Edge-Core ES4528V-38 Скачать руководство пользователя страница 82 | Manualshive

Страница: 82 / 396

Edge-Core ES4528V-38 Скачать руководство пользователя страница 82

C

HAPTER

4

| Configuring the Switch

Configuring 802.1X Port Authentication

– 82 –

C

ONFIGURING

802.1X P

ORT

A

UTHENTICATION

Network switches can provide open and easy access to network resources

by simply attaching a client PC. Although this automatic configuration and

access is a desirable feature, it also allows unauthorized personnel to easily

intrude and possibly gain access to sensitive network data.

The IEEE 802.1X (dot1x) standard defines a port-based access control

procedure that prevents unauthorized access to a network by requiring

users to first submit credentials for authentication. Access to all switch

ports in a network can be centrally controlled from a server, which means

that authorized users can use the same credentials for authentication from

any point within the network.

This switch uses the Extensible Authentication Protocol over LANs (EAPOL)

to exchange authentication protocol messages with the client, and a

remote RADIUS authentication server to verify user identity and access

rights. When a client (i.e., Supplicant) connects to a switch port, the switch

(i.e., Authenticator) responds with an EAPOL identity request. The client

provides its identity (such as a user name) in an EAPOL response to the

switch, which it forwards to the RADIUS server. The RADIUS server verifies

the client identity and sends an access challenge back to the client. The

EAP packet from the RADIUS server contains not only the challenge, but

the authentication method to be used. The client can reject the

authentication method and request another, depending on the

configuration of the client software and the RADIUS server. The encryption

method used by IEEE 802.1X to pass authentication messages can be MD5

(Message-Digest 5), TLS (Transport Layer Security), PEAP (Protected

Extensible Authentication Protocol), or TTLS (Tunneled Transport Layer

Security). However, note that the only encryption method supported by

MAC-Based authentication is MD5. The client responds to the appropriate

method with its credentials, such as a password or certificate. The RADIUS

server verifies the client credentials and responds with an accept or reject

packet. If authentication is successful, the switch allows the client to

access the network. Otherwise, network access is denied and the port

remains blocked.

802.1x
client

RADIUS
server

1. Client attempts to access a switch port.
2. Switch sends client an identity request.
3. Client sends back identity information.
4. Switch forwards this to authentication server.
5. Authentication server challenges client.
6. Client responds with proper credentials.
7. Authentication server approves access.
8. Switch grants client access to this port.

«
...
80
81
82
83
84
...
»

Содержание ES4528V-38

Страница 1: ...Management Guide www edge core com 28 Port Gigabit Ethernet Switch...

Страница 2: ......

Страница 3: ...MANAGEMENT GUIDE ES4528V GIGABIT ETHERNET SWITCH Layer 2 Switch with 24 10 100 1000BASE T RJ 45 Ports and 4 Gigabit Combination Ports RJ 45 SFP ES4528V E072009 ST R01 149100000014A...

Страница 4: ......

Страница 5: ...your attention to related features or instructions CAUTION Alerts you to a potential hazard that could cause loss of data or damage the system or equipment WARNING Alerts you to a potential hazard th...

Страница 6: ...ABOUT THIS GUIDE 6...

Страница 7: ...28 Access Control Lists 29 Port Configuration 29 Rate Limiting 29 Port Mirroring 29 Port Trunking 29 Storm Control 29 Static Addresses 29 IEEE 802 1D Bridge 30 Store and Forward Switching 30 Spanning...

Страница 8: ...play 51 Main Menu 51 4 CONFIGURING THE SWITCH 55 Configuring System Information 55 Setting an IP Address 56 Setting an IPv4 Address 56 Setting an IPv6 Address 58 Setting the System Password 61 Filteri...

Страница 9: ...rol 116 Access Control Lists 118 Assigning ACL Policies and Responses 118 Configuring Rate Limiters 119 Configuring Access Control Lists 120 Configuring Port Mirroring 128 Simple Network Management Pr...

Страница 10: ...idge Status for STA 166 Displaying Port Status for STA 168 Displaying Port Statistics for STA 169 Displaying Port Security Information 170 Displaying Port Security Status 170 Displaying Port Security...

Страница 11: ...d Line Processing 200 CLI Command Groups 201 9 SYSTEM COMMANDS 203 system configuration 204 system reboot 204 system restore default 205 system contact 205 system name 205 system location 206 system p...

Страница 12: ...s 225 auth acct_radius 226 auth tacacs 228 auth client 229 auth statistics 230 12 PORT COMMANDS 233 port configuration 233 port state 235 port mode 235 port flow control 236 port maxframe 237 port pow...

Страница 13: ...p cost 259 rstp priority 261 rstp edge 261 rstp autoedge 262 rstp p2p 263 rstp status 263 rstp statistics 264 rstp mcheck 264 16 IEEE 802 1X COMMANDS 267 dot1x configuration 267 dot1x mode 269 dot1x s...

Страница 14: ...guration 287 lldp mode 288 lldp optional_tlv 288 lldp interval 289 lldp hold 290 lldp delay 290 lldp reinit 291 lldp info 291 lldp statistics 292 lldp cdp_aware 293 19 MAC COMMANDS 295 mac configurati...

Страница 15: ...onfiguration 312 qos default 312 qos tagprio 313 qos qcl port 313 qos qcl add 314 qos qcl delete 315 qos qcl lookup 316 qos mode 316 qos weight 317 qos rate limiter 317 qos shaper 318 qos storm unicas...

Страница 16: ...snmp trap community 340 snmp trap destination 341 snmp trap ipv6 destination 341 snmp trap authentication failure 341 snmp trap link up 342 snmp trap inform mode 342 snmp trap inform timeout 343 snmp...

Страница 17: ...mode 357 https redirect 358 28 SSH COMMANDS 361 ssh configuration 361 ssh mode 361 29 UPNP COMMANDS 363 upnp configuration 363 upnp mode 363 upnp ttl 364 upnp advertising duration 365 30 DHCP COMMANDS...

Страница 18: ...A SOFTWARE SPECIFICATIONS 377 Software Features 377 Management Features 378 Standards 379 Management Information Bases 379 B TROUBLESHOOTING 381 Problems Accessing the Management Interface 381 Using S...

Страница 19: ...on 87 Figure 15 HTTPS Configuration 89 Figure 16 SSH Configuration 90 Figure 17 IGMP Snooping Configuration 94 Figure 18 IGMP Snooping Port Group Filtering Configuration 95 Figure 19 LLDP Configuratio...

Страница 20: ...51 Figure 46 Port State Overview 151 Figure 47 Port Statistics Overview 152 Figure 48 Queuing Counters 153 Figure 49 Detailed Port Statistics 156 Figure 50 RADIUS Overview 158 Figure 51 RADIUS Details...

Страница 21: ...FIGURES 21 Figure 68 Factory Defaults 188 Figure 69 Software Upload 189 Figure 70 Register Product 189 Figure 71 Configuration Save 190 Figure 72 Configuration Upload 191...

Страница 22: ...FIGURES 22...

Страница 23: ...d Levels 131 Table 13 System Capabilities 177 Table 14 Keystroke Commands 200 Table 15 Command Group Index 201 Table 16 System Commands 203 Table 17 IP Commands 213 Table 18 Authentication Commands 22...

Страница 24: ...o Egress Queues 314 Table 37 ACL Commands 323 Table 38 Mirror Commands 331 Table 39 Configuration Commands 333 Table 40 SNMP Commands 335 Table 41 HTTPS Commands 357 Table 42 HTTPS System Support 358...

Страница 25: ...view of the switch and introduces some basic concepts about network switches It also describes the basic settings required to access the management interface This section includes these chapters Intro...

Страница 26: ...SECTION Getting Started 26...

Страница 27: ...n 82 relay information IP Source Guard Access Control Lists Supports up to 128 rules DHCP Client Supported DNS Proxy service Port Configuration Speed duplex mode flow control MTU response to excessive...

Страница 28: ...This switch authenticates management access via the console port Telnet or a web browser User names and passwords can be configured locally or can be verified via a remote authentication server i e RA...

Страница 29: ...incorporated in IEEE 802 3 2002 RATE LIMITING This feature controls the maximum rate for traffic transmitted or received on an interface Rate limiting is configured on interfaces at the edge of a net...

Страница 30: ...provides 0 75 MB for frame buffering This buffer can queue packets awaiting transmission on congested networks SPANNING TREE ALGORITHM The switch supports these spanning tree protocols Spanning Tree...

Страница 31: ...Use private VLANs to restrict traffic to pass only between data ports and the uplink ports thereby isolating adjacent ports within the same VLAN and allowing you to limit the total number of VLANs th...

Страница 32: ...r VLAN lists Using access lists allows you select traffic based on Layer 2 Layer 3 or Layer 4 information contained in each packet Based on network policies different kinds of traffic can be marked fo...

Страница 33: ...d Port Security Disabled IP Filtering Disabled Web Management HTTP Server Enabled HTTP Port Number 80 HTTP Secure Server Disabled HTTP Secure Server Redirect Disabled SNMP SNMP Agent Disabled Communit...

Страница 34: ...ht 1 2 4 8 Ethernet Type Disabled VLAN ID Disabled VLAN Priority Tag Disabled ToS Priority Disabled IP DSCP Priority Disabled TCP UDP Port Priority Disabled IP Settings Management VLAN Any VLAN config...

Страница 35: ...b agent allows you to configure switch parameters monitor port connections and display statistics using a standard web browser such as Internet Explorer 5 x or above Netscape 6 2 or above and Mozilla...

Страница 36: ...m information and statistics REQUIRED CONNECTIONS The switch provides an RS 232 serial port that enables a connection to a PC or terminal for monitoring and configuring the switch A null modem console...

Страница 37: ...default To manually configure this address or enable dynamic address assignment via DHCP see Setting an IP Address on page 38 If the switch does not receive a response from a DHCP server it will defa...

Страница 38: ...through the network This can be done in either of the following ways Manual You have to input the information including IP address and subnet mask If your management station is not in the same IP sub...

Страница 39: ...IP address a b c d default Show IP address ip_mask IP subnet mask a b c d default Show IP mask ip_router IP router a b c d default Show IP router vid VLAN ID 1 4095 default Show VLAN ID ip setup 192...

Страница 40: ...iption Set or show the IPv6 setup Syntax IP IPv6 Setup ipv6_addr ipv6_prefix ipv6_router vid ip ipv6 setup 2001 DB8 2222 7272 72 64 2001 DB8 2222 7272 254 1 ip ipv6 setup IPv6 AUTOCONFIG mode Disabled...

Страница 41: ...t address prefix received in router advertisement messages To dynamically generate an IPv6 host address for the switch type the following command and press Enter ip ipv6 autoconfig enable ip ipv6 auto...

Страница 42: ...ons to receive trap messages from the switch You therefore need to assign community strings to specified users and set the access level The default strings are public with read only access Authorized...

Страница 43: ...er For a more detailed description of these parameters and other SNMP commands see SNMP Commands on page 335 The following example creates a trap host for a version 1 SNMP client snmp trap version 1 s...

Страница 44: ...called r d snmp user add 800007e5017f000001 steve md5 greenearth des blueseas snmp group add usm steve r d snmp view add mib 2 included 1 3 6 1 2 1 snmp view add 802 1d included 1 3 6 1 2 1 17 snmp a...

Страница 45: ...executed after boot up also known as run time code This code runs the switch operations and provides the CLI and web management interfaces It can be uploaded from a TFTP server using the CLI or from a...

Страница 46: ...CHAPTER 2 Initial Switch Configuration Managing System Files 46...

Страница 47: ...detailed description of how to configure each feature via a web browser This section includes these chapters Using the Web Interface on page 49 Configuring the Switch on page 55 Monitoring the Switch...

Страница 48: ...SECTION Web Configuration 48...

Страница 49: ...tasks 1 Configured the switch with a valid IP address subnet mask and default gateway using an out of band serial connection or DHCP protocol See Setting an IP Address on page 38 2 Set the system pass...

Страница 50: ...image of the front panel on the right side The Main Menu links are used to navigate to other menus and display configuration parameters and statistics Figure 1 Home Page CONFIGURATION OPTIONS Configur...

Страница 51: ...screen right now Clicking on the image of a port opens the Detailed Statistics page as described on page 154 Figure 2 Front Panel Indicators MAIN MENU Using the onboard web agent you can define system...

Страница 52: ...VLAN attributes 103 Private VLANs PVLAN Membership Configures PVLAN groups 105 Port Isolation Prevents communications between designated ports within the same private VLAN 106 QoS 107 Ports Configure...

Страница 53: ...essage 150 Access Management Statistics Displays the number of packets used to manage the switch via HTTP HTTPS SNMP Telnet and SSH 150 Ports 151 State Displays a graphic image of the front panel indi...

Страница 54: ...crossing each port 178 DHCP Relay Statistics Displays server and client statistics for packets affected by the relay information policy 179 MAC Address Table Displays dynamic and static address entrie...

Страница 55: ...the System Information page System Contact Administrator responsible for the system Maximum length 255 characters System Name Name assigned to the switch system Maximum length 255 characters System Lo...

Страница 56: ...ough either of these address types You can manually configure a specific IPv4 or IPv6 address or direct the switch to obtain an IPv4 address from a DHCP server when it is powered on An IPv6 address ca...

Страница 57: ...192 168 2 10 IP Mask This mask identifies the host address bits used for routing to specific subnets Default 255 255 255 0 IP Router IP address of the gateway router between the switch and management...

Страница 58: ...ng the switch with an IPv4 address see Setting an IP Address on page 56 IPv6 includes two distinct address types link local unicast and global unicast A link local address makes the switch accessible...

Страница 59: ...rm of the interface identifier to automatically create the host portion of the address This option can be selected by enabling the Auto Configuration option You can also manually configure the global...

Страница 60: ...are members of VLAN 1 However the management station can be attached to a port belonging to any VLAN as long as that VLAN has been assigned an IP address Range 1 4095 Default 1 SNTP Server Sets the I...

Страница 61: ...he web interface 1 Click Configuration System Password 2 Enter the old password 3 Enter the new password 4 Enter the new password again to confirm your input 5 Click Save Figure 6 System Password FILT...

Страница 62: ...ket Layer SSL protocol to provide an encrypted connection SNMP Filters IP addresses for access through SNMP TELNET SSH Filters IP addresses for access through Telnet or through Secure Shell which prov...

Страница 63: ...00Mbps FDX Supports 100 Mbps full duplex operation 100Mbps HDX Supports 100 Mbps half duplex operation 10Mbps FDX Supports 10 Mbps full duplex operation 10Mbps HDX Supports 10 Mbps half duplex operati...

Страница 64: ...r Control Adjusts the power provided to ports based on the length of the cable used to connect to other devices Only sufficient power is used to maintain connection requirements IEEE 802 3 defines the...

Страница 65: ...each user that requires management access to the switch USAGE GUIDELINES The switch supports the following authentication services Authorization of users that access the Telnet SSH the web or console...

Страница 66: ...t Specifies how the administrator is authenticated when logging into the switch via Telnet SSH a web browser or the console interface Authentication Method Selects the authentication method Options No...

Страница 67: ...n messages Range 1 65535 Default 0 If the UDP port is set to 0 zero the switch will use 1812 for RADIUS authentication servers 1813 for RADIUS accounting servers or 49 for TACACS authentication server...

Страница 68: ...uthentication for management access in the web interface 1 Click Configuration Authentication 2 Configure the authentication method for management client types the common server timing parameters and...

Страница 69: ...e trunk fail one of the standby ports will automatically be activated to replace it USAGE GUIDELINES Besides balancing the load across each port in the trunk the other ports provide redundancy by taki...

Страница 70: ...runk However depending on the device to which a trunk is connected and the traffic flows in the network this load balance algorithm may result in traffic being distributed mostly on one port in a trun...

Страница 71: ...the switch is destined for many different hosts Do not use this mode for switch to server trunk links where the destination IP address is the same for all traffic One of the defaults TCP UDP Port Numb...

Страница 72: ...INTERFACE To configure a static trunk 1 Click Configuration Aggregation Static 2 Select one or more load balancing methods to apply to the configured trunks 3 Assign port members to each trunk that w...

Страница 73: ...by forced mode or auto negotiation Trunks dynamically established through LACP will be shown on the LACP System Status page page 163 and LACP Port Status page 163 pages under the Monitor menu Ports as...

Страница 74: ...o automatically send LACP negotiation packets once each second Use Passive initiation mode on a port to make it wait until it receives an LACP protocol packet from a partner before starting negotiatio...

Страница 75: ...CHAPTER 4 Configuring the Switch Creating Trunk Groups 75 Figure 11 LACP Port Configuration...

Страница 76: ...ce All ports connected to designated bridging devices are assigned as designated ports After determining the lowest cost spanning tree it enables all root ports and designated ports and disables all o...

Страница 77: ...te that references to ports in this section mean interfaces which includes both ports and trunks Minimum The higher of 6 or 2 x Hello Time 1 Maximum The lower of 40 or 2 x Forward Delay 1 Default 20 F...

Страница 78: ...P System Configuration CONFIGURING INTERFACE SETTINGS FOR STA Use the RSTP Port Configuration page to configure RSTP attributes for specific interfaces including path cost port priority edge port for...

Страница 79: ...less likely to be blocked if the Spanning Tree Protocol is detecting network loops Where more than one port is assigned the highest priority the port with lowest numeric identifier will be enabled Ra...

Страница 80: ...STA related timeout problems However remember that this feature should only be enabled for ports connected to an end node device Default Edge Auto Edge Controls whether automatic edge detection is ena...

Страница 81: ...Switch Configuring the Spanning Tree Algorithm 81 WEB INTERFACE To configure interface settings for RSTP 1 Click Configuration Spanning Tree Ports 2 Modify the required attributes 3 Click Save Figure...

Страница 82: ...which it forwards to the RADIUS server The RADIUS server verifies the client identity and sends an access challenge back to the client The EAP packet from the RADIUS server contains not only the chall...

Страница 83: ...ng 802 1X authentication the RADIUS server and 802 1X client must support EAP The switch only supports EAPOL in order to pass the EAP packets from the server to the client The RADIUS server and client...

Страница 84: ...period after which a connected client must be re authenticated Range 1 3600 seconds Default 3600 seconds EAP Timeout Sets the time the switch waits for a supplicant response during an authentication s...

Страница 85: ...1X Requires a dot1x aware client to be authorized by the authentication server Clients that are not dot1x aware will be denied access MAC Based Enables MAC based authentication on the port The switch...

Страница 86: ...to MAC Based Range 1 112 Default 112 The switch has a fixed pool of state machines from which all ports draw whenever a new client is seen on the port When a given port s maximum is reached counting...

Страница 87: ...the Switch Configuring 802 1X Port Authentication 87 WEB INTERFACE To configure 802 1X Port Security 1 Click Configuration Port Security 2 Modify the required attributes 3 Click Save Figure 14 Port S...

Страница 88: ...h a secure encrypted connection A padlock icon should appear in the status bar for Internet Explorer 5 x or above Netscape 6 2 or above and Mozilla Firefox 2 0 0 0 or above The following web browsers...

Страница 89: ...ta traveling over the network arrives unaltered USAGE GUIDELINES You need to install an SSH client on the management station to access the switch for management via the SSH protocol The switch support...

Страница 90: ...reduces the network overhead required by a multicast server the broadcast traffic must be carefully pruned at every multicast switch router it passes through to ensure that traffic is only passed on...

Страница 91: ...eed to forward multicast traffic Multicast routers use information from IGMP snooping and query reports along with a multicast routing protocol such as DVMRP or PIM to support IP multicasting across t...

Страница 92: ...precedence When IGMP snooping is disabled globally snooping can still be configured per VLAN interface but the interface settings will not take effect until snooping is re enabled globally IGMP Queri...

Страница 93: ...the query within the specified timeout period If Fast Leave is enabled the switch assumes that only one host is connected to the interface Therefore Fast Leave should only be enabled on an interface i...

Страница 94: ...ing the Switch IGMP Snooping 94 WEB INTERFACE To configure IGMP Snooping 1 Click Configuration IGMP Snooping Basic Configuration 2 Adjust the IGMP settings as required 3 Click Save Figure 17 IGMP Snoo...

Страница 95: ...ltering Configuration page Port Port identifier Range 1 28 Filtering Groups Multicast groups that are denied on a port When filter groups are defined IGMP join reports received on a port are checked a...

Страница 96: ...sion Delay Tx Hold Configures the time to live TTL value sent in LLDP advertisements as shown in the formula below Range 2 10 Default 3 The time to live tells the receiving LLDP agent how long to reta...

Страница 97: ...es are shown as others in the LLDP neighbors table If all ports have CDP awareness disabled the switch forwards CDP frames received from neighbor devices If at least one port has CDP awareness enabled...

Страница 98: ...with this address The interface number and OID are included to assist SNMP applications in the performance of network discovery by indicating enterprise specific or other starting points for the sear...

Страница 99: ...esses learned by monitoring traffic are stored in the dynamic address table You can also manually configure static addresses that are bound to a specific port PARAMETERS The following parameters are d...

Страница 100: ...ed by using another non secure port or by connecting to the switch via the serial interface NOTE If the learning mode for a given port in the MAC Learning Table is grayed out another software module i...

Страница 101: ...Click Save Figure 20 MAC Address Table Configuration IEEE 802 1Q VLANS In large networks routers are used to isolate broadcast traffic for each subnet into separate domains This switch provides a simi...

Страница 102: ...evices Priority tagging Assigning Ports to VLANs Before enabling VLANs for the switch you must first assign each port to the VLAN group s in which it will participate By default all ports are assigned...

Страница 103: ...cluding whether or not the ports are VLAN aware enabling ingress filtering accepting Queue in Queue frames with embedded tags setting the accepted frame types and configuring the default VLAN identifi...

Страница 104: ...cific Specific If the port is VLAN aware untagged frames received on the port are assigned to the default PVID and tagged frames are processed using the frame s VLAN ID If the port is not VLAN aware a...

Страница 105: ...not communicate with any other ports on the switch except for the uplink ports Ports assigned to both a private VLAN and an 802 1Q VLAN are designated as uplink ports and can communicate with any dow...

Страница 106: ...rs of PVLAN 1 require access Port Port identifier WEB INTERFACE To configure VLAN port members for private VLANs 1 Click Configuration Private VLANs PVLAN Membership 2 Add or delete members of any exi...

Страница 107: ...ffic classes The manner in which an individual device handles traffic is called per hop behavior All devices along a path should be configured in a consistent manner to construct a consistent end to e...

Страница 108: ...h untagged and tagged frames This priority does not apply to IEEE 802 1Q VLAN tagged frames If the incoming frame is an IEEE 802 1Q VLAN tagged frame the IEEE 802 1p User Priority bits will be used In...

Страница 109: ...gure 25 Port QoS Configuration CONFIGURING DSCP REMARKING The Differentiated Services Code Point should be set at network boundaries or by trusted hosts within those boundaries to ensure a consistent...

Страница 110: ...gs to this service aggregate Such packets may be sent into a network without adhering to any particular rules and the network will deliver as many of these packets as possible and as soon as possible...

Страница 111: ...st of up to 24 entries and can be mapped to a specific port using the Port QoS Configuration menu page 108 Once a QCL is mapped to a port traffic matching the first entry in the QCL is assigned to the...

Страница 112: ...ackets Range 600 ffff hex Default ffff A detailed listing of Ethernet protocol types can be found in RFC 1060 A few of the more common types include 0800 IP 0806 ARP 8137 IPX VLAN ID VLAN ID Range 1 4...

Страница 113: ...iguration QoS Control Lists 2 Click the button to add a new QCL or use the other QCL modification buttons to specify the editing action i e edit delete or moving the relative position of entry in the...

Страница 114: ...he customer service package by limiting traffic into or out of the switch Packets that exceed the acceptable amount of traffic are dropped while conforming traffic is forwarded without any changes PAR...

Страница 115: ...f measure for the port shaper Options kbps Mbps Default kbps WEB INTERFACE To configure Rate Limits 1 Click Configuration QoS Rate Limiters 2 To set an rate limit on ingress traffic check Policer Enab...

Страница 116: ...xceeding the specified threshold will then be dropped Note that the limit specified on this page applies to each port PARAMETERS The following parameters are displayed on the Storm Control Configurati...

Страница 117: ...Enable storm control for unknown unicast broadcast or multicast traffic by marking the Status box next to the required frame type 3 Select the control rate as a function of 2n pps i e a value with no...

Страница 118: ...o which matching frames are copied enable logging or shut down a port when a matching frame is seen Note that rate limiting configured with the Rate Limiter menu page 119 is implemented regardless of...

Страница 119: ...Click Save Figure 30 ACL Port Configuration CONFIGURING RATE LIMITERS The ACL Rate Limiter Configuration page is used to define the rate limits applied to a port as configured either through the ACL...

Страница 120: ...ess Control List Configuration page is used to define filtering rules for an ACL policy for a specific port or for all ports Rules applied to a port take effect immediately while those defined for a p...

Страница 121: ...P option flag source destination IP VLAN ID VLAN priority PARAMETERS The following options are displayed on the Access Control List Configuration page ACCESS CONTROL LIST CONFIGURATION Ingress Port An...

Страница 122: ...st UC unicast Default Any Ethernet MAC Parameters SMAC Filter The type of source MAC address Options Any MC multicast BC broadcast UC unicast Specific user defined Default Any DMAC Filter The type of...

Страница 123: ...or RARP Reply opcode flag Default Any Sender IP Filter Specifies the sender s IP address Options Any no sender IP filter is specified Host specifies the sender IP address in the SIP Address field Netw...

Страница 124: ...hether frames can be matched according to their ARP RARP protocol address space PRO settings Options Any any value is allowed 0 ARP RARP frames where the PRO is equal to IP 0x800 must not match this e...

Страница 125: ...for this rule Options Any any value is allowed 0 TCP frames where the RST field is set must not match this entry 1 TCP frames where the RST field is set must match this entry Default Any TCP PSH Spec...

Страница 126: ...dress and SIP Mask fields Default Any DIP Filter Specifies the destination IP filter for this rule Options Any no destination IP filter is specified Host specifies the destination IP address in the DI...

Страница 127: ...ick the button to add a new ACL or use the other ACL modification buttons to specify the editing action i e edit delete or moving the relative position of entry in the list 3 When editing an entry on...

Страница 128: ...tely unobtrusive manner PARAMETERS The following parameters are displayed on the Mirror Configuration page Port to mirror to The destination port that will mirror the traffic from the source port All...

Страница 129: ...INTERFACE To configure port mirroring 1 Click Configuration Mirroring Then click Next 2 Select the destination port to which all mirrored traffic will be sent 3 Set the mirror mode on any of the sourc...

Страница 130: ...ns 1 2c and 3 This agent continuously monitors the status of the switch hardware as well as the traffic passing through its ports A network management station can access this information using softwar...

Страница 131: ...NMPv1 and SNMPv2c SNMPv3 uses the User based Security Model USM for authentication and privacy This Table 12 SNMP Security Models and Levels Model Level Community String Group Read View Write View Sec...

Страница 132: ...D is deleted or changed all local SNMP users will be cleared You will need to reconfigure all existing users SNMP Trap Configuration Trap Mode Enables or disables SNMP traps Default Disabled You shoul...

Страница 133: ...ult 1 second Trap Inform Retry Times The maximum number of times to resend an inform message if the recipient does not acknowledge receipt Range 0 255 Default 5 Trap Probe Security Engine ID SNMPv3 Sp...

Страница 134: ...access strings if required and set the engine ID if SNMP version 3 is used 3 In the SNMP Trap Configuration table enable the Trap Mode to allow the switch to send SNMP traps Specify the trap version...

Страница 135: ...CHAPTER 4 Configuring the Switch Simple Network Management Protocol 135 Figure 34 SNMP System Configuration...

Страница 136: ...ate For SNMPv3 these strings are treated as a Security Name and are mapped as an SNMPv1 or SNMPv2 community string in the SNMPv3 Groups Configuration table see Configuring SNMPv3 Groups on page 138 So...

Страница 137: ...digest for authenticating and encrypting packets sent to a user on the remote host SNMP passwords are localized using the engine ID of the authoritative agent For informs the authoritative SNMP agent...

Страница 138: ...SNMPv3 Access Configuration page page 141 You can use the pre defined default groups or create a new group and the views authorized for that group PARAMETERS The following parameters are displayed on...

Страница 139: ...new group 3 Select a security model 4 Select the security name For SNMP v1 and v2c the security names displayed are based on the those configured in the SNMPv3 Communities menu For USM the security n...

Страница 140: ...dentifier of a branch within the MIB tree is included or excluded from the SNMP view Generally if the view type of an entry is excluded another entry of view type included should exist and its OID sub...

Страница 141: ...characters ASCII characters 33 126 only Security Model The user security model Options any v1 v2c or the User based Security Model usm Default any Security Level The security level assigned to the gro...

Страница 142: ...vice to broadcast its services to control points on the network Similarly when a control point is added to the network the UPnP discovery protocol allows that control point to search for UPnP enabled...

Страница 143: ...rface Or right click on the entry and select Properties to display a list of device attributes advertised through UPnP PARAMETERS The following parameters are displayed on the UPnP Configuration page...

Страница 144: ...the DHCP request it allocates a free IP address for the DHCP client from its defined scope for the DHCP client s subnet and sends a DHCP response back to the switch The switch then broadcasts the DHC...

Страница 145: ...ault Disabled Relay Server IP address of DHCP server to be used by the switch s DHCP relay agent Relay Information Mode Enables or disables the DHCP Relay Option 82 support Note that Relay Mode must a...

Страница 146: ...RFACE To configure DHCP Relay 1 Click Configuration DHCP Relay 2 Enable the DHCP relay function specify the DHCP server s IP address enable Option 82 information mode and set the policy by which to ha...

Страница 147: ...act information PARAMETERS These parameters are displayed on the System Information page System To configure the following items see Configuring System Information on page 55 Contact Administrator res...

Страница 148: ...m Log Information page to scroll through the logged system and event messages PARAMETERS These parameters are displayed on the System Log Information page Display Filter Level Specifies the type of lo...

Страница 149: ...splay per page 3 Use Auto refresh to automatically refresh the page at regular intervals Refresh to update system log entries starting from the current entry ID or Clear to flush all system log entrie...

Страница 150: ...SPLAYING ACCESS MANAGEMENT STATISTICS Use the Access Management Statistics page to view statistics on traffic used in managing the switch USAGE GUIDELINES Statistics will only be displayed on this pag...

Страница 151: ...ON ABOUT PORTS You can use the Monitor Port menu to display a graphic image of the front panel which indicates the connection status of each port basic statistics on the traffic crossing each port the...

Страница 152: ...smit The number of packets received and transmitted Bytes Receive Transmit The number of bytes received and transmitted Errors Receive Transmit The number of frames received with errors and the number...

Страница 153: ...f packets received and transmitted through the low priority queue Normal Queue Receive Transmit The number of packets received and transmitted through the normal priority queue Medium Queue Receive Tr...

Страница 154: ...er of received and transmitted broadcast packets good and bad Pause A count of the MAC Control frames received or transmitted on this port that have an opcode indicating a PAUSE operation Receive Tran...

Страница 155: ...bber The total number of frames received that were longer than the configured maximum frame length for this port excluding framing bits but including FCS octets and had either an FCS or alignment erro...

Страница 156: ...CHAPTER 5 Monitoring the Switch Displaying Information About Ports 156 WEB INTERFACE To display the detailed port statistics click Monitor Ports Detailed Statistics Figure 49 Detailed Port Statistics...

Страница 157: ...on the RADIUS Overview page IP Address The IP address and UDP port number of this server Status The current state of the server This field takes one of the following values Disabled The server is dis...

Страница 158: ...S These parameters are displayed on the RADIUS Details page RADIUS Authentication Statistics Receive Packets Access Accepts The number of RADIUS Access Accept packets valid or invalid received from th...

Страница 159: ...a response This variable is incremented when an Access Request is sent and decremented due to receipt of an Access Accept Access Reject Access Challenge timeout or retransmission Timeouts The number...

Страница 160: ...of RADIUS packets of unknown types that were received from the server on the accounting port Packets Dropped The number of RADIUS packets that were received from the server on the accounting port and...

Страница 161: ...reply within the configured timeout The server has temporarily been disabled but will get re enabled when the dead time expires The number of seconds left before this occurs is displayed in parenthes...

Страница 162: ...the Switch Displaying Information on Authentication Servers 162 WEB INTERFACE To display statistics for configured authentication and accounting servers click Monitor Authentication RADIUS Details Fig...

Страница 163: ...iated with this Link Aggregation Group LAG Partner System ID LAG partner s system ID MAC address Partner Key The Key that the partner has assigned to this LAG Last Changed The time since this LAG chan...

Страница 164: ...Current operational value of the key for the aggregation port Note that only ports with the same key can aggregate together Aggr ID The Aggregation ID assigned to this LAG Partner System ID LAG partne...

Страница 165: ...ers are displayed on the LACP Port Statistics page Port Port Identifier LACP Transmitted The number of LACP frames sent from each port LACP Received The number of LACP frames received at each port Dis...

Страница 166: ...closest to the root This switch communicates with the root device through this port If there is no root port then this switch has been accepted as the root device of the Spanning Tree network Root Co...

Страница 167: ...nd continues learning addresses Path Cost The contribution of this port to the path cost of paths towards the spanning tree root which include this port This will either be a value computed from the A...

Страница 168: ...Port Port Identifier Role Roles are assigned according to whether the port is part of the active topology connecting the bridge to the root bridge i e root port connecting a LAN through the bridge to...

Страница 169: ...STATISTICS FOR STA Use the Port Statistics page to display statistics on spanning tree protocol packets crossing each port PARAMETERS These parameters are displayed on the RSTP Port Statistics page P...

Страница 170: ...r State The current state of the port Disabled 802 1X and MAC based authentication are globally disabled Link Down 802 1X or MAC based authentication is enabled but there is no link on the port Author...

Страница 171: ...r Port Security Status Figure 58 Port Security Status DISPLAYING PORT SECURITY STATISTICS Use the Port Security Statistics page to display IEEE 802 1X statistics and protocol information for each port...

Страница 172: ...uthorized unauthorized clients below the two counter tables There are slight differences in the interpretation of the counters between port and MAC based authentication as shown below Access Challenge...

Страница 173: ...ssible retransmissions are not counted Last Supplicant Info Version For port based authentication this field indicates the protocol version number carried in the most recently received EAPOL frame For...

Страница 174: ...ing the Switch Displaying Port Security Information 174 WEB INTERFACE To display IEEE 802 1X statistics and protocol information for each port click Monitor Port Security Statistics Figure 59 Port Sec...

Страница 175: ...o receive multicast traffic Querier Transmit The number of transmitted Querier messages Querier Receive The number of received Querier messages V1 Reports Receive The number of received IGMP Version 1...

Страница 176: ...splay information advertised by LLDP neighbors and statistics on LLDP control frames DISPLAYING LLDP NEIGHBOR INFORMATION Use the LLDP Neighbor Information page to display information about devices co...

Страница 177: ...y function s of the system as shown in the following table When a capability is enabled the capability is followed by If the capability is disabled the capability is followed by Management Address The...

Страница 178: ...The number of times which the remote database on this switch dropped an LLDPDU because the entry table was full Total Neighbors Entries Aged Out The number of times that a neighbor s information has...

Страница 179: ...ontrol frames click Monitor LLDP Port Statistics Figure 62 LLDP Port Statistics DISPLAYING DHCP RELAY STATISTICS Use the DHCP Relay Statistics page to display statistics for the DHCP relay service sup...

Страница 180: ...ith a Remote ID option that did not match a known remote ID Client Statistics Transmit to Client The number of packets that were relayed from the server to a client Transmit Error The number of packet...

Страница 181: ...ers are displayed on the MAC Address Table Start from VLAN and MAC address with entries per page These input fields allow you to select the starting point in the table Type Indicates whether the entry...

Страница 182: ...CHAPTER 5 Monitoring the Switch Displaying the MAC Address Table 182 WEB INTERFACE To display the address table click Monitor MAC Address Table Figure 64 MAC Address Table...

Страница 183: ...ods An IPv6 address consists of 8 colon separated 16 bit hexadecimal values One double colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined field...

Страница 184: ...agnostics can be performed on all ports or on a specific port Cable Status Shows the cable length operating conditions and isolates a variety of common faults that can occur on Category 5 twisted pair...

Страница 185: ...in the cable status table Note that VeriPHY is only accurate for cables 7 140 meters long Ports will be linked down while running VeriPHY Therefore running VeriPHY on a management port will cause the...

Страница 186: ...CHAPTER 6 Performing Basic Diagnostics Running Cable Diagnostics 186...

Страница 187: ...tware restoring or saving configuration settings and resetting the switch RESETTING THE SWITCH Use the Reset Device page to restart the switch WEB INTERFACE To restart the switch 1 Click Maintenance R...

Страница 188: ...lick Yes The factory defaults are immediately restored which means that no reboot is necessary Figure 68 Factory Defaults UPGRADING FIRMWARE Use the Software Upload page to upgrade the switch s system...

Страница 189: ...ogress Do not reset or power off the device at this time or the switch may fail to function afterwards Figure 69 Software Upload REGISTERING THE PRODUCT Use the Register Product page to register your...

Страница 190: ...of the file under which to save the current configuration settings The configuration file is in XML format The configuration parameters are represented as attribute values When saving the configuratio...

Страница 191: ...CHAPTER 7 Performing System Maintenance Managing Configuration Files 191 Figure 72 Configuration Upload...

Страница 192: ...CHAPTER 7 Performing System Maintenance Managing Configuration Files 192...

Страница 193: ...on page 203 IP Commands on page 213 Authentication Commands on page 223 Port Commands on page 233 Link Aggregation Commands on page 243 LACP Commands on page 249 RSTP Commands on page 255 IEEE 802 1X...

Страница 194: ...SECTION Command Line Interface 194 SNMP Commands on page 335 HTTPS Commands on page 357 SSH Commands on page 361 UPnP Commands on page 363 DHCP Commands on page 367 Firmware Commands on page 371...

Страница 195: ...CONNECTION To access the switch through the console port perform these steps 1 At the console prompt enter the user name and password The default user name is admin with no password When the administ...

Страница 196: ...tch and set the default gateway if you are managing the switch from a different IP subnet For example ip setup 192 168 0 10 255 255 255 0 192 168 0 1 1 If your corporate network is connected to anothe...

Страница 197: ...command is a series of keywords and arguments Keywords identify a command and arguments specify configuration parameters Commands are organized into functional groups You can enter the full command fr...

Страница 198: ...play a list of valid keywords for a specific command For example the command system displays a list of possible system commands help General Commands Help Get help on a group or a specific command Up...

Страница 199: ...tem Access Add access_id start_ip_addr end_ip_addr web snmp telnet System Access Ipv6 Add access_id start_ipv6_addr end_ipv6_addr web snmp telnet System Access Delete access_id System Access Lookup ac...

Страница 200: ...ameters as long as they contain enough letters to differentiate them from any other currently available commands or parameters You can use the Tab key to complete partial commands or enter a partial c...

Страница 201: ...GMP Configures IGMP snooping query throttling and filtering 277 LLDP Configures Link Layer Discovery Protocol 287 MAC Configures the MAC address table including learning mode aging time and setting st...

Страница 202: ...Upgrades firmware via a TFTP server 371 Debug Displays debugging information for all key functions These commands are not described in this manual Please refer to the prompt messages included in the...

Страница 203: ...witch system system location Displays or sets the system location system password Displays or sets the administrator password system timezone Displays or sets the time zone for the switch s internal c...

Страница 204: ...XAMPLE System configuration System Contact System Name System Location System Password Timezone Offset 0 MAC Address 00 01 c1 00 00 e1 System Time 1970 01 01 03 39 06 0000 System Uptime 03 39 06 Softw...

Страница 205: ...ple shows how to restore all factory defaults System restore default System system contact This command displays or sets the system contact SYNTAX system contact contact contact String that describes...

Страница 206: ...aces are permitted as part of the location string EXAMPLE System location WC5 System system password This command displays or sets the administrator password SYNTAX system password password clear pass...

Страница 207: ...sed on the earth s prime meridian zero degrees longitude To display a time corresponding to your local time you must indicate the number of minutes your time zone is east before or west after of UTC E...

Страница 208: ...6 0000 Frame of 243 bytes received on port 1 597 Info 1970 01 01 02 23 56 0000 Frame of 243 bytes received on port 0 System system access configuration This command displays the access mode and the nu...

Страница 209: ...IP address es to the SNMP group telnet Adds IP address es to the Telnet group DEFAULT SETTING None COMMAND USAGE To set a single address for a entry enter the same address for both the start and end...

Страница 210: ...ss must be formatted according to RFC 2373 IPv6 Addressing Architecture using 8 colon separated 16 bit hexadecimal values One double colon may be used to indicate the appropriate number of zeros requi...

Страница 211: ...tem access lookup access id access id Entry index Range 1 16 EXAMPLE System Access lookup 1 Idx Start IP Address End IP Address WEB SNMP TELNET 1 192 168 1 0 192 168 2 0 Yes NO NO System Access system...

Страница 212: ...E System Access statistics Access Management Statistics HTTP Receive 3 Allow 0 Discard 0 HTTPS Receive 0 Allow 0 Discard 0 SNMP Receive 0 Allow 0 Discard 0 TELNET Receive 0 Allow 0 Discard 0 SSH Recei...

Страница 213: ...ets the DHCP client mode ip setup Displays or sets the switch s IPv4 address and gateway for the specified VLAN ip ping Sends ICMP echo request packets to another node on the network ip dns Displays o...

Страница 214: ...ither of these address types You can manually configure a specific IPv4 or IPv6 address or direct the switch to obtain an IPv4 address from a DHCP server when it is powered on The IPv4 address for the...

Страница 215: ...efault gateway vlan id VLAN to which the management address is assigned Range 1 4095 DEFAULT SETTING IP Address 192 168 2 10 Network Mask 255 255 255 0 Gateway none VLAN 1 COMMAND USAGE NOTE Only one...

Страница 216: ...192 168 0 9 IP Mask 255 255 255 0 IP Router 192 168 0 1 DNS Server 0 0 0 0 VLAN ID 1 IP ip ping This command sends ICMP echo request packets to another node on the network SYNTAX ip ping ip addr packe...

Страница 217: ...es from 192 168 2 19 icmp_seq 2 time 0ms 60 bytes from 192 168 2 19 icmp_seq 3 time 0ms 60 bytes from 192 168 2 19 icmp_seq 4 time 0ms Sent 5 packets received 5 OK 0 bad IP ip dns This command display...

Страница 218: ...the IP address for a time server SYNTAX ip sntp ip addr ip addr IP address or IP alias of a time server NTP or SNTP An IPv4 address consists of 4 numbers 0 to 255 separated by periods DEFAULT SETTING...

Страница 219: ...s or sets the switch s IPv6 address and gateway for the specified VLAN SYNTAX ip ipv6 setup ipv6 addr ipv6 prefix ipv6 gateway vlan id ipv6 addr The full IPv6 address of the switch including the netwo...

Страница 220: ...e gateway has been configured on the switch EXAMPLE This example specifies the IPv6 address the prefix length the IPv6 gateway and the VLAN to which the address is assigned IP IPv6 setup 2001 DB8 2222...

Страница 221: ...nation unreachable The gateway for this destination indicates that the destination is unreachable Network or host unreachable The gateway found no corresponding entry in the route table EXAMPLE IP IPv...

Страница 222: ...APTER 10 IP Commands 222 COMMAND USAGE The switch attempts to periodically update the time from the specified server The polling interval is fixed at 15 minutes EXAMPLE IP IPv6 sntp 129 6 15 28 IP IPv...

Страница 223: ...18 Authentication Commands Command Function auth configuration Displays settings for authentication servers and the authentication methods used for each access protocol auth timeout Displays or sets...

Страница 224: ...isabled 49 Client Configuration Client Authentication Method Local Authentication Fallback console local Disabled telnet local Disabled ssh local Disabled web local Disabled Auth auth timeout This com...

Страница 225: ...YNTAX auth radius server index enable disable ip addr secret server port server index Allows you to specify up to five servers These servers are queried in sequence until a server responds or the retr...

Страница 226: ...5 Message Digest 5 TLS Transport Layer Security or TTLS Tunneled Transport Layer Security NOTE This guide assumes that RADIUS servers have already been configured to support AAA The configuration of R...

Страница 227: ...ecret Quotes in the secret are not allowed DEFAULT SETTING Accounting Disabled Server Port 1813 COMMAND USAGE The switch supports the following accounting services Accounting for users that access the...

Страница 228: ...et are not allowed DEFAULT SETTING Authentication Disabled Server Port 49 COMMAND USAGE By default management access is always checked against the authentication database stored on the local switch If...

Страница 229: ...ssh Settings for SSH web Settings for HTTP or HTTPS none Disables access for the specified management protocol local Authenticates through the local database radius Authenticates through RADIUS tacac...

Страница 230: ...Authentication Statistics Rx Access Accepts 0 Tx Access Requests 0 Rx Access Rejects 0 Tx Access Retransmissions 0 Rx Access Challenges 0 Tx Pending Requests 0 Rx Malformed Acc Responses 0 Tx Timeout...

Страница 231: ...d 0 State Disabled Round Trip Time 0 ms Server 4 0 0 0 0 1812 RADIUS Authentication Statistics Rx Access Accepts 0 Tx Access Requests 0 Rx Access Rejects 0 Tx Access Retransmissions 0 Rx Access Challe...

Страница 232: ...CHAPTER 11 Authentication Commands 232 Rx Bad Authenticators 0 Tx Pending Requests 0 Rx Unknown Types 0 Tx Timeouts 0 Rx Packets Dropped 0 State Disabled Round Trip Time 0 ms Auth...

Страница 233: ...t state Displays or sets administrative state to enabled or disabled port mode Displays or sets port speed and duplex mode port flow control Displays or sets flow control mode port maxframe Displays o...

Страница 234: ...00 Disabled Discard Down 16 Enabled Auto Disabled 9600 Disabled Discard Down 17 Enabled Auto Disabled 9600 Disabled Discard Down 18 Enabled Auto Disabled 9600 Disabled Discard Down 19 Enabled Auto Dis...

Страница 235: ...o disable a port for security reasons EXAMPLE Port state 5 disable Port port mode This command displays or sets port speed and duplex mode of a port SYNTAX port mode port list 10hdx 10fdx 100hdx 100fd...

Страница 236: ...COMMAND USAGE Flow control can eliminate frame loss by blocking traffic from end stations or segments connected directly to the switch when its buffers fill When enabled back pressure is used for hal...

Страница 237: ...Port port power This command displays or sets the power provided to ports based on the length of the cable used to connect to other devices Only sufficient power is used to maintain connection require...

Страница 238: ...enable Port power 5 Port Power Usage 5 Enabled 41 Port port excessive This command displays or sets the response to take when excessive transmit collisions are detected on a port SYNTAX port excessiv...

Страница 239: ...packets received and transmitted through the low priority queue normal The number of packets received and transmitted through the normal priority queue medium The number of packets received and transm...

Страница 240: ...e approximately 5 seconds If all ports are selected it can run approximately 15 seconds When completed the page refreshes automatically and you can view the cable diagnostics results in the cable stat...

Страница 241: ...Open 2 2 OK 14 OK 14 Abnormal 3 Abnormal 3 3 Open 0 Open 0 Short 0 Short 0 4 Open 0 Open 0 Open 0 Open 0 5 Open 0 Open 0 Open 0 Open 0 6 Open 0 Open 0 Open 0 Open 0 7 Open 0 Open 0 Open 0 Open 0 8 Op...

Страница 242: ...CHAPTER 12 Port Commands 242...

Страница 243: ...nk via the configuration interface Besides balancing the load across each port in the trunk the other ports provide redundancy by taking over the load if a port in the trunk fails However before makin...

Страница 244: ...it ports on the front panel can be trunked together including ports of different media types All the ports in a trunk have to be treated as a whole when moved from to added or deleted from a VLAN STP...

Страница 245: ...eating a loop in the network be sure you add a static trunk via the configuration interface before connecting the ports EXAMPLE Aggr add 4 8 1 Aggr configuration Aggregation Mode SMAC Enabled DMAC Dis...

Страница 246: ...many different hosts dmac Destination MAC Address All traffic with the same destination MAC address is output on the same link in a trunk This mode works best for switch to switch trunk links where t...

Страница 247: ...each conversation are mapped to the same trunk link To achieve this requirement and to distribute a balanced load across all links in a trunk the switch uses a hash algorithm to calculate an output li...

Страница 248: ...CHAPTER 13 Link Aggregation Commands 248...

Страница 249: ...in standby mode Should one link in the trunk fail one of the standby ports will automatically be activated to replace it Besides balancing the load across each port in the trunk the other ports provid...

Страница 250: ...e made for the entire trunk If the target switch has also enabled LACP on the connected ports the trunk will be activated automatically A trunk formed with another switch using LACP will automatically...

Страница 251: ...sabled Auto Active 4 Enabled Auto Active 5 Enabled Auto Active 6 Enabled Auto Active 7 Enabled Auto Active 8 Disabled Auto Active 9 Disabled Auto Active 10 Disabled Auto Active LACP lacp mode This com...

Страница 252: ...y The key must be set to the same value for ports that belong to the same LAG Range 0 65535 or auto DEFAULT SETTING auto A trunk formed with another switch using LACP will automatically be assigned th...

Страница 253: ...em ID Partner Key Last Changed Ports 1 00 30 fc 12 34 56 3 01 34 46 4 5 Port Mode Key Aggr ID Partner System ID Partner Port 1 Disabled 2 2 Disabled 2 3 Disabled 1 4 Enabled 2 1 00 30 fc 12 34 56 2 5...

Страница 254: ...ple shows the number of LACP frames received and transmitted as well as the number of unknown or illegal LACP frames that have been discarded LACP statistics 4 5 Port Rx Frames Tx Frames Rx Unknown Rx...

Страница 255: ...ys or sets RSTP administrative mode for specified interfaces rstp cost Displays or sets RSTP path cost for specified interfaces rstp priority Displays or sets RSTP priority for specified interfaces rs...

Страница 256: ...Point2point 1 Enabled Auto 128 Enabled Enabled Auto 2 Enabled Auto 128 Enabled Enabled Auto 3 Enabled Auto 128 Enabled Enabled Auto 4 Enabled Auto 128 Enabled Enabled Auto 5 Enabled Auto 128 Enabled...

Страница 257: ...is a root port a new root port is selected from among the device ports attached to the network Note that references to ports in this section mean interfaces which includes both ports and trunks EXAMPL...

Страница 258: ...ormal compatible Compatible with STP normal RSTP DEFAULT SETTING Normal COMMAND USAGE RSTP supports connections to either RSTP or STP nodes by monitoring the incoming protocol messages and dynamically...

Страница 259: ...NTAX rstp cost port list path cost port list A specific port or a range of ports Range 1 28 all for all ports or 0 for all link aggregation groups path cost The path cost for an interface Range 1 2000...

Страница 260: ...nk Type IEEE 802 1D 1998 IEEE 802 1w 2001 Ethernet Half Duplex Full Duplex Trunk 100 95 90 2 000 000 1 999 999 1 000 000 Fast Ethernet Half Duplex Full Duplex Trunk 19 18 15 200 000 100 000 50 000 Gig...

Страница 261: ...priority the port with lowest numeric identifier will be enabled EXAMPLE RSTP priority 19 0 RSTP rstp edge This command displays or sets an edge port to enable fast forwarding SYNTAX rstp edge port li...

Страница 262: ...specified ports SYNTAX rstp autoedge port list enable disable port list A specific port or a range of ports Range 1 28 or all enable Enables automatic edge port detection disable Disables automatic e...

Страница 263: ...ster for point to point links than for shared media Specify a point to point link if the interface can only be connected to exactly one other bridge or a shared link if it can be connected to two or m...

Страница 264: ...r all EXAMPLE This example displays RSTP statistics for port 1 and LAG1 For a description of the items displayed in this example refer to Displaying Port Statistics for STA on page 169 RSTP statistics...

Страница 265: ...CHAPTER 15 RSTP Commands 265 appropriate BPDU format to send on the selected interfaces i e RSTP or STP compatible EXAMPLE RSTP mcheck RSTP...

Страница 266: ...CHAPTER 15 RSTP Commands 266...

Страница 267: ...ction dot1x configuration Displays 802 1X settings for the switch and specified ports dot1x mode Displays or sets the 802 1X mode for the switch dot1x state Displays or sets the 802 1X authentication...

Страница 268: ...ed This state exists when 802 1X authentication is enabled the port has a link the Admin State is 802 1X and the supplicant is authenticated or when the Admin State is Authorized Unauthorized The port...

Страница 269: ...ist A specific port or a range of ports Range 1 28 or all macbased Enables MAC based authentication on the port The switch does not transmit or accept EAPOL frames on the port Flooded frames and broad...

Страница 270: ...nts are not restored EXAMPLE Dot1x state 9 authorized Dot1x state 9 Port Admin State Port State Last Source Last ID 9 Authorized Link Down Dot1x dot1x authenticate This command restarts the client aut...

Страница 271: ...rized disable Disables 802 1X reauthentication DEFAULT SETTING Disabled COMMAND USAGE For port based authentication the re authentication process verifies the connected client s user ID and password o...

Страница 272: ...t SYNTAX dot1x timeout eap timeout eap timeout The time that an interface on the switch waits during an authentication session before re transmitting an EAP packet Range 1 255 seconds DEFAULT SETTING...

Страница 273: ...e a client is connected to a 3rd party switch or hub which in turn is connected to a port on this switch that is running MAC based authentication and suppose the client gets successfully authenticated...

Страница 274: ...d specified by the auth timeout command page 224 the client is put on hold in the Unauthorized state In this state frames from the client will not cause the switch to attempt to re authenticate the cl...

Страница 275: ...Dot1x statistics 1 Rx Access Rx Other Rx Auth Rx Auth Tx MAC Port Challenges Requests Successes Failures Responses Address 1 0 0 0 0 0 Dot1x statistics 1 Port 1 EAPOL Statistics Rx Total 0 Tx Total 3...

Страница 276: ...CHAPTER 16 IEEE 802 1X Commands 276...

Страница 277: ...all DEFAULT SETTING All ports Table 29 IGMP Commands Command Function igmp configuration Displays IGMP snooping settings for the switch all VLANs and specified ports igmp mode Displays or sets the IGM...

Страница 278: ...ges are suppressed unless received from the last member port in the group Flooding Shows if unregistered multicast traffic is flooded into attached VLANs VLAN Settings VID VLAN identifier State Shows...

Страница 279: ...it picks out the group registration information and configures the multicast filters accordingly EXAMPLE IGMP mode enable IGMP igmp state This command displays or sets the IGMP snooping state for the...

Страница 280: ...e for asking hosts if they want to receive multicast traffic disable Disables the switch from serving as querier on this VLAN DEFAULT SETTING Disabled COMMAND USAGE A router or multicast enabled switc...

Страница 281: ...oup specific GS query to that interface If Fast Leave is not used a multicast router or querier will send a GS query message when an IGMPv2 v3 group leave message is received The router querier stops...

Страница 282: ...t the last dynamic member port in the group the receiving port is not a router port and no IGMPv1 member port exists in the group the switch will generate and send a group specific GS query to the mem...

Страница 283: ...iltering port list add del group address port list A specific port or a range of ports Range 1 28 or all add Adds a new IGMP group filtering entry del Deletes a IGMP group filtering entry group addres...

Страница 284: ...ter switch This interface will then join all the current multicast groups supported by the attached router switch to ensure that multicast traffic is passed to all appropriate interfaces within the sw...

Страница 285: ...This command displays IGMP querier status and protocol statistics SYNTAX igmp status vlan id vlan id VLAN to which the management address is assigned Range 1 4095 DEFAULT SETTING Displays status for a...

Страница 286: ...CHAPTER 17 IGMP Commands 286...

Страница 287: ...port list port list A specific port or a range of ports Range 1 28 or all DEFAULT SETTING All ports Table 31 LLDP Commands Command Function lldp configuration Displays LLDP configuration settings for...

Страница 288: ...ransmission only DEFAULT SETTING Disabled EXAMPLE LLDP mode enable LLDP lldp optional_tlv This command displays or sets LLDP optional TLVs for specified ports SYNTAX lldp optional_tlv port list port_d...

Страница 289: ...specific interface associated with this address and an object identifier indicating the type of hardware component or protocol entity associated with this address The interface number and OID are inc...

Страница 290: ...ULT SETTING 3 COMMAND USAGE The time to live tells the receiving LLDP agent how long to retain all information pertaining to the sending LLDP agent if it does not transmit updates in a timely manner E...

Страница 291: ...init reinit reinit The delay before attempting to re initialize after LLDP ports are disabled or the link goes down Range 1 10 seconds DEFAULT SETTING 2 seconds COMMAND USAGE When LLDP is re initializ...

Страница 292: ...rt or a range of ports Range 1 28 or all clear Clears LLDP statistics DEFAULT SETTING Disabled COMMAND USAGE For a description of the information displayed by this command see Displaying LLDP Port Sta...

Страница 293: ...assis ID field CDP TLV Address is mapped into the LLDP Management Address field The CDP address TLV can contain multiple addresses but only the first address is shown in the LLDP neighbors table CDP T...

Страница 294: ...CHAPTER 18 LLDP Commands 294...

Страница 295: ...e 32 MAC Commands Command Function mac configuration Displays MAC address table configuration for specified ports mac add Adds a static MAC address to the specified port and VLAN mac delete Deletes a...

Страница 296: ...o the assigned port and will not be moved When a static address is seen on another port the address will be ignored and will not be written to the address table A static address cannot be learned on a...

Страница 297: ...X mac agetime age time age time The time after which a learned entry is discarded Range 10 1000000 seconds or 0 to disable aging DEFAULT SETTING 300 seconds EXAMPLE MAC agetime 100 MAC mac learning Th...

Страница 298: ...An example of such a module is the MAC Based Authentication under 802 1X EXAMPLE MAC learning 9 secure MAC mac dump This command displays sorted list of MAC address entries SYNTAX mac dump mac max mac...

Страница 299: ...or all DEFAULT SETTING Displays statistics for all ports EXAMPLE MAC statistics 1 Port Dynamic Addresses 1 0 Total Dynamic Addresses 5 Total Static Addresses 4 MAC mac flush This command clears all l...

Страница 300: ...CHAPTER 19 MAC Commands 300...

Страница 301: ...Displays VLAN attributes for specified ports and list of ports assigned to each VLAN vlan aware Displays or sets whether or not a port processes the VLAN ID in ingress frames vlan pvid Displays or se...

Страница 302: ...has been assigned is different from the default PVID a tag indicating the VLAN to which this frame was assigned will be inserted in the egress frame Otherwise the frame is transmitted without a VLAN...

Страница 303: ...ted in frames transmitted from the port The assigned VLAN ID can be based on the ingress tag for tagged frames or the default PVID for untagged ingress frames Note that this mode is normally used for...

Страница 304: ...ot a member these frames will be flooded to all other ports DEFAULT SETTING Disabled COMMAND USAGE Ingress filtering only affects tagged frames Ingress filtering does not affect VLAN independent BPDU...

Страница 305: ...VLAN 1 COMMAND USAGE Port overlapping can be used to allow access to commonly shared network resources among different VLAN groups such as file servers or printers Note that if you implement VLANs wh...

Страница 306: ...CHAPTER 20 VLAN Commands 306 vlan lookup This command displays port members for specified VLAN SYNTAX vlan lookup vlan id vlan id VLAN identifier Range 1 4095 EXAMPLE VLAN lookup 2 VID Ports 2 9 VLAN...

Страница 307: ...e of ports Range 1 28 or all EXAMPLE PVLAN configuration 1 10 Port Isolation 1 Disabled 2 Disabled 3 Disabled 4 Disabled 5 Disabled 6 Disabled 7 Disabled 8 Disabled 9 Disabled 10 Disabled PVLAN ID Por...

Страница 308: ...of both a standard IEEE 802 1Q VLAN and the private VLAN By default all ports are configured as members of VLAN 1 and PVLAN 1 Because all of these ports are members of 802 1Q VLAN 1 isolation cannot b...

Страница 309: ...isolate port list enable disable port list A specific port or a range of ports Range 1 28 or all enable Enables port isolation disable Disables port isolation DEFAULT SETTING Disabled COMMAND USAGE P...

Страница 310: ...CHAPTER 21 PVLAN Commands 310...

Страница 311: ...port Displays or sets the QCL assigned to specified ports qos qcl add Adds or modifies a QoS control entry qos qcl delete Deletes a QoS control entry qos qcl lookup Displays the specified QoS control...

Страница 312: ...Strict 1 2 4 8 3 Low 0 1 Disabled Disabled Strict 1 2 4 8 4 Low 0 1 Disabled Disabled Strict 1 2 4 8 5 Low 0 1 Disabled Disabled Strict 1 2 4 8 6 Low 0 1 Disabled Disabled Strict 1 2 4 8 7 Low 0 1 Di...

Страница 313: ...have VLAN tags are tagged with the input port s default ingress tag priority and then placed in the appropriate priority queue at the output port Note that if the output port is an untagged member of...

Страница 314: ...atted packets Range 0x600 0xffff hex Default 0xffff A detailed listing of Ethernet protocol types can be found in RFC 1060 A few of the more common types include 0800 IP 0806 ARP 8137 IPX vlan id VLAN...

Страница 315: ...ium Normal or High defined by that entry Traffic not matching any of the QCEs are classified to the default QoS Class for the port see the qos default command on page 312 EXAMPLE QoS QCL add 1 1 tos 1...

Страница 316: ...s all QCLs EXAMPLE QoS QCL lookup QCL ID 1 QCE ID Type Class Mapping 1 VLAN ID 1 Low 2 UDP TCP 0 Low QoS QCL qos mode This command displays or sets the egress queuing mode for specified ports SYNTAX q...

Страница 317: ...16 the switch uses the Weighted Round Robin WRR algorithm to determine the frequency at which it services each priority queue The traffic classes are mapped to one of the egress queues provided for ea...

Страница 318: ...orts SYNTAX qos shaper port list enable disable bit rate port list A specific port or range of ports Range 1 28 or all enable Enables egress rate limiting disable Disables egress rate limiting bit rat...

Страница 319: ...then be dropped Due to an ASIC limitation the enforced rate limits are slightly less than the listed options For example 1 Kpps translates into an enforced threshold of 1002 1 pps EXAMPLE QoS Storm un...

Страница 320: ...ackets are dropped Options 1 2 4 512 1k 2k 4k 1024k pps DEFAULT SETTING Disabled 2 pps when enabled COMMAND USAGE The specified limit applies to each port Any packets exceeding the specified threshold...

Страница 321: ...P remarking for specified ports SYNTAX qos dscp queue mapping port list class dscp port list A specific port or range of ports Range 1 28 or all class Output queue buffer Range low normal medium high...

Страница 322: ...CHAPTER 22 QoS Commands 322...

Страница 323: ...sabled Disabled Disabled Disabled 0 4 1 Permit Disabled Disabled Disabled Disabled 818 5 1 Permit Disabled Disabled Disabled Disabled 818 Rate Limiter Rate 1 1 2 1 3 1 4 1 5 1 6 1 Table 37 ACL Command...

Страница 324: ...ed policy see the acl policy command rate limiter Specifies a rate limiter see the acl rate command on page 325 to apply to the port Range 1 15 or disable port copy Defines a port to which matching fr...

Страница 325: ...cy 9 7 ACL acl rate This command displays or sets the rate limiter and maximum packet rate SYNTAX acl rate rate limiter list packet rate rate limiter list Rate limiter identifier Range 1 15 packet rat...

Страница 326: ...ntifier to which this ACE is assigned Range 1 8 vlan id The VLAN to filter for this rule Range 1 4095 or any tag priority Specifies the User Priority value found in the VLAN tag 3 bits as defined by I...

Страница 327: ...where the PRO is equal to IP 0x800 any any value is allowed Default any ip One of the following IP parameters sip Source IP address a b c d n or any dip Destination IP address a b c d n or any protoc...

Страница 328: ...P frames with any value in the PSH field ack TCP frames with any value in the ACK field urg 0 1 any Specifies the TCP Urgent Pointer field significant URG value for this rule Options 0 TCP frames wher...

Страница 329: ...s command deletes an access control entry SYNTAX acl delete ace id ace id An ACL entry Range 1 128 DEFAULT SETTING None EXAMPLE ACL delete 9 ACL acl lookup This command displays the specified access c...

Страница 330: ...APTER 23 ACL Commands 330 Tag Priority Any ACL acl clear This command clears all ACL counters displayed in the ACL lookup table see the acl lookup command page 329 SYNTAX acl clear EXAMPLE ACL clear A...

Страница 331: ...isabled 2 Disabled 3 Disabled 4 Disabled 5 Disabled Mirror mirror port This command displays or sets the destination port to which data is mirrored SYNTAX mirror port port disable port The destination...

Страница 332: ...mode for specified source ports SYNTAX mirror mode port list enable disable rx tx port list A specific port or range of ports Range 1 28 or all enable Mirror both received and transmitted packets disa...

Страница 333: ...later be downloaded to the switch to restore system operation The success of the file transfer depends on the accessibility of the TFTP server and the quality of the network connection The configurati...

Страница 334: ...y saved configuration file The destination file name should not contain slashes or the leading letter of the file name should not be a period and the maximum length is 31 characters for files on the s...

Страница 335: ...for SNMP read access snmp write community Displays or sets the community string for SNMP read write access snmp trap mode Displays or sets the SNMP trap mode snmp trap version Displays or sets the SNM...

Страница 336: ...Enabled snmp community add Adds or modifies an SNMPv3 community entry snmp community delete Deletes an SNMPv3 community entry snmp community lookup Displays SNMPv3 community entries snmp user add Add...

Страница 337: ...ecurity Name Group Name 1 v1 public default_ro_group 2 v1 private default_rw_group 3 v2c public default_ro_group 4 v2c private default_rw_group 5 usm default_user default_rw_group Number of entries 5...

Страница 338: ...SNMP version 3 SNMP snmp read community This command displays or sets the community string for SNMP read access SYNTAX snmp read community community community The community string used for read only a...

Страница 339: ...thentication and privacy This community string is associated with SNMPv1 or SNMPv2 clients in the SNMPv3 communities table see the snmp community lookup command on page 347 EXAMPLE SNMP write communit...

Страница 340: ...P v1 COMMAND USAGE This command specifies whether to send notifications as SNMP v1 v2c or v3 traps EXAMPLE SNMP Trap version 3 SNMP Trap snmp trap community This command displays or sets the community...

Страница 341: ...pv6 address ipv6 address IPv6 address of the management station to receive notification messages An IPv6 address must be formatted according to RFC 2373 IPv6 Addressing Architecture using 8 colon sepa...

Страница 342: ...USAGE When this function is enabled the switch will issue a notification message whenever a port link is established or broken EXAMPLE SNMP Trap link up enable SNMP Trap snmp trap inform mode This co...

Страница 343: ...trap inform timeout SYNTAX snmp trap inform timeout timeout timeout The number of seconds to wait for an acknowledgment before re sending an inform message Range 0 2147 seconds DEFAULT SETTING 1 secon...

Страница 344: ...he SNMP trap security engine ID SYNTAX snmp trap security engine id engine id engine id Specifies the SNMP trap security engine ID Range 10 64 hex digits excluding a string of all 0 s or all F s DEFAU...

Страница 345: ...NMP snmp engine id This command displays or sets the SNMPv3 local engine ID SYNTAX snmp engine id engine id engine id The SNMPv3 engine ID Range 10 64 hex digits excluding a string of all 0 s or all F...

Страница 346: ...d command page 350 ip address Specifies the source address of an SNMP client address mask Specifies the address mask for the SNMP client DEFAULT SETTING public private COMMAND USAGE All community stri...

Страница 347: ...ries EXAMPLE SNMP Community lookup Idx Community Source IP Source Mask 1 public 0 0 0 0 0 0 0 0 2 private 0 0 0 0 0 0 0 0 3 r d 192 168 2 19 255 255 255 0 Number of entries 3 SNMP Community snmp user...

Страница 348: ...HA des The encryption algorithm use for data privacy only 56 bit DES is currently available priv password A string identifying the privacy pass phrase Range 8 40 characters ASCII characters 33 126 onl...

Страница 349: ...ts excluding a string of all 0 s or all F s user name The name of user connecting to the SNMP agent Range 1 32 characters ASCII characters 33 126 only auth password A plain text string identifying the...

Страница 350: ...ty add command page 346 can be used For USM or SNMPv3 the names configured with the local engine ID with the snmp user add command page 347 can be used To modify an entry for USM the current entry mus...

Страница 351: ...ault_rw_group 5 usm default_user default_rw_group 6 usm steve tps Number of entries 6 SNMP Group delete 6 SNMP Group snmp group lookup This command displays SNMPv3 group entries SYNTAX snmp group look...

Страница 352: ...ntifiers of branches within the MIB tree Note that the first character must be a period Wild cards can be used to mask a specific portion of the OID string using an asterisk Length 1 128 DEFAULT SETTI...

Страница 353: ...level read view name write view name group name The name of the SNMP group Range 1 32 characters ASCII characters 33 126 only security model The user security model Options any v1 v2c or the User base...

Страница 354: ...Entry a SNMP Access snmp access delete This command deletes an SNMPv3 access entry SYNTAX snmp access delete index index Index to SNMPv3 access table Range 1 64 DEFAULT SETTING None EXAMPLE SNMP Acces...

Страница 355: ...TER 26 SNMP Commands 355 EXAMPLE SNMP Access lookup Idx Group Name Model Level 1 default_ro_group any NoAuth NoPriv 2 default_rw_group any NoAuth NoPriv 3 r d usm Auth Priv Number of entries 3 SNMP Ac...

Страница 356: ...CHAPTER 26 SNMP Commands 356...

Страница 357: ...ational mode SYNTAX https mode enable disable enable Enables HTTPS service on the switch disable Disables HTTPS service on the switch DEFAULT SETTING Disabled COMMAND USAGE You can configure the switc...

Страница 358: ...illa Firefox 2 0 0 0 or above The following web browsers and operating systems currently support HTTPS EXAMPLE HTTPS mode enable HTTPS https redirect This command displays or sets HTTPS redirect mode...

Страница 359: ...CHAPTER 27 HTTPS Commands 359 EXAMPLE HTTPS redirect enable HTTPS...

Страница 360: ...CHAPTER 27 HTTPS Commands 360...

Страница 361: ...switch DEFAULT SETTING Disabled COMMAND USAGE SSH provides remote management access to this switch as a secure replacement for Telnet When the client contacts the switch via the SSH protocol the switc...

Страница 362: ...e authenticated either locally or via a RADIUS or TACACS remote authentication server as specified the auth radius command page 225 or auth tacacs command page 228 To use SSH with password authenticat...

Страница 363: ...ables UPnP on the switch disable Disables UPnP on the switch DEFAULT SETTING Disabled COMMAND USAGE The first step in UPnP networking is discovery When a device is added to the network the UPnP discov...

Страница 364: ...rvice includes a list of actions the service responds to and a list of variables that model the state of the service at run time If a device has a URL for presentation then the control point can retri...

Страница 365: ...Service Discover Protocol SSDP packets which informs a control point or control points how often it or they should receive a SSDP advertisement message from this switch Due to the unreliable nature of...

Страница 366: ...CHAPTER 29 UPnP Commands 366...

Страница 367: ...mode SYNTAX dhcp relay mode enable disable enable Enables the DHCP relay function disable Disables the DHCP relay function DEFAULT SETTING Disabled Table 45 DHCP Commands Command Function dhcp relay c...

Страница 368: ...DHCP response to the client A DHCP relay server must first be configured see the dhcp relay server command on page 368 before DHCP relay mode can be enabled with this command EXAMPLE DHCP Relay mode e...

Страница 369: ...aving to flood them to the entire VLAN EXAMPLE DHCP Relay Information mode enable DHCP Relay Information dhcp relay information policy This command displays or sets the DHCP relay policy for DHCP clie...

Страница 370: ...Relay statistics Server Statistics Transmit to Server 0 Transmit Error 0 Receive from Server 0 Receive Missing Agent Option 0 Receive Missing Circuit ID 0 Receive Missing Remote ID 0 Receive Bad Circ...

Страница 371: ...ware by specifying a file provided by Edgecore You can download firmware files for your switch from the Support section of the Edgecore web site at www edge core com After the software image is upload...

Страница 372: ...opyright C 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 Free Software Foundation Inc RedBoot is free software covered by the eCos license derived from the GNU General Public License You are welco...

Страница 373: ...ay be used in the address to indicate the appropriate number of zeros required to fill the undefined fields file name The name of the file to load from the TFTP server The destination file name should...

Страница 374: ...CHAPTER 31 Firmware Commands 374...

Страница 375: ...375 SECTION IV APPENDICES This section provides additional information and includes these items Software Specifications on page 377 Troubleshooting on page 381...

Страница 376: ...SECTION Appendices 376...

Страница 377: ...NTROL Full Duplex IEEE 802 3 2005 Half Duplex Back pressure STORM CONTROL Broadcast multicast or unicast traffic throttled above a critical threshold PORT MIRRORING Multiple source ports one destinati...

Страница 378: ...affic shaping MULTICAST FILTERING IGMP Snooping ADDITIONAL FEATURES DHCP Client DNS Proxy LLDP Link Layer Discover Protocol RMON Remote Monitoring groups 1 2 3 9 SMTP Email Alerts SNMP Simple Network...

Страница 379: ...g ARP RFC 826 DHCP Client RFC 2131 HTTPS ICMP RFC 792 IGMP RFC 1112 IGMPv2 RFC 2236 IGMPv3 RFC 3376 partial support RADIUS RFC 2618 RMON RFC 2819 groups 1 2 3 9 SNMP RFC 1157 SNMPv2c RFC 2571 SNMPv3 R...

Страница 380: ...te MIB Quality of Service MIB RADIUS Accounting Server MIB RFC 2621 RADIUS Authentication Client MIB RFC 2621 RMON MIB RFC 2819 RMON II Probe Configuration Group RFC 2021 partial implementation SNMPv2...

Страница 381: ...umber of concurrent Telnet SSH sessions permitted Try connecting again at a later time Cannot connect using Secure Shell If you cannot connect using SSH you may have exceeded the maximum number of con...

Страница 382: ...r messages reported to include all categories 3 Enable SNMP 4 Enable SNMP traps 5 Designate the SNMP host that is to receive the error messages 6 Repeat the sequence of commands or other actions that...

Страница 383: ...well defined set of building blocks from which a variety of aggregate forwarding behaviors may be built Each packet carries information DS byte used by each hop to give it a particular forwarding trea...

Страница 384: ...le Authentication Protocol over LAN EAPOL is a client authentication protocol used by this switch to verify the network access rights for any device that is plugged into the switch A user name and pas...

Страница 385: ...EE 802 3AC Defines frame extensions for VLAN tagging IEEE 802 3X Defines Ethernet frame start stop requests and timers used for flow control on full duplex links Now incorporated in IEEE 802 3 2002 IG...

Страница 386: ...an algorithm that is used to create digital signatures It is intended for use with 32 bit machines and is safer than the MD4 algorithm which has been broken MD5 is a one way hash function meaning tha...

Страница 387: ...n ports within the assigned VLAN Data traffic on downlink ports can only be forwarded to and from uplink ports QOS Quality of Service QoS refers to the capability of a network to provide better servic...

Страница 388: ...k systems Spanning Tree detects and directs data along the shortest available path maximizing the performance and efficiency of the network TACACS Terminal Access Controller Access Control System Plus...

Страница 389: ...al LAN A Virtual LAN is a collection of network nodes that share the same collision domain regardless of their physical location or connection point in the network A VLAN serves as a logical workgroup...

Страница 390: ...GLOSSARY 390...

Страница 391: ...ress port 108 312 default settings system 33 DHCP 57 214 client 57 214 dynamic configuration 40 DHCP relay information option 145 368 information option policy 145 369 DNS server 57 217 Domain Name Se...

Страница 392: ...in menu 51 management access filtering IP addresses 61 208 Management Information Bases MIBs 379 maximum frame size 64 mirror port configuring 128 331 multicast filtering 91 277 multicast groups 175 2...

Страница 393: ...on 264 transmission hold count 77 258 transmission limit 77 258 standards IEEE 379 static addresses setting 100 296 statistics port 152 239 STP 77 258 STP Also see STA switch settings restoring 190 33...

Страница 394: ...INDEX 394 W web interface access requirements 49 configuration buttons 50 home page 50 menu list 51 panel display 51...

Страница 395: ......

Страница 396: ...ES4528V E072009 ST R01 149100000014A...

Отзывы:

Нет отзывов