Enterasys 6E2 Series Скачать руководство пользователя | Manualshive

Страница: 59 / 436

background image

Overview of Security Methods

Accessing Local Management

3-17

The access level can be set to one of the following levels for each user name:

•

super-user

•

read-write

•

read-only

To support multiple access levels per user name, it involves sending back a different “FilterID”
attribute using some server feature to differentiate between the same user name with different
prefixes/suffixes. For example, “username@engineering” and “username@home” could each
return different access levels.

A Radius user/password combination is assigned one access level unless server-specific features
such as prefixes or suffixes are used to assign different access levels.

All radius values, except the server IPs and shared secrets, are assigned reasonable default values
when radius is installed on a new switch module. The defaults are as follows:

•

Client, disabled

•

Timeout, 20 seconds

•

Retries, 3

•

Primary and secondary Authentication ports: 1812 (per RFC 2865)

•

Primary and secondary Accounting ports: 1813 (per RFC 2866)

•

Last-resort for local and remote is CHALLENGE

If only one server is configured, it must be the primary server. It is not necessary to reboot after the
client is reconfigured.

The client cannot be enabled unless the primary server is configured with at least the minimum
configuration information.

NOTE: This is a server-dependent feature.

NOTE: The minimum additional information that must be configured to use a server is
its IP and Shared Secret.

«
...
57
58
59
60
61
...
»

Содержание 6E2 Series

Страница 1: ...Matrix E7 Series and SmartSwitch 6000 Series Modules 6H2xx 6E2xx 6H3xx and 6G3xx Local Management User s Guide 9033528 06...

Страница 2: ......

Страница 3: ...OR THE INFORMATION CONTAINED IN THEM EVEN IF ENTERASYS NETWORKS HAS BEEN ADVISED OF KNEW OF OR SHOULD HAVE KNOWN OF THE POSSIBILITY OF SUCH DAMAGES Enterasys Networks Inc 50 Minuteman Road Andover MA...

Страница 4: ...OF LIABILITY IF YOU DO NOT AGREE TO THE TERMS OF THIS AGREEMENT OR ARE NOT AUTHORIZED TO ENTER INTO THIS AGREEMENT ENTERASYS IS UNWILLING TO LICENSE THE PROGRAM TO YOU AND YOU AGREE TO RETURN THE UNOP...

Страница 5: ...controls as identified on the U S Commerce Control List or iii if the direct product of the technology is a complete plant or any major component of a plant export to Country Groups D 1 or E 2 the di...

Страница 6: ...nd to the Program shall remain with Enterasys and or its suppliers All rights not specifically granted to You shall be reserved to Enterasys 10 ENFORCEMENT You acknowledge and agree that any breach of...

Страница 7: ...ents 1 4 1 5 Local Management Keyboard Conventions 1 8 1 6 Getting Help 1 9 2 LOCAL MANAGEMENT REQUIREMENTS 2 1 Management Terminal Setup 2 1 2 1 1 Console Cable Connection 2 2 2 1 2 Management Termin...

Страница 8: ...Setting the Local and Remote Servers 3 34 3 10 Name Services Configuration Screen 3 35 3 11 System Authentication Configuration Screen 3 37 3 12 EAP Port Configuration Screen 3 39 3 13 EAP Statistics...

Страница 9: ...Module Time 5 13 5 2 8 Entering a New Screen Refresh Time 5 13 5 2 9 Setting the Screen Lockout Time 5 14 5 2 10 Configuring the COM Port 5 14 5 2 10 1 Changing the COM Port Application 5 16 5 2 11 Cl...

Страница 10: ...nu Screen 6 24 6 8 1 802 3ad Port Screen 6 29 6 8 1 1 802 3ad Port Details Screen 6 31 6 8 1 2 802 3ad Port Statistics Screen 6 37 6 8 2 802 3ad Aggregator Screen 6 40 6 8 2 1 802 3ad Aggregator Detai...

Страница 11: ...on Precedence Rules 8 29 8 8 2 Displaying the Current Classification Rule Assignments 8 32 8 8 3 Assigning a Classification to a VID 8 33 8 8 4 Deleting Line Items 8 34 8 9 Protocol Port Configuration...

Страница 12: ...cs Menu Screen 11 2 11 2 Switch Statistics Screen 11 4 11 3 Interface Statistics Screen 11 6 11 3 1 Displaying Interface Statistics 11 9 11 4 RMON Statistics Screen 11 10 11 4 1 Displaying RMON Statis...

Страница 13: ...21 13 12 Example 1 Single Switch Operation 13 22 13 12 1 Solving the Problem 13 22 13 12 2 Frame Handling 13 24 13 13 Example 2 VLANs Across Multiple Switches 13 24 13 13 1 Solving the Problem 13 26 1...

Страница 14: ...Configuration Screen 3 37 3 13 EAP Port Configuration Screen 3 39 3 14 EAP Statistics Menu Screen 3 44 3 15 EAP Session Statistics Screen 3 46 3 16 EAP Authenticator Statistics Screen 3 49 3 17 EAP Di...

Страница 15: ...creen 6 40 6 13 802 3ad Aggregator Details Screen 6 42 6 14 802 3ad System Screen 6 44 6 15 Broadcast Suppression Configuration Screen 6 46 7 1 802 1 Configuration Menu Screen 7 2 7 2 Spanning Tree Co...

Страница 16: ...gement with Only Default VLAN 13 12 13 4 Switch Management with VLANs 13 13 13 5 802 1Q VLAN Screen Hierarchy 13 15 13 6 Walkthrough Stage One Static VLAN Configuration Screen 13 17 13 7 Walkthrough S...

Страница 17: ...6 MAC Port Configuration Screen Field Descriptions 3 55 3 17 MAC Supplicant Configuration Screen Field Descriptions 3 57 4 1 Chassis Menu Screen Menu Item Descriptions 4 3 4 2 Chassis Configuration Sc...

Страница 18: ...reen Field Descriptions 7 11 7 5 PVST Port Configuration Screen Field Descriptions 7 14 8 1 802 1Q VLAN Configuration Menu Screen Menu Item Descriptions 8 4 8 2 Static VLAN Configuration Screen Field...

Страница 19: ...eld Descriptions 11 5 11 3 Interface Statistics Screen Field Descriptions 11 7 11 4 RMON Statistics Screen Field Descriptions 11 11 11 5 Chassis Environmental Statistics Configuration Screen Field Des...

Страница 20: ......

Страница 21: ...the following Access the Local Management application Identify and operate the types of fields used by Local Management Navigate through Local Management fields and menus Use Local Management screens...

Страница 22: ...to configure chassis operation These screens are used to configure the operating parameters for the chassis assign community names and set SNMP traps and obtain the operating status of the chassis po...

Страница 23: ...given port and list of priorities Chapter 10 Layer 3 Extensions Menu Screens introduces and describes how to enable or disable IGMP Internet Group Management Protocol RFC 2236 on selected VLANs or gl...

Страница 24: ...ith the optional HSIM and VHSIM interface modules module installation user s guides and the manuals listed above can be obtained from the World Wide Web in Adobe Acrobat Portable Document Format PDF a...

Страница 25: ...od in numerals signals the decimal point indicator e g 1 75 equals one and three fourths Or periods used in numerals signal the decimal point in Dotted Decimal Notation DDN e g 000 000 000 000 in an I...

Страница 26: ......

Страница 27: ...ve SNMP traps from the switch Designate which Network Management Workstations are allowed to access the switch module View switch interface and RMON statistics Important Notices Depending on the firmw...

Страница 28: ...work Configure the module to control the rate of network traffic entering and leaving the switch on a per port priority basis Configure an optional HSIM or VHSIM installed in the device Configure the...

Страница 29: ...out of band network management system A module connected out of band to the management agent is not connected to the LAN This type of connection allows you to communicate with a network module even wh...

Страница 30: ...VT series emulation software package You can also access Local Management using a Telnet connection through one of the network ports of the switch module 1 4 LOCAL MANAGEMENT SCREEN ELEMENTS There are...

Страница 31: ...Mode 802 1Q SWITCHING Module Type XXXX XX Slot Number X Event Message Field Display Field Input Fields Selection Field Command Fields Display Fields XXXX XX LOCAL MANAGEMENT Event Message Line RETURN...

Страница 32: ...to access the module the heading will be the chassis name e g 6C105 If the module IP address is used to access the module the module name will be in the heading the same as listed next to Module Type...

Страница 33: ...are in bold type In the field description the field is identified as being modifiable Selection Fields Selection fields provide a series of possible values Only applicable values appear in a selection...

Страница 34: ...e ESCAPE ESC Key Used to escape from a Local Management screen without saving changes For example Press ESC twice means the ESC key must be pressed quickly two times SPACE Bar BACKSPACE Key Used to cy...

Страница 35: ...sys Networks products in the network A description of your network environment layout cable type etc Network load and frame size at the time of trouble if known The device history i e have you returne...

Страница 36: ......

Страница 37: ...he power status in case of a power loss 2 1 MANAGEMENT TERMINAL SETUP Use one of the following systems to access Local Management An IBM PC or compatible device running a VT series emulation software...

Страница 38: ...adapter supplied in the kit 3 Connect the RJ45 to DB9 adapter to the PC communications port Figure 2 1 Management Terminal Connection NOTE If using a modem between the VT compatible device and the COM...

Страница 39: ...derline Cursor Style General Setup Menu Mode ID number Cursor Keys Power Supply VT100 7 Bit Controls VT100ID Normal Cursor Keys UPSS DEC Supplemental Communications Setup Menu Transmit Receive XOFF Bi...

Страница 40: ...n 13 8 2 3 MONITORING AN UNINTERRUPTIBLE POWER SUPPLY If the switch module is connected to an American Power Conversion APC Uninterruptible Power Supply UPS device for protection against the loss of p...

Страница 41: ...S Connection COM Port RJ45 to DB9 UPS Adapter UPS Device DB9 Port UTP Cable With RJ45 Connectors 1 2 3 4 5 PS1 PS2 COM 6H252 17 Fast Enet 2 RX TX 4 RX TX 3 RX TX 6 RX TX 5 RX TX 8 RX TX 7 RX TX 10 RX...

Страница 42: ......

Страница 43: ...r 6 Chapter 7 and Chapter 10 Module Statistics screens described in Chapter 11 Network Tools commands described in Chapter 12 and the Security screens which are described in this chapter starting with...

Страница 44: ...or VHSIM is installed in a switch an additional statistics screen selection not shown in Figure 3 2 may display in the Module Statistics Menu screen This is dependent on the HSIM or VHSIM installed Fo...

Страница 45: ...Network Tools Switch Statistics Interface Statistics RMON Statistics Module Menu Chassis Environment Statistics Configuration EAP Configuration EAP Authentication Statistics EAP Session Statistics EA...

Страница 46: ...ens There are two ways to exit the Local Management LM screens Using the Exit Command To exit LM using the EXIT screen command proceed as follows 1 Use the arrow keys to highlight the EXIT command at...

Страница 47: ...If a particular Local Management screen has more than one screen to display its information the NEXT and PREVIOUS commands are used to navigate between its screens To go to the next or previous displa...

Страница 48: ...e associated Access Policy configured in the Password Configuration screen described in Section 4 4 How to Access Turn on the terminal Press ENTER this may take up to four times because the COM port o...

