Extreme Networks Summit 300-48 Скачать руководство пользователя страница 88 | Manualshive

Страница: 88 / 198

background image

88

Summit 300-48 Switch Software User Guide

Unified Access Security

Policy Examples

The following examples suggest typical uses of network security policies.

Example.

You want to give employees complete network access but limit access to visitors. The

solution is to base network access on the authentication method, as indicated in Table 29.

NOTE

Not all methods can be used at the same time on the same interface.

Example.

You want to restrict user access to certain locations or times. The solution is to include the

access point as a component of network access and include time restrictions for certain locations.

Policies and RADIUS Support

The authentication features of the Summit 300-48 switch are tightly integrated with RADIUS. You can
specify the following types of RADIUS access control policies:

•

User-based — 802.1x requests provide the RADIUS server with the user name and password. Based
on the user name, the RADIUS server sends back authentication information, including allow/deny,
assigned VLAN, and VLAN tag.

•

Location-based — You can configure a location string for each wireless port. The location is sent to
the RADIUS server as a vendor-specific attribute. The RADIUS server uses this information to
determine the access policy.

RADIUS Attributes

Table 30 lists the attributes are included in each request for access:

Table 29: Authentication-Based Network Access Example

Authentication Method

User Placement

802.1x with dynamic WEP

Internal VLAN

TKIP with pre-shared keys

PSK VLAN

WEP

WEP VLAN

Fails 802.1x authentication

Deny access

Table 30: RADIUS Request Attributes

Attribute

Description

User-Name

User name for dot1x or MAC address

User-Password

User-specified for dot1x or blank

Service-Type

Value is login (1)

Vendor-Specific

Contains EXTREME_USER_LOCATION, and the value is as configured
by the user for the location of each wireless port

«
...
86
87
88
89
90
...
»

Содержание Summit 300-48

Страница 1: ...ks Inc 3585 Monroe Street Santa Clara California 95051 888 257 3000 http www extremenetworks com Summit 300 48 Switch Software User Guide Software Version 6 2a Published September 2003 Part number 123...

Страница 2: ...rvice mark of Extreme Networks which may be registered or pending registration in certain jurisdictions Specifications are subject to change without notice NetWare and Novell are registered trademarks...

Страница 3: ...Quality of Service 19 Load Sharing 19 ESRP Aware Switches 19 Software Licensing 19 Security Licensing 20 Obtaining a Security License 20 Security Features Under License Control 20 Software Factory De...

Страница 4: ...olling Telnet Access 39 Using Secure Shell 2 SSH2 39 Enabling SSH2 for Inbound Switch Access 39 Using SNMP 40 Accessing Switch Agents 40 Supported MIBs 41 Configuring SNMP Settings 41 Displaying SNMP...

Страница 5: ...reme Discovery Protocol 61 EDP Commands 61 Chapter 5 Virtual LANs VLANs Overview of Virtual LANs 63 Benefits 63 Types of VLANs 64 Port Based VLANs 64 Tagged VLANs 66 VLAN Names 69 Default VLAN 69 Rena...

Страница 6: ...utes 88 CLI Commands for Security on the Switch 89 Security Profile Commands 89 Example Wireless Configuration Process 91 93 Chapter 8 Power Over Ethernet Overview 95 Summary of PoE Features 95 Port P...

Страница 7: ...ss Control List Examples 116 Chapter 11 Quality of Service QoS Overview of Policy Based Quality of Service 121 Applications and Types of QoS 122 Voice Applications 122 Video Applications 122 Critical...

Страница 8: ...ng Tree Protocol 145 Spanning Tree Domains 145 Defaults 146 STPD BPDU Tunneling 146 STP Configurations 146 Configuring STP on the Switch 148 STP Configuration Example 151 Displaying STP Settings 151 D...

Страница 9: ...ndix C Software Upgrade and Boot Options Downloading a New Image 175 Rebooting the Switch 176 Saving Configuration Changes 176 Returning to Factory Defaults 176 Using TFTP to Upload the Configuration...

Страница 10: ...10 Summit 300 48 Switch Software User Guide Contents Debug Tracing 187 TOP Command 187 Contacting Extreme Technical Support 187 Index Index of Commands...

Страница 11: ...reless network 74 7 Permit established access list example topology 116 8 Access control list denies all TCP and UDP traffic 117 9 Access list allows TCP traffic 118 10 Host A initiates a TCP session...

Страница 12: ...12 Summit 300 48 Switch Software User Guide Figures...

Страница 13: ...tch Port Mirroring Configuration Commands 60 17 EDP Commands 61 18 VLAN Configuration Commands 70 19 RF Configuration Commands 76 20 RF Profile Property Values 76 21 Switch Level Wireless Configuratio...

Страница 14: ...Commands 127 45 DiffServ Configuration Commands 128 46 Default Code Point to QoS Profile Mapping 129 47 Status Monitoring Commands 134 48 Port Monitoring Display Keys 137 49 Fault Levels Assigned by...

Страница 15: ...ors who are responsible for installing and setting up network equipment It assumes a basic working knowledge of Local area networks LANs Ethernet concepts Ethernet switching and bridging concepts Rout...

Страница 16: ...lays This typeface indicates command syntax or represents information as it appears on the screen The words enter and type When you see the word enter in this guide you must type something and then pr...

Страница 17: ...00 48 switch supports the following ExtremeWare features Unified Access support Virtual local area networks VLANs including support for IEEE 802 1Q and IEEE 802 1p Spanning Tree Protocol STP IEEE 802...

Страница 18: ...local area network LAN Implementing VLANs on your network has the following three advantages They help to control broadcast traffic If a device in VLAN Marketing transmits a broadcast frame only VLAN...

Страница 19: ...ches Extreme switches that are not running ESRP but are connected on a network that has other Extreme switches running ESRP are ESRP aware When ESRP aware switches are attached to ESRP enabled switche...

Страница 20: ...sion 6 0 and above supports the SSH2 protocol SSH2 allows the encryption of session data The encryption methods used are under U S export restriction control Software Factory Defaults Table 3 shows fa...

Страница 21: ...ndividual ExtremeWare features see the applicable individual chapters in this guide IP multicast routing Disabled IGMP Enabled IGMP snooping Disabled SNTP Disabled DNS Disabled Port Mirroring Disabled...

Страница 22: ...22 Summit 300 48 Switch Software User Guide ExtremeWare Overview...

Страница 23: ...appropriate privilege level Most configuration commands require you to have the administrator privilege level To use the CLI follow these steps 1 Enter the command name If the command does not include...

Страница 24: ...iated syntax you must enter enough characters to make the command unambiguous and distinguishable to the switch Command Shortcuts All named components of the switch configuration must have a unique na...

Страница 25: ...r example in the syntax use image primary secondary you must specify either the primary or secondary image when entering the command Do not type the square brackets vertical bar Separates mutually exc...

Страница 26: ...es cursor at end of command Ctrl N or Down Arrow Displays next command in command history buffer and places cursor at end of command Table 6 Common Commands Command Description clear session number Te...

Страница 27: ...c Daylight Savings Time change The default setting is autodst config vlan name ipaddress ip_address mask Configures an IP address and subnet mask for a VLAN create account admin user username encrypte...

Страница 28: ...command output reaches the end of the page The default setting is enabled enable idletimeouts Enables a timer that disconnects all sessions both Telnet and console after 20 minutes of inactivity The...

Страница 29: ...he user logged on by way of the Telnet connection is notified that the session has been terminated If you have logged on with administrator capabilities the command line prompt ends with a sign For ex...

Страница 30: ...configured for the admin account 3 Add a default user password by entering the following command config account user 4 Enter the new password at the prompt 5 Re enter the new password at the prompt NO...

Страница 31: ...et download bootrom configuration image upload configuration ping traceroute In addition the nslookup utility can be used to return the IP address of a hostname Table 8 describes the commands used to...

Страница 32: ...en the switch and a destination endstation The traceroute command syntax is traceroute ip_address hostname from src_ipaddress ttl TTL port port where ip_address is the IP address of the destination en...

Страница 33: ...User Guide 33 from uses the specified source address in the ICMP packet If not specified the address of the transmitting interface is used ttl configures the switch to trace up to the time to live num...

Страница 34: ...34 Summit 300 48 Switch Software User Guide Accessing the Switch...

Страница 35: ...sing ExtremeWare you can manage the switch using the following methods Access the CLI by connecting a terminal or workstation with terminal emulation software to the console port Access the switch rem...

Страница 36: ...IP address of the device that you want to manage Check the user manual supplied with the Telnet facility if you are unsure of how to do this After the connection has been established you will see the...

Страница 37: ...he following tasks Log in to the switch with administrator privileges Assign an IP address and subnet mask to a VLAN The switch comes configured with a default VLAN named default To use Telnet or an S...

Страница 38: ...the one above would be config vlan default ipaddress 123 45 67 8 24 6 Configure the default route for the switch using the following command config iproute add default gateway metric For example confi...

Страница 39: ...erating systems For more information refer to the Data Fellows website at http www datafellows com NOTE SSH2 is compatible with the Data Fellows SSH2 client version 2 0 12 or above SSH2 is not compati...

Страница 40: ...private host key and is automatically transmitted to the SSH2 client at the beginning of an SSH2 session Before you initiate a session from an SSH2 client ensure that the client is configured for any...

Страница 41: ...NMP community strings can contain up to 127 characters System contact optional The system contact is a text field that enables you to enter the name of the person s responsible for managing the switch...

Страница 42: ...the name of the switch A maximum of 32 characters is allowed The default sysname is the model name of the device for example Summit 300 48 The sysname appears in the switch prompt disable snmp access...

Страница 43: ...itch database Configuring RADIUS Client You can define primary and secondary server communication information and for each RADIUS server the RADIUS port number to use when talking to the RADIUS server...

Страница 44: ...source machine source name and access level The user configuration file users defines username password and service type information ClientCfg txt Client Name Key type version prefix 10 1 2 3 256 tes...

Страница 45: ...es in an ASCII configuration file called profiles This file contains named profiles of exact or partial strings of CLI commands A named profile is linked with a user through the users file A profile w...

Страница 46: ...ilter Id unlim Extreme Extreme CLI Authorization Enabled lulu Password Service Type Administrative Profile Name Profile1 Filter Id unlim Extreme Extreme CLI Authorization Enabled gerald Password Servi...

Страница 47: ...gning an IP address see Configuring Switch IP Parameters on page 36 The default home page of the switch can be accessed using the following command http ipaddress When you access the home page of the...

Страница 48: ...n If you will be using ExtremeWare Vista to send an email to the Extreme Networks Technical Support department configure the email settings in your browser Configure the browser to use the following r...

Страница 49: ...ta For example if you select an option from the Configuration task button enter configuration parameters in the content frame If you select the Statistics task button statistics are displayed in the c...

Страница 50: ...a prompts you to save your changes If you select Yes the changes are saved to the selected configuration area To change the selected configuration area you must go to the Configuration task button Swi...

Страница 51: ...sending to Extreme Networks Using the Simple Network Time Protocol ExtremeWare supports the client portion of the Simple Network Time Protocol SNTP Version 3 based on RFC1769 SNTP can be used by the...

Страница 52: ...ds The default sntp client update interval value is 64 seconds 6 You can verify the configuration using the following commands show sntp client This command provides configuration and statistics assoc...

Страница 53: ...Istanbul Turkey Jerusalem Israel Harare Zimbabwe 3 00 180 BT Baghdad Russia Zone 2 Kuwait Nairobi Kenya Riyadh Saudi Arabia Moscow Russia Tehran Iran 4 00 240 ZP4 Russia Zone 3 Abu Dhabi UAE Muscat Tb...

Страница 54: ...r 10 0 1 2 Table 14 SNTP Configuration Commands Command Description config sntp client primary secondary server ipaddress host_name Configures an NTP server for the switch to obtain time information Q...

Страница 55: ...u can use wildcard combinations to specify multiple slot and port combinations The following wildcard combinations are allowed slot Specifies all ports on a particular I O module slot x slot y Specifi...

Страница 56: ...Table 15 Switch Port Commands Command Description config ports portlist auto off speed 10 100 1000 duplex half full Changes the configuration of a group of ports Specify the following auto off The por...

Страница 57: ...to determine the output port selection Algorithm selection is not intended for use in predictive traffic engineering enable sharing port grouping portlist address based Defines a load sharing group of...

Страница 58: ...ource_destination ip_source ip_destination ip_source_destination where mac_source Indicates that the switch should examine the MAC source address mac_destination Indicates that the switch should exami...

Страница 59: ...ogical port 9 enable sharing 1 9 grouping 1 9 1 12 In this example logical port 9 represents physical ports 1 9 through 1 12 When using load sharing you should always reference the master logical port...

Страница 60: ...st domains for example across VLANs when routing NOTE For optimum performance mirror three or fewer ports at any given time Mirror ports and monitor ports should both be confined to the following rang...

Страница 61: ...information Information communicated using EDP includes Switch MAC address switch ID Switch software version information Switch IP address Switch VLAN IP information Switch port number CAUTION With E...

Страница 62: ...62 Summit 300 48 Switch Software User Guide Configuring Ports on a Switch...

Страница 63: ...switch is considered a VLAN LAN segments are not restricted by the hardware that physically connects them The segments are defined by flexible user groups you create with the command line interface Be...

Страница 64: ...ore ports on the switch A port can be a member of only one port based VLAN The Summit 300 48 switch supports L2 port based VLANs For example on the Summit 300 48 switch in Figure 1 ports 1 1 through 1...

Страница 65: ...ong to VLAN Sales Ports 1 1 through 1 24 and port 1 26 on the Summit 300 48 switch also belong to VLAN Sales The two switches are connected using slot 8 port 4 on system 1 the BlackDiamond switch and...

Страница 66: ...tem 2 slot 1 port 6 VLAN Engineering spans system 1 and system 2 by way of a connection between system 1 port 1 52 and system 2 slot 8 port 6 Using this configuration you can create multiple VLANs tha...

Страница 67: ...is particularly useful if you have a device such as a server that must belong to multiple VLANs The device must have a NIC that supports 802 1Q tagging A single port can be a member of only one port b...

Страница 68: ...VLAN Marketing and VLAN Sales The trunk port on each switch is tagged LB48008A 1 49 1 2 3 4 A B 5 6 7 8 4 3 2 1 M S S 50015 Marketing Sales M M S S S Tagged port Marketing Sales M M S S System 2 S S...

Страница 69: ...d VLAN and multiple tag based VLANs NOTE For the purposes of VLAN classification packets arriving on a port with an 802 1Q tag containing a VLANid of zero are treated as untagged VLAN Names Each VLAN...

Страница 70: ...will use a tag 4 Assign one or more ports to the VLAN As you add each port to the VLAN decide if the port will use an 802 1Q tag VLAN Configuration Commands Table 18 describes the commands used to co...

Страница 71: ...untagged create vlan sales config sales tag 120 config sales add port 1 1 1 3 tagged config sales add port 1 4 1 7 Displaying VLAN Settings To display VLAN settings use the following command show vla...

Страница 72: ...72 Summit 300 48 Switch Software User Guide Virtual LANs VLANs...

Страница 73: ...g on page 81 Overview of Wireless Networking The Summit 300 48 switch and the Altitude 300 wireless port extend network service to wireless 802 11a b g clients within a fully integrated network infras...

Страница 74: ...EAP authentication for 802 1X devices PEAP EAP TLS and EAP TTLS WPA using TKIP and AES Per user VLAN classification AccessAdapt management Remote troubleshooting Easy upgrading of wireless ports Detai...

Страница 75: ...xtremely easy since it is only necessary to upgrade the switch not the wireless ports There are two interfaces A and G available on each Summit 300 48 switch port All CLI commands refer to the A radio...

Страница 76: ...ofiles for each supported wireless port Table 19 RF Configuration Commands Command Description create rf profile name copy name Creates a new profile identified by the string name The copy argument sp...

Страница 77: ...adcast and multicast messages rts threshold 2330 0 2347 Identifies request to send RTS threshold in bytes Should you encounter inconsistent data flow only minor modifications are recommended If a netw...

Страница 78: ...hipped with a pre programmed code for certain countries where required by law and as Rest of World for other countries If you do not program the country code in the Summit 300 48 switch then the switc...

Страница 79: ...roperty for the specified port or ports See Table 24 for property values reset wireless ports portlist Resets the specified ports enable disable wireless ports portlist Administratively enables or dis...

Страница 80: ...for the specified interface full half min one eighth quarter Default is full config wireless ports portlist interface 1 2 transmit rate Configures a transmission rate for the specified port Choice of...

Страница 81: ...ields are included in syslog messages for filtering by external tools An additional CLI command is included for more granularity show wireless ports portlist log show wireless ports portlist interface...

Страница 82: ...82 Summit 300 48 Switch Software User Guide Wireless Networking...

Страница 83: ...rks or those with thick access points Unified Access Security provides the following key capabilities Consolidated management Up to 48 wireless ports from a single Summit 300 48 switch larger network...

Страница 84: ...network consisting of the Summit 300 48 switch and Altitude 300 wireless port supports 802 11 open system authentication in which the station identifies the SSID Although open authentication may be ac...

Страница 85: ...Based Authentication Location based authentication restricts access to users in specific buildings The Summit 300 48 switch sends the user s location information to the RADIUS server which then deter...

Страница 86: ...ossible to support WEP40 and WEP104 as unicast cipher suites along with legacy and WPA based clients You can configure the WEP options independently of the AES and TKIP options used for WPA The multic...

Страница 87: ...e following objectives in mind Make each wired and wireless client as secure as possible Protect company resources Make the network infrastructure as secure as possible Be able to track and identify w...

Страница 88: ...ests provide the RADIUS server with the user name and password Based on the user name the RADIUS server sends back authentication information including allow deny assigned VLAN and VLAN tag Location b...

Страница 89: ...ion EXTREME_NETLOGIN_VLAN_TAG VLAN for this MAC Table 32 Vendor Specific Attributes VSA Attribute Value Type Sent In EXTREME_NETLOGIN_VLAN_TAG 209 Integer Access accept EXTREME_USER_LOCATION 208 Strin...

Страница 90: ...ed for WEP or legacy dot1x clients For legacy dot1x clients the switch generates a random key based on the given length and WEP encryption WPA clients use TKIP AES as their cipher suite This command c...

Страница 91: ...broadcast twice once with each encryption key dot1x auth suite dot1x Sets the authentication suite to be dot1x which means that keys are dynamically generated Keys are not pushed from the RADIUS serv...

Страница 92: ...ile RF_G copy DEFAULT_G 10 Assign network name ess name to the RF profile for the G interface configure rf profile RF_G ess name 80211_G To configure WEP security follow these steps 1 Create a securit...

Страница 93: ...cryption length of 128 for the security profile You also need to configure the RADIUS server for dot1x authentication There is a special command enable radius wireless to enable radius for wireless ac...

Страница 94: ...94 Summit 300 48 Switch Software User Guide Unified Access Security...

Страница 95: ...ameras or other devices With PoE a single Ethernet cable supplies power and the data connection thereby saving time and expense associated with separate power cabling and supply The 802 3af specificat...

Страница 96: ...emoved if the PD consumes more than the operator specified limit Maximum of operator limit and class Power is removed if the PD consumes more than the operator limit or discovered class limit whicheve...

Страница 97: ...n order During normal system operations port power order is determined first based upon priority then discovery time Thus the highest priority port with the earliest discovery time is powered first Po...

Страница 98: ...ports NOTE Configuration parameters affecting operational parameters require the port or slot to be first disabled Table 35 Per Port LEDs Port Disabled Link Up Link Down Activity Non powered device o...

Страница 99: ...e default config inline power label string ports portlist Provides a user controllable label to the power port config inline power operator limit milliwatts ports portlist Sets the power limit on the...

Страница 100: ...yond the maximum of the detected class limit and the operator limit none removes denies power in case the PD device exceeds the maximum allowable wattage according to regulatory maximum of 20 000 mW T...

Страница 101: ...port Clears inline power stats on the specified ports Table 37 PoE Show Commands Command Description show inline power Displays inline power status information for the system show inline power configu...

Страница 102: ...102 Summit 300 48 Switch Software User Guide Power Over Ethernet...

Страница 103: ...tries in the FDB Dynamic entries Initially all entries in the database are dynamic Entries in the database are removed aged out if after a period of time aging time the device has not transmitted This...

Страница 104: ...specific destination address must be discarded Blackhole entries are treated like permanent entries in the event of a switch reset or power off on cycle Blackhole entries are never aged out of the da...

Страница 105: ...a permanent MAC entry packets are multicast to the multiple destinations create fdbentry mac_address vlan name dynamic qosprofile qosprofile ingress qosprofile qosprofile ingress qosprofile qosprofil...

Страница 106: ...tics MAC address is 00A023123456 VLAN name is net34 The entry will be learned dynamically QoS profile qp2 will be applied when the entry is learned Displaying FDB Entries To display FDB entries use th...

Страница 107: ...packet arriving on an ingress port is compared to the access list in sequential order and is either forwarded to a specified QoS profile or dropped These forwarded packets can also be modified by cha...

Страница 108: ...address and netmask Layer 4 source port or ICMP type and or ICMP code TCP session initiation bits permit established keyword Egress port Ingress ports An access mask can also have an optional unique p...

Страница 109: ...rop Drop the packets Excess packets are not forwarded Permit with rewrite Forward the packet but modify the packet s DiffServe code point The allowable rate limit values for the 100BT ports are 1 2 3...

Страница 110: ...ce for the default rule access control list If no other access control list entry is satisfied the default rule is used to determine whether the packet is forwarded or dropped If no default rule is sp...

Страница 111: ...Table 39 for the full command syntax For access lists and rate limits you must specify an access mask to use To modify an existing entry you must delete the entry and retype it or create a new entry w...

Страница 112: ...ccess masks access lists and rate limits An access mask entry cannot be deleted until all the access lists and rate limits that reference it are also deleted To delete an access mask entry use the fol...

Страница 113: ...e destination MAC address source mac Specifies the source MAC address vlan Specifies the VLANid ethertype Specify IP ARP or the hex value to match tos Specifies the IP precedence value code point Spec...

Страница 114: ...pecifies the Ethertype field tos Specifies the IP precedence field code point Specifies the DiffServ code point field ipprotocol Specifies the IP protocol field dest ip Specifies the IP destination fi...

Страница 115: ...pecify IP ARP or the hex value to match tos Specifies the IP precedence value code point Specifies the DiffServ code point value ipprotocol Specify an IP protocol or the protocol number dest ip Specif...

Страница 116: ...1 24 The IP address for NET20 VLAN is 10 10 20 1 24 The workstations are configured using addresses 10 10 10 100 and 10 10 20 100 IPForwarding is enabled Figure 7 Permit established access list exampl...

Страница 117: ...llustrates the outcome of the access control list Figure 8 Access control list denies all TCP and UDP traffic Step 2 Allow TCP traffic The next set of access list commands permits TCP based traffic to...

Страница 118: ...eyword to allow only host A to be able to establish a TCP session to host B and to prevent any TCP sessions from being initiated by host B as illustrated in Figure 10 The commands for this access cont...

Страница 119: ...s access list is shown in Figure 12 Figure 12 ICMP packets are filtered out Example 3 Rate limiting Packets This example creates a rate limit to limit the incoming traffic from the 10 10 10 x subnet t...

Страница 120: ...120 Summit 300 48 Switch Software User Guide Access Policies...

Страница 121: ...nism for networks that have heterogeneous traffic patterns Using Policy based QoS you can specify the service level that a particular traffic type receives Overview of Policy Based Quality of Service...

Страница 122: ...small amounts of bandwidth However the bandwidth must be constant and predictable because voice applications are typically sensitive to latency inter packet delay and jitter variation in inter packet...

Страница 123: ...reduce session loss if the queue that floods Web traffic becomes over subscribed File Server Applications With some dependencies on the network operating system file serving typically poses the greate...

Страница 124: ...more specific traffic grouping takes precedence By default all traffic groupings are placed in the QoS profile Qp1 The supported traffic groupings are listed in Table 42 The groupings are listed in o...

Страница 125: ...QoS profile whenever traffic is destined to the MAC address For any port on which the specified MAC address is learned in the specified VLAN the port is assigned the specified QoS profile For example...

Страница 126: ...witching or routing configuration of the switch For example 802 1p information can be preserved across a routed switch boundary and DiffServ code points can be observed or overwritten across a layer 2...

Страница 127: ...nformation By default 802 1p priority information is not replaced or manipulated and the information observed on ingress is preserved when transmitting the packet This behavior is not affected by the...

Страница 128: ...header encapsulation Table 45 lists the commands used to configure DiffServ Some of the commands are described in more detail in the following paragraphs Table 45 DiffServ Configuration Commands Comma...

Страница 129: ...fServ code point has 64 possible values 26 64 By default the values are grouped and assigned to the default QoS profiles listed in Table 46 You can change the QoS profile assignment for a code point b...

Страница 130: ...implies that any traffic sourced from this physical port uses the indicated QoS profile when the traffic is transmitted out to any other port To configure a source port traffic grouping use the follo...

Страница 131: ...monitored port Real Time Performance Monitoring The real time display scrolls through the given portlist to provide statistics You can choose screens for packet count and packets per second The view...

Страница 132: ...on for the port Modifying a QoS Configuration If you make a change to the parameters of a QoS profile after implementing your configuration the timing of the configuration change depends on the traffi...

Страница 133: ...ing If you keep simple daily records you will see trends emerging and notice problems arising before they cause major network faults In this way statistics can help you get the best out of your networ...

Страница 134: ...w log config Displays the log configuration including the syslog host IP address the priority level of messages being logged locally and the priority level of messages being sent to the syslog host sh...

Страница 135: ...s connected to a Summit Virtual Chassis Transmitted Packet Count Tx Pkt Count The number of packets that have been successfully transmitted by the port Transmitted Byte Count Tx Byte Count The total n...

Страница 136: ...llisions Transmit Late Collisions TX Late Coll The total number of collisions that have occurred after the port s transmit window has expired Transmit Deferred Frames TX Deferred The total number of f...

Страница 137: ...e displays that appear when you issue any of the show port commands Setting the System Recovery Level You can configure the system to automatically reboot after a software task exception using the fol...

Страница 138: ...levels including warning or critical use the following command clear log static Subsystem The subsystem refers to the specific functional area to which the error refers Table 50 describes the subsyst...

Страница 139: ...If priority is not specified only messages of critical priority are displayed If you enable the log display on a terminal connected to the console port your settings will remain in effect even after y...

Страница 140: ...and the source IP address of the client if Telnet was used Configuration logging applies only to commands that result in a configuration change To enable configuration logging use the following comman...

Страница 141: ...ties include critical emergency alert error warning notice info and debug If not specified only critical priority messages and are sent to the syslog host disable cli config logging Disables configura...

Страница 142: ...igent remotely controlled device or software agent that continually collects statistics about a LAN segment or VLAN The probe transfers the information to a management workstation on request or when a...

Страница 143: ...r to both log and send a trap The RMON traps are defined in RFC 1757 for rising and falling thresholds Effective use of the Events group saves you time Rather than having to watch real time graphs for...

Страница 144: ...ne for each alarm are shown in Table 52 To be notified of events using SNMP traps you must configure one or more trap receivers as described in Chapter 3 Managing the Switch Table 52 Event Actions Act...

Страница 145: ...specification defined by the IEEE Computer Society To explain STP in terms used by the 802 1D specification the switch will be referred to as a bridge Overview of the Spanning Tree Protocol STP is a...

Страница 146: ...he default device configuration contains a single STPD called s0 The default VLAN is a member of STPD s0 All STP parameters default to the IEEE 802 1D values as appropriate STPD BPDU Tunneling You can...

Страница 147: ...nto blocking state and the connection between switch Y and switch Z is put into blocking state After STP converges all the VLANs can communicate and all bridging loops are prevented The VLAN Marketing...

Страница 148: ...y disabling the trunk ports for that connection on each switch Switch 2 has no ports assigned to VLAN marketing Therefore if the trunk for VLAN marketing on switches 1 and 3 is blocked the traffic for...

Страница 149: ...ay Max age Bridge priority The following parameters can be configured on each port Path cost Port priority NOTE The device supports the RFC 1493 Bridge MIB Parameters of only the s0 default STPD are a...

Страница 150: ...come the root bridge The range is 0 through 65 535 The default setting is 32 768 A setting of 0 indicates the highest priority create stpd stpd_name Creates an STPD When created an STPD has the follow...

Страница 151: ...t add vlan manufacturing enable stpd backbone_st disable stpd backbone_st port 1 1 1 7 1 12 Displaying STP Settings To display STP settings use the following command show stpd stpd_name This command d...

Страница 152: ...it The default STPD s0 cannot be deleted disable ignore bpdu vlan name Allows the switch to recognize STP BPDUs disable ignore stp vlan name Allows a VLAN to use STP port information disable stpd stp...

Страница 153: ...rding on page 165 This chapter assumes that you are already familiar with IP unicast routing If not refer to the following publications for additional information RFC 1256 ICMP Router Discovery Messag...

Страница 154: ...5 are assigned to Personnel Finance belongs to the IP network 192 207 35 0 the router interface for Finance is assigned the IP address 192 206 35 1 Personnel belongs to the IP network 192 207 36 0 it...

Страница 155: ...route to a particular destination the router picks the route with the longest matching network mask If these are still equal the router picks the route using the following criteria in the order speci...

Страница 156: ...Request regardless of the ingress VLAN the always parameter must be applied Once all the proxy ARP conditions are met the switch formulates an ARP Response using the configured MAC address in the pack...

Страница 157: ...ociated with configuring IP unicast routing on the switch To configure routing follow these steps 1 Create and configure two or more VLANs 2 Assign each VLAN that will be using routing an IP address u...

Страница 158: ...If no options are specified all dynamic IP FDB entries are removed config bootprelay add ipaddress Adds the IP destination address to forward BOOTP packets config bootprelay delete ipaddress all Remov...

Страница 159: ...or all VLANs that have been configured with an IP address The default setting for ipforwarding is disabled enable ipforwarding broadcast vlan name Enables forwarding IP broadcast traffic for one or al...

Страница 160: ...to the same destination are available Only paths with the same lowest cost are shared The default setting is disabled rtlookup ipaddress hostname Performs a look up in the route table to determine the...

Страница 161: ...e generation of an ICMP time exceeded message type 11 when the TTL field expires during forwarding IP multicast packets do not trigger ICMP time exceeded messages The default setting is enabled If a V...

Страница 162: ...e Ports 3 and 5 reach the router by way of the VLAN Personnel enable ip option use router alert Enables the switch to generate the router alert IP option with routing protocol packets enable irdp vlan...

Страница 163: ...y IP address VLAN or permanent entries show iparp proxy ipaddress mask Displays the proxy ARP table show ipconfig vlan name Displays configuration information for one or all VLANs show ipconfig vlan n...

Страница 164: ...ed the command applies to all IP interfaces disable icmp redirects vlan name Disables the generation of ICMP redirect messages If a VLAN is not specified the command applies to all IP interfaces disab...

Страница 165: ...P destination address modified as configured and changes are made to the IP and UDP checksums and decrements to the TTL field as appropriate If the UDP forwarding is used for BOOTP or DHCP forwarding...

Страница 166: ...rol on a per type per VLAN basis You would alter the default settings for security reasons to restrict the success of tools that can be used to find an important application host or topology informati...

Страница 167: ...BOOTP port number appropriate DHCP BOOTP proxy functions are invoked create udp profile profile_name Creates a UDP forwarding profile You must use a unique name for the UDP forwarding profile delete u...

Страница 168: ...168 Summit 300 48 Switch Software User Guide IP Unicast Routing...

Страница 169: ...ure and humidity controlled indoor area free or airborne materials that can conduct electricity Too much humidity can cause a fire Too little humidity can produce electrical shock and fire NOTE For mo...

Страница 170: ...ed current capacity of at least the amount rated for each specific product The AC attachment plug must be an Earth grounding type with a NEMA 5 15P 10 A 125 V configuration Denmark The supply plug mus...

Страница 171: ...country and by state Lithium batteries are not listed by the Environmental Protection Agency EPA as a hazardous waste Therefore they can typically be disposed of as normal waste If you are disposing...

Страница 172: ...172 Summit 300 48 Switch Software User Guide Safety Information...

Страница 173: ...relay RFC 2030 Simple Network Time Protocol RFC 1256 Router discovery protocol RFC 1812 IP router requirement RFC 1519 CIDR Management and Security RFC 1157 SNMP v1 v2c RFC 1213 MIB II RFC 1354 IP fo...

Страница 174: ...174 Summit 300 48 Switch Software User Guide Supported Standards...

Страница 175: ...d procedure from either a Trivial File Transfer Protocol TFTP server on the network Downloading a new image involves the following steps Load the new image onto a TFTP server on your network if you wi...

Страница 176: ...latile storage The switch can store two different configurations a primary and a secondary When you save configuration changes you can select to which configuration you want the changes saved If you d...

Страница 177: ...every day so that the TFTP server can archive the configuration on a daily basis Because the filename is not changed the configured file stored in the TFTP server is overwritten every day To upload t...

Страница 178: ...the downloaded configuration file as a script of CLI commands and automatically executes the commands If your CLI connection is through a Telnet connection and not the console port your connection is...

Страница 179: ...oaders called primary and secondary In the event the switch does not boot properly both bootstrap and bootloader will allow the user to access the boot options using the CLI If necessary the bootloade...

Страница 180: ...The BOOTLOADER prompt will appear on the screen Table 64 lists the Bootloader commands Table 62 Bootstrap Command Options Option Description boot Boots a loader enable Enables features h Accesses onl...

Страница 181: ...is 0 to 23 download image ipaddress hostname filename primary secondary Downloads a new image from a TFTP server over the network If no parameters are specified the image is saved to the current image...

Страница 182: ...Configures the switch to use a particular configuration on the next reboot Options include the primary configuration area or the secondary configuration area use image primary secondary Configures th...

Страница 183: ...esentative LEDs Power LED does not light Check that the power cable is firmly connected to the device and to the supply outlet On powering up the MGMT LED lights yellow The device has failed its Power...

Страница 184: ...or terminal emulator The settings are 9600 baud 8 data bits 1 stop bit no parity no flow control The SNMP Network Manager cannot access the device Check that the device IP address subnet mask and def...

Страница 185: ...emains You should manually delete the routes if no VLAN IP address is capable of using them You forget your password and cannot log in If you are not an administrator another user having administrator...

Страница 186: ...nd config port port auto off if you are connecting it to devices that do not support auto negotiation Ensure that you are using multi mode fiber MMF when using a 1000BASE SX Mini GBIC 1000BASE SX does...

Страница 187: ...nd devices to which it is attempting to connect and then reboot the endstation The switch keeps aging out endstation entries in the switch Forwarding Database FDB Reduce the number of topology changes...

Страница 188: ...User Guide Troubleshooting support extremenetworks com You can also visit the support website at http www extremenetworks com extreme support techsupport asp to download software updates requires a s...

Страница 189: ...es outside subnet 156 configuring proxy ARP 156 incapable device 156 proxy ARP between subnets 156 proxy ARP description of 156 responding to ARP requests 156 table displaying 158 authentication 84 au...

Страница 190: ...description 61 enabling a switch port 55 errors port 136 establishing a Telnet session 36 Events RMON 143 export restrictions 20 Extreme Discovery Protocol See EDP ExtremeWare factory defaults 20 fea...

Страница 191: ...irroring See port mirroring monitoring the switch 133 multiple routes 155 N names VLANs 69 network security policies 87 non aging entries FDB 103 O opening a Telnet session 36 P passwords default 30 f...

Страница 192: ...s 44 servers 43 TCP port 43 RADIUS attributes wireless 88 rate limits adding 111 deleting 112 rate limiting 132 receive errors 136 remote logging 139 Remote Monitoring See RMON renaming a VLAN 70 rese...

Страница 193: ...tures 142 switch port commands table 56 syntax understanding 23 syslog host 139 system contact SNMP 41 system location SNMP 41 system name SNMP 41 T tagging VLAN 66 technical support 187 Telnet connec...

Страница 194: ...QoS 122 W Web access controlling 47 web browsing applications and QoS 123 WEP 84 wireless event logging and reporting 81 example network 74 features 74 networking 73 show commands 80 wireless ports c...

Страница 195: ...lt 38 157 160 config iproute delete 160 config iproute delete blackhole 160 config iproute delete default 160 config iproute priority 157 160 config irdp 160 config log display 139 140 config mirrorin...

Страница 196: ...bpdu 146 disable ignore bpdu vlan 152 disable ignore stp vlan 152 disable inline power 98 disable inline power ports 99 disable inline power slot 98 disable ipforwarding 159 164 disable ipforwarding...

Страница 197: ...181 show access list 112 116 show access mask 112 116 show accounts 31 show banner 28 show configuration 181 show debug tracing 187 show dns client 31 show edp 61 show fdb 106 show fdb permanent 125 1...

Страница 198: ...101 unconfig inline power reserved budget ports 101 unconfig inline power usage threshold 99 unconfig inline power violation precedence ports 101 unconfig irdp 162 164 unconfig management 42 unconfig...

Отзывы:

Нет отзывов

Похожие инструкции для Summit 300-48

Бренд: Idem Страницы: 2

Бренд: NETGEAR Страницы: 8

Бренд: DANLERS Страницы: 2

S6520X-EI Series

Бренд: H3C Страницы: 34

Бренд: Accton Technology Страницы: 10

Бренд: Lancom Страницы: 23

Бренд: EtherWAN Страницы: 2

Бренд: EtherWAN Страницы: 2

Бренд: Campbell Hausfeld Страницы: 4

Бренд: CIECO Страницы: 17

Бренд: Lionel Страницы: 8

Бренд: Wetekom Страницы: 34

Бренд: NETGEAR Страницы: 8

Бренд: Lancom Страницы: 21

Бренд: Racal Instruments Страницы: 53

Cutler-Hammer RTHMFDA20100WSU

Бренд: Eaton Страницы: 28

Бренд: Cabletron Systems Страницы: 85

Бренд: Xantech Страницы: 32

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды