 2 Configuring LACP partner key Command Task configure terminal 1 Enter Global con...

Страница 256: ...R1 SW24L2B User s Manual 12 8 Link State down Port Index 769 Oper Mode Active Actor Port Admin Key 10 Actor Admin State 0x07 Partner Port Admin Key 15 Partner Admin State 0x06...

Страница 257: ...ch A config lacp key 33 port fastethernet 2 1 4 mode active Switch A config end Switch A write memory Building Configuration OK Switch B The following shows how to configure link aggregation on the sw...

Страница 258: ...R1 SW24L2B User s Manual 12 10...

Страница 259: ...uring STP RSTP This chapter describes how to configure STP Spanning Tree Protocol on the Corecess R1 SW24L2B 9 Understanding STP 13 2 9 Configuring STP 13 8 9 Configuring RSTP 13 21 9 STP Configuratio...

Страница 260: ...tly and the other path is path 1 and path 2 through Switch B A loop is formed in this network because multiple active paths exist between Switch A and Switch C In this network end stations might recei...

Страница 261: ...he spanning tree topology and activates the standby path BDPU Bridge Data Protocol Unit Spanning tree consists of a root switch designated switches root port and designated ports The root switch is th...

Страница 262: ...switch If all switches are configured with the default priority 32768 the switch with the lowest MAC address in the VLAN becomes the root switch Path cost determines the selection of the root port an...

Страница 263: ...n the port or no spanning tree instance running on the port The following picture shows process of five port states A port that STP is operating always starts at the blocking state When a switch is in...

Страница 264: ...anning tree The algorithm calculates the best loop free path through a switched Layer 2 network by assigning a role to each port based on the role of the port in the active topology When two interface...

Страница 265: ...ate This allows rapid reconfiguration capability when the topology has changed Port State of RSTP There are three port states discarding learning forwarding in RSTP 802 1W The learning state and the f...

Страница 266: ...t STP configuration Feature Default Setting VLAN STP State RSTP is enabled by default on all VLANs Port STP State Disabled VLAN ID Switch priority 32768 Spanning tree port priority 128 10Mbps 2 000 00...

Страница 267: ...lt on the default VLAN and on all newly created VLANs To reenable STP on a VLAN after disabling it perform this task in Privileged mode Table 13 4 Enabling STP on a VLAN Command Task configure termina...

Страница 268: ...the network topology When STP is disabled and loops are present in the topology excessive traffic and indefinite packet duplication can drastically reduce network performance To disable STP on a per...

Страница 269: ...able STP on fastethernet Fast Ethernet port gigabitethernet Gigabit Ethernet port y slot port The slot number and port number of the Ethernet port end 3 Return to privileged mode show stp port port ty...

Страница 270: ...econfigured To change the bridge ID of a VLAN perform this task in Privileged mode Table 13 6 Configuring the bridge ID for a VLAN Command Task configure terminal 1 Enter global configuration mode stp...

Страница 271: ...ult priority 32768 hexa decimal 0x8000 enter the no stp bridge priority command in Global configuration mode config no stp bridge priority vlan id 2 config end show stp vlan id 2 VLAN ID 2 Protocol Op...

Страница 272: ...rarely use a port that is high speed because of a lack of stability or other reasons you specify high path cost of the port To configure the path cost for an Ethernet port perform this task in Privil...

Страница 273: ...show stp port fastethernet 2 1 Link State up Protocol Operation enabled Pathcost Encoding 32bit Port Number logical 129 Port Priority 0x8 Designated Path Cost 10 AdminEdge false Recommand We recomman...

Страница 274: ...perform this task in Privileged mode Table 13 8 Configuring STP encoding mode Command Task configure terminal 1 Enter global configuration mode stp pathcost encoding stp8021d1998 2 Configure the type...

Страница 275: ...y 2 Sets the spanning tree port priority for a specified Ethernet port y port type The type of Ethernet port fastethernet Fast Ethernet port gigabitethernet Gigabit Ethernet port y slot port The slot...

Страница 276: ...seconds default 2 seconds y vlan id VLAN ID 1 4094 stp max age value vlan id vlan id 3 Sets the STP maximum aging time for a VLAN y value The STP maximum aging time The maximum aging time is the numbe...

Страница 277: ...lo time vlan id 2 config The following example shows how to set STP forward delay timers to 20 seconds for a VLAN configure terminal config stp forward delay 20 vlan id 2 config end show stp vlan id 2...

Страница 278: ...g stp max age 30 vlan id 2 config end show stp vlan id 2 VLAN ID 2 HelloTime 2 s ForwardDelay 15 s Bridge MaxAge 25 s Bridge HelloTime 5 s Bridge ForwardDelay 20 s To return the STP max age timers to...

Страница 279: ...t y Setting the bridge ID y Configuring the path cost y Configuring STP encoding y Configuring the port priority y Setting spanning tree timers Hello time Max age Forward delay y Configuring spanning...

Страница 280: ...TP on a VLAN Command Task configure terminal 1 Enter Global configuration mode stp vlan id vlan id 2 Enable RSTP on a specified VLAN y vlan id VLAN ID 1 4094 end 3 Return to Privileged mode show stp v...

Страница 281: ...sive traffic and indefinite packet duplication can drastically reduce network performance To disable RSTP on a per VLAN basis enter the no stp vlan command in Global configuration mode The following e...

Страница 282: ...path cost Command Task configure terminal 1 Enter Global configuration mode port port type slot port pathcost path cost 2 Set the path cost for a specific port y port type The type of Ethernet port f...

Страница 283: ...ndation We recommend that you set the path cost as follows according to the running RSTP protocol version and the media speed of the port Port Speed Range 10Mbps 200000 20000000 100Mbps 20000 2000000...

Страница 284: ...8 Configuring STP encoding mode You can not configure the STP encoding mode for individual VLANs and the change affects to all spanning trees To change path cost of 16 bits to path cost of 32 bits aga...

Страница 285: ...g Spanning Tree Protocol Type Command Task configure terminal 1 Enter Global configuration mode stp protocol version stp vlan id vlan id 2 Set spanning tree protocol to STP on the specified VLAN y vla...

Страница 286: ...oop free Layer 2 operation since a non edge port is part of the active RSTP topology To configure an edge port use the following commands Table 13 15 Configuring an Edge Port Command Task configure te...

Страница 287: ...port Displays spanning tree information for the specified port show stp vlan Displays spanning tree information for the specified VLAN interface stp adminEdge port Configures a port as an Edge port st...

Страница 288: ...R1 SW24L2B User s Manual 13 30...

Страница 289: ...Appendix A Product Specifications Appendix A describes the specifications of the Corecess R1 SW24L2B 9 Hardware Specification A 2 9 Software Specification A 3...

Страница 290: ...64MB SDRAM y Flash memory 64MB System Dimension and Weight y Size 440 x 44 x 220mm W x H x D AC Power Supply Hardware y Frequency 50 60Hz y Input Voltage 100 240VAC y Input Voltage Range 88 264VAC Tem...

Страница 291: ...IEEE 802 3ad Link aggregation y Support the maximum 16 of aggregation Groups Multicasting Function y IGMP v2 0 y IGMP snooping QoS Function y Multi field packet classification y 802 1p CoS Marking Rec...

Страница 292: ...IP y RFC 792 ICMP y RFC 826 ARP y RFC 768 UDP y RFC 783 TFTPv2 y RFC 793 TCP y RFC 826 ARP y RFC 854 Telnet y RFC 951 BOOTP y RFC 1112 Host Extensions for IP Multicasting y RFC 1157 SNMPv1 y RFC 1165...

Страница 293: ...ations Appendix B describes the specifications of the ports on the Corecess R1 SW24L2B In addition the kinds and specifications of cables needed for the connection of each port 9 Connector Specificati...

Страница 294: ...s follows Table B 1 Pin Configuration of 10 100 1000Base T Port Pin Signal Pin Signal 1 Tx Rx 1 pair 5 Tx Rx 3 pair 2 Tx Rx 1 pair 6 Tx Rx 2 pair 3 Tx Rx 2 pair 7 Tx Rx 4 pair 4 Tx Rx 3 pair 8 Tx Rx 4...

Страница 295: ...e LX Port 100 1000Base LX ports on the uplink modules have Duplex LC connectors The cable used for connecting these LC connectors is multi mode fiber optic cable transmitting receiving wavelength 1310...

Страница 296: ...be connected to RJ 45 port In case of connecting with a device that operates at 10Mbps category 3 and 4 cable is used In case of connecting with a device that operates at 100Mbps category 5 cable is...

Страница 297: ...Length nm 100 1000Base SX Multi mode y Rx Tx 850nm OPT N1ES1CD OPT N1EL1CD OPT N2CD OPT N2CS Duplex LC 100 1000Base LX Single mode y Rx Tx 1310nm OPT N1ES1CD OPT N1EL1CD Simplex SC APC 1000Base PX Sin...

Страница 298: ...C APC Fiber Optic Cable The cable used for connecting the 1000Base PX SFP port on the OPT N1ES1CD module and OPT N1EL1CD module is fiber optic cable with simplex SC APC connectors at both ends transmi...

Страница 299: ...quipped with terminal emulation programs Console cable has an RJ 45 connector and a DB 9 connector at each ends Note Before connecting the console port ensure that console terminal is configured as fo...

Страница 300: ...R1 SW24L2B User s Manual B 8...

Отзывы:

Нет отзывов

Бренды по названию

Популярные бренды

Загрузить еще бренды