Instruction Manual

ManualsBrandsAsus ManualsCommunicationGigaX3112

GigaX3112 Series

User Manual

Layer 3 Managed Switch

Summary of content (118 pages)

PAGE 1
GigaX3112 Series Layer 3 Managed Switch User Manual
PAGE 2
E2460 Second Edition V2 February 2006 Copyright © 2006 ASUSTeK COMPUTER INC. All Rights Reserved. No part of this manual, including the products and software described in it, may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means, except documentation kept by the purchaser for backup purposes, without the express written permission of ASUSTeK COMPUTER INC. (ASUS).
PAGE 3
GigaX3112 Series Layer 3 Managed Switch Federal Communications Commission Statement This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: • This device may not cause harmful interference, and • This device must accept any interference received including interference that may cause undesired operation. This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules.
PAGE 4
GigaX3112 Series Layer 3 Managed Switch ASUS contact information ASUSTeK COMPUTER INC. (Asia-Paciﬁc) Address Telephone Web site Technical Support Telephone Support fax 150 Li-Te Road, Peitou, Taipei, Taiwan 112 +886-2-2894-3447 www.asus.com.
PAGE 5
GigaX3112 Series Layer 3 Managed Switch Table of contents 1 Introduction ......................................................................... 1 1.1 L2/L3 managed switching features............................................. 1 1.2 Conventions used in this document ........................................... 3 1.2.1 Notations ....................................................................................... 3 1.2.2 Typography ......................................................................
PAGE 6
GigaX3112 Series Layer 3 Managed Switch 4.2.2 Commonly used buttons and icons ............................................. 17 4.3 System pages ........................................................................... 18 4.3.1 Management................................................................................ 18 4.3.2 IP Setup ....................................................................................... 18 4.3.3 Reboot .....................................................................
PAGE 7
GigaX3112 Series Layer 3 Managed Switch 4.6.2 Static Route ................................................................................. 38 4.6.3 RIP............................................................................................... 38 4.6.3.1 Basic ................................................................................... 38 4.6.3.2 Passive Interface ................................................................ 39 4.6.3.3 RIP Version .............................................
PAGE 8
GigaX3112 Series Layer 3 Managed Switch 4.9.4.1 Port Conﬁguration ............................................................... 57 4.9.4.2 Port Status .......................................................................... 58 4.9.4.3 Secure MAC Address.......................................................... 59 4.10 Trafﬁc chart............................................................................... 60 4.10.1 Trafﬁc comparison ...................................................................
PAGE 9
GigaX3112 Series Layer 3 Managed Switch 5.3.3.9 System Contact .................................................................. 68 5.3.3.10 System Location ................................................................. 68 5.3.3.11 IP Address and Network Mask ............................................ 69 5.3.3.12 Default Gateway ................................................................. 69 5.3.3.13 reboot .................................................................................. 69 5.
PAGE 10
GigaX3112 Series Layer 3 Managed Switch 5.3.7 OSPF .......................................................................................... 73 5.3.7.1 router ospf ........................................................................... 73 5.3.7.2 router-id ............................................................................... 74 5.3.7.3 area ..................................................................................... 74 5.3.8 Multicast Route ...........................................
PAGE 11
GigaX3112 Series Layer 3 Managed Switch 5.3.14.2 no mac-address-table multicast .......................................... 78 5.3.14.3 show mac-address-table multicast ...................................... 78 5.3.15 IGMP Snooping .......................................................................... 78 5.3.15.1 default ip igmp snooping ..................................................... 78 5.3.15.2 ip igmp snooping ................................................................. 78 5.3.15.
PAGE 12
GigaX3112 Series Layer 3 Managed Switch 5.3.20.5 show gvrp statistics ............................................................. 82 5.3.21 CoS/QoS .................................................................................... 82 5.3.21.1 queue cos-map ................................................................... 82 5.3.21.2 show queue cos-map .......................................................... 82 5.3.21.3 qos mode ........................................................................
PAGE 13
GigaX3112 Series Layer 3 Managed Switch 5.3.27 Port Security ............................................................................... 87 5.3.27.1 show port security ............................................................... 87 5.3.27.2 clear port security ................................................................ 87 5.3.27.3 switchport port-security ....................................................... 87 5.3.27.4 switchport port-security aging ...........................................
PAGE 14
GigaX3112 Series Layer 3 Managed Switch 1 Introduction Congratulations on becoming the owner of the ASUS GigaX3112(F) L3 managed switch! You may now manage your LAN (local area network) through a friendly and powerful user interface. This user guide tells you how to set up the GigaX3112(F) L3 managed switch, and how to customize its conﬁguration to get the most out of this product. 1.
PAGE 15
GigaX3112 Series Layer 3 Managed Switch • Inter VLAN Routing • RIP v1 and v2 • OSPFv2 • Static route management • VRRP • DVMRP • PIM-DM • RMON: support 4 groups (1, 2, 3, 9) • SNMP v1, v2, v3 • MIB-II • Enterprise MIB for PSU, fan, and system temperature, voltage • Telnet/SSH remote login • TFTP for ﬁrmware update and conﬁguration backup • Cisco Like CLI • Web GUI • LEDs for port link status • LEDs system, redundant power supply (RPS), and fan status 2
PAGE 16
GigaX3112 Series Layer 3 Managed Switch 1.2 Conventions used in this document 1.2.1 Notations • Acronyms are deﬁned the ﬁrst time they appear in text and in the glossary. • For brevity, the GigaX3112(F) switch is referred to as “the switch.” • The terms LAN and network are used interchangeably to refer to a group of Ethernet-connected computers at one site. • The illustrations and web interface screens refer to both the GigaX 3112 and GigaX 3112F models, except otherwise indicated. 1.2.
PAGE 17
GigaX3112 Series Layer 3 Managed Switch 2 Getting to know the GigaX3112(F) 2.
PAGE 18
GigaX3112 Series Layer 3 Managed Switch 2.2 Front panel The front panel includes LED indicators and system console. LED indicators show the system, RPS, fan, and port status. Figure 2. Front panel (GigaX 3112) Table 1. Front panel labels and LEDs No.
PAGE 19
GigaX3112 Series Layer 3 Managed Switch No. Label Color Status Description 6 Duplex status Green ON Full duplex Amber ON Simplex 7 Console USB USB port for console 8 Console RS232 RS-232 serial port for console 2.3 Rear panel The switch rear panel contains the swappable fans and power connections. Figure 3. Rear panel Table 2. Rear panel labels 6 No.
PAGE 20
GigaX3112 Series Layer 3 Managed Switch 2.4 Technical speciﬁcations Table 3. Technical speciﬁcations Physical Dimensions 43.5mm(H) X 444 mm(W) X 322mm(D) Power Input Consumption 100-240V AC/2.5A 50-60Hz < 65 watts Input Output 100-240V AC/1.8A 50-60Hz 12V DC/12.
PAGE 21
GigaX3112 Series Layer 3 Managed Switch 3 Quick Start Guide This section provides the basic instructions to set up the GigaX environment. Refer also to the GigaX Series Installation Guide. Part 1 shows you how to install the GigaX on a ﬂat surface or on a rack. Part 2 provides instructions to set up the hardware. Part 3 shows you how to conﬁgure basic settings on the GigaX.
PAGE 22
GigaX3112 Series Layer 3 Managed Switch 3.2.2 Connect to the computers or a LAN You can use Ethernet cable to connect computers directly to the switch ports. You can also connect hubs/switches to the switch ports by Ethernet cables. You can use either the crossover or straight-through Ethernet cable to connect computers, hubs, or switches. Use a twisted-pair Category 5 Ethernet cable to connect the 1000BASE-T port. Otherwise, the link speed can not reach 1Gbps. Note 3.2.
PAGE 23
GigaX3112 Series Layer 3 Managed Switch Table 4. LED Indicators No. LED Description 1 System Solid green indicates that the device is turned on. If this light is off, check if the power adapter is attached to the switch and plugged into a power source. 2 Switch ports Solid green indicates that the device can communicate with the LAN, or ﬂashing when the device is sending or [1] to [12] receiving data from your LAN computer.
PAGE 24
GigaX3112 Series Layer 3 Managed Switch The default user name is “admin” without password. Note You can change the password at any time through CLI (see section 5.31). To protect your switch from unauthorized access, you must change the default password as soon as possible. Follow these steps to assign an IP address to the switch: Type “enable”. Type “conﬁgure terminal”, new prompt is “ASUS(conﬁg)#”. Type “interface vlan 1”, the prompt is “ASUS (conﬁg-if)#”.
PAGE 25
GigaX3112 Series Layer 3 Managed Switch 3.3.2 Setting up through the web interface To successfully connect your PC to the switch, your PC must have a valid IP in your network. Contact your network administrator to obtain a valid IP for the switch. If you wish to change the default IP address of the switch, follow section 3.3.1 to change the IP address. If Java Runtime Environment is not installed on your PC, Your PC will automatically downloads and installs it.
PAGE 26
GigaX3112 Series Layer 3 Managed Switch To setup a new IP address, click “System”, select IP Setup. Fill in the IP address, network mask and default gateway, then click OK. If your new address is different from the default, the browser wonʼt be able to update the switch status window or retrieve any page. This is normal. You have to retype the new IP address in the address/location box, and press . The WEB link returns. A login window appears immediately after you click OK.
PAGE 27
GigaX3112 Series Layer 3 Managed Switch 4 Management with the web interface The switch provides Web pages that allow switch management through the Internet. The program is designed to work best with Microsoft Internet Explorer® 6.0, or later versions. 4.1 Log into web user interface From a PC, open your web browser, type the following in the web address (or location) box, and press : http://192.168.1.1 This is the factory default IP address for the switch.
PAGE 28
GigaX3112 Series Layer 3 Managed Switch Figure 9. Home page (GigaX 3112F) 4.2 Functional layout Typical web page consists of three separate frames. The top frame has a switch logo and front panel as shown in Figures 10 and 11. This frame remains on the top of the browser window all the times and updates the LED status periodically. See Table 4 for the LED deﬁnitions. See Table 5 for the color status description. Figure 10. Top frame (GigaX 3112F) Figure 11. Top frame (GigaX 3112) Figure 12.
PAGE 29
GigaX3112 Series Layer 3 Managed Switch Figure 13. Selection Panel (GigaX 3112) Table 5. Port color description Port Color Description Green port Ethernet link is established Black No Ethernet link Amber port Link is present but port is disabled manually or by spanning tree Clicking on the port icon of the switch displays the port conﬁguration in the lower right frame. The left frame, a menu frame as shown in Figure 14, contains all the features available for switch conﬁguration.
PAGE 30
GigaX3112 Series Layer 3 Managed Switch The right frame displays conﬁguration pages or graphics for the statistics. See section 4.3 for details. 4.2.1 Menu navigation tips • To expand a contracted group of related menus, click on the corresponding group. • To contract an expanded group of related menus: click on the corresponding group name. • To open a speciﬁc conﬁguration page, click on the desired menu item. 4.2.
PAGE 31
GigaX3112 Series Layer 3 Managed Switch 4.3 System pages System pages include Management, IP Setup, Reboot, and Firmware Update function. 4.3.1 Management The Management page contains the following information: Model Name: product name MAC Address: switch MAC address System Name: user assigned name to identify the system (editable) System Contact (editable) System Location (editable) To save any changes and make it effective immediately, click OK.
PAGE 32
GigaX3112 Series Layer 3 Managed Switch Figure 16. IP Setup page 4.3.3 Reboot The Reboot page contains a Reboot button. Clicking the button reboots the system. Warning 4.3.4 Rebooting the system stops the network traffic and terminates the Web interface connection. Firmware upgrade The Firmware page contains the following information: Hardware Version: shows the hardware revision number.
PAGE 33
GigaX3112 Series Layer 3 Managed Switch Figure 17. Firmware upgrade page 4.4 Physical interface The Physical Interface displays the Ethernet port status in real time. You can conﬁgure the port in following ﬁelds in Interface Conﬁguration Window: Port: select the port to conﬁgure Status: disable/enable the port Mode: set the speed and duplex mode Flow Control: enable/disable 802.
PAGE 34
GigaX3112 Series Layer 3 Managed Switch Figure 18. Physical interface 1 Figure 18. Physical interface 2 4.5 Bridge The Bridge page group contains most layer 2 configurations, like link aggregation, STP, etc. 4.5.1 Spanning tree The page conﬁgures three types of Spanning Tree Protocol. 4.5.1.1 STP Status The ﬁrst page “STP Status” can disable or enable STP. There are three modes STP, RSTP and MSTP can be enabled.
PAGE 35
GigaX3112 Series Layer 3 Managed Switch Figure 20. Spanning tree – STP Satus 4.5.1.2 Current Roots It shows the information of current root bridge which include MAC Address of root bridge Priority of root bridge Maximum age of root bridge Hello timer of root bridge Forwarding delay timer of root bridge Path cost of root bridge Figure 21.
PAGE 36
GigaX3112 Series Layer 3 Managed Switch 4.5.1.
PAGE 37
GigaX3112 Series Layer 3 Managed Switch Edge Port: An edge port is the same as a Port Fast-enabled port, and you should enable it only on ports that connect to a single end station. Click OK to effect the settings. Click Reload to refresh the settings to current value. Figure 23. Spanning tree – Port Parameters 4.5.2 Link aggregation static The page conﬁgures the link aggregation static group (port trunking). The switch provides maximum 32 link aggregation groups.
PAGE 38
GigaX3112 Series Layer 3 Managed Switch • All the ports in the link aggregation group MUST operate in fullduplex mode at the same speed. Note • All the ports in the link aggregation group MUST be conﬁgured in auto-negotiation mode or full duplex mode. This conﬁguration will make the full duplex link possible. If you set the ports in full duplex force mode, then the link partner MUST have the same setting. Otherwise the link aggregation could operate abnormally.
PAGE 39
GigaX3112 Series Layer 3 Managed Switch 4.5.3 LACP The page configures the LACP group (port trunking). The switch provides maximum 32 link aggregation groups and up to 8 ports per group. This maximum can be achieved on stacking conﬁguration. For standalone GX3112 or GX3112F, the maximum group is 6 since it supplies 12 ports only.The feature supplies ﬁve statistics for veriﬁcation.
PAGE 40
GigaX3112 Series Layer 3 Managed Switch 4.5.4 Mirroring Mirroring, together with a network traffic analyzer, helps you monitor network trafﬁcs. You can monitor the selected ports for egress or ingress packets. Mirror: Selects the mirrored port from selection panel. The selected port can be mirrored for Ingress, Egress or Both of trafﬁc. Mirror Mode: Enables or disables the mirror function for the selected group. Stack ID: For standalone switch, only ID 1 is available.
PAGE 41
GigaX3112 Series Layer 3 Managed Switch 4.5.5 Static multicast This page can add multicast addresses into the multicast table. The switch can hold up to 256 multicast entries. All the ports in the group will forward the speciﬁed multicast packets to other ports in the group. Port: selects the port from selection panel.
PAGE 42
GigaX3112 Series Layer 3 Managed Switch Last Member Query Interval: Without Immediate Leave, when the switch receives an IGMP leave message from a subscriber on a receiver port, it sends out an IGMP query on that port and waits for IGMP group membership reports. If no reports are received in a conﬁgured time period, the receiver port is removed from multicast group membership. The second part provides the following settings, Status: If global snooping is enabled, you can enable or disable VLAN snooping.
PAGE 43
GigaX3112 Series Layer 3 Managed Switch 4.5.7 Trafﬁc control Traffic control prevents the switch bandwidth from flooding packets including broadcast packets, multicast packets and the unicast packets because of destination address lookup failure. The limit number is a threshold to limit the total number of the checked type packets. For example, if broadcast and multicast are enabled, the total trafﬁc amount for those two types will not exceed the limit value.
PAGE 44
GigaX3112 Series Layer 3 Managed Switch Figure 30. Dynamic address 4.5.9 Static addresses You can add a MAC address into the switch address table. The MAC address added by this way will not age out from the address table. We call it static address. MAC Address: enter the MAC address VLAN ID: enter the VLAN ID that the MAC belongs Stack ID: For standalone switch, only ID 1 is available.
PAGE 45
GigaX3112 Series Layer 3 Managed Switch 4.5.10 VLAN Conﬁguration You can set up to 4094 VLAN groups and show VLAN group in this page. VLAN1 is a default VLAN, which is created by system. It cannot be removed at all. This feature prevents the switch from malfunctions. You can remove any existed VLAN except the VLAN1. You can assign the port to be a tagged port or an untagged port by toggling the port button.
PAGE 46
GigaX3112 Series Layer 3 Managed Switch 4.5.11 GVRP Generic Attribute Registration Protocol (GARP) VLAN Registration Protocol (GVRP) is an application deﬁned in the IEEE 802.1Q standard that allows for the control of VLANs. GVRP will run only on 802.1Q trunk ports and is used primarily to prune trafﬁc from VLANs that does not need to be passed between trunking switches. There are some parameters to conﬁgure GVRP: GVRP Enable: By default GVRP is not enabled for the switch.
PAGE 47
GigaX3112 Series Layer 3 Managed Switch Figure 34. GARP 4.5.12 QoS and CoS 4.5.12.1 802.1p Priority Eight egress queues on all switch ports. These queues can either be conﬁgured with the Weighted Round Robin (WRR) scheduling algorithm or conﬁgured with one queue as a strict priority queue and the other queues for WRR. The strict priority queue must be empty before the other queues are serviced. You can use the strict priority queue for mission-critical and time-sensitive trafﬁc.
PAGE 48
GigaX3112 Series Layer 3 Managed Switch Figure 35. 802.1p Priority 4.5.12.2 CoS queue mapping The switch supports eight egress queues for each port with a strict priority scheduler. That is, each CoS value can map into one of the eight queues. The queue eight has the highest priority to transmit the packets. Click OK to save the conﬁguration. To make the conﬁguration effective, go to the “Save Conﬁguration” page, then click Save.The CoS values range from 0 for low priority to 7 for high priority.
PAGE 49
GigaX3112 Series Layer 3 Managed Switch 4.5.12.3 QoS Bandwidth Some VLAN tag related ﬁeld settings for each port are included in this page. It includes: Port: Select a port from list window to conﬁgure Ingress Bandwidth: Maximum ingress bandwidth for selected port Egress Bandwidth: Maximum egress bandwidth for selected port Default CoS: every untagged packet received from this port will be assigned to this CoS value in the VLAN tagged Click on Modify to change the content in the port list window.
PAGE 50
GigaX3112 Series Layer 3 Managed Switch Mask: Interface Subnet mask MAC: Mac address of this interface Status: up/down status of this interface DHCP IP Helper Addr: The DHCP Helper Address is the IP address of your DHCP server. Select the corresponding interface and conﬁgure the interface parameters then click on the button. The ﬁeld you changed will update the content in the display window. To save any changes and make it effective immediately, click . Use to refresh the setting.
PAGE 51
GigaX3112 Series Layer 3 Managed Switch 4.6.2 Static Route This function is used to add a routing entry into the switch routing table. The routing entry added by this way will never be deleted by system. We call it static route. Following parameters must be input Destination: Input destination ip address. Netmask: Input subnet mask of the destination. Gateway IP: Input gateway ip address. Metric: Input metric (1-15).
PAGE 52
GigaX3112 Series Layer 3 Managed Switch RIP is: Used to enable/disable RIP function for a speciﬁc L3 interface Figure 40. RIP Conﬁguration 4.6.3.2 Passive Interface If an interface neednʼt receive and forward routing updates, you should disable the sending of routing updates on it. The particular subnet will continue advertise other interfaces of routing updates. And routing updates from other routers on that interface continue to be received and processed.
PAGE 53
GigaX3112 Series Layer 3 Managed Switch Figure 42. RIP Version 4.6.4 OSPF This function is used to conﬁgure OSPF routing protocol. Clicking conﬁguration of Interfaces and Virtual Link. 4.6.4.1 will enable Basic You can use OSPF basic command to add L3 interface to speciﬁc OSPF area.
PAGE 54
GigaX3112 Series Layer 3 Managed Switch 4.6.4.
PAGE 55
GigaX3112 Series Layer 3 Managed Switch 4.6.4.
PAGE 56
GigaX3112 Series Layer 3 Managed Switch When setting IGMP, select the corresponding interface to conﬁgure parameters then click on the Modify button. The ﬁeld you changed will update the content in the display window. To save any changes and make it effective immediately, click OK. Use Reload to refresh the setting. Figure 46. M-Route Conﬁguration 4.6.5.2 DVMRP This function is used to conﬁgure DVMRP. Network DVMRP is: Enable or disable DVMRP for speciﬁc network.
PAGE 57
GigaX3112 Series Layer 3 Managed Switch 4.6.5.3 PIM-DM This function is used to conﬁgure PIM-DM. Status: Enable or disable PIM-DM for speciﬁc interface. Select the corresponding interface to configure parameters then click on the Modify button. The field you changed will update the content in the display window. To save any changes and make it effective immediately, click OK. Use Reload to refresh the setting. The system only support PIM-DM version 2.
PAGE 58
GigaX3112 Series Layer 3 Managed Switch Virtual IP: Virtual IP address. It can be any one IP address which belongs to the vlan to be managed. In general case, it can be the same as interface IP address and you expect to act as master router. Priority: Virtual router priority. Range 1 to 254, default 100. Higher value means higher priority. Priority value to be used by this VRRP router in Master election for this virtual router.
PAGE 59
GigaX3112 Series Layer 3 Managed Switch 4.7 SNMP This group offers the SNMP configuration including Community Table, Host Table, and Trap Setting 4.7.1 Community table You can type different community names and specify whether the community has the privilege to do set action (write access) by checking the box. Click OK to save the conﬁguration permanently or Reload to refresh the page. Figure 50. Community table 4.7.
PAGE 60
GigaX3112 Series Layer 3 Managed Switch 4.7.3 Trap setting By setting trap destination IP addresses and community names, you can enable SNMP trap function to send trap packets in different versions (v1 or v2c). Click OK to save the conﬁguration permanently or Reload to refresh the page. Figure 52. Trap setting 4.7.4 SNMPv3 VGU Table Thereʼre two articles presenting the new security features deﬁned by SNMPv3.
PAGE 61
GigaX3112 Series Layer 3 Managed Switch Figure 53. SNMPv3 VGU Table 1 4.7.4.2 VACM Group VACM Group is used to conﬁgure the information of SNMPV3 VACM Group. Group Name: enter the security group name. Read View Name: enter the Read View Name that the Group belongs. The related SNMP messages are Get,GetNext,GetBulk. Write View Name: enter the Write View Name that the Group belongs. The related SNMP message is Set. Notify View Name: enter the Notify View Name that the Group belongs.
PAGE 62
GigaX3112 Series Layer 3 Managed Switch Figure 54. SNMPv3 VGU Table 2 4.7.4.3 USM User USM User is used to conﬁgure the information of SNMPV3 USM User. User Name: User name of a speciﬁc security group Group Name: enter the security group name Auth Protocol: enter the Auth Protocol that SNMP User and Security Group belong. Only NoAuth ,MD5, SHA1 can be chosen. If the NoAuth is chosen, there is no need to enter password. Auth Password: enter the password that the Auth Protocol belongs.
PAGE 63
GigaX3112 Series Layer 3 Managed Switch Figure 55. SNMPv3 VGU Table 3 4.8 Filter pages The switch can ﬁlter certain trafﬁc types according to packet header information from Layer 2 to Layer 4. Each ﬁlter set includes a couple of rules. You have to attach the ﬁlter set to certain ports to make the ﬁlter work. 4.8.1 Filter set The switch deﬁnes two modes of rules, one is MAC mode and the other is IP mode. Only the same mode of rules can bundle together to form a filter set.
PAGE 64
GigaX3112 Series Layer 3 Managed Switch Figure 56. Filter Set The Filter Rule page provides options for rule modes, one is MAC rule and the other is IP rule. If you did not enter the MAC address in the blank box, it means the rule donʼt care the MAC value. In IP rule setup, you can enter any of the 5 types: source IP, destination IP, protocol, source application port and destination application port. The Action ﬁeld determines if the packet should be dropped or forwarding when it matches the rule.
PAGE 65
GigaX3112 Series Layer 3 Managed Switch Figure 58. Filter rule in IP mode Two examples tell us about the how of IP provisioning: Note 1. Assign a dedicated IP Type = subnet IP = 10.10.1.2 Wildcard = 0.0.0.0 2. Assign a subnet (a group of IP) Type = subnet IP = 10.10.1.0 Wildcard = 0.0.0.255 4.8.2 Filter attach A ﬁlter set is idle if you did not attach it to any ingress port. Use the Filter Attach page to attach a ﬁlter set to ingress ports. Click OK to save the conﬁguration.
PAGE 66
GigaX3112 Series Layer 3 Managed Switch Once the filter set is attached to the ingress ports, it will filter the packets according to the ingress port and the packet ﬁelds in the rules. For example, a set with a single rule to filter out destination MAC address 00:10:20:30:40:50 is attached to ingress port 3. A packet with destination MAC 00:10:20:30:40:50 from port 3 is not permitted. Figure 59. Filter attach (GigaX 3112F) 4.9 Security The switch supports the 802.1x port-based security feature.
PAGE 67
GigaX3112 Series Layer 3 Managed Switch Authentication Control: If “ForceAuthorized” is selected, the selected port is forced authorized. Thus, traffic from all hosts is allowed to pass. Otherwise, if “ForceUnauthorized” is selected, the selected port is blocked and no traffic can go through. If “Auto” is selected, the behavior of the selected port is controlled by 802.1x protocol. All ports should be set to “Auto” under normal conditions.
PAGE 68
GigaX3112 Series Layer 3 Managed Switch Figure 60. Port Access Control 4.9.2 Dial-In User Dial-in User is used to deﬁne users in the local database of the switch. User Name: New user name. Password: Password for the new user. Conﬁrm Password: Enter the password again. Vlan ID: Specify the VLAN ID assigned to the 802.1x-authenticated clients. Please click Add to add the new user. Click Modify when youʼre done with the modiﬁcations. Click Remove when you want to remove the selected user.
PAGE 69
GigaX3112 Series Layer 3 Managed Switch Figure 61. Dial-In user 4.9.3 RADIUS In order to use external RADIUS server, the following parameters are required to be setup: Authentication Server IP: The IP address of the RADIUS server. Authentication Server Port: The port number for the RADIUS server is listening to. Authentication Server Key: The key is used for communications between GigaX and the RADIUS server. Conﬁrm Authentication Key: Re-type the key entered above.
PAGE 70
GigaX3112 Series Layer 3 Managed Switch Figure 62. RADIUS 4.9.4 Port Security The switch also supports port security feature. It enables a systemʼs administrator to control who can connect to their network. You can use the port security feature to restrict input to an interface by limiting and identifying MAC addressed of the stations allowed to access the port. When you assign secure MAC addresses to a secure port, the port does not forward with source addresses outside the group of deﬁned addresses.
PAGE 71
GigaX3112 Series Layer 3 Managed Switch Aging Time: The aging time for this port. After the expiration of the time, the corresponding dynamic secure MAC address will be removed from secure MAC address table. The valid range is 0 to 1440(mins). If the time is equal to 0, the aging mechanism is disabled for this port. Aging Type: The aging type determines the action when the secure MAC addresses are aged out.
PAGE 72
GigaX3112 Series Layer 3 Managed Switch When some port status is “Shutdown”, you can click it and select “Re-Start” to “Yes”. It will restart the port and change status to “SecureUp”. Please click when youʼre done with the modiﬁcation. Click OK to make the settings permanent. Click Reload to refresh the settings to current value. Figure 64. Port Status 4.9.4.3 Secure MAC Address Secure MAC Address offers three functions for user management: Query: You can select a port by “Port Selection” field.
PAGE 73
GigaX3112 Series Layer 3 Managed Switch 4.10 Trafﬁc chart The Statistics Chart pages provide network flow in different charts. You can specify the period time to refresh the chart. You can monitor the network trafﬁc amount in different graphic chart by these pages. Most MIB-II counters are displayed in these charts. Click Auto Refresh to set the period for retrieving new data from the switch. You can differentiate the statistics or ports by selecting Color.
PAGE 74
GigaX3112 Series Layer 3 Managed Switch Figure 67. Error Group Chart 4.10.3 Historical status You can display information for different ports and statistics items in this chart. Since this shows the history of the statistics information, the line chart keeps the old data even it is refreshed. Figure 68.
PAGE 75
GigaX3112 Series Layer 3 Managed Switch 4.11 Save conﬁguration Click OK to make the settings permanent.The setting also takes effective after a successful save. Sometimes you may want to reset the switch conﬁguration, you can click on to reset the configuration file to factory default. Of course, a system reboot will follow this restoration process. You will lose all the conﬁgurations when you choose to restore the factory default conﬁgurations. Note Figure 69.
PAGE 76
GigaX3112 Series Layer 3 Managed Switch 5 Console interface This chapter describes how to use console interface to conﬁgure the switch. The switch provides RS232 and USB connectors to connect your PC. Use a terminal emulator on your PC such as HyperTerminal and command line interpreter to conﬁgure the switch. You have to set up the terminal emulator with baud rate 9600, 8 bit data, no parity, and 1 stop bit, and no ﬂow control.
PAGE 77
GigaX3112 Series Layer 3 Managed Switch Figure 71. Boot ROM command mode 5.1.2 Boot ROM commands The followings are two types of boot ROM commands, • “command”: The current settings will be displayed. • “command” with new setting: The current setting will be replaced by speciﬁed new setting. Table 7.
PAGE 78
GigaX3112 Series Layer 3 Managed Switch Command Parameters Usage Notes bdinfo none none print Board Info structure echo string none echo the string to console ethaddr none none get MAC address gatewayip IP address xxx.xxx.xxx.xxx set gateway IP address go none none boot ﬁrmware image ? or help none none print online help imls none none list all images found in ﬂash ipaddr IP address xxx.xxx.xxx.
PAGE 79
GigaX3112 Series Layer 3 Managed Switch 5.3 CLI commands The switch provides CLI commands for all managed functions. You can follow the instructions and set up the switch correctly as easily as using WEB interface to conﬁgure the switch. Always use “?” or “list” to get the available commands list and help. Note 5.3.1 5.3.1.1 Always use “end” to get back to the root directory(enable mode). User account Add user Add a new user or modify an existing userʼs password.
PAGE 80
GigaX3112 Series Layer 3 Managed Switch 5.3.3 5.3.3.1 System Management Conﬁguration Firmware upgrade Upgrading new ﬁrmware into switch. CLI Syntax: archive download-sw /overwrite tftp: ImageFile Example: ASUS# archive download-sw /overwrite tftp:192.168.1.3/ 3112single.img Note 5.3.3.2 Note: We strongly recommend you to backup “startup-config” before upgrading. conﬁgure terminal Use the write conﬁguration command on the switch to conﬁguration.
PAGE 81
GigaX3112 Series Layer 3 Managed Switch 5.3.3.7 help This command lists all of the command of the operation mode. CLI Syntax: list Example: ASUS# list Example: ASUS# ? 5.3.3.8 Host name Displays the given name of the switch. This is an RFC-1213 deﬁned MIB object in System Group, and provides administrative information on the managed node. CLI Syntax: hostname WORD Example: (conﬁg)# hostname Switch If you put a name in the name description ﬁeld, the switch system name changes to the new one. 5.3.3.
PAGE 82
GigaX3112 Series Layer 3 Managed Switch Figure 72. SYS commands 5.3.3.11 IP Address and Network Mask Displays the IP address for the switch. This IP address is used for manageable purpose, i.e.; network applications such as, http server, SNMP server, tftp server, ssh and telnet server of the switch are all using this IP address in interface vlan1. CLI Syntax: ip address A.B.C.D/M Example: (conﬁg)# interface vlan 1 (conﬁg-if)# ip address 192.168.20.121/24 5.3.3.
PAGE 83
GigaX3112 Series Layer 3 Managed Switch 5.3.3.16 write memory Use the write file configuration command on the switch stack or standalone switch to write conﬁguration to the ﬁle. CLI Syntax: write memory Example: ASUS# write memory 5.3.3.17 Assign a new user account Add a user, which is named tony and its password is tony123456 CLI Syntax: add user WORD WORD Example: add user tony tony123456 5.3.3.18 Delete a new user account Delete a user account, which is named tony.
PAGE 84
GigaX3112 Series Layer 3 Managed Switch 5.3.4.3 Interface ﬂow control Use the flow control configuration command on the switch to set flow control status of the port. CLI Syntax: ﬂowcontrol (rx| tx | both) (on|off) Example: (conﬁg)# interface gi1/0/2 (conﬁg-if)# ﬂowcontrol both on This example shows how to use the ﬂow control conﬁguration command on the switch to set ﬂow control both on. 5.3.4.4 Show L2 interface Use the show l2_interface command on the switch to show l2 interface status.
PAGE 85
GigaX3112 Series Layer 3 Managed Switch 5.3.5.3 interface vlan VLAN-ID This command changes the operation to vlan interface command mode. CLI Syntax: interface vlan VLAN-ID Example: interface vlan 1 5.3.5.4 ip address This command sets the ip address for speciﬁc interface. CLI Syntax: ip address A.B.C.D/M Example: (conﬁg-if)# ip address 192.168.20.121/24 Note: It wonʼt show you the interface name. Please keep in mind, which you are conﬁguring. 5.3.5.
PAGE 86
GigaX3112 Series Layer 3 Managed Switch 5.3.6 5.3.6.1 RIP router rip The router rip command is necessary to enable RIP. To disable RIP, use the no router rip command. RIP must be enabled before carrying out any of the RIP commands. CLI Syntax: router rip Example: (conﬁg)# router rip 5.3.6.2 no router rip Disable RIP. CLI Syntax: no router rip Example: (conﬁg)# no router rip 5.3.6.3 version RIP can be configured to process either Version 1 or Version 2 packets, the default mode is Version 2.
PAGE 87
GigaX3112 Series Layer 3 Managed Switch 5.3.7.2 router-id Assigning an OSPF router-id in IP address format. CLI Syntax: ospf router-id a.b.c.d Example: (conﬁg-router)# ospf router-id 10.0.0.3 5.3.7.3 area Set the OSPF area ID. CLI Syntax: network a.b.c.d/m area a.b.c.d Example: (conﬁg-router)# network 102.192.2/24 area 192.192.2.254 5.3.8 Multicast Route Enable or disable the function of multicast route which include DVMRP and PIM-DM.
PAGE 88
GigaX3112 Series Layer 3 Managed Switch 5.3.10.3 default spanning-tree This command sets spanning-tree parameter to default. CLI Syntax: default spanning-tree Example: ASUS# default spanning-tree forward-time 5.3.10.4 show spanning-tree active To show spanning-tree active. CLI Syntax: show spanning-tree active Example: ASUS# show spanning-tree active 5.3.10.5 spanning-tree enable and disable Enable/Disable the spanning tree.
PAGE 89
GigaX3112 Series Layer 3 Managed Switch 5.3.12 LACP 5.3.12.1 clear lacp counters Use the clear lacp counters conﬁguration command on the switch to clear the statistics for all aggregated port sets. CLI Syntax: clear lacp counters [STACKID] Example: clear lacp counters 1 5.3.12.2 lacp aggregation-link trunk This command sets the Link Aggregation Control Protocol (LACP) operation add/set for the trunk group ports on the switch.
PAGE 90
GigaX3112 Series Layer 3 Managed Switch 5.3.13 Mirroring 5.3.13.1 mirror mode To set port mirror mode. CLI Syntax: mirror mode Example: (conﬁg)# mirror mode l2 5.3.13.2 mirror setting This command mirrors the source interface list trafﬁc to the destination interface. The mirror type support received trafﬁc, Transmitted trafﬁc, or both. CLI Syntax: mirror IFLIST to IFNAME (rx|tx|both) Example: (conﬁg)# mirror gi1/0/3-5 to gi1/0/9 both 5.3.13.3 show mirror To show current mirror features.
PAGE 91
GigaX3112 Series Layer 3 Managed Switch 5.3.14.2 no mac-address-table multicast Use the no mac-address-table multicast conﬁguration command on the switch to remove multicast static port to the MAC address table. CLI Syntax: no mac-address-table multicast MACADDR vlan VLANID interface IFLIST Example: (conﬁg)# no mac-address-table multicast 0100.5e11.1111 vlan 2 interface gi1/0/3 1 5.3.14.
PAGE 92
GigaX3112 Series Layer 3 Managed Switch 5.3.16 Trafﬁc Control 5.3.16.1 storm-control Use the storm-control conﬁguration command on the switch to set the limit rate of the portʼs total bandwidth used by broadcast/dlf/multicast. CLI Syntax: storm-control (broadcast|dlf|multicast) LIMIT_RATE Example: (conﬁg)# storm-control broadcast 25 5.3.16.2 no storm-control Use the no storm-control conﬁguration command on the switch to disable the limit rate of the portʼs total bandwidth used by broadcast/dlf/multicast.
PAGE 93
GigaX3112 Series Layer 3 Managed Switch 5.3.17.3 no aging time Disables the age timer of the mac-address-table. CLI Syntax: no mac-address-table aging-time Example: (conﬁg)# no mac-address-table aging-time 5.3.17.4 show mac-address-table aging-time CLI Syntax: show mac-address-table aging-time Example: ASUS# show mac-address-table aging-time 5.3.18 Static Addresses 5.3.18.1 add static mac-address You can add a MAC address into the switch address table.
PAGE 94
GigaX3112 Series Layer 3 Managed Switch 5.3.19.2 vlan vid Use the vlan vid command to create vlan entry on the switch. CLI Syntax: vlan vid Example: (conﬁg)# vlan 2 5.3.19.3 name string Use the name string command to create vlan entry with string on the switch. CLI Syntax: name string Example: (conﬁg-vlan)# name VLAN2 5.3.19.4 access vlan Set access mode characteristics of all interfaces and Set Virtual LAN.
PAGE 95
GigaX3112 Series Layer 3 Managed Switch 5.3.20.2 default gvrp conﬁguration This command sets the GVRP conﬁguration to default. CLI Syntax: default gvrp conﬁguration Example: ASUS# default gvrp conﬁguration 5.3.20.3 gvrp mode This command sets the GVRP feature globally enable or disable on the switch. CLI Syntax: gvrp mode (enable|disable) Example: ASUS# gvrp mode enable 5.3.20.4 show gvrp conﬁguration To show gvrp conﬁguration IFNAME status.
PAGE 96
GigaX3112 Series Layer 3 Managed Switch 5.3.21.3 qos mode This command sets qos mode to highﬁrst mode. CLI Syntax: qos mode high_ﬁrst Example: (conﬁg)# qos mode high_ﬁrst 5.3.21.4 show qos mode This command shows the qos mode. CLI Syntax: show qos mode Example: (conﬁg)# show qos mode 5.3.21.5 qos egress bandwidth This command used to set the Qos bandwidth informational parameter for the outcoming packets.
PAGE 97
GigaX3112 Series Layer 3 Managed Switch 5.3.23 Filter 5.3.23.1 deny any host Use the deny MAC access list conﬁguration command on the switch to prevent non-IP trafﬁc from being forwarded if the conditions are matched. Use the no form of this command to remove a deny condition from the named MAC access list. CLI Syntax: deny any host MACADDR [VLANID] Example: (conﬁg)# deny any host c2f3.220a.12f4 1 5.3.23.
PAGE 98
GigaX3112 Series Layer 3 Managed Switch 5.3.24.2 dot1x default This command reset the conﬁgurable 802.1x parameters to the default values. CLI Syntax: dot1x default Example: (conﬁg)# interface gi1/0/1 (conﬁg-if)# dot1x default 5.3.24.3 dot1x guest-vlan Use the dot1x guest-vlan interface configuration command on the switch to specify an active VLAN as an 802.1X guest VLAN. Use the no form of this command to return to the default setting.
PAGE 99
GigaX3112 Series Layer 3 Managed Switch 5.3.24.6 dot1x port-control Use the dot1x port-control interface configuration command on the switch to enable manual control of the authorization state of the port. Use the no form of this command to return to the default setting. CLI Syntax: dot1x port-control (auto|force-authorized| force-unauthorized) Example: (conﬁg)# interface gi1/0/1 (conﬁg-if)# dot1x port-control force-authorized 5.3.25 Dial-in User 5.3.25.
PAGE 100
GigaX3112 Series Layer 3 Managed Switch 5.3.27 Port Security 5.3.27.1 show port security This command used to show the port security configuration, status and MAC addresses information. CLI Syntax: show port-security [address] [interface IFNAME] Example: ASUS# show port-security ASUS# show port-security interface gi1/0/1 ASUS# show port-security address ASUS# show port-security interface gi1/0/1 address 5.3.27.2 clear port security This command used to clear port security dynamic MAC addresses.
PAGE 101
GigaX3112 Series Layer 3 Managed Switch 5.3.27.4 switchport port-security aging This command used to set the port security aging conﬁguration. CLI Syntax: switchport port-security aging {time TIME | type {absolute | inactivity}} Example: (conﬁg)# interface gi1/0/1 (conﬁg-if)# switchport port-security aging time 20 (conﬁg-if)# switchport port-security aging type absolute 5.4 Miscellaneous commands show monitor: shows the environment variable, like temperature, fan speed and voltage.
PAGE 102
GigaX3112 Series Layer 3 Managed Switch 6 IP addresses, network masks, and subnets 6.1 IP addresses This section pertains only to IP addresses for IPv4 (version 4 of the Internet Protocol). IPv6 addresses are not covered. Note This section assumes basic knowledge of binary numbers, bits, and bytes. IP addresses, the Internetʼs version of telephone numbers, are used to identify individual nodes (computers or devices) on the Internet.
PAGE 103
GigaX3112 Series Layer 3 Managed Switch Class A: 10.30.6.125 (network = 10, host = 30.6.125) Class B: 129.88.16.49 (network = 129.88, host = 16.49) Class C: 192.60.201.11 (network = 192.60.201, host = 11) 6.1.2 Network classes The three commonly used network classes are A, B, and C. (There is also a class D but it has a special use beyond the scope of this discussion.) These classes have different uses and characteristics.
PAGE 104
GigaX3112 Series Layer 3 Managed Switch For example, consider a class C network 192.168.1. To split this into two subnets, you would use the subnet mask: 255.255.255.128 Itʼs easier to see whatʼs happening if we write this in binary: 11111111. 11111111. 11111111.10000000 As with any class C address, all of the bits in ﬁeld1 through ﬁeld 3 are part of the network ID, but note how the mask speciﬁes that the ﬁrst bit in ﬁeld 4 is also included.
PAGE 105
GigaX3112 Series Layer 3 Managed Switch 7 Troubleshooting This section gives instructions for using several IP utilities to diagnose problems. A list of possible problems with suggestion actions is also provided. All the known bugs are listed in the release note. Read the release note before you set up the switch. Contact Customer Support if these suggestions do not resolve the problem. 7.1 Diagnosing problems using IP utilities 7.1.
PAGE 106
GigaX3112 Series Layer 3 Managed Switch Using the ping command, you can test whether the path to the switch is working (using the pre-configured default LAN IP address 192.168.1.1) or another address you assigned. You can also test whether access to the Internet is working by typing an external address, such as that for www.yahoo.com (216.115.108.243). If you do not know the IP address of a particular Internet location, you can use the nslookup command, as explained in the following section.
PAGE 107
GigaX3112 Series Layer 3 Managed Switch There may be several addresses associated with an Internet name. This is common for web sites that receive heavy trafﬁc; they use multiple, redundant servers to carry the same information. To exit from the nslookup utility, type exit and press at the command prompt. 7.2 Replacing defective fans Note Turn off the power of the switch when you remove the fan module on the rear side of the switch.
PAGE 108
GigaX3112 Series Layer 3 Managed Switch Figure 77. Detaching the fan from the module Fasten the new fan with the screws that you removed earlier. Make sure that the fan cable is near the bottom of the module. Follow the same steps to replace the other fan. Connect the fan cables to the PCB. Make sure that the fan cables are connected to the correct fan connector. FAN 1 is on the left side when you are facing the rear panel. Insert the fan module to the switch chassis until it ﬁts in place.
PAGE 109
GigaX3112 Series Layer 3 Managed Switch 7.3 Simple ﬁxes The following table lists some common problems that you may encounter when installing or using the switch, and the suggested actions to solve the problems. Table 9. Troubleshooting Problem Suggested Action LEDs SYSTEM LED does not light up after the switch is turned on. Verify if the power cord is securely connected to the switch and a wall socket/power strip. RPS LED does not light up after a redundant power supply is attached. 1.
PAGE 110
GigaX3112 Series Layer 3 Managed Switch Problem Suggested Action Web Conﬁguration Interface You forgot/lost your WEB Conﬁguration Interface user ID or password. 1.If you have not changed the password from the default, try using “admin” as the user ID and bypassing password. Some pages do not display completely 1.Verify that you are using Internet Explorer v6.0 or later. 2.Ping the switch IP address to see if the link is stable.
PAGE 111
GigaX3112 Series Layer 3 Managed Switch 8 98 Glossary 10BASE-T A designation for the type of wiring used by Ethernet networks with a data rate of 10 Mbps. Also known as Category 3 (CAT 3) wiring. See also data rate, Ethernet. 100BASE-T A designation for the type of wiring used by Ethernet networks with a data rate of 100 Mbps. Also known as Category 5 (CAT 5) wiring. See also data rate, Ethernet.
PAGE 112
GigaX3112 Series Layer 3 Managed Switch FTP File Transfer Protocol A program used to transfer files between computers connected to the Internet. Common uses include uploading new or updated files to a web server, and downloading ﬁles from a web server. host A device (usually a computer) connected to a network. HTTP Hyper-Text Transfer Protocol HTTP is the main protocol used to transfer data from web sites so that it can be displayed by web browsers. See also web browser, web site.
PAGE 113
GigaX3112 Series Layer 3 Managed Switch 100 ISP Internet Service Provider A company that provides Internet access to its customers, usually for a fee. LAN Local Area Network A network limited to a small geographic area, such as a home, ofﬁce, or small building. LED Light Emitting Diode An electronic light-emitting device. The indicator lights on the front panel of the switch are LEDs. MAC address Media Access Control address The permanent hardware address of a device, assigned by its manufacturer.
PAGE 114
GigaX3112 Series Layer 3 Managed Switch packet Data transmitted on a network consists of units called packets. Each packet contains a payload (the data), plus overhead information such as where it came from (source address) and where it should go (destination address). ping Packet Internet (or Inter-Network) Groper A program used to verify whether the host associated with an IP address is online. It can also be used to reveal the IP address for a given domain name.
PAGE 115
GigaX3112 Series Layer 3 Managed Switch 102 subnet mask A mask that deﬁnes a subnet. See also network mask. TCP See TCP/IP. TCP/IP Transmission Control Protocol/Internet Protocol The basic protocols used on the Internet. TCP is responsible for dividing data up into packets for delivery and reassembling them at the destination, while IP is responsible for delivering the packets from source to destination. When TCP and IP are bundled with higherlevel applications such as HTTP, FTP, Telnet, etc.
PAGE 116
GigaX3112 Series Layer 3 Managed Switch WAN Wide Area Network Any network spread over a large geographical area, such as a country or continent. Usually, WAN refers to the Internet. Web browser A software program that uses Hyper-Text Transfer Protocol (HTTP) to download information from (and upload to) web sites, and displays the information, which may consist of text, graphic images, audio, or video, to the user. Web browsers use Hyper-Text Transfer Protocol (HTTP).
PAGE 117
GigaX3112 Series Layer 3 Managed Switch 9 104 Index 100BASE-T, 98 Host table page, 46 10BASE-T, 98 HTTP, 99 Attach page, 52 ICMP, 99 Binary numbers, 98 IGMP, 99 Bits, 98 IGMP Snooping, 99 Boot ROM command mode, 63, 65 IGMP snooping page, 28 Boot ROM commands, 64 Internet, 99 Bridge page, 21 troubleshooting access to, 96 Broadcast, 98 Intranet, 99 CLI commands, 98 IP addresses, 99 Community table page, 46 explained, 89 Conﬁguration Manager ISP, 100 troubleshooting, 97 LAN, 100 C
PAGE 118
GigaX3112 Series Layer 3 Managed Switch nslookup, 93 Subnet masks, 90 Packet, 101 System commands, 67, 68, 69, 70 Password Tagged VLAN page, 33 default, 12, 14 TCP/IP, 102 recovering, 97 Telnet, 102 Physical interface commands, 70, 71 TFTP, 102 Physical interface page, 20 Trafﬁc comparison page, 60, 90 Ping, 92, 101 Trafﬁc control page, 30 Port, 101 Trap setting page, 47 POST, 63 Troubleshooting, 96 Power adapter, 9 Trunk, 102 Power On Self Test, 63 TTL, 102 Protocol, 101 Twisted pa