Страница 49: ...ered the terminal beeps and the cursor returns to the beginning of the password entry field Entering a valid password causes the associated access level to display at the bottom of the screen and the...

Страница 50: ...es installed in the chassis How to Access Enter a valid password in the Local Management Password screen as described in Section 3 2 and press ENTER The Main Menu screen Figure 3 5 displays Screen Exa...

Страница 51: ...al is idle for several minutes the Local Management Password screen redisplays and the session ends This idle time can be changed in the General Configuration screen in Section 5 2 9 Table 3 1 Main Me...

Страница 52: ...item in the Module Selection screen and press ENTER The Module Selection screen Figure 3 6 displays Screen Example Figure 3 6 Module Selection Screen 40462 39 EXIT Module 1 2 3 4 5 Module Type 6H258...

Страница 53: ...ection 3 5 Table 3 2 Module Selection Screen Field Descriptions Use this field To Module Selectable Display the slot in which the module is installed The module number enclosed in angle brackets indic...

Страница 54: ...or 6C107 chassis Password Module Selection Module Menu When to Use To access the Local Management screens for the switch module selected in the Module Selection screen How to Access Use the procedure...

Страница 55: ...ific to each port The 802 1 Configuration Menu screen provides access to the Spanning Tree Configuration Menu screen 802 1Q VLAN Configuration Menu screen and the 802 1p Configuration Menu screen Thes...

Страница 56: ...in Passwords screen refer to Section 3 8 The Radius Configuration screen enables you to configure the Radius client function on the switch module to provide another restriction for access to the Local...

Страница 57: ...Configuration screen described in Section 4 4 SECURITY cont d The MAC Port Configuration screen enables you to monitor the authentication state of the supplicants associated with each port and enable...

Страница 58: ...nd grant appropriate access to end user devices directly attached to switch module ports For more information refer to Section 3 6 3 3 6 1 Host Access Control Authentication HACA To use HACA the embed...

Страница 59: ...assign different access levels All radius values except the server IPs and shared secrets are assigned reasonable default values when radius is installed on a new switch module The defaults are as fol...

Страница 60: ...access accept response the user successfully authenticated it must also return a Radius FilterID attribute containing an ASCII string with the following fields in the specified format Enterasys versio...

Страница 61: ...er user based policy that is specifically tailored to the end user s needs 3 6 2 1 Definitions of Terms and Abbreviations Table 3 4 provides an explanation of authentication terms and abbreviations us...

Страница 62: ...deny access but do not validate logins User validation is the job of authentication servers This separation of functions allows network managers to put authentication servers on central servers Use th...

Страница 63: ...Authentication Configuration screen only the valid set of global and per port authentication methods are available for selection These are EAP PWA MAC MAC EAP and NONE If there is an attempt to enabl...

Страница 64: ...ect disables all 802 1X control over that interface However if a default policy exists on that port the switch forwards the frames according to that policy otherwise the switch drops them If a switch...

Страница 65: ...method performs authentication Frames are forwarded Auto Enabled Yes Don t Care Yes Hybrid authentication both methods are active Frames are forwarded according to authorized policy Auto Enabled Yes Y...

Страница 66: ...No Don t Care 802 1X performs authentication Frames are discarded Force Unauthori zation Enabled Yes Don t Care Yes MAC performs authentication Frames are forwarded according to authorized policy Forc...

Страница 67: ...e portAdminDisabled c All policies are applied to ports as a result of a MAC Authentication reverting to the ports default policy if any d All ports currently authenticated using 802 1X are unaffected...

Страница 68: ...screens allow you to configure additional limited access The Name Services Configuration screen allows you to set parameters for personalized web authentication The System Authentication Configuration...

Страница 69: ...access policy For details refer to Section 3 8 RADIUS CONFIGURATION Used to configure the Radius Client Parameters on the switch primary server and secondary server For details refer to Section 3 9 NA...

Страница 70: ...cation Statistics and EAP Diagnostic Statistics screens For details refer to Section 3 13 MAC PORT CONFIGURATION Used to view the current port authentication states enable or disable the authenticatio...

Страница 71: ...r telnet connection This screen is also used to disable the function of hardware switch 8 to prevent the clearing of the login passwords How to Access Use the arrow keys to highlight the PASSWORDS men...

Страница 72: ...user authorization read write This password allows read and write access to Local Management excluding security protected fields for super user access only super user This password permits read write...

Страница 73: ...ge SAVED OK displays at the top of the screen 3 9 RADIUS CONFIGURATION SCREEN When to Use To configure the Radius client in the switch to restrict access to the management functions of the Local Manag...

Страница 74: ...screen field Table 3 8 Radius Configuration Screen Field Descriptions Use this field To Timeout Modifiable Enter the maximum time in seconds to establish contact with the Radius Server before timing o...

Страница 75: ...level with no further attempt at authentication CHALLENGE Reverts to local module legacy passwords REJECT Does not allow remote access For more details refer to Section 3 9 1 To set local and remote s...

Страница 76: ...adius Server before timing out 2 Highlight the Retries field and enter the desired maximum number of attempts 1 N to contact the Radius Server before timing out 3 Highlight the Last Resort Action Loca...

Страница 77: ...n Enable Disable Name Services and associate the switch name with the Secure Harbour IP address How to Access Use the arrow keys to highlight the NAME SERVICES CONFIGURATION menu item on the Security...

Страница 78: ...re Harbour IP must be globally unique within your network and the end switch must contain the identical information Secure Harbour IP Read Only See the IP address used to access services NOTE The Swit...

Страница 79: ...ENTICATION CONFIGURATION menu item on the Security Menu screen and press ENTER The System Authentication Configuration screen Figure 3 12 displays Screen Example Figure 3 12 System Authentication Conf...

Страница 80: ...k by validating the MAC address of their connected devices EAP MAC enables using both MAC and EAP authentication methods concurrently for security NONE turns off all port authentication in the switch...

Страница 81: ...mple Figure 3 13 EAP Port Configuration Screen RETURN EXIT NEXT SAVE 37831_03 1 initialize idle Auto FALSE FALSE 2 2 initialize idle Auto FALSE FALSE 2 3 initialize idle Auto FALSE FALSE 2 4 initializ...

Страница 82: ...hen a EAP authentication is disabled b EAP authentication is enabled and the port is not linked or c EAP authentication is enabled and the port is linked In this case very little time is spent in this...

Страница 83: ...adius server These following seven states are the possible internal states for the authenticator Some states are simply pass through states causing a small action and immediately moving to a new state...

Страница 84: ...urrent configuration A policy string may be returned by the Radius Server in the filter id attribute This policy string can reference a set of VLAN and priority classification rules pre configured in...

Страница 85: ...zed Port Single Setting Set to TRUE to initialize all state machines for this port After initialization authentication can proceed normally on this port according to its control settings This has the...

Страница 86: ...ecurity Menu EAP Statistics Menu When to Use To access the EAP Session Statistics EAP Authenticator Statistics and EAP Diagnostic Statistics screens How to Access Use the arrow keys to highlight the E...

Страница 87: ...rt For details refer to Section 3 13 1 EAP AUTHENTICATOR STATISTICS Used to review authenticator statistics for each port including EAP frame types received and transmitted and frame version number an...

Страница 88: ...R The EAP Session Statistics screen Figure 3 15 displays Screen Example Figure 3 15 EAP Session Statistics Screen Field Descriptions Refer to Table 3 13 for a functional description of each screen fie...

Страница 89: ...session Session Authenticate Method Read Only See whether the session was established by a remote Authentication Server or a local Authentication Server Session Time Read Only See the amount of time...

Страница 90: ...Name Read Only See the user name associated with the PAE Point of Access Entity Port Number Selectable Select the port number to display the associated EAP Session Statistics To select a port number...

Страница 91: ...r Total Frames Tx Read Only See counts of all EAP frames transmitted by the authenticator Start Frames Rx Read Only See counts of EAP start type frames received by the authenticator Logoff Frames Rx R...

Страница 92: ...nticator with an invalid length field for the frame body Frame Version Read Only See the EAP protocol version present in the most recent EAP frame Frame Source Read Only See the source MAC address for...

Страница 93: ...he EAP Statistics Menu screen and press ENTER The EAP Diagnostic Statistics screen Figure 3 17 displays Screen Example Figure 3 17 EAP Diagnostic Statistics Screen RETURN Port Number 1 CLEAR COUNTERS...

Страница 94: ...enticating Read Only See counts of transitions from authenticating to authenticated state after backend authentication has a successful authentication with the supplicant end user requesting authentic...

Страница 95: ...on failure or success type messages This frame count indicates that the authenticator picked an EAP method Non NAK resp From Supp Read Only See counts of initial responses to an EAP request from the s...

Страница 96: ...ccess Use the arrow keys to highlight the MAC PORT CONFIGURATION menu item on the Security Menu screen and press ENTER The MAC Port Configuration screen Figure 3 18 displays CLEAR COUNTERS Command Set...

Страница 97: ...See the current state of the MAC Authentication of a port supplicant If a supplicant is currently active on that port then authenticated is displayed in this field otherwise unauthenticated is displa...

Страница 98: ...e 3 19 displays Initialize Port Single Setting Initialize the authentication status of the port When this field is set to TRUE the current authentication session is terminated the port returns to its...

Страница 99: ...can be displayed at a time To see additional ports select NEXT and press ENTER to display the authentication type and status for the next 10 ports Duration Read Only See the time in days hours minute...

Страница 100: ...to TRUE the current session is terminated It always displays a value of FALSE Reauthenticate Supplicant Single Setting Force a revalidation of the MAC credential for the supplicant When set to TRUE th...

Страница 101: ...nvironmental Information screen to monitor the power supply status power supply redundancy status and the fan tray status Section 4 6 or Redirect Configuration Menu screen and its menu items to access...

Страница 102: ...SNMP traps monitor the chassis environmental status and to perform port redirect functions How to Access Use the arrow keys to highlight the CHASSIS menu item on the Main Menu screen and press ENTER...

Страница 103: ...ATION MENU Used to access the SNMP Community Names Configuration screen and the SNMP Traps Configuration screen These screens are used to modify SNMP community names and set SNMP traps For details ref...

Страница 104: ...d view the chassis uptime How to Access Use the arrow keys to highlight the CHASSIS CONFIGURATION menu item on the Chassis Menu screen and press ENTER The Chassis Configuration screen Figure 4 2 displ...

Страница 105: ...P address as part of the network or subnetwork address or to 0 if the corresponding bit identifies the host The chassis automatically uses the default subnet mask that corresponds to the IP class that...

Страница 106: ...the changes have been saved to memory Screen Lockout Time Modifiable Set the maximum number of minutes that the Local Management application displays a module s screen while awaiting input or action...

Страница 107: ...ht the SAVE command then press ENTER The changes are saved to memory 4 2 3 Setting the Chassis Date The chassis is year 2000 compliant so the Chassis Date may be set beyond the year 1999 To set the ch...

Страница 108: ...esh time perform the following steps 1 Use the arrow keys to highlight the Screen Refresh Time field 2 Enter a number from 3 to 99 3 Press ENTER to set the refresh time to the time entered in the inpu...

Страница 109: ...2 Enter a number from 1 to 30 3 Press ENTER to set the lockout time in the input field 4 Use the arrow keys to highlight the SAVE command at the bottom of the screen and press ENTER If the time enter...

Страница 110: ...n screen These screens are used to modify SNMP community names and set SNMP traps How to Access Use the arrow keys to highlight the SNMP CONFIGURATION MENU item on the Chassis Menu screen and press EN...

Страница 111: ...on SNMP COMMUNITY NAMES CONFIGURATION Used to enter new change or review the community names used as access passwords for module management operation Access is limited based on the password level of t...

Страница 112: ...user How to Access Use the arrow keys to highlight the SNMP COMMUNITY NAMES CONFIGURATION menu item in the SNMP Configuration Menu screen and press ENTER The SNMP Community Names Configuration screen...

Страница 113: ...only access to the 6C105 MIB objects and excludes access to security protected fields of read write or super user authorization read write This community name allows read and write access to the 6C105...

Страница 114: ...munity names are saved to memory and their access modes implemented 4 5 SNMP TRAPS CONFIGURATION SCREEN When to Use To configure the chassis to establish which workstations are to receive trap alarms...

Страница 115: ...o eight different destinations can be defined Trap Community Name Modifiable Enter the Community Name included in the trap message sent to the Network Management Station with the associated IP address...

Страница 116: ...kstation or NO prevent alarms from being sent 7 Using the arrow keys highlight the SAVE command and press ENTER The message SAVED OK displays on the screen The designated workstations now receive trap...

Страница 117: ...e current redundancy status of the chassis power supplies This field will read either Available or Not Available Power Supply X Status Read Only Display the current status of the chassis power supplie...

Страница 118: ...red per installed module giving a maximum of 640 instances for a chassis with 5 modules Up to 24 instances per module can be configured as remote instances to other modules in the chassis How to Acces...

Страница 119: ...ng to the screen settings The port redirect function is extremely useful for troubleshooting purposes as it allows traffic to be sent to a particular port where with the use of an analyzer or RMON pro...

Страница 120: ...set as source ports Destination Module Read Only See which modules are currently set as destination modules Destination Port Read only See which ports are currently set as destination ports Only one...

Страница 121: ...smitted on the source port regardless of the frame format setting NOTE See Section 4 8 1 for directions on how to change the settings for the following fields Src Port n Selectable Select the port n t...

Страница 122: ...he Dest Module field near the bottom of the screen 8 Use the SPACE bar or BACKSPACE key to step to the appropriate module number for the destination module 9 Use the arrow keys to highlight the Frame...

Страница 123: ...n the frame format as received tagged or untagged The VLAN redirect function is very useful for troubleshooting purposes as it allows traffic associated with a particular VLAN to be sent to a particul...

Страница 124: ...VLAN Redirect Configuration Screen Field Descriptions Use this field To Source Module Read Only See which modules are currently set as source modules Source VLAN ID Read Only See the VLAN ID of the V...

Страница 125: ...fiable Enter the VLAN ID of the VLAN that is to be redirected to a port A VLAN can not be redirected to more than one port at a time Src Module n Selectable Select the module n that is to be changed t...

Страница 126: ...e destination module 9 Use the arrow keys to highlight the Frame Format field near the bottom of the screen 10 Use the SPACE bar or BACKSPACE key to step to the desired frame format setting RECEIVED T...

Страница 127: ...Section 5 4 SNMP Traps Configuration screen Section 5 5 Access Control List screen Section 5 6 System Resources Information screen Section 5 7 Flash Download Configuration screen Section 5 8 Port Conf...

Страница 128: ...set SNMP traps configure switch parameters and configure the switch module ports How to Access Use the arrow keys to highlight the MODULE CONFIGURATION MENU item on the Module Menu screen and press EN...

Страница 129: ...AM in the module and the unused portion of each memory and displays the current CPU switch utilization and the peak switch utilization For details refer to Section 5 7 FLASH DOWNLOAD CONFIGURATION Use...

Страница 130: ...e GENERAL CONFIGURATION menu item on the Module Configuration Menu screen and press ENTER The General Configuration screen Figure 5 2 displays Screen Example Figure 5 2 General Configuration Screen 35...

Страница 131: ...ts in the mask to 1 when the network treats the corresponding bits in the IP address as part of the network or subnetwork address or to 0 if the corresponding bit identifies the host When an IP addres...

Страница 132: ...ad Only See the total time that the module has been operating Operational Mode Read Only Display 802 1Q SWITCHING and cannot be changed Management Mode Toggle Set the switch module to operate in eithe...

Страница 133: ...en replaced with the switch module default configuration settings For details refer to Section 5 2 11 IP Fragmentation Toggle Enable or disable IP Fragmentation The default setting for this field is E...

Страница 134: ...consisting of a group of ports to increase the bandwidth between switches You can select either the Enterasys Networks SmartTrunking Huntgroup or the IEEE 802 3ad protocol This field toggles between H...

Страница 135: ...t mask from its default perform the following steps 1 Use the arrow keys to highlight the Subnet Mask field 2 Enter the subnet mask into this field using Dotted Decimal Notation DDN format For example...

Страница 136: ...le a default gateway must be specified When an SNMP Trap is generated the switch module sends out an ARP request to the default gateway which responds with its MAC address The switch module then sends...

Страница 137: ...TP server is located on a different IP subnet than the switch module a Gateway IP address should be specified To set the TFTP Gateway IP address perform the following steps 1 Use the arrow keys to hig...

Страница 138: ...ield 2 Enter the date in this format MM DD YYYY 3 Press ENTER to set the system calendar to the date in the input field 4 Use the arrow keys to highlight the SAVE command at the bottom of the screen a...

Страница 139: ...een refresh time perform the following steps 1 Use the arrow keys to highlight the Screen Refresh Time field 2 Enter a number from 3 to 99 3 Press ENTER to set the refresh time to the time entered in...

Страница 140: ...onnections American Power Conversion APC Uninterruptible Power Supply UPS connections To configure the COM port proceed as follows 1 Use the arrow keys to highlight the Com field CAUTION Before alteri...

Страница 141: ...M port is reconfigured without a valid IP address set on the switch module or chassis the message shown in Figure 5 5 displays Do not continue unless the outcome of the action is fully understood NOTE...

Страница 142: ...r all user entered parameters such as the IP address and Community Names from NVRAM To clear NVRAM proceed as follows 1 Use the arrow keys to highlight the Clear NVRAM field 2 Use the SPACE bar to tog...

Страница 143: ...P Fragmentation proceed as follows 1 Use the arrow keys to highlight the IP Fragmentation field 2 Press the SPACE bar to choose either ENABLED or DISABLED 3 Use the arrow keys to highlight the SAVE co...

Страница 144: ...dule Configuration Menu SNMP Configuration Menu When to Use To provide access to the SNMP Community Names Configuration SNMP Traps Configuration and Access Control List screens These screens are used...

Страница 145: ...e management operation Access is limited based on the password level of the user For details refer to Section 5 4 SNMP TRAPS CONFIGURATION Provides display and configuration access to the table of IP...

Страница 146: ...on the SNMP Configuration Menu screen and press ENTER The SNMP Community Names Configuration screen Figure 5 8 displays NOTE If the 6C105 has been assigned community names it is not necessary to assi...

Страница 147: ...on of each screen field Table 5 5 SNMP Community Names Configuration Screen Field Descriptions Use this field To Community Name Modifiable Display the user defined name through which a user accesses t...

Страница 148: ...displays The community names are saved to memory and their access modes implemented Access Policy Read Only Indicate the access accorded each community name The available access levels are as follows...

Страница 149: ...the SNMP Configuration Menu screen and press ENTER The SNMP Traps Configuration screen Figure 5 9 displays Screen Example Figure 5 9 SNMP Traps Configuration Screen NOTE It is only necessary to assig...

Страница 150: ...Name field Enter the community name 5 Press ENTER 6 Use the arrow keys to highlight the Enable Traps field Press the SPACE bar to choose either YES send alarms from the switch module to the workstati...

Страница 151: ...o the switch module according to their IP addresses Up to 16 single IP addresses and or range of addresses can be configured To manage an ACL enabled switch module the management station must be a mem...

Страница 152: ...2 1 12 1 6 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 180 150 200 3 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Access Control Lists ENABLED IP Addr IP Addr Mask Mask 255 255 255 0 255 255...

Страница 153: ...a new IP address of the devices that you want to have access to SNMP IP management The default value is 0 0 0 0 Up to 16 individual user IP addresses and or range of user IP addresses can be entered F...

Страница 154: ...eys to highlight the Access Control Lists field 6 Press the SPACE bar to toggle the field to ENABLED 7 Press ENTER 8 Use the arrow keys to highlight the SAVE command and press ENTER The message SAVED...

Страница 155: ...to highlight the SAVE command and press ENTER The message SAVED OK displays on the screen The designated devices associated with the range of IP addresses in the ACL will now have remote access to Loc...

Страница 156: ...emory is available How to Access Use the arrow keys to highlight the SYSTEM RESOURCES INFORMATION menu item on the Module Configuration Menu screen and press ENTER The System Resources Information scr...

Страница 157: ...ch microprocessor is used in the switch module Flash Memory Installed Read Only See the amount of FLASH memory that is installed in the switch module and how much is currently available DRAM Installed...

Страница 158: ...restrictions on the version of firmware required for 6H302 48 modules with a serial number starting with 3655xxxxxx The serial number is visible on the top ejector tab of the switch or by querying the...

Страница 159: ...oad Configuration Screen Field Descriptions Refer to Table 5 9 for a functional description of each screen field NOTE Configuration files cannot be downloaded or uploaded directly from one switch modu...

Страница 160: ...acement of the image file currently stored in the switch module Section 5 8 1 describes how to download using Runtime DOWNLOAD CONFIG Used to download a configuration file from a TFTP server to a swit...

Страница 161: ...ing defaults to YES and cannot be changed In UPLOAD CONFIG the setting defaults to NO and cannot be changed TFTP Gateway IP Addr Modifiable Enter the IP address of the TFTP gateway server defined on t...

Страница 162: ...teway IP Addr field on the General Configuration screen 5 Use the arrow keys to highlight the Download Server IP field 6 Enter the IP address of the TFTP server using the DDN format For example nnn nn...

Страница 163: ...t the Download Server IP field 6 Enter the IP address of the TFTP server using the DDN format For example nnn nnn nnn nnn 7 Use the arrow keys to highlight the Download File Name field 8 Enter the com...

Страница 164: ...target TFTP server using the DDN format For example nnn nnn nnn nnn 7 Use the arrow keys to highlight the Download File Name field 8 Enter the complete pathway and file name of the configuration file...

Страница 165: ...n Section 6 6 VLAN Redirect Configuration screen Section 6 7 SmartTrunk Configuration screen Screens are described in the SmartTrunk User s Guide Link Aggregation Menu screen 802 3ad Main Menu Screen...

Страница 166: ...n the Aggregation Agg Mode selected in the General Configuration screen described in Section 5 2 If the Agg Mode HUNTGROUP is selected in the General Configuration Menu screen the Port Configuration s...

Страница 167: ...n which allows the configuration of the switch module Ethernet ports For details refer to Section 6 2 HSIM VHSIM CONFIGURATION Provides access to the HSIM or VHSIM setup screen depending on the one in...

Страница 168: ...t the ETHERNET INTERFACE CONFIGURATION menu item on the Port Configuration Menu screen and press ENTER The Ethernet Interface Configuration screen Figure 6 3 displays SMARTTRUNK CONFIGURATION Used to...

Страница 169: ...l be displayed If a Fast Ethernet port is installed via an optional HSIM the interface displayed may be FE 100TX or FE100 FX If a Gigabit port is installed via an optional VHSIM the interface displaye...

Страница 170: ...In normal operation the port with an FE 100TX interface is capable of auto negotiating the operational mode and no further user setup is required NOTE In normal operation the front panel ports of the...

Страница 171: ...setting Half duplex flow control also known as back pressure is a collision based flow control mechanism used in half duplex configurations The port will display On Off or NA NA is displayed when the...

Страница 172: ...ne on this screen How to Access Use the arrow keys to highlight the desired Ethernet port on the Ethernet Interface Configuration screen and press ENTER The Ethernet Port Configuration screen Figure 6...

Страница 173: ...Default Speed refer to Section 6 3 1 Default Duplex Toggle Choose the default duplex mode Half for half duplex or Full for full duplex If Auto Negotiation is disabled for the port then the port defau...

Страница 174: ...0 Mbps operation 10Base TFD 10 Mbps full duplex operation 100Base TX 100 Mbps operation 100Base TXFD 100 Mbps full duplex operation 1000Base X 1000Base SX 1000Base LX Gigabit Ethernet 1000Base T 1000...

Страница 175: ...the port to ignore received PAUSE frames and prevent the port from transmitting PAUSE frames at any speed connection Auto Negotiate when supported the maximum flow control capabilities of the port ar...

Страница 176: ...gotiate to the highest speed possible Under some circumstances the Network Administrator may want the port to advertise only some of the available modes and not operate in other modes To set the adver...

Страница 177: ...e HSIM or VHSIM setup screen displays Refer to the appropriate HSIM or VHSIM user s guide for instructions on using the Local Management screens for that interface NOTE The HSIM VHSIM Configuration me...

Страница 178: ...Redirect Configuration Menu When to Use To access the Port Redirect Configuration and VLAN Redirect Configuration screens Any combination up to 128 of port and or VLAN redirect instances can be config...

Страница 179: ...ation Menu Screen Field Menu Item Descriptions Menu Item Screen Function PORT REDIRECT CONFIGURATION Used to redirect traffic from a source switch port to a destination switch port For details refer t...

Страница 180: ...to a destination port where all current traffic from the source ports can be examined using analyzers RMON probes or IDS sensors When to Use for 6C107 Chassis To redirect frames in modules installed i...

Страница 181: ...e screen How to Access Use the arrow keys to highlight the PORT REDIRECT CONFIGURATION menu item on the Redirect Configuration Menu screen and press ENTER The Port Redirect Configuration screen Figure...

Страница 182: ...ther the corresponding source ports are configured ON to send errored frames to the destination ports or OFF to drop all errored frames and only forward valid frames to the destination ports All redir...

Страница 183: ...format setting NORMAL TAGGED or UNTAGGED for the selected Destination Port 7 Use the arrow keys to highlight the Redirect Errors field near the bottom of the screen 8 Use the SPACE bar to select eith...

Страница 184: ...LAN 1 are then automatically redirected to VLANs 2 and 5 according to the configured frame format and VLAN frames with errors are dropped TIP If more than 1 port is being redirected repeat steps 1 thr...

Страница 185: ...screen and press ENTER The VLAN Redirect Configuration screen Figure 6 7 displays Screen Example Figure 6 7 VLAN Redirect Configuration Screen NOTE Although traffic associated with a particular VLAN i...

Страница 186: ...rt with a VLAN tag inserted according to the frame classification of the receiving port UNTAGGED Frames are transmitted on the destination port without a VLAN tag regardless of the format of the recei...

Страница 187: ...lections for the Source VLAN Destination Port and Frame Format made in steps 1 through 6 and also updates the screen 9 Use the arrow keys to highlight SAVE at the bottom of the screen Press ENTER The...

Страница 188: ...f aggregating by comparing the operational keys of ports With this IEEE 802 3ad implementation the operation key is the same as the administrative key assigned by management so ports assigned differen...

Страница 189: ...the aggregable bit ActorOperState A port is attached to another port on this same switch loopback There is no available aggregator for 2 or more ports with the same LAGID This can happen if either th...

Страница 190: ...e would be used The remaining links would be placed in a disabled state called Blocking Link Aggregation It is desirable to have a way to use multiple interswitch links simultaneously to increase inte...

Страница 191: ...sys Networks implementation is called SmartTrunking IEEE 802 3ad All the methods of trunking multiple links have involved manually choosing the links that are part of the trunk The IEEE 802 3ad specif...

Страница 192: ...Main Menu Screen 6 28 Port Configuration Menu Screens Screen Example Figure 6 8 802 3ad Main Menu Screen Menu Descriptions Refer to Table 6 7 for a functional description of each menu item PORT AGGREG...

Страница 193: ...to view port instances and to access the 802 3ad Port Details screen described in Section 6 8 1 1 and the Port Statistics screen described in Section 6 8 1 2 AGGREGATOR Used to access the 802 3ad Aggr...

Страница 194: ...port instance then the port is not aggregating with any other port OperKey Read Only View operation key of the port For ports to be able to aggregate they must have the same operation key MUX Read On...

Страница 195: ...nder the Port field 2 Press ENTER The 802 3ad Port Details screen described in Section 6 8 1 1 is displayed Once in this screen the parameters of any selected 802 3ad port can be edited and saved 6 8...

Страница 196: ...e identifier for this port identical to Port Instance ActorSystemID Read Only See the System Identifier for the system in which this port resides 3650 011_16 EXIT STATS SAVE ActorSystemPriority ActorS...

Страница 197: ...value to use for the PartnerOperSysPriority when no protocol partner is available PartnerAdminPortPriority Modifiable Set a default value to use for the PartnerOperPortPriority when no protocol partn...

Страница 198: ...LACP PDU is not received for 90 seconds If this bit is set an S is displayed otherwise an l is displayed bit 2 Aggregation 1 indicates that a port is Aggregable 0 indicates that a port is individual I...

Страница 199: ...n this bit position bit 7 Expired 1 indicates that we have Expired This indicates that no LACP PDUs have been received for a sufficient length of time so the partner information has expired If this is...

Страница 200: ...ess ENTER The 802 3ad Port Statistics screen described in Section 6 8 1 2 is displayed showing the current port statistics SelectedAggID Read Only See the instance of the aggregator that this port has...

Страница 201: ...e shows an example of how the details are displayed in this example for Port Instance 2 Screen Example Figure 6 11 802 3ad Port Statistics Screen Field Descriptions Refer to Table 6 10 for a functiona...

Страница 202: ...Port can receive LACPDUsTx Read Only See the number of LAC PDUs that this Aggregation Port can transmit MarkerResponsePDUsRx Read Only See the number of Marker Response PDUs that this Aggregation Por...

Страница 203: ...number of times this port s Partner Churn machine has entered the churn state AsyncTransCount Read Only See a count of how many times the Actor s Mux state machine enters the IN Sync state PsyncTransC...

Страница 204: ...rity and the number of ports currently attached to the aggregator How to Access Use the arrow keys to highlight the AGGREGATOR menu item in 802 3ad Main Menu screen and press ENTER The 802 3ad Aggrega...

Страница 205: ...laying Aggregator Details To display detail information about an Aggregator proceed as follows 1 Use the arrow keys to highlight the line containing the Aggregator of interest 2 Press ENTER The 802 3a...

Страница 206: ...ght the line containing the Aggregator of interest on the 802 3ad Aggregator screen and press ENTER The 802 3ad Aggregator Details screen Figure 6 13 displays Screen Example Figure 6 13 802 3ad Aggreg...

Страница 207: ...ority value of this aggregator Admin Key Read Only See the Key assigned by management Oper Key Read Only See the current Key being used by the aggregator Collector Max Delay Read Only See the value of...

Страница 208: ...as System Identifier Number of Ports and Number of Aggregators How to Access Use the arrow keys to highlight the SYSTEM menu item in 802 3ad Main Menu screen and press ENTER The 802 3ad System screen...

Страница 209: ...each screen field Table 6 13 802 3ad System Screen Field Descriptions Use this field To System Identifier Read Only See the uniquely identified system to protocol partner Number of Ports Read Only See...

Страница 210: ...Configuration Screen NOTE Broadcast frames received above the threshold setting are dropped 2504 56w PORT 1 2 3 4 5 6 7 8 9 10 11 12 Time Since Peak 999 23 59 999 23 59 999 23 59 999 23 59 999 23 59 9...

Страница 211: ...plays Table 6 14 Broadcast Suppression Configuration Screen Field Descriptions Use this field To PORT Read Only Identify the number of the port Total RX Read Only See the total number of broadcast fra...

Страница 212: ...eak field to YES or NO proceed as follows 1 Use the arrow keys to highlight the Reset Peak field for the selected port 2 Press the SPACE bar to select YES or NO 3 Use the arrow keys to highlight the S...

Страница 213: ...Spanning Tree Configuration Menu screen Section 7 2 Spanning Tree Configuration screen Section 7 3 Spanning Tree Port Configuration screen Section 7 4 PVST Port Configuration Screen Section 7 5 802 1...

Страница 214: ...or 802 1p Configuration Menu screen How to Access Use the arrow keys to highlight the 802 1 CONFIGURATION MENU item on the Module Configuration Menu screen and press ENTER The 802 1 Configuration Menu...

Страница 215: ...ides faster topology changes provides less transitioning time to the forwarding state when the switch module boots compatible with PVST and backwards compatible with traditional IEEE 802 1D Enable or...

Страница 216: ...802 1 Configuration Menu Spanning Tree Configuration Menu When to Use To access the Spanning Tree Configuration or Spanning Tree Port Configuration screen How to Access Use the arrow keys to highligh...

Страница 217: ...u Item Screen Function SPANNING TREE CONFIGURATION Used to create a Per VLAN Spanning Tree PVST instance for each VLAN currently configured on the switch For details about the Spanning Tree Port Confi...

Страница 218: ...ion Menu screen and press ENTER The Spanning Tree Configuration screen Figure 7 3 displays PVST PORT CONFIGURATION Used to allow Multiple Spanning Trees This screen displays when you select a port of...

Страница 219: ...d Table 7 3 Spanning Tree Configuration Screen Field Descriptions Use this field To VLAN top of screen Read Only See a list of the VLAN or Spanning Tree Instances This field also enables you to add or...

Страница 220: ...t all switches in the network be configured for the same STP mode setting IEEE 802 1w Spanning Tree Protocol A single spanning tree for the entire network Redundant links are placed in standby mode St...

Страница 221: ...The VLAN entered in the VLAN field is added or deleted from the list accordingly When a VLAN is added the age time default value of 300 seconds and the bridge priority value of 32768 are automatically...

Страница 222: ...switch address of the selected STP VLAN ID its VLAN age time the total number of ports and the current MAC Address of a switch residing of each port The Spanning Tree Port Configuration screen is also...

Страница 223: ...ff each port The first MAC Address is always associated with the VLAN ID selected in the STP VLAN ID field The default is the MAC Address of the Default VLAN State Read Only See the current state of e...

Страница 224: ...shown in the STP VLAN ID field Switch Address Read Only See the MAC address of the switch Age Time Read Only See the time out of learned entries STP VLAN ID Selectable Select the STP VLAN ID Using th...

Страница 225: ...f the screen to see the next eight ports 7 5 PVST PORT CONFIGURATION SCREEN When to Use To change the configuration parameters of a selected PVST port How to Access Use the arrow keys to highlight the...

Страница 226: ...idge of the segment to which this port is attached Port Designated Bridge Read Only View the bridge id of the bridge this port considers to be designated bridge for this port s segment Port Priority M...

Страница 227: ...5 Port Path Cost Modifiable View the cost contribution of this port in the path to the Spanning Tree root STP Vlan ID Read Only View the Id of the VLAN in which this port belongs Table 7 5 PVST Port C...

Страница 228: ...PVST Port Configuration Screen 7 16 802 1 Configuration Menu Screens...

Страница 229: ...nfiguration screen Section 8 8 Protocol Port Configuration screen Section 8 9 For 6C105 chassis Password Main Menu Module Selection Module Menu Module Configuration Menu 802 1 Configuration Menu 802 1...

Страница 230: ...o good VLAN implementation Before attempting to configure a single switch for VLAN operation consider the following How many VLANs will be required What stations will belong to them What ports are con...

Страница 231: ...ched port of the switch module Each port mode of operation can also be configured to handle untagged frames Hybrid Mode tagged frames 1Q Trunk Mode or frames of a legacy 802 1D switch fabric 1D Trunk...

Страница 232: ...nd also display the Filter Database ID FDB ID associated with each VLAN This screen also allows you to access the Static VLAN Egress Configuration screen The Static VLAN Egress Configuration screen en...

Страница 233: ...GURATION Used to view a list of ports and enables you to configure each port to either receive all frames or only tagged frames set the PVID enable or disable ingress filtering on each port and enable...

Страница 234: ...n as described in Section 8 3 2 How to Access Use the arrow keys to highlight the STATIC VLAN CONFIGURATION menu item on the 802 1Q VLAN Configuration Menu screen and press ENTER The Static VLAN Confi...

Страница 235: ...ue is allocated automatically by the device when the VLAN is created either dynamically by GVRP or when a Static VLAN is created using this screen VLAN Name top of screen Read Only See the VLAN Name o...

Страница 236: ...ed the screen refreshes and shows the newly created VLAN If the VLAN is not created successfully an error is displayed in the Event Message Line at the top of the screen 8 3 2 Displaying the Current S...

Страница 237: ...N To delete a VLAN from the VLAN list proceed as follows 1 Use the arrow keys to highlight the line containing the VLAN ID FDB ID and VLAN Name information The following message is displayed at the to...

Страница 238: ...all ports associated with a VLAN selected on the Static VLAN Configuration screen The ports can be set using the following selections UNTAGGED sets the port to transmit frames without a tag header Th...

Страница 239: ...ID VLAN Name Read Only See the VLAN Name associated with the VLAN ID Port Read Only See a list of ports associated with the VLAN ID Up to 32 ports may be listed on the screen If more than 32 ports ar...

Страница 240: ...the VLAN are transmitted Egress Selectable Select the type of VLAN frame transmission egress for each port You can select UNTAGGED TAGGED or NO using the SPACE bar UNTAGGED the port will only transmi...

Страница 241: ...the arrow keys to highlight the SAVE command at the bottom of the screen 4 Press ENTER The message SAVED OK displays and the screen refreshes showing all ports associated with the VLAN that are set to...

Страница 242: ...gress list is how the switch keeps track of all VLANs that it will recognize How to Access Use the arrow keys to highlight the CURRENT VLAN CONFIGURATION menu item on the 802 1Q VLAN Configuration Men...

Страница 243: ...reen shows the egress setting for each port associated with the VLAN ID in the highlighted line Table 8 4 Current VLAN Configuration Screen Field Descriptions Use this field To VLAN ID Read Only See a...

Страница 244: ...The Current VLAN Egress Configuration screen Figure 8 6 displays showing the egress setting of each port associated with the VLAN ID Screen Example Figure 8 6 Current VLAN Egress Configuration Screen...

Страница 245: ...transmit or receive frames of VLANs other than the static VLANs created on the switch the ingress filtering on the port which can be enabled or disabled to filter out drop frames that are not on the s...

Страница 246: ...HYBRID HYBRID 1Q TRUNK HYBRID HYBRID RETURN EXIT NEXT Port 1 2 3 4 5 6 7 8 9 10 11 12 PVID 1 1 1 1 1 1 1 1 1 1 1 1 Acceptable Frame Types ADMIT ALL FRAMES ADMIT ALL FRAMES ADMIT ALL FRAMES ADMIT ALL F...

Страница 247: ...not learned on a given port Port Read Only See a list of the switch ports NOTE In some cases this field may have an asterisk next to it It indicates that it is currently overridden by a policy If a po...

Страница 248: ...AN List for the port includes all VLANs 1D TRUNK This mode sets the port for transmitting to a legacy 802 1D switch fabric In this mode all incoming frames are classified into the default VLAN and all...

Страница 249: ...Press the SPACE bar to toggle the field to the correct setting ENABLED or DISABLED This will either enable or disable the filtering set in the Acceptable Frame Types field in step 5 9 Use the arrow ke...

Страница 250: ...n screen described in Section 8 9 How to Access Use the arrow keys to highlight the VLAN CLASSIFICATION CONFIGURATION menu item on the 802 1Q VLAN Configuration Menu screen and press ENTER The VLAN Cl...

Страница 251: ...sociated with the classification selected in the Classification field For details on how to enter the VID Classification refer to Section 8 8 3 CLASSIFICATION bottom of screen Selectable Select the cl...

Страница 252: ...t and it is used to simultaneously delete all the configured Classification Rules The DEL MARKED command appears in place of the DEL ALL command when one or more lines are marked for deletion For deta...

Страница 253: ...pe IP Protocol Type TCP UDP ICMP IGMP OSPF CUSTOM Protocol Type 000 IPX COS IPX Class Of Service 000 IPX Packet Type IPX Packet Type Hello or SAP RIP Echo Packet Error Packet Netware 386 SAP Seq Pkt P...

Страница 254: ...Network IPX Network Num 0x00000000 Dest IPX Network IPX Network Num 0x00000000 Bil IPX Network IPX Network Num 0x00000000 Src UDP Port IP UDP Port FTP Data FTP BOOTP Server BOOTP Client RIP Telnet TFT...

Страница 255: ...c TCP Port TCP Port FTP Data FTP BOOTP Server BOOTP Client RIP Telnet TFTP HTTP DNS SMTP POP3 IMAP2 IMAP3 NETBIOS Name Serv NETBIOS Datagram NETBIOS Sess Serv CUSTOM TCP Port Number 00000 Dest TCP Por...

Страница 256: ...ion IPX Socket Type 00000 Bil IPX Socket IPX Socket Same selection as for Src IPX Socket Classification IPX Socket Type 00000 Src MAC Address MAC Address 00 00 00 00 00 00 Dest MAC Address MAC Address...

Страница 257: ...End 00000 Dest TCP Range3 Start 00000 End 00000 Bil TCP Range3 Start 00000 End 00000 1 Bold type indicates a user entry 2 Any fragmented IP frame received is Classified to the priority identification...

Страница 258: ...a match of an entire subnet or range of addresses within a subnet Table 8 9 Classification Precedence Classification Type Precedence Level Layer 2 Source MAC Address Best Match 1a Destination MAC Addr...

Страница 259: ...DP Port Source 4a UDP Port Destination 4b TCP Source Port 4a TCP Destination Port 4b IPX Socket Source 4a IPX Socket Destination 4b UDP Source Port 4a UDP Source Port Range 4b UDP Dest Port 4c UDP Des...

Страница 260: ...he key thing to remember is that the switch modules will classify frames based on one of the classification options 8 8 2 Displaying the Current Classification Rule Assignments To see which ports are...

Страница 261: ...to the appropriate protocol In some cases there is only one selection and a value needs to be entered This is indicated by bold zeros Table 8 8 lists the possible selections associated with each subc...

Страница 262: ...highlight the line with the Classification Rule to be deleted 2 Press the M key and an asterisk appears next to the highlighted line to mark it The DEL ALL command is changed to DEL MARKED 3 If more...

Страница 263: ...om being associated with the Classification Rule Add ports to the VLAN Forwarding List of the switch module How to Access Use the arrow keys to highlight the line item of interest on the VLAN Classifi...

Страница 264: ...to access the Protocol Port Configuration screen All ports with YES in the Classify columns indicate that they are associated with VID 1 and the Ether II Type Classification This causes the VLAN 1 Eth...

Страница 265: ...the screen indicates the port type For example Fast Ethernet Front Panel FTM Backplane Port 3 and Gigabit Ethernet VHSIM If a port cannot be configured NO will be displayed without brackets In some c...

Страница 266: ...he SPACE bar to toggle the SET ALL PORTS field to YES or NO and press ENTER YES will set all the ports to the VID Classification shown in the Classification Rule field NO will remove all ports from th...

Страница 267: ...reen Section 9 4 Transmit Queues Configuration screen Section 9 5 Priority Classification Configuration screen Section 9 6 Protocol Port Configuration screen Section 9 7 Rate Limiting Configuration sc...

Страница 268: ...imiting How to Access Use the arrow keys to highlight the 802 1p CONFIGURATION MENU item on the 802 1 Configuration Menu screen and press ENTER The 802 1p Configuration Menu screen Figure 9 1 displays...

Страница 269: ...MIT QUEUES CONFIGURATION Used to set each port individually or all ports simultaneously to either transmit frames according to the priority transmit queues set in the Advanced Port Priority Configurat...

Страница 270: ...d through that port without a priority indicated in their tag header are classified as a priority 5 A frame with priority information in its tag header is transmitted according to that priority How to...

Страница 271: ...icy Override NONE NONE NONE NONE NONE NONE NONE NONE NONE NONE Port 11 12 13 14 15 16 17 18 19 20 Priority 4 4 4 4 4 6 6 6 1 1 NOTE The Set field toggles from INDIVIDUAL to ALL PORTS When ALL PORTS is...

Страница 272: ...olumns The list of ports can include both physical and virtual ports If the number of ports exceed these limits one or more other screens may be accessed using the NEXT and PREVIOUS commands Priority...

Страница 273: ...e lowest priority 5 Use the arrow keys to highlight the SAVE ALL command at the bottom of the screen 6 Press ENTER The message SAVED OK displays and all ports are set to the priority selected in step...

Страница 274: ...ffic Classes 2 through 0 How to Access Use the arrow keys to highlight the TRAFFIC CLASS INFORMATION menu item on the 802 1p Configuration Menu screen and press ENTER The Traffic Class Information scr...

Страница 275: ...o select a port to display its Traffic Class Configuration screen where the current setting for that port or all ports may be changed simultaneously The Traffic Class Configuration screen is described...

Страница 276: ...t the appropriate port number field above the column of the Traffic Class settings in the Traffic Class Information screen Press ENTER The Traffic Class Configuration screen Figure 9 4 for the selecte...

Страница 277: ...See the list of eight priority levels 0 through 7 that can be associated with the Traffic Class settings Priority 0 is the lowest priority When the screen is displayed the current default Traffic Cla...

Страница 278: ...transmit queues set in the Advanced Priority Configuration screen or transmit frames according to a priority based on a percentage of the port transmission capacity allocated for each transmit queue...

Страница 279: ...figuration screen Figure 9 5 displays Screen Example Figure 9 5 Transmit Queues Configuration Screen WEIGHTED Q0 Q1 Q2 Q3 0 25 38 31 94 Must add up to 100 2504 96w Current Queueing Mode Weights These...

Страница 280: ...Current Queueing Mode is set to STRICT 802 1 The weights selected must equal 100 or the values cannot be saved Default weight distribution is 25 per transmission queue Selectable percent weight value...

Страница 281: ...be transmitted out the port according to the percent of transmit capacity allocated for each transmit queue The default percentages are 25 for each transmit queue Q0 through Q3 To set the priority tr...

Страница 282: ...n screen Assign an 8 bit TOS also known as DF value to incoming IP frames For more information about IP TOS Rewrite refer to Section 9 6 2 Write over an existing TOS value When a frame is received tha...

Страница 283: ...rt from a PID Classification used in the Protocol Port Configuration screen Classification top of screen Selectable Display the classification associated with the priority in the PID column which may...

Страница 284: ...ed the order in which a frame is transmitted also depends on the Classification Precedence Rules discussed in Section 9 6 1 These rules come into effect when there are multiple classifications configu...

Страница 285: ...9 7 Classification List Classification Subclassification and Options Custom or Mask Value Ethernet II Type Ethernet II Type IPX DOD IP ARP RARP AppleTalk Banyan Vines DECNET CUSTOM Type Value 0x00001...

Страница 286: ...TOS PID CUSTOM Same Same Same Same Same IP Protocol Type TCP TOS Value 0x00 Range 0 255 UDP ICMP IGMP OSPF CUSTOM Protocol Type 000 IPX COS IPX Class of Service 000 IPX Packet Type IPX Packet Type Hel...

Страница 287: ...S PID CUSTOM IP Address 000 000 000 000 TOS Value 0x00 Range 0 255 Mask 000 000 000 000 Bil IP Address New IP TOS NO CHANGE TOS PID CUSTOM IP Address 000 000 000 000 TOS Value 0x00 Range 0 255 Mask 00...

Страница 288: ...elnet TFTP HTTP DNS SMTP POP3 IMAP2 IMAP3 NETBIOS Name Serv NETBIOS Datagram NETBIOS Sess Serv CUSTOM UDP Port Number 00000 Dest UDP Port Same selections as for Src UDP Port IP UDP Port Same selection...

Страница 289: ...Telnet TFTP HTTP DNS SMTP POP3 IMAP2 IMAP3 NETBIOS Name Serv NETBIOS Datagram NETBIOS Sess Serv CUSTOM TCP Port Number 00000 Dest TCP Port Same selections as for Src TCP Port TCP Port Same selection a...

Страница 290: ...ification IPX Socket Type 00000 Bil IPX Socket IPX Socket Same selection as for Src IPX Socket Classification IPX Socket Type 00000 Src MAC Address MAC Address 00 00 00 00 00 00 Dest MAC Address MAC A...

Страница 291: ...000 TOS Value 0x00 Range 0 255 End 00000 Bil UDP Range New IP TOS NO CHANGE TOS PID CUSTOM Start 00000 TOS Value 0x00 Range 0 255 End 00000 Src TCP Port New IP TOS NO CHANGE TOS PID CUSTOM Start 00000...

Страница 292: ...00000 1 Bold type indicates a user entry 2 Any fragmented IP frame received is Classified to the priority identification PID and forwarded out the ports configured in the Protocol Port Configuration s...

Страница 293: ...2 Source MAC Address Best Match 1a Destination MAC Address Best Match 1b EtherType 6 SAP 6 IP TOS 5a IP Type 5b IPX COS 5a IPX Type 5b Layer 3 Source IP Address Exact Match 2a Source IP Address Best...

Страница 294: ...Source Port 4a TCP Destination Port 4b IPX Socket Source 4a IPX Socket Destination 4b UDP Source Port 4a UDP Source Port Range 4b UDP Dest Port 4c UDP Dest Port Range 4d TCP Source Port 4a TCP Source...

Страница 295: ...itch will classify frames based on one of the classification options 9 6 2 About the IP TOS Rewrite Feature The Type of Service TOS field also known as the Differential Services DF field in RFC 2474 i...

Страница 296: ...o see which ports are set to a particular PID Classification Classification Rule the Protocol Port Configuration screen must be displayed To access the Protocol Port Configuration proceed as follows 1...

Страница 297: ...sification field requires a value to be entered in a third field to the right of the subclassification field If so use the arrow keys to highlight that third field and type in the appropriate value Ot...

Страница 298: ...iguration screen described in Section 9 6 Each port can be changed so it will or will not transmit frames according to the Classification Rule How to Access Use the arrow keys to highlight the line of...

Страница 299: ...OD IP was selected in the Priority Classification Configuration screen to access the Protocol Port Configuration screen All ports with YES in the Classify columns would be those ports associated with...

Страница 300: ...e number of each port Classify Toggle See which ports are set to the PID Classification indicated in the Classification Rule field see Figure 9 8 The Classify field toggles between YES and NO which de...

Страница 301: ...affic using classification rules In this example illustrated in Figure 9 9 the ABC Company wants to prioritize traffic to their SAP server and Mail server so that the SAP Server has the highest priori...

Страница 302: ...all ports on the switch module to use this classification setting 3 To set the Mail Server IP 123 123 30 7 to the lowest priority 0 the following settings will be made using the Priority Classificatio...

Страница 303: ...ies The list of priorities can include one some or all of the eight 802 1p priority levels The combined rate of all traffic entering and exiting the port with the priorities configured to that port is...

Страница 304: ...tion for a port needs to be changed delete the line containing the incorrect configuration and then enter a new configuration with the correct settings Priority List top of screen Read Only See the pr...

Страница 305: ...atus ENABLED or DISABLED and can be toggled between ENABLED and DISABLED When ENABLED is highlighted pressing ENTER disables the screen function and the field changes to DISABLED DISABLED is the defau...

Страница 306: ...ing Inbound is the default value Up to four rate limit rules entries may be set per port two for Inbound and two for Outbound or any combination of the four Inbound or Outbound Inbound refers to traff...

Страница 307: ...maximum transmission rate for this entry The maximum transmission rate includes all frames associated with the priorities selected in the Priority List field The default high setting is 100 Kbps maxim...

Страница 308: ...port For further information refer to the rate_limit_ command in Chapter 12 9 To add the new port configuration to memory highlight the ADD command field and press ENTER The new entry displays in the...

Страница 309: ...ht the DEL ALL command field and press ENTER Deleting One or More Line Items To delete one or more line items mark each entry and then delete them as follows 1 Use the arrow keys to highlight a line t...

Страница 310: ...Example This is a simple example intended to show how the Rate Limiting feature can be applied to solve a problem Assume that a network was built using a 6C105 chassis in each closet and interconnecte...

Страница 311: ...sible amount of traffic attempting to leave the chassis at high priority is 5 x 100 500 Mbps The gigabit link has ample capacity to carry this load out of the chassis Similar provisioning calculations...

Страница 312: ......

Страница 313: ...ons Menu screen and the IGMP VLAN Configuration screen Section 10 2 Screen Navigation Paths For 6C105 chassis Password Main Menu Module Selection Module Menu Module Configuration Menu Layer 3 Extensio...

Страница 314: ...e IGMP VLAN Configuration screen How to Access Use the arrow keys to highlight the LAYER 3 EXTENSIONS MENU item on the Module Configuration Menu screen and press ENTER The Layer 3 Extensions Menu scre...

Страница 315: ...p information This is performed by hosts multicasting IGMP Host Membership Reports Multicast switches listen for these messages and then pass them to other switches This allows distribution trees to b...

Страница 316: ...information about IGMP refer to Appendix B How to Access Use the arrow keys to highlight the IGMP VLAN CONFIGURATION menu item on the Layer 3 Extensions Menu screen and press ENTER The IGMP VLAN Conf...

Страница 317: ...is value is also used in calculations for other timers The default value is 125 seconds The range of possible entries is 1 to 300 seconds An entry outside of the range will cause the error message PER...

Страница 318: ...ly display an asterisk NOTE To prevent the switch from participating in the IGMP querier election this IP address must be set to 000 000 000 000 McastMartPoolSize Selectable Select the multicast pool...

Страница 319: ...y asterisks then the SPACE bar can be used to display the selectable fields and the numeric keys can be used to change the modifiable fields To update the Configuration and Statistics fields for a sel...

Страница 320: ...roper IGMP version for the VLAN shown in the VLAN ID field 5 Use the arrow keys to highlight the remaining fields Query Interval Query Response Time Interface Robustness Last Member Query Interval Swi...

Страница 321: ...ics screen Section 11 3 RMON Statistics screen Section 11 4 An HSIM or VHSIM Statistics screen may be selected from the Module Statistics Menu screen when an optional HSIM or VHSIM is installed in the...

Страница 322: ...ded RMON agent on the switch Statistics on any optional Fast Ethernet or Gigabit Ethernet HSIM or VHSIM installed in the module How to Access Use the arrow keys to highlight the MODULE STATISTICS menu...

Страница 323: ...r of frames received transmitted filtered and forwarded by each switch port For details refer to Section 11 2 INTERFACE STATISTICS Provides the MIB II statistics for each switched interface on an inte...

Страница 324: ...n Figure 11 2 displays HSIM VHSIM STATISTICS Displays the statistics screen when an optional Fast Ethernet or Gigabit Ethernet HSIM or VHSIM is installed in the switch module An HSIM or VHSIM Statisti...

Страница 325: ...nt panel ports and the optional HSIM or VHSIM installed Frames Rcvd Read Only See the number of frames received by the interface since the last power up or reset Frames Txmtd Read Only See the number...

Страница 326: ...he interface since the last power up or reset Frames Frwded Read Only See the number of frames forwarded by the interface since the last power up or reset CLEAR COUNTERS Command Temporarily reset all...

Страница 327: ...o view other interface statistics refer to Section 11 3 1 Name Read Only See the type of interface for which statistics are being displayed InOctets Read Only See the total number of octets bytes that...

Страница 328: ...Only See the total number of frames that were discarded because the frames were in an unknown or unsupported format OutOctets Read Only See the total number of octets bytes that have been transmitted...

Страница 329: ...erface If this field displays Testing no frames may be passed on this interface Oper Status Read Only See the current status of the interface If this field displays Testing no frames may be passed on...

Страница 330: ...MON Statistics Screen NOTE The RMON Statistics screen provides statistics for all the switch module front panel Ethernet Interfaces and any Ethernet HSIM VHSIM installed in the switch module 25041_65w...

Страница 331: ...splayed interface This field displays valid or invalid Drop Events Read Only See the total number of times that the RMON agent was forced to discard frames due to the lack of available switch resource...

Страница 332: ...er a bad FCS or a bad CRC Total Packets Read Only See the total number of frames including bad frames broadcast frames and multicast frames received on this interface Total Octets Read Only See the to...

Страница 333: ...ee the total number of frames including bad frames received that were between 512 and 1023 bytes in length excluding framing bits but including FCS bytes 1024 1518 Octets Read Only See the total numbe...

Страница 334: ...arrow keys to highlight the Chassis Environmental Statistics Configuration screen on the Module Statistics menu screen and press ENTER The Chassis Environmental Statistics Configuration screen Figure...

Страница 335: ...tics Configuration Screen Field Descriptions Use this field To Chassis Power Redundancy Determine whether there is power redundancy available Chassis Power 1 Status Determine the status of the redunda...

Страница 336: ......

Страница 337: ...2 1 NETWORK TOOLS When to Use To access and manage network devices using the Network Tools command set How to Access Use the arrow keys to highlight the NETWORK TOOLS menu item in the Module Menu scre...

Страница 338: ...devices NOTE The atm_stp_state command only displays when an HSIM or VHSIM is installed that supports ATM such as the HSIM A6DP or VHSIM2 A6DP 36502_02 help SPECIAL done quit or exit Exit from the Net...

Страница 339: ...n a gigabit interface module is installed igmpv3_drop lg_frame_admin link_trap loopback_detect maclock netstat non_bridge_if_num passiveStp ping policy radius rate_limit_mode reset sat_size show soft_...

Страница 340: ...nables disables and configures alias snooping on a per port basis Syntax alias enable disable status ALL port port range i e 1 5 alias stats alias clear_stats alias fwd_list alias fwd_set rate burst v...

Страница 341: ...64 0 Pkts Sent 65 128 0 Pkts Sent 129 256 0 Pkts Sent 257 512 0 Pkts Sent 512 1024 0 Pkts Sent 1024 0 Pkts Dropped Q full 0 Pkts Dropped Rate 0 Pkts Truncated 0 Port State Deltas 93 Port State No Cha...

Страница 342: ...r 2 Invalid entry cannot ping device timed out etc 3 Dynamic route entry 4 Static route entry not subject to change You must specify the arp command with one of the options specified in this table Syn...

Страница 343: ...response packets Other IP packets will be ignored status Displays the current status information about ARP Cache Example arp_learn status Current ARP Cache Learn status NORMAL arp_learn limited Settin...

Страница 344: ...d cdp disable cdp status CDP is Disabled defroute Description Displays sets or deletes the default IP route to a managed device through the specified interface Syntax defroute defroute interface numbe...

Страница 345: ...is not currently in STP blocking or listening on that port After a VLAN has been added to the dynamic Port VLAN List the entry is subject to time out age out if the port does not receive another frame...

Страница 346: ...Logging Trapping begin logging events ev STOp Logging Trapping stop logging events trap ev Clear clear the log ev SEverity severity level set show current logging severity ev filter get set string get...

Страница 347: ...ing severity ev filter get set string get set search string ev logsize get set 50 5000 get set dynamic log buffer size Commands for Listing Events ev List ENabled GROUPS Traps EVents Log list various...

Страница 348: ...edundant port status Displays the current status of the gigabit port Examples gigabit_port_mode status gigabit_port_mode is redundant gigabit_port_mode active This will reset board and cause loss of p...

Страница 349: ...l large IP frames that can be fragmented will be fragmented before being transmitted out the port If the large frame cannot be fragmented then it will be transmitted out the port as a large frame SMAL...

Страница 350: ..._trap disable 2 Link traps have been DISABLED on port 2 link_trap disable all Link traps have been DISABLED on all ports 1 24 link_trap status 3 Link traps are ENABLED on port 3 loopback_detect Descri...

Страница 351: ...ked MAC is sent as a trap to management Syntax maclock show port all Displays the status of MAC locking globally or on one or more ports as well as whether or not MAC lock trap messaging is enabled or...

Страница 352: ...t all value Restricts MAC locking on a port to a maximum number of end station addresses first connected to that port maclock set static port all value Restricts MAC locking on a port to a maximum num...

Страница 353: ...s globally enabled Port Port Trap Max Static Max FirstArrival Violating Number Status Status Allocated Allocated MAC Address ________ ________ ________ ____________ ________________ ________________ 1...

Страница 354: ...anged to 6 on port 3 maclock set static 3 4 MAC Locking Static entry changed to 3 on port 4 maclock settrap 3 enable Enabling MAC Locking traps on Port 3 maclock clear static 3 Statically locked MACs...

Страница 355: ...x07 0x50 0x11 netstat r Destination Next hop Interface Default Route DirectConnection 1 134 141 0 0 DirectConnection 2 134 141 0 0 DirectConnection 3 non_bridge_if_num Description Configures or displa...

Страница 356: ...to a down state Moving the 802 1D Blocked state directly to forwarding and Using a default or locally defined Passive STP Max Age time Syntax passiveStp enable disable status Options enable Enables Pa...

Страница 357: ...d authentication information authenticated MAC or UserName policy set port port_number_or_range_or_all profile_index Maps a policy statically to one or more ports policy clear profile port port_number...

Страница 358: ...1D AA AA AA 3 none none none N A N A 4 Guest Employee EAP Auth john doe 8 none none none N A N A policy set port 1 2 1 Port DefaultPolicy CurrentPolicy AuthType AuthStatus AuthInfo 1 Default Default S...

Страница 359: ...entication will run as before For more about Radius Client refer to Section 3 6 1 Syntax radius radius status radius enable disable radius prim_ip server ip radius sec_ip server ip radius prim_ip serv...

Страница 360: ...t settings radius prim_auth_port n Shows sets the primary RADIUS server s UDP authentication port radius sec_auth_port n Shows sets the secondary RADIUS server s UDP authentication port radius prim_ac...

Страница 361: ...code appears as asterisks on the screen Examples radius client RADIUS Configuration Cli Command Format radius status shows Radius status clear clears all entries timeout server timeout seconds last_r...

Страница 362: ...are entered as the secret code 16 to 32 characters are recommended radius sec_secret Enter Secret max 32 Confirm Secret ERROR secret minimum length is 6 radius sec_secret Enter Secret max 32 Confirm S...

Страница 363: ...o the other mode may result in current settings being removed if their range is no longer valid Changing rate limit mode will require a reset Syntax rate_limit_mode status high_range default low_range...

Страница 364: ...RE Y sat_size Description Displays the current setting or sets the size of the Source Address Table Forwarding Database on the device to either 8000 or 16000 entries The default is 8000 entries When s...

Страница 365: ...ported are ARP caches route tables FIB tables server tables and interface tables The number of valid entries in the table will be outputted at the end of the table display NOTE The Network Tools conne...

Страница 366: ...esses for the filter database identifier fdbId address Show the address mac if it is known by the device port Show the addresses for the port portNumber only type Show addresses of the specified type...

Страница 367: ...alid entries 2 show mac MAC Address FID Port Type 00 00 1D 00 00 20 1 0010 tp_learned 00 00 1D 00 03 20 1 0010 tp_learned 00 00 1D C3 BE 53 0 0001 self 00 00 1D C3 BE 63 0 0017 self more y or n soft_r...

Страница 368: ...anning Tree into STP compatibility mode 0 or the default RSTP mode 2 Syntax stpForceVersion 0 2 status Options stpForceVersion 0 Indicates STP compatibility Enable stpForceVersion 0 only if the user d...

Страница 369: ...evice to use spanning tree legacy 802 1D Path Cost values disable Returns the device to the default setting of using the spanning tree 802 1t Path Cost values status Displays the current status of the...

Страница 370: ...AUTO Syntax stpPointToPointMAC status value stpPointToPointMAC value vlan id port range Options status Displays the current stpPointToPointMAC settings value Sets stpPointToPointMAC as true false or...

Страница 371: ...abled as Spanning Tree ports enable port Enables a specific port disable port Disables a specific port Examples stpPort status The following ports are STP ENABLED 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 1...

Страница 372: ...ology traps disable Allows the generation of topology traps Example suppress_topology_traps enable suppress_topology_traps disable telnet Description Allows the user to communicate with another host t...

Страница 373: ...et reset_nv Resets non volatile memory dont_reset_nv Does not reset non volatile memory Example timed_soft_reset status timed_soft_reset 10 timed_soft_reset 30 timed_soft_reset 60 reset_nv timed_reset...

Страница 374: ...1 52 next hop 0 122 144 60 45 next hop 1 122 144 8 113 next hop 2 122 144 61 45 122 144 11 52 is alive 3 hops away vrrpPort Description Enables disables or displays the status of Virtual Router Redund...

Страница 375: ...Port 1 receives another frame the Red VLAN is added again to the dynamic Port VLAN List of Port 1 and the process continues The dynamic Port VLAN List is a temporary list used in the dynamic egress f...

Страница 376: ...as the Port VLAN Identifier PVID on all ports The following additional steps are required to configure the switch to solve this problem 1 Define a new VLAN VLAN ID 2 using the Static VLAN Configurati...

Страница 377: ...s routed only to AppleTalk users Ports 1 2 5 and 6 while IP traffic is allowed to be seen by IP users Ports 3 4 and 7 and by IP AppleTalk users Ports 1 2 5 and 6 12 5 SPECIAL COMMANDS done quit exit D...

Страница 378: ...Special Commands 12 42 Network Tools Screens...

Страница 379: ...VLAN Operation Section 13 5 Configuration Process Section 13 6 VLAN Switch Operation Section 13 7 VLAN Configuration Section 13 8 Summary of VLAN Local Management Section 13 9 Quick VLAN Walkthrough...

Страница 380: ...ulticast and unknown traffic received from VLAN groups so that traffic from stations in a VLAN are confined to that VLAN When stations are assigned to a VLAN the performance of their network connectio...

Страница 381: ...The SmartSwitches treat each port as being equivalent to any other port and have no understanding of the departmental memberships of each workstation In a VLAN environment each SmartSwitch understands...

Страница 382: ...riety of addressing schemes including the recognition of groups of MAC addresses or types of traffic One of the best known VLAN like schemes is the use of IP Subnets to divide networks into smaller su...

Страница 383: ...s stored in the filtering database assigned to that VLAN Several VLANs can be assigned to the same FDB ID to allow those VLANs to share addressing information This enables the devices in the different...

Страница 384: ...Connection previously referred to as a 1Q Trunk A connection between 802 1Q switches that passes only traffic with a VLAN Tag Header inserted in each frame All VLANs in the port s Port VLAN List are...

Страница 385: ...n 802 1Q VLAN it is important to understand the basic elements that are combined to make up an 802 1Q VLAN Stations A station is any end unit that belongs to a network In the vast majority of cases st...

Страница 386: ...AN Now that a VLAN has been created rules are defined to classify all frames in a VLAN This is accomplished through management by associating a VLAN ID with each port on the switch Optionally frames c...

Страница 387: ...tch has been configured to associate VLAN A and B with Filtering Database Identifier FDB ID 2 VLAN C and D with FDB ID 3 and VLAN E with FDB ID 4 Port 6 has been classified to serve as a VLAN trunk co...

Страница 388: ...gged for VLAN C This frame may have already been through a VLAN aware switch or originated from a station capable of specifying a VLAN membership If a switch receives a frame containing a tag the swit...

Страница 389: ...h is associated with VLAN C and VLAN D The switch recognizes the destination MAC address of the frame as being located out Port 4 Having made the forwarding decision the switch now examines the Port V...

Страница 390: ...signed to other VLANs Figure 13 4 shows an example of a switch configured with port 1 on the Management VLAN port and the other users belonging to VLANs A B and C NOTE The switch s virtual Host Data P...

Страница 391: ...ate the ports to particular VLANs For details on defining a Static VLAN refer to Section 8 3 1 3 Use the Static VLAN Egress Configuration screen to select the type of Egress setting for each port When...

Страница 392: ...mes then the management station connected to the Management VLAN port of either switch could manage both switches No matter how many switches are connected a management station connected to any port o...

Страница 393: ...re connected to those stations What ports will be configured as GARP aware ports Will Per VLAN Spanning Tree or Quick Convergence Spanning Tree be used It may also be helpful to sketch out a diagram o...

Страница 394: ...Name 1 On the 802 1Q VLAN Configuration Menu screen use the arrow keys to highlight the STATIC VLAN CONFIGURATION menu item Press ENTER The Static VLAN Configuration screen displays 2 On the Static VL...

Страница 395: ...ield of Port 3 3 Use the SPACE bar to step to UNTAGGED NOTE When a Static VLAN is created all ports on the Static VLAN Egress Configuration screen are set to the default setting of NO for that VLAN Th...

Страница 396: ...their VLAN ID across multiple switches 5 Use the arrow keys to highlight the Egress field for port 10 in the Static VLAN Egress Configuration screen 6 Use the SPACE bar to step to TAGGED 7 Use the arr...

Страница 397: ...ype in 2 which is the VLAN ID of the Test VLAN This will associate Port 3 with the VLAN ID thus making the port PVID of 2 NOTE Since Port 3 will connect to a single workstation and is not to be used f...

Страница 398: ...t the Acceptable Frame Types field for Port 10 10 Use the SPACE bar to step to ADMIT VLAN TAGGED ONLY This causes Port 10 to drop all frames received that are untagged 11 Leave the INGRESS FILTERING f...

Страница 399: ...e switches using the VLAN Local Management screens The actual procedures and screens used to configure a VLAN aware switch are covered in Chapter 8 Also provided in the discussion of each example is a...

Страница 400: ...signed to two new VLANs red stations to the Red VLAN and blue stations to the Blue VLAN The information below describes how the switch is configured to create these two VLANs and how users are assigne...

Страница 401: ...Ingress Filtering ENABLED GVRP Status DISABLED 5 The VLANs and ports are now configured and enabled Figure 13 11 shows the resulting VLAN assignment to each port Figure 13 11 Switch Configured for VL...

Страница 402: ...lassifies this new untagged frame as belonging to the Red VLAN 5 The switch adds the source MAC address and VLAN for station R2 to its Source Address Table in FDB ID 2 and checks the Source Address Ta...

Страница 403: ...ltiple Switches Floor 1 Floor 2 Floor 3 Floor 4 1 Bridge 1 Bridge 2 Bridge 3 Bridge 4 Redco Redco Blue Industries Red VLAN Red VLAN Red VLAN Red VLAN Blue VLAN Blue VLAN Blue VLAN Blue VLAN 22632_13 U...

Страница 404: ...a VLAN Name of Blue Because the VLANs are assigned to two separate FDB IDs the users on VLAN ID 2 and VLAN ID 3 cannot communicate with each other 2 The Egress type for both VLAN ID 2 Port 1 and VLAN...

Страница 405: ...iginal classification information inserted in the frame Tag Header the receiving switch will maintain the original frame classification GVRP is enabled on this port and will support dynamic VLANs crea...

Страница 406: ...VLAN ID 2 Port 2 and VLAN ID 3 Port 2 to TAGGED using the Static VLAN Egress Configuration screen This means that these ports will only transmit tagged VLAN frames Egress Port 2 TAGGED 5 Port 2 is con...

Страница 407: ...and immediately classifies it as belonging to the Red VLAN After the frame is classified Switch 4 checks the Destination Address and upon discovering that it is a Broadcast Destination Address forward...

Страница 408: ...only eligible port is Port 3 which connects to Bridge 4 Switch 2 checks its Forwarding List which specifies that the VLAN frame type for that port is untagged Switch 2 then updates its Source Address...

Страница 409: ...ser A The 802 1D switches update their Source Address Tables based on the source MAC address and receive port and the 802 1Q switches update their databases based on the source MAC address VLAN and re...

Страница 410: ...ts from flooding the users terminals connected to S1 and S2 a new VLAN will be added to each switch but not assigned to any ports creating a Null VLAN Then each switch will be configured with a Layer...

Страница 411: ...r used by RIP 13 15 EXAMPLE 4 SECURING SENSITIVE INFORMATION ACCORDING TO SUBNET The ABC Company wants to confine the sensitive information being transmitted by their Finance Department to its users o...

Страница 412: ...n Bil IP Address IP Address 123 123 28 0 Data Mask 255 255 255 0 As a result of this setting any frame with a source or destination IP address of 123 123 28 xx where xx can be a value of 0 255 will be...

Страница 413: ...the VLAN Classification Configuration screen This rule is assigned to all ports 3 Enable the Dynamic Egress control on VLAN 2 using the Network Tools command dynamic_egress enable 2 With the above co...

Страница 414: ...ddress 00 00 00 00 00 0A and 00 00 00 00 00 0B of Workstation 1 and 2 respectively Figure 13 19 Locking Ports According to Classification Rule 13 17 1 Solving the Problem In this example switches S1 a...

Страница 415: ...Ports 1 and 2 with Red VLAN and enable the port to receive all frames The VLAN Classification Configuration screen to create two src MAC address classification rules and assign them to the appropriate...

Страница 416: ...cation MAC Address 00 00 00 00 00 0A ADD the rule It will display in the top half of the VLAN Classification Configuration screen 5 Enter the following settings on the Protocol Port Configuration scre...

Страница 417: ...to dynamically create VLANs across a switched network When a VLAN is declared the information is transmitted out GVRP configured ports on the switch in a GARP formatted frame using the GVRP multicast...

Страница 418: ...gure A 1 Example of VLAN Propagation via GVRP Configuring a VLAN on an 802 1Q switch creates a static GVRP entry The entry will always remain registered and will not time out However dynamic entries w...

Страница 419: ...rame and a filter is created to send the stream of data only to those end stations that will receive it IGMP queries are sent periodically from routers An end station that will receive a multicast str...

Страница 420: ...iority than GMRP The switch will snoop on all incoming multicast addresses to detect query responses as well as queries Query responses are sent to the multicast address detected in the stream from th...

Страница 421: ...g protocols have a destination address of 01 00 5E DVMRP and PIM version 1 run over IGMP If the IGMP frame type is not a REPORT QUERY or LEAVE then the frame is assumed to be one of these PIM version...

Страница 422: ......

Страница 423: ...Key 6 33 ActorAdminState hex 6 33 ActorOperKey 6 33 ActorOperState 6 34 ActorPort 6 32 ActorPortPriority 6 33 ActorSystemID 6 32 ActorSystemPriority 6 32 AttachedAggID 6 36 LAGID 6 36 PartnerAdminKey...

Страница 424: ...7 Total RX 6 47 Built in Commands use of 12 2 C Chassis Configuration screen 4 4 screen fields Chassis Date 4 5 Chassis Time 4 5 Chassis Uptime 4 6 IP Address 4 5 MAC Address 4 5 Screen Lockout Time 4...

Страница 425: ...onse Id Frames Rx 3 50 Start Frames Rx 3 49 Total Frames Rx 3 49 Total Frames Tx 3 49 EAP Configuration screen See EAP Port Configuration screen EAP Diagnostic Statistics screen 3 51 screen fields Acc...

Страница 426: ...selection 1 7 types 1 6 Filtering Database 13 6 Filtering Database ID 13 5 Filtering Network Traffic According to a Layer 4 Classification Rule 13 32 FLASH Download Configuration screen 5 32 Flash Do...

Страница 427: ...stness 10 5 Last Member Query Interval 10 6 Multicast Pool Size 10 6 Querier Address 10 6 Querier Expire Time 10 6 Querier Uptime 10 6 Query Interval 10 5 Query Response Time 10 5 Switch Query IP 10 6...

Страница 428: ...rt connection of 2 1 2 2 setup of 2 1 2 3 Managing the switch 13 11 when configured with VLANs 13 12 when not configured with VLANs 13 11 Module Configuration Menu screen 5 2 Module date 5 5 Module Lo...

Страница 429: ...filtering 13 32 NEXT command how to use 3 5 NVRAM clearing of 5 16 P PAE 3 19 Password screen chassis 3 6 Passwords screen module login 3 29 Port Configuration Menu screen 6 2 Port mode 1D Trunk 8 20...

Страница 430: ...ol Port Configuration screen VLAN 8 35 PVID assigning to port 8 21 PVST Port Configuration screen 7 13 screen fields Corresponding ifindex 7 14 Port 7 14 Port Designated Bridge 7 14 Port Designated Co...

Страница 431: ...12 Owner 11 11 RMON Index 11 11 Status 11 11 Total Octets 11 12 Undersized Packets 11 12 total packets 11 12 Rules Classification Precedence 8 29 S Screen fields command fields 1 7 display fields 1 7...

Страница 432: ...ing Configuration screen 9 37 Redirect Configuration Menu screen 6 14 RMON Statistics screen 11 10 Security Menu screen 3 26 EAP Authenticator Statistics screen 3 48 EAP Configuration screen See EAP P...

Страница 433: ...ial Commands Network Tools 12 41 Static VLAN Configuration screen 8 6 screen fields ADD 8 7 DEL MARKED 8 7 FDB ID 8 7 VLAN ID 8 7 VLAN ID bottom of screen 8 7 VLAN Name 8 7 VLAN Name bottom of screen...

Страница 434: ...LAN classifying frames to a 13 8 components 13 7 configuration process of 13 8 customizing the forwarding list 13 8 default VLAN 13 6 defining a 13 8 definition 13 2 to 13 4 Local Management for 7 3 t...

Страница 435: ...Read Only 4 25 Destination Port Read Only 4 25 Frame Format Read Only 4 25 Frame Format Selectable 4 25 Redirect Errors 4 25 Source Module Read Only 4 24 Source VLAN ID 4 24 Src Module n Selectable 4...

Страница 436: ......

Отзывы:

Нет отзывов

Похожие инструкции для 6E2 Series

Univerge SV8100

Бренд: NEC Страницы: 44

Бренд: Cambium Networks Страницы: 29

Бренд: Teagle Страницы: 40

Бренд: process-informatik Страницы: 8

Бренд: SUNRICH TECHNOLOGY Страницы: 5

Бренд: Intellinet Страницы: 2

Бренд: U.S. Products Страницы: 80

Бренд: NETGEAR Страницы: 2

Бренд: 3Ware Страницы: 4

Бренд: StarTech.com Страницы: 9

IPLink 2603 Series

Бренд: Patton Страницы: 120

Бренд: Hamlet Страницы: 122

Бренд: ZyXEL Communications Страницы: 2

Бренд: Harman Страницы: 24

Бренд: S&P Страницы: 3

Бренд: ProSoft Страницы: 53

Network Adapter AC AAP

Бренд: Extron electronics Страницы: 2

Бренд: Beckhoff Страницы: 84

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды