GarrettCom MNS-6K 4.1.4 Скачать руководство пользователя страница 119 | Manualshive

Страница: 119 / 364

GarrettCom MNS-6K 4.1.4 Скачать руководство пользователя страница 119

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E

is authentication where the user is verified against the network user database. The second stage is
authorization, where it is determined whether the user has operator access or manager privileges.

Packet

Packet encryption is a supported and is a configurable option for the Magnum MNS-6K software.
When encrypted, all authentication and authorization packets are encrypted and are
not readable by protocol capture and sniffing devices such as EtherReal or others. Packet data is
hashed and shared using MD5 and secret string defined between the Magnum 6K family of
switches and the server.

32 bits wide

4 4 8

8

8

bits

Major

Version

Minor

Version

Packet type Sequence no.

Flags

Session ID

Length

F

IGURE

72

–

TACACS packet format

•

Major Version – The major version number.

•

Minor version – The minor version number. This is intended to allow
revisions to the protocol while maintaining backwards compatibility

•

Packet type – Possible values are

TAC_PLUS_AUTHEN:= 0x01 (Authentication)
TAC_PLUS_AUTHOR:= 0x02 (Authorization)
TAC_PLUS_ACCT:= 0x03 (Accounting)

•

Sequence number – The sequence number of the current packet for the current
session

•

Flags – This field contains various flags in the form of bitmaps. The flag values signify
whether the packet is encrypted

•

Session ID – The ID for this session

•

Length - The total length of the packet body (not including the header)

Configuring

CLI commands to configure are

Syntax

show tacplus <status|servers>

-

show status of TACACS or servers configured as

servers

118

«
...
117
118
119
120
121
...
»

Содержание MNS-6K 4.1.4

Страница 1: ...MAGNUM 6K FAMILY OF SWITCHES Managed Network Software MNS MNS 6K SECURE 14 1 4 and MNS 6K 4 1 4 CLI User Guide...

Страница 2: ...word help help command or just type command Enter If you need information on a specific feature in Web Management Interface use the online help provided in the interface If you need further informati...

Страница 3: ...demarks and Personal Hub is a registered trademark of GarrettCom Inc NEBS is a registered trademark of Telcordia Technologies UL is a registered trademark of Underwriters Laboratories Ethernet is a tr...

Страница 4: ...le screen 25 Logging in for the first time 26 Setting the IP parameters 26 Privilege levels 29 Operator Privileges 30 Manager Privileges 30 User management 30 Add User 30 Delete User 31 Modify Passwor...

Страница 5: ...em DNS 48 Setting serial port parameters 50 System parameters 50 Date and time 52 Network time SNTP Client 53 Network time SNTP Server 54 Saving and loading configuration 54 Config files 58 Script fil...

Страница 6: ...Configuration 81 MNS 6K SECURE Implementation 81 List of commands in this chapter 83 6 SNTP Server 84 SNTP prerequisites 84 Background 84 Stratum clocks 85 MNS 6K SECURE Implementation 87 List of com...

Страница 7: ...Mirroring and Setup 122 Port monitoring and mirroring 122 Port mirroring 122 Port setup 123 Speed settings 124 Flow Control 125 Back Pressure 126 Broadcast Storms 128 Preventing broadcast storms 129...

Страница 8: ...Operation without S Ring 177 RSTP STP Operation with S Ring 179 LLL with S Ring 181 Ring learn features 181 Configuring S Ring 181 List of commands in this chapter 185 15 Dual Homing 187 Dual Homing c...

Страница 9: ...rations 231 Configuring GVRP 235 GVRP Operations Notes 237 List of commands in this chapter 238 20 SNMP 239 SNMP concepts 239 Traps 241 Standards 241 Configuring SNMP 242 Configuring RMON 251 List of...

Страница 10: ...S 290 Chapter 10 Port mirroring and setup 291 Chapter 11 VLAN 291 Chapter 12 Spanning Tree Protocol STP 292 Chapter 13 Rapid Spanning Tree Protocol 293 Chapter 14 S Ring and Link Loss Learn 294 Chapte...

Страница 11: ...tware 342 Accessing the switch 342 Serial Connection 342 Network Access 343 Saving the Configuration 343 Serial Connection 344 Network Access 346 Next steps 347 3 Loading the MNS 6K software 348 Befor...

Страница 12: ...ivilege levels Note the prompt changes with the new privilege level 30 FIGURE 8 Adding a user with Manager level privilege 31 FIGURE 9 Deleting a user 31 FIGURE 10 Changing the password for a specific...

Страница 13: ...act information 52 FIGURE 34 Setting the system date time and time zone 52 FIGURE 35 Setting the system daylight saving time 53 FIGURE 36 Setting up SNTP services 54 FIGURE 37 Saving the configuration...

Страница 14: ...ormation 92 FIGURE 59 Enabling and disabling port security 92 FIGURE 60 Viewing port security settings on a switch On port 9 learning is enabled This port has 6 stations connected to it with the MAC a...

Страница 15: ...switch 134 FIGURE 81 configuring VLANs on Magnum 6K switch 135 Figure 82 STP default values refer to next section Using STP for more detailed explanation on the variables 148 FIGURE 83 Viewing STP con...

Страница 16: ...and cannot span different modules 195 FIGURE 104 In this figure even though the connections are from one module to another this is still not a valid configuration for LACP using 4 ports as the trunk...

Страница 17: ...fic as shown above Each switch has the IGMPL2 turned on Each switch can exchange the IGMP query message and respond properly R4 wants to view surveillance traffic from T1 As shown by 1 a join request...

Страница 18: ...gger this mismatch 329 FIGURE 150 Mozilla Firefox tries to warn the user again about the dangers of sites with improper certificates 330 FIGURE 151 Firefox forces you to get the certificate before it...

Страница 19: ...transfer from saveconf command 346 FIGURE 166 Example of saveconf command for tftp 346 FIGURE 167 Upgrade using serial connection 349 FIGURE 168 File upload status window under Xmodem using HyperTerm...

Страница 20: ...mpt shown in Bold font with a or at the end For the document we will use Magnum6K25 as the default prompt Syntax rules Optional entries are shown in square brackets Parameter values within are shown i...

Страница 21: ...e manual will be shown by the lock icon shown here MNS 6K SECURE is a licensed feature of GarrettCom Inc Each switch with MNS 6K is upgraded to MNS 6K SECURE with the license key provided for that swi...

Страница 22: ...he switch can be used as a DHCP server Chapter 6 discusses time synchronization issues and SNTP services Chapter 7 discusses access consideration and how the access can be secured Chapter 8 describes...

Страница 23: ...to increase the throughput using 10 100 Mbps ports or in situations where resiliency is needed between switches trunks Once the network is made resilient the network manager may want to setup priorit...

Страница 24: ...ternately a USB to serial cable can also be used This cable is also available from LAN store or GarrettCom Inc 3 A PC or a workstation computer with a terminal emulation program such as HyperTerminal...

Страница 25: ...as an Appendix in this manual j The Login prompt is shown when the connection to the GarrettCom Magnum 6K Switch is successful and the switch is ready for the configuration commands Should you get a b...

Страница 26: ...ommands which allow effective monitoring configuration and debugging of the devices on the network Console setup Connect the console port on the switch to the serial port on the computer using the ser...

Страница 27: ...e details This manual was documented on a Magnum 6K25 switch and for clarity the prompt shown in the manual will be Magnum6K25 Fo Us r additional information on default users user levels and more see...

Страница 28: ...er of times A continuous ping to the switch will show an intermittent response as this happens This is normal behavior and is shown below Once the switch assigns itself an IP address the intermittent...

Страница 29: ...address mask subnet mask dgw gateway add del Magnum6K25 ipconfig ip 192 168 1 150 mask 255 255 255 0 dgw 192 168 1 10 Magnum6K25 save FIGURE 4 Setting IP address on the switch This document assumes th...

Страница 30: ...ic setup parameters You can use show setup or show sysconfig to view setup parameters Some of the parameters in the Magnum 6K family of switches are shown above The list of parameters below indicates...

Страница 31: ...r delimits any Manager prompt User management A maximum of five users can be added per switch for MNS 6K and a maximum of twenty users can be added for MNS 6K SECURE Users can be added deleted or chan...

Страница 32: ...er FIGURE 9 Deleting a user In this example user peter was deleted Modify Password Syntax passwd user name Magnum6K25 user passwd user peter Enter New Password Confirm New Password Password has been m...

Страница 33: ...access the device for modifying the configuration Syntax useraccess user name group list type read write enable disable set read or write access for the command group Syntax useraccess groups displays...

Страница 34: ...URE 12 Creating user access privileges After this command user Peter will not have read access to the VLAN system and user groups In another example if the user Peter is not allowed to access the swit...

Страница 35: ...or any command that is available at the current context level can be viewed by typing help followed by enough of the command string to identify the command Syntax help command string For example to li...

Страница 36: ...set of commands use the TAB key Syntax TAB Syntax Command string TAB Syntax First character of the command TAB For example following the syntax listed above the TAB key will list the available command...

Страница 37: ...Connection to the host lost FIGURE 20 logout command Upgrading to MNS 6K SECURE MNS 6K SECURE license can be purchased with the purchase of the switch In that case a license key will be issues to you...

Страница 38: ...ateway add del to set IP address on the switch Syntax save save changes made to the configuration Syntax reboot restart the switch same effect as physically turning off the power Syntax show setup sho...

Страница 39: ...cter Syntax logout logout from the CLI session Syntax useraccess user name service telnet web enable disable defines the services available to the user to access the device for modifying the configura...

Страница 40: ...switch will operate as a standalone Layer 2 switch Without an IP address you cannot Use the web interface to manage the switch Use telnet to access the CLI Use any SNMP Network Management software to...

Страница 41: ...ely used in the industry It s best to check with your network administrator as to what protocol to use and what the related parameters are DHCP and bootp require respective services on the network DHC...

Страница 42: ...t mode for the switch Where dhcp bootp manual auto where dhcp look only for DHCP servers on the network for the IP address Disable bootp or other modes bootp look only for bootp servers on the network...

Страница 43: ...iscuss or edit changes to the MNS 6K This also becomes useful as two remote people want to view the commands and other settings on the switch The telnet client can be disabled by using the telnet disa...

Страница 44: ...ote host from the Magnum 6K family of switches Syntax telnet ipaddress port port number The default port for telnet is 23 Magnum6K25 show ipconfig IP Address 192 168 1 11 Subnet Mask 255 255 255 0 Gat...

Страница 45: ...the switch The commands in these telnet windows are executed in a round robin i e if one window takes a long time to finish a command the other windows may encounter a delay before the command is comp...

Страница 46: ...of SSH it is important to verify unknown public keys before accepting them as valid Accepting an attacker s public key as a valid public key has the effect of disclosing the transmitted password and...

Страница 47: ...ports just the plain password authentication method This method is not supported o GSSAPI authentication methods which provide an extensible scheme to perform SSH authentication using external mechani...

Страница 48: ...ill be saved to flash memory Magnum6K25 access ssh enable Enabling Access to SSH ML2400 access show ssh SSH is enabled Magnum6K25 access telnet disable ERROR Connected through telnet Magnum6K25 access...

Страница 49: ...switch to another device A maximum of four SSH session can be active at the same time Domain Name System DNS DNS functionality is available in MNS 6K SECURE Domain Name System DNS associates various...

Страница 50: ...ns enable DNS enabled Magnum6K25 show dns DNS Server Address 192 168 5 254 Domain Name customer domain com DNS Status Enabled Magnum6K25 ping server 192 168 5 2 is alive count 1 time 20ms Magnum6K25 s...

Страница 51: ...rt will cause loss of connectivity the parameters of the terminals software e g Hyper Terminal etc will also have to be changed to match the new settings To see the current settings of the serial port...

Страница 52: ...ime Rule USA System UpTime 7 Days 12 Hours 30 Mins 46 Secs Magnum6K25 FIGURE 32 System parameters using the show sysconfig command Most parameters here can be changed System variables can be changed B...

Страница 53: ...x set date year 2001 2035 month 1 12 day 1 31 format mmddyyyy ddmmyyyy yyyymmdd Syntax set time hour 0 23 min 0 59 sec 0 59 Thus to set the time to be 08 10 am in the 8 hours from GMT PST or time zone...

Страница 54: ...witzerland Syria USA Network time SNTP Client Many networks synchronize the time using a Network time server The network time server provides time to the different machines using the Simple Network Ti...

Страница 55: ...RE 36 Setting up SNTP services Network time SNTP Server SNTP server feature is available in MNS 6K SECURE only Refer to the chapter on SNTP server in this manual Saving and loading configuration After...

Страница 56: ...te and kept for historical reasons These commands are replaced with the ftp or tftp or xmodem commands listed below Before the software is updated it is advised to save the configurations The re loadi...

Страница 57: ...get put list del type app config oldconf script hosts log host hostname ip ipaddress file filename upload and download information using sftp Secure ftp command Where get put list del different sftp o...

Страница 58: ...y whether a log file or host file is uploaded or downloaded This can also perform the task of exporting a configuration file or uploading a new image to the switch The details are conceptually explain...

Страница 59: ...mand the sequence of commands are shown below Magnum6K25 show ftp Current FTP Mode NORMAL Magnum6K25 set ftp mode passive FTP Set to Passive Mode Magnum6K25 show ftp Current FTP Mode PASSIVE Magnum6K2...

Страница 60: ...P MDIX Module Slot B 2 Port Fiber10 Module Slot C 4 Port Fiber100 Module Slot D 1 10 100 1000T 1 Giga SFP 1000 System Manager This area configures System related information set bootmode type auto set...

Страница 61: ...is replaced back in clear text To encrypt and save the config file use the CLI command Syntax set secrets hide show hides or encrypts the user access password Default is show The script file will look...

Страница 62: ...ration of Magnum MNS 6K settings GarrettCom recommends that modifications of this file and the commands should be verified by the User in a test environment prior to use in a live production network T...

Страница 63: ...bling or disabling the pagination Displaying configuration To display the configuration or to view specific modules configured the show config command is used as described below Syntax show config mod...

Страница 64: ...em related information SYSTEM Edit below this line only system_name Main system_contact someone joe com system_location Sunnyvale CA boot_mode manual system_ip 192 168 1 15 system_subnet 0 0 0 0 syste...

Страница 65: ...ystem_name Main system_contact someone joe com system_location Sunnyvale CA boot_mode manual system_ip 192 168 1 15 system_subnet 0 0 0 0 system_gateway 192 168 1 11 idle_timeout 10 telnet_access enab...

Страница 66: ...mmand discussed above before using the kill config command The kill config will also reset the IP address and all other parameters as well unless the save option described below is used Syntax kill co...

Страница 67: ...the serial number of the unit use the command show setup as shown below The command also displays other information related to the switch Syntax show setup display the setup serial number factory code...

Страница 68: ...the network for DHCP server then BootP server then check if the IP address 192 68 1 2 is freed up bootimg enable disable valiad with type bootp only Allows the switch to load the image file from the...

Страница 69: ...our 0 24 min 0 59 setup the frequency at which the SNTP server is queried Syntax sntp enable disable enables or disables the SNTP services Syntax saveconf mode serial tftp ftp ipaddress file name save...

Страница 70: ...downloaded This can also perform the task of exporting a configuration file or uploading a new image to the switch host hostname ip ipaddress file filename parameters associated with tftp server for...

Страница 71: ...climode script console show set the interactive CLI mode on console or off script To see the mode use the show option Syntax more enable disable show enable or disable the scrolling of lines one page...

Страница 72: ...6 K S W I T C H E S M N S 6 K U S E R G U I D E 71 Syntax show timezone shows the system timezone Syntax show date shows the system date Syntax show uptime shows the amount of time the switch has been...

Страница 73: ...C 1752 The Recommendation for the IP Next Generation Protocol The recommendation was approved by the Internet Engineering Steering Group and made a proposed standard on November 17 1994 The core set o...

Страница 74: ...use of anycast addresses in the IPv6 source route allows nodes to control the path which their traffic flows Header Format Simplification Some IPv4 header fields have been dropped or made optional to...

Страница 75: ...es per square meter of the surface of the planet Earth assuming the earth surface is 511 263 971 197 990 square meters In the most pessimistic estimate this would provide 1 564 addresses for each squa...

Страница 76: ...ftp fe80 220 6ff fe25 ed80 yntax telnet IPv6 address telnet to an IPv6 station Example telnet fe80 220 6ff fe25 ed80 Besides if the end station supports IPv6 addressing as most Linux and Windows syst...

Страница 77: ...M A G N U M 6 K S W I T C H E S M N S 6 K U S E R G U I D E 76...

Страница 78: ...ehavior of BOOTP relay agents and DHCP participants can interoperate with BOOTP participants The DHCP server ensures that all IP addresses are unique4 e g no IP address is assigned to a second client...

Страница 79: ...same IP address throughout its connection to a single network Maintaining the same IP address is important to correct functioning of higher layer protocols and applications However if the lease actua...

Страница 80: ...mated and controlled the network manager can leverage this automation for security automation as well Technical Details Since the DHCP client evolved from BOOTP the DHCP protocol uses the same two IAN...

Страница 81: ...ver is offering the subnet mask the lease duration and the IP address of the DHCP server making the offer The server determines the configuration based on the client s hardware address as specified in...

Страница 82: ...e release of IP address is up to the client Client Configuration A DHCP server can provide optional configuration parameters to the client RFC 2132 defines the available DHCP options which are summari...

Страница 83: ...tarting ip and ending ip of DHCP server lease pool and leas e time Usage config startip start ip endip end ip mask mask dns dns gateway gatew ay leasetime lease time 1 10 hours Magnum6K25 dhcpserver c...

Страница 84: ...rtip start ip endip endip mask mask dns dns1 dns2 dns10 gateway gateway leasetime lease time 1 10 hours configure the DHCP lease request parameters such as starting IP address ending IP address DNS se...

Страница 85: ...is available only on MNS 6K SECURE Not all models of the GarrettCom 6K family of switches support SNTP server as this functionality requires a clock that needs to be accurate While all devices can be...

Страница 86: ...he IPv4 IPv6 and OSI protocol stacks SNTP has been used in several standalone NTP servers integrated with GPS receivers The article from NIST http tf nist gov timefreq service pdf computertime pdf pro...

Страница 87: ...se receivers are available for many time dissemination services including the Global Position System GPS and other services operated by various national governments For reasons of cost and convenience...

Страница 88: ...p Groups system Magnum6K25 sntpserver show sntpsrv SNTP SERVER Running Magnum6K25 sntpserver sntpsrv stop Stopping SNTP Server SNTP Server Stopped Magnum6K25 sntpserver show sntpsrv SNTP SERVER Stoppe...

Страница 89: ...N S 6 K U S E R G U I D E 88 List of commands in this chapter Syntax sntpserver enter the SNTP Server configuration mode Syntax sntpsrv start stop Start or stop the SNTP Services Syntax show sntpsrv...

Страница 90: ...Secure cess on a network can be provided by authenticating against an allowed MAC address as well as IP address j Passwords Magnum 6K family of switches comes with a factory default password for the m...

Страница 91: ...urity etwork security hinges on the ability to allow or deny access to network sources The access control aspect of secure network services involves allowing or disallowing traffic based on informatio...

Страница 92: ...address list range port num list range Syntax signal port num list range none log trap logandtrap Where allow mac configures the switch to setup allowed MAC addresses on specific ports learn port con...

Страница 93: ...between specified MAC addresses Magnum6K25 port security action port 9 10 none Magnum6K25 port security learn port 9 10 enable FIGURE 58 Port security the port learns the MAC addresses Note a maximum...

Страница 94: ...E 6 00 e0 29 2a f1 bd 00 01 03 e2 27 89 00 07 50 ef 31 40 00 e0 29 22 15 85 00 03 47 ca ac 45 00 30 48 70 71 23 10 ENABLE NONE NONE DISABLE 0 Not Configured 11 ENABLE NONE NONE ENABLE 0 Not Configured...

Страница 95: ...d Trap on selected port s FIGURE 64 Setting the logging on a port The figures listed above show the necessary commands to setup port security The recommended steps to setup security are 1 Set the MNS...

Страница 96: ...ABLE 0 00 c1 00 7f ec 00 12 ENABLE NONE NONE DISABLE 0 Not Configured 13 ENABLE NONE NONE DISABLE 0 Not Configured 14 ENABLE NONE NONE DISABLE 0 Not Configured 15 ENABLE NONE NONE DISABLE 0 Not Config...

Страница 97: ...figure the disposition of the event messages the process of having them sent to a syslog collector generally consists of deciding which facility messages and which severity levels will be forwarded an...

Страница 98: ...the first six levels The event log is now automatically saved to flash so rebooting will not loose them NOTE since the event logs are written on the flash once the flash memory is full the logs stop w...

Страница 99: ...the syslog settings Magnum6K25 show log S Date Time Log Description Note 06 17 2007 09 57 27 P M CLI Session Timed Out for User manager on Telnet Note 06 17 2007 09 57 27 P M CLI Session Term User ma...

Страница 100: ...05 P M CLI Session Started from Telnet 192 168 5 2 Note 06 23 2007 06 18 16 P M CLI User manager Login From Telnet 192 168 5 2 Magnum6K25 clear log Clear Logged Events Y or N Y Magnum6K25 show log Ma...

Страница 101: ...server edit id 2 event warn Server Modified Magnum6K25 syslog show syslog SysLog Status Enabled Server ID 1 SysLog Server Host 192 168 5 2 Server Logging Disabled Log Events Default Server ID 2 SysLog...

Страница 102: ...e log shows the most recent event at the top of the listing If the log is filled when the switch detects a new event the oldest entry is dropped off the listing As discussed in the prior section any p...

Страница 103: ...This feature is available in MNS 6K SECURE Just as port security allows and disallows specific MAC addresses from accessing a network the MNS 6K software can allow or block specific IP addresses or a...

Страница 104: ...mask is used to indicate that Also a specific station with IP address 192 168 15 25 is allowed again note how the subnet mask is used to allow only one specific station in the network Older station w...

Страница 105: ...y Syntax show log fatal alert crit error warn note info debug display the log Syntax clear log fatal alert crit error warn note info debug clear the log Syntax set logsize size 1 1000 set the number o...

Страница 106: ...c IP address from the access or trusted host list Syntax removeall remove all IP addresses of trusted hosts Syntax show ip access display all trusted hosts Syntax clear history log 1 5 informational a...

Страница 107: ...for authenticating users connecting into a network For example if a user connects a PC into the network whether the PC should be allowed access or not provides the same issues as to whether or not a d...

Страница 108: ...Authenticator Authentication Server RADIUS 802 1x Switch The RADIUS server is the authentication server The authentication server provides a standard way of providing Authentication Authorization and...

Страница 109: ...an EAP Request frame This will request the supplicant to pass its credentials for authentication 6 The supplicant will send its credentials using an EAP Response packet 7 The authenticator will relay...

Страница 110: ...te the port use the setport command The CLI commands to configure and perform authentication with a RADIUS server are Syntax auth configuration mode to configure the 802 1x parameters Syntax show auth...

Страница 111: ...onds Syntax reauth port num list range status enable disable period 10 86400 set values on how the authenticator Magnum 6K switch does the re authentication with the supplicant or PC port mandatory po...

Страница 112: ...Auto Deasserted Unauthorized 8 Enabled Auto Deasserted Unauthorized 9 Enabled Auto Deasserted Unauthorized 10 Enabled Auto Deasserted Unauthorized 11 Enabled Auto Deasserted Unauthorized 12 Enabled A...

Страница 113: ...parameter s The amount of time in seconds the supplicant is held after an authentication failure before the authenticator retries the supplicant for connection is changed to 120 seconds the number of...

Страница 114: ...pLogoffsWhileConnecting 0 authEntersAuthenticating 3 authAuthSuccessesWhileAuthenticating 2 authAuthTimeoutsWhileAuthenticating 0 authAuthFailWhileAuthenticating 0 authAuthReauthsWhileAuthenticating 0...

Страница 115: ...in seconds the authenticator waits for the backend RADIUS server to respond back The default value is 30 seconds Values can range from 1 to 240 seconds maxreq optional The maximum number of times the...

Страница 116: ...gured status optional This enables disables re authentication period optional this is the re authentication period in seconds This is the time the authenticator waits before a re authentication proces...

Страница 117: ...or the MILNET Military Network Cisco s enhancements to TACACS are called XTACACS XTACACS is now replaced by TACACS TACACS is a TCP based access control protocol TCP offers a reliable connection orient...

Страница 118: ...rized as Manager Login as Manager Start Additional Servers Logout Connection failure No Yes Login User in Local User List Yes Is User Manager Yes Login as Manager Login as Operator No No TACACS Enable...

Страница 119: ...ersion Minor Version Packet type Sequence no Flags Session ID Length FIGURE 72 TACACS packet format Major Version The major TACACS version number Minor version The minor TACACS version number This is...

Страница 120: ...able disable optional for add enable or disable packet encryption key string optional for add mandatory with encrypt when encryption is enabled the secret shared key string must be supplied mgrlevel l...

Страница 121: ...order tac local local tac enable or disable TACACS authentication specifying the order in which the server or local database is looked up where tac local implies first the TACAS server then local log...

Страница 122: ...tring optional for add mandatory with encrypt when encryption is enabled the secret shared key string must be supplied mgrlevel level and oprlevel level optional specifies the manager and operator lev...

Страница 123: ...ll the traffic for a specific port is reflected on another port typically a monitoring port The Magnum 6K family of switches can be instructed to repeat the traffic from one port onto another port Thi...

Страница 124: ...mr diable command 1 Only one port can be set to port mirror at a time 2 Both the ports monitored port and sniffer port have to belong to the same VLAN 3 The mirrored port shows both incoming as well a...

Страница 125: ...port 11 name JohnDoe Magnum6K25 device setport port 12 name JaneDoe Magnum6K25 device show port Keys E Enable D Disable H Half Duplex F Full Duplex M Multiple VLANs NA Not Applicable LI Listening LE L...

Страница 126: ...ntrol is for full duplex operation and the controls provided indicates the number of buffers allowed for incoming traffic before a Rxon or Rxoff information is sent RXon is sent when the number of buf...

Страница 127: ...ed congestion control is possible only on half duplex 10 Mbps Ethernet ports Other technologies are not supported on Magnum 6K family of switches Syntax backpressure rxthreshold value where rxthreshol...

Страница 128: ...M Multiple VLAN s NA Not Applicable LI Listening LE Learning F Forwarding B Blocking Port Name Status Dplx Media Link Speed Part Auto Vlan GVRP STP 9 B1 E H 10Tx UP 10 No E 1 10 B2 E H 10Tx DOWN 10 No...

Страница 129: ...eed 10Mbps Port Duplex Mode half duplex Port Auto negotiation State Enable Port STP State NO STP Port GVRP State No GVRP Port Priority Type None Port Security Enable Port Flow Control Enable Admin Sta...

Страница 130: ...st packets received Syntax broadcast protect enable disable enable or disable the broadcast storm protection capabilities Syntax rate threshold port port list range rate frames sec set the rate limit...

Страница 131: ...o sh 7 ows how the threshold can be lowered for a specific port Port Rate limiting for broadcast traffic Please refer to the above section on broadcast storms List of commands in this chapter Syntax s...

Страница 132: ...ow flowcontrol display flow control buffers yntax backpressure rxthreshold value configure backpressure buffers yntax show backpressure display backpressure buffers yntax broadcast protect enable disa...

Страница 133: ...y of having two or more Ethernet segments exist on common hardware The reason for creating multiple segments in Ethernet is to isolate collision domains VLANs can isolate groups of users or divide up...

Страница 134: ...to the default VLAN DEFAULT VLAN This places all ports on the switch into one physical broadcast domain Users familiar with VLANs and plan to deploy GarrettCom switches to interoperate with Cisco swit...

Страница 135: ...switch MNS 6K supports up to 32 VLANs per switch MNS 6K SECURE supports up to 256 VLANs per switch Creating VLANs Creating VLAN and to configure VLAN related commands Syntax set vlan type tag none de...

Страница 136: ...gnum6K25 vlan Magnum6K25 tag vlan add id 2 name test port 1 10 Magnum6K25 tag vlan start vlan all Magnum6K25 tag vlan save Saving current configuration Configuration saved FIGURE 81 configuring VLANs...

Страница 137: ...e VLAN For example if port 1 is a member of VLANs 10 20 and 30 if a packet with VLAN id 40 arrives at port 1 it will be dropped Syntax set port port number list range tagging id number status tagged u...

Страница 138: ...is set to VLAN 1 and can be changed to another VLAN A word of caution on changing the default VLAN as well there can be repercussions on management as well as multicast and other issues 4 Tag VLAN su...

Страница 139: ...N Magnum6K25 vlan Magnum6K25 tag vlan add id 10 name mkt port 14 16 Tag based vlan Added Successfully Vlan id 10 Vlan name mkt Ports 14 16 Magnum6K25 tag vlan edit id 10 name engineering port 14 16 Ta...

Страница 140: ...4 16 Magnum6K25 tag vlan show vlan VLAN ID 1 Name Default VLAN Status Active PORT MODE STATUS 9 UNTAGGED UP 10 UNTAGGED DOWN 11 UNTAGGED DOWN 12 UNTAGGED DOWN 13 UNTAGGED UP 14 UNTAGGED DOWN 15 UNTAGG...

Страница 141: ...er Enabled Magnum6K25 tag vlan show vlan Magnum 6K25 tag vlan show vlan VLAN ID 1 Name Default VLAN Status Active PORT MODE STATUS 1 UNTAGGED UP 2 UNTAGGED DOWN 3 UNTAGGED DOWN 4 UNTAGGED DOWN 5 UNTAG...

Страница 142: ...gging id 10 status tagged Port tagging enabled Magnum6K25 tag vlan set port port 14 16 tagging id 20 status tagged Port tagging enabled Magnum6K25 tag vlan set port port 14 16 tagging id 30 status tag...

Страница 143: ...LAN ID 10 Name mkt Status Active PORT MODE STATUS 14 TAGGED DOWN 15 TAGGED DOWN 16 TAGGED DOWN VLAN ID 20 Name sales Status Active PORT MODE STATUS 14 TAGGED DOWN 15 TAGGED DOWN 16 TAGGED DOWN VLAN ID...

Страница 144: ...s ENABLED VLAN Memberships Vlan 1 Status Active UNTAGGED Vlan 10 Status Pending TAGGED Vlan 20 Status Pending TAGGED Vlan 30 Status Pending TAGGED Port 15 Default ID 1 Filter Status ENABLED VLAN Membe...

Страница 145: ...lan 1 Status Active UNTAGGED Port 14 Default ID 1 Filter Status ENABLED VLAN Memberships Vlan 1 Status Active UNTAGGED Vlan 10 Status Active TAGGED Vlan 20 Status Active TAGGED Vlan 30 Status Active T...

Страница 146: ...page look for the drop down on Technical Briefs List of commands in this chapter Syntax set vlan type tag none defines the VLAN type Syntax vlan enable disable allow VLAN commands or configure vlan c...

Страница 147: ...will be tagged or untagged Syntax set port port number list range join id number adds the specified port s to the specified VLAN id Syntax set port port number list range leave id number releases a s...

Страница 148: ...ate messages This duplication leads to a broadcast storm or other erratic behavior that can bring down the network j As recommended in the IEEE 802 1Q VLAN standard the Magnum 6K family of switches us...

Страница 149: ...o use STP it has to be manually enabled 2 If you are using tagged VLANs at least one untagged VLAN must be available for the BPDU s to propagate through the network to update STP status 3 Whenever cha...

Страница 150: ...which is elected as the root port of the switch A oot Path Cost A path cost is assigned to individual ports for the switch to determine converge resulting in a slower system IGURE 83 View Spanning Tr...

Страница 151: ...nds This value can be set between 4 30 seconds Root Bridge Hello Time indicates the designated root bridge s in Root Bridge Max Age indicates the de it These variables can be changed using the priori...

Страница 152: ...State indicates the STP state of individual ports V F Des Bridge This is the port s design Des Port This is the port s designated root port To enable or disable STP enter the STP co yntax stp STP Conf...

Страница 153: ...d 80 00 00 20 06 25 ed 80 80 0c 13 TP 10 100 128 19 Forwarding 80 00 00 20 06 25 ed 80 80 0d 14 TP 10 100 128 100 Disabled 80 00 00 20 06 25 ed 80 80 0e 15 TP 10 100 128 100 Disabled 80 00 00 20 06 25...

Страница 154: ...efault value is 32768 Cost A path cost is assigned to individual ports for the switch to determine whic a falls in the passive mode compared to the link with a lower cost Value ranges from 0 to 65535...

Страница 155: ...Spanning Tree Enabled Global YES Spanning Tree Enabled Ports YES 9 10 11 12 13 14 15 16 Protocol Normal STP Bridge ID 80 00 00 20 06 25 ed 80 Bridge Priority 32768 Bridge Forward Delay 15 Bridge Hello...

Страница 156: ...e Max Age 20 RSTP CONFIGURATION Rapid STP STP Enabled Global NO Magnum6K25 stp priority port 13 value 20 Successfully set the priority for port 13 Magnum6K25 stp show stp ports STP Port Configuration...

Страница 157: ...0 0a 10 11 TP 10 100 128 100 Disabled 80 00 00 20 06 25 ed 80 80 0b 12 TP 10 100 128 100 Disabled 80 00 00 20 06 25 ed 80 80 0c 13 TP 10 100 20 19 Forwarding 80 00 00 20 06 25 ed 80 80 0d 14 TP 10 100...

Страница 158: ...Global NO Magnum6K25 stp timers forward delay 20 hello 5 age 40 ERROR Invalid Values Max Age 2 Forward Delay 1 and Max Age 2 Hello Time 1 Magnum6K25 stp timers forward delay 20 hello 5 age 30 Success...

Страница 159: ...may not need to participate in STP process These ports typically would be end stations If you Syntax timers forward delay 4 30 hello 1 10 age 6 160 change the STP Forward Delay Hello timer and Aging t...

Страница 160: ...EE 802 1w is a further evolution of the 802 1d Spanning Tree Protocol It replaces the settling period with an active handshake between switches bridges that guarantees topology information to be rapid...

Страница 161: ...n this state is usually quite short RSTP switches bridges operating in STP compatibility mode will spend between 6 to 40 seconds in this state After learning the bridge will place the port in the forw...

Страница 162: ...sent and received In order to allow RSTP switches to support applications and protocols that may be sensitive to frame duplication and out of sequence frames RSTP may have to be explicitly set to be...

Страница 163: ...EEE 802 1d STP services but cannot support RSTP services p2p This parameter is used to tell the port if it is connected to another switch or a hub or a bridge device This parameter should be set to of...

Страница 164: ...rts have RSTP enabled Protocol indicates type of RSTP protocol active Bridge Priority specifies the switch bridge priority value This value is used along with the switch MAC address to determine which...

Страница 165: ...lo time Hello information is sent out every 2 seconds Root Bridge Max Age indicates the designated root bridge s maximum age after which it discards the information as being old and receives new updat...

Страница 166: ...ared to the path cost in RSTP Port Type STP Path cost RSTP Path cost 10 Mbps 100 2 000 000 100 Mbps 19 200 000 1 Gbps 4 20 000 10 Gbps 2 2 000 Figure 89 Path cost as defined in IEEE 802 1d STP and 802...

Страница 167: ...ow the values of the timers set for RSTP Syntax priority port number list range value 0 255 0 65535 specifies the port or switch level priority When a port s are specified the priority is associated w...

Страница 168: ...e the switch discards the information and updates the address table again Value ranges from 6 to 160 seconds with default value of 20 seconds Use a larger number when there are a large number of nodes...

Страница 169: ...0 0d 14 TP 10 100 128 2000000 Disabled 00 0e 15 TP 10 100 128 2000000 Disabled 00 0f 16 TP 10 100 128 2000000 Disabled 00 10 Magnum6K25 rstp forceversion rstp Error Force Version already set to Normal...

Страница 170: ...ay 15 Root Bridge Hello Time 02 Root Bridge Max Age 20 Topology Change count 0 Time Since topology Chg 141 Magnum6K25 rstp show timers Forward Delay Timer 15 sec Hello Timer 2 sec Max Age 20 sec Magnu...

Страница 171: ...rt Type Priority Path Cost State Des Bridge Des Port 09 TP 10 100 128 2000000 Forwarding 00 00 00 20 06 25 ed 89 00 09 10 TP 10 100 128 2000000 Disabled 00 0a 11 TP 10 100 128 2000000 Disabled 00 0b 1...

Страница 172: ...15 TP 10 100 128 2000000 Disabled 00 0f 16 TP 10 100 128 2000000 Disabled 00 10 Magnum6K25 rstp timers forward delay 20 hello 5 age 30 Successfully set the bridge time parameters Magnum6K25 rstp show...

Страница 173: ...list range migration enable set this for all ports connected to other devices such as hubs bridges and switches known to support IEEE 802 1d STP services but cannot support RSTP services Syntax show...

Страница 174: ...M A G N U M 6 K S W I T C H E S M N S 6 K U S E R G U I D E 173 Syntax timers forward delay 4 30 hello 1 10 age 6 160 change the STP Forward delay Hello timer and Aging timer values...

Страница 175: ...ed with networking switches from different vendors LLL triggers action on the device supporting LLL when a connection is broken or there is loss of the link signal on a ring port LLL can be used with...

Страница 176: ...hever occurs first In most instances the link loss will be detected faster than the two second interval at which the BPDU packets are successfully passed around the ring Typical ring recovery times us...

Страница 177: ...License A license key is needed One key per ring manager switch Included in MNS 6K Included in MNS 6K Spanning Tree Works with RSTP or STP devices Devices supported Managed or certain non managed Magn...

Страница 178: ...al homing to members in the ring Supports dual homed device to devices in the network Supports dual homed device to devices in the network RSTP STP Operation without S Ring S Ring supports non managed...

Страница 179: ...re in the ring will interrupt the flow of standard RSTP STP status checking BPDU packets and will signal to RSTP STP that a fault has occurred According to the standard RSTP STP defined sequence proto...

Страница 180: ...tes depending on the number of switches and other RSTP STP parameters in operation RSTP STP Operation with S Ring When the Magnum 6K family of switches is used in the network and the S Ring feature is...

Страница 181: ...r remote operation access security event logs and other industry standard managed network capabilities suitable for industrial applications requiring redundancy When S Ring is enabled for a port pair...

Страница 182: ...kly re learn where to send packets enabling them to participate in a very quick recovery or restoration Note that a Link loss on any Magnum 6K Switch port somewhere in the ring is an alternative trigg...

Страница 183: ...eboot Proceed on rebooting the switch Y or N Y Do you wish to save current configuration Y or N Y Saving current configuration Configuration saved Rebooting now FIGURE 95 Activating S Ring on the swit...

Страница 184: ...Syntax s ring enable disable enable or disable S Ring capabilities Syntax s ring learn start the learning process to discover the ring and the ports which make up the S Ring Syntax s ring add port po...

Страница 185: ...en in quick successions If the ring system sees a sequence of changes in the duration of a less than a second each it will temporarily ignore the signals and leave STP to reconfigure the ring network...

Страница 186: ...p enable disable Start Enable or stop Disable STP Syntax set stp type stp rstp set the spanning tree protocol to be IEEE 802 1d or 802 1w Spanning Tree Protocol or Rapid Spanning Tree Protocol Syntax...

Страница 187: ...ange disable LLL on the list of specified ports Syntax show lll display the status of LLL Syntax rstp STP Configuration mode Syntax rstp enable disable Start Enable or stop Disable STP Syntax set stp...

Страница 188: ...iability by allowing a device to be connected to the network by way of two independent connection points points of attachment One connection point is the operating connection and the other is a standb...

Страница 189: ...s well as other advantages such as IGMP managed configuration and more To provide the managed reliability to the end devices dual homing can be used with MNS 6K devices FIGURE 99 Dual homing using Mag...

Страница 190: ...tors cables in the switch6 Only one set of dual homing ports can be defined per switch Port types Copper vs fiber as well as speeds can be mixed and matched both ports need not be identical By default...

Страница 191: ...has to be explicitly setup The primary secondary mode of operation is only possible on managed switches such as the Magnum 6K family of switches The primary secondary mode of operation allows the netw...

Страница 192: ...ual Homing Active On Port 10 Magnum6K25 dualhome dualhome del Dual Homing Ports Deleted and Dual Homing Disabled Magnum6K25 dualhome show dualhome Dual Homing Status DISABLED Magnum6K25 dualhome dualh...

Страница 193: ...ntax dualhome enable disable enable or disable dual homing Syntax dualhome add port1 port port2 port dual homing setup similar to that of unmanaged switches such as ESD42 OR Syntax dualhome add primar...

Страница 194: ...links into a single logical link for increased bandwidth With LACP the effective bandwidth of a trunk and network availability is increased Two or more Fast Ethernet connections are combined as one l...

Страница 195: ...t is possible to hook up multiple ports to these switches and create an Ethernet loop In many cases this is prevented by Spanning Tree running on these switches All ports in a trunk group should be me...

Страница 196: ...fferent modules Another example is highlighted below where some ports belong to VLAN 10 shown in red and other ports belong to VLAN 20 shown in blue If the port groups do not have a common VLAN betwee...

Страница 197: ...n will not work in the LACP mode VLAN 20 VLAN 10 Switch 2 Switch 1 FIGURE 105 In the figure above there is no common VLAN between the two sets of ports so packets from one VLAN to another cannot be fo...

Страница 198: ...architecture above using RSTP and LACP allows multiple switches to be configured together in a meshed redundant link architecture First define the RSTP configuration on the switches Then define the L...

Страница 199: ...redundancy to the edge of the network It is recommended not to use LACP with S Ring at this time Since S Ring and LACP use the same BPDUs called LACPDUs the architecture shown below is not supported i...

Страница 200: ...ween two facilities connected via a wireless bridge As shown in the figure below four trunk ports are connected to four wireless bridge pairs This increases the effective throughput of the wireless co...

Страница 201: ...e priority The port with the highest priority is the primary port Syntax del port number list range delete specified ports from the LACP membership Syntax edit port number list range priority priority...

Страница 202: ...as the primary port So in the example above if port 4 fails port 5 will be designated as the primary port Magnum6K25 show lacp LACP is Disabled Magnum6K25 lacp Magnum6K25 lacp add port 14 15 16 Error...

Страница 203: ...nnected Half duplex A Half Duplex port Half Duplex ports cannot participate in LACP Loop Detected Indicates the other side does not have LACP configured Without LACP configured on both switches the ne...

Страница 204: ...ports 17 and 23 forming the second trunk on Switch 2 The show lacp command was executed on Switch 1 Magnum 6K lacp show lacp Trunk Id 1 Trunk Status Trunk Active Primary Port 11 Trunk Partner 00 20 06...

Страница 205: ...ecified list of ports Syntax ecified ports from the LACP membership of the Syntax to form the logical LACP trunk Default value for priority is 32768 The lower the value assigned to priority the higher...

Страница 206: ...implement buffers to queue incoming packets as well as outgoing packets In a queue mechanism normally the packet which comes in first leaves first FIFO and all the packets are serviced accordingly Ima...

Страница 207: ...n the LAN MAN and WAN DiffServ works by tagging each packet at the originating device or an intermediate switch for the requested level of service it requires across the network FIGURE 114 ToS and DSC...

Страница 208: ...need to differentiate these bits from the rest of the ToS byte The Magnum 6K family of switches has the capability to provide QoS at Layer 2 At Layer 2 the frame uses Type of Service ToS as specified...

Страница 209: ...e IPv4 packet which has 64 bits are used If the 6 bits are set to ToS QoS for the specific port number the packet went to that packet is assigned high priority by that port Configuring QoS Magnum 6K f...

Страница 210: ...For instance traffic with an IP precedence field value of 7 gets a lower weight than traffic with an IP Precedence field value of 3 and thus has priority in the transmit order Once the port weight is...

Страница 211: ...ged received packets to be transmitted as tagged from the priority queue Magnum6K25 show port Keys E Enable D Disable H Half Duplex F Full Duplex M Multiple VLAN s NA Not Applicable LI Listening LE Le...

Страница 212: ...7 None DOWN 9 None DOWN 10 HIGH DOWN 11 None DOWN 13 None DOWN 14 None DOWN 15 None DOWN Magnum6K25 qos setqos port 11 priority high type tag tag 6 Successfully set QOS Magnum6K25 qos show qos PORT Q...

Страница 213: ...ag tag 5 Successfully set QOS Magnum6K25 qos show qos type tag PORT Pri for VPT STATUS 76543210 1 UP 2 DOWN 3 DOWN 5 DOWN 6 DOWN 7 DOWN 9 DOWN 10 DOWN 11 LHLLLLL DOWN L 13 LLMLLLLL DOWN 14 DOWN 15 DOW...

Страница 214: ...tings on a port yntax show qos type port tag tos port port list range displays the QoS yntax set untag port port list range priority high low tag 0 7 The priority high low tos 0 63 list range tag 0 7...

Страница 215: ...am i e the datagram is not guaranteed to arrive at all members of the destination group or in the same order relative to other datagram The membership of a host group is dynamic that is hosts may join...

Страница 216: ...IGMP is not present then the switch must assume this function in order to elicit group membership information from the hosts on the network If you need to disable the querier feature you can do so thr...

Страница 217: ...fic and does not distinguish between IP multicast group members and non members Thus it is sending large amounts of unwanted multicast traffic out the ports to PCs 2 and 3 Switch 2 is recognizing IGMP...

Страница 218: ...rk In the above figure the multicast group traffic does not go to switch 1 and beyond This is because either the port on switch 3 that connects to switch 1 has been configured as blocked or there are...

Страница 219: ...of the ports sends a join report or invokes the IGMP Pruning action the behavior changes A multicast group is formed in the switch and the stream is sent only to those ports that actually want to joi...

Страница 220: ...nor is there any capability for the devices to use IGMP snooping to join a multicast group Thus the traffic picture from a multicast device would look as shown below R1 R2 R3 R4 R5 R6 T1 T1 T2 T2 FIGU...

Страница 221: ...family of switches a Layer 2 network can minimize multicast traffic as shown above Each switch has the IGMPL2 turned on Each switch can exchange the IGMP query message and respond properly R4 wants to...

Страница 222: ...e forwarded on the same port groups It is not possible to do forwarding based on IP addresses as the Magnum 6K family of switches operate at Layer 2 Magnum 6K family of switches configured for IGMP L2...

Страница 223: ...unknown streams Enabled Magnum6K25 igmp mcast disable MCAST is disabled Magnum6K25 igmp show igmp IGMP State Enabled ImmediateLeave Disabled Querier Enabled Querier Interval 125 Querier Response Inter...

Страница 224: ...es maximum amount of time in seconds that can elapse between when the querier sends a host query message and when it receives a response from a host Syntax show group shows the multicast groups Magnum...

Страница 225: ...it for the timer to expire Syntax set querier enable disable enables or disables a switch as IGMP querier Syntax set qi interval value The IGMP querier router periodically sends general host query mes...

Страница 226: ...bled Magnum6K25 igmp show igmp IGMP State Enabled ImmediateLeave Enabled Querier Enabled Querier Interval 125 Querier Response Interval 10 Magnum6K25 igmp set leave disable IGMP immediate leave status...

Страница 227: ...MP State Enabled ImmediateLeave Disabled Querier Disabled Querier Interval 127 Querier Response Interval 10 Magnum6K25 igmp set qri interval 11 Query response interval successfully set Magnum6K25 igmp...

Страница 228: ...9 0 1 10 10 STATIC 0 0 239 0 1 10 11 STATIC 0 0 239 0 1 10 12 STATIC 0 0 Magnum6K25 igmp IGURE 125 Adding broadcast groups using the group command or setting IGMP L2 mode make sure the set of commands...

Страница 229: ...t groups yntax set port port port list range mode auto forward block set the port yntax show port display the port characteristics for IGMP P enabled router ports ables or disables the switch to immed...

Страница 230: ...hat can elapse between when the querier router sends a host query message and when it receives a response from a Syntax m is in lower case and is shown in upper case for clarity host The Default value...

Страница 231: ...idge Protocol Data Units GVRP BPDUs to advertise static VLANs We refer to GVRP BPDU as an advertisement GVRP enables the Magnum 6K family of switches to dynamically create 802 1q compliant VLANs on li...

Страница 232: ...or switch with GVRP on 6 Static VLAN configured end device NIC or switch with GVRP on 6 Switch 1 with static VLANs VID 1 2 3 Port 2 is a member of VIDs 1 2 3 1 Port 2 advertises VIDs 1 2 3 2 On Switc...

Страница 233: ...rt 3 dynamically joined VLAN 33 Ports 6 dynamically joined VLAN 33 Switch A GVRP On Tagged VLAN 22 Switch B No GVRP Tagged VLAN 22 Switch C GVRP On Tagged VLAN 22 Tagged VLAN 33 Switch D GVRP On Dynam...

Страница 234: ...ents but ignore advertisements received from other ports Avoid GVRP participation by not sending advertisements and dropping any advertisements received from other devices Unknown VLAN Mode Operations...

Страница 235: ...ynamic VLAN to be converted to a static VLAN The command to use is Syntax static vlan VID convert a dynamic VLAN to a static VLAN Note show vlan type tag will display VID in case the VID is not known...

Страница 236: ...untagged static VLAN has the option to both generate advertisements and dynamically join other VLANs The unknown VLAN parameters are configured on a per interface basis using the CLI The tagged untag...

Страница 237: ...le Syntax static vlan VID convert a dynamic VLAN to a static VLAN Syntax set forbid vlan tag vlanid forbid port number list range sets the forbid GVRP capability on the ports specified Syntax show for...

Страница 238: ...ver the dynamic VLAN re y receiving advertisements from other devices running GVRP the switch learns of static GVRP enabled switch does not advertise any GVRP learned VLANs out of the port s on A chan...

Страница 239: ...RP Syntax show vlan list all the VLANs including dynamic VLANs on the switch Syntax set ports port port list range state learn block disable set the state of the port to learn block or disable for GVR...

Страница 240: ...ne the SNMP standards The most common standards for SNMP are SNMP v1 the original version of SNMP SNMP v2 and more recently SNMP v3 SNMP is a poll based mechanism SNMP manager polls the managed device...

Страница 241: ...ludes both data integrity and data origin authentication Authoritative SNMP engine One of the SNMP copies involved in network communication designated to be the allowed SNMP engine which protects agai...

Страница 242: ...et by a string match of the user name auth authenticates a packet by using either the HMAC MD5 algorithms priv authenticates a packet by using either the HMAC MD5 algorithms and encrypts the packet us...

Страница 243: ...NMPv2 Working Group RFC 1908 Coexistence between Version 1 and Version 2 of the Internet standard Network Management Framework SNMPv2 Working Group RFC 2271 2275 SNMPv3 RFC 2104 Keyed Hashing for Mess...

Страница 244: ...ew based access control model This allows any manager station to access the Magnum 6K switch either via SNMP v1 v2c or v3 The community name is public This command is only intended for first time user...

Страница 245: ...ned in RFC 2275 This command defines a manager or group or manager stations what it can access inside the MIB object tree On MNS 6K up to 10 entries can be specified Syntax show view id id display all...

Страница 246: ...Magnum6K25 snmp mgrip add ip 192 168 1 111 Manager IP Address added successfully Magnum6K25 snmp mgrip add ip 192 168 1 222 Manager IP Address added successfully Magnum6K25 snmp show snmp SNMP CONFIG...

Страница 247: ...222 SNMP TRAP STATIONS INFO IP Address 192 168 1 2 Trap Type SNMP RMON Magnum6K25 snmp exit Magnum6K25 show snmp SNMP CONFIGURATION INFORMATION SNMP Get Community Name public SNMP Set Community Name...

Страница 248: ...ocation lab Magnum6K25 snmpv3 quickcfg This will enable default VACM Do you wish to proceed Y or N Y Quick configuration done default VACM enabled Magnum6K25 snmpv3 engineid string Magnum6K Engine ID...

Страница 249: ...dd id 1 secname public source default community public Entry is added successfully Magnum6K25 snmpv3 com2sec add id 2 ERROR secname parameter is required for add directive Magnum6K25 snmpv3 com2sec ad...

Страница 250: ...v1 v1 1 2 public v2c 1 3 public usm 1 4 5 6 7 8 9 10 Magnum6K25 snmpv3 show group id 1 Group ID 1 Group Name v1 Model v1 Com2Sec ID 1 Magnum6K25 snmpv3 view add id 1 viewname all type included subtree...

Страница 251: ...e none exact 2 3 4 5 6 7 8 9 10 Magnum6K25 snmpv3 show access id 1 Access ID 1 Access Name v1 Sec Model v1 Sec Level noauth Read View ID 1 Write View ID none Notify View ID none Context Prefix exact M...

Страница 252: ...l connected network segments This allows for troubleshooting and optimizing your network The Magnum 6K family of switches provides hardware based RMON counters The switch manager or a network manageme...

Страница 253: ...string def comm string define the RMON alarm group and the community string associated with the group Syntax event def owner string def comm string define the RMON event group and the community strin...

Страница 254: ...nmp displays the SNMP configuration information Syntax setvar sysname syscontact syslocation string sets the system name contact and location All parameters are optional but a user must supply at leas...

Страница 255: ...play all or specific group entries id is optional and is the number corresponding to the group entry number in the table Syntax view add delete id id viewname name type included excluded subtree oid m...

Страница 256: ...associated with the group Syntax alarm def owner string def comm string define the RMON alarm group and the community string associated with the group Syntax event def owner string def comm string def...

Страница 257: ...rovision for tripping or activating an external relay to electrically trigger any circuit desired These could be an indicator light a flashing strobe light an audible alarm or any other such devices T...

Страница 258: ...dition The relay will revert to closed position when the S RING goes to CLOSED position This information is covered in more details in Chapter 11 on S Ring and Link Loss Learn To customize these capab...

Страница 259: ...2 Magnum6K25 alarm add event 1 5 Event 2 is Already Enabled Alarm Event s Added 1 3 4 5 Magnum6K25 alarm add event 6 8 Alarm Event s Added 6 8 Magnum6K25 alarm add event all Event 1 is Already Enable...

Страница 260: ...tart MOMENTARY 3 Warm Start MOMENTARY 4 Link Up MOMENTARY 5 Link Down MOMENTARY 6 Authentication Failure MOMENTARY 7 RMON Raising Alarm MOMENTARY 8 RMON Falling Alarm MOMENTARY 9 Intruder Alarm MOMENT...

Страница 261: ...Intruder Alarm MOMENTARY 10 Link Loss Learn Triggered MOMENTARY 11 Broadcast Storm Detected MOMENTARY 12 STP RSTP Reconfigured MOMENTARY Magnum6K25 alarm exit Magnum6K25 FIGURE 137 Setting up the exte...

Страница 262: ...ients and filters The SMTP alerts provide the following capabilities SMTP alerts can be enabled or disabled globally User can define a global default SMTP server identified by its IP address TCP port...

Страница 263: ...If this option is not defined the global default SMTP server is used port optional TCP port of the SMTP server If this is not defined the global default TCP port is used Syntax delete id 1 5 delete th...

Страница 264: ...d 2 email jsmith garrettcom com traps S events CF Recipient successfully added Magnum6K25 smtp show smtp recipients ID E mail Address SMTP Server Port Traps Events 1 rk gci sys gci com 67 109 247 195...

Страница 265: ...rrettcom com from support garrettcom com subject test body hello Magnum6K25 smtp show smtp config SMTP Global Configuration Status Enabled SMTP Server IP 67 109 247 195 SMTP Server Port 25 Retry Count...

Страница 266: ...ly of switches is not overrun The important parameters to set for any serial connectivity software is to set the line delay to be 500 milliseconds and the character delay to be 50 milliseconds For exa...

Страница 267: ...y appropriate to terminate the connection Responsible users will follow the directive much like a No Trespassing sign posted outside of the security fences o To change the banner message the following...

Страница 268: ...opened up using telnet to display the effects of changing the MOTD on the switch C telnet switch Copyright c 2001 2005 GarrettCom Inc All rights reserved This is a secure device Unauthorized access i...

Страница 269: ...every time the key is pressed the last command is printed on the screen but not executed ws for editing errors made in typing Syntax show version displays the version of MNS 6K being used S up to a ma...

Страница 270: ...1217245902 Magnum6K25 FIGURE 141 History commands Prompt Setting a meaningful host prompt can be useful when a network administrator is managing has multiple telnet or console sessions open at the sa...

Страница 271: ...prompt n b i b Magnum6K25 192 168 5 5 Magnum6K25 192 168 5 5 Magnum6K25 192 168 5 5 Magnum6K25 192 168 5 5 set prompt Some bthing i Some thing192 168 5 5 set prompt Some bthing b i Some thing 192 168...

Страница 272: ...ve ftp in odes The file transfer protocol or ftp passive ftp Passive FTP is used b security policies set by companies Syntax set ftp mode normal passive set the ftp mode of operation Syntax show ftp d...

Страница 273: ...ing is limited to the first six levels them NOTE since memory is full the logs stop writing It is important to erase the log periodically or use syslog capability to download the logs to a syslog serv...

Страница 274: ...is enabled A 03 03 2005 9 35 40 A M IGMP IGMP Snooping is disabled A 03 03 2005 9 41 46 A M IGMP IGMP Snooping is enabled Magnum6K25 F 145 Event log shown on the screen IGURE Event logs can be exporte...

Страница 275: ...log to export the event log information In the table below the following acronyms are used for Severity E Alert C Critical F Fail or Error conditions W Warning N Notice I I low The table is sorted by...

Страница 276: ...ailure F DEVICE Ethernet hardware error F DEVICE Ethernet interrupt init failure F DEVICE Unable to allocate ethernet memory F DEVICE System started I DEVICE Network Stack not yet configured I DEVICE...

Страница 277: ...d I RMON Event entry X is set to invalid I RMON Alarm entry X is set to valid I RMON Alarm entry X is set to invalid I SNMP Snmp snmpEnableAuthenTraps is set to enabled A SNMP Snmp snmpEnableAuthenTra...

Страница 278: ...VLAN pvlan vlan X enabled I VLAN pvlan vlan X disabled I VLAN pvlan vlan X deleted I VLAN pvlan port based VLAN started I VLAN pvlan port based VLAN stopped I VLAN pvlan default vlan is modified I VLA...

Страница 279: ...otice that there are other MAC addresses associated with port 3 indicating that the port has a hub or a switch connected to it List of commands in this chapter Syntax alarm enter the alarm configurati...

Страница 280: ...ill be sent to recipient or a combination of I informational A activity C critical F fatal and D debug With event ACF implies that events of severity types activity critical and fatal will be sent to...

Страница 281: ...Syntax n repeat the n th command as indicated by a show history Syntax show history show the last 25 commands executed if less than 25 commands are executed only those commands executed are shown Syn...

Страница 282: ...arameters Syntax show config show setup parameters configured Syntax enable user name changing the privilege level Syntax add user name level number adding a user Syntax delete user name deleting a us...

Страница 283: ...otp look only for bootp servers on the network Disable dhcp or other mode manual do not set the IP address automatically auto the switch will first look for a DHCP server If a DHCP server is not found...

Страница 284: ...dress as well as an IPV4 address Syntax show dns display the DNS settings Syntax set serial baud rate data 5 6 7 8 parity none odd even stop 1 1 5 2 flowctrl none xonxoff sets serial port parameters S...

Страница 285: ...using ftp command Where get put list del different ftp operations type app config oldconf script hosts log optional type field This is useful to specify whether a log file or host file is uploaded or...

Страница 286: ...fer operations get a file from the server or put the information on the server type app config oldconf script hosts log optional type field This is useful to specify whether a log file or host file is...

Страница 287: ...ter 4 IPv6 Syntax ipconfig ip ip address mask subnet mask dgw gateway add del configure and IPv6 address The add delete option can be used to add or delete IPv4 IPv6 addresses Syntax show ipconfig dis...

Страница 288: ...sntpsrv start stop Start or stop the SNTP Services Syntax show sntpsrv display the status of SNTP server Chapter 7 Access Considerations Syntax set password set or change password Syntax configure po...

Страница 289: ...slog server Maximum of five servers can be defined Syntax server edit id id host host ip port port event all none default list edit the server setup as well as which syslog messages the server should...

Страница 290: ...port s to be configured supptimeout optional This is the timeout in seconds the authenticator waits for the supplicant to respond back Default value is 30 seconds Values can range from 1 to 240 second...

Страница 291: ...Access using TACACS Syntax show tacplus status servers show status of TACACS or servers configured as TACACS servers Syntax tacplus enable disable order tac local local tac enable or disable TACACS a...

Страница 292: ...settings Syntax show port Port number display port settings Syntax flowcontrol xonlimit value xofflimit value configure flow control buffers Syntax show flowcontrol display flow control buffers Synta...

Страница 293: ...join id number adds the specified port s to the specified VLAN id Syntax set port port number list range leave id number releases a specific port from a VLAN Syntax show port port port list range sho...

Страница 294: ...gration enable edge enable disable p2p on off auto set the port type for RSTP Example port port number list range p2p off Set the point to point value to off on all ports that are connected to shared...

Страница 295: ...y security key activate the S Ring capabilities Don t forget to use the save command to save the key Syntax stp STP Configuration mode Syntax stp enable disable Start Enable or stop Disable STP Syntax...

Страница 296: ...guration sub system Syntax dualhome enable disable enable or disable dual homing Syntax dualhome add port1 port port2 port dual homing setup similar to that of unmanaged switches such as ESD42 OR Synt...

Страница 297: ...set it then defaults to low priority ToS has 64 levels and the valid values are 0 63 and a tagged packet has 8 levels and the valid values are 0 7 Syntax set weight weight 0 7 sets the port priority w...

Страница 298: ...embership information This is sent to the all system multicast group address 224 0 0 1 The default value is 125 seconds The valid range can be from 60 to 127 seconds Syntax set qri interval value The...

Страница 299: ...terprise All ip ipaddress add v1 traps as well as define the trap receiver Syntax show snmp displays the SNMP configuration information Syntax mgrip add delete ip IPaddress adds or deletes a managemen...

Страница 300: ...CM as defined in RFC 2275 This specifies the mapping from a source community pair to a security name On MNS 6K up to 10 entries can be specified Syntax group add delete id id groupname name model v1 v...

Страница 301: ...iated with the group Syntax event def owner string def comm string define the RMON event group and the community string associated with the group Syntax show rmon stats hist event alarm list the speci...

Страница 302: ...ty types will be sent to recipient none no event will be sent to recipient or a combination of I informational A activity C critical F fatal and D debug With event ACF implies that events of severity...

Страница 303: ...eat the last command Syntax n repeat the n th command as indicated by a show history Syntax show history show the last 25 commands executed if less than 25 commands are executed only those commands ex...

Страница 304: ...s printed on the screen but not executed This allows for editing errors made in typing access setup access configuration parameters action port num list range none disable drop action to perform in ca...

Страница 305: ...ip ipaddress mask netmask service name list allow specific IP address or range of addresses as a trusted host s allow mac address list range port num list range specify a specific MAC address or MAC a...

Страница 306: ...command Enter options for a command community write write community read read community trap trap community set the necessary community strings config startip start ip endip endip mask mask dns dns1 d...

Страница 307: ...addresses device configure device and port specific settings dhcpsrv start stop start or stop the DHCP server By default the server is off dualhome enter the dual homing configuration sub system dual...

Страница 308: ...rol xonlimit value xofflimit value configure flow control buffers forceversion stp rstp set the STP or RSTP compatibility mode ftp get put list del type app config oldconf script host s log host hostn...

Страница 309: ...for accessing host This is equivalent to creating a host table on many systems Maximum of 10 such entries are allowed help command string help for a specific command history def owner string def comm...

Страница 310: ...ns allowed mode l2 normal Set the IGMP mode to be IGMP L2 mode or normal IGMP mode more enable disable show enable or disable the scrolling of lines one page at a time passwd user name changing a pass...

Страница 311: ...ty qos enter the QoS configuration mode quickcfg quick setup for snmpv3 configuration It automatically configures a default VACM view based access control model This allows any manager station to acce...

Страница 312: ...body of the text See example fo the body of the text message later in this chapter server ip ip addr port 1 65535 retry 0 3 configure the global SMTP server settings server add host host ip port port...

Страница 313: ...L3 device is in the network and is the IGMP root The IGMP L2 is used when there is no L3 device in the network set logsize size 1 1000 set the log buffer size set motd after the command is typed MNS a...

Страница 314: ...er to expire setport monitor monitor port number sniffer sniffer port number set port mirror settings set port port port list range mode auto forward block set the port characteristics for IGMP Block...

Страница 315: ...f full auto enable disable flow enable disable bp enable disable status enable disable configure port settings set ports port port list range state learn block disable set the state of the port to lea...

Страница 316: ...levels have to be set and for QOS type ToS the ToS levels have to be set If the priority field is not set it then defaults to low priority ToS has 64 levels and the valid values are 0 63 and a tagged...

Страница 317: ...set all the ports will be the same weight across the switch The valid value for weight is 0 7 stftp get put list del type app config oldconf script host s log host hostname ip ipaddress file filename...

Страница 318: ...buffers show config show setup parameters configured show console displays the console settings show date displays the date show dhcpsrv config status leases display the DHCP server configuration lea...

Страница 319: ...age set show port Port number display port settings show port mirror display port mirror settings show port security display port security settings show qos type port tag tos port port list range disp...

Страница 320: ...ystem time show timezone displays the timezone information show uptime displays the amount the time elapsed since the last reboot or power failure show version displays the version of MNS 6K being use...

Страница 321: ...le show user id id display all or specific view entries id is optional and is the number corresponding to the view entry number in the table show view id id display all or specific view entries id is...

Страница 322: ...ssh enable disable keygen enable or disable the server Also can be used for generating the key ssh port port default select a different port number for SSH communication s ring enable disable enable o...

Страница 323: ...where tac local implies first the TACAS server then local logins on the device tacserver add delete id num ip ip addr port tcp port encrypt enable disable key string mgrlevel level oprlevel level adds...

Страница 324: ...or downloaded This can also perform the task of exporting a configuration file or uploading a new image to the switch host hostname ip ipaddress file filename parameters associated with tftp server f...

Страница 325: ...groups displays the current groups view add delete id id viewname name type included excluded subtree oid mask hex string a part of the View based Access control model VACM as defined in RFC 2275 Thi...

Страница 326: ...M A G N U M 6 K S W I T C H E S M N S 6 K U S E R G U I D E 325 Intentionally left blank...

Страница 327: ...or after April 24th End DST at 2am the first Sunday on or after October 25th Canada and Continental US Begin DST at 2am the first Sunday on or after April 1st End DST at 2am the first Sunday on or aft...

Страница 328: ...ile Cuba Egypt France Finland Germany Greece Iraq Italy London Namibia Portugal Russia Spain Sweden Switzerland Syria USA Note as of Release 3 7 the new daylight saving times dates enforced as of 2007...

Страница 329: ...appendix Many devices as well as web sites today use secure methods to communicate via the web Once secure web communications are required the browsers look at the certificate and match the URL infor...

Страница 330: ...site when the address URL does not match the information in the self signed certificate FIGURE 149 On finding a mismatch between the certificate and the accesses site Mozilla Firefox pops the window...

Страница 331: ...E R C E R T I F I C A T E S FIGURE 150 Mozilla Firefox tries to warn the user again about the dangers of sites with improper certificates Once the Add Exception button is displayed make sure you click...

Страница 332: ...ss the site Notice that the browser points out that valid sites such as banks online web stores government sites secure sites etc will not ask you to do that Since the GarrettCom MNS 6K is a self sign...

Страница 333: ...S FIGURE 152 Here you can view the certificate permanently make an exception and confirm the exception The locations to do those are identified in this figure The self signed certificate from Garrett...

Страница 334: ...d the user does not need to go through these steps again Using Internet Explorer ver 7 x Internet Explorer version 7 x provides a warning when the certificates do not match There is no mechanism to cr...

Страница 335: ...7 Using Other Browsers There are many other browsers such as Opera Safari which are also widely used There are similar mechanisms built into these browsers to inspect the certificate and create an exc...

Страница 336: ...APPENDIX 5 APPENDIX 5 Updating MNS 6K Software Keep up to date The steps required to update the MNS 6K software on your Magnum switch are listed Intentionally left blank 335...

Страница 337: ...ot have a serial port you may want to invest in a USB to serial converter This is again available from LANstore or from GarrettCom Alternately a USB to serial cable can also be used This cable is avai...

Страница 338: ...t determine the version of the software on your switch To do that use the command show version after connecting to the switch and logging in as manager with the proper password If the password is lost...

Страница 339: ...member the file name and the directory where the MNS 6K software is stored This will be needed later for the upgrade irrespective of whether the MNS 6K software is updated via the serial port or over...

Страница 340: ...ort the login prompt you can type in the user name and password on the URL as follows ftp m6kuser m6kuser ftp garrettcom com 3 After successful login select the proper folder for downloading the prope...

Страница 341: ...nt the release is The release notes provide additional information on the latest features and functionality plus any other additional information not covered in the manuals FIGURE 157 Navigate to MNS...

Страница 342: ...6K switch The access can be over the console port using the null modem cable or through the network using telnet This is described in step 2 2 Save the existing configuration either through the seria...

Страница 343: ...num 6K switch can be accessed via the serial port or through the network using telnet For using telnet make sure the switch is configured with the proper IP address netmask and default gateway informa...

Страница 344: ...ct to a Magnum 6K switch with IP address 192 168 10 11 If the telnet command does not work check for network connectivity using the ping command Please ensure that a personal firewall or other firewal...

Страница 345: ...lt do not over write files If the file transfer fails check to see if the file name already exists or use a different file name with the saveconf command Also make sure the ftp or TFTP FTP services ar...

Страница 346: ...Receive File is invoked as shown in Figure above follow the dialog to save the file in the proper directory with the proper name as shown in Figure below FIGURE 163 Make sure to select the Xmodem prot...

Страница 347: ...orkstations computers can be one and the same To save using TFTP or FTP first ensure that you have the FTP or TFTP server set up and the switch can ping the TFTP or the FTP server For ftp services mak...

Страница 348: ...cked Check for network connectivity using the ping command If the connectivity is OK please contact your system or network administrator to unblock FTP or TFTP packets If that is not possible the alte...

Страница 349: ...iate users are informed of this outage Alternately if the S Ring technology is used the outage will not be noticeable and the switch will be re inserted in the S Ring after the upgrade is performed It...

Страница 350: ...e the image Y or N Y FIGURE 167 Upgrade using serial connection Once the upgrade process is started the VT100 emulation software e g HyperTerminal will ask for the file location Once the file location...

Страница 351: ...e Network Access Prerequisites make sure the directory and the file name of the MNS 6K software image downloaded in steps 1 and 2 is known To upgrade using TFTP or FTP ensure that the FTP or TFTP serv...

Страница 352: ...question will not be visible and the boot code will not be automatically updated See step 4 updating boot code over the network on how to update the boot code manually Magnum6K25 show version MNS 6K S...

Страница 353: ...te the boot code A Accessing the switch Continue to use the access method defined in steps 1 2 and 3 Reloading the configuration The command used for restoring the original configuration is Syntax loa...

Страница 354: ...e console port serial connection or through the network telnet to the switch Continue to use the network access method defined in steps 1 2 and 3 Use the upgrade command as shown in Figure 17 and rebo...

Страница 355: ...U P D A T I N G S O F T W A R E S T E P 4 354 Intentionally left blank...

Страница 356: ...low mac 91 92 104 287 anycast address 73 app 56 57 284 285 307 324 auth 34 109 110 111 112 113 114 289 Authentication 240 Authentication Server 106 authenticator 106 108 109 110 114 115 289 290 Authen...

Страница 357: ...fferentiated Services See Diffserv Diffie Hellman 45 DiffServ 206 disable mode 90 dns 48 67 283 312 DNS 48 67 283 312 317 drop mode 90 DS See Diffserv DSA 46 DSCP 206 dualhome 190 191 192 295 306 Dual...

Страница 358: ...96 297 326 328 335 IGMP L2 218 219 220 221 228 296 297 309 312 IMAP 260 ipconfig 28 37 74 75 281 286 IPv4 72 73 74 207 208 307 323 IPv6 72 73 74 75 78 79 80 81 87 286 307 323 ISP 106 Kerberos 46 kill...

Страница 359: ...t security 90 94 95 104 287 priority 150 152 155 158 166 170 172 205 292 294 Private VLAN 135 privilege level 29 prtmr 122 130 291 ps 91 92 104 288 public keys 45 put 56 57 284 285 307 324 qos 208 213...

Страница 360: ...165 RTSP 159 save 28 37 55 65 94 95 145 237 281 292 saveconf 55 65 68 284 saveconf mode 68 284 script 56 57 284 285 307 324 Secure ftp 56 69 Secure Shell See SSH sendmail 262 264 279 301 serial numbe...

Страница 361: ...set ports 236 297 set qi 224 226 228 297 setqos 210 211 212 set qri 224 226 229 297 set querier 224 225 226 setsntp 53 54 68 283 setsntp server 68 283 set untag 213 296 setvar 51 52 68 243 247 253 270...

Страница 362: ...5 show ipv6 74 75 286 show lacp 200 201 202 203 204 296 show lll 184 186 295 show log 97 98 99 104 272 273 288 show motd 266 267 278 300 318 show port 124 127 130 210 291 show port mirror 122 130 291...

Страница 363: ...5 247 251 252 253 261 262 263 265 276 278 279 280 298 301 302 303 310 312 319 320 321 SNMP engine 240 SNMP group 240 SNMP user 240 SNMPv2c 239 240 snmpv3 243 247 253 298 sntp 54 68 SNTP 53 54 62 65 68...

Страница 364: ...120 290 322 TAI 84 Tatu Yl nen 45 TCP 26 116 119 120 290 322 telnet 42 43 47 67 75 267 283 286 Telnet 44 45 telnet enable 42 tftp 56 58 69 273 285 323 timers 150 153 157 158 166 171 173 293 294 ToS 20...

Отзывы:

Нет отзывов

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды