background image

xStack DES-6500 Modular Layer 3 Chassis Ethernet Switch User Manual

 

LAN - Local Area Network:

 A network of connected computing resources (such as PCs, printers, servers) covering a 

relatively small geographic area (usually not larger than a floor or building). Characterized by high data rates and low error 
rates. 

latency:

 The delay between the time a device receives a packet and the time the packet is forwarded out of the destination 

port. 

line speed

: See baud rate. 

main port:

 The port in a resilient link that carries data traffic in normal operating conditions. 

MDI - Medium Dependent Interface:

 An Ethernet port connection where the transmitter of one device is connected to the 

receiver of another device. 

MDI-X - Medium Dependent Interface Cross-over:

 An Ethernet port connection where the internal transmit and receive 

lines are crossed. 

MIB - Management Information Base:

 Stores a device's management characteristics and parameters. MIBs are used by the 

Simple Network Management Protocol (SNMP) to contain attributes of their managed systems. The Switch contains its own 
internal MIB.  

multicast:

 Single packets copied to a specific subset of network addresses. These addresses are specified in the destination-

address field of the packet. 

protocol:

 A set of rules for communication between devices on a network. The rules dictate format, timing, sequencing and 

error control. 

resilient link:

 A pair of ports that can be configured so that one will take over data transmission should the other fail. See also 

main port and standby port. 

RJ-45:

 Standard 8-wire connectors for IEEE 802.3 10BASE-T networks. 

RMON:

 Remote Monitoring. A subset of SNMP MIB II that allows monitoring and management capabilities by addressing 

up to ten different groups of information. 

RPS - Redundant Power System: 

A device that provides a backup source of power when connected to the Switch. 

server farm

: A cluster of servers in a centralized location serving a large user population. 

SLIP - Serial Line Internet Protocol:

 A protocol which allows IP to run over a serial line connection. 

SNMP - Simple Network Management Protocol:

 A protocol originally designed to be used in managing TCP/IP internets. 

SNMP is presently implemented on a wide range of computers and networking equipment and may be used to manage many 
aspects of network and end station operation. 

Spanning Tree Protocol (STP):

 A bridge-based system for providing fault tolerance on networks. STP works by allowing 

you to implement parallel paths for network traffic, and ensure that redundant paths are disabled when the main paths are 
operational and enabled if the main paths fail. 

stack:

 A group of network devices that are integrated to form a single logical device. 

standby port:

 The port in a resilient link that will take over data transmission if the main port in the link fails. 

switch: 

A device which filters, forwards and floods packets based on the packet's destination address. The switch learns the 

addresses associated with each switch port and builds tables based on this information to be used for the switching decision. 

TCP/IP:

 A layered set of communications protocols providing Telnet terminal emulation, FTP file transfer, and other services 

for communication among a wide range of computer equipment. 

telnet:

 A TCP/IP application protocol that provides virtual terminal service, letting a user log in to another computer system 

and access a host as if the user were connected directly to the host. 

TFTP - Trivial File Transfer Protocol:

 Allows you to transfer files (such as software upgrades) from a remote device using 

your switch's local management capabilities. 

UDP - User Datagram Protocol: 

An Internet standard protocol that allows an application program on one device to send a 

datagram to an application program on another device. 

VLAN - Virtual LAN:

 A group of location- and topology-independent devices that communicate as if they are on a common 

physical LAN. 

VLT - Virtual LAN Trunk

: A Switch-to-Switch link which carries traffic for all the VLANs on each Switch. 

VT100:

 A type of terminal that uses ASCII characters. VT100 screens have a text-based appearance. 

 

 

296

Содержание TM DES-6500

Страница 1: ...User Manual Product Model TM DES 6500 Modular Layer 3 Chassis Ethernet Switch Release 3 5 ...

Страница 2: ...rmission of D Link Computer Corporation is strictly forbidden Trademarks used in this text D Link and the D LINK logo are trademarks of D Link Computer Corporation Microsoft and Windows are registered trademarks of Microsoft Corporation Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products D Link Computer Corpor...

Страница 3: ... 6509 12 port Mini GBIC SFP switch module 4 DES 6510 RJ21 connectors provide 24 port 10BASE T 100BASE TX Fast Ethernet Switch module 4 DES 6511 Power Supply Modules 4 DES 6512 2 port 10 GE XFP Switch Module 4 Ethernet Technology 5 Fast Ethernet 5 Gigabit Ethernet Technology 5 Switching Technology 5 Front Panel Components and LED Indicators 6 Installation 7 Package Contents 7 Before You Connect to ...

Страница 4: ...nfiguring the Switch 24 Switch Information 25 Switch IP Settings 26 Setting the Switch s IP Address using the Console Interface 27 Advanced Settings 28 Port Configuration 30 Port Mirroring Configuration 32 Link Aggregation 33 Understanding Port Trunk Groups 33 LACP Port Settings 36 IGMP Snooping 37 Static Router Port Settings 39 Spanning Tree 40 802 1s MSTP 40 802 1w Rapid Spanning Tree 40 Port Tr...

Страница 5: ...curity 68 Port Lock Entries 69 QoS 70 The Advantages of QoS 70 Understanding QoS 71 Bandwidth Control 72 QoS Scheduling Mechanism 73 QoS Output Scheduling 74 Configuring the Combination Queue 75 802 1p Default Priority 76 802 1p User Priority 76 Traffic Segmentation 77 System Log Server 79 System Severity Log 81 SNTP Settings 82 Time Settings 82 Time Zone and DST 83 Access Profile Table 85 Configu...

Страница 6: ...123 Layer 3 IP Networking 124 Layer 3 Global Advanced Settings 124 IP Multinetting 125 IP Interface Setup 125 MD5 Key Configuration 128 Route Redistribution Settings 129 Static Default Route Settings 130 Static ARP Table 132 RIP 133 RIP Global Configuration 134 RIP Settings 135 OSPF 136 OSPF General Settings 153 OSPF Area ID Settings 153 OSPF Interface Settings 154 OSPF Virtual Interface Settings ...

Страница 7: ... BOOTP Relay Information 177 DHCP BOOTP Relay Settings 178 DHCP Relay Option 82 Settings 178 VRRP 180 VRRP Global Settings 180 VRRP Virtual Router Settings 181 VRRP Authentication Settings 184 Security Management 185 Security IP 185 User Account Management 185 Admin and User Privileges 186 Secure Shell SSH 187 SSH Configuration 187 SSH Algorithm 188 SSH User Authentication Mode 190 Access Authenti...

Страница 8: ...Device Status 229 MAC Address 230 Switch History Log 231 IGMP Snooping Group 232 IGMP Snooping Forwarding 233 Browse Router Port 234 Port Access Control 235 Authenticator State 235 Authenticator Diagnostics 237 Authenticator Session Statistics 239 Authenticator Statistics 241 RADIUS Account Client 243 RADIUS Auth Client 245 Layer 3 Feature 247 Browse IP Address Table 247 Browse Routing Table 248 B...

Страница 9: ...260 Reboot Device 260 Logout 261 D Link Single IP Management 262 Single IP Management SIM Overview 262 SIM Using the Web Interface 263 Topology 265 Tool Tips 267 Right Click 267 Group Icon 268 Commander Switch Icon 268 Member Switch Icon 269 Candidate Switch Icon 270 Menu Bar 271 Group 271 Device 271 View 271 Firmware Upgrade 273 Configuration File Backup Restore 273 Appendix A 274 Appendix B 276 ...

Страница 10: ... Chassis Ethernet Switch User Manual Firmware Downgrade Procedure 287 Appendix C 293 Cables and Connectors 293 Appendix D 294 Cable Lengths 294 Glossary 295 Warranties and Registration 297 Tech Support 308 International Offices 336 x ...

Страница 11: ...he Access Profile Table port mirroring and configuring the Spanning Tree Section 7 Management A discussion of the security features of the Switch including Security IP User Accounts and Access Authentication Control Section 8 SNMP Manager A detailed discussion regarding the Simple Network Monitoring Protocol including description of features and a brief introduction to SNMP Section 9 Monitoring Fe...

Страница 12: ...nd commands For example use the copy command Boldface Typewriter Font Indicates commands and responses to prompts that must be typed exactly as printed in the manual Initial capital letter Indicates a window name Names of keys on the keyboard have initial capitals For example Click Enter Italics Indicates a window name or a field Also can indicate a variables or parameter that is replaced with an ...

Страница 13: ...nings of your system Doing so can cause fire or electric shock by shorting out interior components Use the product only with approved equipment Allow the product to cool before removing covers or touching internal components Operate the product only from the type of external power source indicated on the electrical ratings label If you are not sure of the type of power source required consult your...

Страница 14: ...cific caution statements and procedures Systems are considered to be components in a rack Thus component refers to any system as well as to various peripherals or supporting hardware CAUTION Installing systems in a rack without the front and side stabilizers installed could cause the rack to tip over potentially resulting in bodily injury under certain circumstances Therefore always install the st...

Страница 15: ...round cable is omitted or disconnected Protecting Against Electrostatic Discharge Static electricity can harm delicate components inside your system To prevent static damage discharge static electricity from your body before you touch any of the electronic components such as the microprocessor You can do so by periodically touching an unpainted metal surface on the chassis You can also take the fo...

Страница 16: ... for the DES 6502 CPU management module and up to eight modules that can provide up to one hundred and ninety two 10 100 Mbps Fast Ethernet ports or up to ninety six 1000 Mbps Gigabit Ethernet ports These modules can be hot swapped and the DES 6500 chassis allows the installation of a redundant power supply for maximum flexibility and reliability The DES 6511 redundant power supplies operate in a ...

Страница 17: ...earning and address recognition mechanism enables forwarding rate at wire speed Support port based enable and disable Address table Supports up to 16K MAC addresses per device Supports Port based VLAN Groups Port Trunking with flexible load distribution and fail over function IGMP Snooping support Layer 3 support including DVMRP OSPF and RIP SNMP support Secure Sockets Layer SSL and Secure Shell S...

Страница 18: ...0BASE FX SFF Fast Ethernet Switch module DES 6505 8 port 1000BASE SX SC Gigabit Ethernet Switch module DES 6506 Patch Panel DES 6507 12 port 10BASE T 100BASE TX 1000BASE T Switch module Twelve 100BASE FX SFF Fast Ethernet ports Fully compliant with IEEE802 3u 100BASE FX IEEE 802 3x compliant Flow Control support for Full duplex Eight 1000BASE SX SC Gigabit Ethernet ports Fully compliant with IEEE8...

Страница 19: ...E802 3z Support Full Duplex operations IEEE 802 3x compliant Flow Control support for full duplex Two RJ21 each support 12 port 10BASE T 100BASE TX ports Fully compliant with IEEE802 3 10BASE T IEEE802 3u 100BASE TX All of 10 100Mbps ports support auto negotiation Back pressure Flow Control support for Half duplex mode IEEE 802 3x compliant Flow Control support for Full duplex Dual power modules d...

Страница 20: ... bandwidth delivered by Gigabit Ethernet is the most cost effective method to take advantage of today s and tomorrow s rapidly improving switching and routing internetworking technologies Switching Technology Another key development pushing the limits of Ethernet technology is in the field of switching technology A switch bridges Ethernet packets at the MAC address level of the Ethernet protocol t...

Страница 21: ... to indicate the normal operation of the Switch s power supplies An amber LED will appear to indicate abnormal operation of one or more of the Switch s power supplies The indicator is dark when the Switch is powered off System This LED will light solid green to indicate normal operation An amber LED will appear if the Switch begins acting abnormally Usually indicating a fatal error Reset Press the...

Страница 22: ... may greatly affect its performance Please follow these guidelines for setting up the Switch Install the Switch on a sturdy level surface that can support the weight of the switch Do not place heavy objects on the Switch The power outlet should be within 1 82 meters 6 feet of the Switch Visually inspect the power cord and see that it is fully secured to the AC power port Make sure that there is pr...

Страница 23: ...tilation space between the Switch and any other objects in the vicinity xStack Figure 2 1 Prepare Switch for installation on a desktop or shelf Installing the Switch in a Rack The Switch can be mounted in a standard 19 rack Use the following diagrams to guide you xStack Figure 2 2 Fasten mounting brackets to Switch Fasten the mounting brackets to the Switch using the screws provided With the brack...

Страница 24: ...cal power source outlet After the Switch is powered on the LED indicators will momentarily blink This blinking of the LED indicators represents a reset of the system Power Failure As a precaution in the event of a power failure unplug the Switch When power is resumed plug the Switch back in External Redundant Power System The Switch supports dual current sharing redundant power supplies located at...

Страница 25: ...s Switch to End Node End nodes include PCs outfitted with a 10 100 or 1000 Mbps RJ 45 Ethernet Network Interface Card NIC and most routers An end node can be connected to the Switch via a twisted pair UTP STP cable The end node should be connected to any of the 1000BASE T ports of the Switch Figure 3 1 Switch connected to an end node The Link Act LEDs for each UTP port will light green or amber wh...

Страница 26: ...ch via a twisted pair Category 3 4 or 5 UTP STP cable A 100BASE TX hub or switch can be connected to the Switch via a twisted pair Category 5 UTP STP cable A 1000BASE T switch can be connected to the Switch via a twisted pair Category 5e UTP STP cable A switch supporting a fiber optic uplink can be connected to the Switch s SFP ports via fiber optic cabling Figure 3 2 Switch connected to switch us...

Страница 27: ...d nodes including PCs printers hubs routers or other switches The topology configurations are endless but be sure that connections coming from the xStack DES 6500 chassis switch are at a equal or slower speed than the ISP uplink to avoid bottlenecking The copper ports operate at a speed of 1000 100 or 10Mbps in full or half duplex mode The fiber optic ports can operate at 1000Mbps in full duplex m...

Страница 28: ...gram The Switch supports SNMP version 1 0 version 2 0c and version 3 0 The SNMP agent decodes the incoming SNMP messages and responds to requests with MIB objects stored in the database The SNMP agent updates the MIB objects to generate statistics and counters Command Line Console Interface through the Serial Port Users can also connect a computer or terminal to the serial console port to access t...

Страница 29: ...ords must first be created by the administrator If user accounts have been previously configured log in and continue to configure the Switch 12 Enter the commands to complete desired tasks Many commands require administrator level access privileges Read the next section for more information on setting up user accounts See the xStack DES 6500 Modular Layer 3 Chassis Ethernet Switch CLI on the docum...

Страница 30: ...refore S is not the same as s Upon first connection to the Switch the user will be presented with the first login screen shown below NOTE Press Ctrl R to refresh the screen This command can be used at any time to force the console program in the Switch to refresh the console screen Figure 4 2 Initial screen first time connecting to the Switch Press Enter in both the Username and Password fields Yo...

Страница 31: ... Layer 3 Chassis Ethernet Switch User Manual Figure 4 3 Command Prompt NOTE The first user automatically gets Administrator level privileges It is recommended to create at least one Admin level user account for the Switch 16 ...

Страница 32: ...sword used for the administrator account being created and press the Enter key Users will then be prompted to enter the same password again to verify it Type the same password and press the Enter key Successful creation of the new administrator account will be verified by a Success message NOTE Passwords are case sensitive User names and passwords can be up to 15 characters in length The sample be...

Страница 33: ...tion process that is separated into two parts The first part is to maintain a list of users and their attributes that are allowed to act as SNMP managers The second part describes what each user on that list can do as an SNMP manager The Switch allows groups of users to be listed and configured with a shared set of privileges The SNMP version may also be set for a listed group of SNMP managers Thu...

Страница 34: ...witch must be set before it can be managed with the Web based manager The Switch IP address can be automatically set using BOOTP or DHCP protocols in which case the actual address assigned to the Switch must be known The IP address may be set using the Command Line Interface CLI over the console serial port as follows Starting at the command line prompt enter the commands config ipif System ipaddr...

Страница 35: ...d the CLI or via the Web based management Connecting Devices to the Switch After you assign IP addresses to the Switch you can connect devices to the Switch To connect a device to an SFP transceiver port Use your cabling requirements to select an appropriate SFP transceiver type Insert the SFP transceiver sold separately into the SFP transceiver slot Use the appropriate network cabling to connect ...

Страница 36: ... access tool and can communicate directly with the Switch using the HTTP protocol The Web based management module and the Console program and Telnet are different ways to access the same internal switching software and configure it Thus all settings encountered in web based management are the same as those found in the console program Logging on to the Web Manager To begin managing your Switch sim...

Страница 37: ...3 Area 1 Figure 5 3 Main Web Manager Screen Area Function Area 1 Select the menu or window to be displayed The folder icons can be opened to display the hyper linked menu buttons and subfolders contained within them Click the D Link logo to go to the D Link website Area 2 Presents a graphical near real time image of the front panel of the Switch This area displays the Switch s ports and expansion ...

Страница 38: ...r Security IP User Accounts Access Authentication Control TACACS Secure Sockets Layer SSL and Secure Shell SSH SNMP Manager Contains screens and windows concerning the implementation and upkeep of the SNMP Manager of the Switch Monitoring Contains screens concerning monitoring the Switch pertaining to Port Utilization CPU Utilization Packets Errors Size MAC Address IGMP Snooping Group IGMP Snoopin...

Страница 39: ...ree Forward Filtering VLAN Traffic Control Port Security Port Lock Entries QoS System Log Server System Severity Log SNTP Settings Access Profile Table CPU Interface Filtering Safeguard Engine Port Access Entity Layer 3 IP Networking L3 Global Advanced Settings IP Interface Table MD5 Key Configuration Route Redistribution Settings Static Default Route Static ARP Settings RIP OSPF IP Multicast Rout...

Страница 40: ... s MAC Address assigned by the factory and unchangeable the Boot PROM Firmware Version and Hardware Version This information is helpful to keep track of PROM and firmware updates and to obtain the Switch s MAC address for entry into another network device s address table if necessary The user may also enter a System Name System Location and System Contact to aid in defining the Switch to the user ...

Страница 41: ...ault VLAN Name The default VLAN contains all of the Switch ports as members If VLANs have been previously configured on the Switch enter the VLAN ID of the VLAN that contains the port connected to the management station that will access the Switch The Switch will allow management access from stations with the same VID listed here NOTE The Switch s factory default IP address is 10 90 90 90 with a s...

Страница 42: ...t station that can connect to the Switch can access the Switch until a management VLAN is specified or Management Station IP Addresses are assigned Click Apply to implement changes made Setting the Switch s IP Address using the Console Interface Each Switch must be assigned its own IP Address which is used for communication with an SNMP network manager or other TCP IP application for example BOOTP...

Страница 43: ...annot be changed MAC Address Aging Time 10 1000000 This field specifies the length of time a learned MAC Address will remain in the forwarding table without being accessed that is how long a learned MAC Address is allowed to remain idle The default age out time for the Switch is 300 seconds To change this type in a different value representing the MAC address age out time in seconds The MAC Addres...

Страница 44: ...ch 802 1x The Switch s 802 1x function may be enabled by port or by MAC Address the default is Disabled This field must be enabled to view and configure certain windows for 802 1x More information regarding 802 1x its functions and implementation can be found later in this section under the Port Access Entity folder Port Based 802 1x specifies that ports configured for 802 1x are initialized based...

Страница 45: ...M Full 1000M Full_M 1000M Full_S and 1000 Full_N There is no automatic adjustment of port settings with any option other than Auto The Switch allows the user to configure two types of gigabit connections 1000M Full_M and 1000M Full_S Gigabit connections are only supported in full duplex connections and take on certain characteristics that are different from the other choices listed The 1000M Full_...

Страница 46: ...ing for the selected ports When Enabled destination and source MAC addresses are automatically listed in the forwarding table When learning is Dis abled MAC addresses must be manually entered into the forwarding table This is sometimes done for reasons of security or efficiency See the section on Forwarding Filtering for information on entering MAC addresses into the forwarding table The default s...

Страница 47: ...dow To configure a mirror port Select the Source Port from where to copy frames and the Target Port which receives the copies from the source port Select the Source Direction Ingress Egress or Both and change the Status drop down menu to Enabled Click Apply to let the changes take effect NOTE Users cannot mirror a fast port onto a slower port For example attempting to mirror the traffic from a 100...

Страница 48: ...Groups Port trunk groups are used to combine a number of ports together to make a single high bandwidth data pipeline The xStack DES 6500 chassis switch supports up to 32 port trunk groups with 2 to 8 ports in each group A potential bit rate of 8000 Mbps can be achieved Figure 6 6 Example of Port Trunk Group 33 ...

Страница 49: ...lex The Master Port of the group is to be configured by the user and all configuration options including the VLAN configuration that can be applied to the Master Port are applied to the entire link aggregation group Load balancing is automatically applied to the ports in the aggregated group and a link failure within the group causes the network traffic to be directed to the remaining links in the...

Страница 50: ... down menu allows you to select between Static and LACP Link Aggregation Control Protocol LACP allows for the automatic detection of links in a Port Trunking Group State Trunk groups can be toggled between Enabled and Disabled This is used to turn a port trunking group on or off This is useful for diagnostics to quickly isolate a bandwidth intensive network device or to have an absolute backup agg...

Страница 51: ...and LACP Port Information window The user may set the following parameters Parameter Description Unit Choose the switch in the chassis to be configured by using the pull down menu From To A consecutive group of ports may be configured starting with the selected port Mode Active Active LACP ports are capable of processing and sending LACP control frames This allows LACP compliant devices to negotia...

Страница 52: ...ased on IGMP messages sent from the device to the IGMP host or vice versa The Switch monitors IGMP messages and discontinues forwarding multicast packets when there are no longer hosts requesting that they continue Use the IGMP Snooping Group Entry Table to view IGMP Snooping status To modify settings click the Modify button for the VLAN Name entry you want to change Use the IGMP Snooping Settings...

Страница 53: ...t to continue membership in a multicast group without the Switch receiving a host membership report Default 260 Router Timeout This is the maximum amount of time in seconds a route is kept in the forwarding table without receiving a membership report Default 260 Leave Timer This specifies the maximum amount of time in seconds between the Switch receiving a leave group message from a host and the S...

Страница 54: ...detected flowing into a port Open the IGMP Snooping folder and the click on the Static Router Ports Settings link to open the Static Router Ports Entries page as shown below Figure 6 13 Static Router Ports Settings window The Static Router Ports Settings page shown above displays all of the current entries to the Switch s static router port table To modify an entry click the Modify button This wil...

Страница 55: ...h utilizing the MSTP on a network will have a single MSTP configuration that will have the following three attributes 1 A configuration name defined by an alphanumeric string of up to 32 characters defined in the STP Bridge Global Settings window in the Configuration Name field 2 A configuration revision number named here as a Revision Level and found in the STP Bridge Global Settings window and 3...

Страница 56: ...s RSTP is capable of a more rapid transition to a forwarding state it no longer relies on timer configurations RSTP compliant bridges are sensitive to feedback from other RSTP compliant bridge links Ports do not need to wait for the topology to stabilize before transitioning to a forwarding state In order to allow this rapid transition the protocol introduces two new variables the edge port and th...

Страница 57: ...t as a Designated Port in the Discarding State If another returning BPDU packet is received the port will remain in a blocked state the timer will reset to the specified value restart and the process will begin again For those who choose not to employ this function the Loopback Recovery time must be set to zero In this case when a BPDU packet is returned to the Switch the port will be placed in a ...

Страница 58: ...red version of STP to be implemented on the Switch There are three choices STP Select this parameter to set the Spanning Tree Protocol STP globally on the switch RSTP Select this parameter to set the Rapid Spanning Tree Protocol RSTP globally on the Switch MSTP Select this parameter to set the Multiple Spanning Tree Protocol MSTP globally on the Switch Hello Time The Hello Time can be set from 1 t...

Страница 59: ...d the information held for the port will age out The user may set a hop count from 1 to 20 The default is 20 TX Hold Count Used to set the maximum number of Hello packets transmitted per interval The count can be specified from 1 to 10 The default is 3 Forwarding BPDU This field can be Enabled or Disabled When Enabled it allows the forwarding of STP BPDU packets from other network devices The defa...

Страница 60: ...name set on the Switch to uniquely identify the MSTI Multiple Spanning Tree Instance If a configuration name is not set this field will show the MAC address to the device running MSTP Revision Level This value along with the Configuration Name will identify the MSTP region configured on the Switch MSTI ID This field shows the MSTI IDs currently set on the Switch This field will always have the CIS...

Страница 61: ...e following parameters to configure the CIST on the Switch Parameter Description MSTI ID The MSTI ID of the CIST is 0 and cannot be altered Type This field allows the user to choose a desired method for altering the MSTI settings The user has 2 choices Add VID Select this parameter to add VIDs to the MSTI ID in conjunction with the VID List parameter Remove VID Select this parameter to remove VIDs...

Страница 62: ... add VIDs to the MSTI ID in conjunction with the VID List parameter Remove VID Select this parameter to remove VIDs from the MSTI ID in conjunction with the VID List parameter VID List 1 4094 This field is used to specify the VID range from configured VLANs set on the Switch that the user wishes to add to this MSTI ID Supported VIDs on the Switch range from ID number 1 to 4094 This parameter can o...

Страница 63: ...lar MSTI Instance click on its hyperlinked MSTI ID which will reveal the following window Figure 6 22 MSTI Settings window Parameter Description Instance ID Displays the MSTI ID of the instance being configured An entry of 0 in this field represents the CIST default MSTI Internal cost This parameter is set to represent the relative cost of forwarding packets to specified ports when an interface is...

Страница 64: ...he lowest priority will be the root bridge Priority Click the Modify button to change the priority of the MSTI This will open the Instance ID Settings window to configure The Type field in this window will be permanently set to Set Priority Only Enter the new priority in the Priority field and click Apply to implement the new priority setting Click Apply to implement changes made Clicking the hype...

Страница 65: ...he interface value 1 2000000 Selecting this parameter with a value in the range of 1 2000000 will set the quickest route when a loop occurs A lower Internal cost represents a quicker transmission Designated Bridge This field will show the priority and MAC address of the Designated Bridge The information shown in this table comes from a BPDU packet originating from this bridge Root Port This is the...

Страница 66: ... level STP will block redundant links within an STP Group It is advisable to define an STP Group to correspond to a VLAN group of ports The following fields can be set Parameter Description Unit Choose the Switch ID number of the Switch in the switch stack to be modified From To A consecutive group of ports may be configured starting with the selected port External Cost External Cost This defines ...

Страница 67: ...ould not receive BPDU packets If a BPDU packet is received it automatically loses edge port status Choosing the false parameter indicates that the port does not have edge port status P2P Choosing the True parameter indicates a point to point P2P shared link P2P ports are similar to edge ports however they are restricted in that a P2P port must operate in full duplex Like edge ports P2P ports trans...

Страница 68: ... be modified Port Allows the selection of the port number on which the MAC address entered above resides Click Apply to implement the changes made Current entries can be found in the Static Unicast Forwarding Table as shown in the bottom half of the figure above To delete an entry in the Static Unicast Forwarding Table click the corresponding under the Delete heading Static Multicast Forwarding Th...

Страница 69: ...This must be a multicast MAC address Port Allows the selection of ports that will be members of the static multicast group The options are None No restrictions on the port dynamically joining the multicast group When None is chosen the port will not be a member of the Static Multicast Group Egress The port is a static member of the multicast group Click Apply to implement the changes made To delet...

Страница 70: ...yed on the Switch to determine the rate at which the queues are emptied of packets The ratio used for clearing the queues is 4 1 This means that the highest priority queue Queue 1 will clear 4 packets for every 1 packet cleared from Queue 0 Remember the priority queue settings on the Switch are for all ports and all devices connected to the Switch will be affected This priority queuing system will...

Страница 71: ...also provide a level of security to your network IEEE 802 1Q VLANs will only deliver packets between stations that are members of the VLAN Any port can be configured as either tagging or untagging The untagging feature of IEEE 802 1Q VLANs allows VLANs to work with legacy switches that don t recognize VLAN tags in packet headers The tagging feature allows VLANs to span multiple 802 1Q compliant sw...

Страница 72: ...ets so they can be carried across Ethernet backbones and 12 bits of VLAN ID VID The 3 bits of user priority are used by 802 1p The VID is the VLAN identifier and is used by the 802 1Q standard Because the VID is 12 bits long 4094 unique VLANs can be identified The tag is inserted into the packet header making the entire packet longer by four octets All of the information originally contained in th...

Страница 73: ... Because some devices on a network may be tag unaware a decision must be made at each port on a tag aware device before packets are transmitted should the packet to be transmitted have a tag or not If the transmitting port is connected to a tag unaware device the packet should be untagged If the transmitting port is connected to a tag aware device the packet should be tagged Tagging and Untagging ...

Страница 74: ...s to whether there is a single computer directly connected to a switch or an entire department On port based VLANs NICs do not need to be able to identify 802 1Q tags in packet headers NICs send and receive normal Ethernet packets If the packet s destination lies on the same segment communications take place using normal Ethernet protocols Even though this is always the case when the destination f...

Страница 75: ...s within the protocol assigned VLAN This feature will benefit the administrator by better balancing load sharing and enhancing traffic classification The Switch supports fourteen 14 pre defined protocols for configuration The user may also choose a protocol that is not one of the fourteen defined protocols by properly configuring the userDefined protocol VLAN The supported protocols for the protoc...

Страница 76: ...w to configure the port settings and to assign a unique name and number to the new VLAN See the table below for a description of the parameters in the new menu Figure 6 34 802 1Q Static VLANs Add To return to the Current 802 1Q Static VLANs Entries window click the Show All Static VLAN Entries link To change an existing 802 1Q VLAN entry click the hyperlinked VLAN ID button of the corresponding en...

Страница 77: ...sing this parameter will instruct the Switch to forward packets to this VLAN if the tag in the packet header is concurrent with this protocol This packet header information is defined by Novell NetWare 802 2 IPX Internet Packet Exchange ipxSnap Using this parameter will instruct the Switch to forward packets to this VLAN if the tag in the packet header is concurrent with this protocol This packet ...

Страница 78: ...format to define the packet ID hex 0x0 0xffff This field is only operable if userDefined is selected in the Protocol ID field encap ethernet llc snap all Specifies that the Switch will examine the octet of the packet header referring to one of the protocols listed Ethernet LLC or SNAP looking for a match of the hexadecimal value previously entered all will instruct the Switch to examine the total ...

Страница 79: ...ops the packet Disabled disables ingress filtering Ingress Checking is Enabled by default Acceptable Frame Type This field denotes the type of frame that will be accepted by the port The user may choose between Tagged Only which means only VLAN tagged frames will be accepted and Admit_All which means both tagged and untagged frames will be accepted Admit_All is enabled by default PVID Within the G...

Страница 80: ...tch s chip counter This method is only viable for Broadcast and Multicast storms because the chip only has counters for these two types of packets Once a storm has been detected that is once the packet threshold set below has been exceeded the Switch will shutdown the port to all incoming traffic with the exception of STP BPDU packets for a time period specified using the CountDown field If this f...

Страница 81: ...ic Control mechanism which means the Switch s hardware will determine the Packet Storm based on the Threshold value stated and drop packets until the issue is resovled Shutdown Utilizes the Switch s software Traffic Control mechanism to determine the Packet Storm occurring Once detected the port will deny all incoming traffic to the port except STP BPDU packets which are essential in keeping the S...

Страница 82: ...et between 5 and 10 seconds with the default setting of 5 seconds Click Apply to implement the settings of each field NOTE Traffic Control cannot be implemented on ports that are set for Link Aggregation Port Trunking NOTE Ports that are in the Shutdown forever mode will be seen as Discarding in Spanning Tree windows and implementations though these ports will still be forwarding BPDUs to the Swit...

Страница 83: ...ndow The following parameters can be set Parameter Description Unit Choose the Switch ID number of the line card in the chassis to be modified From To A consecutive group of ports may be configured starting with the selected port Admin State This pull down menu allows you to enable or disable Port Security locked MAC address table for the selected ports Max Addr 0 64 The number of MAC addresses th...

Страница 84: ... be deleted Click the Next button to view the next page of entries listed in this table This window displays the following information Parameter Description VID The VLAN ID of the entry in the forwarding database table that has been permanently learned by the Switch VLAN NAME The VLAN Name of the entry in the forwarding database table that has been permanently learned by the Switch MAC Address The...

Страница 85: ...e of the Default QoS Mapping on the Switch The picture above shows the default priority setting for the Switch Class 6 has the highest priority of the seven priority classes of service on the Switch In order to implement QoS the user is required to instruct the Switch to examine the header of a packet to see if it has the proper identifying tag Then the user may forward these tagged packets to des...

Страница 86: ...ets sent from each priority queue depends upon the assigned weight For a configuration of 8 CoS queues A H with their respective weight value 8 1 the packets are sent in the following sequence A1 B1 C1 D1 E1 F1 G1 H1 A2 B2 C2 D2 E2 F2 G2 A3 B3 C3 D3 E3 F3 A4 B4 C4 D4 E4 A5 B5 C5 D5 A6 B6 C6 A7 B7 A8 A1 B1 C1 D1 E1 F1 G1 H1 For weighted round robin queuing if each CoS queue has the same weight valu...

Страница 87: ...tive group of ports may be configured starting with the selected port Type This drop down menu allows a selection between RX receive TX transmit and Both This setting will determine whether the bandwidth ceiling is applied to receiving transmitting or both receiving and transmitting packets No Limit This drop down menu allows users to specify that the selected port will have no bandwidth limit Ena...

Страница 88: ...ew the screen shown below Figure 6 42 QoS Scheduling Mechanism and QoS Scheduling Mechanism Table window The Scheduling Mechanism has the following parameters Parameter Description Strict The highest class of service is the first to process traffic That is the highest class of service will finish before other queues empty Weight fair Use the weighted round robin WRR algorithm to handle packets in ...

Страница 89: ...ettings are not suitable In the Configuration folder open the QoS folder and click QoS Output Scheduling to view the screen shown below Figure 6 43 QoS Output Scheduling Configuration window The following values may be assigned to the QoS classes to set the scheduling Parameter Description Max Packets Specifies the maximum number of packets the above specified hardware priority class of service wi...

Страница 90: ...in its Max Packet field this class of service will automatically begin forwarding packets until it is empty Once a priority class of service with a 0 in its Max Packet field is empty the remaining priority classes of service will reset the weighted round robin WRR cycle of forwarding packets starting with the highest available priority class of service Priority classes of service with an equal lev...

Страница 91: ...lement a new default priority choose the Switch of the Switch stack to be configured by using the Unit pull down menu choose a port range by using the From and To pull down menus and then insert a priority value from 0 7 in the Priority field Click Apply to implement new settings 802 1p User Priority The xStack DES 6500 chassis switch allows the assignment of a class of service to each of the 802 ...

Страница 92: ...ich port on a given line card in the switch chassis will be allowed to forward packets to other ports on another line card within the chassis Configuring traffic segmentation on the xStack DES 6500 chassis switch is accomplished in two parts First specify a line card from the chassis by using the Unit pull down menu and then a port on that line card using the Port pull down menu Then specify a sec...

Страница 93: ...ard Port click boxes allow users to select which of the ports on the selected line card will be able to forward packets These ports will be allowed to receive packets from the port specified above Click Apply to enter the settings into the Switch s Traffic Segmentation table Clicking the Apply button will enter the combination of transmitting port and allowed receiving ports into the Switch s Traf...

Страница 94: ...erver Edit The following parameters can be set Parameter Description Index Syslog server settings index 1 4 Server IP The IP address of the Syslog server Severity This drop down menu allows you to select the level of messages that will be sent The options are Warning Informational and All Facility Some of the operating system daemons and processes have been assigned Facility values Processes and d...

Страница 95: ...5 22 local use 6 local6 20 local use 4 local4 23 local use 7 local7 UDP Port 514 or 6000 65535 Status Choose Enabled or Disabled to activate or deactivate Enter the UDP port number used for sending Syslog messages The default is 514 To set the System Log Server configuration click Apply To delete an entry from the Current System Log Server window click the corresponding under the Delete heading of...

Страница 96: ...ity Log in the main menu Figure 6 51 System Severity Log Configurations window The user may set the following parameters to configure the System Severity Configurations will be displayed in the System Severity Table Click Apply to implement changes made Parameter Description System Severity Log Choose one of the following to identify what type of severity warnings are to be sent to the switch log ...

Страница 97: ...plays the source of the time settings viewed here SNTP Settings SNTP State Use this pull down menu to Enable or Disable SNTP SNTP Primary Server The IP address of the primary server from which the SNTP information will be taken SNTP Secondary Server The IP address of the secondary server from which the SNTP information will be taken SNTP Poll Interval in Seconds The interval in seconds between req...

Страница 98: ...ht Saving Time Offset in Minutes Use this pull down menu to specify the amount of time that will constitute your local DST offset 30 60 90 or 120 minutes Time Zone Offset from GMT in HH MM Use these pull down menus to specify your local time zone s offset from Greenwich Mean Time GMT DST Repeating Settings Using repeating mode will enable DST seasonal time adjustment Repeating mode requires that t...

Страница 99: ...able DST seasonal time adjustment Annual mode requires that the DST beginning and ending date be specified concisely For example specify to begin DST on April 3 and end DST on October 14 From Month Enter the month DST will start on each year From Day Enter the day of the month DST will start on each year From Time in HH MM Enter the time of day DST will start on each year To Month Enter the month ...

Страница 100: ...m DES 6506 DES 6510 3 Groups ports 1 8 9 16 and 17 24 240 Rules Maximum per group 720 Total Rules 5670 Rules Maximum DES 6505 8 Ports 100 Rules Maximum Per Port 800 Total Rules 6400 Rules Maximum DES 6507 12 Ports 100 Rules Maximum Per Port 1200 Total Rules 9600 Rules Maximum DES 6509 12 Ports 100 Rules Maximum Per Port 1200 Total Rules 9600 Rules Maximum DES 6512 2 Ports 100 Rules Maximum Per Por...

Страница 101: ...click the Add button This will open the Access Profile Configuration page as shown below There are four Access Profile Configuration pages one for Ethernet or MAC address based profile configuration one for IP address based profile configuration one for the Packet Content Mask and one for IPv6 You can switch between the three Access Profile Configuration pages by using the Type drop down menu The ...

Страница 102: ...n instructs the Switch to examine the 802 1p priority value of each packet header and use this as the criterion or part of the criterion for forwarding Ethernet type Selecting this option instructs the Switch to examine the Ethernet type value in each frame s header The page shown below is the IP Access Profile Configuration page Figure 6 56 Access Profile Configuration IP The following parameters...

Страница 103: ...rther specify that the access profile will apply an IGMP type value Select TCP to use the TCP port number contained in an incoming packet as the forwarding criterion Selecting TCP requires specification of a source port mask and or a destination port mask The user may also identify which flag bits to filter Flag bits are parts of a packet that determine what to do with the packet The user may filt...

Страница 104: ...t header Select IP to instruct the Switch to examine the IP address in each frame s header Select Packet Content Mask to specify a mask to hide the content of the packet header Select IPv6 to instruct the Switch to examine the IPv6 part of each packet header Offset This field will instruct the Switch to mask the packet header beginning with the offset value specified value 0 15 Enter a value in he...

Страница 105: ...his field will instruct the Switch to examine the class field of the IPv6 header This class field is a part of the packet header that is similar to the Type of Service ToS or Precedence bits field in IPv4 Flowlabel Checking this field will instruct the Switch to examine the flow label field of the IPv6 header This flow label field is used by a source to label sequences of packets such as non defau...

Страница 106: ...ss profile are not forwarded by the Switch and will be filtered Access ID Type in a unique identifier number for this access This value can be set from 1 65535 Type Selected profile based on Ethernet MAC Address IP address Packet Content Mask or IPv6 Ethernet instructs the Switch to examine the layer 2 part of each packet header IP instructs the Switch to examine the IP address in each frame s hea...

Страница 107: ... 802 1Q Ethernet type value hex 0x0 0xffff in the packet header The Ethernet type value may be set in the form hex 0x0 0xffff which means the user may choose any combination of letters and numbers ranging from a f and from 0 9999 Port The Access Rule may be configured on a per port basis by entering the port number of the line card in the chassis into this field The port list is specified by listi...

Страница 108: ...hat match the access profile are not forwarded by the Switch and will be filtered Access ID Type in a unique identifier number for this access This value can be set from 1 65535 Type Selected profile based on Ethernet MAC Address IP address Packet Content Mask or IPv6 Ethernet instructs the Switch to examine the layer 2 part of each packet header IP instructs the Switch to examine the IP address i...

Страница 109: ...erv Code part of each packet header and use this as the criterion or part of the criterion for forwarding The user may choose a value between 0 and 63 Protocol This field allows the user to modify the protocol used to configure the Access Rule Table depending on which protocol the user has chosen in the Access Profile Table Port The Access Rule may be configured on a per port basis by entering the...

Страница 110: ...kets that match the access profile are forwarded by the Switch according to any additional rule added see below Select Deny to specify that packets that match the access profile are not forwarded by the Switch and will be filtered Access ID Type in a unique identifier number for this access This value can be set from 1 65535 Type Selected profile based on Ethernet MAC Address IP address Packet Con...

Страница 111: ...ng with the offset value specified value 0 15 Enter a value in hex form to mask the packet from the beginning of the packet to the 15th byte value 16 31 Enter a value in hex form to mask the packet from byte 16 to byte 31 value 32 47 Enter a value in hex form to mask the packet from byte 32 to byte 47 value 48 63 Enter a value in hex form to mask the packet from byte 48 to byte 63 value 64 79 Ente...

Страница 112: ...ct Permit to specify that the packets that match the access profile are forwarded by the Switch according to any additional rule added see below Select Deny to specify that packets that match the access profile are not forwarded by the Switch and will be filtered Access ID Type in a unique identifier number for this access rule This value can be set from 1 65535 Type Selected profile based on Ethe...

Страница 113: ...he Type of Service ToS or Precedence bits field of IPv4 Flowlabel Configuring this field in hex form will instruct the Switch to examine the flow label field of the IPv6 header This flow label field is used by a source to label sequences of packets such as non default quality of service or real time service packets Source IPv6 Address The user may specify an IP address mask for the source IPv6 add...

Страница 114: ... upgrades to R3 firmware 3 00 B33 all settings previously configured for any ACL function CPU ACL included on the Switch will be lost We recommend that the user save a configuration file of current settings before upgrading to R3 firmware CPU Interface Filtering State Settings In the following window the user may globally enable or disable the CPU Interface Filtering mechanism by using the pull do...

Страница 115: ...instruct the Switch to examine the IP address in each frame s header Select Packet Content Mask to specify a mask to hide the content of the packet header VLAN Selecting this option instructs the Switch to examine the VLAN identifier of each packet header and use this as the full or partial criterion for forwarding Source MAC Source MAC Mask Enter a MAC address mask for the source MAC address Dest...

Страница 116: ...access profile will apply an ICMP type value or specify Code to further specify that the access profile will apply an ICMP code value Select IGMP to instruct the Switch to examine the Internet Group Management Protocol IGMP field in each frame s header Select Type to further specify that the access profile will apply an IGMP type value Select TCP to use the TCP port number contained in an incoming...

Страница 117: ...for the type of profile Select Ethernet to instruct the Switch to examine the layer 2 part of each packet header Select IP to instruct the Switch to examine the IP address in each frame s header Select Packet Content Mask to specify a mask to hide the content of the packet header Offset This field will instruct the Switch to mask the packet header beginning with the offset value specified value 0 ...

Страница 118: ...icking the corresponding Modify button of the entry to configure Ethernet IP or Packet Content Each entry will open a new and unique window as shown in the examples below Figure 6 77 CPU Interface Filtering Table Ethernet To create a new rule set for an access profile click the Add button A new window is displayed To remove a previously created rule click the corresponding button The following win...

Страница 119: ... mask for the destination MAC address Ethernet Type Specifies that the access profile will apply only to packets with this hexadecimal 802 1Q Ethernet type value hex 0x0 0xffff in the packet header The Ethernet type value may be set in the form hex 0x0 0xffff which means the user may choose any combination of letters and numbers ranging from a f and from 0 9999 Port The Access Rule may be configur...

Страница 120: ...Description Profile ID This is the identifier number for this profile set Mode Select Permit to specify that packets that match the access profile are forwarded by the Switch according to any additional rule added see below Select Deny to specify that packets that match the access profile are not forwarded by the Switch and will be filtered Access ID Type in a unique identifier number for this acc...

Страница 121: ... highest port number of the range also separated by a colon are specified The beginning and end of the port list range are separated by a dash For example 1 3 specifies line card number 1 port 3 2 4 specifies line card number 2 port 4 1 3 2 4 specifies all of the ports between line card 1 port 3 and line card 2 port 4 in numerical order Entering all will denote all ports on the Switch To view the ...

Страница 122: ...t value specified value 0 15 Enter a value in hex form to mask the packet from the beginning of the packet to the 15th byte value 16 31 Enter a value in hex form to mask the packet from byte 16 to byte 31 value 32 47 Enter a value in hex form to mask the packet from byte 32 to byte 47 value 48 63 Enter a value in hex form to mask the packet from byte 48 to byte 63 value 64 79 Enter a value in hex ...

Страница 123: ...xStack DES 6500 Modular Layer 3 Chassis Ethernet Switch User Manual Figure 6 85 CPU Interface Filtering Rule Display Packet Content 108 ...

Страница 124: ...age set aside for ARP packets destined for the Switch 2 It will limit the bandwidth of IP packets received by the Switch The user may implement this in two ways by using the Mode pull down menu in the screen below a When Strict is chosen the Switch will stop receiving all unnecessary broadcast IP packets even if the high CPU utilization is not caused by the high receival rate of broadcast IP packe...

Страница 125: ...ted this function will stop accepting all ARP packets not intended for the Switch and will stop receiving all unnecessary broadcast IP packets until the storm has subsided For line cards DES 6505 DES 6507 DES 6509 and DES 6512 the Safeguard Engine will always be Strict mode regardless of configuration due to a chipset limitation The default setting is Fuzzy mode CPU Utilization Rising Threshold Us...

Страница 126: ...Protocol over LAN EAPOL packets between the Client and the Server The following figure represents a basic EAPOL packet Figure 6 87 The EAPOL Packet Utilizing this method unauthorized devices are restricted from connecting to a LAN through a port to which the user is connected EAPOL packets are the only traffic that can be transmitted through the specific port until authorization is granted The 802...

Страница 127: ...nformation from the Client through EAPOL packets which is the only information allowed to pass through the Authenticator before access is granted to the Client The second purpose of the Authenticator is to verify the information gathered from the Client with the Authentication Server and to then relay that information back to the Client Three steps must be implemented on the Switch to properly con...

Страница 128: ... is allowed to pass through the port The following figure displays a more detailed explanation of how the authentication process is completed between the three roles stated above Figure 6 92 The 802 1x Authentication Process The D Link implementation of 802 1x allows network administrators to choose between two types of Access Control used on the Switch which are 1 Port Based Access Control This m...

Страница 129: ...he Port Based Network Access Control Port Based Network Access Control 802 1X Client 802 1X Client 802 1X Client 802 1X Client 802 1X Client 802 1X Client 802 1X Client 802 1X Client 802 1X Client Network access controlled port Network access uncontrolled port RADIUS Server Ethernet Switch Figure 6 93 Example of Typical Port Based Configuration Once the connected device has successfully been authe...

Страница 130: ...rder to successfully make use of 802 1X in a shared media LAN segment it would be necessary to create logical Ports one for each attached device that required access to the LAN The Switch would regard the single physical Port connecting it to the shared media segment as consisting of a number of distinct logical Ports each logical Port being independently controlled from the point of view of EAPOL...

Страница 131: ...Settings window 802 1X Authenticator Settings To configure the 802 1X authenticator settings click Configuration Port Access Entity 802 1x Authenticator Settings Figure 6 96 Configure 802 1X Authenticator Parameter window To view the 802 1X authenticator settings on a different line card in the chassis use the Unit pull down menu to select that line card by its ID number in the chassis To configur...

Страница 132: ...cation exchange required This means the port transmits and receives normal traffic without 802 1X based authentication of the client If forceUnauthorized is selected the port will remain in the unauthorized state ignoring all attempts by the client to authenticate The Switch cannot provide authentication services to the client through the interface If Auto is selected it will enable 802 1X and cau...

Страница 133: ...ssions The default setting is 2 ReAuthPeriod A constant that defines a nonzero number of seconds between periodic reauthentication of the client The default setting is 3600 seconds ReAuth Determines whether regular reauthentication will take place on this port The default setting is Disabled Click Apply to implement configuration changes To view configurations for the 802 1X Authenticator Settings...

Страница 134: ... by using the Unit pull down menu and then select which ports are to be configured in the From and To fields Next enable the ports by selecting Authenticator from the drop down menu under Capability Click Apply allow changes to take effect Configure the following 802 1x capability settings Parameter Description Unit Choose the Switch ID number of the line card in the switch stack to be modified Fr...

Страница 135: ...following information Parameter Description Unit Choose the Switch ID number of the line card in the chassis to be modified From and To Select ports to be initialized Port A read only field indicating a port on the Switch MAC Address The MAC address of the Switch connected to the corresponding port if any Auth PAE State The Authenticator PAE State will display one of the following Initialize Disco...

Страница 136: ...d checking the corresponding check box To begin the initialization click Apply NOTE The user must first globally enable 802 1X in the 802 1X Auth Mode Settings window before initializing ports Information in the Initialize Ports Table cannot be viewed before enabling 802 1X Reauthenticate Port s for Port Based 802 1x This window allows users to reauthenticate a port or group of ports by choosing a...

Страница 137: ...The user must first globally enable 802 1X in the Advanced Settings window in the Configuration folder before reauthenticating ports Information in the Reauthenticate Ports Table cannot be viewed before enabling 802 1X Reauthenticate Port s for MAC based 802 1x To reauthenticate ports for the MAC side of 802 1x the user must first enable 802 1x by MAC address in the Advanced Settings window Click ...

Страница 138: ... Current RADIUS Server Settings Table window This window displays the following information Parameter Description Succession Choose the desired RADIUS server to configure First Second or Third RADIUS Server Set the RADIUS server IP Authentic Port Set the RADIUS authentic server s UDP port The default port is 1812 Accounting Port Set the RADIUS account server s UDP port The default port is 1813 Key...

Страница 139: ...State The user may globally enable or disable the Distance Vector Multicast Routing Protocol DVMRP function by using the pull down menu PIM State The user may globally enable or disable the Protocol Independent Multicast PIM function by using the pull down menu RIP State The user may globally enable or disable the Routing Information Protocol RIP function by using the pull down menu OSPF State The...

Страница 140: ... A multicast router cannot be connected to IP interfaces that are utilizing the IP Multinetting function NOTE Only the primary IP interface will support the BOOTP relay agent NOTE After IP interfaces are properly configured VLANs associated with these interfaces can be routed without additional configuration IP Multinetting is a valuable tool for network administrators requiring a multitude of IP ...

Страница 141: ...sted in the table above and a subnet mask of 255 224 0 0 can be entered into the Setup IP Interface window To setup IP Interfaces on the Switch Go to the Configuration folder and click on the Layer 3 IP Networking folder and then click on the IP Interfaces Table link to open the following dialog box Figure 6 106 IP Interface Table To setup a new IP interface click the Add button To edit an existin...

Страница 142: ...ary interfaces can only be configured if a primary interface is first configured IP Address This field allows the entry of an IP address to be assigned to this IP interface Subnet Mask This field allows the entry of a subnet mask to be applied to this IP interface VLAN Name This field allows the entry of the VLAN Name for the VLAN the IP interface belongs to State This field may be altered between...

Страница 143: ...re can be used in the OSPF menu below To configure an MD5 Key click the MD5 Key Configuration link to open the following dialog box Figure 6 108 MD5 Key Configuration and Table window The following fields can be set Parameter Description Key ID A number from 1 to 255 used to identify the MD5 Key Key A alphanumeric string of between 1 and 16 case sensitive characters used to generate the Message Di...

Страница 144: ... combination internal type_1 type_2 is functionally equivalent to all Entering the combination type_1 type_2 is functionally equivalent to external Entering the combination internal external is functionally equivalent to all Entering the metric 0 specifies transparency This window will redistribute routing information between the OSPF and RIP routing protocols to all routers on the network that ar...

Страница 145: ...d into the table Gateway The corresponding Gateway of the IP address entered into the table Hops Represents the metric value of the IP interface entered into the table This field may read a number between 1 65535 for an OSPF setting and 1 16 for a RIP setting Protocol Represents the protocol used for the Routing Table entry of the IP interface This field may read OSPF RIP Static or Local Backup St...

Страница 146: ...will be a static entry into the Switch s Routing Table Subnet Mask Allows the entry of a subnet mask corresponding to the IP address above Gateway IP Allows the entry of an IP address of a gateway for the IP address above Metric 1 65535 Allows the entry of a routing protocol metric representing the number of routers between the Switch and the IP address above Backup State The user may choose betwe...

Страница 147: ...the Static ARP Settings link Figure 6 112 Static ARP Settings window To add a new entry click the Add button revealing the following screen to configure Figure 6 113 Static ARP Settings Add window To modify a current entry click the corresponding Modify button of the entry to be modified revealing the following screen to configure Figure 6 114 Static ARP Settings Edit window The following fields c...

Страница 148: ...ementations include an authorization mechanism a password to prevent a router from learning erroneous routes from unauthorized routers To maximize stability the hop count RIP uses to measure distance must have a low maximum value Infinity that is the network is unreachable is defined as 16 hops In other words if a network is more than 16 routers from the source the local router will consider the n...

Страница 149: ... can contain subnetted routes other interfaces cannot The router will then advertise only a single route to the network RIP Version 2 Extensions RIP version 2 includes an explicit subnet mask entry so RIP version 2 can be used to propagate variable length subnet addresses or CIDR classless addresses RIP version 2 also adds an explicit next hop entry which speeds convergence and helps prevent the f...

Страница 150: ...e on which RIP is to be setup This interface must be previously configured on the Switch IP Address The IP address corresponding to the Interface Name showing in the field above TX Mode Toggle among Disabled V1 Only V1 Compatible and V2 Only This entry specifies which version of the RIP protocol will be used to transmit RIP packets Disabled prevents the transmission of RIP packets RX Mode Toggle a...

Страница 151: ...s a specially formatted packet that contains information about all the link states on the router This link state advertisement is flooded to all router in the area Each router that receives the link state advertisement will store the advertisement and then forward a copy to other routers When the link state database of each router is updated the individual routers will calculate a Shortest Path Tr...

Страница 152: ...ove shows the network from the viewpoint of Router A Router A can reach 192 213 11 0 through Router B with a cost of 10 5 15 Router A can reach 222 211 10 0 through Router C with a cost of 10 10 20 Router A can also reach 222 211 10 0 through Router B and Router D with a cost of 10 5 10 25 but the cost is higher than the route through Router C This higher cost route will not be included in the Rou...

Страница 153: ...alled an Internal Router A router that has interfaces in multiple areas is called a Border Router Routers that act as gateways to other networks possibly using other routing protocols are called Autonomous System Border Routers ASBRs Link State Packets There are a number of different types of link state packets four of which are illustrated below Router Link State Updates These describe a router s...

Страница 154: ... can be forwarded to all other areas and all other routers on the network In situations where an area is required but is not possible to provide a physical connection to the backbone a virtual link can be configured Virtual Links Virtual links accomplish two purposes Linking an area that does not have a physical connection to the backbone Patching the backbone in case there is a discontinuity in a...

Страница 155: ...on broadcast multi access networks such as Frame Relay or X 25 this state indicates that no recent information has been received from the neighbor An effort should be made to contact the neighbor by sending Hello packets at the reduced rate set by the Poll Interval Init The interface has detected a Hello packet coming from a neighbor but bi directional communication has not yet been established Tw...

Страница 156: ...ket belongs to All OSPF packets are associated with a single area Packets traversing a virtual link are assigned the backbone Area ID of 0 0 0 0 Checksum A standard IP checksum that includes all of the packet s contents except for the 64 bit authentication field Authentication Type The type of authentication to be used for the packet Authentication A 64 bit field used by the authentication scheme ...

Страница 157: ...DR for this network in the view of the advertising router The DR is identified here by its IP interface address on the network Backup Designated Router The identity of the Backup Designated Router BDR for this network The BDR is identified here by its IP interface address on the network This field is set to 0 0 0 0 if there is no BDR Field Description Neighbor The Router IDs of each router from wh...

Страница 158: ...ion packets M bit The More bit When set to 1 this indicates that more Database Description packets will follow MS bit The Master Slave bit When set to 1 this indicates that the router is the master during the Database Exchange process A zero indicates the opposite DD Sequence Number User to sequence the collection of Database Description Packets The initial value indicated by the Initial bit being...

Страница 159: ... in mind the precise instance of the database pieces it is requesting defined by LS sequence number LS checksum and LS age although these fields are not specified in the Link State Request packet itself The router may receive even more recent instances in response The format of the Link State Request packet is shown below Version No Packet Length Router ID Area ID Authentication Type Authenticatio...

Страница 160: ...header Otherwise the format of each of the five types of link state advertisements is different Link State Acknowledgment Packet Link State Acknowledgment packets are OSPF packet type 5 To make the folding of link state advertisements reliable flooded advertisements are explicitly acknowledged This acknowledgment is accomplished through the sending and receiving of Link State Acknowledgment packet...

Страница 161: ...er is elected as the Designated Router it originates a network links advertisement Other types of link state advertisements may also be originated The flooding algorithm is reliable ensuring that all routers have the same collection of link state advertisements The collection of advertisements is called the link state or topological database From the link state database each router constructs a sh...

Страница 162: ... Options The optional capabilities supported by the described portion of the routing domain Link State Type The type of the link state advertisement Each link state type has a separate advertisement format The link state type are as follows Router Links Network Links Summary Link IP Network Summary Link ASBR AS External Link Link State ID This field identifies the portion of the internet environme...

Страница 163: ...he router is able to calculate a separate set of routes for each IP Type of Service TOS Router links advertisements are flooded throughout a single area only Field Description V bit When set the router is an endpoint of an active virtual link that is using the described area as a Transit area V is for Virtual link endpoint E bit When set the router is an Autonomous System AS boundary router E is f...

Страница 164: ... point to point connection it specifies the interface s MIB II ifIndex value For other link types it specifies the router s associated IP interface address This latter piece of information is needed during the routing table build process when calculating the IP address of the next hop No of TOS The number of different Type of Service TOS metrics given for this link not counting the required metric...

Страница 165: ... the IP interface address of the Designated Router The distance form the network to all attached routers is zero for all TOS This is why the TOS and metric fields need not be specified in the network links advertisement The format of the Network Links Advertisement is shown below Link State Age Options Link State ID Advertising Router Link State Sequence Number Link State Checksum Length Network L...

Страница 166: ... Link Advertisements For stub area Type 3 summary link advertisements can also be used to describe a default route on a per area basis Default summary routes are used in stub area instead of flooding a complete set of external routes When describing a default summary route the advertisement s Link State ID is always set to the Default Destination 0 0 0 0 and the Network Mask is set to 0 0 0 0 Sepa...

Страница 167: ...vertising Router Link State Sequence Number Link State Checksum Length Network Mask TOS Metric AS External Link Advertisements 5 Forwarding Address External Route Tag E Figure 6 131 AS External Link Advertisements Field Description Network Mask The IP address mask for the advertised destination E bit The type of external metric If the E bit is set the metric specified is a Type 2 external metric T...

Страница 168: ...h s OSPF Route ID State Allows OSPF to be enabled or disabled globally on the Switch without changing the OSPF configuration OSPF Area ID Settings This menu allows the configuration of OSPF Area IDs and to designate these areas as either Normal or Stub Normal OSPF areas allow Link State Database LSDB advertisements of routes to networks that are external to the area Stub areas do not allow the LSD...

Страница 169: ...ub Import Summary LSA Displays whether or not the selected Area will allow Summary Link State Advertisements Summary LSAs to be imported into the area from other areas Stub Default Cost Displays the default cost for the route to the stub of between 0 and 65 535 The default is 1 OSPF Interface Settings To set up OSPF interfaces click Configuration Layer 3 IP Networking OSPF OSPF Interface Settings ...

Страница 170: ...ld will only read Broadcast due to OSPF configurations permanently set in the Switch Area ID Allows the entry of an OSPF Area ID configured above Router Priority Allows the entry of a number between 0 and 255 representing the OSPF priority of the selected area If a Router Priority of 0 is selected the Switch cannot be elected as the Designated Router for the network Hello Interval Allows the speci...

Страница 171: ...y ID of up to 5 characters to set the Auth Key ID for either the Simple Auth Type or the MD5 Auth Type as specified in the previous parameter Metric This field allows the entry of a number between 1 and 65 535 that is representative of the OSPF cost of reaching the selected OSPF interface The default metric is 1 DR State A read only field describing the Designated Router state of the IP interface ...

Страница 172: ... to add or change an OSPF Virtual Interface Parameter Description Transit Area ID Allows the entry of an OSPF Area ID previously defined on the Switch that allows a remote area to communicate with the backbone area 0 A Transit Area cannot be a Stub Area or a Backbone Area Neighbor Router The OSPF router ID for the remote router This is a 32 bit number in the form of an IP address xxx xxx xxx xxx t...

Страница 173: ... and propagation delays This field is fixed at 1 second RetransInterval The number of seconds between link state advertisement retransmissions for adjacencies belonging to this virtual link This field is fixed at 5 seconds Click Apply to implement changes made NOTE For OSPF to function properly some settings should be identical on all participating OSPF devices These settings include the Hello Int...

Страница 174: ...eing removed Figure 6 139 OSPF Area Aggregation Settings table Use the menu below to change settings or add a new OSPF Area Aggregation setting Figure 6 140 OSPF Area Aggregation Settings Add window Specify the OSPF aggregation settings and click the Apply button to add or change the settings The new settings will appear listed in the OSPF Area Aggregation Settings table To view the table click th...

Страница 175: ...Address in the list for the configuration to change and proceed to change the metric or area ID To eliminate an existing configuration click the in the Delete column for the configuration being removed Figure 6 141 OSPF Host Route Settings table Use the menu below to set up OSPF host routes Figure 6 142 OSPF Host Route Settings Add window Specify the host route settings and click the Apply button ...

Страница 176: ...1 and 2 Multicast groups allow members to join or leave at any time IGMP provides the method for members and multicast routers to communicate when joining or leaving a multicast group IGMP version 1 is defined in RFC 1112 It has a fixed packet size and no optional data The format of an IGMP packet is shown below Figure 6 143 IGMP Message Format The IGMP Type codes are shown below Type Meaning 0x11...

Страница 177: ...ugh a Membership report which includes a block message in the group report packet For version 2 the host could respond to a group query but in version 3 the host is now capable to answer queries specific to the group and the source IGMP v3 is backwards compatible with other versions of IGMP The IGMPv3 Type supported codes are shown below Type Meaning 0x11 Membership Query 0x12 Version 1 Membership...

Страница 178: ...e source record list is then deleted after all source timers expire If there is no source list record in the multicast group the multicast group will be deleted from the Switch Timers are also used for IGMP version 1 and 2 members which are a part of a multicast group when the Switch is running IGMPv3 This timer is based on a host within the multicast group that is running IGMPv1 or v2 Receiving a...

Страница 179: ...gth of time between queries can be varied by entering a value between 1 and 31 744 seconds in the Query Interval field The maximum length of time between the receipt of a query and the sending of an IGMP response report can be varied by entering a value in the Max Response Time field The Robustness Variable field allows IGMP to be tuned for sub networks that are expected to lose many packets A hig...

Страница 180: ... construction of a multicast delivery tree to be pruned once the delivery tree has been established When a sender initiates a multicast DVMRP initially assumes that all users on the network will want to receive the multicast message When an adjacent router receives the message it checks its unicast routing table to determine the interface that gives the shortest path lowest cost back to the source...

Страница 181: ...ports before issuing poison route messages The default is 35 seconds Probe Interval 1 65535 This field allows an entry between 1 and 65 535 seconds and defines the interval between probes The default is 10 Metric 1 31 This field allows an entry between 1 and 31 and defines the route cost for the IP interface The DVMRP route cost is a relative number that represents the real cost of using this rout...

Страница 182: ...ly join or be pruned from a multicast group through the use of Join Prune Messages exchanged between the DR and RP Join Prune Messages are packets relayed between routers that effectively state which interfaces are or are not to be receiving multicast data These messages can be configured for their frequency to be sent out on the network and are only valid to routers if a Hello packet has first be...

Страница 183: ...all interfaces and then either waiting for a timer to expire the Join Prune Interval or for the downstream routers to transmit explicit prune messages indicating that there are no multicast members on their respective branches PIM DM then removes these branches prunes them from the multicast delivery tree Because a member of a pruned branch of a multicast delivery tree may want to join a multicast...

Страница 184: ...ty as the Designated Router DR on the PIM enabled network The user may state an interval time between 1 18724 seconds with a default interval time of 30 seconds Join Prune Interval This field will set the interval time between the sending of Join Prune packets stating which multicast groups are to join the PIM enabled network and which are to be removed or pruned from that group The user may state...

Страница 185: ...IM SM enabled network will be the RP The user may select a length between 0 32 with a default setting of 30 Bootstrap Period Enter a time period between 1 255 to determine the interval the Switch will send out Boot Strap Messages BSM to the PIM enabled network The default setting is 60 seconds Interface Name To find an IP interface on the Switch enter the interface name into the space provided and...

Страница 186: ...e RP to switch to an SPT between the RP and the first hop router The user may enter a value between 0 65535 packets per second 0 will denote that the RP will immediately enter the SPT once a register packet has been received An entry of infinity will disable the RP from entering an SPT The default setting is 0 Register Probe Time This command is used to set a time to send a probe message from the ...

Страница 187: ... immediately removed from CRP status on the PIM SM network Priority Enter a priority value to determine which CRP will become the RP for the distribution tree This priority value will be included in the router s CRP advertisements A lower value means a higher priority yet if there is a tie for the highest priority the router having the higher IP address will become the RP The user may set a priori...

Страница 188: ...his window is used to set a first hop router to create checksums to be included with the data in Registered packets To view this window click Configuration Layer 3 IP Networking IP Multicast Routing Protocol PIM Protocol PIM Register Checksum Settings Figure 6 159 PIM Register Checksum Include Data RP List Settings window To configure the settings for this window click the Add button which will re...

Страница 189: ...tings for this window and set this router as the Static RP click the Add button which will reveal the following window for the administrator to configure Figure 6 162 PIM Static RP Settings Add window The following fields can be set Parameter Description Group Address Enter the multicast group IP address to identify who is the RP This address must be a class D address Group Mask Enter the mask for...

Страница 190: ...ess of the next DNS server if the server receiving the query cannot resolve the name When a DNS server receives a query it checks to see if the name is in its sub domain If it is the server translates the name and appends the answer to the query and sends it back to the client If the DNS server cannot translate the name it determines what type of name resolution the client requested A complete tra...

Страница 191: ...ges made DNS Relay Static Settings To view the DNS Relay Static Settings click Configuration Layer 3 IP Networking DNS Relay DNS Relay Static Settings which will open the DNS Relay Static Settings window as seen below Figure 6 164 DNS Relay Static Settings and Table window To add an entry into the DNS Relay Static Table simply enter a Domain Name with its corresponding IP address and click Add und...

Страница 192: ... see the DHCP server and or TFTP server software instructions The user may also consult the Upload screen description located in the Maintenance section of this manual If the Switch is unable to complete the DHCP auto configuration the previously saved configuration file present in the Switch s memory will be used Figure 6 165 DHCP Auto Configuration Settings window To enable the DHCP Auto Configu...

Страница 193: ...t this information servers send out packets holding BOOTP information necessary for the Switch and its functionality Yet there are times DHCP servers and clients do not reside on the same physical subnet and therefore the transfer of this information becomes more difficult To ease the flow of this information the Switch can now act as a DHCP Relay agent When the relay agent receives the DHCP reque...

Страница 194: ...ld from a DHCP client the Switch drops the packet because it is invalid In packets received from DHCP servers the relay agent will drop invalid messages Disabled When Disabled the relay agent will not check the validity of the packet s option 82 field DHCP Relay Option Policy This field can be toggled between Replace Drop and Keep by using the pull down menu and is used to set the Switches policy ...

Страница 195: ...ails the election protocol will select a virtual router with the highest priority to be the Master router on the LAN This retains the link and the connection is kept alive regardless of the point of failure To configure VRRP for virtual routers on the Switch an IP interface must be present on the system and it must be a part of a VLAN VRRP IP interfaces may be assigned to every VLAN and therefore ...

Страница 196: ...been selected to compare VRRP packets received by a virtual router Simple Text Password A Simple password has been selected to compare VRRP packets received by a virtual router for authentication IP Authentication Header An MD5 message digest algorithm has been selected to compare VRRP packets received by a virtual router for authentication Display Click the button to display the settings for this...

Страница 197: ...ult is 1 second Preempt Mode This entry will determine the behavior of backup routers within the VRRP group by controlling whether a higher priority backup router will preempt a lower priority Master router A True entry along with having the backup router s priority set higher than the masters priority will set the backup router as the Master router A False entry will disable the backup router fro...

Страница 198: ... displayed if the virtual router is enabled and Down if the virtual router is disabled Priority Displays the priority of the virtual router A higher priority will increase the probability that this router will become the Master router of the group A lower priority will increase the probability that this router will become the backup router The lower the number the higher the priority Master IP Add...

Страница 199: ...hentication Auth Type Specifies the type of authentication used The Auth Type must be consistent with all routers participating within the VRRP group The choices are None Selecting this parameter indicates that VRRP protocol exchanges will not be authenticated Simple Selecting this parameter will require the user to set a simple password in the Auth Data field for comparing VRRP message packets re...

Страница 200: ...e the Security IP Management to permit remote stations to manage the Switch If choosing to define one or more designated management stations only the chosen stations as defined by IP address will be allowed management privilege through the web manager or Telnet session To define a management station IP setting type in the IP address and click the Apply button User Account Management Use the User A...

Страница 201: ...iewed in the Access Right field Admin and User Privileges There are two levels of user privileges Admin and User Some menu selections available to users with Admin privileges may not be available to those with User privileges The following table summarizes the Admin and User privileges Management Admin User Configuration Yes Read Only Network Monitoring Yes Read Only Community Strings and Trap Sta...

Страница 202: ...itch including specifying a password This password is used to logon to the Switch once a secure communication path has been established using the SSH protocol 2 Configure the User Account to use a specified authorization method to identify users that are allowed to establish SSH connections with the Switch using the SSH User Authentication window There are three choices as to the method SSH will u...

Страница 203: ...must reconnect to the Switch to attempt another login The number of maximum attempts may be set between 2 and 20 The default setting is 2 Session Rekeying This field is used to set the time period that the Switch will change the security shell encryptions by using the pull down menu The available options are Never 10 min 30 min and 60 min The default setting is Never Port Enter the virtual port nu...

Страница 204: ...pull down to enable or disable the twofish256 encryption algorithm The default is Enabled Data Integrity Algorithm HMAC SHA1 Use the pull down to enable or disable the HMAC Hash for Message Authentication Code mechanism utilizing the Secure Hash algorithm The default is Enabled HMAC MD5 Use the pull down to enable or disable the HMAC Hash for Message Authentication Code mechanism utilizing the MD5...

Страница 205: ... wishes to use a remote SSH server for authentication purposes Choosing this parameter requires the user to input the following information to identify the SSH user Password This parameter should be chosen if the administrator wishes to use an administrator defined password for authentication Upon entry of this parameter the Switch will prompt the administrator for a password and then to re type t...

Страница 206: ... Switch The server will not accept the username and password and the user is denied access to the Switch The server doesn t respond to the verification query At this point the Switch receives the timeout from the server and then moves to the next method of verification configured in the method list The Switch has four built in Authentication Server Groups one for each of the TACACS XTACACS TACACS ...

Страница 207: ...to enable or disable the Authentication Policy on the Switch Response Timeout 1 255 This field will set the time the Switch will wait for a response of authentication from the user The user may set a time between 1 and 255 seconds The default setting is 30 seconds User Attempts 1 255 This command will configure the maximum number of times the Switch will accept authentication attempts Users failin...

Страница 208: ...he Login Method List and Enable Method List for authentication for users utilizing the Console Command Line Interface application the Telnet application SSH and the Web HTTP application Login Method List Using the pull down menu configure an application for normal login on the user level utilizing a previously configured method list The user may use the default Method List or other Method List con...

Страница 209: ...me which will then display the following window Figure 7 12 Add a Server Host to Server Group XTACACS window To add an Authentication Server Host to the list enter its IP address in the IP Address field choose the protocol associated with the IP address of the Authentication Server Host and click Add to add this Authentication Server Host to the group To add a server group other than the ones list...

Страница 210: ...and are not compatible with each other Figure 7 15 Authentication Server Host Setting Add window Configure the following parameters to add an Authentication Server Host Parameter Description IP Address The IP address of the remote server host to add Protocol The protocol used by the server host The user may choose one of the following Port 1 65535 Enter a number between 1 and 65535 to define the v...

Страница 211: ...be dependant on the local account privilege configured on the Switch Successful login using any of these techniques will give the user a User privilege only If the user wishes to upgrade his or her status to the administrator level the user must use the Enable Admin window in which the user must enter a previously configured password set by the administrator See the Enable Admin part of this secti...

Страница 212: ...ges to Administrator Admin level privileges using authentication methods on the Switch Once a user acquires normal user level privileges on the Switch he or she must be authenticated by a method on the Switch to gain administrator privileges on the Switch which is defined by the Administrator A maximum of eight 8 Enable Method Lists can be implemented on the Switch one of which is a default Enable...

Страница 213: ...t local_enable Adding this parameter will require the user to be authenticated using the local enable password database on the Switch The local enable password must be set by the user in the next section entitled Local Enable Password none Adding this parameter will require no authentication to access the Switch radius Adding this parameter will require the user to be authenticated using the RADIU...

Страница 214: ...al Enabled field will result in a fail message Click Apply to implement changes made Enable Admin The Enable Admin window is for users who have logged on to the Switch on the normal user level and wish to be promoted to the administrator level After logging on to the Switch users will have only user level privileges To gain access to administrator level privileges the user will open this window an...

Страница 215: ...xStack DES 6500 Modular Layer 3 Chassis Ethernet Switch User Manual Figure 7 2 Enter Network Password window 4 200 ...

Страница 216: ...ermine a Message Authentication Code This Message Authentication Code will be encrypted with a sent message to provide integrity and prevent against replay attacks The Switch supports two hash algorithms MD5 Message Digest 5 and SHA Secure Hash Algorithm These three parameters are uniquely assembled in four choices on the Switch to create a three layered encryption code for secure communication be...

Страница 217: ...st begin with https Ex https 10 90 90 90 Any other method will result in an error and no access can be authorized for the web based management To view the following window click Security Management Secure Socket Layer SSL Configuration Figure 7 26 Ciphersuite window To set up the SSL function on the Switch configure the following parameters and click Apply Parameter Description Ciphersuite RSA wit...

Страница 218: ...lar host therefore speeding up the negotiation process The default setting is 600 seconds NOTE Certain implementations concerning the function and configuration of SSL are not available on the web based management of this Switch and need to be configured using the command line interface For more information on SSL and its functions see the xStack DES 6500 Modular Layer 3 Chassis Ethernet Switch CL...

Страница 219: ...listed and configured with a shared set of privileges The SNMP version may also be set for a listed group of SNMP managers Thus you may create a group of SNMP managers that are allowed to view read only information or receive traps using SNMPv1 while assigning a higher level of security to another group granting read write privi leges using SNMPv3 Using SNMPv3 individual users or groups of SNMP ma...

Страница 220: ...itch s memory Figure 8 1 SNMP Trap Settings window SNMP User Table The SNMP User Table displays all of the SNMP User s currently configured on the Switch In the SNMP Manager folder click on the SNMP User Table link This will open the SNMP User Table as shown below Figure 8 2 SNMP User Table To delete an existing SNMP User Table entry click the below the Delete heading corresponding to the entry to...

Страница 221: ...w Figure 8 4 SNMP User Table Configuration window The following parameters can set Parameter Description User Name Enter an alphanumeric string of up to 32 characters This is used to identify the SNMP user Group Name This name is used to specify the SNMP group created can request SNMP messages SNMP Version V1 Specifies that SNMP version 1 will be used V2 Specifies that SNMP version 2 will be used ...

Страница 222: ...as been checked This field will require the user to enter a password between 8 and 16 alphanumeric characters Encrypted Checking the corresponding box will enable encryption for SNMP V3 and is only operable in SNMP V3 mode To implement changes made click Apply To return to the SNMP User Table click the Show All SNMP User Table Entries link SNMP View Table The SNMP View Table is used to assign view...

Страница 223: ...o return to the SNMP View Table click the Show All SNMP View Table Entries link SNMP Group Table An SNMP Group created with this table maps SNMP users identified in the SNMP User Table to the views created in the previous menu To view the SNMP Group Table open the SNMP Manager folder and click the SNMP Group Table entry The following screen should appear Figure 8 7 SNMP Group Table To delete an ex...

Страница 224: ...rts both centralized and distributed network management strategies It includes improvements in the Structure of Management Information SMI and adds some security features SNMPv3 Specifies that the SNMP version 3 will be used SNMPv3 provides secure access to devices through a combination of authentication and encrypting packets over the network Security Level The Security Level settings only apply ...

Страница 225: ... following screen Figure 8 10 SNMP Community Table window The following parameters can set Parameter Description Community Name Type an alphanumeric string of up to 32 characters that is used to identify members of an SNMP community This string is used like a password to give remote SNMP managers access to MIB objects in the Switch s SNMP agent View Name Type an alphanumeric string of up to 32 cha...

Страница 226: ...ation page as shown below Figure 8 12 SNMP Host Table Configuration window The following parameters can set Parameter Description Host IP Address Type the IP address of the remote management station that will serve as the SNMP host for the Switch SNMP Version V1 To specifies that SNMP version 1 will be used V2 To specify that SNMP version 2 will be used V3 NoAuth NoPriv To specify that the SNMP ve...

Страница 227: ...c string used to identify the SNMP engine on the Switch To display the Switch s SNMP Engine ID open the SNMP Manger folder and click on the SNMP Engine ID link This will open the SNMP Engine ID Configuration window as shown below Figure 8 13 SNMP Engine ID Configuration window To change the Engine ID type the new Engine ID in the space provided and click the Apply button 212 ...

Страница 228: ...g Information Device Status MAC Address Switch History Log IGMP Snooping Group IGMP Snooping Forward Browse Router Port Port Access Control Layer 3 Feature Browse IP Address Browse Routing Table Browse ARP Table Browse IP Multicast Forwarding Table Browse IP Multicast Interface Table Browse IGMP Group Table OSPF Monitor DVMRP Monitor PIM Monitor 213 ...

Страница 229: ...h To view the CPU utilization by port use the real time graphic of the Switch and or switch stack at the top of the web page by simply clicking on a port Click Apply to implement the configured settings The window will automatically refresh with new updated statistics The information is described as follows Parameter Description Time Interval 1s Select the desired setting between 1s and 60s where ...

Страница 230: ... in the chassis switch by using the Unit pull down menu and then select the port by using the Port pull down menu The user may also use the real time graphic of the Switch and or switch stack at the top of the web page by simply clicking on a port The following field can be set Parameter Description Time Interval Select the desired setting between 1s and 60s where s stands for seconds The default ...

Страница 231: ...ckets received on the Switch To select a port to view these statistics for first select the Switch in the switch stack by using the Unit pull down menu and then select the port by using the Port pull down menu The user may also use the real time graphic of the Switch and or switch stack at the top of the web page by simply clicking on a port Figure 9 3 Rx Packets Analysis window line graph for Byt...

Страница 232: ...Packets Counts the number of packets received on the port Unicast Counts the total number of good packets that were received by a unicast address Multicast Counts the total number of good packets that were received by a multicast address Broadcast Counts the total number of good packets that were received by a broadcast address Show Hide Check whether to display Bytes and Packets Clear Clicking th...

Страница 233: ...ics for first select the Switch in the switch stack by using the Unit pull down menu and then select the port by using the Port pull down menu The user may also use the real time graphic of the Switch and or switch stack at the top of the web page by simply clicking on a port Figure 9 5 Rx Packets Analysis window line graph for Unicast Multicast and Broadcast Packets To view the UMB Cast Table cli...

Страница 234: ...value is 200 Unicast Counts the total number of good packets that were received by a unicast address Multicast Counts the total number of good packets that were received by a multicast address Broadcast Counts the total number of good packets that were received by a broadcast address Show Hide Check whether or not to display Multicast Broadcast and Unicast Packets Clear Clicking this button clears...

Страница 235: ...e statistics for first select the Switch in the switch stack by using the Unit pull down menu and then select the port by using the Port pull down menu The user may also use the real time graphic of the Switch and or switch stack at the top of the web page by simply clicking on a port Figure 9 7 Tx Packets Analysis window line graph for Bytes and Packets To view the Transmitted TX Table click the ...

Страница 236: ...e port Packets Counts the number of packets successfully sent on the port Unicast Counts the total number of good packets that were transmitted by a unicast address Multicast Counts the total number of good packets that were transmitted by a multicast address Broadcast Counts the total number of good packets that were transmitted by a broadcast address Show Hide Check whether or not to display Byt...

Страница 237: ...the following graph of error packets received on the Switch To select a port to view these statistics for first select the line card in the chassis by using the Unit pull down menu and then select the port by using the Port pull down menu The user may also use the real time graphic of the Switch and or switch stack at the top of the web page by simply clicking on a port Figure 9 9 Rx Error Analysi...

Страница 238: ...nce OverSize Counts packets received that were longer than 1518 octets or if a VLAN frame is 1522 octets and less than the MAX_PKT_LEN Internally MAX_PKT_LEN is equal to 1522 Fragment The number of packets less than 64 bytes with either bad framing or an invalid CRC These are normally the result of collisions Jabber The number of packets with lengths more than the MAX_PKT_LEN bytes Internally MAX_...

Страница 239: ... these statistics for first select the Switch in the switch stack by using the Unit pull down menu and then select the port by using the Port pull down menu The user may also use the real time graphic of the Switch and or switch stack at the top of the web page by simply clicking on a port Figure 7 2 Tx Error Analysis window line graph 8 To view the Transmitted Error Packets Table click the link V...

Страница 240: ...t boundary LateColl Counts the number of times that a collision is detected later than 512 bit times into the transmission of a packet ExColl Excessive Collisions The number of packets for which transmission failed due to excessive collisions SingColl Single Collision Frames The number of successfully transmitted packets for which transmission is inhibited by more than one collision Coll An estima...

Страница 241: ...lect the Switch in the switch stack by using the Unit pull down menu and then select the port by using the Port pull down menu The user may also use the real time graphic of the Switch and or switch stack at the top of the web page by simply clicking on a port Figure 7 3 Rx Size Analysis window line graph 0 To view the Packet Size Analysis Table click the link View Table which will show the follow...

Страница 242: ...ve excluding framing bits but including FCS octets 256 511 The total number of packets including bad packets received that were between 256 and 511 octets in length inclusive excluding framing bits but including FCS octets 512 1023 The total number of packets including bad packets received that were between 512 and 1023 octets in length inclusive excluding framing bits but including FCS octets 102...

Страница 243: ...n Parameters Description Box ID Displays the slot order in the chassis Type Displays the model name of the corresponding switch in a stack Exist Denotes whether a switch does or does not exist in a stack Priority Displays the priority ID of the line card The lower the number the higher the priority The line card with the lowest priority number in the stack denotes the Master module Prom Version Sh...

Страница 244: ...field denoting the current status of the internal power supply Powered will suggest the mechanism is functioning correctly while Not Exist will show the mechanism is not functioning correctly Output Voltage A read only field denoting the current status of the external power supply Normal will suggest the mechanism is functioning correctly while Fail will show the mechanism is not functioning corre...

Страница 245: ...s entered into the address table Unit Refers to the Unit of the switch stack from which the MAC address was learned Port The port to which the MAC address above corresponds Type Describes the method which the Switch discovered the MAC address The possible entries are Dynamic Self and Static Next Click this button to view the next page of the address table View All Entry Clicking this button will a...

Страница 246: ...signated SNMP trap receiving stations and to the PC connected to the console manager Click Next to go to the next page of the Switch History Log Clicking Clear will allow the user to clear the Switch History Log The information is described as follows Parameter Description Sequence A counter incremented whenever an entry to the Switch s history log is made The table displays the last entry highest...

Страница 247: ... The user may search the IGMP Snooping Group Table by VID by entering it in the top left hand corner and clicking Search The following field can be viewed Parameter Description VLAN ID The VLAN ID of the multicast group Multicast Group The IP address of the multicast group MAC Address The MAC address of the multicast group Reports The total number of reports received for this group Port Map These ...

Страница 248: ...GMP Snooping Forwarding link Figure 9 1 IGMP Snooping Forwarding Table 5 The user may search the IGMP Snooping Forwarding Table by VLAN Name using the top left hand corner Search The following field can be viewed Parameter Description VLAN Name The VLAN Name of the multicast group Source IP The Source IP address of the multicast group Multicast Group The IP address of the multicast group Port Map ...

Страница 249: ...rrently configured as router ports A router port configured by a user using the console or Web based management interfaces is displayed as a static router port designated by S A router port that is dynamically configured by the Switch is designated by D and a Forbidden port is designated by F Figure 9 1 Browse Router Port window 6 234 ...

Страница 250: ...Statistics Authenticator Session Statistics and Authenticator Diagnostics windows in this section cannot be viewed on the xStack DES 6500 chassis switch unless 802 1x is enabled by port or by MAC address To enable 802 1x go to the Port Access Entity folder in the configuration folder and select the heading 802 1X Auth Mode Settings Authenticator State The following section describes the 802 1X Sta...

Страница 251: ...ndow and clicking OK The information on this window is described as follows Parameter Description Auth PAE State The Authenticator PAE State value can be Initialize Disconnected Connecting Authenticating Authenticated Aborting Held Force_Auth Force_Unauth or N A N A Not Available indicates that the port s authenticator capability is disabled Backend State The Backend Authentication State can be Re...

Страница 252: ...l authentication of the Supplicant authSuccess TRUE TimeoutsWhileAuthenticating Counts the number of times that the state machine transitions from AUTHENTICATING to ABORTING as a result of the Backend Authentication state machine indicating authentication timeout authTimeout TRUE FailWhileAuthenticating Counts the number of times that the state machine transitions from AUTHENTICATING to HELD as a ...

Страница 253: ... the Authenticator attempted communication with the Authentication Server BackendAccessChallenges Counts the number of times that the state machine receives an initial Access Challenge packet from the Authentication server i e aReq becomes TRUE causing exit from the RESPONSE state Indicates that the Authentication Server has communication with the Authenticator BackendOtherRequestsToSupplicant Cou...

Страница 254: ...he user may also select the desired time interval to update the statistics between 1s and 60s where s stands for seconds The default value is one second The following fields can be viewed Parameter Description SessionOctetsRx The number of octets received in user data frames on this port during the session SessionOctetsTx The number of octets transmitted in user data frames on this port during the...

Страница 255: ...tion Server is located within the Authenticator s System SessionTime The duration of the session in seconds SessionTerminateCause The reason for the session termination There are eight possible reasons for termination 1 Supplicant Logoff 2 Port Failure 3 Supplicant Restart 4 Reauthentication Failure 5 AuthControlledPortControl set to ForceUnauthorized 6 Port re initialization 7 Port Administrative...

Страница 256: ...that switch s Unit ID by using the pull down menu in the top left hand corner The user may also select the desired time interval to update the statistics between 1s and 60s where s stands for seconds The default value is one second The following fields can be viewed Parameter Description EapolFramesRx The number of valid EAPOL frames that have been received by this Authenticator The number of EAPO...

Страница 257: ...pFramesRx The number of valid EAP Response frames other than Resp Id frames that have been received by this Authenticator InvalidEapolFramesRx The number of EAPOL frames that have been received by this Authenticator in which the frame type is not recognized EapLengthErrorFramesRx The number of EAPOL frames that have been received by this Authenticator in which the Packet Body Length field is inval...

Страница 258: ...eter Description ClientInvalidServerAddresses The number of RADIUS Accounting Response packets received from unknown addresses ClientIdentifier The NAS Identifier of the RADIUS accounting client This is not necessarily the same as sysName in MIB II ServerIndex The identification number assigned to each RADIUS Accounting server that the client shares a secret with ServerAddress The conceptual table...

Страница 259: ...kets sent to this server that have not yet timed out or received a response This variable is incremented when an Accounting Request is sent and decremented due to receipt of an Accounting Response a timeout or a retransmission ClientTimeouts The number of accounting timeouts to this server After a timeout the client may retry to the same server send to a different server or give up A retry to the ...

Страница 260: ...stands for seconds The default value is one second To clear the current statistics shown click the Clear button in the top left hand corner The following fields can be viewed Parameter Description ClientInvalidServerAddresses The number of RADIUS Access Response packets received from unknown addresses ClientIdentifier The NAS Identifier of the RADIUS authentication client This is not necessarily t...

Страница 261: ...r Malformed packets include packets with an invalid length Bad authenticators or Signature attributes or known types are not included as malformed access responses ClientBadAuthenticators The number of RADIUS Access Response packets containing invalid authenticators or Signature attributes received from this server ClientPendingRequests The number of RADIUS Access Request packets destined for this...

Страница 262: ...eviously described in Section 6 of this manual under Layer 3 IP Networking Browse IP Address Table The Browse IP Address Table may be found in the Monitoring menu in the Layer 3 Feature folder The Browse IP Address Table is a read only screen where the user may view IP addresses discovered by the Switch To search a specific IP address enter it into the field labeled IP Address at the top of the sc...

Страница 263: ...nto the Destination Address field along with a proper subnet mask into the Mask field and click Find Figure 9 2 Browse Routing Table window 5 Browse ARP Table The Browse ARP Table window may be found in the Monitoring menu in the Layer 3 Feature folder This window will show current ARP entries on the Switch To search a specific ARP entry enter an interface name into the Interface Name or an IP add...

Страница 264: ...in the Monitoring menu in the Layer 3 Feature folder This window will show current IP multicasting interfaces located on the Switch To search a specific entry enter an multicast interface name into the Interface Name field or choose a Protocol from the pull down list and click Find Figure 9 28 Browse IP Multicast Interface Table Browse IGMP Group Table The Browse IGMP Group Table window may be fou...

Страница 265: ...Browse OSPF LSDB Table The user may search for a specific entry by entering the following information into the fields at the top of the screen To browse the OSPF LSDB Table first select which browse method to use in the Search Type field The choices are All Area ID Advertise Router ID LSDB Area ID Advertise Router ID Area ID LSDB and Advertise Router ID LSDB If Area ID is selected as the browse me...

Страница 266: ...ess of the network s Designated Router 3 The destination network s IP address 4 The Router ID of the described AS boundary router Cost Displays the cost of the table entry Sequence Displays a sequence number corresponding to number of times the current link has been advertised as changed Browse OSPF Neighbor Table This table can be found in the OSPF Monitoring folder by clicking on the Browse OSPF...

Страница 267: ...h a virtual neighbor by using one of the two search options at the top of the screen which are Figure 9 3 OSPF Virtual Neighbor Table 2 Parameter Description Transit Area ID Allows the entry of an OSPF Area ID previously defined on the Switch that allows a remote area to communicate with the backbone area 0 A Transit Area cannot be a Stub Area or a Backbone Area Virtual Neighbor Router ID The OSPF...

Страница 268: ...eatures in relation to the xStack DES 6500 chassis switch can be found in Section 6 under IP Multicast Routing Protocol Browse DVMRP Routing Table Multicast routing information is gathered and stored by DVMRP in the DVMRP Routing Table which may be found in the Monitoring folder under Browse DVMRP Monitoring contains one row for each port in a DVMRP mode Each routing entry contains information abo...

Страница 269: ...wse DVMRP Routing Next Hop Table The DVMRP Routing Next Hop Table contains information regarding the next hop for forwarding multicast packets on outgoing interfaces Each entry in the DVMRP Routing Next Hop Table refers to the next hop of a specific source to a specific multicast group address This table is found in the Monitoring menu under DVMRP Monitoring with the heading Browse DVMRP Routing N...

Страница 270: ...ormation regarding each of a router s PIM neighbors This screen may be found by clicking Monitoring PIM Monitor Browse PIM Neighbor Table To search this table enter either an Interface Name or Neighbor Address into the respective field and click the Find button PIM neighbors of that entry will appear in the PIM Neighbor Table below Figure 12 1 PIM Neighbor Table PIM IP MRoute Table The PIM IP MRou...

Страница 271: ...nual Browse PIM RP Set Table The following window is used to assess information regarding the Rendezvous Point RP Set on the Switch This screen may be found by clicking Monitoring Layer 3 Feature PIM Monitor Browse PIM RP Set Table Figure 12 3 PIM RP Set Table 256 ...

Страница 272: ...cular slot from slot stack if you have properly inserted the line cards in the chassis All indicates all slots in the chassis will download the same firmware Enter the IP address of the TFTP server in the Server IP Address field The TFTP server must be on the same IP subnet as the Switch Enter the path and the filename to the firmware file on the TFTP server Note that in the above example the firm...

Страница 273: ...e TFTP server Click the Increment check box to download a part of this file only Click Start to initiate the file transfer Upload Configuration To upload the Switch s settings to a TFTP server click on the TFTP Service folder in the Maintenance folder and then click the Upload Configuration link Figure 10 3 Upload Configuration window Enter the IP address of the TFTP server and the path and filena...

Страница 274: ...umber The port number must be above 1024 The value range is from 30000 to 64900 Timeout Defines the time out period while waiting for a response from the remote device The user may choose an entry between 1 and 65535 seconds Probe The probe value is the number of times the Switch will send probe packets to the next hop on the intended traceroute path The default is 1 Ping is a small program that s...

Страница 275: ... retain any configuration changes permanently click on the Save button in the Save Changes page as shown below Figure 10 7 Save Changes screen Reset The Reset function has several options when resetting the Switch Some of the current configuration parameters can be retained while resetting all other configuration parameters to their factory defaults NOTE Only the Reset System option will enter the...

Страница 276: ...icking the No click box instructs the Switch not to save the current configuration before restarting the Switch All of the configuration information entered from the last time Save Changes was executed will be lost Click the Restart button to restart the Switch Logout Use the Logout page to logout of the Switch s Web based management agent by clicking on the Log Out button Figure 10 1 Logout windo...

Страница 277: ...s not been recognized by the CS as a member of the SIM group A SIM group can only have one Commander Switch CS All switches in a particular SIM group must be in the same IP subnet broadcast domain Members of a SIM group cannot cross a router A SIM group accepts up to 32 switches numbered 0 31 including the Commander Switch numbered 0 There is no limit to the number of SIM groups in the same IP sub...

Страница 278: ...he CS s Administrator s password and or authentication will control access to all MS s of the SIM group With SIM enabled the applications in the CS will redirect the packet instead of executing the packets The applications will decode the packet from the administrator modify some data then send it to the MS After execution the CS may receive a response packet from the MS which it will encode and s...

Страница 279: ... 90 seconds Holdtime This parameter may be set for the time in seconds the Switch will hold information sent to it from other switches utilizing the Discovery Interval The user may set the hold time from 100 to 255 seconds Candidate A Candidate Switch CaS is not the member of a SIM group but is connected to a Commander Switch This is the default setting for the SIM role Commander Choosing this par...

Страница 280: ...Name is configured by the name it will be given the name default and tagged with the last six digits of the MAC Address to identify it Local Port Displays the number of the physical port on the CS that the MS or CaS is connected to The CS will have no entry in this field Speed Displays the connection speed between the CS and the MS or CaS Remote Port Displays the number of the physical port on the...

Страница 281: ...gement Group are connected to other groups and devices Possible icons in this screen are as follows Icon Description Group Layer 2 commander switch Layer 3 commander switch Commander switch of other group Layer 2 member switch Layer 3 member switch Member switch of other group Layer 2 candidate switch Layer 3 candidate switch Unknown device Non SIM devices 266 ...

Страница 282: ...ormation about a specific device as the Tree view does See the window below for an example Figure 11 5 Device Information Utilizing the Tool Tip Setting the mouse cursor over a line between two devices will display the connection speed between the two devices as shown below Figure 11 6 Port Speed Utilizing the Tool Tip Right Click Right clicking on a device will allow the user to perform various f...

Страница 283: ...llapse to collapse the group that will be represented by a single icon Expand to expand the SIM group in detail Figure 11 8 Property window Commander Switch Icon Figure 11 9 Right Clicking a Commander Icon The following options may appear for the user to configure Collapse to collapse the group that will be represented by a single icon Expand to expand the SIM group in detail Property to pop up a ...

Страница 284: ...lowing options may appear for the user to configure Collapse to collapse the group that will be represented by a single icon Expand to expand the SIM group in detail Remove from group remove a member from a group Configure launch the web management to configure the Switch Property to pop up a window to display the device information Figure 11 1 Property window 2 269 ...

Страница 285: ...ed to the SIM group Click OK to enter the password or Cancel to exit the window Figure 11 1 Input password window 4 Property to pop up a window to display the device information as shown below Figure 11 15 Device Property window This window holds the following information Parameter Description Device Name This field will display the Device Name of the switches in the SIM group configured by the us...

Страница 286: ...nus on the menu bar are as follows File Print Setup will view the image to be printed Print Topology will print the topology map Preference will set display properties such as polling interval and the views to open at SIM startup Group Add to group add a candidate to a group Clicking this option will reveal the following screen for the user to enter a password for authentication from the Candidate...

Страница 287: ... User Manual NOTE Upon this firmware release some functions of the SIM can only be configured through the Command Line Interface See the xStack DES 6500 Modular Layer 3 Chassis Ethernet Switch User CLI for more information on SIM and its configurations 272 ...

Страница 288: ...wnload to initiate the file transfer Figure 11 1 Firmware Upgrade window 8 Configuration File Backup Restore This screen is used to upgrade configuration files from the Commander Switch to the Member Switch using a TFTP server Member Switches will be listed in the table and will be specified by Port port on the CS where the MS resides MAC Address Model Name and Version To specify a certain Switch ...

Страница 289: ...lex 10 Mbps 20Mbps 100Mbps 200Mbps 1000Mbps 2000Mbps 10Gbps 20Gbps SFP Mini GBIC Support IEEE 802 3z 1000BASE LX DEM 310GT Transceiver IEEE 802 3z 1000BASE SX DEM 311GT Transceiver IEEE 802 3z 1000BASE LH DEM 314GT Transceiver IEEE 802 3z 1000BASE ZX DEM 315GT Transceiver IEEE 802 3x 1000BASE LX DEM 330T Transceiver IEEE 802 3x 1000BASE LX DEM 330R Transceiver IEEE 802 3x 1000BASE LX DEM 331T Tran...

Страница 290: ...us Humidity Operating 5 to 95 RH non condensing Storage 0 to 95 RH non condensing Dimensions 440 mm x 294 mm x 356 mm 1U 19 inch rack mount width Modules 330mm x 281mm x 27 5mm Weight 13 16kg EMI FCC Part 15 Class A ICES 003 Class Canada EN55022 Class A EN55024 Safety CSA International Performance Transmission Method Store and forward L3 Routing RAM Buffer 256 MB per line card 256MB for CPU Card F...

Страница 291: ...505 DES 6507 DES 6508 DES 6509 DES 6510 DES 6512 R3 00 B33 DES 6504 DES 6505 DES 6507 DES 6508 DES 6509 DES 6510 DES 6512 In the previous table the Runtime Code Version is the earliest firmware version that the corresponding cards listed in the Supported Line Card column can utilize For example the DES 6507 and the DES 6509 are listed for every firmware and therefore are compatible with every firm...

Страница 292: ... firmware is for the CPU card only When downloading the firmware be sure to specify in the CLI command or through the web whether the firmware is for the CPU or the line card Downloading the incorrect firmware will cause problems with the Switch Failing to follow this procedure will cause problems with the switch and the supported line cards All Prom code versions R0 00 B15 R0 00 B16 R1 50 B19 and...

Страница 293: ...h_flr_east_cabinet System Contact Julius_Erving_212 555 6666 Spanning Tree Disabled GVRP Disabled IGMP Snooping Disabled 802 1X Disabled Jumbo Frame Off Clipaging Enabled Port Mirror Disabled SNTP Disabled Boot Relay Disabled DNSR Status Disabled VRRP Disabled DVMRP Disabled PIM DM Disabled RIP Disabled OSPF Disabled TELNET Enabled TCP 23 WEB Enabled TCP 80 RMON Enabled HOL Prevention State Enable...

Страница 294: ...B33 had unit cpu Command download firmware_fromTFTP 10 48 74 121 c 6500rU_3 00 B33 had unit cpu Connecting to server Done Download firmware Done Do not power off Please wait programming flash Done Saving current settings to NV RAM Done Please wait the switch is rebooting Step 3 Once rebooted check the show switch command to verify that the firmware was downloaded correctly The user can then upgrad...

Страница 295: ...ards separately This may be done in any order preferable to the user but two downloads must take place as shown below DES 6500 4 download firmware_fromTFTP 10 48 74 121 c DES6500_PROM_B20 had unit all_line_card Command download firmware_fromTFTP 10 48 74 121 c DES6500_PROM_B20 had unit all_line_card Connecting to server Done Download firmware Done Connecting to slave Done Upload firmware Done Line...

Страница 296: ...d look similar to the ones shown below DES 6500 4 show stack_information Command show stack_information Box Prio Prom Runtime H W ID Type Exist rity version version version 1 DES 6505 exist 16 2 00 B20 3 00 B33 0A1 2 DES 6507 exist 16 2 00 B20 3 00 B33 3A1 3 USR NOT CFG no 4 DES 6508 exist 16 2 00 B20 3 00 B33 0A1 5 DES 6508 exist 16 2 00 B20 3 00 B33 0A1 6 DES 6507 exist 16 2 00 B20 3 00 B33 2A1 ...

Страница 297: ...ion Build 3 00 B33 Hardware Version 2A1 System Name DES 6500_ 3 System Location 7th_flr_east_cabinet System Contact Julius_Erving_212 555 6666 Spanning Tree Disabled GVRP Disabled IGMP Snooping Disabled 802 1X Disabled Jumbo Frame Off Clipaging Enabled Port Mirror Disabled SNTP Disabled DHCP Relay Disabled DNSR Status Disabled VRRP Disabled DVMRP Disabled PIM DM Disabled RIP Disabled OSPF Disabled...

Страница 298: ... system should be recovered and the chassis should function normally Follow the following steps to guide you through the process Step 1 Execute the show switch command to confirm the CPU firmware status currently set on the chassis DES 6500 4 show switch Command show switch Device Type DES 6500 Chassis Ethernet Switch MAC Address DA 10 21 00 00 01 IP Address 10 41 44 22 Manual VLAN Name default Su...

Страница 299: ... 6500 4 reset system Command reset system Are you sure you want to proceed with the system reset y n reset all save reboot y Reboot Load Factory Default Configuration Saving all configurations to NV RAM Done DES 6500 4 show stack_information Command show stack_information Box Prio Prom Runtime H W ID Type Exist rity version version version 1 DES 6505 exist 16 2 00 B20 3 00 B33 0A1 2 DES 6507 exist...

Страница 300: ...33 0A1 2 DES 6507 exist 16 2 00 B20 3 00 B33 3A1 3 USR NOT CFG no 4 USR NOT CFG no 5 USR NOT CFG no 6 DES 6507 exist 16 0 00 B16 1 01 B37 2A1 7 USR NOT CFG no 8 USR NOT CFG no Topology STAR Current state MASTER Box Count 3 DES 6500 4 Step 4 Download the Runtime Version Code R3 00 B33 for this example to the new line card in the chassis DES 6500 4 download firmware_fromTFTP 10 48 74 121 c 6500rS_3 ...

Страница 301: ... insert the DES 6504 DES 6508 DES 6510 DES 6512 line card s into the chassis and check the show stack_information one more time All line cards should now be recognized by the Switch and they should all be showing the same firmware Runtime Version DES 6500 4 show stack_information Command show stack_information Box Prio Prom Runtime H W ID Type Exist rity version version version 1 DES 6505 exist 16...

Страница 302: ...d Firmware Compatibility table at the beginning of this section for more information on line cards and their supported firmware versions 2 After removing the unsupported line card the user must execute the reset system command in the CLI interface This will clear the configurations of the unsupported line card in the chassis 3 Once the reset System command is executed and the removal is a success ...

Страница 303: ...lt Gateway 0 0 0 0 Boot PROM Version Build 2 00 B20 Firmware Version Build 2 00 B20 Hardware Version 2A1 Device S N System Name DES 6500_ 3 System Location 7th_flr_east_cabinet System Contact Julius_Erving_212 555 6666 Spanning Tree Disabled GVRP Disabled IGMP Snooping Disabled 802 1X Disabled Jumbo Frame Off Clipaging Enabled Port Mirror Disabled SNTP Disabled Boot Relay Disabled DNSR Status Disa...

Страница 304: ...logy STAR Current state MASTER Box Count 6 DES 6500 4 Step 3 Remove unsupported line cards from the chassis in this case the DES 6504 line card for downgrade to 1 20 B09 Next enter the reset system command and the whole system should reboot with stacking in tact Enter the show stack_information command again to verify that the switch has completely removed the line card from the chassis DES 6500 4...

Страница 305: ...ES 6510 exist 16 2 00 B20 2 00 B20 0A1 4 USR NOT CFG no 5 DES 6508 exist 16 2 00 B20 2 00 B20 0A1 6 DES 6507 exist 16 2 00 B20 2 00 B20 2A1 7 USR NOT CFG no 8 USR NOT CFG no Topology STAR Current state MASTER Box Count 5 DES 6500 4 Step 4 Download the line card Runtime Code Version R1 20 B09 to the available line cards in the chassis DES 6500 4 download firmware_fromTFTP 10 48 74 121 c 6500rS_1 20...

Страница 306: ...a few minutes Please don t power off Success DES 6500 4 Step 6 Once the CPU and all line cards have been downgraded the user may verify that all downloads have been successfully completed by entering the show switch command and the show stack_information command DES 6500 4 show stack_information Command show stack_information Box Prio Prom Runtime H W ID Type Exist rity version version version 1 D...

Страница 307: ...uild 1 20 B09 Hardware Version 2A1 Device S N System Name DES 6500_ 3 System Location 7th_flr_east_cabinet System Contact Julius_Erving_212 555 6666 Spanning Tree Disabled GVRP Disabled IGMP Snooping Disabled 802 1X Disabled Jumbo Frame Off Clipaging Enabled Port Mirror Disabled SNTP Disabled Boot Relay Disabled DNSR Status Disabled VRRP Disabled DVMRP Disabled PIM DM Disabled RIP Disabled OSPF Di...

Страница 308: ...oducts for matching cable pin assignment The following diagrams and tables show the standard RJ 45 receptacle connector and their pin assignments Appendix 1 1 The standard RJ 45 port and connector RJ 45 Pin Assignments Contact MDI X Port MDI II Port 1 BI DB BI DA 2 BI DB BI DA 3 BI DA BI DB 4 BI DD BI DC 5 BI DD BI DC 6 BI DA BI DB 7 BI DC BI DD 8 BI DC BI DD Appendix 1 2 The standard RJ 45 pin as...

Страница 309: ...d Media Type Maximum Distance Mini GBIC 1000BASE LX Single mode fiber module 1000BASE SX Multi mode fiber module 1000BASE LHX Single mode fiber module 1000BASE ZX Single mode fiber module 10km 550m 40km 80km 1000BASE T Category 5e UTP Cable Category 5 UTP Cable 1000 Mbps 100m 100BASE TX Category 5 UTP Cable 100 Mbps 100m 10BASE T Category 3 UTP Cable 10 Mbps 100m 294 ...

Страница 310: ... higher level protocols are involved Bridges form a single logical network centralizing network administration broadcast A message sent to all destination devices on the network broadcast storm Multiple simultaneous broadcasts that typically absorb available network bandwidth and can cause network failure console port The port on the Switch accepting a terminal or modem connector It changes the pa...

Страница 311: ... Serial Line Internet Protocol A protocol which allows IP to run over a serial line connection SNMP Simple Network Management Protocol A protocol originally designed to be used in managing TCP IP internets SNMP is presently implemented on a wide range of computers and networking equipment and may be used to manage many aspects of network and end station operation Spanning Tree Protocol STP A bridg...

Страница 312: ...dware will be refunded by D Link upon return to D Link of the defective Hardware All Hardware or part thereof that is replaced by D Link or for which the purchase price is refunded shall become the property of D Link upon replacement or refund Limited Software Warranty D Link warrants that the software portion of the product Software will substantially conform to D Link s then current functional s...

Страница 313: ...ber has been altered tampered with defaced or removed Initial installation installation and removal of the product for repair and shipping costs Operational adjustments covered in the operating manual for the product and normal maintenance Damage that occurs in shipment due to act of God failures due to power surge and cosmetic damage and Any hardware software firmware or other products or service...

Страница 314: ... or used to make any derivative such as translation transformation or adaptation without permission from D Link Corporation D Link Systems Inc as stipulated by the United States Copyright Act of 1976 FCC Warning This equipment has been tested and found to comply with the limits for a Class A digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protect...

Страница 315: ...orming Software or defective media with software that substantially conforms to D Link s functional specifications for the Software or to refund the portion of the actual purchase price paid that is attributable to the Software Except as otherwise agreed by D Link in writing the replacement Software is provided only to the original licensee and is subject to the terms and conditions of the license...

Страница 316: ...ROFIT WORK STOPPAGE COMPUTER FAILURE OR MALFUNCTION FAILURE OF OTHER EQUIPMENT OR COMPUTER PROGRAMS TO WHICH D LINK S PRODUCT IS CONNECTED WITH LOSS OF INFORMATION OR DATA CONTAINED IN STORED ON OR INTEGRATED WITH ANY PRODUCT RETURNED TO D LINK FOR WARRANTY SERVICE RESULTING FROM THE USE OF THE PRODUCT RELATING TO WARRANTY SERVICE OR ARISING OUT OF ANY BREACH OF THIS LIMITED WARRANTY EVEN IF D LIN...

Страница 317: ...ited States please contact the corresponding local D Link office Product Registration Register your D Link product online at http support dlink com register Product registration is entirely voluntary and failure to complete or return this form will not diminish your warranty rights ...

Страница 318: ... or misuse including failure to operate the product in accordance with specifications or interface requirements c improper handling d failure of goods or services not obtained from D LINK or not subject to a then effective D LINK warranty or maintenance agreement e improper use or storage or f fire water acts of God or other catastrophic events This warranty shall also not apply to any particular ...

Страница 319: ...ehlerhafter Bedienung d Versagen von Produkten oder Diensten die nicht von D LINK stammen oder nicht Gegenstand einer zum maßgeblichen Zeitpunkt gültigen Garantie oder Wartungsvereinbarung sind e Fehlgebrauch oder fehlerhafter Lagerung oder f Feuer Wasser höherer Gewalt oder anderer Katastrophen Diese Garantie gilt ebenfalls nicht für Produkte bei denen eine D LINK Seriennummer entfernt oder auf s...

Страница 320: ...du produit non conforme à ses spécifications ou aux interfaces requises c d une mauvaise manipulation d d une panne de biens ou de services acquis auprès d une société tierce non D LINK ou qui ne font pas l objet d un contrat D LINK de garantie ou de maintenance en bonne et due forme e d une mauvaise utilisation ou d un rangement dans des conditions inadaptées ou f du feu de l eau d une catastroph...

Страница 321: ...los requisitos de la interfaz en el funcionamiento del producto c manejo incorrecto d errores en artículos o servicios ajenos a D LINK o no sujetos a una garantía o un contrato de mantenimiento vigentes de D LINK e uso o almacenamiento incorrecto o f fuego agua casos fortuitos u otros hechos catastróficos Esta garantía tampoco es válida para aquellos productos a los que se haya eliminado o alterad...

Страница 322: ... requisiti di connessione c movimentazione impropria d guasto di prodotti o servizi non forniti da D LINK o non soggetti a una garanzia successiva di D LINK o a un accordo di manutenzione e impiego o conservazione impropri f incendio inondazione cause di forza maggiore o altro evento catastrofico accidentale La presente garanzia non si applica altresì ad alcun prodotto particolare qualora il numer...

Страница 323: ...nday to Friday 8 00am to 8 00pm EST Saturday 9 00am to 1 00pm EST D Link Technical Support over the Internet http www dlink com au email support dlink com au Tech Support for customers within New Zealand D Link Technical Support over the Telephone 0800 900 900 Monday to Friday 8 30am to 8 30pm Saturday 9 00am to 5 00pm D Link Technical Support over the Internet http www dlink co nz email support d...

Страница 324: ...bsite Tech Support for customers within South Eastern Asia and Korea D Link South Eastern Asia and Korea Technical Support over the Telephone 65 6895 5355 Monday to Friday 9 00am to 12 30pm 2 00pm 6 00pm Singapore Time D Link Technical Support over the Internet email support dlink com sg ...

Страница 325: ... customers within India D Link Technical Support over the Telephone 91 22 26526741 91 22 26526696 ext 161 to 167 Monday to Friday 9 30AM to 7 00PM D Link Technical Support over the Internet http ww dlink co in http www dlink co in dlink drivers support asp ftp support dlink co in email techsupport dlink co in ...

Страница 326: ...he duration of the warranty period on this product Customers can contact D Link technical support through our web site or by phone Tech Support for customers within the Russia D Link Technical Support over the Telephone 495 744 00 99 Monday to Friday 10 00am to 6 30pm D Link Technical Support over the Internet http www dlink ru email support dlink ru ...

Страница 327: ... Link Technical Support over the Telephone 972 971 5701 Sunday to Thursday 9 00am to 5 00pm D Link Technical Support over the Internet http www dlink co il forum e mail support dlink co il Tech Support for customers within Turkey D Link Technical Support over the Telephone 0090 312 473 40 55 Monday to Friday 9 00am to 6 00pm D Link Technical Support over the Internet http www dlink com tr e mail t...

Страница 328: ...stomers within South Africa and Sub Sahara Region D Link South Africa and Sub Sahara Technical Support over the Telephone 27 12 665 2165 08600 DLINK For South Africa only Monday to Friday 8 30am to 9 00pm South Africa Time D Link Technical Support over the Internet http www d link co za email support d link co za ...

Страница 329: ...vador 800 6137 Monday to Friday 06 00am to 19 00pm Guatemala 1800 300 0017 Monday to Friday 06 00am to 19 00pm Panama 00 0800 052 54 65 Monday to Friday 07 00am to 20 00pm Peru 0800 00 968 Monday to Friday 07 00am to 20 00pm Venezuela 0800 100 5767 Monday to Friday 08 00am to 21 00pm D Link Technical Support over the Internet www dlinkla com www dlinklatinamerica com email support dlink cl Tech Su...

Страница 330: ...Link D Link предоставляет бесплатную поддержку для клиентов в течение гарантийного срока Клиенты могут обратиться в группу технической поддержки D Link по телефону или через Интернет Техническая поддержка D Link 495 744 00 99 Техническая поддержка через Интернет http www dlink ru email support dlink ru ...

Страница 331: ...o Help Desk Chile Teléfono 800 8 35465 Lunes a Viernes 08 00 am a 21 00 pm Soporte Técnico Help Desk Colombia Teléfono 01 800 952 54 65 Lunes a Viernes 07 00 am a 20 00 pm Soporte Técnico Help Desk Ecuador Teléfono 1800 035465 Lunes a Viernes 07 00 am a 20 00 pm Soporte Técnico Help Desk El Salvador Teléfono 800 6137 Lunes a Viernes 06 00 am a 19 00 pm Soporte Técnico Help Desk Guatemala Teléfono ...

Страница 332: ...kbrasil com br A D Link fornece suporte técnico gratuito para clientes no Brasil durante o período de vigência da garantia deste produto Suporte Técnico para clientes no Brasil Telefone São Paulo 11 2185 9301 Segunda à sexta Das 8h30 às 18h30 Demais Regiões do Brasil 0800 70 24 104 E mail email suporte dlinkbrasil com br ...

Страница 333: ......

Страница 334: ...support through our website or by phone Tech Support for customers within the United States D Link Technical Support over the Telephone 888 843 6100 Hours of Operation 8 00AM to 6 00PM PST D Link Technical Support over the Internet http support dlink com email support dlink com Tech Support for customers within Canada D Link Technical Support over the Telephone 800 361 5265 Monday to Friday 7 30am...

Страница 335: ... D Link UK Ireland Technical Support over the Telephone 08456 12 0003 United Kingdom 1890 886 899 Ireland Lines Open Monday to Friday 8 00 am to 10 00 pm GMT Sat Sun 10 00 am to 7 00 pm GMT D Link UK Ireland Technical Support over the Internet http www dlink co uk ftp ftp dlink co uk For Customers within Canada D Link Canada Technical Support over the Telephone 1 800 361 5265 Canada Monday to Frid...

Страница 336: ...upport dlink de Telefon 49 1805 2787 0 12 Min aus dem Festnetz der Deutschen Telekom Telefonische technische Unterstützung erhalten Sie Montags bis Freitags von 09 00 bis 17 30 Uhr Unterstützung erhalten Sie auch bei der Premiumhotline für D Link Produkte unter der Rufnummer 09001 475767 Montag bis Freitag von 6 22 Uhr und am Wochenende von 11 18 Uhr 1 75 Min aus dem Festnetz der Deutschen Telekom...

Страница 337: ...ort technique destiné aux clients établis en France Assistance technique D Link par téléphone 0 820 0803 03 Assistance technique D Link sur internet http www dlink fr e mail support dlink fr Support technique destiné aux clients établis au Canada Assistance technique D Link par téléphone 800 361 5265 Lun Ven 7h30 à 21h00 HNE Assistance technique D Link sur internet http support dlink ca e mail sup...

Страница 338: ...l periodo de garantía del producto Los clientes españoles pueden ponerse en contacto con la asistencia técnica de D Link a través de nuestro sitio web o por teléfono Asistencia Técnica de D Link por teléfono 34 902 30 45 45 de lunes a viernes desde las 9 00 hasta las14 00 y de las 15 00 hasta las 18 00 Asistencia Técnica de D Link a través de Internet http www dlink es support email soporte dlink ...

Страница 339: ...ito D Link Supporto tecnico per i clienti residenti in Italia D Link Mediterraneo S r L Via N Bonnet 6 B 20154 Milano Supporto Tecnico dal lunedì al venerdì dalle ore 9 00 alle ore 19 00 con orario continuato Telefono 02 39607160 URL http www dlink it supporto html Email tech dlink it ...

Страница 340: ...herlands D Link Technical Support over the Telephone 0900 501 2007 Monday to Friday 8 00 am to 10 00 pm D Link Technical Support over the Internet www dlink nl Tech Support for customers within Belgium D Link Technical Support over the Telephone 070 66 06 40 Monday to Friday 9 00 am to 10 00 pm D Link Technical Support over the Internet www dlink be Tech Support for customers within Luxemburg D Li...

Страница 341: ...ą pomoc techniczną klientom w Polsce w okresie gwarancyjnym produktu Klienci z Polski mogą się kontaktować z działem pomocy technicznej firmy D Link za pośrednictwem Internetu lub telefonicznie Telefoniczna pomoc techniczna firmy D Link 48 12 25 44 0000 Pomoc techniczna firmy D Link świadczona przez Internet URL http www dlink pl e mail dlink fixit pl ...

Страница 342: ...irmy D Link D Link poskytuje svým zákazníkům bezplatnou technickou podporu Zákazníci mohou kontaktovat oddělení technické podpory přes webové stránky mailem nebo telefonicky Web http www dlink cz support E Mail info dlink cz Telefon 224 247 503 Telefonická podpora je v provozu PO PÁ od 09 00 do 17 00 ...

Страница 343: ...t munkanapokon hétfőtől csütörtökig 9 00 16 00 óráig és pénteken 9 00 14 00 óráig kérhet a 1 461 3001 telefonszámon vagy a support dlink hu emailcímen Magyarországi technikai támogatás D Link Magyarország 1074 Budapest Alsóerdősor u 6 R70 Irodaház 1 em Tel 06 1 461 3001 Fax 06 1 461 3004 email support dlink hu URL http www dlink hu ...

Страница 344: ...sider D Link tilbyr sine kunder gratis teknisk support under produktets garantitid Kunder kan kontakte D Links teknisk support via våre hjemmesider eller på tlf Teknisk Support D Link Teknisk telefon Support 800 10 610 Hverdager 08 00 20 00 D Link Teknisk Support over Internett http www dlink no ...

Страница 345: ...yder gratis teknisk support til kunder i Danmark i hele produktets garantiperiode Danske kunder kan kontakte D Link s tekniske support via vores hjemmeside eller telefonisk D Link teknisk support over telefonen Tlf 7026 9040 Åbningstider kl 08 00 20 00 D Link teknisk support på Internettet http www dlink dk ...

Страница 346: ...a teknistä tukea asiakkailleen Tuotteen takuun voimassaoloajan Tekninen tuki palvelee seuraavasti Arkisin klo 9 21 numerosta 0800 114 677 Internetin kautta Ajurit ja lisätietoja tuotteista http www dlink fi Sähköpostin kautta voit myös tehdä kyselyitä ...

Страница 347: ... annan användarinformation D Link tillhandahåller teknisk support till kunder i Sverige under hela garantitiden för denna produkt Teknisk Support för kunder i Sverige D Link Teknisk Support via telefon 0770 33 00 35 Vardagar 08 00 20 00 D Link Teknisk Support via Internet http www dlink se ...

Страница 348: ... site de D Link Portugal http www dlink pt A D Link fornece suporte técnico gratuito para clientes no Portugal durante o período de vigência de garantia deste produto Suporte Técnico para clientes no Portugal Assistência Técnica Email soporte dlink es http www dlink pt support ftp ftp dlink es ...

Страница 349: ...δωρεάν υποστήριξη στον Ελλαδικό χώρο Μπορείτε να επικοινωνείτε µε το τµήµα τεχνικής υποστήριξης µέσω της ιστοσελίδας ή µέσω τηλεφώνου Για πελάτες εντός του Ελλαδικού χώρου Τηλεφωνική υποστήριξη D Link Τηλ 210 86 11 114 Φαξ 210 86 53 172 ευτέρα Παρασκευή 09 00 17 00 e mail support dlink gr Τεχνική υποστήριξη D Link µέσω Internet http www dlink gr ftp ftp dlink it ...

Страница 350: ......

Страница 351: ...22 583 92 75 FAX 48 0 22 583 92 76 URL www dlink pl Hungary R70 Irodaház 1 emelet Rákóczi út 70 72 Budapest H 1074 Magyarország TEL 36 0 1 461 30 00 FAX 36 0 1 461 30 09 URL www dlink hu Singapore 1 International Business Park 03 12 The Synergy Singapore 609917 TEL 65 6774 6233 FAX 65 6774 6322 URL www dlink intl com Australia 1 Giffnock Avenue North Ryde NSW 2113 Australia TEL 61 2 8899 1800 FAX ...

Страница 352: ...______________________________________________________________________ __________________________________________________________________________________________________________________ ______ __________________________________________________________________________________________________________________ ______ Answers to the following questions help us to support your product 1 Where and how wi...

Страница 353: ...9 Would you recommend your D Link product to a friend Yes No Don t know yet 10 Your comments on this product ...

Отзывы: