LevelOne GEL-5261 страница 301 Скачать руководство пользователя | Manualshive

Страница: 301 / 570

background image

Chapter 12

| Security Measures

Configuring 802.1X Port Authentication

–

301

–

Security), PEAP (Protected Extensible Authentication Protocol), or TTLS (Tunneled
Transport Layer Security). The client responds to the appropriate method with its
credentials, such as a password or certificate. The RADIUS server verifies the client
credentials and responds with an accept or reject packet. If authentication is
successful, the switch allows the client to access the network. Otherwise, non-EAP

traffic on the port is blocked or assigned to a guest VLAN based on the “intrusion

-

action” setting.

In “multi

-

host” mode, only one host connected to a port needs to

pass authentication for all other hosts to be granted network access. Similarly, a
port can become unauthorized for all hosts if one attached host fails re-
authentication or sends an EAPOL logoff message.

Figure 190: Configuring Port Authentication

802.1x

client

RADIUS

server

1. Client attempts to access a switch port.

2. Switch sends client an identity request.

3. Client sends back identity information.

4. Switch forwards this to authentication server.

5. Authentication server challenges client.

6. Client responds with proper credentials.

7. Authentication server approves access.

8. Switch grants client access to this port.

The operation of 802.1X on the switch requires the following:

◆

The switch must have an IP address assigned.

◆

RADIUS authentication must be enabled on the switch and the IP address of
the RADIUS server specified.

◆

802.1X must be enabled globally for the switch.

◆

Each switch port that will be used must be set to dot1X

“Auto”

mode.

◆

Each client that needs to be authenticated must have dot1X client software
installed and properly configured.

◆

The RADIUS server and 802.1X client support EAP. (The switch only supports
EAPOL in order to pass the EAP packets from the server to the client.)

◆

The RADIUS server and client also have to support the same EAP authentication
type

–

MD5, PEAP, TLS, or TTLS. (Native support for these encryption methods is

provided in Windows 8, 7, Vista and XP, and in Windows 2000 with Service Pack
4. To support these encryption methods in Windows 95 and 98, you can use the
AEGIS dot1x client or other comparable client software)

«
...
299
300
301
302
303
...
»

Содержание GEL-5261

Страница 1: ...GEL 5261 52 Port L2 Managed Gigabit Switch User Manual V1 0 Digital Data Communications Asia Co Ltd http www level1 com...

Страница 2: ...User Manual GEL 5261 L2 Managed Gigabit Ethernet Switch with 48 10 100 1000BASE T RJ 45 Ports and 4 Gigabit SFP Ports E062017 ST R01...

Страница 3: ...key features It also describes the switch s web browser interface For information on the command line interface refer to the CLI Reference Guide The guide includes these sections Section I Getting Sta...

Страница 4: ...uick Start Guide Safety and Regulatory Information Conventions The following conventions are used throughout this guide to show information Note Emphasizes important information or calls your attentio...

Страница 5: ...m Defaults 38 Section II Web Configuration 41 2 Using the Web Interface 43 Connecting to the Web Interface 43 Navigating the Web Browser Interface 44 Dashboard 44 Configuration Options 46 Panel Displa...

Страница 6: ...87 Configuring Telnet Settings 89 Displaying CPU Utilization 90 Configuring CPU Guard 91 Displaying Memory Utilization 92 Resetting the System 93 4 Interface Configuration 97 Port Configuration 98 Con...

Страница 7: ...nfiguring VLAN Groups 149 Adding Static Members to VLANs 152 IEEE 802 1Q Tunneling 156 Enabling QinQ Tunneling onthe Switch 160 Creating CVLAN to SPVLAN Mapping Entries 161 Adding an Interface to a Qi...

Страница 8: ...er 3 4 Priority Settings 213 Setting Priority Processing to DSCP or CoS 214 Mapping CoS Priorities to Per hop Behavior 215 Mapping DSCP Priorities to Per hop Behavior 216 10 Quality of Service 219 Ove...

Страница 9: ...ring the Secure Shell 270 Configuring the SSH Server 272 Generating the Host Key Pair 273 Importing User Public Keys 275 Access Control Lists 277 Showing TCAM Utilization 278 Setting the ACL Nameand T...

Страница 10: ...g ARP Inspection Statistics 330 Displaying the ARP Inspection Log 331 13 Basic Administration Protocols 333 Configuring Event Logging 334 System Log Configuration 334 Remote Log Configuration 336 Send...

Страница 11: ...ERPS Global Configuration 412 ERPS Ring Configuration 412 ERPS Forced and Manual Mode Operations 428 LBD Configuration 432 Configuring Global Settings for LBD 433 Configuring Interface Settings for LB...

Страница 12: ...les 482 Configuring MLD Filtering and Throttling for Interfaces 485 Filtering MLD Query Packets on an Interface 486 15 IP Tools 489 Using the Ping Function 489 Using the Trace Route Function 491 Addre...

Страница 13: ...rvers 530 Configuring Static DNS Host to Address Entries 531 Displaying the DNS Cache 532 Multicast Domain Name Service 533 Dynamic Host Configuration Protocol 534 Specifying a DHCP Client Identifier...

Страница 14: ...14 Contents Glossary 551 Index 559...

Страница 15: ...79 Figure 13 Configuring NTP 80 Figure 14 Specifying SNTP Time Servers 81 Figure 15 Adding an NTP Time Server 82 Figure 16 Showing the NTP Time Server List 82 Figure 17 Adding an NTP Authentication K...

Страница 16: ...18 Figure 46 Configuring Connection Parameters for a Static Trunk 118 Figure 47 Showing Information for Static Trunks 119 Figure 48 Configuring Dynamic Trunks 119 Figure 49 Configuring the LACP Aggreg...

Страница 17: ...N Members by Interface Range 156 Figure 81 QinQ Operational Concept 157 Figure 82 Enabling QinQ Tunneling 161 Figure 83 Configuring CVLAN to SPVLAN Mapping Entries 162 Figure 84 Showing CVLAN to SPVLA...

Страница 18: ...the Priority for an MST Instance 201 Figure 115 Displaying Global Settings for an MST Instance 201 Figure 116 Adding a VLAN to an MST Instance 202 Figure 117 Displaying Members of an MST Instance 202...

Страница 19: ...7 Figure 152 Configuring AAA Accounting Service for Command Service 248 Figure 153 Configuring AAA Accounting Service for Exec Service 248 Figure 154 Displaying a Summary of Applied AAA Accounting Met...

Страница 20: ...igure 188 Showing IP Addresses Authorized for Management Access 297 Figure 189 Configuring Port Security 300 Figure 190 Configuring Port Authentication 301 Figure 191 Configuring Global Settings for 8...

Страница 21: ...219 Displaying Remote Device Information for LLDP Port 357 Figure 220 Displaying Remote Device Information for LLDP Port Details 358 Figure 221 Displaying Remote Device Information for LLDP End Node 3...

Страница 22: ...ing an RMON Statistical Sample 399 Figure 256 Showing Configured RMON Statistical Samples 399 Figure 257 Showing Collected RMON Statistical Samples 400 Figure 258 Configuring a Switch Cluster 402 Figu...

Страница 23: ...459 Figure 292 Displaying IGMP Snooping Statistics Port 459 Figure 293 Enabling IGMP Filtering and Throttling 461 Figure 294 Creating an IGMP Filtering Profile 462 Figure 295 Showing the IGMP Filterin...

Страница 24: ...e 324 Configuring General Settings for ARP 494 Figure 325 Configuring Static ARP Entries 495 Figure 326 Displaying Static ARP Entries 496 Figure 327 Displaying ARP Entries 496 Figure 328 Displaying AR...

Страница 25: ...49 Showing the List of Name Servers for DNS 531 Figure 350 Configuring Static Entries in the DNS Table 532 Figure 351 Showing Static Entries in the DNS Table 532 Figure 352 Showing Entries in the DNS...

Страница 26: ...26 Figures...

Страница 27: ...Default Mapping of CoS CFI Values to Queue CFI 215 Table 14 Default Mapping of DSCP Values to Queue CFI 217 Table 15 Dynamic QoS Profiles 259 Table 16 HTTPS System Support 267 Table 17 802 1X Statist...

Страница 28: ...v6 Neighbors display description 513 Table 32 Show IPv6 Statistics display description 515 Table 33 Show MTU display description 520 Table 34 Options 60 66 and 67 Statements 535 Table 35 Options 55 an...

Страница 29: ...rovides an overview of the switch and introduces some basic concepts about network switches It also describes the basic settings required to access the management interface This section includes these...

Страница 30: ...30 Section I Getting Started...

Страница 31: ...name password RADIUS TACACS Port IEEE 802 1X MAC address filtering SNMP v1 2c Community strings SNMP version 3 MD5 or SHA password Telnet SSH Web HTTPS General Security Measures AAA ARP Inspection DH...

Страница 32: ...ing bad frames Spanning Tree Algorithm Supports standard STP Rapid Spanning Tree Protocol RSTP and Multiple Spanning Trees MSTP Virtual LANs Up to 4094 using IEEE 802 1Q port based protocol based voic...

Страница 33: ...n is also supported via the IEEE 802 1X protocol This protocol uses Extensible Authentication Protocol over LANs EAPOL to request user credentials from the 802 1X client and then uses the EAP between...

Страница 34: ...redundancy by taking over the load if a port in the trunk should fail The switch supports up to 16 trunks Storm Control Broadcast multicast and unknown unicast storm suppression prevents traffic from...

Страница 35: ...to maintain the connection Rapid Spanning Tree Protocol RSTP IEEE 802 1w This protocol reduces the convergence time for network topology changes to about 3 to 5 seconds compared to 30 seconds or more...

Страница 36: ...pplication These functions can be used to provide independent priorities for delay sensitive data and best effortdata This switch also supports several common methods of prioritizing layer 3 4 traffic...

Страница 37: ...to ensure that it does not interfere with normal network traffic and to guarantee real time delivery by setting the required priority level for the designated VLAN The switch uses IGMP Snooping and Q...

Страница 38: ...600 seconds Authentication and Security Measures Privileged Exec Level Username admin Password admin Normal Exec Level Username guest Password guest EnablePrivilegedExecfrom Normal Exec Level Passwor...

Страница 39: ...Port Trunking Static Trunks None LACP all ports Disabled Congestion Control Rate Limiting Disabled Storm Control Broadcast Enabled 64 kbits sec Multicast Disabled Unknown Unicast Disabled AutoTrafficC...

Страница 40: ...192 168 1 1 Subnet Mask 255 255 255 0 Default Gateway Not configured DHCP Client Enabled DNS Proxy service Disabled BOOTP Disabled ARP Enabled Cache Timeout 20 minutes Multicast Filtering IGMP Snoopin...

Страница 41: ...e 63 Interface Configuration on page 97 VLAN Configuration on page 147 Address Table Settings on page 171 Spanning Tree Algorithm on page 181 Congestion Control on page 205 Class of Service on page 20...

Страница 42: ...42 Section II Web Configuration IP Services on page 527...

Страница 43: ...ure it with a valid IP address subnet mask and default gateway To configure this device as the default gateway use the IP Routing Static Routes Add page set the destination address to the required int...

Страница 44: ...password The administrator has Read Write access to all configuration parameters and statistics The default user name and password for the administrator is admin The administrator has full access priv...

Страница 45: ...Chapter 2 Using the Web Interface NavigatingtheWebBrowserInterface 45 Figure 1 Dashboard...

Страница 46: ...values and restores current values prior to pressing Apply Saves current settings Displays help for the selected page Refreshes the current page Displays the site map Logs out of the management interf...

Страница 47: ...Sets the startup file 72 Show Shows the files stored in flash memory allows deletion of files 73 Time 77 Configure General Manual Manually sets the current time 78 SNTP Configures SNTP polling interva...

Страница 48: ...and configures thresholds for alarm and warning messages for optical transceivers which support DDM Cable Test Performs cablediagnostics for selected porttodiagnose any cable faults short open etc an...

Страница 49: ...history for specified interfaces 106 Green Ethernet Adjusts the power provided to ports based on the length of the cable 131 Mirror 132 Add Sets the source and target ports for mirroring 132 Show Show...

Страница 50: ...ng 168 MAC Address 171 Dynamic Configure Aging Sets timeout for dynamically learned entries 173 Show Dynamic MAC Displays dynamic entries in the address table 171 Clear Dynamic MAC Removes any learned...

Страница 51: ...ets the input and output rate limits for a port 205 Storm Control Sets the broadcast storm threshold for each interface 206 Priority Default Priority Sets the default priority for each port or trunk 2...

Страница 52: ...ure Server Configures RADIUS and TACACS server message exchange settings 238 Configure Group 238 Add Specifies a group of authentication servers and sets the priority 238 sequence Show Shows the authe...

Страница 53: ...re Host Key 273 Generate Generates the host key pair public and private 273 Show Displays RSA and DSA host keys deletes host keys 273 Configure User Key 275 Copy Imports user public keys from a TFTP s...

Страница 54: ...authentication and EAPOL pass through 302 Configure Interface Sets authentication parameters for individual ports 302 Show Statistics Displays protocol statistics for the selected port 306 DoS Protect...

Страница 55: ...remote logging process 336 SMTP Sends an SMTP client message to a participating server 337 LLDP 339 Configure Global Configures global LLDP timing parameters 339 Configure Interface 341 Configure Gene...

Страница 56: ...roup 370 Add Adds a group with access policies for assigned users 370 Show Shows configured groups and access policies 370 Configure User Add Community Configures community strings and access mode 375...

Страница 57: ...in the history group 395 Statistics Shows sampled data for each entry in the history group 398 Time Range Configures the time to apply an ACL 405 Add Specifies the name of a time range 405 Show Shows...

Страница 58: ...configuration or link local 504 address and sets related protocol settings Add IPv6 Address Adds an global unicast EUI 64 or link local IPv6 address to an interface 509 Show IPv6 Address Show the IPv...

Страница 59: ...st 440 Multicast Router 444 Add Static Multicast Router Assigns ports that are attached to a neighboring multicast router 444 Show Static Multicast Router Displays ports statically configured as attac...

Страница 60: ...ast Router 468 Add Static Multicast Router Assigns ports that are attached to a neighboring multicast router 468 Show Static Multicast Router Displays ports statically configured as attached to a neig...

Страница 61: ...NavigatingtheWebBrowserInterface Table 4 Switch Main Menu Continued Menu Description Page Summary Shows summary statistics for querier and report leave messages 470 Clear Clears all MLD statics or st...

Страница 62: ...62 Chapter 2 Using the Web Interface NavigatingtheWebBrowserInterface...

Страница 63: ...rating software or configuration files and set the system start up files Setting the System Clock Sets the current time manually or through specified NTP or SNTP servers Configuring the Console Port S...

Страница 64: ...of device type System Object ID MIB II object ID for switch s network management subsystem System Up Time Length of time the management agent has been up System Name Name assigned to the switch system...

Страница 65: ...he serial number of the switch Number of Ports Number of built in ports Hardware Version Hardware version of the main board Main Power Status Displays the status of the internal power supply Managemen...

Страница 66: ...or trunks Compared to standard Ethernet frames that run only upto 1 5 KB using jumbo frames significantly reduces the per packet overhead required to process protocol encapsulation fields Usage Guidel...

Страница 67: ...ticast Filtering Services This switch does not support the filtering of individual multicast addresses based on GMRP GARP Multicast Registration Protocol Traffic Classes This switch provides mapping o...

Страница 68: ...egress status VLAN Tagged or Untagged on each port Refer to VLAN Configuration on page 147 Max Supported VLAN Numbers The maximum number of VLANs supported on this switch Max Supported VLAN ID The max...

Страница 69: ...ransferring files between two network devices over an SSH2 secured connection SFTP functions similar to Secure Copy SCP using SSH for user authentication and data encryption Although the underlying pr...

Страница 70: ...the runtime firmware can be stored in the file directory on the switch Note The maximum number of user defined configuration files is limited only by available flash memoryspace Note The file Factory...

Страница 71: ...e subsequently set as the startup file Parameters The following parameters are displayed Copy Type The copy operation includes this option Running Config Copies the current configuration settings to a...

Страница 72: ...the System Reset menu Setting the Start up File Use the System File Set Start Up page to specify the firmware or configuration file to use for system initialization Web Interface To set a file to use...

Страница 73: ...o automatically download an operation code file when a file newer than the currently installed one is discovered on the file server After the file is transferred from the server and successfully writt...

Страница 74: ...if the upgrade file is stored as Level1 2651 bix on a case sensitive server then the switch requesting level1 5261 bix will not be upgraded because the server does not recognize the requested file na...

Страница 75: ...structures are accepted The directory name must be separated from the host and in nested directory structures from the parent directory with a prepended forward slash The forward slash must be the la...

Страница 76: ...password and file location options presented ftp 192 168 0 1 The user name and password are empty so anonymous will be the user name and the password will be blank The image file is in the FTP root di...

Страница 77: ...estart Setting the System Clock Simple Network Time Protocol SNTP allows the switch to set its internal clock based on periodic updates from a time server SNTP or NTP Maintaining an accurate time on t...

Страница 78: ...switch Hours Sets the hour Range 0 23 Minutes Sets the minute value Range 0 59 Seconds Sets the second value Range 0 59 Month Sets the month Range 1 12 Day Sets the day of the month Range 1 31 Year Se...

Страница 79: ...b Interface To set the polling interval for SNTP 1 Click System then Time 2 Select Configure General from the Step list 3 Select SNTP from the Maintain Type list 4 Modify the polling interval if requi...

Страница 80: ...sts for a time update from NTP servers Fixed 1024seconds Web Interface To set the clock maintenance type to NTP 1 Click System then Time 2 Select Configure General from the Step list 3 Select NTP from...

Страница 81: ...Specifying SNTP Time Servers Specifying NTP Time Servers Use the System Time Configure Time Server Add NTP Server page to add the IP address for up to 50 NTP time servers Parameters The following para...

Страница 82: ...Range 1 65535 Web Interface To add an NTP time server to the server list 1 Click System then Time 2 Select Configure Time Server from the Step list 3 Select Add NTP Server from the Action list 4 Enter...

Страница 83: ...eys can be configured on the switch Range 1 65535 Key Context An MD5 authentication key string The key string can be up to 32 case sensitive printable ASCII characters no spaces NTP authentication key...

Страница 84: ...s The following parameters are displayed Predefined Configuration A drop down box provides access to the 80 predefined time zone configurations Each choice indicates it s offset from UTC and lists at...

Страница 85: ...ers are displayed in the web interface General Configuration Summer Time in Effect Shows if the system time has been adjusted Status Shows if summer time is set to take effect during the specified per...

Страница 86: ...s your summer time zone deviates from your regular time zone Offset Summer time offset from the regular time zone in minutes Range 1 120 minutes From Start time for summer timeoffset To End time for s...

Страница 87: ...imeout interval the connection is terminated for the session Range 10 300 seconds Default 300 seconds Exec Timeout Sets the interval that the system waits until user input is detected If user input is...

Страница 88: ...ce connected to the serial port Range 9600 19200 38400 57600 or 115200 baud Default 115200 baud Note The password for the console connection can only be configured through the CLI see the password com...

Страница 89: ...gin Timeout Sets the interval that the system waits for a user to log into the CLI If a login attempt is not detected within the timeout interval the connection is terminated for the session Range 10...

Страница 90: ...s required 3 Click Apply Figure 22 Telnet Connection Settings Displaying CPU Utilization Use the System CPU Utilization page to display information on CPU utilization Parameters The following paramete...

Страница 91: ...already in the buffer until usage time falls below the low watermark Range 40 100 Default 90 Low Watermark If packet flow has been stopped after exceeding the high watermark normal flow will be resto...

Страница 92: ...h the minimum threshold before the alarm is terminated and then exceed the maximum threshold again before another alarm is triggered Current Threshold Shows the configured threshold in packets per sec...

Страница 93: ...ored in non volatile memory See Saving the Running Configuration to a Local File on page 71 Parameters The following parameters are displayed System Reload Information Reload Settings Displays informa...

Страница 94: ...Range 01 31 MM The month at which to reload Range 01 12 YYYY The year at which to reload Range 1970 2037 HH The hour at which to reload Range 00 23 MM The minute at which to reload Range 00 59 Regula...

Страница 95: ...95 Chapter 3 Basic Management Tasks Resetting the System 5 When prompted confirm that you want reset theswitch Figure 26 Restarting the Switch Immediately Figure 27 Restarting the Switch In...

Страница 96: ...96 Chapter 3 Basic Management Tasks Resetting the System Figure 28 Restarting the Switch At Figure 29 Restarting the Switch Regularly...

Страница 97: ...iguring Transceiver Thresholds Configures thresholds for alarm and warning messages for optical transceivers which support DDM Cable Test Performs cable diagnostics on the specified port Trunk Configu...

Страница 98: ...d at 100full for 100BASE FX transceivers and 1000full for Gigabit transceivers When auto negotiation is enabled the only attributes which can be advertised include flow control and symmetric pause fra...

Страница 99: ...e switch when its buffers fill When enabled back pressure is used for half duplex operation and IEEE 802 3 2005 formally IEEE 802 3x for full duplex operation Default Autonegotiation enabled Advertise...

Страница 100: ...rtise or manually fix the speed duplex mode and flow control Parameters Except for the trap command refer to Configuring by Port List on page 98 for more information on command usage and a description...

Страница 101: ...Admin Shows if the port is enabled or disabled Oper Status Indicates if the link is Up orDown Shutdown Reason Shows the reason this interface has been shut down if applicable Some of the reasons for...

Страница 102: ...d to identify potential problems with the switch such as a faulty port or unusually heavy loading RMON statistics provide access to a broad range of statistics including a total count of different fra...

Страница 103: ...iscarded or not sent Received Broadcast Packets The number of packets delivered by this sub layer to a higher sub layer which were addressed to a broadcast address at this sub layer Transmitted Broadc...

Страница 104: ...able indication of Ethernet utilization Received Packets The total number of packets bad broadcast and multicast received Broadcast Packets The total number of good packets received that were directed...

Страница 105: ...list of port statistics 1 Click Interface Port Statistics 2 Select the statistics mode to display Interface Etherlike RMON or Utilization 3 Select a port from the drop down list 4 Use the Refresh butt...

Страница 106: ...e Trunk History page to display statistical history for the specified interfaces Command Usage For a description of the statistics displayed on these pages see Showing Port or Trunk Statistics on page...

Страница 107: ...take Show Details Mode Status Shows the sample parameters Current Entry Shows current statistics for the specified port and named sample Input Previous Entries Shows statistical history for ingress t...

Страница 108: ...Show from the Action menu 3 Select an interface from the Port or Trunklist Figure 36 Showing Entries for History Sampling To show the configured parameters for a sampling entry 1 Click Interface Port...

Страница 109: ...urrent interval of a sample entry 1 Click Interface Port Statistics or Interface Trunk Statistics 2 Select Show Details from the Action menu 3 Select Current Entry from the options forMode 4 Select an...

Страница 110: ...laying Transceiver Data Use the Interface Port Transceiver page to display identifying information and operational for optical transceivers which support Digital Diagnostic Monitoring DDM Parameters T...

Страница 111: ...Data Configuring Transceiver Thresholds Use the Interface Port Transceiver page to configure thresholds for alarm and warning messages for optical transceivers which support Digital Diagnostic Monito...

Страница 112: ...ning message when the high threshold is crossed Low Alarm Sends an alarm message when the low threshold is crossed Low Warning Sends a warning message when the low threshold is crossed The configurabl...

Страница 113: ...default or manual settings 4 Set alarm and warning thresholds if manual configuration is used 5 Click Apply Figure 41 Configuring Transceiver Thresholds Performing Cable Diagnostics Use the Interface...

Страница 114: ...o cable Not tested Not Supported This message is displayed for any Gigabit Ethernet ports linked up at a speed lower than 1000 Mbps Unknown Unknown error Ports are linked down while running cable diag...

Страница 115: ...h The switch supports both static trunking and dynamic Link Aggregation Control Protocol LACP Static trunks have to be manually configured at both ends of the link andthe switches must comply withthe...

Страница 116: ...a connection must be configured as trunk ports When configuring static trunks on switches of different types they must be compatible with the Cisco EtherChannel standard The ports at both ends of a tr...

Страница 117: ...g the ports and also disconnect the ports before removing a static trunk via the configuration interface Parameters These parameters are displayed Trunk ID Trunk identifier Range 1 8 Member The initia...

Страница 118: ...port for an additional trunkmember 6 Click Apply Figure 45 Adding Static Trunks Members To configure connection parameters for a static trunk 1 Click Interface Trunk Static 2 Select Configure General...

Страница 119: ...Dynamic Trunks dynamically enabled active links backup link configured members Command Usage To avoid creating a loop in the network be sure you enable LACP before connecting the ports and also discon...

Страница 120: ...gure Aggregation Port Actor Partner used by the interfaces that joined the group Note that when the LAG is no longer used the port channel admin key is reset to 0 If the port channel admin key is set...

Страница 121: ...plies to its administrative state not its operational state Note Configuring the partner admin key does not affect remote or local switch operation The local switch just records the partner admin key...

Страница 122: ...s established with that port Note Configuring the port partner sets the remote side of an aggregate link i e theportsontheattacheddevice Thecommandattributeshavethesamemeaning as those used for the po...

Страница 123: ...Port To configure LACP parameters for group members 1 Click Interface Trunk Dynamic 2 Select Configure Aggregation Port from the Step list 3 Select Configure from the Action list 4 Click Actor or Par...

Страница 124: ...ct a Trunk Figure 52 Showing Members of a Dynamic Trunk To configure connection parameters for a dynamic trunk 1 Click Interface Trunk Dynamic 2 Select Configure Trunk from the Step list 3 Select Conf...

Страница 125: ...d LACPDUs received on this channel group Marker Sent Number of valid Marker PDUs transmitted from this channel group Marker Received Number of valid Marker PDUs received by this channel group Marker U...

Страница 126: ...min State Oper State Administrative or operational values of the actor s state parameters Expired The actor s receive machine is in the expiredstate Defaulted The actor s receive machine is using defa...

Страница 127: ...c transmission of LACPDUs uses a slow transmission rate LACP Activity Activity control value withregard tothislink 0 Passive 1 Active Web Interface To display LACP settings and status for the local si...

Страница 128: ...Operational port number assigned to this aggregation port by the port s protocol partner Port Admin Priority Current administrative value of the port priority for the protocol partner Port Oper Prior...

Страница 129: ...his mode works best for switch to router trunk links where traffic through the switch is destined for many different hosts Do not use this mode for switch to server trunk links where the destination I...

Страница 130: ...This mode works best for switch to switch trunk links where traffic through the switch is received from many different hosts Parameters These parameters are displayed for the load balance mode Destin...

Страница 131: ...ry entering Sleep Mode In this mode the low power energy detection circuit continuously checks for energy on the cable If none is detected the MAC interface is also powered down to save additional ene...

Страница 132: ...abling Power Savings Configuring Local Port Mirroring Use the Interface Port Mirror page to mirror traffic from any source port to a target port for real time analysis You can then attach a logic anal...

Страница 133: ...ot mirrored to the target port Parameters These parameters are displayed Source Port The port whose traffic will be monitored Target Port The port that will mirror the traffic on the source port Type...

Страница 134: ...n the specified source ports for each session over a user specified VLAN dedicated to that RSPAN session in all participating switches Monitored traffic from one or more sources is copied onto the RSP...

Страница 135: ...role Intermediate the RSPAN VLAN and the uplink port s 4 Set up the destination switch on the RSPAN configuration page by specifying the mirror session the switch s role Destination the destination po...

Страница 136: ...dicates whether or not RSPAN is currently functioning Switch Role Specifies the role this switch performs in mirroring traffic None This switch will not participate in RSPAN Source Specifies this devi...

Страница 137: ...e switch per session but a destination port can be configured on more than one switch for the same session Also note that a destination port can still send and receive switched traffic and participate...

Страница 138: ...fic present on their network The sFlow Agent samples 1 out of n packets from all data traversing the switch re encapsulates the samples as sFlow datagrams and transmits them to the sFlow Collector Thi...

Страница 139: ...ure Receiver Add page to create an sFlow receiver on the switch Parameters These parameters are displayed Receiver Owner Name2 The name of the receiver Range 1 256 characters Default None Receiver Tim...

Страница 140: ...oad Range 200 1500 bytes Datagram Version Sends either v4 or v5 sFlow datagrams to the receiver Web Interface To configure an sFlow receiver 1 Click Interface sFlow 2 Select Configure Receiver from th...

Страница 141: ...face that polls periodically based on a specified time interval or an sFlow data source instance for a specific interface that takes samples periodically based on the number of packets processed Data...

Страница 142: ...g an sFlow Instance Web Interface To show configured instances 1 Click Interface sFlow 2 Select Configure Details from the Step list 3 Select Show from the Action list 4 Select the owner name from the...

Страница 143: ...link ports used by other clients allowing different clients to share access to their uplink ports where security is less likely to be compromised Enabling Traffic Segmentation Use the Interface Traffi...

Страница 144: ...nfigure Global page see page 143 When traffic segmentation is disabled all ports operate in normal forwarding mode based on the settings specified by other functions such as VLANs and spanning tree pr...

Страница 145: ...ng the direction to uplink or downlink Default Uplink Interface Displays a list of ports ortrunks Port Port Identifier Range 1 52 Trunk Trunk Identifier Range 1 8 Web Interface To configure the member...

Страница 146: ...raffic Segmentation To show the members of the traffic segmentation group 1 Click Interface Traffic Segmentation 2 Select Configure Session from the Step list 3 Select Show from the Action list Figure...

Страница 147: ...adcast domains VLANs confine broadcast traffic to the originating group and can eliminate broadcast storms in large networks This also provides a more secure and cleaner network environment An IEEE 80...

Страница 148: ...LAN aware network devices along the path that will carry this traffic to the same VLAN s either manually or dynamically using GVRP However if you want a port on this switch to participate in one or mo...

Страница 149: ...s can be assigned to multiple tagged or untagged VLANs Each port on the switch is therefore capable of passing tagged or untagged frames When forwarding a frame from this switch along a path that cont...

Страница 150: ...ress to a VLAN see Setting the Switch s IP Address IP Version 4 on page 499 Show VLAN ID ID of configured VLAN VLAN Name Name of the VLAN Status Operational status of configured VLAN Remote VLAN Shows...

Страница 151: ...VLAN groups 1 Click VLAN Static 2 Select Modify from the Action list 3 Select the identifier of a configured VLAN 4 Modify the VLAN name or operational status as required 5 Enable the L3 Interface fi...

Страница 152: ...ey are connected to 802 1Q VLAN compliant devices or untagged they are not connected to any VLAN aware devices Or configure a port as forbidden to prevent the switch from automatically adding it to a...

Страница 153: ...for which it is not a member these frames will be flooded to all other ports except for those VLANs explicitly forbidden on this port If ingress filtering is enabled and a port receives frames tagged...

Страница 154: ...unk Range Displays a list of ports Range 1 8 Note The PVID acceptable frame type and ingress filtering parameters for each interface within the specified range must be configured on either the Edit Me...

Страница 155: ...LAN Members by Interface To configure static members by interface range 1 Click VLAN Static 2 Select Edit Member by Interface Range from the Action list 3 Set the Interface type to display as Port orT...

Страница 156: ...e intensive processing of VLAN mapping tables and could easily exceed the maximum VLAN limit of 4096 QinQ tunneling uses a single Service Provider VLAN SPVLAN for customers who have multiple VLANs Cus...

Страница 157: ...LAN 20 Customer B VLANs 1 50 Layer 2 Flow for Packets Coming into a Tunnel Access Port A QinQ tunnel port may receive either tagged or untagged packets No matter how many tags the incoming packet has...

Страница 158: ...ned to be a Customer VLAN CVLAN tag The uplink port s PVID VLAN native tag is added to the packet This outer tag is used for learning and switching packets within the service provider s network The TP...

Страница 159: ...ffic to reduce the risk of misconfiguration Instead use VLAN 1 as a management VLAN instead of a data VLAN in the service provider network There are some inherent incompatibilities between Layer 2 and...

Страница 160: ...hexadecimal 0800 FFFF Default 8100 Use this field to set a custom 802 1Q ethertype value for the 802 1Q Tunnel TPID This feature allows the switch to interoperate with third party switches that do no...

Страница 161: ...56 When priority bits are found in the inner tag these are also copied to the outer tag This allows the service provider to differentiate service based on the indicated priority and appropriate method...

Страница 162: ...ect Add from the Action list 4 Select an interface from the Port list 5 Specify the CVID to SVID mapping for packets exiting the specified port 6 Click Apply Figure 83 Configuring CVLAN to SPVLAN Mapp...

Страница 163: ...nonstandard 2 byte ethertype to identify 802 1Q tagged frames Then use the Configure Interface page to set the access interface on the edge switch to Access mode and set the uplink interface on the s...

Страница 164: ...rotocol When a frame is received at a port its VLAN membership can then be determined based on the protocol type being used by the inbound packets Command Usage To configure protocol based VLANs follo...

Страница 165: ...raffic which matches IP Protocol Ethernet Frames is mapped to the VLAN VLAN 1 that has been configured with the switch s administrative IP IP Protocol Ethernet traffic must not be mapped to another VL...

Страница 166: ...roup to a VLAN for each interface that will participate in the group Command Usage When creating a protocol based VLAN only assign interfaces using this configuration screen If you assign interfaces u...

Страница 167: ...ID Protocol Group ID assigned to the Protocol VLAN Group Range 1 2147483647 VLAN ID VLAN to which matching protocol traffic is forwarded Range 1 4094 Priority The priority assigned to untagged ingres...

Страница 168: ...Mapping Configuring MAC based VLANs Use the VLAN MAC Based page to configure VLAN based on MAC addresses The MAC based VLAN feature assigns VLAN IDs to ingress untagged frames according to source MAC...

Страница 169: ...i e it cannot be 101 or 001 A mask for the MAC address 00 50 6e 00 5f b1 translated into binary MAC 00000000 01010000 01101110 00000000 01011111 10110001 could be 11111111 11xxxxxx xxxxxxxx xxxxxxxx...

Страница 170: ...nfiguration Configuring MAC based VLANs 170 Figure 90 Configuring MAC Based VLANs To show the MAC addresses mapped to a VLAN 1 Click VLAN MAC Based 2 Select Show from the Action list Figure 91 Showing...

Страница 171: ...fication Traps Issue trap when a dynamic MAC address is added or removed Displaying the Dynamic Address Table Use the MAC Address Dynamic Show Dynamic MAC page to display the MAC addresses learned by...

Страница 172: ...r Interface 4 Enter the search parameters MAC Address VLAN orInterface 5 Click Query Figure 92 Displaying the Dynamic MAC Address Table Clearing the Dynamic Address Table Use the MAC Address Dynamic C...

Страница 173: ...g Entries in the Dynamic MAC Address Table Changing the Aging Time Use the MAC Address Dynamic Configure Aging page to set the aging time for entries inthe dynamic address table The aging timeis usedt...

Страница 174: ...ccepted as authorized to access the network through that interface Dynamic addresses stored in the address table when MAC address learning is disabled are flushed from the system and no dynamic addres...

Страница 175: ...st of ports ortrunks Port Port Identifier Range 1 52 Trunk Trunk Identifier Range 1 8 Status The status of MAC address learning Default Enabled Web Interface To enable or disable MAC address learning...

Страница 176: ...l not be written to the address table Static addresses will not be removed from the address table when a given interface link is down A static address cannot be learned on another port until the addre...

Страница 177: ...the Action list 3 Specify the VLAN the port or trunk to which the address will be assigned the MAC address and the time to retain this entry 4 Click Apply Figure 96 Configuring Static MAC Addresses T...

Страница 178: ...ifies the interval between issuing two consecutive traps Range 1 3600 seconds Default 1 second Configure Interface Port Port Identifier Range 1 52 MAC Notification Trap Enables MAC authentication trap...

Страница 179: ...enable MAC address traps at the interface level 1 Click MAC Address MAC Notification 2 Select Configure Interface from the Step list 3 Enable MAC notification traps for the required ports 4 Click App...

Страница 180: ...Chapter 6 Address Table Settings Issuing MAC Address Traps 180...

Страница 181: ...etwork and provide backup links which automatically take over when a primary link goes down The spanning tree algorithms supported by this switch include these versions STP Spanning Tree Protocol IEEE...

Страница 182: ...earning predefining an alternate route that can be used when a node or port fails and retaining the forwarding database for ports insensitive to changes in the tree structure when reconfiguration occu...

Страница 183: ...nce MSTI the protocol will automatically build an MSTI tree to maintain connectivity among each of the VLANs MSTP maintains contact with the global network because each instance is treated as an RSTP...

Страница 184: ...eased from discard mode This is only available if the interface is configured for manual release mode Action Sets the response for loopback detection to block user traffic or shut down the interface D...

Страница 185: ...VLANs we recommend selecting the MSTP option Rapid Spanning Tree Protocol3 RSTP supports connections to either STP or RSTP nodes by monitoring the incoming protocol messages and dynamically adjusting...

Страница 186: ...rotocol IEEE 802 1D i e when this option is selected the switch will use RSTP set to STP forced compatibility mode RSTP Rapid Spanning Tree IEEE 802 1w RSTP is the default MSTP Multiple Spanning Tree...

Страница 187: ...1 65535 Transmission Limit The maximum transmission rate for BPDUs is specified by setting the minimum interval between the transmission of consecutive protocol messages Range 1 10 Default 3 When the...

Страница 188: ...umber of MSTP instances to which this switch can be assigned Configuration Digest An MD5 signature key that contains the VLAN ID to MST ID mapping table Inother words this key is a mapping ofall VLANs...

Страница 189: ...189 Chapter 7 Spanning Tree Algorithm Configuring Global Settings for STA 5 Click Apply Figure 104 Configuring Global Settings for STA STP Figure 105 Configuring Global Settings for STA RSTP...

Страница 190: ...items Bridge ID A unique identifier for this bridge consisting of the bridge priority the MST Instance ID 0 for the Common Spanning Tree when spanning tree type is set to MSTP and MAC address where t...

Страница 191: ...figuring Interface Settings for STA Use the Spanning Tree STA Configure Interface Configure page to configure RSTP and MSTP attributes for specific interfaces including port priority path cost link ty...

Страница 192: ...ttached to faster media and higher values assigned to ports with slower media Note that path cost takes precedence over port priority Range 0 for auto configuration 1 65535 for the short path cost met...

Страница 193: ...ports will still have the same root path cost and it will be impossible for i2 to become the root port just by changing its path cost on SW3 For RSTP mode the root port can be determined simply by adj...

Страница 194: ...terface cannot function as an edge port under the following conditions If spanning tree mode is set to STP page 185 edge port mode cannot automatically transition to operational edge port state using...

Страница 195: ...ther administrative edge is enabled on a port BPDU filtering is configured on a per port basis Default Disabled BPDU filter can only be configured on an interface if the edge port attribute is not dis...

Страница 196: ...anning Tree Discarding Port receives STA configuration messages but does not forward packets Learning Port has transmitted configuration messages for an interval set by the Forward Delay parameter wit...

Страница 197: ...is parameter is determined by manual configuration or by auto detection as described for Admin Link Type in STA Port Configuration on page 191 Oper Edge Port This parameter is initialized to the setti...

Страница 198: ...for determining the port role is based on root bridge ID root path cost designated bridge designated port port priority and port number in that order and as applicable to the role under question Web I...

Страница 199: ...MSTI Region page 185 with the same set of instances and the same instance on each bridge with the same set of VLANs Also note that RSTP treats each MSTI region as a single node connecting all regions...

Страница 200: ...the MST instance identifier and the initial VLAN member Additional member can be added using the Spanning Tree MSTP Configure Global Add Member page If the priority is not specified the default value...

Страница 201: ...e priority for an MSTP Instance 5 Click Apply Figure 114 Modifying the Priority for an MST Instance To display global settings for MSTP 1 Click Spanning Tree MSTP 2 Select Configure Global from the St...

Страница 202: ...ect an MST instance from the MST IDlist 5 Enter the VLAN group to add to the instance in the VLAN ID field Note that the specified member does not have to be a configured VLAN 6 Click Apply Figure 116...

Страница 203: ...e the same the port with the highest priority i e lowest value will be configured as an active link in the Spanning Tree This makes a port with higher priority less likely to be blocked if the Spannin...

Страница 204: ...rface from the Step list 3 Select Configure from the Action list 4 Enter the priority and path cost for aninterface 5 Click Apply Figure 118 Configuring MSTP Interface Settings To display MSTP paramet...

Страница 205: ...the maximum rate for traffic received or transmitted on an interface Rate limiting is configured on interfaces at the edge of a network to limit traffic into or out of the network Packets that exceed...

Страница 206: ...onfigured If there is too much traffic on your network performance can be severely degraded or everything can come to complete halt You can protect your network from traffic storms by setting a thresh...

Страница 207: ...oadcast Specifies storm control for broadcast traffic Status Enables or disables storm control Default Enabled for broadcast storm control disabled for multicast and unknown unicast storm control Rate...

Страница 208: ...Chapter 8 Congestion Control Storm Control 208 Figure 121 Configuring Storm Control...

Страница 209: ...s This section describes how to configure the default priority for untagged frames set the queue mode set the weights assigned to each queue and map class of service tags to queues Setting the Default...

Страница 210: ...ure 122 Setting the Default Port Priority Selecting the QueueMode Use the Traffic Priority Queue page to set the queue mode for the egress queues on any interface The switch can be set to service the...

Страница 211: ...ed queue mode applies to all interfaces Parameters These parameters are displayed Queue Mode Strict Services the egress queues in sequential order transmitting all traffic in the higher priority queue...

Страница 212: ...eighted queue mode is selected the queue weight can be modified if required 4 If the queue mode that uses a combination of strict and weighted queueing is selected the queues which are serviced first...

Страница 213: ...s are enabled the priorities are mapped to a Class of Service value by the switch and the traffic then sent to the corresponding output queue Because different priority information may be contained in...

Страница 214: ...riority processing if the packet is tagged For an untagged packet the default port priority see page 209 is used for priority processing Ifthe QoS mapping modeissettoCoS andthe ingresspackettype is IP...

Страница 215: ...4 0 5 5 0 5 0 6 6 0 6 0 7 7 0 7 0 Enter the per hop behavior for CoS CFI paired values If a packet arrives with a 802 1Q header but it is not an IP packet then the CoS CFI to Queue mapping table is us...

Страница 216: ...the three precedence bits so that non DSCP compliant ToS enabled devices will not conflict with the DSCP mapping Based on network policies different kinds of traffic can be marked for different kinds...

Страница 217: ...1 0 3 0 3 0 3 0 3 0 3 0 3 0 3 3 0 3 0 4 0 4 0 4 0 4 0 4 0 4 0 4 0 4 0 4 5 0 5 0 5 0 5 0 5 0 5 0 5 0 5 0 6 0 6 0 5 6 0 6 0 6 0 6 0 6 0 6 0 7 0 7 0 7 0 7 0 6 7 0 7 0 7 0 7 0 The ingress DSCP is composed...

Страница 218: ...218 Chapter 9 Class of Service Layer 3 4 Priority Settings Figure 128 Configuring DSCP to Queue Mapping...

Страница 219: ...cies different kinds of traffic can be marked for different kinds offorwarding All switches or routers that access the Internet rely on class information to provide the same forwarding treatment to pa...

Страница 220: ...also be configured to monitor the maximum throughput and burst rate Then specify the action to take for conforming traffic or the action to take for a policy violation 5 Use the Configure Interface pa...

Страница 221: ...of ACL can be specified including standard or extended IPv4 IPv6 ACLs and MAC ACLs IP DSCP A DSCP value Range 0 63 IP Precedence An IP Precedence value Range 0 7 IPv6 DSCP A DSCP value contained in a...

Страница 222: ...it the rules for a class map 1 Click Traffic DiffServ 2 Select Configure Class from the Step list 3 Select Add Rule from the Action list 4 Select the name of a classmap 5 Specify type of traffic for t...

Страница 223: ...requires several steps A class map must first be configured which indicates how to match the inbound packets according to an access list a DSCP or IP Precedence value a member of specific VLAN or a C...

Страница 224: ...f CoS CFI Values to Queue CFI on page 215 Meter Check this to define the maximum throughput Meter Mode Rate Limit Applies rate limiting to ingress or egress ports This function allows the network mana...

Страница 225: ...from the Action list Figure 134 Showing Policy Maps To edit the rules for a policy map 1 Click Traffic DiffServ 2 Select Configure Policy from the Step list 3 Select Add Rule from the Action list 4 S...

Страница 226: ...m the Step list 3 Select Show Rule from the Action list Figure 136 Showing the Rules for a Policy Map Attaching a Policy Map to a Port Use the Traffic DiffServ Configure Interface page to bind a polic...

Страница 227: ...ess traffic Web Interface To bind a policy map to a port 1 Click Traffic DiffServ 2 Select Configure Interface from the Step list 3 Check the box under the Ingress field to enable a policy map for a p...

Страница 228: ...228 Chapter 10 Quality of Service Attaching a Policy Map to a Port...

Страница 229: ...ket delays packet loss and jitter This is best achieved by assigning all VoIP traffic to a single Voice VLAN The use of a Voice VLAN has several advantages It provides security by isolating the VoIP t...

Страница 230: ...mode see Adding Static Members to VLANs on page 152 Parameters These parameters are displayed Auto Detection Status Enables the automatic detection of VoIP traffic on switch ports Default Disabled Voi...

Страница 231: ...ers are displayed Telephony OUI Specifies a MAC address range to add to the list Format xx xx xx xx xx xx Mask Identifies a range of MAC addresses Setting a mask of FF FF FF 00 00 00 identifies all de...

Страница 232: ...VoIP Traffic Ports Use the Traffic VoIP Configure Interface page to configure ports for VoIP traffic you need to set the mode Auto or Manual specify the discovery method to use and set the traffic pri...

Страница 233: ...ic from VoIP devices is detected by the Organizationally Unique Identifier OUI of the source MAC address OUI numbers are assigned to vendors and form the first three octets of a device MAC address MAC...

Страница 234: ...ise if the VoIP Mode is Disabled or set to Manual the remaining age will display NA Web Interface To configure VoIP traffic settings for a port 1 Click Traffic VoIP 2 Select Configure Interface from t...

Страница 235: ...e MAC authentication intrusion response dynamic VLAN assignment and dynamic QoS assignment HTTPS Provide a secure web connection SSH Provide a secure shell for secure Telnetaccess ACL Access Control L...

Страница 236: ...ns require the use of configured RADIUS or TACACS servers in the network The security servers can be defined as sequential groups that are applied as a method for controlling user access to specified...

Страница 237: ...y default management access is always checked against the authentication database stored on the local switch If a remote authentication server is used you must specify the authentication sequence Then...

Страница 238: ...on a central server to control access to RADIUS aware or TACACS aware devices on the network An authentication server contains a database of multiple user name password pairs with associated privilege...

Страница 239: ...obal Provides globally applicable RADIUS settings Server Index Specifies one of five RADIUS servers that may be configured The switch attempts authentication using the listed sequence of servers The p...

Страница 240: ...the request Range 1 65535 Default 5 Authentication Retries Number of times the switch tries to authenticate logon access via the authentication server Range 1 30 Default 2 Set Key Mark this box to set...

Страница 241: ...ver from the Step list 3 Select RADIUS or TACACS server type 4 Select Global to specify the parameters that apply globally to all specified servers or select a specific Server Index to specify the par...

Страница 242: ...DIUS or TACACS server groups to use for accounting and authorization 1 Click Security AAA Server 2 Select Configure Group from the Step list 3 Select Add from the Action list 4 Select RADIUS or TACACS...

Страница 243: ...e configured accounting methods the methods applied to specific interfaces and basic accounting information recorded for user sessions Command Usage AAA authentication through a RADIUS or TACACS serve...

Страница 244: ...p names radius and tacacs specifies all configured RADIUS and TACACS hosts see Configuring Local Remote Logon Authentication on page 237 Any other group name refers to a server group configured on the...

Страница 245: ...ules apply This field is null if the accounting method and associated server group has not been assigned to an interface Show Information Statistics User Name Displays a registered username Accounting...

Страница 246: ...from the Step list 3 Select Add from the Action list 4 Select the accounting type 802 1X Command Exec 5 Specify the name of the accounting method and server group name 6 Click Apply Figure 149 Config...

Страница 247: ...to specific interfaces console commands entered at specific privilege levels and local console Telnet or SSH connections 1 Click Security AAA Accounting 2 Select Configure Service from the Step list 3...

Страница 248: ...ccounting Service for Command Service Figure 153 Configuring AAA Accounting Service for Exec Service To display a summary of the configured accounting methods and assigned server groups for specified...

Страница 249: ...3 Click Statistics Figure 155 Displaying Statistics for AAA Accounting Sessions Configuring AAA Authorization Use the Security AAA Authorization page to enable authorization of requested services and...

Страница 250: ...Remote Logon Authentication on page 237 Any other group name refers to a server group configured on the TACACS Group Settings page Authorization is only supported for TACACS servers Configure Service...

Страница 251: ...Select Configure Method from the Step list 3 Specify the name of the authorization method and server group name 4 Click Apply Figure 156 Configuring AAA Authorization Methods To show the authorizatio...

Страница 252: ...elect Configure Service from the Step list 3 Enter the required authorization method 4 Click Apply Figure 158 Configuring AAA Authorization Methods for Exec Service To display a the configured authori...

Страница 253: ...0 7 provide the same default access to a limited number of commands which display the current status of the switch as well as several database clear and reset functions These commands are equivalent t...

Страница 254: ...words Password Specifies the user password Range 0 32 characters case sensitive Confirm Password Re type the string entered in the previous field to ensure no errors were made The switch will not chan...

Страница 255: ...originally requested web page Successful authentication is valid for all hosts connected to the port Note RADIUS authentication must be activated and configured properly for the web authentication fe...

Страница 256: ...t 3 Enable web authentication globally on the switch and adjust any of the protocol parameters as required 4 Click Apply Figure 162 Configuring Global Settings for Web Authentication Configuring Inter...

Страница 257: ...ost addresses that need to be re authenticated and click Re authenticate Figure 163 Configuring Interface Settings for Web Authentication Network Access MAC Address Authentication Some devices connect...

Страница 258: ...namic entries in the switch secure MAC address table and are removed when the aging time expires The maximum number of secure MAC addresses supported for the switch system is 1024 Configured static MA...

Страница 259: ...is used For example if the attribute is service policy in p1 service policy in p2 then the switch applies only the DiffServ profile p1 Any unsupported profiles in the Filter ID attribute are ignored F...

Страница 260: ...e MAC Address Authentication process described in this section as well as to any secure MAC addresses authenticated by 802 1X regardless of the 802 1X Operation Mode Single Host Multi Host or MAC Base...

Страница 261: ...this section Range 1 1024 Default 1024 Network Access Max MAC Count6 Sets the maximum number of MAC addresses that can be authenticated on a port interface via all forms of authentication including Ne...

Страница 262: ...ess and the host is assigned to the default untagged VLAN When the dynamic VLAN assignment status is changed on a port all authenticated addresses mapped to that port are cleared from the secure MAC a...

Страница 263: ...is no limitation on the number of entries used in a filter table Parameters These parameters are displayed Filter ID Adds a filter rule for the specified filter Range 1 64 MAC Address The filter rule...

Страница 264: ...167 Showing the MAC Address Filter Table for Network Access Displaying Secure MACAddress Information Use the Security Network Access Show Information page to display the authenticated MAC addresses s...

Страница 265: ...ss Time The time when the MAC address was last authenticated Attribute Indicates a static or dynamic address Web Interface To display the authenticated MAC addresses stored in the secure MAC address t...

Страница 266: ...ecify the TCP port used for this service Command Usage Both the HTTP and HTTPS service can be enabled independently on the switch However you cannot configure both services to use the same TCP port HT...

Страница 267: ...ndows 7 8 10 Linux Google Chrome 59 or later Windows 7 8 10 To specify a secure site certificate see Replacing the Default Secure site Certificate on page 268 Note Connection to the web interface is n...

Страница 268: ...you must obtain a unique certificate and a private key and password from a recognized certification authority Caution For maximum security we recommend you obtain a unique Secure Sockets Layer certifi...

Страница 269: ...ype the string entered in the previous field to ensure no errors were made The switch will not download the certificate if these two fields do not match Delete Deletes the HTTPS secure site certificat...

Страница 270: ...cation If password authentication is specified by the SSH client then the password can be authenticated either locally or via a RADIUS or TACACS remote authentication server as specified on the System...

Страница 271: ...SH server on the switch 6 Authentication One of the following authentication methods is employed Password Authentication for SSH v1 5 or V2 Clients a The client sends its password to the server b The...

Страница 272: ...client sessions The maximum number of client sessions includes both current Telnet sessions and SSH sessions Note The SSH server can be accessed using any configured IPv4 or IPv6 interface address on...

Страница 273: ...he authentication parameters as required 5 Click Apply Figure 171 Configuring the SSH Server Generating the Host KeyPair Use the Security SSH Configure Host Key Generate page to generate a host public...

Страница 274: ...her DES 56 bit or 3DES 168 bit for data encryption Note The switch uses only RSA Version 1 for SSHv1 5 clients and DSA Version 2 for SSHv2 clients Save Saves the host key from RAM i e volatile memory...

Страница 275: ...ublic key authentication mechanism If the user s public key does not exist on the switch SSH will revert to the interactive password authentication mechanism to complete authentication Parameters Thes...

Страница 276: ...key 1 Click Security SSH 2 Select Configure User Key from the Steplist 3 Select Copy from the Action list 4 Select the user name and the public key type from the respective drop down boxes input the T...

Страница 277: ...packets against the conditions in an ACL one by one A packet will be accepted as soon as it matches a permit rule or dropped as soon as it matches a deny rule If no rules match the packet is accepted...

Страница 278: ...found down to the end of the list the traffic is denied For this reason frequently hit entries should be placed at the top of the list There is an implied deny for traffic that is not explicitly permi...

Страница 279: ...in the TCAM List Unit Stack unit identifier Device Memory chip used for indicated pools Pool Rule slice or call group Each slice has a fixed number of rules that are used for the specified features To...

Страница 280: ...IP Standard IPv4 ACL mode filters packets based on the source IPv4 address IP Extended IPv4 ACL mode filters packets based on the source or destination IPv4 address as well as the protocol type and pr...

Страница 281: ...gs used for ARP inspection see ARP Inspection on page 324 Web Interface To configure the name and type of an ACL 1 Click Security ACL 2 Select Configure ACL from the Steplist 3 Select Add from the Act...

Страница 282: ...pecifies the source IP address Use Any to include all possible addresses Host to specify a specific host address in the Address field or IP to specify a range of addresses with the Address and Subnet...

Страница 283: ...e Permit or Deny 7 Select the address type Any Host orIP 8 If you select Host enter a specific address If you select IP enter asubnet address and the mask for an address range 9 Click Apply Figure 17...

Страница 284: ...the protocol type to match as TCP UDP or Others where others indicates a specific protocol number 0 255 Options TCP UDP Others Default Others The following items are under TCP Control Code Decimal num...

Страница 285: ...Click Security ACL 2 Select Configure ACL from the Steplist 3 Select Add Rule from the Action list 4 Select IP Extended from the Type list 5 Select the name of an ACL from the Name list 6 Specify the...

Страница 286: ...include all possible addresses Host to specify a specific host address in the Address field or IPv6 Prefix to specify a range of addresses Options Any Host IPv6 Prefix Default Any Source IPv6 Address...

Страница 287: ...t or Deny 7 Select the source address type Any Host or IPv6 prefix 8 If you select Host enter a specific address If you select IPv6 prefix enter a subnet address and the prefix length 9 Click Apply Fi...

Страница 288: ...t of the address comprise the prefix i e the networkportionoftheaddress Range 0 128bitsforthesourceprefix 0 8bits for the destination prefix DSCP DSCP traffic class Range 0 63 Source Port Protocol7 so...

Страница 289: ...d Rule from the Action list 4 Select IPv6 Extended from the Type list 5 Select the name of an ACL from the Name list 6 Specify the action i e Permit or Deny 7 Select the address type Any or IPv6 prefi...

Страница 290: ...ss Source or destination MAC address Source Destination Bit Mask Hexadecimal mask for source ordestination MAC address Packet Format This attribute includes the following packet types Any Any Ethernet...

Страница 291: ...Type list 5 Select the name of an ACL from the Name list 6 Specify the action i e Permit or Deny 7 Select the address type Any Host orMAC 8 If you select Host enter a specific address e g 11 22 33 44...

Страница 292: ...addresses Host to specify a specifichostaddressintheAddressfield or IP tospecifyarangeofaddresses with the Address and Mask fields Options Any Host IP Default Any Source Destination IP Address Source...

Страница 293: ...enter a base address and a hexadecimal bit mask for an address range 10 Enable logging if required 11 Click Apply Figure 184 Configuring a ARP ACL Binding a Port toan Access ControlList After configu...

Страница 294: ...from the Action list 4 Select IP MAC or IPv6 from the Type options 5 Select a port 6 Select the name of an ACL from the ACL list 7 Click Apply Figure 185 Binding a Port to an ACL Showing ACL HardwareC...

Страница 295: ...ules Shows the rules for the ACL bound to this port Time Range Name of a timerange Hit Shows the number of packets matching this ACL Clear Counter Clears the hit counter for the specified ACL Web Inte...

Страница 296: ...t access respectively Each of these groups can include up to five different sets of addresses either individual addresses or address ranges Whenenteringaddressesforthesamegroup i e SNMP weborTelnet th...

Страница 297: ...ect the management interface to filter Web SNMP Telnet All 4 Enter the IP addresses or range of addresses that are allowed management access to an interface 5 Click Apply Figure 187 Creating an IP Add...

Страница 298: ...l learn up to the maximum number of allowed address pairs source MAC address VLAN for frames received on the port When the port has reached the maximum number of MAC addresses the port will stop learn...

Страница 299: ...n SNMP trap message Shutdown Disable the port Trap and Shutdown Send an SNMP trap message and disable the port Max MAC Count The maximum number of MAC addresses that can be learned on a port Range 0 1...

Страница 300: ...to all switch ports in a network can be centrally controlled from a server which means that authorized users can use the same credentials for authentication from any point within the network This swit...

Страница 301: ...t 3 Client sends back identity information 4 Switch forwards this to authentication server 5 Authentication server challenges client 6 Client responds with proper credentials 7 Authentication server a...

Страница 302: ...nable 802 1X globally for the switch 4 Click Apply Figure 191 Configuring Global Settings for 802 1X Port Authentication Configuring Port Authenticator Settings for 802 1X Use the Security Port Authen...

Страница 303: ...erver Clients that are not dot1x aware will be denied access Force Authorized Forces the port to grant access to all clients either dot1x aware or otherwise This is the defaultsetting Force Unauthoriz...

Страница 304: ...send an EAP request identity frame to the client to request its identity followed by one or more requests for authentication information It may also send other EAP request frames to the client during...

Страница 305: ...te is re entered Current Identifier Identifier sent in each EAP Success Failure or Request packet by the Authentication Server Backend State Machine State Current state including request response succ...

Страница 306: ...hat have been received by this Authenticator Rx EAPOL Logoff The number of EAPOL Logoff frames that have been received by this Authenticator Rx EAPOL Invalid The number of EAPOL frames that have been...

Страница 307: ...valid EAPOL frames of any type that have been received by this Supplicant Rx Last EAPOLVer The protocol version number carried in the most recent EAPOL frame received by this Supplicant Rx Last EAPOLS...

Страница 308: ...that it can no longer provide its intended service or to obstruct the communication media between the intended users and the target so that they can no longer communicate adequately This section desc...

Страница 309: ...simply discards the TCP SYN FIN scan Default Enabled TCP Xmas Scan A so called TCP XMAS scan message is used to identify listening TCP ports This scan uses a series of strangely configured TCP packet...

Страница 310: ...g the dynamic bindings registered with DHCP Snooping or using the static bindings configured with IP Source Guard DHCP snooping allows a switch to protect a network from rogue DHCP servers or other de...

Страница 311: ...ooping entry is also added to the binding table If DHCP snooping is enabled globally and also enabled on the VLAN where the DHCP packet is received but the port is not trusted it is processed as follo...

Страница 312: ...s When the DHCP Snooping Information Option 82 is enabled the requesting client or an intermediate relay agent that has used the information fields to describe itself can be identified in the DHCP req...

Страница 313: ...rcuit ID CID and remote ID RID in Option 82 information Default Enabled DHCP Snooping Information Option Remote ID Specifies the MAC address IP address or arbitrary identifier of the requesting device...

Страница 314: ...request and forwards the packets to trusted ports Replace Replaces the Option 82 information circuit id and remote id fields in the client s request with information about the relay agent itself inse...

Страница 315: ...hen DHCP snooping is globally enabled and DHCP snooping is then disabled on a VLAN all dynamic bindings learned for this VLAN are removed from the binding table Parameters These parameters are display...

Страница 316: ...the local network or fire wall to untrusted state The format for TR101 option 82 is IP eth SID PORT VLAN Note that the SID Switch ID is always 0 By default the PVID is added to the end of the TR101 f...

Страница 317: ...Time The time for which this IP address is leased to the client Type Entry types include DHCP Snooping Dynamically snooped Static DHCPSNP Statically configured VLAN VLAN to which this entry is bound...

Страница 318: ...ress of a neighbor to access the network This section describes how to configure IPv4 Source Guard Configuring Ports for IPv4 Source Guard Use the Security IP Source Guard General page to set the filt...

Страница 319: ...source IP address port number and source MAC address for the SIP MAC option If a matching entry is found in the binding table and the entry type is static IP source guard binding the packet will be f...

Страница 320: ...ce To set the IP Source Guard filter for ports 1 Click Security IP Source Guard General 2 Set the required filtering type set the table type to use ACL or MAC address binding and then set the maximum...

Страница 321: ...with the same VLAN ID and MAC address and the type of the entry is dynamic DHCP snooping binding then the new entry will replace the old one and the entry type will be changed to static IP source guar...

Страница 322: ...ated with the entry IP Address IP address corresponding to the client VLAN VLAN to which this entry is bound Interface The port to which this entry is bound Web Interface To configure static bindings...

Страница 323: ...ch VLAN ID of a configured VLAN Range 1 4094 MAC Address A valid unicast MAC address IP Address A valid unicast IP address including classful types A B or C Dynamic Binding List VLAN VLAN to which thi...

Страница 324: ...dress bindings stored in a trusted database the DHCP snooping binding database see DHCP Snooping Global Configuration on page 313 This database is built by DHCP snooping if it is enabled on globally o...

Страница 325: ...switch to validate address information in each packet and configure logging Command Usage ARP Inspection Validation By default ARP Inspection Validation is disabled Specifying at least one of the fol...

Страница 326: ...l be replaced with the newest entry Parameters These parameters are displayed ARP Inspection Status Enables ARP Inspection globally Default Disabled ARP Inspection Validation Enables extended ARP Insp...

Страница 327: ...to use Command Usage ARP Inspection VLAN Filters ACLs By default no ARP Inspection ACLs are configured and the feature is disabled ARP Inspection ACLs are configured within the ARP ACL configuration p...

Страница 328: ...mode also selected the switch only performs ARP Inspection and bypasses validation against the DHCP Snooping Bindings database When an ARP ACL is selected but static mode is not selected the switch fi...

Страница 329: ...nd will always be forwarded while those arriving on untrusted interfaces are subject to all configured ARP inspection tests Packet Rate Limit Sets the maximum number of ARP packets that can be process...

Страница 330: ...ditional validation Src MAC ARP packets dropped by ARP ACLs ARP packets dropped by DHCP snooping Count of ARP packets received but not exceeding the ARP Inspection rate limit Count of ARP packets exce...

Страница 331: ...rs are displayed Table 19 ARP Inspection Log VLAN ID The VLAN where this packet was seen Port The port where this packet was seen Src IP Address The source IP address in thepacket Dst IP Address The d...

Страница 332: ...Chapter 12 Security Measures ARP Inspection 332 Figure 207 Displaying the ARP Inspection Log...

Страница 333: ...st domain Simple Network Management Protocol SNMP Configures switch management through SNMPv1 SNMPv2c or SNMPv3 Remote Monitoring RMON Configures local collection of detailed statistics or events whic...

Страница 334: ...hat are logged to flash or RAM memory The default is for event levels 0 to 3 to be logged to flash and levels 0 to 7 to be logged to RAM Parameters These parameters are displayed System Log Status Ena...

Страница 335: ...ommand Log Status Records the commands executed from the CLI including the execution time and information about the CLI user including the user name user interface console port telnet or SSH and user...

Страница 336: ...s are displayed Remote Log Status Enables disables the logging of debug or error messages to the remote logging process Default Disabled Logging Facility Sets the facility type for remote logging of s...

Страница 337: ...te Logging of Error Messages Sending Simple Mail Transfer Protocol Alerts Use the Administration Log SMTP page to alert system administrators of problems by sending SMTP Simple Mail Transfer Protocol...

Страница 338: ...rt messages You can specify up to five recipients Server IP Address Specifies a list of up to three recipient SMTP servers IPv4 or IPv6 addresses may be specified The switch attempts to connect to the...

Страница 339: ...Timing Attributes Use the Administration LLDP Configure Global page to set attributes for general functions such as globally enabling LLDP on the switch setting the message ageout time and setting the...

Страница 340: ...changes in LLDP neighbors that occur between SNMP notifications is not transmitted Only state changes that exist at the time of a notification are included in the transmission An SNMP agent should th...

Страница 341: ...abled This option sends out SNMP trap notifications to designated target stations at the interval specified by the Notification Interval in the preceding section Trap notifications include information...

Страница 342: ...through the particular port should be accompanied by a port and protocol VLAN TLV that indicates the VLAN identifier VID associated with the management address reported by this TLV Port Description Th...

Страница 343: ...tion on configuring the maximum frame size for this switch Default Enabled MAC PHY Configuration Status The MAC PHY configuration and status which includes information about auto negotiation support c...

Страница 344: ...entry refers to The type of device to which the location applies Location of DHCP server Location of network element closest to client Location of client This is thedefault Web Interface To configure...

Страница 345: ...such as the city street number building and room information The address location is specified as a type and value pair with the civic address type defined in RFC 4776 The following table describes so...

Страница 346: ...the total does not exceed 250 characters Parameters These parameters are displayed CA Type Descriptor of the data civic address value Range 0 255 CA Value Description of a location Range 1 32 characte...

Страница 347: ...ation Parameters These parameters are displayed General Settings Chassis Type Identifies the chassis containing the IEEE 802 LAN entity associated with the transmitting LLDP agent There are several wa...

Страница 348: ...bled The primary function s of the system which are currently enabled Refer to the preceding table Management Address The management address associated with the local system If no management address i...

Страница 349: ...circuit ID agent circuit ID IETFRFC 3046 Locally assigned locally assigned Port Trunk ID A string that contains the specific identifier for the local interface based on interface subtype used by this...

Страница 350: ...tocols Link Layer Discovery Protocol 350 Figure 216 Displaying Local Device Information for LLDP General Figure 217 Displaying Local Device Information for LLDP Port Figure 218 Displaying Local Device...

Страница 351: ...l switch Remote Index Index of remote device attached to this port Local Port The local port to which a remote LLDP capable device is attached Chassis Type Identifies the chassis containing the IEEE 8...

Страница 352: ...col VLANs configured on this interface whether the given port associated with the remote system supports port based protocol VLANs and whether the port based protocol VLANs are enabled on the given po...

Страница 353: ...listed in IETF RFC 3636 and is equal to the last number in the respective dot3MauType OID Port Details 802 3 Extension Power Information Remote Power Class The port Class of the given port associated...

Страница 354: ...ice Class Any of the following categories of endpoint devices Class 1 The most basic class of endpoint devices Class 2 Endpoint devices that supports media stream capabilities Class 3 Endpoint devices...

Страница 355: ...d in IEEE 802 1Q A value of zero indicates that the port is using priority tagged frames meaning that only the IEEE 802 1D priority level is significant and the default PVID of the ingress port is use...

Страница 356: ...rimary Power Source Backup Power Source Power conservation mode Power Value The total power in watts required by a PD device from a PSE device or the total power a PSE device is capable of sourcing ov...

Страница 357: ...port 1 Click Administration LLDP 2 Select Show Remote Device Information from the Step list 3 Select Port Port Details Trunk or TrunkDetails 4 When the next page opens select a port on this switch and...

Страница 358: ...Chapter 13 Basic Administration Protocols Link Layer Discovery Protocol 358 Figure 220 Displaying Remote Device Information for LLDP Port Details...

Страница 359: ...display statistics for LLDP capable devices attached to the switch and for LLDP protocol messages transmitted or received on all local interfaces Parameters These parameters are displayed General Sta...

Страница 360: ...TLV Frames Invalid A count of all LLDPDUs received with one or more detectable errors Frames Received Number of LLDP PDUs received Frames Sent Number of LLDP PDUs transmitted TLVs Unrecognized A count...

Страница 361: ...Chapter 13 Basic Administration Protocols LinkLayerDiscoveryProtocol 361 Figure 222 Displaying LLDP Device Statistics General Figure 223 Displaying LLDP Device Statistics Port...

Страница 362: ...P versions 1 2c and 3 This agent continuously monitors the status of the switch hardware as well as the traffic passing through its ports A network management station can access this information using...

Страница 363: ...on SNMP Configure Global page to enable SNMP on the switch and to enable trap messages 2 Use the Administration SNMP Configure Trap page to specify trap managers so that key events are reported by thi...

Страница 364: ...passwords Configuring Global Settings for SNMP Use the Administration SNMP Configure Global page to enable SNMPv3 service for all management clients i e versions 1 2c 3 and to enable trap messages Par...

Страница 365: ...ID is deleted or changed all SNMP users will be cleared You will need to reconfigure all existing users Parameters These parameters are displayed Engine ID A new engine ID can be specified by enterin...

Страница 366: ...herefore need to configure the remote agent s SNMP engine ID before you can send proxy requests or informs to it See Configuring Remote SNMPv3 Users on page 379 Parameters These parameters are display...

Страница 367: ...e SNMP view Range 1 32 characters OID Subtree Specifies the initial object identifier of a branch within the MIB tree Wild cards can be used to mask a specific portion of the OID string Use the Add OI...

Страница 368: ...list 4 Enter a view name and specify the initial OID subtree in the switch s MIB database to be included or excluded in the view Use the Add OID Subtree page to add additional object identifier branch...

Страница 369: ...e list of existing views and specify an additional OID subtree in the switch s MIB database to be included or excluded in the view 5 Click Apply Figure 230 Adding an OID Subtree to an SNMP View To sho...

Страница 370: ...which the user is assigned Range 1 32 characters Security Model The user security model SNMP v1 v2c or v3 Security Level The following security levels are only used for the groups assigned to the SNMP...

Страница 371: ...tity acting in an agent role has detected that the ifOperStatus object for one of its communication links is about to enter the down state from some other state but not from the notPresent state This...

Страница 372: ...rm this swAtcMcastStormAlarmClearTrap 1 3 6 1 4 1 22426 44 2 1 0 75 When multicast storm is detected as normal traffic swAtcMcastStormTcApplyTrap 1 3 6 1 4 1 22426 44 2 1 0 76 When ATC is activated th...

Страница 373: ...he lbdDetectionTrap 1 3 6 1 4 1 22426 44 2 1 0 141 This trap is sent when a loopback condition is lbdRecoveryTrap 1 3 6 1 4 1 22426 44 2 1 0 142 This trap is sent when a recovery is done by LBD sfpThr...

Страница 374: ...re Group from the Step list 3 Select Add from the Action list 4 Enter a group name assign a security model and level and then select read write and notify views 5 Click Apply Figure 232 Creating an SN...

Страница 375: ...s to the SNMP protocol Range 1 32 characters case sensitive Default strings public Read Only private Read Write Access Mode Specifies the access rights for the community string Read Only Authorized ma...

Страница 376: ...unique name Users must be configured with a specific security level and assigned to a group The SNMPv3 group restricts users to a specific read write and notify view Parameters These parameters are di...

Страница 377: ...use for data privacy only 56 bit DES is currently available Privacy Password A minimum of eight plain text characters is required Web Interface To configure a local SNMPv3 user 1 Click Administration...

Страница 378: ...sers 1 Click Administration SNMP 2 Select Configure User from the Step list 3 Select Show SNMPv3 Local User from the Action list Figure 237 Showing Local SNMPv3 Users To change a local SNMPv3 local us...

Страница 379: ...esides The remote engine ID is used to compute the security digest for authentication and encryption of packets passed between the switch and the remote user See Specifying Trap Managers on page 382 a...

Страница 380: ...Privacy Password A minimum of eight plain text characters is required Web Interface To configure a remote SNMPv3 user 1 Click Administration SNMP 2 Select Configure User from the Step list 3 Select Ad...

Страница 381: ...anagement Protocol 381 Figure 239 Configuring Remote SNMPv3 Users To show remote SNMPv3 users 1 Click Administration SNMP 2 Select Configure User from the Step list 3 Select Show SNMPv3 Remote User fr...

Страница 382: ...affic You should consider these effects when deciding whether to issue notifications as traps or informs To send an inform to a SNMPv2c host complete these steps 1 Enable the SNMP agent page 364 2 Cre...

Страница 383: ...only available for version 2c and 3 hosts Default traps are used Timeout The number of seconds to wait for an acknowledgment before resending an inform message Range 0 2147483647 centiseconds Default...

Страница 384: ...ill be automatically generated Remote User Name The name of a remote user which is used to identify the source of SNMPv3 inform messages sent from the local switch Range 1 32 characters If an account...

Страница 385: ...ic Administration Protocols Simple Network Management Protocol 385 5 Click Apply Figure 241 Configuring Trap Managers SNMPv1 Figure 242 Configuring Trap Managers SNMPv2c Figure 243 Configuring Trap Ma...

Страница 386: ...ndividual MIBs can now bear less responsibility to record transient information associated with an event against the possibility that the Notification message is lost and applications can poll the log...

Страница 387: ...lly It is not sent to a remote device This remote host parameter is only required to complete mandatory fields in the SNMP Notification MIB Filter Profile Name Notification log profile name Range 1 32...

Страница 388: ...represented an SNMP operation which was not allowed by the SNMP community named in the message Encoding errors The total number of ASN 1 or BER errors encountered by the SNMP entity when decoding rec...

Страница 389: ...es errors The total number of SNMP PDUs which were delivered to or generated by the SNMP protocol entity and for which the value of the error status field is badValue General errors The total number o...

Страница 390: ...ly send a trap message to the management agent which can then respond to the event if so configured Configuring RMON Alarms Use the Administration RMON Configure Global Add Alarm page to define specif...

Страница 391: ...in the event control table then no event will be generated Range 0 65535 Falling Threshold If the current value is less than or equal to the falling threshold and the last sample value was greater th...

Страница 392: ...Monitoring 392 Figure 248 Configuring an RMON Alarm To show configured RMON alarms 1 Click Administration RMON 2 Select Configure Global from the Step list 3 Select Show from the Action list 4 Click...

Страница 393: ...try Range 1 65535 Type Specifies the type of event to initiate None No event is generated Log Generates an RMON log entry when the event is triggered Log messages are processed based on the current co...

Страница 394: ...list 4 Click Event 5 Enter an index number the type of event to initiate the community string to send with trap messages the name of the person who created this event and a brief description of the ev...

Страница 395: ...ollection is already enabled on an interface the entry must be deleted before any changes can be made The information collected for each sample includes input octets packets broadcast packets multicas...

Страница 396: ...terface To periodically sample statistics on a port 1 Click Administration RMON 2 Select Configure Interface from the Step list 3 Select Add from the Action list 4 Click History 5 Select a port from t...

Страница 397: ...ry Figure 253 Showing Configured RMON History Samples To show collected RMON history samples 1 Click Administration RMON 2 Select Configure Interface from the Step list 3 Select Show Details from the...

Страница 398: ...octets packets broadcast packets multicast packets undersize packets oversize packets CRC alignment errors jabbers fragments collisions drop events and frames of various sizes Parameters These parame...

Страница 399: ...ct Configure Interface from the Step list 3 Select Show from the Action list 4 Select a port from the list 5 Click Statistics Figure 256 Showing Configured RMON Statistical Samples To show collected R...

Страница 400: ...or the web interface to communicate directly with the Commander through its IP address and then use the Commander to manage Member switches through the cluster s internal IP addresses Clustered switc...

Страница 401: ...work IP subnet Cluster IP addresses are assigned to switches when they become Members and are used for communication between Member switches and the Commander Parameters These parameters are displayed...

Страница 402: ...idate 4 Click Apply Figure 258 Configuring a Switch Cluster Cluster Member Configuration Use the Administration Cluster Configure Member Add page to add Candidate switches to the cluster as Members Pa...

Страница 403: ...ep list 3 Select Add from the Action list 4 Select one of the cluster candidates discovered by this switch or enter the MAC address of a candidate 5 Click Apply Figure 259 Configuring a Cluster Member...

Страница 404: ...Use the Administration Cluster Show Member page to manage another switch in the cluster Parameters These parameters are displayed Member ID The ID number of the Member switch Range 1 36 Role Indicates...

Страница 405: ...ge to set a time range during which various functions are applied including applied ACLs or PoE Command Usage If both an absolute rule and one ormore periodic rules are configured for the sametimerang...

Страница 406: ...c interval Start To Specifies the days of the week hours and minutes at which to start or end Web Interface To configure a time range 1 Click Administration Time Range 2 Select Add from the Action lis...

Страница 407: ...lect the name of time range from the drop down list 4 Select a mode option of Absolute orPeriodic 5 Fill in the required parameters for the selected mode 6 Click Apply Figure 265 Add a Rule to a Time...

Страница 408: ...t 16 nodes are used but should always run under than 500 ms Operational Concept Loop avoidance in the ring is achieved by guaranteeing that at any time traffic may flow on all but one of the ring link...

Страница 409: ...multipoint to multipoint connectivity within interconnected rings called a multi ring ladder network topology This arrangement consists of conjoined rings connected by one or more interconnection poi...

Страница 410: ...rate ERP Control Processes for each Ethernet Ring Figure 268 on page 410 Signal Fail Condition illustrates a situation where protection switching has occurred due to an SF condition on the ring link b...

Страница 411: ...maintenance commands The CVLAN must NOT be configured with an IP address In addition only ring ports may be added to the CVLAN prior to configuring the VLAN as a CVLAN No other ports can be members o...

Страница 412: ...ERPS Status Enables ERPS on the switch Default Disabled ERPS must be enabled globally on the switch before it can enabled on an ERPS ring by setting the Admin Status on the Configure Domain Configure...

Страница 413: ...el The maintenance entity group MEG level providing a communication channel for ring automatic protection switching R APS information Control VLAN Shows the Control VLAN ID Node State Shows the follow...

Страница 414: ...ed to the RPL Configure Details Domain Name Name of a configured ERPS ring Range 1 12 characters Service Instances within each ring are based on a unique maintenance association for the specific users...

Страница 415: ...ringnodesrunningG 8032v1andG 8032v2co existonaring theringID of each node is configured as 1 In version 1 the MAC address 01 19 A7 00 00 01 is used for the node identifier The R APS Def MAC parameter...

Страница 416: ...ation page The east and west connections to the ring must be specified for all ring nodes When this switch is configured as the RPL owner the west ring port is automatically set as being connected to...

Страница 417: ...guard timer When another recovered ring node or nodes holding the link block receives this message it compares the Node ID information with its own Node ID If the received R APS NR message has the hig...

Страница 418: ...Switch mode is in effect The clear command removes any existing local operator commands and triggers reversion if the ring is in revertive behavior mode The ring node where the Forced Switch was clea...

Страница 419: ...h was blocked as result of an operator command Recovery for Manual Switching A Manual Switch command is removed by issuing the Clear command Configure Operation page at the same ring node where the Ma...

Страница 420: ...he operator issues the Clear command Configure Operation page at the RPL Owner Node this ring node blocks the ring port attached to the RPL transmits an R APS NR RB message over both ring ports inform...

Страница 421: ...irtual channel is not used to cross the intermediate Ethernet network data in the traffic channel will still flow across the network but the all R APS messages will be terminated at the interconnectio...

Страница 422: ...nserted or extracted by other rings or sub rings at the interconnection nodes where a sub ring is attached Hence there is no need for either additional bandwidth or for different VIDs Ring IDs for the...

Страница 423: ...on Sends non standard health check packets when an owner node enters protection state without any link down event having been detected through Signal Fault messages Default Disabled The RPL owner node...

Страница 424: ...old off timer value is non zero Instead the hold off timer will be started When the timer expires whether a defect still exists or not the timer will be checked If one does exist that defect will be r...

Страница 425: ...hat the ring has stabilized before blocking the RPL and returning to the Idle normal operating state WTB Expire The time before the wait to block timer expires WTR Expire The time before the wait to r...

Страница 426: ...onitoring of a ring node specify the CFM MEPs used to monitor both the east and west ports of the ring node If CFM determines that a MEP node which has been configured to monitor a ring port with this...

Страница 427: ...4 Configure the ERPS parameters for this node Note that spanning tree protocol cannot be configured on the ring ports nor can these ports be members of a static or dynamic trunk And the control VLAN m...

Страница 428: ...witch Blocks specified ring port Options West or East A ring with no pending request has a logical topology with the traffic channel blocked at the RPL and unblocked on all other ring links In this si...

Страница 429: ...node having a prior local forced switch request The ring nodes where further forced switch commands are issued block the traffic channel and R APS channel on the ring port at which the forced switch w...

Страница 430: ...d Options West orEast A ring with no request has a logical topology with the traffic channel blocked at the RPL and unblocked on all other ring links In this situation the Manual Switch command trigge...

Страница 431: ...NR messages The ring node keeps the ring port blocked due to the previous manual switch command c An ring node with a local manual switch command that receives an R APS message or a local request of h...

Страница 432: ...ch monitors inbound traffic to see if the frame is looped back Usage Guidelines The default settings for the control frame transmit interval and recover time may be adjusted to improve performance for...

Страница 433: ...ll ports placed in shutdown state can be restored to operation using the Release button To restore a specific port re enable Admin status on the Configure Interface page The recover time is the maximu...

Страница 434: ...ends an SNMP trap message when a loopback condition is detected or when the switch recovers from a loopback condition Detect Sends an SNMP trap message when a loopback condition is detected None Does...

Страница 435: ...to display the loopback operational state and the VLANs which are looped back Parameters These parameters are displayed Port Range 1 52 Trunk Range 1 8 Admin State Operation State Looped VLAN Web Int...

Страница 436: ...Chapter 13 Basic Administration Protocols LBD Configuration 436...

Страница 437: ...rface Configures the interface to drop MLD query packets Overview Multicasting is used to support real time applications such as video conferencing or streaming audio A multicast server does not have...

Страница 438: ...requests passing between multicast clients and servers and dynamically configure the switch ports which need to forward multicast traffic IGMP Snooping conserves bandwidth on network segments where no...

Страница 439: ...ached VLAN or flooded throughout the VLAN if unregistered flooding is enabled see Configuring IGMP Snooping and Query Parameters on page 440 Static IGMP Router Interface If IGMP snooping cannot locate...

Страница 440: ...see Unregistered Data Flooding in the Command Attributes section IGMP Querier A router or multicast enabled switch can periodically ask their hosts if they want to receive multicast traffic If there i...

Страница 441: ...nism is used to delete all of the currently learned multicast channels When a new uplink port starts up the switch sends unsolicited reports for all currently learned channels out the new uplink port...

Страница 442: ...option Unregistered Data Flooding Floods unregistered multicast traffic into the attached VLAN Default Disabled Once the table used to store multicast entries for IGMP snooping and multicast routing...

Страница 443: ...figures the IGMP report query version used by IGMP snooping Versions 1 3 are all supported and versions 2 and 3 are backward compatible so the switch can operate with other devices regardless of the s...

Страница 444: ...MP Snooping must be enabled globally on the switch see Configuring IGMP Snooping and Query Parameters on page 440 before a multicast router port can take effect Parameters These parameters are display...

Страница 445: ...ttached to the multicast router 4 Click Apply Figure 281 Configuring a Static Interface for a Multicast Router To show the static interfaces attached to a multicast router 1 Click Multicast IGMP Snoop...

Страница 446: ...ly assign a multicast service to an interface Multicast filtering can be dynamically configured using IGMP Snooping and IGMP Query messages see Configuring IGMP Snooping and Query Parameters on page 4...

Страница 447: ...on list 3 Select the VLAN that will propagate the multicast service specify the interface attached to a multicast service through an IGMP enabled switch or multicast router and enter the multicast IP...

Страница 448: ...and multicast routing devices MRD is used to discover which interfaces are attached to multicast routers allowing IGMP enabled devices to determine where to send multicast source and group membership...

Страница 449: ...ce is administratively disabled The router is gracefully shut down Advertisement and Termination messages are sent to the All Snoopers multicast address Solicitation messages are sent to the All Route...

Страница 450: ...this time out is set to Last Member Query Interval Robustness Variable fixed at 2 as defined in RFC 2236 If immediate leave is enabled the switch assumes that only one host is connected to the interfa...

Страница 451: ...es sent to downstream hosts and in report and leave messages sent upstream from the multicast router port If a proxy query address is not configured the switch will use the VLAN s IP address as the IP...

Страница 452: ...ing proxy reporting is enabled page 440 or IGMP querier is enabled page 440 Last Member Query Count The number of IGMP proxy group specific or group and source specific query messages that are sent ou...

Страница 453: ...gure and update the required parameters 4 Click Apply Figure 286 Configuring IGMP Snooping on a VLAN To show the interface settings for IGMP snooping 1 Click Multicast IGMP Snooping Interface 2 Select...

Страница 454: ...specified interface If this switch is acting as a Querier this prevents it from being affected by messages received from another Querier Multicast Data Drop Configures an interface to stop multicast...

Страница 455: ...lticast group address Group Address IP multicast group address with subscribers directly attached or downstream from the switch or a static multicast group assigned to this interface Interface A downs...

Страница 456: ...ocal querier is assumed to have expired Self Querier Uptime Time local querier has been up General Query Received The number of general queries received on this interface General Query Sent The number...

Страница 457: ...report leave or query was dropped Packets may be dropped due to invalid format rate limiting packet content not allowed or IGMP group report received Join Success The number of times a multicast group...

Страница 458: ...g and Query for IPv4 458 Figure 290 Displaying IGMP Snooping Statistics Query To display IGMP snooping protocol related statistics for a VLAN 1 Click Multicast IGMP Snooping Statistics 2 Select Show V...

Страница 459: ...gure 291 Displaying IGMP Snooping Statistics VLAN To display IGMP snooping protocol related statistics for a port 1 Click Multicast IGMP Snooping Statistics 2 Select Show Port Statistics from the Acti...

Страница 460: ...le If a requested multicast group is permitted the IGMP join report is forwarded as normal If a requested multicast group is denied the IGMP join report is dropped IGMP throttling sets a maximum numbe...

Страница 461: ...he start and end of the range Parameters These parameters are displayed Add Profile ID Creates an IGMP profile Range 1 4294967295 Access Mode Sets the access mode of the profile either permit or deny...

Страница 462: ...and set its accessmode 5 ClickApply Figure 294 Creating an IGMP Filtering Profile To show the IGMP filter profiles 1 Click Multicast IGMP Snooping Filter 2 Select Configure Profile from the Step list...

Страница 463: ...rmation Figure 297 Showing the Groups Assigned to an IGMP Filtering Profile Configuring IGMP Filtering and Throttling for Interfaces Use the Multicast IGMP Snooping Filter Configure Interface page to...

Страница 464: ...he same time Range 1 1024 Default 1024 Current Multicast Groups Displays the current multicast groups the interface has joined Throttling Action Mode Sets the action to take when the maximum number of...

Страница 465: ...ets include MLDv2 query and report messages as well as MLDv1 report and done messages Remember that IGMP Snooping and MLD Snooping are independent functions and can therefore both function at the same...

Страница 466: ...the multicast groups they have joined Query Max Response Time The maximum response time advertised in MLD general queries Range 5 25 seconds Default 10seconds This attribute controls how long the host...

Страница 467: ...the parent VLAN Default Disabled If MLD immediate leave is not used a multicast router or querier will send a group specific query message when an MLD group leave message is received The router querie...

Страница 468: ...current multicast groups Command Usage MLD Snooping must be enabled globally on the switch see Configuring MLD Snooping and Query Parameters on page 465 before a multicast router port can take effect...

Страница 469: ...3 Select the VLAN for which to display this information Figure 302 Showing Static Interfaces Attached an IPv6 Multicast Router To show all the interfaces attached to a multicast router 1 Click Multica...

Страница 470: ...y be forwarded to ports within that VLAN Parameters These parameters are displayed VLAN Specifies the VLAN which is to propagate the multicast service Range 1 4094 Multicast IPv6 Address The IP addres...

Страница 471: ...3 Select the VLAN for which to display this information Figure 305 Showing Static Interfaces Assigned to an IPv6 Multicast Service To display information about all IPv6 multicast groups MLD Snooping o...

Страница 472: ...ess to a minimum set such that all nodes listening states are respected In Include mode the router only uses the request list indicating that the reception of packets sent to the specified multicast a...

Страница 473: ...lay MLD snooping protocol related statistics Parameters These parameters are displayed Input Interface The unit port or VLAN interface Report The number of MLD membership reports received on this inte...

Страница 474: ...ired Other Querier Uptime Time remote querier has been up Self Querier IP address of local querier on this interface Self Querier Expire Time after which local querier is assumed to have expired Self...

Страница 475: ...membership reports sent from this interface Leave The number of leave messages sent from this interface Received Report The number of MLD membership reports received on this interface Leave The numbe...

Страница 476: ...ber of group specific queries sent from this interface Receive General The number of general queries received on this interface Group Specific The number of group specific queries received on this int...

Страница 477: ...g input related message statistics 1 Click Multicast MLD Snooping Statistics 2 Select Input Figure 308 Displaying MLD Snooping Statistics Input To display MLD snooping output related message statistic...

Страница 478: ...ulticast Filtering MLD Snooping Snooping and Query for IPv6 478 To display MLD query message statistics 1 Click Multicast MLD Snooping Statistics 2 Select Query Figure 310 Displaying MLD Snooping Stat...

Страница 479: ...ping Snooping and Query for IPv6 479 To display MLD summary statistics for a port or trunk 1 Click Multicast MLD Snooping Statistics 2 Select Summary 3 Select a port or trunk Figure 311 Displaying MLD...

Страница 480: ...ing MLD Snooping Snooping and Query for IPv6 480 To display MLD summary statistics for a VLAN 1 Click Multicast MLD Snooping Statistics 2 Select Summary 3 Select a VLAN Figure 312 Displaying MLD Snoop...

Страница 481: ...bles you to assign a profile to a switch port that specifies multicast groups that are permitted or denied on the port An MLD filter profile can contain one or more addresses or a range of multicast a...

Страница 482: ...Step list 3 Enable MLD Filter Status 4 Click Apply Figure 314 Enabling MLD Filtering and Throttling Configuring MLD FilterProfiles Use the Multicast MLD Snooping Filter Configure Profile Add page to c...

Страница 483: ...IPv6 Address Specifies the starting address of a range of multicast groups End Multicast IPv6 Address Specifies the ending address of a range of multicast groups Web Interface To create an MLD filter...

Страница 484: ...ticast groups to an MLD filter profile 1 Click Multicast MLD Snooping Filter 2 Select Configure Profile from the Step list 3 Select Add Multicast Group Range from the Action list 4 Select the profile...

Страница 485: ...the same time Command Usage MLD throttling sets a maximum number of multicast groups that a port can join at the same time When the maximum number of groups is reached on a port the switch can take on...

Страница 486: ...the interface Options True or False Web Interface To configure MLD filtering or throttling for a port or trunk 1 Click Multicast MLD Snooping Filter 2 Select Configure Interface from the Step list 3 S...

Страница 487: ...pecified interface If this switch is acting as a Querier this prevents it from being affected by messages received from another Querier Web Interface To drop IGMP query packets 1 Click Multicast MLD S...

Страница 488: ...488 Chapter 14 Multicast Filtering Filtering MLD Query Packets on an Interface...

Страница 489: ...s or IPv4 IPv6 address of the host Probe Count Number of packets to send Range 1 16 Packet Size Number of bytes in a packet Range 32 512 bytes for IPv4 0 1500 bytes for IPv6 The actual packet size wil...

Страница 490: ...rfaces nodes in different zones RFC 4007 Therefore when specifying a link local address include zone id information indicating the VLAN identifier after the delimiter For example FE80 7272 1 identifie...

Страница 491: ...es the first router to discard the datagram and return an error message The trace function then sends several probe messages at each subsequent TTL level and displays the round trip time for each mess...

Страница 492: ...this way with each routing device mapping the destination IP address to the MAC address of the next hop toward the recipient until the packet is delivered to the final destination If there is no entry...

Страница 493: ...est for a remote network and Proxy ARP is enabled it determines if it has the best route to the remote network and then answers the ARP request by sending its own MAC address to the requesting node Th...

Страница 494: ...g physical address in the ARP cache Command Usage The ARP cache is used to map 32 bit IP addresses into 48 bit hardware that is Media Access Control addresses This cache includes entries for hosts and...

Страница 495: ...rehexadecimalnumbersintheformat xx xx xx xx xx xx or xxxxxxxxxxxx Web Interface To map an IP address to the corresponding physical address in the ARP cache 1 Click Tools ARP 2 Select Configure Static...

Страница 496: ...cache The ARP cache contains static entries and entries for local interfaces including subnet host and broadcast addresses However most entries will be dynamically learned through replies to broadcas...

Страница 497: ...Statistics Received Request Number of ARP Request packets received by the router Received Reply Number of ARP Reply packets received by the router Sent Request Number of ARP Request packets sent by t...

Страница 498: ...Chapter 15 IP Tools Address Resolution Protocol 498...

Страница 499: ...address or direct the switch to obtain an IPv4 address from a BOOTP or DHCP server An IPv6 global unicast or link local address can be manually configured or a link local address can be dynamically g...

Страница 500: ...Mode Specifies whether IP functionality is enabled via manual configuration User Specified Dynamic Host Configuration Protocol DHCP or Boot Protocol BOOTP If DHCP BOOTP is enabled IP will not functio...

Страница 501: ...st 4 Select any configured VLAN set IP Address Mode to User Specified set IP Address Type to Primary if no address has yet been configured for this interface and then enter the IP address and subnet m...

Страница 502: ...to determine the new switch address Renewing DCHP DHCP may lease addresses to clients indefinitely or for a specific period of time If the address expires or the switch is moved to another network seg...

Страница 503: ...e of the subnet A link local address is easy to set up and may be useful for simple networks or basic troubleshooting tasks However to connect to a larger network with multiple segments the switch mus...

Страница 504: ...nfigure Interface page to configure general IPv6 settings for the selected VLAN including auto configuration of a global unicast interface address and explicit configuration of a link local interface...

Страница 505: ...link local address has not yet been assigned to this interface this command will dynamically generate one The link local address is made with an address prefix in the range of FE80 FEBF and a host por...

Страница 506: ...a pending state Duplicate address detection is automatically restarted when the interface is administratively re activated An interface that is re activated restarts duplicate address detection for a...

Страница 507: ...uring that nodes on the same link use the same time value Setting the time limit to 0 means that the configured time is unspecified by this router Restart DHCPv6 When DHCPv6 is restarted the switch ma...

Страница 508: ...Configure Interface from the Action list 3 Specify the VLAN to configure 4 Enable address auto configuration or enable IPv6 explicitly to automatically configure a link local address and enable IPv6...

Страница 509: ...address with a network prefix in the range of FE80 FEBF To connect to a larger network with multiple subnets you must configure a global unicast address There are several alternatives to configuring t...

Страница 510: ...of the address Note that the value specified in the IPv6 Address field may include some of the high order host bits if the specified prefix length is less than 64 bits If the specified prefix length...

Страница 511: ...ss from the Action list 3 Specify the VLAN to configure select the address type and then enter an IPv6 address and prefix length 4 Click Apply Figure 334 Configuring an IPv6 Address Showing IPv6 Addre...

Страница 512: ...assigned IPv6 addresses that differ only in the high order bits e g due to multiple high order prefixes associated with different aggregations will map to the same solicited node address thereby reduc...

Страница 513: ...the neighbor was functioning While in Reachable state the device takes no special action when sending packets Stale More than the ReachableTime interval has elapsed since the last positive confirmati...

Страница 514: ...ugh small packet networks ICMPv6 Internet Control Message Protocol for Version 6 addresses is a network layer protocol that transmits message packets to report errors in processing IPv6 packets ICMP i...

Страница 515: ...agrams Truncated Packets The number of input datagrams discarded because datagram frame didn t carry enough data Discards The number of input IPv6 datagrams for which no problems were encountered to p...

Страница 516: ...this outputinterface Fragment Succeeded The number of IPv6 datagrams that have been successfully fragmented at this output interface Fragment Failed The number of IPv6 datagrams that have been discard...

Страница 517: ...517 Chapter 16 IP Configuration Setting the Switch s IP Address IP Version 6 interface...

Страница 518: ...sages The number of ICMP Packet Too Big messages sent by the interface Time Exceeded Messages The number of ICMP Time Exceeded messages sent by the interface Echo Request Messages The number of ICMP E...

Страница 519: ...519 Chapter 16 IP Configuration Setting the Switch s IP Address IP Version 6 No Port Errors The total number of received UDP datagrams for which there was no application at the destination port...

Страница 520: ...er of received UDP datagrams that could not be delivered for reasons other than the lack of an application at the destination port Output The total number of UDP datagrams sent from thisentity Web Int...

Страница 521: ...521 Chapter 16 IP Configuration Setting the Switch s IP Address IP Version 6 Figure 338 Showing IPv6 Statistics ICMPv6 Figure 339 Showing IPv6 Statistics UDP...

Страница 522: ...ameters are displayed Table 33 Show MTU display description MTU Adjusted MTU contained in the ICMP packet too big message returned from this destination and now used for all traffic sent along thispat...

Страница 523: ...first be configured to work Initial Configuration By default all ports belong to the same VLAN and the switch provides only Layer 2 functionality To segment the attached network first create VLANs for...

Страница 524: ...ding switching based on the Layer 2 destination MAC address Layer 3 forwarding routing Based on the Layer 3 destination address Replacing destination source MAC addresses for each hop Incrementing the...

Страница 525: ...red the packet is reformatted and sent out to the destination The reformat process includes decreasing the Time To Live TTL field of the IP header recalculating the IP header checksum and replacing th...

Страница 526: ...tes have the same lowest cost the first route stored in the routing table will be used Parameters These parameters are displayed Destination IP Address IP address of the destination network subnetwork...

Страница 527: ...is not enabled i e listed in the routing table unless there is at least one active link connected to that interface Command Usage The Forwarding Information Base FIB contains information required to f...

Страница 528: ...ed by using the show ip route database command described in the CLI Reference Guide Parameters These parameters are displayed VLAN VLAN identifier i e configured as a valid IP subnet Destination IP Ad...

Страница 529: ...s into IP addresses by forwarding DNS queries to the switch and waiting for a response You can manually configure entries in the DNS table used for mapping domain names to IP addresses configure defau...

Страница 530: ...S General Add Domain Name page to configure a list of domain names to be tried in sequential order Command Usage Use this page to define a list of domain names that can be appended to incomplete host...

Страница 531: ...s the host name from the domain name Range 1 127 characters Web Interface To create a list domain names 1 Click IP Service DNS 2 Select Add Domain Name from the Action list 3 Enter one domain name at...

Страница 532: ...specified sequence until a response is received or the end of the list is reached with no response If all name servers are deleted DNS will automatically be disabled This is done by disabling the doma...

Страница 533: ...to IP addresses Command Usage Static entries may be used for local devices connected directly to the attached network or for commonly used resources located elsewhere on the network Parameters These p...

Страница 534: ...age Servers or other network devices may support one or more connections via multiple IP addresses If more than one IP address is associated with a host name via information returned from a name serve...

Страница 535: ...of the form single dns label local Any name ending in local is therefore link local and names within this domain are meaningful only on the link where they originate When looking for the given host s...

Страница 536: ...ing Multicast DNS Dynamic Host Configuration Protocol Dynamic Host Configuration Protocol DHCP can dynamically allocate an IP address and other configuration information to network clients when they b...

Страница 537: ...g the vendor class identifier 66 tftp server name a string indicating the tftp server name 67 bootfile name a string indicating the bootfile name By default DHCP option 66 67 parameters are not carrie...

Страница 538: ...DHCP Client Identifier Configuring DHCP Relay Service Use the IP Service DHCP Relay page to configure DHCP relay service for attached host devices If DHCP relay is enabled and this switch sees a DHCP...

Страница 539: ...Configuring Static Routes on page 524 or the IP IPv6Configuration ConfigureGlobal page see ConfiguringtheIPv6Default Gateway on page 503 DHCP relay configuration will be disabled if an active DHCP se...

Страница 540: ...in the CLI Reference Guide By default the parameters for DHCP option 66 67 are not carried by the reply sent from the DHCP server To ask for a DHCP reply with option 66 67 the client can inform the s...

Страница 541: ...539 Appendices This section provides additional information and includes these items Software Specifications on page 541 Troubleshooting on page 545 License Information on page 547...

Страница 542: ...540 Section III Appendices...

Страница 543: ...X 1000 Mbps at full duplex SFP Flow Control Full Duplex IEEE 802 3 2005 Half Duplex Back pressure Storm Control Broadcast multicast or unknown unicast traffic throttled above a critical threshold Port...

Страница 544: ...P Routing ARP CIDR Classless Inter Domain Routing Additional Features BOOTP Client DHCP Client Relay Option 82 DNS Client ERPS EthernetRingProtectionSwitching LLDP Link Layer Discover Protocol RMON Re...

Страница 545: ...k Aggregation Control Protocol LACP Full duplexflowcontrol ISO IEC8802 3 IEEE 802 3ac VLAN tagging ARP RFC 826 DHCP Client RFC 2131 DHCP Relay RFC 951 2132 3046 HTTPS ICMP RFC 792 IGMP RFC 1112 IGMPv2...

Страница 546: ...B RFC 3636 MIB II RFC 1213 NTP RFC 1305 P Bridge MIB RFC 2674P Port Access Entity MIB IEEE 802 1X Port Access Entity Equipment MIB Private MIB Q Bridge MIB RFC 2674Q QinQ Tunneling IEEE 802 1ad Provid...

Страница 547: ...ing Telnet you may have exceeded the maximum number of concurrent Telnet SSH sessions permitted Try connecting again at a latertime If you cannot connect using SSH you may have exceeded the maximum nu...

Страница 548: ...Repeat the sequence of commands or other actions that lead up to the error 7 Make a list of the commands or circumstances that led to the fault Also make a list of any error messages displayed 8 Set...

Страница 549: ...f free software and charge for this service if you wish that you receive source code or can get it if you want it that you can change the software or use pieces of it in new free programs and that you...

Страница 550: ...you distribute or publish that in whole or in part contains or is derived from the Program or any part thereof to be licensed as a whole at no charge to all third parties under the terms of this Lice...

Страница 551: ...s These actions are prohibited by law if you do not accept this License Therefore by modifying or distributing the Program or any work based on the Program you indicate your acceptance of this License...

Страница 552: ...k for permission For software which is copyrighted by the Free Software Foundation write to the Free Software Foundation we sometimes make exceptions for this Our decision will be guided by the two go...

Страница 553: ...und robin service to enforce priority service and prevent blockage of lower level queues Priority may be set according to the port default the packet s priority bit in the VLAN tag TCP UDP port number...

Страница 554: ...at used by IPv6 to identify the host portion of the network address The interface identifier in EUI compatible addresses is based on the link layer MAC address of an interface Interface identifiers us...

Страница 555: ...Spanning Tree Protocol RSTP which reduces the convergence time for network topology changes to about 10 of that required by the older IEEE 802 1D STP standard Now incorporated in IEEE 802 1D 2004 IEE...

Страница 556: ...default but may be configured differently to suit the requirements for specific network applications LACP Link Aggregation Control Protocol Allows ports to automatically negotiate a trunked link with...

Страница 557: ...group NTP Network Time Protocol provides the mechanisms to synchronize time across the network The time servers operate in a hierarchical master slave configuration in order to synchronize local clock...

Страница 558: ...based on periodic updates from a Network Time Protocol NTP server Updates can be requested from a specific NTP server or can be received via broadcasts sent by NTP servers SSH Secure Shell is a secure...

Страница 559: ...w or just unnecessary UTC Universal Time Coordinate UTC is a time scale that couples Greenwich Mean Time based solely on the Earth s rotation rate with highly accurate atomic time The UTC does not hav...

Страница 560: ...Glossary 558...

Страница 561: ...6 Standard 280 286 MAC 281 290 time range 405 Address Resolution Protocol See ARP address table 171 aging time 173 aging time displaying 173 aging time setting 173 ARP configuration 493 description 49...

Страница 562: ...ted Code Point Service See DSCP Differentiated Services See DiffServ DiffServ 219 binding policy to interface 226 class map 220 classifying QoS traffic 220 configuring 219 policy map 223 policy map de...

Страница 563: ...file 461 482 483 filtering throttling enabling 460 482 filtering throttling interface configuration 463 485 filtering throttling status 460 482 groups displaying 447 Layer 2 438 query 440 snooping 438...

Страница 564: ...ing 358 359 remote port information displaying 351 timing attributes configuring 339 TLV 339 342 TLV management address 342 TLV port description 342 TLV system capabilities 342 TLV system description...

Страница 565: ...hentication 260 secure MAC information 264 STA 197 PoE time range 405 policy map DiffServ 223 port authentication 300 port priority configuring 209 default ingress 209 STA 192 port security configurin...

Страница 566: ...564 Index s ele cti ng DS CP Co S 21 4 Qu ali ty of Se rvi ce Se e Qo S query interval IGMP snooping 451 query response interval IGMP snooping 452...

Страница 567: ...eneral measures 235 serial port configuring 87 sFlow 138 configuring receiver 139 datagram version 140 destination 139 maximum datagram 140 polling 141 receiver socket 140 receiver timeout 139 samplin...

Страница 568: ...runk configuration 115 LACP 119 static 116 Type Length Value See LLDP TLV U unknown unicast storm threshold 207 unregistered data flooding IGMP snooping 442 upgrading software 69 user account 253 user...

Страница 569: ...567 Index web interface access requirements 43 configuration buttons 46 menu list 47 panel display 46...

Страница 570: ...568 Index E062017 ST R01...

Отзывы:

Нет отзывов

Похожие инструкции для GEL-5261

Бренд: S&C Страницы: 26

Бренд: S&C Страницы: 37

Бренд: S&C Страницы: 28

Бренд: IBM Страницы: 44

BNI IOL-314-S52-P012

Бренд: Balluff Страницы: 22

Бренд: 6TL Страницы: 25

Бренд: rako Страницы: 4

Бренд: DAITEM Страницы: 37

3C63100-AC-C - PathBuilder S600...

Бренд: 3Com Страницы: 232

ETHERLINE ACCESS U04TP01T

Бренд: LAPP Страницы: 16

Бренд: Hamlet Страницы: 2

Бренд: T1V Страницы: 2

Бренд: GeoVision Страницы: 7

Бренд: Canoga Perkins Страницы: 7

Бренд: GarrettCom Страницы: 77

Бренд: Versitron Страницы: 46

Бренд: Sven Страницы: 4

Бренд: Icy Box Страницы: 12

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды