SmartSwitch 2200 Series (2E253, 2H252, 2H253, and 2H258) Standalone Switches Local Management User’s Guide 9033650-04
NOTICE Enterasys Networks reserves the right to make changes in specifications and other information contained in this document and its web site without prior notice. The reader should in all cases consult Enterasys Networks to determine whether any such changes have been made. The hardware, firmware, or software described in this document is subject to change without notice.
ENTERASYS NETWORKS, INC. PROGRAM LICENSE AGREEMENT BEFORE OPENING OR UTILIZING THE ENCLOSED PRODUCT, CAREFULLY READ THIS LICENSE AGREEMENT. This document is an agreement (“Agreement”) between the end user (“You”) and Enterasys Networks, Inc.
3. APPLICABLE LAW. This Agreement shall be interpreted and governed under the laws and in the state and federal courts of New Hampshire without regard to its conflicts of laws provisions. You accept the personal jurisdiction and venue of the New Hampshire courts.
8. AUDIT RIGHTS. You hereby acknowledge that the intellectual property rights associated with the Program are of critical value to Enterasys and, accordingly, You hereby agree to maintain complete books, records and accounts showing (i) license fees due and paid, and (ii) the use, copying and deployment of the Program.
Contents Figures ..........................................................................................................................................xii Tables.............................................................................................................................................xv ABOUT THIS GUIDE Using This guide .......................................................................................................... xvii Structure of This Guide ................................
3.3 3.4 3.5 3.6 3.7 3.8 3.9 3.10 3.11 3.12 3.13 4 DEVICE CONFIGURATION MENU SCREENS 4.1 4.2 vi Device Menu Screen....................................................................................... 3-7 Overview of Security Methods ...................................................................... 3-11 3.4.1 Host Access Control Authentication (HACA) ................................ 3-12 3.4.2 802.1X Port Based Network Access Control ................................ 3-15 3.4.2.
4.3 4.4 4.5 4.6 4.7 4.8 5 SNMP Configuration Menu Screen ............................................................... 4-17 SNMP Community Names Configuration Screen ......................................... 4-18 4.4.1 Establishing Community Names ................................................... 4-20 SNMP Traps Configuration Screen............................................................... 4-21 4.5.1 Configuring the Trap Table ...........................................................
6 802.1 CONFIGURATION MENU SCREENS 6.1 6.2 6.3 6.4 6.5 7 802.1Q VLAN CONFIGURATION MENU SCREENS 7.1 7.2 7.3 7.4 7.5 7.6 7.7 7.8 7.9 viii 802.1 Configuration Menu Screen .................................................................. 6-2 Spanning Tree Configuration Menu Screen.................................................... 6-4 Spanning Tree Configuration Screen.............................................................. 6-5 6.3.1 Configuring a VLAN Spanning Tree...........................
8 802.1p CONFIGURATION MENU SCREENS 8.1 8.2 8.3 8.4 8.5 8.6 8.7 8.8 9 LAYER 3 EXTENSIONS MENU SCREENS 9.1 9.2 10 802.1p Configuration Menu Screen ................................................................ 8-2 Port Priority Configuration Screen................................................................... 8-4 8.2.1 Setting Switch Port Priority Port-by-Port ......................................... 8-6 8.2.2 Setting Switch Port Priority on All Ports .........................................
11 NETWORK TOOLS SCREENS 11.1 11.2 11.3 11.4 11.5 12 VLAN OPERATION AND NETWORK APPLICATIONS 12.1 12.2 12.3 12.4 12.5 12.6 12.7 12.8 12.9 12.10 12.11 12.12 12.13 x Network Tools ............................................................................................... 11-1 Built-in Commands........................................................................................ 11-4 Example, Effects of Aging Time on Dynamic Egress..................................
12.14 12.15 12.16 12.17 A GENERIC ATTRIBUTE REGISTRATION PROTOCOL (GARP) A.1 A.2 B Example 3, Filtering Traffic According to a Layer 4 Classification Rule...... 12-32 12.14.1 Solving the Problem.................................................................... 12-32 Example 4, Securing Sensitive Information According to Subnet ............... 12-33 12.15.1 Solving the Problem.................................................................... 12-34 Example 5, Using Dynamic Egress to Control Traffic ..
Figures Figure 1-1 2-1 2-2 3-1 3-2 3-3 3-4 3-5 3-6 3-7 3-8 3-9 3-10 3-11 3-12 3-13 3-14 3-15 4-1 4-2 4-3 4-4 4-5 4-6 4-7 4-8 4-9 4-10 4-11 4-12 5-1 5-2 5-3 5-4 5-5 5-6 xii Page Example of a Local Management Screen ....................................................................... 1-4 Management Terminal Connection................................................................................. 2-2 Uninterruptible Power Supply (UPS) Connection ..........................................................
Figure 5-7 5-8 5-9 5-10 5-11 5-12 5-13 5-14 5-15 6-1 6-2 6-3 6-4 6-5 7-1 7-2 7-3 7-4 7-5 7-6 7-7 7-8 7-9 8-1 8-2 8-3 8-4 8-5 8-6 8-7 8-8 8-9 8-10 9-1 9-2 10-1 10-2 10-3 10-4 11-1 12-1 12-2 Page VLAN Redirect Configuration Screen............................................................................ 5-20 802.3ad Main Menu Screen .......................................................................................... 5-26 802.3ad Port Screen ............................................................
Figure Page 12-3 12-4 12-5 12-6 12-7 12-8 12-9 12-10 12-11 12-12 12-13 12-14 12-15 12-16 12-17 12-18 12-19 A-1 Switch Management with Only Default VLAN..............................................................12-12 Switch Management with VLANs.................................................................................12-13 802.1Q VLAN Screen Hierarchy..................................................................................12-15 Walkthrough Stage One, Static VLAN Configuration Screen ...
Tables Table 1-1 1-2 2-1 3-1 3-2 3-3 3-4 3-5 3-6 3-7 3-8 3-9 3-10 3-11 3-12 3-13 3-14 3-15 4-1 4-2 4-3 4-4 4-5 4-6 4-7 4-8 4-9 5-1 5-2 5-3 5-4 5-5 5-6 5-7 5-8 5-9 5-10 Page Event Messages .............................................................................................................. 5 Keyboard Conventions .................................................................................................... 6 VT Terminal Setup.....................................................................
Table Page 5-11 5-12 5-13 5-14 6-1 6-2 6-3 6-4 6-5 7-1 7-2 7-3 7-4 7-5 7-6 7-7 7-8 7-9 7-10 8-1 8-2 8-3 8-4 8-5 8-6 8-7 8-8 8-9 8-10 9-1 9-2 10-1 10-2 10-3 10-4 11-1 11-2 12-1 802.3ad Aggregator Screen Field Descriptions .............................................................40 802.3ad Aggregator Details Screen Field Descriptions .................................................42 802.3ad System Screen Field Descriptions ...................................................................
About This Guide Welcome to the Enterasys Networks SmartSwitch 2200 Series (2E253, 2H252, 2H253, and 2H258) Standalone Switches Local Management User’s Guide. This manual explains how to access and use the Enterasys Networks Local Management to manage the SmartSwitch devices. Local Management is a series of screens that enable the user to monitor and control the SmartSwitch device and its attached segments.
Structure of This Guide STRUCTURE OF THIS GUIDE The guide is organized as follows: Chapter 1, Introduction, provides an overview of the tasks that may be accomplished using Local Management (LM), and an introduction to LM screen navigation, in-band and out-of-band network management, screen elements, and LM keyboard conventions.
Structure of This Guide Chapter 8, 802.1p Configuration Menu Screens, describes how to use the screens to set the transmit priority of each port, display the current traffic class mapping-to-priority of each port, set ports to either transmit frames according to selected priority transmit queues or percentage of port transmission capacity for each queue, assign transmit priorities according to protocol types, and configure a rate limit for a given port and list of priorities.
Related Documents RELATED DOCUMENTS The following Enterasys Networks documents may help to set up, control, and manage the SmartSwitch device: • Ethernet Technology Guide • Cabling Guide • SmartTrunk User’s Guide • WAN Series Local Management User’s Guide Documents associated with the optional HSIM and VHSIM interface modules, SmartSwitch device installation user’s guides, and the manuals listed above, can be obtained from the World Wide Web in Adobe Acrobat Portable Document Format (PDF) at the following
Typographical and Keystroke Conventions TYPOGRAPHICAL AND KEYSTROKE CONVENTIONS bold type Bold type can denote either a user input or a highlighted screen selection. RETURN Indicates either the ENTER or RETURN key, depending on your keyboard. ESC Indicates the keyboard Escape key. SPACE bar Indicates the keyboard space bar key. BACKSPACE Indicates the keyboard backspace key. arrow keys Refers to the four keyboard arrow keys. [-] Indicates the keyboard – key.
1 Introduction This chapter provides an overview of the tasks that may be accomplished using Local Management (LM), and an introduction to LM screen navigation, in-band and out-of-band network management, screen elements, and LM keyboard conventions. Important Notice Depending on the firmware version used in the SmartSwitch device, some features described in this document may not be supported. Refer to the Release Notes shipped with the SmartSwitch device to determine which features are supported. 1.
Overview • Clear NVRAM. • Set 802.1Q VLAN memberships and port configurations. • Redirect frames according to port or VLAN and transmit them on a preselected destination port. • Create a separate Spanning Tree topology for each VLAN configured in the SmartSwitch device. • Transmit frames on preselected destination ports according to protocol and priority or protocol and VLAN.
Navigating Local Management Screens 1.1.2 In-Band vs. Out-of-Band Network management systems are often classified as either in-band or out-of-band. In-band network management passes data along the same medium (cables, frequencies) used by all other stations on the network. Out-of-band network management passes data along a medium that is entirely separate from the common data carrier of the network, for example, a cable connection between a dumb terminal and a SmartSwitch device COM port.
Local Management Screen Elements You can also access Local Management using a Telnet connection through one of the network ports of the SmartSwitch device. NOTE: For details on the setup parameters for the console, how to connect a console to the SmartSwitch, or how to make a telnet connection, refer to Chapter 2. 1.4 LOCAL MANAGEMENT SCREEN ELEMENTS There are six types of screens used in Local Management: password, menu, statistics, configuration, status, and warning screens.
Local Management Screen Elements Event Message Field This field briefly displays messages that indicate if a Local Management procedure was executed correctly or incorrectly, that changes were saved or not saved to Non-Volatile Random Access Memory (NVRAM), or that a user did not have access privileges to an application. Table 1-1 describes the most common event messages. Event messages related to specific Local Management applications are described with those applications throughout this manual.
Local Management Keyboard Conventions Command Fields Command fields (located at the bottom of Local Management screens) are used to exit Local Management screens, save Local Management entries, or navigate to another display of the same screen. In the screens shown in this guide, the characters in this field are all upper case and in bold type. In the field description, the field is identified as being a “command” field. 1.
Getting Help 1.6 GETTING HELP For additional support related to this device or document, contact Enterasys Networks using one of the following methods: World Wide Web http://www.enterasys.com/ Phone (603) 332-9400 Internet mail support@enterasys.com FTP ftp://ftp.enterasys.com/ Login anonymous Password your email address To send comments or suggestions concerning this document, contact the Enterasys Networks Technical Writing Department via the following email address: TechWriting@enterasys.
2 Local Management Requirements This chapter provides information concerning the following: • Management Terminal Setup (Section 2.1), which describes how to attach a Local Management terminal to the Enterasys Networks host device. • Telnet Connections (Section 2.2), which provides guidelines when using a Telnet connection to access Local Management. • Monitoring an Uninterruptible Power Supply (Section 2.
Management Terminal Setup 2.1.1 Console Cable Connection Use the Console Cable Kit provided with the SmartSwitch device to attach the management terminal to the SmartSwitch device COM port as shown in Figure 2-1. To connect the SmartSwitch device to a PC or compatible device running the VT terminal emulation, proceed as follows: 1. Connect the RJ45 connector at one end of the cable (supplied in the kit) to the COM port on the SmartSwitch device. 2.
Management Terminal Setup 2.1.2 Management Terminal Setup Parameters Table 2-1 lists the setup parameters for the local management terminal.
Telnet Connections 2.2 TELNET CONNECTIONS Once the SmartSwitch device has a valid IP address, the user can establish a Telnet session from any TCP/IP based node on the network. Telnet connections to the SmartSwitch device require the community name passwords assigned in the SNMP Community Names Configuration screen. For information about setting the IP address, refer to Section 4.2. For information about assigning community names, refer to Section 4.4.
Monitoring an Uninterruptible Power Supply Figure 2-2 Uninterruptible Power Supply (UPS) Connection FAST ETHERNET WORKGROUP SWITCH 2 2X RX-TX 6 5 4 3 1 LED MODE 4X 8 7 6X 12 11 10 9 8X 10X 16 15 14 13 12X 14X 22 21 20 19 18 17 16X 18X 20X 24 23 22X 24X DPX-SPD 2H252-25R PWR CPU RESET COM DB9 Port RJ45 COM Port UTP Cable with RJ45 Connectors UPS Device RJ45-to-DB9 UPS Adapter 30691_03 Local Management Requirements 2-5
3 Accessing Local Management This chapter provides information about the following: • Navigating through the Local Management screen hierarchy for 802.1Q Switching (Section 3.1). • Accessing the Password screen to enter a Local Management session (Section 3.2). • Accessing the Device Menu screen and its menu items to gain access to the Local Management screens including the security screens (Section 3.3). • Accessing the Security Menu screen to control access to the switch’s host (Section 3.5).
Navigating Local Management Screens Figure 3-1 802.1Q Switching Mode, LM Screen Hierarchy Device Configuration Menu General Configuration SNMP Configuration Menu SNMP Community Names Configuration SNMP Traps Configuration System Resources Information Access Control List Flash Download Configuration Ethernet Interface Configuration Port Configuration Menu 802.
Navigating Local Management Screens B Security Passwords Radius Configuration Name Services Configuration System Authentication Configuration EAP Configuration EAP Session Statistics EAP Statistics Menu MAC Port Configuration MAC Supplicant Configuration 3.1.1 EAP Authenticator Statistics EAP Diagnostic Statistics Selecting Local Management Menu Screen Items Select items on a menu screen by performing the following steps: 1. Use the arrow keys to highlight a menu item. 2. Press ENTER.
Password Screen 3. Exit from Local Management by repeating steps 1 and 2 until the Device Menu screen displays. 4. To end the LM session, use the arrow keys to highlight the RETURN command at the bottom of the Device Menu screen. 5. Press ENTER. The Local Management Password screen displays and the session ends. 3.1.
Password Screen NOTE: You can set the same string as a Security password and SNMP Community Name. This will allow you to access and manage the switch whether you are starting a Local Management session via a Telnet connection or local COM port connection, or by using a network SNMP management application. If you use a string for the security password and a different one for the SNMP Community Name, the two cannot be used interchangeably to access the switch.
Password Screen Enter the Password and press ENTER. The default super-user access password is “public” or press ENTER. NOTE: If an invalid password is entered, the terminal beeps and the cursor returns to the beginning of the password entry field. Entering a valid password causes the associated access level to display at the bottom of the screen and the Device Menu screen to display.
Device Menu Screen 3.3 DEVICE MENU SCREEN Screen Navigation Path Password > Device Menu When to Use To access the Local Management screens of the switch. How to Access Enter a valid password in the Local Management Password screen as described in Section 3.2, and press ENTER. The Device Menu screen, Figure 3-3, displays.
Device Menu Screen Menu Descriptions Refer to Table 3-1 for a functional description of each menu item. Table 3-1 Device Menu Screen Menu Item Descriptions Menu Item Screen Function DEVICE CONFIGURATION MENU Provides access to the Local Management screens that are used to configure the switch and also provides access to the Port Configuration Menu screen, 802.1 Configuration Menu screens, and the Layer 3 Extensions Menu screens.
Device Menu Screen Table 3-1 Device Menu Screen Menu Item Descriptions (Continued) Menu Item Screen Function NETWORK TOOLS The Network Tools function resides on the switch and consists of commands that allow the user to access and manage network devices, including the ability to Telnet to other devices. Chapter 11 explains how to use the Network Tools utility.
Device Menu Screen Table 3-1 Device Menu Screen Menu Item Descriptions (Continued) Menu Item Screen Function SECURITY (cont’d) The Radius Configuration screen enables you to configure the Radius client function on the switch to provide another restriction for access to the Local Management screens. For more information on Radius Client, refer to Section 3.4. For more information about the Radius Configuration screen, refer to Section 3.7.
Overview of Security Methods 3.4 OVERVIEW OF SECURITY METHODS Six security methods are available to control which users are allowed access to the switch’s host to monitor and control the switch. • Login Security Password – used to access the Device Menu screen to start a Local Management session via a Telnet connection or local COM port connection. Whenever a connection is made to the switch, the Local Management Password screen displays.
Overview of Security Methods 3.4.1 Host Access Control Authentication (HACA) To use HACA, the embedded Radius Client on the switch must be configured to communicate with the Radius Server, and the Radius Server must be configured with the password information. The software used for this application provides the ability to centralize the Authentication, Authorization, and Accounting (AAA) of the network resources.
Overview of Security Methods Only one password is allowed per access level. This enables the Radius Server to track the users accessing the switch host and how long they used the host application. All radius values, except the server IPs and shared secrets, are assigned reasonable default values when radius is installed on a new switch.
Overview of Security Methods If the server returns an “access-accept” response (the user successfully authenticated), it must also return a Radius “FilterID” attribute containing an ASCII string with the following fields in the specified format: “Enterasys:version=V:mgmt=M:policy=N” Where: V is the version number (currently V=1) M is the access level for management, one of the following strings: “su” for super-user access “rw” for read-write access “ro” for read-only access N is the policy profile string (
Overview of Security Methods 3.4.2 802.1X Port Based Network Access Control This section provides • a brief description of 802.1X Port Based Network Access Control, • definitions of common terms and abbreviations, and • an overview of the tasks that may be accomplished using the 802.1X and EAP security and authentication features. When using the physical access characteristics of IEEE 802 LAN infrastructures, the 802.
Overview of Security Methods Table 3-2 Authentication Terms and Abbreviations (Continued) Term Definition Authentication Server Provides authentication service to an authenticator. This service determines, by the credentials the supplicant provides, whether a supplicant is authorized to access services provided by the authenticator. The authentication server can be co-located with an authenticator or can be accessed remotely.
Overview of Security Methods 3.4.3 MAC Authentication Overview This section discusses a method for a user to gain access to the network by validating the MAC address of their connected device. Network management statically provisions MAC addresses in a central radius server. Those pre-configured MAC addresses are allowed access to the network through the usual RADIUS validation process. This section further discusses how MAC Authentication and 802.
Overview of Security Methods Authentication This section defines the precedence rules to determine which authentication method, 802.1X (EAP) or MAC Authentication has control over an interface. Setting the 802.1X and MAC port authentication is described in Section 3.9. When both methods are enabled, 802.1X takes precedence over MAC Authentication when a user is authenticated using the 802.1X method. If the port or MAC remains unauthenticated in 802.
Overview of Security Methods Table 3-3 MAC / 802.1X Precedence States 802.1X Port Control MAC Port Control Authenticated? Force Authorized Don’t Care Don’t Care Default Policy Exists? Yes Authorized Policy Exists? Don’t Care Action • Neither method performs authentication. • Frames are forwarded according to default policy. Force Authorized Don’t Care Don’t Care No Don’t Care • Neither method performs authentication. • Frames are forwarded.
Overview of Security Methods Table 3-3 MAC / 802.1X Precedence States (Continued) 802.1X Port Control MAC Port Control Authenticated? Auto Disabled Yes Default Policy Exists? Don’t Care Authorized Policy Exists? Action Yes • 802.1X performs authentication. • Frames are forwarded according to authorized policy. Auto Disabled Yes Yes No • 802.1X performs authentication. • Frames are forwarded according to default policy. Auto Disabled Yes No No • 802.1X performs authentication.
Overview of Security Methods Table 3-3 MAC / 802.1X Precedence States (Continued) 802.1X Port Control MAC Port Control Authenticated? Default Policy Exists? Force Unauthoriz ation Enabled No No Force Unauthoriz ation Disabled 3.4.4 Don’t Care Don’t Care Authorized Policy Exists? Action Don’t Care • MAC performs authentication. Don’t Care • Neither method performs • Frames are discarded. authentication. • Frames are discarded.
Security Menu Screen 3.5 SECURITY MENU SCREEN Screen Navigation Path Password > Device Menu > Security When to Use To access the Passwords, Radius Configuration, Name Services Configuration, System Authentication Configuration, EAP Configuration, EAP Statistics Menu, MAC Port Configuration, and MAC Supplicant Configuration screens. • The Passwords and Radius Configuration screens allow you to configure additional limited access.
Security Menu Screen Screen Example Figure 3-4 Security Menu Screen PASSWORDS RADIUS CONFIGURATION NAME SERVICES CONFIGURATION SYSTEM AUTHENTICATION CONFIGURATION EAP CONFIGURATION EAP STATISTICS MENU MAC PORT CONFIGURATION MAC SUPPLICANT CONFIGURATION EXIT RETURN 3528_14 Menu Descriptions Refer to Table 3-4 for a functional description of each menu item.
Security Menu Screen Table 3-4 Security Menu Screen Menu Item Descriptions Menu Item Screen Function PASSWORDS Used to set the Locally Administered Passwords (super user, read-write, and read-only) to access the device according to an access policy. For details, refer to Section 3.6. RADIUS CONFIGURATION Used to configure the Radius Client Parameters on the switch, primary server, and secondary server. For details, refer to Section 3.7.
Passwords Screen 3.6 PASSWORDS SCREEN When to Use To provide additional security by using login passwords associated to an access policy. This screen allows the use of passwords to provide three levels of Local Management access (super-user, read-write and read-only) via serial console or telnet connection. This screen is also used to disable the function of hardware switch 8 to prevent the clearing of the login passwords.
Passwords Screen Field Descriptions Refer to Table 3-5 for a functional description of each screen field. Table 3-5 Module Login Passwords Screen Field Descriptions Use this field… To… Password (Modifiable) Enter the password used to access the device according to an access policy. Access Policy (Read-only) See the access given each password.
Radius Configuration Screen 3.6.1 Setting the Module Login Password Setting the Module Login Password provides additional security by assigning each switch its own password and allows you to disable the function of switch S8 so that the password cannot be cleared. To assign the password and disable switch S8, proceed as follows: 1. Use the arrow keys to highlight the appropriate Password field. A different password can be assigned to each Access Policy. 2. Press ENTER. 3.
Radius Configuration Screen How to Access Use the arrow keys to highlight the RADIUS CONFIGURATION menu item on the Security Menu screen and press ENTER. The Radius Configuration screen, Figure 3-6, displays. Screen Example Figure 3-6 Radius Configuration Screen Timeout: 20 Retries: 03 Local Remote Last Resort Action: [CHALLENGE] [CHALLENGE] Radius Client: [DISABLED] IP Address: 0.0.0.0 0.0.0.
Radius Configuration Screen Table 3-6 Radius Configuration Screen Field Descriptions (Continued) Use this field… To… Last Resort Action/Local (Selectable) Accept, Challenge, and Reject, which do the following: ACCEPT: Allows local access (via COM port) at the super-user level with no further attempt at authentication. CHALLENGE: Reverts to local module (legacy) passwords. REJECT: Does not allow local access. For more details, refer to Section 3.7.1. To set local and remote servers, refer to Section 3.
Radius Configuration Screen 3.7.1 Setting the Last Resort Authentication The Radius client can be configured to use primary and secondary servers. If the primary server does not respond within the specified number of retries during the specified time-out period, the client will then attempt to authenticate using the secondary server. If the secondary server also does not respond, then the client returns a time-out condition.
Name Services Configuration Screen 3.8 NAME SERVICES CONFIGURATION SCREEN When to Use Use this screen when enabling Port-based Web authentication. This screen can also be used to configure the global Secure Harbour name and IP address. The user can Enable/Disable Name Services and associate the switch name with the Secure Harbour IP address. How to Access Use the arrow keys to highlight the NAME SERVICES CONFIGURATION menu item on the Security Menu screen and press ENTER.
Name Services Configuration Screen Field Descriptions Refer to Table 3-7 for a functional description of each screen field. Table 3-7 Name Services Configuration Screen Field Descriptions Use this field… To… Switch Name (Modifiable) Create a textual name to bind to the IP address. Secure Harbour IP (Read-Only) See the IP address used to access services. Name Services (Toggle) Enable or disable the name services function. Web Authentication (Toggle) Enable or disable Web Authentication.
System Authentication Configuration Screen 3.9 SYSTEM AUTHENTICATION CONFIGURATION SCREEN When to Use To enable or disable an authentication type for the device, and to display the authentication type and authentication status (enabled or disabled) for all ports. How to Access Use the arrow keys to highlight the SYSTEM AUTHENTICATION CONFIGURATION menu item on the Security Menu screen and press ENTER. The System Authentication Configuration screen, Figure 3-8, displays.
System Authentication Configuration Screen Field Descriptions Refer to Table 3-8 for a functional description of each screen field. Table 3-8 System Authentication Configuration Screen Field Descriptions Use this field… To… System Authentication (Selectable) Enable or disable an authentication type for the device, or turn off the port authentication function on all ports. Options are EAP (Extensible Authentication Protocol), PWA (Port Web Authentication), MAC (Machine Address Code), EAP MAC, or NONE.
EAP (Port) Configuration Screen 3.10 EAP (PORT) CONFIGURATION SCREEN When to Use To configure authentication settings for each port. How to Access Use the arrow keys to highlight the EAP CONFIGURATION menu item on the Security Menu screen and press ENTER. The EAP Port Configuration screen, Figure 3-9, displays.
EAP (Port) Configuration Screen Field Descriptions Refer to Table 3-9 for a functional description of each screen field. . Table 3-9 EAP Port Configuration Screen Field Descriptions Use this field… To… Port (Read-Only) See the port number of all ports known to the device. Up to 10 ports can be displayed as a time. Highlight NEXT and press ENTER to display the next set of ports. Authentication State (Read-Only) See the current authentication state of each port.
EAP (Port) Configuration Screen Table 3-9 EAP Port Configuration Screen Field Descriptions (Continued) Use this field… To… Authentication State (Cont’d) • aborting: The port enters this state from authenticating when any event occurs that interrupts the login exchange. • held: After any login failure, this state is entered where the port remains for the number of seconds equal to quietPeriod (can be set using mib). • forceAuth: Management has set this in “Port Control”.
EAP (Port) Configuration Screen Table 3-9 EAP Port Configuration Screen Field Descriptions (Continued) Use this field… To… Backend State (Cont’d) • idle: The port is currently not involved in any authentication, but is ready to begin one. Move to idle after completion. • initialize: The port is initializing the relevant backend variables and is not ready to begin an authentication. Move to idle after completion.
EAP (Port) Configuration Screen Table 3-9 EAP Port Configuration Screen Field Descriptions (Continued) Use this field… To… Port Control (Cont’d) • Forced Authenticated Mode: The Forced Authenticated Mode is meant to disable authentication on a port. It is intended for ports that support ISLs and devices that cannot authenticate, such as printers and file servers.
EAP Statistics Menu Screen 3.11 EAP STATISTICS MENU SCREEN Screen Navigation Path Password > Device Menu > Security Menu > EAP Statistics Menu When to Use To access the EAP Session Statistics, EAP Authenticator Statistics, and EAP Diagnostic Statistics screens. How to Access Use the arrow keys to highlight the EAP STATISTICS menu item on the Security Menu screen and press ENTER. The EAP Statistics Menu screen, Figure 3-10, displays.
EAP Statistics Menu Screen Menu Descriptions Refer to Table 3-10 for a functional description of each menu item. Table 3-10 EAP Statistics Menu Screen Descriptions Menu Item Screen Function EAP SESSION STATISTICS Used to review and clear EAP session statistics for each port. For details, refer to Section 3.11.1. EAP AUTHENTICATOR STATISTICS Used to review authenticator statistics for each port, including EAP frame types received and transmitted, and frame version number and source MAC address.
EAP Statistics Menu Screen 3.11.1 EAP Session Statistics Screen When to Use To review and clear EAP session statistics for each port. How to Access Use the arrow keys to highlight the EAP SESSION STATISTICS menu item on the EAP Statistics Menu screen and press ENTER. The EAP Session Statistics screen, Figure 3-11, displays.
EAP Statistics Menu Screen Table 3-11 EAP Session Statistics Screen Field Descriptions Use this field… To… SessionID (Read-Only) See the unique ASCII string identifier for a particular session. SessionOctetsRx (Read-Only) See counts of user data octets received on the port during a particular session. SessionOctetsTx (Read-Only) See counts of octets of transmitted on the port during a particular session.
EAP Statistics Menu Screen Table 3-11 EAP Session Statistics Screen Field Descriptions (Continued) Use this field… To… Session User Name (Read-Only) See the user name associated with the PAE (Point of Access Entity). Port Number (Selectable) Select the port number to display the associated EAP Session Statistics. To select a port number, use the arrow keys to highlight the Port Number field.
EAP Statistics Menu Screen Screen Example Figure 3-12 EAP Authenticator Statistics Screen Total Frames Rx: Total Frames Tx: Start Frames Rx: Logoff Frames Rx: Response Id Frames Rx: Response Frames Rx: Request Id Frames Tx: Request Frames Tx: Invalid Frames Rx: Length Error Frames Rx: Port Number: [ 1] 0 0 0 0 0 0 0 0 0 0 Frame Version: Frame Source: CLEAR COUNTERS EXIT 0 00-00-00-00-00-00 RETURN 3783_06 Field Descriptions Refer to Table 3-12 for a functional description of each screen field.
EAP Statistics Menu Screen Table 3-12 EAP Authenticator Statistics Screen Field Descriptions (Continued) Use this field… To… Response Id Frames Rx (Read-Only) See counts of EAP response identification type frames received by the authenticator. Response Frames Rx (Read-Only) See counts of EAP response type frames received by the authenticator. Request Id Frames Tx (Read-Only) See counts of EAP request identification type frames transmitted by the authenticator.
EAP Statistics Menu Screen 3.11.3 EAP Diagnostic Statistics Screen When to Use To view port counters useful for EAP troubleshooting, including logoffs and timeouts while authenticating, and to view authorization failure messages from the authentication server. The counters on this screen refresh automatically. How to Access Use the arrow keys to highlight the EAP DIAGNOSTIC STATISTICS menu item on the EAP Statistics Menu screen and press ENTER. The EAP Diagnostic Statistics screen, Figure 3-13, displays.
EAP Statistics Menu Screen Field Descriptions Refer to Table 3-13 for a functional description of each screen field. Table 3-13 EAP Diagnostic Statistics Screen Field Descriptions Use this field… To… Enters Connecting (Read-Only) See counts of transitions to connecting state from any other state. Logoffs Connecting (Read-Only) See counts of transitions from connecting to disconnected state after an EAPOL logoff message.
EAP Statistics Menu Screen Table 3-13 EAP Diagnostic Statistics Screen Field Descriptions (Continued) Use this field… To… Reauths Authenticated (Read-Only) See counts of transitions from authenticated to connecting state due to a reauthentication request. Starts Authenticated (Read-Only) See counts of transitions from authenticated to connecting state due to a start from the supplicant (end-user requesting authentication).
MAC Port Configuration Screen Table 3-13 EAP Diagnostic Statistics Screen Field Descriptions (Continued) Use this field… To… Port Number (Selectable) Select the port number to display the associated EAP Diagnostic Statistics. To select a port number, use the arrow keys to highlight the Port Number field. Then step to the correct port number using the SPACE bar and press ENTER to display the associated port EAP Diagnostic Statistics.
MAC Port Configuration Screen Screen Example Figure 3-14 MAC Port Configuration Screen Port Authentication Port Initialize Force State Enable Port Reauth ----------------------------------------------------------------------------------------------1 authenticated [Enabled] [FALSE] [FALSE] 2 authenticated [Disabled] [FALSE] [FALSE] 3 unauthenticated [Enabled] [FALSE] [FALSE] 4 unauthenticated [Enabled] [FALSE] [FALSE] 5 authenticated [Enabled] [FALSE] [FALSE] 6 authenticated [Enabled] [FALSE] [FALSE] 7 a
MAC Supplicant Configuration Screen Table 3-14 MAC Port Configuration Screen Field Descriptions (Continued) Use this field… To… Initialize Port (Single Setting) Initialize the authentication status of the port. When this field is set to TRUE, the current authentication session is terminated, the port returns to its initial authentication status, and the field returns to FALSE. Force Reauth (Single Setting) Forces the revalidation of the MAC credential for the port.
MAC Supplicant Configuration Screen Screen Example Figure 3-15 MAC Supplicant Configuration Screen Port Duration MAC Initialize Reauthenticate (dd:hh:mm:ss) Address Supplicant Supplicant -----------------------------------------------------------------------------------------------------------1 00:12:23:58 nn-nn-nn-nn-nn-nn [FALSE] [FALSE] 2 54:02:56:00 nn-nn-nn-nn-nn-nn [FALSE] [FALSE] SAVE PREVIOUS NEXT EXIT RETURN 35281_93 Field Descriptions Refer to Table 3-15 for a functional description of e
MAC Supplicant Configuration Screen Table 3-15 MAC Supplicant Configuration Screen Field Descriptions (Continued) Use this field… To… Initialize Supplicant (Single Setting) Terminate the current session with a supplicant. When set to TRUE, the current session is terminated. It always displays a value of FALSE. Reauthenticate Supplicant (Single Setting) Force a revalidation of the MAC credential for the supplicant. When set to TRUE, the switch forces the revalidation.
4 Device Configuration Menu Screens This chapter describes the Device Configuration Menu screen and the following screens that can be selected: • General Configuration screen (Section 4.2) • SNMP Configuration Menu screen (Section 4.3) • SNMP Community Names Configuration screen (Section 4.4) • SNMP Traps Configuration screen (Section 4.5) • Access Control List screen (Section 4.6) • System Resources Information screen (Section 4.7) • FLASH Download Configuration screen (Section 4.
Device Configuration Menu Screen 4.1 DEVICE CONFIGURATION MENU SCREEN Screen Navigation Path Password > Device Menu > Device Configuration Menu When to Use To access a series of Local Management screens used to establish an Access Control List for SNMP to provide additional security, configure and monitor operating parameters, modify SNMP community names, set SNMP traps, configure switch parameters and configure the device ports.
Device Configuration Menu Screen Menu Descriptions Refer to Table 4-1 for a functional description of each menu item. Table 4-1 Device Configuration Menu Screen Menu Item Descriptions Menu Item Screen Function GENERAL CONFIGURATION Used to monitor and configure the device operating parameters. For details, refer to Section 4.2. SNMP CONFIGURATION MENU Used to access the SNMP Community Names Configuration, SNMP Traps Configuration, and Access Control List screens.
General Configuration Screen 4.2 GENERAL CONFIGURATION SCREEN When to Use To set the system date and time, IP address and subnet mask, the default gateway, and the TFTP gateway IP address. This screen can also be used to clear the NVRAM, set the screen refresh time, the screen lockout time, the IP fragmentation, the COM port configuration, and monitor the total time (uptime) that the device has been running.
General Configuration Screen Field Descriptions Refer to Table 4-2 for a functional description of each screen field. . Table 4-2 General Configuration Screen Field Descriptions Use this field… To… MAC Address (Read-Only) See the base physical address of the device. IP Address (Modifiable) See the IP address for the device. To set the IP address, refer to Section 4.2.1. The IP address can also be set through Runtime IP Address Discovery.
General Configuration Screen Table 4-2 General Configuration Screen Field Descriptions (Continued) Use this field… To… Device Time (Modifiable) Enter a new device time. To enter a new time, refer to Section 4.2.7. Screen Refresh Time (Modifiable) Enter a new device time. This setting determines how frequently (in seconds) information is updated on the screen. To enter the refresh time, refer to Section 4.2.8. Screen Lockout Time (Modifiable) Enter a new lockout time.
General Configuration Screen Table 4-2 General Configuration Screen Field Descriptions (Continued) Use this field… To… Clear NVRAM (Toggle) Reset NVRAM to the factory default settings. All user-entered parameters, such as IP address and Community Names, are then replaced with the device default configuration settings. For details, refer to Section 4.2.11. IP Fragmentation (Toggle) Enable or disable IP Fragmentation. The default setting for this field is ENABLED.
General Configuration Screen 4.2.1 Setting the IP Address To set the IP address, perform the following steps: 1. Use the arrow keys to highlight the IP Address field. 2. Enter the IP address into this field using Dotted Decimal Notation (DDN) format. For example: nnn.nnn.nnn.nnn 3. Press ENTER. If the IP address is a valid format, the cursor returns to the beginning of the IP address field. If the entry is not valid, the screen displays the message “INVALID IP ADDRESS OR FORMAT ENTERED”.
General Configuration Screen 4.2.2 Setting the Subnet Mask If the management workstation that is to receive SNMP traps from the device is located on a separate subnet, the subnet mask for the device may need to be changed from its default value. To change the subnet mask from its default, perform the following steps: 1. Use the arrow keys to highlight the Subnet Mask field. 2. Enter the subnet mask into this field using Dotted Decimal Notation (DDN) format. For example: 255.255.0.0 3. Press ENTER.
General Configuration Screen 4.2.3 Setting the Default Gateway If the SNMP management station is located on a different IP subnet than the device, a default gateway must be specified. When an SNMP Trap is generated, the device sends out an ARP request to the default gateway, which responds with its MAC address. The device then sends the trap using the IP address from the Trap Table and the MAC address of the default gateway. To set the default gateway, perform the following steps: 1.
General Configuration Screen 4.2.5 Setting the Module Name To set the module name, perform the following steps: 1. Use the arrow keys to highlight the Module Name field. 2. Enter the name of your system (maximum of 19 characters). 3. Press ENTER to set the name in the input field. 4. Use the arrow keys to highlight the SAVE command and press ENTER. The message “SAVED OK” displays on the screen. 4.2.
General Configuration Screen 4.2.7 Setting the Device Time To set the device time, perform the following steps: 1. Use the arrow keys to highlight the Device Time field. 2. Enter the time in this 24-hour format: HH:MM:SS NOTE: When entering the time in the system time field, separators between hours, minutes, and seconds are not needed as long as each entry uses two numeric characters. For example, to set the time to 6:45 P.M., type “184500” in the Device Time field. 3.
General Configuration Screen If the time entered is within the 1 to 30 minutes range, the message “SAVED OK” displays at the top of the screen. If the entry is not valid, Local Management does not alter the current setting, but it does refresh the Screen Lockout Time field with the previous value. 4.2.10 Configuring the COM Port Upon power up, the COM port is configured to the default settings of ENABLED and LM.
General Configuration Screen Figure 4-5 COM Port Warning WARNING THE COM PORT HAS BEEN RECONFIGURED AND THERE IS NO IP ADDRESS SET FOR THIS DEVICE. YOU WILL NO LONGER BE ABLE TO MANAGE THIS BOARD. DO YOU STILL WISH TO RECONFIGURE THIS COM PORT? YES NO 30691_12 3. Use the arrow keys to highlight YES. Press ENTER. 4. If the port was ENABLED, the message “SAVED OK” appears, and the edits are saved.
General Configuration Screen Table 4-3 COM Port Application Settings Setting Application LM Local Management Session UPS APC Power Supply SNMP Proxy 3. Press ENTER to accept the application. CAUTION: When the COM port is configured to perform the UPS application, all future Local Management connections must be made by establishing a Telnet connection to the device. Ensure that the device has a valid IP address before saving changes to the COM port application.
General Configuration Screen Figure 4-6 Clear NVRAM Warning WARNING YOU HAVE ELECTED TO CLEAR NVRAM. THIS WILL CLEAR ALL SYSTEM DEFAULTS INCLUDING BUT NOT LIMITED TO IP ADDRESS, INTERFACE CONFIGURATION, AND COM PORT CONFIGURATION, THEN REBOOT THIS DEVICE. ARE YOU SURE YOU WANT TO CLEAR NVRAM? YES NO 30691_13 5. To clear the NVRAM, use the arrow keys to select YES and press ENTER. The message “CLEARING NVRAM. REBOOT IN PROGRESS...” displays. The device clears NVRAM and reboots.
SNMP Configuration Menu Screen 4.3 SNMP CONFIGURATION MENU SCREEN Screen Navigation Path Password > Device Menu > Device Configuration Menu > SNMP Configuration Menu When to Use To provide access to the SNMP Community Names Configuration, SNMP Traps Configuration, and Access Control List screens. These screens are used to modify SNMP community names, set SNMP traps, and establish an Access Control List to provide additional security.
SNMP Community Names Configuration Screen Menu Descriptions Refer to Table 4-4 for a functional description of each menu item. Table 4-4 SNMP Configuration Menu Screen Menu Item Descriptions Menu Item Screen Function SNMP COMMUNITY NAMES CONFIGURATION Used to enter new, change, or review the community names used as access passwords for device management operation. Access is limited based on the password level of the user. For details, refer to Section 4.4.
SNMP Community Names Configuration Screen Screen Example Figure 4-8 SNMP Community Names Configuration Screen Community Name Access Policy public read-only public read-write public super-user SAVE RETURN EXIT 30691_15 NOTE: As typical in secure network environments, the community name fields are masked from view with asterisk (*). Field Descriptions Refer to Table 4-5 for a functional description of each screen field.
SNMP Community Names Configuration Screen Table 4-5 SNMP Community Names Configuration Screen Field Descriptions (Continued) Use this field… To… Access Policy (Read-Only) Indicate the access accorded each community name. The available access levels are as follows: 4.4.1 read-only This community name gives the user read-only access to the device MIB objects, and excludes access to security-protected fields of read-write or super-user authorization.
SNMP Traps Configuration Screen 4.5 SNMP TRAPS CONFIGURATION SCREEN When to Use To assign SNMP traps to eight different IP addresses. Since the device is an SNMP compliant device, it can send messages to multiple Network Management Stations to alert users of status changes. How to Access Use the arrow keys to highlight the SNMP TRAPS CONFIGURATION menu item on the SNMP Configuration Menu screen, and press ENTER. The SNMP Traps Configuration screen, Figure 4-9, displays.
SNMP Traps Configuration Screen Table 4-6 SNMP Traps Configuration Screen Field Descriptions Use this field… To… Trap Destination (Modifiable) Display/enter the IP address of the workstation to receive trap alarms. Up to eight different destinations can be defined. Trap Community Name (Modifiable) Display/enter the Trap Community Name included in the trap message along with the IP address of the Network Management Station to receive the trap alarm.
Access Control List Screen 4.6 ACCESS CONTROL LIST SCREEN When to Use To view, enable, or disable the Access Control List (ACL) and configure address filtering to provide additional security. This enables you to limiting user to the device according to their IP address. Up to 16 single IP addresses and/or range of addresses can be configured. To manage an ACL enabled device, the management station must be a member of the ACL and authenticated according to traditional SNMP rules.
Access Control List Screen Field Descriptions Refer to Table 4-7 for a functional description of each screen field. Table 4-7 Access Control List Screen Field Descriptions Use this field… To… Access Control Lists (Toggle) Enable or disable ACL to restrict SNMP/IP access to a limited number of IP addresses. This field toggles between ENABLED and DISABLED. DISABLED is the default setting.
Access Control List Screen Table 4-7 Access Control List Screen Field Descriptions (Continued) Use this field… To… Mask (Modifiable) Enter a mask value to establish an IP address range based on the IP address in the associated IP address field. For example, in the screen example in Figure 4-10, the IP address and Mask entries 182.15.2.1 and 255.255.0.0 sets the switch module to allow access to all users with addresses starting with 182.15.x.x (x = I don’t care.
Access Control List Screen The designated devices associated with the IP addresses in the ACL will now be the only ones to have remote access to Local Management. Access to Local Management using the COM port is not affected. Entering Ranges of Addresses 1. Use the arrow keys to highlight one of the place holders (0.0.0.0) under IP Addresses. 2. Enter the IP address of a device that you want to have access to Local Management using the following format: nnn.nnn.nnn.
Access Control List Screen The designated devices associated with the range of IP addresses in the ACL will now have remote access to Local Management. Access to Local Management using the COM port is not affected. 4.6.2 Enable/Disable ACL To just enable or disable ACL, proceed as follows: 1. Use the arrow keys to highlight the Access Control Lists field. 2. Press the SPACE bar to toggle the field to either ENABLED or DISABLED. 3. Press ENTER. 4.
System Resources Information Screen 4.7 SYSTEM RESOURCES INFORMATION SCREEN When to Use To monitor the current switch utilization and the peak switch utilization. This screen provides information concerning the processor used in the device and the amount of FLASH memory, DRAM, and NVRAM that is installed and how much of that memory is available. How to Access Use the arrow keys to highlight the SYSTEM RESOURCES INFORMATION menu item on the Device Configuration Menu screen, and press ENTER.
System Resources Information Screen Field Descriptions Refer to Table 4-8 for a functional description of each screen field. Table 4-8 System Resources Information Screen Field Descriptions Use this field… To… CPU Type (Read-Only) See which microprocessor is used in the device. Flash Memory Installed (Read-Only) See the amount of FLASH memory that is installed in the device and how much is currently available.
FLASH Download Configuration Screen 4.8 FLASH DOWNLOAD CONFIGURATION SCREEN When to Use To perform the following: • Download a new firmware image file from a TFTP server to the device, • Download a configuration file from a TFTP server to the device, or • Upload the configuration file from the device to a TFTP server. NOTE: You can also force an image download by changing the position of Switch 6 located inside the device. Use this as a last resort as it involves removing the cover from the device.
FLASH Download Configuration Screen How to Access Use the arrow keys to highlight the FLASH DOWNLOAD CONFIGURATION menu item on the Device Configuration Menu screen, and press ENTER. The Flash Download Configuration screen, Figure 4-12, displays. Screen Example Figure 4-12 Flash Download Configuration Screen Download Method: Reboot After Download: [YES] TFTP Gateway IP Addr: nnn.nnn.nnn.nnn Download Server IP: nnn.nnn.nnn.nnn Download File Name: /tftpboot/SS2200.fls Last Image Server IP: nnn.
FLASH Download Configuration Screen Field Descriptions Refer to Table 4-9 for a functional description of each screen field. Table 4-9 Flash Download Configuration Screen Field Descriptions Use this field… To… Download Method (Selectable) Select a method (RUNTIME, DOWNLOAD CONFIG, or UPLOAD CONFIG) to download (receive) an image file from a TFTP server, or upload (transmit) or download a configuration file to/from a TFTP server.
FLASH Download Configuration Screen Table 4-9 Flash Download Configuration Screen Field Descriptions (Continued) Use this field… To… Reboot After Download (Toggle) Set the device so it will either reboot or not reboot after completing the download of an image. This field toggles between YES and NO, when the Download Method field is set to RUNTIME. If YES is selected, the device reboots after the download is completed.
FLASH Download Configuration Screen 4.8.1 Image File Download Using Runtime To download a firmware image file to the device using Runtime, proceed as follows: 1. Use the arrow keys to highlight the Reboot After Download field. 2. Use the SPACE bar to select either YES or NO. Select YES if you want the device to reboot after the download is completed. Select NO if you want the device to store the new image in FLASH memory until the device is reset or during the next power-up. 3.
FLASH Download Configuration Screen 3. Use the arrow keys to highlight the TFTP Gateway IP Addr field. 4. Set the IP address of the TFTP gateway (this defaults to the same IP address as that set in the TFTP Gateway IP Addr field on the General Configuration screen). 5. Use the arrow keys to highlight the Download Server IP field. 6. Enter the IP address of the TFTP server using the DDN format. For example: nnn.nnn.nnn.nnn 7. Use the arrow keys to highlight the Download File Name field. 8.
FLASH Download Configuration Screen 9. Use the arrow keys to highlight EXECUTE at the bottom of the screen and press ENTER. The message “UPLOAD CONFIGURATION IN PROGRESS” displays in the event message line at the top of the screen and the device configuration file is uploaded to the TFTP server. NOTE: The uploading of Passwords can be disabled in the case of sensitive environments. If this capability is enabled, no passwords will be saved to the configuration file.
5 Port Configuration Menu Screens This chapter describes the Port Configuration Menu screen and the following screens that can be selected: • Ethernet Interface Configuration screen (Section 5.2) • Ethernet Port Configuration screen (Section 5.3) • HSIM/VHSIM Configuration screen (Section 5.4) • Redirect Configuration Menu screen (Section 5.5) • Port Redirect Configuration screen (Section 5.6) • VLAN Redirect Configuration screen (Section 5.
Port Configuration Menu Screen 5.1 PORT CONFIGURATION MENU SCREEN When to Use To select screens to perform port configuration tasks on the switch device. How to Access Use the arrow keys to highlight the PORT CONFIGURATION MENU item on the Device Configuration Menu screen and press ENTER. The Port Configuration Menu screen, Figure 5-1, displays. The list of menu items is dependent on the Aggregation (Agg) Mode selected in the General Configuration screen described in Section 4.2.
Port Configuration Menu Screen Figure 5-2 Port Configuration Menu Screen (in Agg Mode, IEEE8023ad) ETHERNET INTERFACE CONFIGURATION HSIM/VHSIM CONFIGURATION REDIRECT CONFIGURATION MENU LINK AGGREGATION MENU BROADCAST SUPPRESSION CONFIGURATION EXIT RETURN 3650_13 Menu Descriptions Refer to Table 5-1 for a functional description of each menu item.
Ethernet Interface Configuration Screen Table 5-1 Port Configuration Menu Screen Menu Item Descriptions (Continued) Menu Item Screen Function SMARTTRUNK CONFIGURATION Used to logically group interfaces together to permit aggregation of multiple links. This menu item appears when the Agg Mode field is set to “HUNTGROUP” in the General Configuration screen. Refer to the SmartTrunk User’s Guide for information about how to access and use the SmartTrunk screens.
Ethernet Interface Configuration Screen Screen Example Figure 5-3 Ethernet Interface Configuration Screen Intf Port PortType Link Speed Duplex Config FDX FC HDX FC 1 2 3 4 5 6 7 8 9 10 11 12 1 1 1 1 1 1 1 1 1 1 1 1 FE-100TX FE-100TX FE-100TX FE-100TX FE-100TX FE-100TX FE-100TX FE-100TX FE-100TX FE-100TX FE-100TX FE-100TX No Link No Link No Link No Link Link No Link No Link Link Link Link Link Link 100 10 100 10 10 100 100 100 100 100 100 100 Full Half Full Half Full Full Full Half Full Full
Ethernet Interface Configuration Screen Table 5-2 Ethernet Interface Configuration Screen Field Descriptions (Continued) Use this field… To… Link (Read-Only) See whether or not there is a physical connection from the port to another device. One of the following values is displayed: Link – There is a link signal present and a valid physical connection to another device. No Link – There is no link signal present and there is no valid physical connection to another device.
Ethernet Port Configuration Screen Table 5-2 Ethernet Interface Configuration Screen Field Descriptions (Continued) Use this field… To… HDX FC (Read-Only) See the current half duplex flow control setting. Half duplex flow control, also known as back pressure, is a collision based flow control mechanism used in half duplex configurations. The port will display On, Off, or NA. NA is displayed when the port does not support flow control. 5.
Ethernet Port Configuration Screen How to Access Use the arrow keys to highlight the desired Ethernet port from the Ethernet Interface Configuration screen and press ENTER. The Ethernet Port Configuration screen, Figure 5-4, displays for the selected port.
Ethernet Port Configuration Screen Table 5-3 Ethernet Port Configuration Screen Field Descriptions Use this field… To… Interface (Read-Only) See the Interface number. Physical Port (Read-Only) See the number of the physical port on the interface. Default Speed (Selectable) See the current operational speed in Mbps. Display options are 10, 100, and 1000. If Auto-Negotiation is disabled for the port, then the port defaults to operate in the setting displayed.
Ethernet Port Configuration Screen Table 5-3 Ethernet Port Configuration Screen Field Descriptions (Continued) Use this field… To… Advertised Ability (Selectable) Select the port advertised mode of operation. In normal operation, with all capabilities enabled, the port “advertises” that it has the ability to operate in any mode. The user may choose to set up the port so that only a portion of the available capabilities are advertised and the others are disabled.
Ethernet Port Configuration Screen Table 5-3 Ethernet Port Configuration Screen Field Descriptions (Continued) Use this field… To… Full Duplex Flow Control (Selectable) Set the flow control feature on each port for a specific mode. The choices are as follows: Symmetric – the port operates in Symmetric mode, causing the port to interpret received PAUSE frames and allow the port to transmit PAUSE frames when necessary at any speed connection.
Ethernet Port Configuration Screen 5.3.1 Selecting Field Settings All selectable or toggle fields other than Advertised Ability can be changed by following this procedure: 1. Use the arrow keys to highlight the field to be changed. 2. Use the SPACE bar or BACKSPACE key to step or toggle through the selections. 3. Press the ENTER key when the desired selection is displayed. 4. Use the arrow keys to highlight the SAVE command at the bottom of the screen. Press ENTER.
HSIM/VHSIM Configuration Screen 5.4 HSIM/VHSIM CONFIGURATION SCREEN When to Use To configure an optional HSIM or VHSIM. NOTE: The HSIM/VHSIM Configuration menu item can only be selected when a non-Ethernet HSIM or VHSIM is installed in the switch device. The applicable setup screen for that interface displays. This only applies to HSIMs and VHSIMs that can support WAN, FDDI or ATM. Refer to the appropriate HSIM or VHSIM user’s guide to set its operating parameters.
Redirect Configuration Menu Screen Screen Example Figure 5-5 Redirect Configuration Menu Screen PORT REDIRECT CONFIGURATION VLAN REDIRECT CONFIGURATION EXIT RETURN 30691_23 Menu Descriptions Refer to Table 5-4 for a functional description of each menu item.
Port Redirect Configuration Screen 5.6 PORT REDIRECT CONFIGURATION SCREEN When to Use To redirect frames in the switch device from one source port to one or more destination ports or from one or more source ports to one destination port. Frames received on the source port can be redirected and transmitted in the frame format in which they are received (normal) or they can be redirected with a VLAN Tag (TAGGED) or without a VLAN Tag (UNTAGGED).
Port Redirect Configuration Screen How to Access Use the arrow keys to highlight the PORT REDIRECT CONFIGURATION menu item on the Redirect Configuration Menu screen and press ENTER. The Port Redirect Configuration screen, Figure 5-6, displays.
Port Redirect Configuration Screen Table 5-5 Port Redirect Configuration Screen Field Descriptions (Continued) Use this field… To… Frame Format (Read-Only) See the current frame format setting: NORMAL, TAGGED, or UNTAGGED. The default is NORMAL. NORMAL – Frames are redirected in the format that they were received or transmitted on the source port. TAGGED – Frames are transmitted on the destination port with a VLAN tag inserted according to the frame classification.
Port Redirect Configuration Screen 5.6.1 Changing Source and Destination Ports To add or delete source port and destination port entries and set the Frame Format and Redirect Errors functions, proceed as follows: 1. Use the arrow keys to highlight the Source Port field near the bottom of the screen. 2. Press the SPACE bar or BACKSPACE key one or more times to increment or decrement the port number displayed in the brackets [n] until the appropriate port number displays. 3.
VLAN Redirect Configuration Screen 11.Use the arrow keys to highlight SAVE at the bottom of the screen. Press ENTER. The message “SAVED OK” displays. This saves the new settings and updates the Source Port and Destination Port read-only fields. 5.7 VLAN REDIRECT CONFIGURATION SCREEN When to Use To select a source VLAN ID and a destination port. For example, VLAN ID 1 can be set as the source VLAN with port 2 as the destination port.
VLAN Redirect Configuration Screen How to Access Use the arrow keys to highlight the VLAN REDIRECT CONFIGURATION menu item on the Redirect Configuration Menu screen and press ENTER. The VLAN Redirect Configuration screen, Figure 5-7, displays.
VLAN Redirect Configuration Screen Field Descriptions Refer to Table 5-6 for a functional description of each screen field. Table 5-6 VLAN Redirect Configuration Screen Field Descriptions Use this field… To… Source VLAN (Read-Only) See the VLAN ID of the VLANs that are currently set as source VLANs. Destination Port (Read-Only) See which ports are currently set as destination ports. (Multiple VLANs may be assigned to a destination port.
VLAN Redirect Configuration Screen 5.7.1 Changing Source VLAN and Destination Ports To add or delete source VLAN and destination port entries and set the Frame Format, proceed as follows: 1. Use the arrow keys to highlight the Source VLAN field near the bottom of the screen. 2. Type in the VLAN ID number of the source VLAN to be configured. 3. Use the arrow keys to highlight the Destination Port field near the bottom of the screen. 4.
Link Aggregation Menu Screen (802.3ad Main Menu Screen) 5.8 LINK AGGREGATION MENU SCREEN (802.3ad MAIN MENU SCREEN) Screen Navigation Path Password > Device Menu > Device Configuration Menu > Port Configuration Menu > Link Aggregation Menu CAUTION: These screens should be used only by personnel who are knowledgeable about Spanning Tree and Link Aggregation and fully understand the ramifications of modifications beyond defaults. Otherwise, the proper operation of the network could be at risk.
Link Aggregation Menu Screen (802.3ad Main Menu Screen) Ports that are attached to an aggregator will enter a Spanning Tree state of AGGREGATING on the Spanning tree screens, just as they do when manually placed in a trunk. In this implementation, the concept of an aggregator is for a non-aggregated port to attach to, although this aggregator doesn’t exist in any real sense. A port that is not a member of an aggregation will be displayed in LM as attached to a non-existent aggregation.
Link Aggregation Menu Screen (802.3ad Main Menu Screen) Link Aggregation It is desirable to have a way to use multiple interswitch links simultaneously to increase interswitch bandwidth. This can be done if both sides agree on a set of ports that are being used as an interswitch link called a “Trunk.” As long as both switches agree on which ports are in this trunk, there are no problems with looping, and the Spanning Tree can treat this trunk as a single port.
Link Aggregation Menu Screen (802.3ad Main Menu Screen) Screen Example Figure 5-8 802.
Link Aggregation Menu Screen (802.3ad Main Menu Screen) Menu Descriptions Refer to Table 5-7 for a functional description of each menu item. Table 5-7 802.3ad Main Menu Screen Menu Item Descriptions Menu Item Screen Function PORT Used to access the 802.3ad Port screen, described in Section 5.8.1, to view port instances and to access the 802.3ad Port Details screen, described in Section 5.8.1.1, and the port Statistics screen, described in Section 5.8.1.2. AGGREGATOR Used to access the 802.
Link Aggregation Menu Screen (802.3ad Main Menu Screen) How to Access Use the arrow keys to highlight the PORT menu item in the Link Aggregation Menu (802.3ad Main Menu) screen, described in Section 5.8, and press ENTER. The 802.3ad Port screen, Figure 5-9, displays. Screen Example Figure 5-9 802.
Link Aggregation Menu Screen (802.3ad Main Menu Screen) Table 5-8 802.3ad Port Screen Field Descriptions Use this field… To… Port (Read-Only) View the port number, which correlates to the port numbers in other screens. Aggregator (Read-Only) View the instance of the aggregator and the attached port. If the aggregator instance matches the port instance then the port is not aggregating with any other port. OperKey (Read-Only) View operation key of the port.
Link Aggregation Menu Screen (802.3ad Main Menu Screen) 5.8.1.1 802.3ad Port Details Screen When to Use To view and configure all the port-related LACP parameters of any port instance shown in the 802.3ad Port screen described back in Section 5.8.1. How to Access Use the arrow keys to highlight the line with the port of interest to display the details about that port and press ENTER. The 802.
Link Aggregation Menu Screen (802.3ad Main Menu Screen) Field Descriptions Refer to Table 5-9 for a functional description of each screen field. Table 5-9 802.3ad Port Details Screen Field Descriptions Use this field… To… Port Instance (Read-Only) See the port number, which correlates to the port numbers in other screens. ActorSystemPriority (Modifiable) Set the system priority associated with this port for use used in the construction of the LAG ID of the port.
Link Aggregation Menu Screen (802.3ad Main Menu Screen) Table 5-9 802.3ad Port Details Screen Field Descriptions (Continued) Use this field… To… PartnerAdminSysID Set a default value to use for PartnerAdminSysID when no protocol partner is available. (Modifiable) ActorAdminState (hex) (Modifiable) Set the administrative value for this port’s Actor_State. Allows administrative control over the values of LACP_Activity, LACP_Timeout and Aggregation.
Link Aggregation Menu Screen (802.3ad Main Menu Screen) Table 5-9 802.3ad Port Details Screen Field Descriptions (Continued) Use this field… To… ActorOperState The current (operational) value of the port’s Actor_State. The hex value is displayed as well as the individual bit fields. The fields are as follows. (Read-Only) bit 0 LACP_Activity, 1 indicates Active, 0 indicates passive. If a port is Active, it will always transmit LACP PDUs.
Link Aggregation Menu Screen (802.3ad Main Menu Screen) Table 5-9 802.3ad Port Details Screen Field Descriptions (Continued) Use this field… To… ActorOperState bit 5 Distributing, 1 indicates that we are Distributing. (Read-Only) (Continued) “Distributing” means that a port is ready to transmit traffic. If Distributing is true a ‘D’ is displayed, otherwise a ‘-’ is displayed in this bit position. bit 6 Defaulted, 1 indicates that we have deFaulted.
Link Aggregation Menu Screen (802.3ad Main Menu Screen) Table 5-9 802.3ad Port Details Screen Field Descriptions (Continued) Use this field… To… LAGID (Read-Only) See the complete link aggregation group identifier for the port. Ports with identical LAGIDs will be connected to the same aggregator. The various PartnerAdmin values are copied into the corresponding PartnerOper fields when no protocol partner is present (see RecordDefault in the AD spec).
Link Aggregation Menu Screen (802.3ad Main Menu Screen) 5.8.1.2 802.3ad Port Statistics Screen When to Use To view all the port-related LACP parameters about a port instance shown in the 802.3ad Port Details screen described back in Section 5.8.1.1. How to Access Use the arrow keys to highlight the STATS command in the 802.3ad Port Details screen and press ENTER. The 802.3ad Port Statistics screen (Figure 5-11) displays.
Link Aggregation Menu Screen (802.3ad Main Menu Screen) Table 5-10 802.3ad Port Statistics Screen Field Descriptions Use this field… To… Port Instance (Read-Only) See a unique number used to identify this port. This corresponds to the port numbering scheme seen in other screens. LACPDUsRx (Read-Only) See the number of valid Marker PDUs that this Aggregation Port can receive. IllegalRx (Read-Only) See the number of received frames carrying the Slow Protocol’s Ethernet Type value (34B.
Link Aggregation Menu Screen (802.3ad Main Menu Screen) Table 5-10 802.3ad Port Statistics Screen Field Descriptions (Continued) Use this field… To… LastRxTime(delta) (Read-Only) See the amount of time since the last LACP PDU has been received on this port. ActorChurnState (Read-Only) See the state of the Actor Churn state machine for this port. Values can be noChurn, churn, or churnMonitor. Churn indicates that the port is unable to find an aggregator to attach to.
Link Aggregation Menu Screen (802.3ad Main Menu Screen) 5.8.2 802.3ad Aggregator Screen When to Use To see a summary of all the available aggregators and other basic information, including the aggregator interface instance, operational key, system priority, and the number of ports currently attached to the aggregator. How to Access Use the arrow keys to highlight the AGGREGATOR menu item in 802.3ad Main Menu screen and press ENTER. The 802.3ad Aggregator screen, Figure 5-12, displays.
Link Aggregation Menu Screen (802.3ad Main Menu Screen) Table 5-11 802.3ad Aggregator Screen Field Descriptions Use this field… To… AggInst (Read-Only) See dot3adAggIndex, a unique number that identifies this aggregator. OperKey (Read-Only) See dot3adAggActorOperKey, the associatedoperational key value. SysPri (Read-Only) See dot3adAggActorSystemPriority, the priority value associated with this aggregator. NumPorts (Read-Only) See the number of ports that are currently attached to this aggregator.
Link Aggregation Menu Screen (802.3ad Main Menu Screen) 5.8.2.1 802.3ad Aggregator Details Screen When to Use To see the current parameter details of the Aggregator Instance selected on the 802.3ad Aggregator screen described in Section 5.8.2. How to Access Use the arrow keys to highlight the line containing the Aggregator of interest on the 802.3ad Aggregator screen and press ENTER. The 802.3ad Aggregator Details screen, Figure 5-13, displays. Screen Example Figure 5-13 802.
Link Aggregation Menu Screen (802.3ad Main Menu Screen) Table 5-12 802.3ad Aggregator Details Screen Field Descriptions Use this field… To… Aggregator Instance See the instance of the aggregator being viewed. The instance is a numerical value used to uniquely identify an aggregator in a system and matches the aggregator’s logical port number. Actor System Identifier See the System associated with the aggregator. (Read-Only) System Priority See the system priority value of this aggregator.
Link Aggregation Menu Screen (802.3ad Main Menu Screen) 5.8.3 802.3ad System Screen When to Use To see basic system-level information, such as System Identifier, Number of Ports and Number of Aggregators. How to Access Use the arrow keys to highlight the SYSTEM menu item in 802.3ad Main Menu screen and press ENTER. The 802.3ad System screen, Figure 5-14, displays. Screen Example Figure 5-14 802.
Broadcast Suppression Configuration Screen Table 5-13 802.3ad System Screen Field Descriptions Use this field… To… System Identifier (Read-Only) See the uniquely identified system-to-protocol partner. Number of Ports (Read-Only) See the number of ports that are participating in 802.3ad on this switch. Number of Aggregators (Read-Only) See the number of aggregators that exist on this switch. 5.
Broadcast Suppression Configuration Screen Screen Example Figure 5-15 Broadcast Suppression Configuration Screen Total RX Peak Rate Time Since Peak Threshold Reset Peak 1 12345678910 150000 999:23:59 150000 [NO] 2 12345678910 150000 999:23:59 150000 [NO] 3 12345678910 150000 999:23:59 150000 [NO] 4 12345678910 150000 999:23:59 150000 [NO] 5 12345678910 150000 999:23:59 150000 [NO] 6 12345678910 150000 999:23:59 150000 [NO] 7 12345678910 150000 999:23:59 150000
Broadcast Suppression Configuration Screen Table 5-14 Broadcast Suppression Configuration Screen Field Descriptions (Continued) Use this field… To… Peak Rate (Read-Only) See the highest number of broadcast frames received in a one-second interval. Time Since Peak (Read-Only) See the time since peak rate was achieved. Threshold (Modifiable) Set the desired limit of receive broadcast frames that will be forwarded per port per second. For details on how to set the threshold, refer to Section 5.9.1.
6 802.1 Configuration Menu Screens This chapter discusses the Enterasys Networks Rapid Reconvergence Spanning Tree implementation as well as the implementation of IEEE 802.3ad. The following screens are discussed: • 802.1 Configuration Menu screen (Section 6.1) • 802.3ad Configuration screens (Chapter 5) • Spanning Tree Configuration Menu screen (Section 6.2) • Spanning Tree Configuration screen (Section 6.3) • Spanning Tree Port Configuration screen (Section 6.
802.1 Configuration Menu Screen 6.1 802.1 CONFIGURATION MENU SCREEN When to Use To access the Spanning Tree Configuration Menu, 802.1Q VLAN Configuration Menu, or 802.1p Configuration Menu screen. How to Access Use the arrow keys to highlight the 802.1 CONFIGURATION MENU item on the Device Configuration Menu screen and press ENTER. The 802.1 Configuration Menu screen, Figure 6-1, displays. Screen Example Figure 6-1 802.1 Configuration Menu Screen SPANNING TREE CONFIGURATION MENU 802.
802.1 Configuration Menu Screen Menu Descriptions Refer to Table 6-1 for a functional description of each menu item. Table 6-1 802.1 Configuration Menu Screen Menu Item Descriptions Menu Item Screen Function SPANNING TREE CONFIGURATION MENU Used to select the Spanning Tree Configuration and Spanning Tree Port Configuration screens. These screens are used for the following functions: • Create a separate Spanning Tree topology for each VLAN configured in the SmartSwitch device.
Spanning Tree Configuration Menu Screen 6.2 SPANNING TREE CONFIGURATION MENU SCREEN CAUTION: These screens should be used only by personnel who are very knowledgeable about Spanning Trees and how to develop them. Otherwise, the proper operation of the network could be at risk. Screen Navigation Path Password > Device Menu > Device Configuration Menu > 802.
Spanning Tree Configuration Screen Menu Descriptions Refer to Table 6-2 for a functional description of each menu item. Table 6-2 Spanning Tree Configuration Menu Screen Menu Item Screen Function SPANNING TREE CONFIGURATION Used to create a Per VLAN Spanning Tree (PVST) instance for each VLAN currently configured on the switch. For details about the Spanning Tree Port Configuration screen, refer to Section 6.3. SPANNING TREE PORT CONFIGURATION PVST PORT CONFIGURATION 6.
Spanning Tree Configuration Screen Screen Example Figure 6-3 Spanning Tree Configuration Screen Spanning Tree Configuration VLAN AgeTime Priority VLAN AgeTime Priority 1 300 32768 2 300 32768 Current STP Mode: [ IEEE ] VLAN: 2 Operation: [ Add ] SAVE ADD ALL CONFIGURED VLAN EXIT RETURN 3650_04-2 Field Descriptions Refer to Table 6-3 for a functional description of each screen field.
Spanning Tree Configuration Screen Table 6-3 Spanning Tree Configuration Screen Use this field… To… Current STP Mode (Selectable) Select the current STP mode using the SPACE bar. You can select one of the following: IEEE, PVSTP, NONE, and DEC. The default setting is IEEE. It is recommended that all switches in the network be configured for the same STP mode setting. IEEE = 802.1w Spanning Tree protocol – A single spanning tree for the entire network. Redundant links are placed in standby mode.
Spanning Tree Configuration Screen 6.3.1 Configuring a VLAN Spanning Tree To configure a VLAN Spanning Tree, proceed as follows: 1. Use the arrow keys to highlight the Current STP Mode field near the bottom of the screen. 2. Use the SPACE bar to select one of the following: IEEE, PVSTP, NONE, and DEC. The default setting is IEEE. 3. Use the arrow keys to highlight the VLAN field near the bottom of the screen. 4. Type in the number of the VLAN that you want to add or delete from the Spanning Tree.
Spanning Tree Port Configuration Screen 6.4 SPANNING TREE PORT CONFIGURATION SCREEN CAUTION: This screen should be used only by personnel who are very knowledgeable about Spanning Trees and how to develop them. Otherwise, the proper operation of the network could be at risk. When to Use To view the switch address of the selected STP VLAN ID, its VLAN age time, the total number of ports, and the current MAC Address of a switch residing of each port.
Spanning Tree Port Configuration Screen Field Descriptions Refer to Table 6-4 for a functional description of each screen field. Table 6-4 Spanning Tree Port Configuration Screen Use this field… To… Port # (Read-Only) See the port numbers of each link associated with the STP VLAN ID selected in the STP VLAN ID field. MAC Address (Read-Only) See the Mac address of the switch residing of each port.The first MAC Address is always associated with the VLAN ID selected in the STP VLAN ID field.
PVST Port Configuration Screen 6.4.1 Enabling/Disabling the Default Spanning Tree Ports CAUTION: The Spanning Tree configuration should be done only by personnel who are very knowledgeable about Spanning Trees and how to develop them. Otherwise, the proper operation of the network could be at risk. Ports associated with the Default STP VLAN can be enabled or disabled, as follows: 1. To enable or disable a port, use the arrow keys to highlight the Status field associated with that port. 2.
PVST Port Configuration Screen Screen Example Figure 6-5 PVST Port Configuration Screen Port #: Corresponding ifIndex: Corresponding ifDescr: Port Designated Root: Port Designated Bridge: Port Priority: Port State: Port Enable: Port Path Cost: SAVE 128 blocking enabled 100 1 1 Fast Ethernet Frontpanel 80-00-00-00-1D-E6-71-08 80-00-00-00-1D-E6-71-08 Port Designated Cost: Port Designated Port: Port Forward Transmissions: STP Vlan ID: SAVE TO ALL 0 80.
PVST Port Configuration Screen Table 6-5 PVST Port Configuration Screen Field Descriptions Use this field… To… Port Priority (Modifiable) View the value of the priority portion of the port ID. Port Designated Cost (Read-Only) View the path cost of the designated port of this port’s segment. Port State (Read-Only) View the current Spanning Tree state of this port. Port Designated Port (Read-Only) View the port id of the port on the designated bridge for this port’s segment.
7 802.1Q VLAN Configuration Menu Screens NOTE: It is strongly recommended that you read Chapter 12 to gain an understanding of VLANs and the associated terminology; how to use the VLAN Configuration screens to create VLANs; examples of how to configure VLANs in switches to solve a problem; and details on how frames are handled as they travel through the network. This chapter describes the 802.1Q VLAN Configuration Menu screen (Section 7.
Summary of VLAN Local Management 7.1 SUMMARY OF VLAN LOCAL MANAGEMENT The VLAN configuration process is an extension of normal Local Management operations. A series of Local Management screens provides access to the functions and commands necessary to add, change, or delete VLANs and to assign ports to those VLANs. The VLAN configuration screens are a standard part of the Local Management hierarchy when the switch is configured to operate in 802.1Q Mode.
802.1Q VLAN Configuration Menu Screen To configure the switch for VLAN operation, proceed as follows: • Access Local Management as described in Chapter 3. • Perform all required initial setup operations. • Navigate to the 802.1Q VLAN Configuration Menu screen to begin the VLAN configuration process for the switch. 7.2 802.
802.1Q VLAN Configuration Menu Screen How to Access Use the arrow keys to highlight the 802.1Q VLAN CONFIGURATION MENU item on the 802.1 Configuration Menu screen and press ENTER. The 802.1Q VLAN Configuration Menu screen, Figure 7-2, displays. Screen Example Figure 7-2 802.1Q VLAN Configuration Menu Screen STATIC VLAN CONFIGURATION CURRENT VLAN CONFIGURATION VLAN PORT CONFIGURATION VLAN CLASSIFICATION CONFIGURATION EXIT RETURN 30691_32 7-4 802.
802.1Q VLAN Configuration Menu Screen Menu Descriptions Refer to Table 7-1 for a functional description of each menu item. Table 7-1 802.1Q VLAN Configuration Menu Screen Menu Item Descriptions Menu Item Screen Function STATIC VLAN CONFIGURATION Used to view, add, name, enable, or disable static VLANs within the SmartSwitch device, and also display the Filter Database ID (FDB ID) associated with each VLAN. This screen also allows you to access the Static VLAN Egress Configuration screen.
Static VLAN Configuration Screen Table 7-1 802.1Q VLAN Configuration Menu Screen Menu Item Descriptions (Continued) Menu Item Screen Function VLAN CLASSIFICATION CONFIGURATION Used to display the current entries of VLAN ID (VID), protocol classification, and description of each classification; assign VLANs according to Classification rules; add/delete a VID and associated classification entry; and access the Protocol Port Configuration screen. Refer to Section 7.8 for additional information. 7.
Static VLAN Configuration Screen Screen Example Figure 7-3 Static VLAN Configuration Screen VLAN ID FDB ID VLAN Name 1 1 Default VLAN 2 2 Engineering VLAN ID: 1 ADD VLAN Name: [ Default VLAN ] DEL MARKED NEXT EXIT RETURN 30691_33 Field Descriptions Refer to Table 7-2 for a functional description of each screen field. Refer to Section 7.3.1 through Section 7.3.5 for the application of these fields.
Static VLAN Configuration Screen Table 7-2 Static VLAN Configuration Screen Field Descriptions (Continued) Use this field… To… VLAN Name – top of screen (Read-Only) See the VLAN Name of the associated VLAN ID. If a name has not been assigned to a VLAN, no name is displayed in the VLAN Name field. VLAN ID – bottom of screen (Modifiable) Enter a VLAN ID (VID) number (2 to 4094) for the new VLAN. Up to 1024 VLANs are supported by the SmartSwitch device.
Static VLAN Configuration Screen 4. Use the arrow keys to highlight the VLAN Name field. 5. Type a name of up to 32 ASCII characters in the VLAN Name field. This is an optional attribute and is not required for VLAN operation. 6. Press ENTER. 7. Use the arrow keys to highlight the ADD field near the bottom of the screen. 8. Press ENTER. If the VLAN is successfully created, the screen refreshes and shows the newly created VLAN.
Static VLAN Configuration Screen 7.3.4 Deleting a Static VLAN To delete a VLAN from the VLAN list, proceed as follows: 1. Use the arrow keys to highlight the line containing the VLAN ID, FDB ID, and VLAN Name information. The following message is displayed at the top of the screen: “Hit key to edit port list, or to mark.” NOTE: The default VLAN cannot be deleted from the list. 2. Press the M (not case sensitive) key, and an asterisk (*) appears to the left of the highlighted line.
Static VLAN Egress Configuration Screen 7.4 STATIC VLAN EGRESS CONFIGURATION SCREEN When to Use To set the type of egress (tag status) for each or all ports associated with a VLAN selected from the Static VLAN Configuration screen. The ports can be set using the following selections: • UNTAGGED – sets the port to transmit frames without a tag header. This setting is usually set to configure a port connected to an end user device.
Static VLAN Egress Configuration Screen Field Descriptions Refer to Table 7-3 for a functional description of each screen field. Table 7-3 Static VLAN Egress Configuration Screen Field Descriptions Use this field… To… VLAN ID (Read-Only) See the VLAN ID of the VLAN selected in the Static VLAN Configuration screen. FDB ID (Read-Only) See the Filter Database ID (FDB ID) number associated with the VLAN ID. VLAN Name (Read-Only) See the VLAN Name associated with the VLAN ID.
Static VLAN Egress Configuration Screen 7.4.1 Setting Egress Types on Ports The following procedures describe how to assign the egress type to one or more ports, or set one egress type to all ports simultaneously. Setting the Egress Type on One or More Ports Individually 1. Use the arrow keys to highlight the Egress field adjacent to the Port number. The port type is displayed (i.e., Fast Ethernet Frontpanel, Gigabit Ethernet VHSIM, etc.) at the top of the screen. 2.
Current VLAN Configuration Screen 7.4.2 Displaying the Next Group of Ports Up to 32 ports can be displayed on the screen. If there are more than 32 ports associated with the VLAN, additional screens will contain the additional list of ports. NOTE: The NEXT and PREVIOUS fields will only display if there are further egress lists to page through. To display the additional port settings that do not display in the current screen, use the NEXT or PREVIOUS commands, as follows: 1.
Current VLAN Configuration Screen Screen Example Figure 7-5 Current VLAN Configuration Screen VLAN ID FDB ID VLAN Type Ports On Egress 1 1 Static Yes 2 Static No 2 EXIT RETURN 30691_35 Field Descriptions Refer to Table 7-4 for a functional description of each screen field. NOTE: These fields are read-only fields, however, highlighting a line using the arrow keys and pressing ENTER causes the Current VLAN Egress Configuration screen to display.
Current VLAN Egress Configuration Screen Table 7-4 Current VLAN Configuration Screen Field Descriptions (Continued) Use this field… To… Ports On Egress (Read-Only) See if the ports associated with each VLAN are on the egress list. 7.6 CURRENT VLAN EGRESS CONFIGURATION SCREEN When to Use To see the egress settings of all ports associated with the VLAN ID selected from the Current VLAN Configuration screen.
VLAN Port Configuration Screen Field Descriptions Refer to Table 7-5 for a functional description of each screen field. Table 7-5 Current VLAN Egress Configuration Screen Field Descriptions Use this field… To… Port (Read-Only) See a list of the ports associated with the VLAN ID shown in the line above the Port and Egress lists. Egress (Read-Only) See the current egress setting (UNTAGGED, TAGGED, or NO) for each port. 7.
VLAN Port Configuration Screen Screen Example Figure 7-7 VLAN Port Configuration Screen Policy PVID Override is 2 Global GVRP State [ ENABLED ] Ingress Port Mode PVID Acceptable Frame Types Filtering [HYBRID] 1 [ ADMIT ALL FRAMES ] [ DISABLED ] [HYBRID] 1 [ ADMIT ALL FRAMES ] [ DISABLED ] [1D TRUNK] 1 [ ADMIT ALL FRAMES ] [ DISABLED ] [HYBRID] [ DISABLED ] 1 [ ADMIT ALL FRAMES ] [HYBRID] 1 [ ADMIT ALL FRAMES ] [ DISABLED ] [HYBRID] [ DISABLED ] 1
VLAN Port Configuration Screen Table 7-6 VLAN Port Configuration Screen Field Descriptions (Continued) Use this field… To… Global GVRP State (Toggle) Enable or Disable the GVRP Status. GVRP and PVST are not interoperable. When ENABLED, GVRP is turned on for the entire switch. When DISABLED, the VLANs are not learned on a given port. Port (Read-Only) See a list of the switch ports. NOTE: In some cases this field may have an asterisk next to it.
VLAN Port Configuration Screen 7.7.1 Changing the Port Mode To change the operational mode of a port, proceed as follows. 1. Use the arrow keys to highlight the Port Mode field for the port you wish to change. 2. Use the SPACE bar or BACKSPACE key to step through the available selections. A port may be configured for any of the following modes: • HYBRID – This is the default mode for all ports on the switch. The initial Port VLAN List includes the PVID with a frame format of untagged.
VLAN Classification Configuration Screen 5. Use the arrow keys to highlight the port’s Acceptable Frame Types field. 6. Press the SPACE bar to toggle the field to the correct setting: ADMIT ALL FRAMES or ADMIT TAGGED FRAMES ONLY. 7. Use the arrow keys to highlight the port’s Ingress Filtering field. 8. Press the SPACE bar to toggle the field to the correct setting: ENABLED or DISABLED. This will either enable or disable the filtering set in the Acceptable Frame Type field in step 5. 9.
VLAN Classification Configuration Screen How to Access Use the arrow keys to highlight the VLAN CLASSIFICATION CONFIGURATION menu item on the 802.1Q VLAN Configuration Menu screen and press ENTER. The VLAN Classification Configuration screen, Figure 7-8, displays. Screen Example Figure 7-8 VLAN Classification Configuration Screen VID 7 6 1 1 5 VID: 5 ADD Description IP: 123.123.030.006 Mask: 255.255.255.255 IP: 123.123.030.007 Mask: 255.255.255.
VLAN Classification Configuration Screen Table 7-7 VLAN Classification Configuration Screen Field Descriptions (Continued) Use this field … To … Classification – top of screen (Selectable) See the classification associated with the VLAN in the VID column. This field may be selected after the screen is saved to call up the Protocol Port Configuration screen. Description (Selectable) See a brief description of the classification.
VLAN Classification Configuration Screen Table 7-8 provides a list of the Classifications that can be selected in the Classification field and the associated subclassifications. Table 7-8 Classification List Classification Subclassification and Options Ethernet II Type> Ethernet II Type: - IPX - DOD IP - ARP - RARP - AppleTalk - Banyan Vines - DECNET - CUSTOM > 802.3 SAP> SSAP/DSAP (802.3): Same - IP - IPX - IPX RAW - BANYAN - SNA - CUSTOM > IP TOS Type of Service: 0x0000 7-24 802.
VLAN Classification Configuration Screen Table 7-8 Classification List (Continued) Classification Subclassification and Options IP Protocol Type IP Protocol Type: TCP - UDP - ICMP - IGMP - OSPF - CUSTOM > IPX COS Custom or Mask Value Protocol Type: 000 IPX Class Of Service: 000 IPX Packet Type Src IP Address Dest IP Address Bil IP Address Src IPX Network IPX Packet Type: - Hello or SAP - RIP - Echo Packet - Error Packet - Netware 386/SAP - Seq.
VLAN Classification Configuration Screen Table 7-8 Classification List (Continued) Classification Subclassification and Options Dest IPX Network IPX Network Num: Custom or Mask Value 0x00000000 Bil IPX Network IPX Network Num: 0x00000000 Src UDP Port IP UDP Port: - FTP Data - FTP - BOOTP Server - BOOTP Client - RIP - Telnet - TFTP - HTTP - DNS - SMTP - POP3 - IMAP2 - IMAP3 - NETBIOS Name Serv - NETBIOS Datagram - NETBIOS Sess Serv - CUSTOM > Dest UDP Port IP UDP Port: Same selection as for Src
VLAN Classification Configuration Screen Table 7-8 Classification List (Continued) Classification Subclassification and Options Src TCP Port TCP Port: - FTP Data - FTP - BOOTP Server - BOOTP Client - RIP - Telnet - TFTP - HTTP - DNS - SMTP - POP3 - IMAP2 - IMAP3 - NETBIOS Name Serv - NETBIOS Datagram - NETBIOS Sess Serv - CUSTOM > Dest TCP Port TCP Port Number: 00000 TCP Port: Same selection as for Src TCP Port Classification Bil TCP Port Custom or Mask Value TCP Port Number: 00000 TCP Port: Sa
VLAN Classification Configuration Screen Table 7-8 Classification List (Continued) Classification Subclassification and Options Src IPX Socket IPX Socket: - NCP - SAP - RIP - NETBIOS - Diagnostics - NLSP - IPX WAN - CUSTOM > Dest IPX Socket IPX Socket Type: 00000 IPX Socket: Same selection as for Src IPX Socket Classification Bil IPX Socket Custom or Mask Value IPX Socket Type: 00000 IPX Socket: Same selection as for Src IPX Socket Classification Src MAC Address MAC Address: 00-00-00-00-00-00
VLAN Classification Configuration Screen Table 7-8 Classification List (Continued) Classification Subclassification and Options Custom or Mask Value Src TCP Range3 Start: End: 00000 00000 Start: End: 00000 00000 Start: End: 00000 00000 Dest TCP Range3 Bil TCP Range3 1. Bold type indicates a user entry. 2. Any fragmented IP frame received is Classified to the priority identification (PID) and forwarded out the ports configured in the Protocol Port Configuration screen. 3.
VLAN Classification Configuration Screen Table 7-9 Classification Precedence Classification Type Precedence Level Layer 2 Source MAC Address Best Match 1a Destination MAC Address Best Match 1b EtherType 6 SAP 6 Layer 3 IP TOS 5a IP Type 5b IPX COS 5a IPX Type 5b Source IP Address Exact Match 2a Source IP Address Best Match 2b Destination IP Address Exact Match 2c Destination IP Address Best Match 2d Source IPX Network Number 2a Destination IPX Network Number 2b IP Fragments
VLAN Classification Configuration Screen Table 7-9 Classification Precedence (Continued) Classification Type Precedence Level Layer 4 UDP Port Source 4a UDP Port Destination 4b TCP Source Port 4a TCP Destination Port 4b IPX Socket Source 4a IPX Socket Destination 4b UDP Source Port 4a UDP Source Port Range 4b UDP Dest Port 4c UDP Dest Port Range 4d TCP Source Port 4a TCP Source Port Range 4b TCP Dest Port 4c TCP Dest Port Range 4d 802.
VLAN Classification Configuration Screen The following example shows how the precedence concept can be applied: Example A network administrator has defined the following two classifications involving VLANs: • All frames with a UDP Port Source number of 55 (Layer 4, precedence level 4a) are assigned to the Red VLAN. • All frames sourced from the 134.141.28.xx subnet (Layer 3, Source IP Address Best Match, level 2b) are assigned to the Blue VLAN.
VLAN Classification Configuration Screen 7.8.3 Assigning a Classification to a VID NOTE: It is strongly recommended that you read Section 7.8.1 for more information concerning classification before configuring the SmartSwitch device. Incorrect configuration will affect network operation. To assign a Classification to a VID, proceed as follows: 1. Use the arrow keys to highlight the VID (VLAN identification) field. 2. Type in the appropriate VID. Press ENTER. 3.
Protocol Port Configuration Screen 7.8.4 Deleting Line Items All, or one or more, line items can be deleted as follows: Deleting All Classification Rules To delete all the Classification Rules in the top half of the screen, use the arrow keys to highlight the DEL ALL command field and press ENTER. Deleting One or More Classification Rules To delete one or more Classification Rules, mark each one and then delete them, as follows: 1.
Protocol Port Configuration Screen • Add ports to the VLAN Forwarding List of the SmartSwitch device. NOTE: The ports can only be added to the VLAN Forwarding List of an existing VLAN. If the VLAN does not exist, it must be created before the ports can be assigned to the VLAN Forwarding List. VLANs are created using the Static VLAN Configuration screen described in Section 7.3.
Protocol Port Configuration Screen Field Descriptions Refer to Table 7-10 for a functional description of each screen field. Table 7-10 Protocol Port Configuration Screen Field Descriptions Use this field … To … Classification Rule Field (Read-Only) See the VID, Classification, and Definition of the line selected in the VLAN Classification Configuration screen.
Protocol Port Configuration Screen Table 7-10 Protocol Port Configuration Screen Field Descriptions (Continued) Use this field … To … SET PORTS TO VLAN FORWARDING (Toggle) Add the VLAN and classification shown in the Classification Rule field to the Port VLAN List of all ports set to YES. The SET PORTS TO VLAN FORWARDING field toggles between NO and YES with NO as the default setting. YES adds all the ports set to YES to the VLAN Forwarding list of the SmartSwitch device. 7.9.
Protocol Port Configuration Screen Assigning VID/Classification to Port VLAN Lists 1. Use the arrow keys to highlight the SET PORTS TO VLAN FORWARDING command field. 2. Press the SPACE bar to toggle the SET PORTS TO VLAN FORWARDING command field to YES or NO. Press ENTER. YES will add the Classification Rule to the Port VLAN List of each port that has been set to YES using one of the two procedures previously described. NO will remove the Classification Rule from all the ports selected. 3.
8 802.1p Configuration Menu Screens This chapter describes the 802.1p Configuration Menu screen and the following screens that may be selected from its menu: • Port Priority Configuration screen (Section 8.2) • Traffic Class Information screen (Section 8.3) • Traffic Class Configuration screen (Section 8.4) • Transmit Queues Configuration screen (Section 8.5) • Priority Classification Configuration screen (Section 8.6) • Protocol Port Configuration screen (Section 8.
802.1p Configuration Menu Screen 8.1 802.1p CONFIGURATION MENU SCREEN When to Use To select the screens used for setting port priority, priority classifications, or configuring rate limiting. How to Access Use the arrow keys to highlight the 802.1p CONFIGURATION MENU item on the 802.1 Configuration Menu screen and press ENTER. The 802.1p Configuration Menu screen, Figure 8-1, displays. Screen Example Figure 8-1 802.
802.1p Configuration Menu Screen Menu Descriptions Refer to Table 8-1 for a functional description of each menu item. Table 8-1 802.1p Configuration Menu Screen Menu Item Descriptions Menu Item Screen Function PORT PRIORITY CONFIGURATION Used to view or change the port default transmit priority (0 through 7) of each port for frames that are received (ingress) without priority information in their tag header. For additional information, refer to Section 8.2.
Port Priority Configuration Screen 8.2 PORT PRIORITY CONFIGURATION SCREEN When to Use To set the priority (0 through 7) on each port. A port receiving a frame without priority information in its tag header is assigned a priority according to the priority setting on the port. For example, if the priority of a port is set to 5, the frames received through that port without a priority indicated in their tag header are classified as a priority 5.
Port Priority Configuration Screen Screen Example Figure 8-2 Port Priority Configuration Screen Port # Priority Policy Override Port # Priority Policy Override 1 [0] NONE 11 [4] NONE 2 [2] NONE 12 [4] NONE 3 [2] NONE 13 [4] NONE 4 [3] NONE 14 [4] NONE 5 [3] NONE 15 [4] NONE 6 [4] NONE 16 [6] NONE 7 [4] NONE 17 [6] NONE 8 [0] NONE 18 [6] NONE 9 [5] NONE 19 [1] NONE 10 [6] NONE 20 [1] NONE Set : [ INDIVIDUAL ] NEXT SAVE PREVIOUS EXIT RE
Port Priority Configuration Screen Table 8-2 Port Priority Configuration Screen Field Descriptions Use this field… To… Port # (Read-Only) See the port number. Up to 10 rows of port numbers can be displayed per screen with a maximum of 4 columns. The list of ports can include both physical and virtual ports. If the number of ports exceed these limits, one or more other screens may be accessed using the NEXT and PREVIOUS commands.
Traffic Class Information Screen 8.2.2 Setting Switch Port Priority on All Ports To set the port priority on all ports simultaneously, proceed as follows: 1. Use the arrow keys to highlight the Set field. 2. Press the SPACE bar to step to the ALL PORTS setting. A Priority field displays to the right of the Set field. 3. Use the arrow keys to highlight the Priority field. 4. Press the SPACE bar to select a priority from 0 through 7 (0 is the lowest priority). 5.
Traffic Class Information Screen How to Access Use the arrow keys to highlight the TRAFFIC CLASS INFORMATION menu item on the 802.1p Configuration Menu screen and press ENTER. The Traffic Class Information screen, Figure 8-3, displays.
Traffic Class Information Screen Field Descriptions Refer to Table 8-3 for a functional description of each screen field. Table 8-3 Traffic Class Information Screen Field Descriptions Use this field… To… Priority (Read-Only) View eight priority levels of a port that can be associated with Traffic Class settings. When the screen is displayed the current default Traffic Class-to-priority settings are shown for each port.
Traffic Class Configuration Screen 8.4 TRAFFIC CLASS CONFIGURATION SCREEN When to Use To change the Traffic Class setting of one or more priorities on each port. The new Traffic Class settings may be applied only to the port selected or to all ports, simultaneously. How to Access Use the arrow keys to highlight the appropriate port number field above the column of the Traffic Class settings in the Traffic Class Information screen. Press ENTER.
Traffic Class Configuration Screen Field Descriptions Refer to Table 8-4 for a functional description of each screen field. Table 8-4 Traffic Class Configuration Screen Field Descriptions Use this field… To… Priority (Read-Only) See the list of eight priority levels (0 through 7) that can be associated with the Traffic Class settings. Priority 0 is the lowest priority. When the screen is displayed, the current default Traffic Class-to-priority settings are shown for the selected port.
Transmit Queues Configuration Screen 4. To save and apply the settings to only the port shown on the screen, proceed to step 5. To save the Traffic Class selections and apply them to all front panel Ethernet ports, proceed to step 6. 5. Use the arrow keys to highlight the SAVE command at the bottom of the screen and press ENTER. The message “SAVED OK” displays and the settings are saved. 6. Use the arrow keys to highlight the SAVE TO ALL PORTS command at the bottom of the screen and press ENTER.
Transmit Queues Configuration Screen How to Access Use the arrow keys to highlight the TRANSMIT QUEUES CONFIGURATION menu item on the 802.1p Configuration Menu screen and press ENTER. The Transmit Queues Configuration screen, Figure 8-5, displays.
Transmit Queues Configuration Screen Field Descriptions Refer to Table 8-5 for a functional description of each screen field. Table 8-5 Transmit Queues Configuration Screen Field Descriptions Use this field … To… Current Queueing Mode (Toggle) Toggle between the STRICT 802.1 and WEIGHTED mode. The default setting is STRICT 802.1. To set the mode, refer to Section 8.5.1.
Transmit Queues Configuration Screen 8.5.1 Setting the Current Queueing Mode To set the current queueing mode for a particular port, proceed as follows: 1. Use the arrow keys to highlight the Port field. 2. Press the SPACE bar to step to the appropriate port number. The port type displays to the right of the Port number field. TIP: To display the current port settings, press ENTER after selecting the port number. 3. Use the arrow keys to highlight the Current Queueing Mode field. 4.
Priority Classification Configuration Screen 8.6 PRIORITY CLASSIFICATION CONFIGURATION SCREEN When to Use To perform the following functions: • Display the current Priority, Classification, and Description entries of each classification rule. • Assign priorities according to Classification Rules. • Add/delete a priority and associated protocol entry. • Access the Protocol Port Configuration screen. • Assign an 8-bit TOS (also known as DF) value to incoming IP frames.
Priority Classification Configuration Screen Screen Example Figure 8-6 Priority Classification Configuration Screen PID 7 6 1 1 5 Description IP: 123.123.030.006 Mask: 255.255.255.255 IP: 123.123.030.007 Mask: 255.255.255.255 0x8137 0x0800 0x9999 Classification Bilateral IP Address Dest IP Address Ethernet II Type Ethernet II Type 802.3 SAP PID: CLASSIFICATION: 5 ADD IP ADDRESS: [ Bil IP Address ] 123.123.030.
Priority Classification Configuration Screen Table 8-6 Priority Classification Configuration Screen Field Descriptions (Continued) Use this field … To… PID – bottom of screen (Modifiable) Enter the priority value that will be associated with the classification selected in the Classification field. A PID from 0 to 7 may be typed into the field, where 0 is the lowest priority and 7 is the highest priority. For details on how to enter the PID/Classification, refer to Section 8.6.4.
Priority Classification Configuration Screen Table 8-7 provides a list of the Classifications that can be selected in the Classification field and the associated subclassifications. Table 8-7 Classification List Classification Subclassification and Options Ethernet II Type> Ethernet II Type: - IPX - DOD IP - ARP - RARP - AppleTalk - Banyan Vines - DECNET - CUSTOM > 802.3 SAP> SSAP/DSAP (802.
Priority Classification Configuration Screen Table 8-7 Classification List (Continued) Classification Subclassification and Options IP Protocol Type IP Protocol Type: New IP TOS: - NO CHANGE - TOS=PID - CUSTOM> TCP Same Same Same Same Same - UDP - ICMP - IGMP - OSPF - CUSTOM > IPX COS IPX Class of Service: Custom or Mask Value TOS: Value = 0x00 (Range: 0 - 255) Protocol Type: 000 000 IPX Packet Type IPX Packet Type: - Hello or SAP - RIP - Echo Packet - Error Packet - Netware 386/SAP - Seq.
Priority Classification Configuration Screen Table 8-7 Classification List (Continued) Classification Subclassification and Options Custom or Mask Value Dest IP Address IP Address: Mask: New IP TOS: - NO CHANGE - TOS=PID - CUSTOM> 000.000.000.000 000.000.000.000 Bil IP Address IP Address: Mask: New IP TOS: - NO CHANGE - TOS=PID - CUSTOM> 000.000.000.000 000.000.000.
Priority Classification Configuration Screen Table 8-7 Classification List (Continued) Classification Subclassification and Options Src UDP Port IP UDP Port: New IP TOS: - NO CHANGE - TOS=PID - CUSTOM> - FTP Data Same Same Same Same Same Same Same Same Same Same Same Same Same Same Same Same - FTP - BOOTP Server - BOOTP Client - RIP - Telnet - TFTP - HTTP - DNS - SMTP - POP3 - IMAP2 - IMAP3 - NETBIOS Name Serv - NETBIOS Datagram - NETBIOS Sess Serv - CUSTOM > Dest UDP Port IP UDP Port: Same sel
Priority Classification Configuration Screen Table 8-7 Classification List (Continued) Classification Subclassification and Options Src TCP Port TCP Port: New IP TOS: - NO CHANGE - TOS=PID - CUSTOM> - FTP Data Same Same Same Same Same Same Same Same Same Same Same Same Same Same Same Same - FTP - BOOTP Server - BOOTP Client - RIP - Telnet - TFTP - HTTP - DNS - SMTP - POP3 - IMAP2 - IMAP3 - NETBIOS Name Serv - NETBIOS Datagram - NETBIOS Sess Serv - CUSTOM > Dest TCP Port TCP Port: Same selection
Priority Classification Configuration Screen Table 8-7 Classification List (Continued) Classification Subclassification and Options Src IPX Socket IPX Socket: - NCP - SAP - RIP - NETBIOS - Diagnostics - NLSP - IPX WAN - CUSTOM > Dest IPX Socket Src MAC Address MAC Address: 00-00-00-00-00-00 Dest MAC Address MAC Address: 00-00-00-00-00-00 Bil MAC Address MAC Address: 00-00-00-00-00-00 IP Fragments2 8-24 IPX Socket Type: 00000 IPX Socket: Same selection as for Src IPX Socket Classification N
Priority Classification Configuration Screen Table 8-7 Classification List (Continued) Classification Subclassification and Options Custom or Mask Value IP Fragments2 Start: End: New IP TOS: - NO CHANGE - TOS=PID - CUSTOM> 00000 00000 Dest UDP Range Start: End: New IP TOS: - NO CHANGE - TOS=PID - CUSTOM> 00000 00000 Bil UDP Range Start: End: New IP TOS: - NO CHANGE - TOS=PID - CUSTOM> 00000 00000 Src TCP Port Start: End: New IP TOS: - NO CHANGE - TOS=PID - CUSTOM> 00000 00000 T
Priority Classification Configuration Screen Table 8-7 Classification List (Continued) Classification Subclassification and Options Custom or Mask Value Dest TCP Port Start: End: New IP TOS: - NO CHANGE - TOS=PID - CUSTOM> 00000 00000 Bil TCP Port Start: End: New IP TOS: - NO CHANGE - TOS=PID - CUSTOM> 00000 00000 TOS: Value = 0x00 (Range: 0 - 255) TOS: Value = 0x00 (Range: 0 - 255) 1. Bold type indicates a user entry. 2.
Priority Classification Configuration Screen Table 8-8 lists the ISO Layer, associated classification and precedence levels. NOTE: In Table 8-8, the following applies: - Table 8-8 Highest precedence is 1a. Lowest precedence is 6. Exact Match indicates a match of an explicitly defined address. Best Match indicates a match of an entire subnet, or range of addresses within a subnet.
Priority Classification Configuration Screen Table 8-8 Classification Precedence (Continued) Classification Type Precedence Level Layer 3 (Continued) Source IPX Network Number 2a Destination IPX Network Number 2b IP Fragments 3 Layer 4 8-28 UDP Port Source 4a UDP Port Destination 4b TCP Source Port 4a TCP Destination Port 4b IPX Socket Source 4a IPX Socket Destination 4b UDP Source Port 4a UDP Source Port Range 4b UDP Dest Port 4c UDP Dest Port Range 4d TCP Source Port 4a
Priority Classification Configuration Screen The following example shows how the precedence concept can be applied: Example A network administrator has defined the following two classifications involving priorities: • All frames with an IP TOS value of AA (Layer 3, precedence level 5a) are assigned to priority 7. • All frames with a TCP source port number of 80 (Layer 4, precedence level 4a) are assigned to priority 3.
Priority Classification Configuration Screen The IP TOS Rewrite parameters are set using the Priority Classification screen. The screen enables you to configure the new IP TOS field for any IP frame classification. A selection field is displayed for all supported classification rules. The default value is “NO CHANGE”. You can optionally specify TOS=PID, whereby the precedence sub-field in the TOS field to match the value of the priority in the classification rule.
Priority Classification Configuration Screen 6. Press the SPACE bar to step to the appropriate protocol. In some cases, there is only one selection and a value needs to be entered. This is indicated by bold zeros. Table 8-7 lists the possible selections associated with each subclassification (examples: IPX, AppleTalk, NetBIOS, Banyan Vines, 000.000.000.000, 0x00000000, etc.). 7.
Protocol Port Configuration Screen 4. After the lines are marked, use the arrow keys to highlight the DEL MARKED command field. 5. Press ENTER. The marked line items are deleted and the DEL MARKED command is changed back to DEL ALL. 8.7 PROTOCOL PORT CONFIGURATION SCREEN When to Use To display the ports associated with the line item (Classification Rule) selected in the Priority Classification Configuration screen described in Section 8.6.
Protocol Port Configuration Screen Field Descriptions Refer to Table 8-9 for a functional description of each screen field. Table 8-9 Protocol Port Configuration Screen Field Descriptions Use this field… To… Classification Rule (Read-Only) See the Classification Rule (Priority, Classification, and Definition) of the line selected in the Priority Classification Configuration screen.
Protocol Port Configuration Screen 8.7.1 Assigning Ports to a PID/Classification To assign one or more ports, or all ports simultaneously, to a PID/Classification (Classification Rule), proceed as follows: Assigning One or More Ports Individually 1. Use the arrow keys to highlight the Classify field adjacent to the Port number. 2. Press the SPACE bar to toggle the Classify field to either NO or YES. YES associates the port to the priority shown in the Classification Rule field. 3.
Protocol Port Configuration Screen Example This example illustrates how to prioritize network traffic using classification rules. In this example, illustrated in Figure 8-9, the ABC Company wants to prioritize traffic to their SAP server and Mail server, so that the SAP Server has the highest priority, and the Mail Server, the lowest priority. Figure 8-9 Prioritizing Network Traffic According to Classification Rule 123.123.30.6 123.123.30.1 123.123.30.2 123.123.30.3 123.123.30.4 123.123.30.
Protocol Port Configuration Screen Switch 1 The following settings are done using the Priority Classification Configuration screen to assign the classification to the priority. Then the Protocol Port Configuration screen is used to assign the ports to the appropriate priority and classification. NOTE: In the two settings below, the subnet mask is set to 255.255.255.255. This means that frames with a source or destination address of 123.123.30.6 or 123.123.30.
Rate Limiting Configuration Screen 8.8 RATE LIMITING CONFIGURATION SCREEN NOTE: The Inbound Rate Limiting function is not supported on ports connected to SmartTrunk segments. When to Use To limit the rate of traffic entering and leaving the SmartSwitch device on a per port/priority basis. Up to three inbound rules and three outbound rules can be programmed per port to control traffic according to the priority entries. The rules also contain the programmed traffic rate.
Rate Limiting Configuration Screen Screen Example Figure 8-10 Rate Limiting Configuration Screen Maximum Port # Priority List Direction Dropped Events 1 0, 1, 2, 3, 4 500 kbps Inbound 4294967295 1 0, 1, 2, 3, 4 500 kbps Outbound 1 5, 6, 7 500 kbps Inbound 1 5, 6, 7 500 kbps Outbound 0 5 1, 2, 3 500 kbps Outbound 0 5 1, 2, 3 500 kbps Outbound 10 5, 6, 7 1000 kbps Feature: [ Port Number ] ENABLED ADD Max Traffic Rate Port: DEL ALL 1 NEXT Inbound Priority List: Dire
Rate Limiting Configuration Screen Table 8-10 Rate Limiting Configuration Screen Field Descriptions (Continued) Use this field… To… Max Traffic Rate (Read-Only) See the maximum traffic rate set for each port entry. There can be up to four entries (two for Inbound and two for Outbound traffic) for the same port. However, there must be a different priority for each Inbound entry on a port, and the same holds true for two Outbound entries.
Rate Limiting Configuration Screen Table 8-10 Rate Limiting Configuration Screen Field Descriptions (Continued) Use this field… To… Priority List – bottom of screen (Selectable) Assign one or more priorities to the port being configured. The settings available are 0, 1, 2, 3, 4, 5, 6, 7, or ALL. When the Priority List is highlighted, the SPACE bar is used to step to the priority, which must be marked with an asterisk (*) using the M key. More than one priority may be selected and marked for each port.
Rate Limiting Configuration Screen Table 8-10 Rate Limiting Configuration Screen Field Descriptions (Continued) Use this field… To… Max Rate: kbps (Modifiable) Enter the maximum transmission rate for this entry. The maximum transmission rate includes all frames associated with the priorities selected in the Priority List field. The default is the high setting of 100 Kbps maximum interface speed. The high range setting is 100 Kpbs to 1 Gbps. The low range setting is 50 to 40000 Kpbs.
Rate Limiting Configuration Screen 2. To enter a Port Type, proceed as follows: a. Use the arrow keys to highlight the Port field (near the bottom of the screen) and press the SPACE bar. Port Number changes to Port Type and the field below it changes to [all 10Mbps enet]. b. Use the arrow keys to highlight the [all 10Mbps enet] field below the Port Type field. c. If the port type [all 10Mbps enet] is not the selection needed, press the SPACE bar to select either [all 100Mbps enet] or [all 1Gbps enet]. 3.
Rate Limiting Configuration Screen 11.If Inbound or Outbound rate limiting entries are to be configured on other ports on the device, repeat steps 1 through 10 to configure each port. Any combination of Inbound and Outbound entries may be configured per port with a limit of three for Inbound and three for Outbound. (For example, two inbound/two outbound, one inbound/two outbound, two inbound/one outbound and one inbound/one outbound.) 12.
Rate Limiting Configuration Screen 8.8.3 More About Rate Limiting Rate Limiting enables Service Providers in Multi-Dwelling-Unit (MDU) and similar environments to offer varied bandwidth to customers using low cost Ethernet connections. Another solution for the enterprise, is to provide high priority bandwidth on the network for guaranteed service level agreements. NOTE: When allocating the maximum rate per port, the maximum bandwidth of the uplink must be kept in mind.
Rate Limiting Configuration Screen To solve this problem, the Rate Limiting feature can be configured on each port to provide each user with 5 Mbps of high priority bandwidth into the fabric. Now the maximum possible amount of traffic attempting to leave the chassis at high priority is 5 x 100 = 500 Mbps. The gigabit link has ample capacity to carry this load out of the chassis.
9 Layer 3 Extensions Menu Screens This chapter describes the Layer 3 Extensions Menu screen and the IGMP/VLAN Configuration screen (Section 9.2). Screen Navigation Path Password > Device Menu > Device Configuration Menu > Layer 3 Extensions Menu 9.1 LAYER 3 EXTENSIONS MENU SCREEN When to Use To access the IGMP/VLAN Configuration screen. How to Access Use the arrow keys to highlight the LAYER 3 EXTENSIONS MENU item on the Device Configuration Menu screen and press ENTER.
Layer 3 Extensions Menu Screen Screen Example Figure 9-1 Layer 3 Extensions Menu Screen IGMP/VLAN CONFIGURATION EXIT RETURN 30691_50 Menu Descriptions Refer to Table 9-1 for a functional description of each menu item (at this time there is only one menu item). Table 9-1 Layer 3 Extensions Menu Screen Menu Item Descriptions Menu Item Screen Function IGMP/VLAN CONFIGURATION Used to enable or disable IGMP (Internet Group Management Protocol) on selected VLANs. For details, refer to Section 9.2.
IGMP/VLAN Configuration Screen 9.2 IGMP/VLAN CONFIGURATION SCREEN When to Use The IGMP/VLAN Configuration screen, Figure 9-2, is used to enable or disable IGMP (Internet Group Management Protocol, RFC 2236) on selected VLANs, or globally on all VLANs that are available. IGMP Snooping provides a solution for handling multicast streams in layer 3 routers. IGMP is for hosts on multi-access networks to inform locally attached switches of their Multicast group membership information.
IGMP/VLAN Configuration Screen Screen Example Figure 9-2 IGMP/VLAN Configuration Screen IGMP/VLAN Configuration Configuration -----------------IGMP Version: [ 2 ] Query Interval: 120 Query Response Time: 10 Interface Robustness: 2 Last Member Query Interval: 1 Switch Query IP: 123.123.123.123 McastMartPoolSize: [ 32 ] Statistics ------Querier Address: xxx.xxx.xxx.
IGMP/VLAN Configuration Screen Table 9-2 IGMP/VLAN Configuration Screen Field Descriptions (Continued) Use this field… To… Query Interval (Modifiable) See or change the query interval time. If the switch is the querier, the value in the Query Interval field indicates how often IGMP Host-Query frames are transmitted on the VLAN selected in the VLAN ID field. This value is also used in calculations for other timers. The default value is 125 seconds. The range of possible entries is 1 to 300 seconds.
IGMP/VLAN Configuration Screen Table 9-2 IGMP/VLAN Configuration Screen Field Descriptions (Continued) Use this field… To… Switch Query IP (Modifiable) Enter the IP address that the switch will use to source IGMP query frames when the switch is the designated querier on the VLAN. The IP address must be a valid address associated with the VLAN. The field will initially display an asterisk (*).
IGMP/VLAN Configuration Screen Table 9-2 IGMP/VLAN Configuration Screen Field Descriptions (Continued) Use this field… To… VLAN ID (Modifiable) Enter the Identifying number of the VLAN to be modified. If there are no VLANs configured for IGMP, NONE is displayed in this field and asterisks (*) will display in the Configuration, Statistics, and IGMP State fields. The information under Configuration and Statistics applies only to this VLAN ID. Use the SPACE bar to step through all available VLAN IDs.
configuration of the chosen VLAN. (DELETE will remove the IGMP configuration of the VLAN.) 4. Use the arrow keys to highlight the IGMP Version field. Then use the SPACE bar to select the proper IGMP version for the VLAN shown in the VLAN ID field. NOTE: When configuring IGMP, it is advisable to follow the IGMP configuration rules in RFC 2236 concerning switches, and routers. 5.
10 Device Statistics Menu Screens This chapter describes how to use the Device Statistics Menu screen and the following screens that may be selected from its menu: • Switch Statistics screen (Section 10.2) • Interface Statistics screen (Section 10.3) • RMON Statistics screen (Section 10.4) • An HSIM or VHSIM Statistics screen may be selected from the Device Statistics Menu screen when an optional HSIM or VHSIM is installed in the SmartSwitch device.
Device Statistics Menu Screen How to Access Use the arrow keys to highlight the DEVICE STATISTICS menu item on the Device Menu and press ENTER. The Device Statistics Menu screen, Figure 10-1, displays. Screen Example Figure 10-1 Device Statistics Menu Screen SWITCH STATISTICS INTERFACE STATISTICS RMON STATISTICS HSIM/VHSIM STATISTICS EXIT RETURN 3650-01_07 Menu Descriptions Refer to Table 10-1 for a functional description of each menu item.
Switch Statistics Screen Table 10-1 Device Statistics Menu Screen Menu Item Descriptions (Continued) Menu Item Screen Function RMON STATISTICS Displays all the statistics gathered by the embedded RMON agent built into the SmartSwitch device. For details, refer to Section 10.4. HSIM/VHSIM STATISTICS Displays the statistics screen when an optional Fast Ethernet or Gigabit Ethernet HSIM or VHSIM is installed in the device.
Switch Statistics Screen Screen Example Figure 10-2 Switch Statistics Screen Port # Frames Rcvd Frames Txmtd Frames Fltrd Frames Frwded 1 100 100 0 100 2 100 100 0 100 3 100 100 0 100 4 100 100 0 100 5 100 100 0 100 6 100 100 0 100 7 100 100 0 100 8 100 100 0 100 9 100 100 0 100 10 100 100 0 100 11 100 100 0 100 12 100 100 0 100 13 100 100 0 CLEAR COUNTERS PREVIOUS NEXT EXIT 100 RETURN 30691_53 Field Descriptions Refer to Table 10-
Interface Statistics Screen Table 10-2 Switch Statistics Screen Field Descriptions (Continued) Use this field… To… Frames Frwded (Read-Only) See the number of frames forwarded by the interface since the last power-up or reset. CLEAR COUNTERS (Command) Temporarily reset all counters of a screen to zero, allowing the user to observe counter activity over a period of time. For details on how to use this field, refer to Section 3.1.4. 10.
Interface Statistics Screen Screen Example Figure 10-3 Interface Statistics Screen Name: Fast Ethernet Frontpanel Interface: 1 InOctets: 7500456 InUnicast: Address: 00-00-00-00-00-00 6789 Last Change: xx days 00:00:00 InNonUnicast: 0 Admin Status: Up InDiscards: 0 Oper Status: Down InErrors: 0 InUnknownProtos: 0 MTU: 1514 OutOctets: 0 Speed: 100000000 OutUnicast: 0 OutNonUnicast: 0 OutDiscards: 0 OutErrors: 0 OutQLen: 0 CLEAR COUNTERS Interface: [nn] EXIT RETURN 306
Interface Statistics Screen Table 10-3 Interface Statistics Screen Field Descriptions (Continued) Use this field… To… InUnicast (Read-Only) See the total number of frames that have been received that were sent to a single address. InNonUnicast (Read-Only) See the total number of frames that have been received that were delivered to a broadcast or multicast address. InDiscards (Read-Only) See the total number of inbound frames that were discarded, even though the frames contained no errors.
Interface Statistics Screen Table 10-3 Interface Statistics Screen Field Descriptions (Continued) Use this field… To… Last Change (Read-Only) See the last time that the interface was reset. Admin Status (Read-Only) See the current status of the interface. If this field displays “Testing”, no frames may be passed on this interface. Oper Status (Read-Only) See the current status of the interface. If this field displays “Testing”, no frames may be passed on this interface.
RMON Statistics Screen 10.4 RMON STATISTICS SCREEN When to Use To obtain RMON statistics for each interface, on an interface-by-interface basis. NOTE: The RMON Statistics screen provides statistics for all front panel Ethernet Interfaces, and any Ethernet HSIM/VHSIM installed in the SmartSwitch device. How to Access Use the arrow keys to highlight the RMON STATISTICS field on the Device Statistics Menu screen and press ENTER. The RMON Statistics screen, Figure 10-4, displays.
RMON Statistics Screen Table 10-4 RMON Statistics Screen Field Descriptions Use this field… To… RMON Index (Read-Only) See the current Ethernet interface for which statistics are being shown. The SmartSwitch device has an embedded RMON agent that gathers statistics for each interface on the device. Data Source (Read-Only) See the source of the statistics data that is currently being displayed on the screen.
RMON Statistics Screen Table 10-4 RMON Statistics Screen Field Descriptions (Continued) Use this field… To… Oversized Pkts (Read-Only) See the number of frames received whose size exceeded 1518 data bytes, not including preamble, but have a valid CRC.
RMON Statistics Screen Table 10-4 RMON Statistics Screen Field Descriptions (Continued) Use this field… To… 1024 – 1518 Octets (Read-Only) See the total number of frames, including bad frames, received that were between 1024 and 1518 bytes in length (excluding framing bits, but including FCS bytes). Index [nn] (Command) Enter a port number to view its statistics. For instructions on how to use this command, refer to Section 10.4.1.
11 Network Tools Screens This chapter describes the Network Tools Help screen and how to use it and the Network Tools commands to access and manage network devices. An example of each command is also included. Screen Navigation Paths Password > Device Menu > Network Tools 11.1 NETWORK TOOLS When to Use To access and manage network devices using the Network Tools command set. How to Access Use the arrow keys to highlight the NETWORK TOOLS menu item in the Device Menu screen and press ENTER.
Network Tools Screen ExampleNetwork Tools Help Screen Welcome to Network Tools -> help Commands Available to the User: Built in Commands: arp netstat show bridge ping traceroute defroute reset ev telnet arp_learn timed_reset stpForceVersion stpLegacyPathCost lg_frame_admin igmpv3_drop dynamic_egress suppress_topology_traps radius link_trap non_bridge_if_num stpPort stpPointToPointMAC passiveStp sat_size rate_limit_mode maclock soft_reset cdp timed_soft_reset stpEdgePort stpRealTimeMsgAge vrrpPort loop
Network Tools Refer to Table 11-1 for a list of the commands.
Built-in Commands command Description: Briefly describes the command and its uses. Syntax: Shows the required command format. It indicates where arguments, if any, must be specified. Options: Lists any additional fields in the appropriate format that may be added to the command. Example: Shows an example of the command. 11.2 BUILT-IN COMMANDS The built-in commands listed in this section activate functions on the LM managed device or devices being accessed through Network Tools.
Built-in Commands alias (Continued) Examples: -> alias disable 1-4 Snooping is disabled on port 1. Snooping is disabled on port 2. Snooping is disabled on port 3. Snooping is disabled on port 4. -> alias status 1 Snooping is disabled on port 1. -> alias stats Pkts Sent [ <= 64]: 0 Pkts Sent [ 65...128]: 0 Pkts Sent [129...256]: 0 Pkts Sent [257...512]: 0 Pkts Sent [512..
Built-in Commands arp Description: Provides access to the ARP (Address Resolution Protocol) cache, enabling you to view cache data, delete entries, or add a static route. Super-user access is required to delete an entry or add a static route. Each ARP cache entry lists the network interface that the switch module is connected to, the device’s network address or IP address, the device’s physical address or MAC address, and the media type of connection to the device.
Built-in Commands arp_learn Description: Sets how the ARP cache entry will be affected under different conditions as described in the options below, and displays current ARP cache settings. Syntax: arp_learn [normal | limited | status] Options: normal – Changes the ARP cache entry for a given IP Address, if the source address (SA) in the entry does not match that of any received IP Packet. limited – Causes the ARP entry to change only by ARP request and ARP response packets.
Built-in Commands cdp Description: Enables, disables or displays the status of the CDP Discovery Protocol. Syntax: cdp [enable/disable/status] Options: enable — Enables CDP discovery protocol on the device. disable — Disables CDP discovery prototol on the device. status — Displays the status of the CDP discovery protocol.
Built-in Commands dynamic_egress Description: Enables, disables or displays the status of the dynamic_egress control function. The command requires a corresponding VLAN Identifier (VID). The dynamic_egress control function allows or disallows VLANs to be dynamically added to the dynamic Port VLAN Lists of a port. The default is that no dynamic Port VLAN Lists will be modified. The lists are modified based on the inbound traffic on a port.
Built-in Commands dynamic_egress (Continued) Examples: -> dynamic_egress status 1 Dynamic Egress Disabled for VLAN ID 0x0001 -> dynamic_egress enable 1 Dynamic Egress Enabled for VLAN ID 0x0001 -> dynamic_egress disable 1 Dynamic Egress Disabled for VLAN ID 0x0001 ev Description: Enables or disables groups of events or all events concerning logging functions.
Built-in Commands ev (Continued) Options: ENABLE – Enables Group or events or all DISABLE – Disables Group or events or all Commands to Control Logging Functions: ev STARt [Logging] [Trapping] – begin logging events/traps ev STOp [Logging] [Trapping] – stop logging events/traps ev Clear – clear the log ev SEverity – set/show current logging severity ev filter [get | set ] – get/set search string ev logsize [get|set <#(50-5000)>] – get/set dynamic log buffer size Commands for Listi
Built-in Commands gigabit_port_mode Description: Configures or displays the status of Gigabit Ethernet ports. Changing the mode will cause a reset and loss of all data in NVRAM with the exception of the IP Address and Subnet IP Address. NOTE: This field is displayed only when the switch module supports an installed Gigabit Ethernet VHSIM. Syntax: gigabit_port_mode [active | redundant | status] Options: active – Enables both gigabit ports.
Built-in Commands lg_frame_admin Description: Enables large frame support on a per port basis. allowing the user to determine if large frames can be forwarded out a particular port. Syntax: lg_frame_admin [ set ] [ LARGE | FRAG_IF_POSS | SMALL | AUTO ] [ PORT | ALL_BPLANE | ALL_FDDI ] lg_frame_admin [ status ] [ port # ] Options: set – Sets the size of transmitted frames for a port or a group of ports. status – Causes the display of the current settings for one port or a group of ports (e.g., 1– 15).
Built-in Commands link_trap Description: Enables, disables, or displays the status of link traps on one or all ports. Syntax: link_trap [enable/disable/status] Options: enable — Enables a link trap. disable — Disables a link trap. status — Displays link trap status. PORT/ all — Specifies a port or all ports.
Built-in Commands loopback_detect (Continued) Examples: -> loopback_detect enable -> loopback_detect disable -> loopback_detect state Loopback_detect is disabled. maclock Description: Configures the MAC locking feature per port. When enabled, either a static MAC is locked to the port, or the first MAC seen on the port is locked to that port. Only incoming traffic with the locked MAC as the source MAC address shall be forwarded.
Built-in Commands maclock (Continued) Syntax: (Continued) maclock set enable [ port# | all | global ] Enables MAC locking globally or on one or more ports. When enabled and configured for a specific MAC address and port string, this locks a port so that only one end station address is allowed to participate in frame relay. maclock set disable [ port# | all | global] Disables MAC locking globally or on one or more ports.
Built-in Commands maclock (Continued) Options: port# | all — Applies MAC locking parameters to a specific ports or to all ports on the device. global — Applies MAC locking parameters globally. firstarrival — Displays MAC locking information about first arrival end stations connected to the device. static — Displays MAC locking information about managment defined end stations connected to the device.
Built-in Commands maclock (Continued) Examples: (Continued) -> maclock set enable global MAC locking is globally enabled. -> maclock set disable global MAC locking is globally disabled. -> maclock set 00:a0:c9:0d:32:11 3 create MAC_locking for MAC 00:A0:C9:0D:32:11 created on Port 3. -> maclock set firstarrival 3 6 MAC-Locking Dynamic entry changed to 6 on port 3. -> maclock set static 3 4 MAC-Locking Static entry changed to 3 on port 4. -> maclock settrap 3 enable Enabling MAC-Locking traps on Port 3.
Built-in Commands netstat (Continued) Example: -> netstat -i Interface + DescriptionMTU Speed Admin Oper MAC Addr #1 #2 #3 #4 10000000 10000000 10000000 10000000 up up up up (ethernet (ethernet (ethernet (ethernet - csmacd) csmacd) csmacd) csmacd) 1514 1514 1514 1514 up up up up -> netstat -r Destination Next-hop # Default Route # 134.141.0.0 # 134.141.0.
Built-in Commands passiveStp Description: Enables, disables, or displays the status of Passive Mode Spanning Tree on the device. Passive Mode Spanning tree allows ports on leaf bridges to transition very quickly and not invoke a global network re-span through requesting root elections by: • • • • • Not allowing switches to become the root node; Not allowing switches to send configuration BPDUs; Expiring the message age timer when a link transitions to a down state; Moving the 802.
Built-in Commands policy Description: Displays the policy table and configures policy-port mappings.
Built-in Commands policy (Continued) Examples: (Contiued) -> policy show port 1-4 -----------------------------------------------------------------------------Port DefaultPolicy CurrentPolicy AuthType AuthStatus AuthInfo -----------------------------------------------------------------------------1 Guest Guest Static N/A N/A 2 Guest Admin MAC Auth 00:00:1D:AA:AA:AA 3 N/A N/A 4 Guest Employee EAP Auth john.
Built-in Commands radius Description: Enables, disables, and configures RADIUS authentication, which can only be used when the client has been properly configured and enabled. When the RADIUS Client is not enabled, the legacy password authentication will run as before. For more about Radius Client, refer to Section 3.6.1.
Built-in Commands radius (Continued) Options: radius — Shows RADIUS help. radius status — Shows all RADIUS client settings. radius [enable | disable] — Enables or disables the RADIUS Client. radius prim_ip — Shows the primary RADIUS server’s IP, in decimal-dotted format. radius sec_ip — Shows the secondary RADIUS server’s IP, in decimal-dotted format. radius timeout — Shows RADIUS server timeout in seconds.
Built-in Commands radius (Continued) Options: (Cont’d) radius prim_secret — Sets the primary RADIUS server’s shared secret. radius sec_secret — Sets the secondary RADIUS server’s shared secret. NOTES: The secret is NOT encrypted in transit; if this command is used over TELNET then the secret may be compromised. Examples:For maximum security, it is recommend to use a 16 to 32 character string for the shared secret code. For security reasons, the entered code appears as asterisks (*) on the screen.
Built-in Commands radius (Continued) Examples: (Cont’d) NOTE: The following shows examples of when 3, 7, and 32 characters are entered as the secret code (16 to 32 characters are recommended).
Built-in Commands rate_limit_mode (Continued) Examples: -> rate_limit_mode status Rate Limit Mode is: High Range (100Kbps - 1 Gbps). -> rate_limit_mode low_range This will reset board : Are you *SURE* ? -> rate_limit_mode high_range This will reset board : Are you *SURE* ? reset Description: Initiates a hardware reset of the device. This command initializes the CPU processor, runs the onboard diagnostics, and restarts the software image, which restores the user configuration settings from NVRAM.
Built-in Commands sat_size Description: Displays the current setting or sets the size of the Source Address Table (Forwarding Database) on the device to either 8000 or 16000 entries. The default is 8000 entries. When set to 16000, 400 Layer 2/3/4 VLAN Classification and Priority Assignment entries will be supported. The default is 1000 Layer 2/3/4 VLAN Classification and Priority Assignment entries. Changing of sat_size will lead to a reset of the board.
Built-in Commands show (Continued) Options: PROTOCOL — Specifies a protocol for which information will be displayed. TABLE — Specifies a type of table to display. fid – Show MAC addresses for the filter database identifier (fdbId). address – Show the address (mac) if it is known by the device. port – Show the addresses for the port (portNumber) only. type – Show addresses of the specified type only.
Built-in Commands soft_reset Description: Restarts the software image, which restores the user configuration settings from NVRAM. The user will be queried to confirm the reset command to ensure against unwanted resets. TIP: The Network Tools connection to the device will be terminated upon execution of this command. Syntax: soft_reset Options: None Example: ->soft_reset RESET: Are you *SURE* ? -> Y stpEdgePort Description: Sets a port to EDGE PORT (enable) or BRIDGE PORT (disable).
Built-in Commands stpForceVersion Description: Puts Spanning Tree into STP compatibility mode (0) or the default RSTP mode (2). Syntax: stpForceVersion [ 0 | 2 | status ] Options: stpForceVersion 0 – Indicates STP compatibility. Enable stpForceVersion 0 only if the user does not want to “run 802.1w,” which does not allow transmission of RSTP BPDUs. The bridge will only transmit config BPDUs and TCNs. Therefore, to another bridge, it looks like it is running 802.1D (with few exceptions).
Built-in Commands stpLegacyPathCost Description: Enables or disables the use of 802.1D or 802.1t Path Cost bridging values on the device. The default is legacy 802.1D standard Path Cost values. NOTE: When connecting ports between devices, it is recommended that the devices are all set to run either 802.1D or 802.1t. The path costs must be consistent between bridge ports of all the devices. Table 11-2 shows the path cost values when running 802.1t bridging.
Built-in Commands stpLegacyPathCost (Continued) Examples: To set the device to use the 802.1D legacy path costs, enter: -> stpLegacyPathCost enable To set the device to use the 802.1t path costs (default setting), enter: -> stpLegacyPathCost disable To determine if the device is currently operating using 802.1t or 802.1D path costs values, enter: -> stpLegacyPathCost status stpPointToPointMAC Description: Displays the current values or sets the value of stpPointToPointMAC to TRUE, FALSE or AUTO.
Built-in Commands stpPort Description: Enables, disables, or displays which physical ports are enabled as Spanning Tree ports. This command does not apply to virtual interfaces such as ATM. To enable, disable, or view the status of ATM ports, use the atm_stp_state command. Syntax: stpPort [status] stpPort [enable] [port#] stpPort [disable] [port#] Options: status — Displays a list of the physical ports that are enabled as Spanning Tree ports. enable port# — Enables a specific port.
Built-in Commands stpRealTimeMsgAge (Continued) Example: stpRealTimeMsgAge disable disabled suppress_topology_traps Description: Enables or disables the generation of topology traps on inter switch links. Only inter switch link ports that transition to forwarding or blocking cause the switch to issue a topology trap. By default, this feature is disabled and will allow the generation of topology traps.
Built-in Commands timed_soft_reset Description: Configures a soft reset in number of seconds, or displays when a soft reset will occur. The reset_nv and dont_reset_nv commands tell the timed reset if non-volatile memory should be reset or not. If reset non_volatile is chosen, ip will be retained. Entering a time of 0 will disable any currently enabled timed_reset.
Built-in Commands timed_reset (Continued) Options: status — Displays the current timed reset setting. t (seconds) — Specifies the number of seconds until the device will be reset. reset_nv — Resets non-volatile memory. dont_reset_nv — Does not reset non-volatile memory.
Built-in Commands vrrpPort Description: Enables, disables, or displays the status of Virtual Router Redundancy Protocol (VRRP) on front panel Ethernet or Fast Ethernet ports. When the link on a VRRP Port goes down or up, the database is purged. Then a notification is sent out to all LAN emulation clients (LECs) connected to the local HSIM/VHSIM to clear their LEARP cache.
Example, Effects of Aging Time on Dynamic Egress 11.3 EXAMPLE, EFFECTS OF AGING TIME ON DYNAMIC EGRESS This section provides an example of how aging time affects the dynamic recognition of frames from a user device on a port. In this example, assume that a rule set on Port 1 of the switch module classifies all IP frames to a Red VLAN. Once Port 1 receives a frame from a user device, the frame is classified to the Red VLAN and added to the dynamic Port VLAN List of Port 1.
Special Commands Solving the Problem In this example, Switch 1 (S1) has already been configured with a default VLAN 0001 associated with Filter Database Identifier (FDB ID) 0001 as the Port VLAN Identifier (PVID) on all ports. The following additional steps are required to configure the switch to solve this problem. 1. Define a new VLAN (VLAN ID 2) using the Static VLAN Configuration screen. 2.
12 VLAN Operation and Network Applications NOTE: It is recommended to read this chapter to gain an understanding of VLANs before configuring the switch. This chapter provides the following information: • Definition of VLANs (Section 12.1) • Types of VLANs (Section 12.2) • Benefits and Restrictions (Section 12.3) of VLANs • VLAN Terms (Section 12.4) • VLAN Operation (Section 12.5) • Configuration Process (Section 12.6) • VLAN Switch Operation (Section 12.7) • VLAN Configuration (Section 12.
Defining VLANs 12.1 DEFINING VLANs A Virtual Local Area Network is a group of devices that function as a single Local Area Network segment (broadcast domain). The devices that make up a particular VLAN may be widely separated, both by geography and location in the network. The creation of VLANs allows users located in separate areas or connected to separate ports to belong to a single VLAN group.
Types of VLANs In this example, the Sales and Finance workstations have been placed on two separate VLANs. In a plain Ethernet environment, the entire network is a broadcast domain, and the SmartSwitches follow the IEEE 802.1D bridging specification to send data between stations.
Benefits and Restrictions 12.3 BENEFITS AND RESTRICTIONS The primary benefit of the 802.1Q VLAN technology is that it provides localization of traffic. This function also offers improvements in security and performance to stations assigned to a VLAN. While the localization of traffic to VLANs can improve security and performance, it imposes some restrictions on network devices that participate in the VLAN.
VLAN Terms Table 12-1 VLAN Terms and Definitions (Continued) VLAN Term Definition Filtering Database Identifier (FDB ID) Addressing information that the device learns about a VLAN is stored in the filtering database assigned to that VLAN. Several VLANs can be assigned to the same FDB ID to allow those VLANs to share addressing information. This enables the devices in the different VLANs to communicate with each other when the individual ports have been configured to allow communication to occur.
VLAN Terms Table 12-1 VLAN Terms and Definitions (Continued) VLAN Term Definition 1Q Connection (previously referred to as a 1Q Trunk) A connection between 802.1Q switches that passes only traffic with a VLAN Tag Header inserted in each frame. All VLANs in the port’s Port VLAN List are configured to transmit all frames as tagged frames. The port will drop all incoming frames that do not have a VLAN tag.
VLAN Operation 12.5 VLAN OPERATION The following sections describe the operation of a VLAN switch and discusses the operations that a VLAN switch performs in response to both normal and VLAN-originated network traffic. 12.5.1 Description The 802.1Q VLAN operation is slightly different than the operation of traditional switched networking systems.
VLAN Switch Operation 12.6.1 Defining a VLAN A VLAN must exist and have a unique identity before any ports or rules can be assigned to it. The Administrator defines a VLAN by assigning it a unique identification number (the VLAN ID), a filter database association, and an optional name. The VLAN ID is the number that will identify data frames originating from, and intended for, the ports that will belong to this new VLAN. 12.6.
VLAN Switch Operation Figure 12-2 depicts the inside of a switch with six ports, numbered one through six. The switch has been configured to associate VLAN A and B with Filtering Database Identifier (FDB ID) 2, VLAN C and D with FDB ID 3, and VLAN E with FDB ID 4. Port 6 has been classified to serve as a VLAN trunk connection (will only transmit and receive tagged frames).
VLAN Switch Operation 12.7.1 Receiving Frames from VLAN Ports When a switch is placed in 802.1Q Operational Mode, every frame received by the switch must belong, or be assigned, to a VLAN. Untagged Frames The switch receives a frame from Port 1 and examines the frame. The switch notices that this frame does not currently have a VLAN tag. The switch recognizes that Port 1 is a member of VLAN A and classifies the frame as such.
VLAN Configuration 12.7.2.2 Known Unicasts When a VLAN switch receives a frame with a known MAC address as its destination address, the action taken by the switch to determine how the frame is transmitted depends on the VLAN, the VLAN associated FDB ID, and if the port identified to send the frame is enabled to do so. When a frame is received it is classified into a VLAN. The destination address is looked up in the FDB ID associated with the VLAN.
VLAN Configuration 12.8.2 Switch Without VLANs When the switch is powered up, the switch uses its default settings to switch frames like an 802.1Q switch. In this default configuration, all ports are a member of the default VLAN (VLAN 1) including the virtual Host Data Port of the switch, so any port can be used to manage the device as shown in Figure 12-3. Figure 12-3 Switch Management with Only Default VLAN 802.
VLAN Configuration Figure 12-4 Switch Management with VLANs Management VLAN VLAN A VLAN A 802.1Q Switch 1 2 4 Host Data Port 3 5 6 VLAN B VLAN B VLAN C 7 Set as an 802.1Q Trunk port. 30691_61 To set up the switch shown in Figure 12-4 to establish a management VLAN on port 1, use the following process: 1. Use the Static VLAN Configuration screen to define a new VLAN named “Management VLAN” (or other suitable name) and its VLAN ID. In this example, the VLAN ID is set to 2.
VLAN Configuration 5. Use the VLAN Port Configuration screen to enter the VLAN ID, 2, of the new Management VLAN as the Port VLAN ID (PVID) to the Host Data Port. The port number will depend on the device. This port is not a physical port and will usually be one number above the maximum number of physical ports on the device, including the ports on any optional interfaces installed. In this example, it will be port 8. Set the Acceptable Frame Types setting to the setting: ADMIT VLAN ALL FRAMES.
Summary of VLAN Local Management 12.9 SUMMARY OF VLAN LOCAL MANAGEMENT The VLAN configuration process is an extension of normal Local Management operations. A series of Local Management screens provides access to the functions and commands necessary to add, change, or delete VLANs and to assign ports to those VLANs. A switch supporting 802.1Q VLANs provides the VLAN Configuration screens as a standard part of its Local Management hierarchy when the switch is configured to operate in 802.1Q Mode.
Quick VLAN Walkthrough 12.10 QUICK VLAN WALKTHROUGH The procedures below provide a short tutorial walkthrough that presents each of the steps necessary to configure a new Static VLAN. These steps include the following: • Assigning a VLAN ID and VLAN Name • Assigning ports to the VLAN Egress list • Configuring the port parameters You may want to follow this walkthrough from start to finish before attempting to configure your own VLANs. This walkthrough begins at the 802.1Q VLAN Configuration Menu screen.
Quick VLAN Walkthrough Figure 12-6 Walkthrough Stage One, Static VLAN Configuration Screen VLAN ID FDB ID VLAN Name 1 1 Default VLAN 2 2 Test VLAN VLAN ID: 2 ADD VLAN Name: [ Test VLAN ] DEL MARKED NEXT EXIT RETURN 30691_63 Assigning Ports to the VLAN Egress list 1. Use the arrow keys to highlight the line in the list that has VLAN ID 2. As shown in Figure 12-6, the Static VLAN Egress Configuration screen displays showing all ports.
Quick VLAN Walkthrough Figure 12-7 Walkthrough Stage Two, Port 3 Egress Setting VLAN ID: 2 Port Egress ------------1 [ NO ] 2 [ NO ] 3 [UNTAGGED ] 4 [ NO ] 5 [ NO ] 6 [ NO ] 7 [ NO ] 8 [ NO ] FDB ID: 2 Port ---9 10 11 12 13 14 15 16 VLAN NAME: Test Egress ---------[ NO ] [ NO ] [ NO ] [ NO ] [ NO ] [ NO ] [ NO ] [ NO ] SET ALL PORTS: Port ---17 18 19 20 21 22 23 24 Port ---25 26 27 Egress ---------[ NO ] [ NO ] [ NO ] [ NO ] [ NO ] [ NO ] [ NO ] [ NO ] Egress ---------[ NO ] [ NO ] [ NO ] [UNTAGGE
Quick VLAN Walkthrough Figure 12-8 Walkthrough Stage Three, Port 10 Egress Setting VLAN ID: 2 Port Egress ------------1 [ NO ] 2 [ NO ] 3 [UNTAGGED ] 4 [ NO ] 5 [ NO ] 6 [ NO ] 7 [ NO ] 8 [ NO ] FDB ID: 2 VLAN NAME: Test Port ---17 18 19 20 21 22 23 24 Port Egress ------------9 [ NO ] 10 [ TAGGED ] 11 [ NO ] 12 [ NO ] 13 [ NO ] 14 [ NO ] 15 [ NO ] 16 [ NO ] SET ALL PORTS: Port ---25 26 27 Egress ---------[ NO ] [ NO ] [ NO ] [ NO ] [ NO ] [ NO ] [ NO ] [ NO ] Egress ---------[ NO ] [ NO ] [ NO ] [
Quick VLAN Walkthrough 7. Leave the GVRP STATUS field for Port 3 in the default setting of ENABLED. This sets Port 10 as a GVRP port to receive registrations of dynamically created VLANs. 8. Leave the PVID field for Port 10 set in the default setting of 1. NOTE: Since Port 10 will be used for switch-to-switch communications, the PVID is left set on the default VLAN value of 1. This associates Port 10 with all VLANs on the switch.
Examples This effectively completes the configuration of a single VLAN, assigning it to a port, and configuring the switch to forward the frames received on that port to a trunk port. The trunk port in turn forwards the frames as tagged to another switch. You can now use the VLAN Classification Configuration and Port Protocol Configuration screens to transmit frames according to classification rules and associated ports, as described in Chapter 7. 12.
Example 1, Single Switch Operation 12.12.1 Solving the Problem To set up this switch, users will be assigned to two new VLANs, red stations to the Red VLAN, and blue stations to the Blue VLAN. The information below describes how the switch is configured to create these two VLANs and how users are assigned to them. 1. The switch is set for 802.1Q operation. 2. VLAN ID 2 (Red VLAN) and VLAN ID 3 (Blue VLAN) are created using the Static VLAN Configuration screen.
Example 1, Single Switch Operation Figure 12-11 Switch Configured for VLANs R1 802.1Q Switch 1 VLAN ID 002 R2 2 VLAN ID 003 5 VLAN ID 002 R2 4 3 B2 VLAN ID 003 6 VLAN ID 002 B3 B1 VLAN ID 003 30691_68 The switch will now classify each frame received as belonging to either the Red or Blue VLANs. Traffic from one VLAN will not be forwarded to the members of the other VLAN, and all frames transmitted by the switch will be normal, untagged Ethernet frames. 12.12.
Example 2, VLANs Across Multiple Switches 5. The switch adds the source MAC address and VLAN for station R2 to its Source Address Table in FDB ID 2, and checks the Source Address Table for the destination MAC address given in the frame. The switch finds the MAC address and VLAN in this table, and recognizes that the MAC address and VLAN match for R1 is located out Port 1. 6.
Example 2, VLANs Across Multiple Switches Figure 12-12 Example 2, VLANs Across Multiple Switches Redco Blue Industries User A 2 Bridge 1 Red VLAN 1 4 Bridge 2 3 Blue VLAN 4 Floor 4 Floor 3 Redco Blue Industries File Server 2 Bridge 3 1 Blue VLAN 2 Bridge 4 File Server 3 Red VLAN Floor 2 Floor 1 User 802.1D Legacy Bridge 802.
Example 2, VLANs Across Multiple Switches 12.13.1 Solving the Problem To solve the problem in this example, the users are assigned to VLANs using Switch 4 and Switch 2 as shown in Figure 12-12. Redco users are assigned to the Red VLAN and Blue Industries users to the Blue VLAN. The following information shows how Switch 4 and Switch 2 are configured to create the two VLANs to isolate the users of the two companies from one another on the network using the existing infrastructure.
Example 2, VLANs Across Multiple Switches 4. Port 4 is configured as a trunk port by setting the Egress type for both VLAN ID 2, Port 4 and VLAN ID 3, Port 4 to TAGGED using the Static VLAN Egress Configuration screen. This means that these ports will only transmit tagged VLAN frames. • Port 4, Egress: TAGGED 5.
Example 2, VLANs Across Multiple Switches • Port 3 is set as follows: PVID: 2 Acceptable Frame Types: ADMIT ALL FRAMES Ingress Filtering: ENABLED GVRP Status: DISABLED This causes the switch to classify all untagged frames received as belonging to the VLAN specified by each port PVID and to replace the previous PVID information in the port VLAN List with the new PVID information. This makes Port 1 part of the Blue VLAN, Port 3 part of the Red VLAN, and both are set to the VLAN frame format of untagged. 4.
Example 2, VLANs Across Multiple Switches 12.13.2 Frame Handling The following describes how, when User A attempts to log on to the File Server on Bridge 4, the frames from User A are classified on Switch 4 and traverse the network. In this example, the MAC address of User A is “Y” and the MAC address for the File Server is “Z”. The following description includes illustrations to help understand how the frames flow through the network. 1.
Example 2, VLANs Across Multiple Switches Figure 12-14 Transmitting to Switch 4 Redco Blue Industries 2 User A Bridge 1 1 4 Red VLAN Bridge 2 3 Blue VLAN 4 Floor 4 Floor 3 Redco Blue Industries 2 Bridge 3 Blue VLAN 1 Bridge 4 2 File Server 3 Red VLAN Floor 2 30691_71 3. When Switch 2 receives the tagged frame on its Port 2, it checks the frame’s VLAN Tag Header and determines that the frame is classified as belonging to the Red VLAN, and that the frame is a broadcast frame.
Example 2, VLANs Across Multiple Switches Figure 12-15 Transmitting to Bridge 4 Floor 3 Redco Blue Industries 2 Bridge 3 Blue VLAN 1 2 3 Bridge 4 File Server Red VLAN Floor 2 30691_72 4. The File Server responds with a unicast frame to User A. All switches between the File Server and User A have an entry in their respective Source Address Tables identifying which port to use for forwarding the frame to User A, MAC address “Y” in FDB ID 2.
Example 3, Filtering Traffic According to a Layer 4 Classification Rule 12.14 EXAMPLE 3, FILTERING TRAFFIC ACCORDING TO A LAYER 4 CLASSIFICATION RULE This example illustrates how to filter out broadcast transmissions at Layer 4 from other parts of a network. In this example, illustrated in Figure 12-16, Switches S1 and S2 have already been configured and are operating.
Example 4, Securing Sensitive Information According to Subnet 2. The VLAN Classification Configuration screen is used to configure the switch to detect and classify the incoming RIP broadcast frames on Port 25 to the Null VLAN. Since the Null VLAN is not assigned to any port, the frame is dropped (not transmitted out any port). The VLAN Classification Configuration screen is set as follows: • VID: 99 • Classification: Dest UDP Port • IP UDP Port: 520 Port 520 is a well known port number used by RIP. 12.
Example 5, Using Dynamic Egress to Control Traffic 12.15.1 Solving the Problem In this example, Switch 1 (S1) has already been configured and is operating. To isolate the Finance Department traffic, Subnet 28 will be isolated from the Engineering Department subnet 50 and other users on the company’s network (123.123.xx.xx). The following covers only those steps needed to configure the switch to solve the problem.
Example 5, Using Dynamic Egress to Control Traffic Figure 12-18 Example 5, Dynamic Egress Application PCs IP IP AppleTalk IP AppleTalk IP AppleTalk IP 123456 AppleTalk IP S1 7 Web Server 30691_75 Solving the Problem In this example, Switch 1 (S1) has already been configured with a default VLAN 0001 associated with FDB ID 0001 as the PVID on all ports. The following additional steps are required to configure the switch to solve this problem. 1.
Example 6, Locking a MAC Address to a Port Using Classification Rules In this example, the AppleTalk traffic is routed only to AppleTalk users (ports 1, 2, 5, and 6), while IP traffic is allowed to be seen by IP users (ports 3, 4, and 7) and by IP/AppleTalk users (ports 1, 2, 5, and 6). 12.17 EXAMPLE 6, LOCKING A MAC ADDRESS TO A PORT USING CLASSIFICATION RULES The following example illustrates how to add security by “locking” an individual MAC address to a port on the SmartSwitch device (S1).
Example 6, Locking a MAC Address to a Port Using Classification Rules The objective here is to configure S1 so that when it receives a frame on Port 1 from MAC address 00.00.00.00.00.0A, the frame is classified into the Red VLAN. When S1 receives a frame on Port 1 from a MAC address other than 00.00.00.00.00.0A, the frame is associated with the Default VLAN. To accomplish this, S1 is configured so that the frames originating from the Red VLAN are eligible to be forwarded out the desired ports.
Example 6, Locking a MAC Address to a Port Using Classification Rules 2. Assign Port 1 and 2 to the Red VLAN and set the ports to handle untagged frames as follows: • The Red VLAN is selected from the Static VLAN Configuration screen to display the Static VLAN Egress Configuration screen.
Example 6, Locking a MAC Address to a Port Using Classification Rules 5.
A Generic Attribute Registration Protocol (GARP) This appendix describes the switch operation when its ports are operating under the Generic Attribute Registration Protocol (GARP) application – GARP VLAN Registration Protocol (GVRP). NOTE: There is a global setting for GVRP that is enabled by default. Access to these settings is only available through a MIB. A.1 OVERVIEW The process of the forwarding decision and tagging frames is the same as for 802.1Q as described in Chapter 12.
How It Works A.2 HOW IT WORKS In Figure A-1, Switch 4, port 1 is registered as being a member of VLAN Blue and then declares this fact out all its ports (2 and 3) to Switch 1 and Switch 2. These two switches register this in the Port VLAN Lists of the ports (Switch 1, port 1 and Switch 2, port 1) that received the frames with the information.
B About IGMP This appendix provides information about the following: • IGMP Overview (Section B.1) • Supported Features and Functions (Section B.2) • Detecting Multicast Routers (Section B.3) B.1 IGMP OVERVIEW Internet Group Management Protocol (IGMP) is a multicast protocol used by routers. This protocol is supported by Enterasys Network SmartSwitches when operating in the 802.1Q mode to “snoop” the IGMP frames.
Supported Features and Functions B.2 SUPPORTED FEATURES AND FUNCTIONS The following lists the features and functions supported when using IGMP: • Runs only when the switch is operating in the 802.1Q mode. • Supports multiple multicast and non-multicast routers on the same VLAN. • Supports stand alone multicast servers only if a router is present on the network. • Multicast forwarding rate is dependent on the number of ports the multicast stream is forwarded to. More ports degrade the performance.
Detecting Multicast Routers B.3 DETECTING MULTICAST ROUTERS The location of a router needs to be known in order to forward IGMP report frames back to the router. The router(s) send multicast routing protocol frames which get flooded throughout the network. By snooping on these protocol, the switch will mark ports as connected to a router. The port is put in a “forward all” mode where all multicast frames will be flooded.
Index Numerics 1D Connection 12-6 1D Trunk 7-20 1Q Connection 12-6 1Q Trunk 7-20 802.1 Configuration Menu screen 6-2 802.1p Configuration Menu screen 8-2 802.1Q switching mode hierarchy of 3-2 802.1Q VLAN Configuration Menu screen 7-3 802.3ad Aggregator Details screen 5-41 screen fields Admin Key 5-42 Aggregator Instance 5-42 Collector Max Delay 5-42 Oper Key (Actor) 5-42 Oper Key (Partner) 5-42 System Identifier 5-42 System Priority (Actor) 5-42 System Priority (Partner) 5-42 802.
MuxReason 5-38 MuxState 5-38 PartnerChangeCount 5-38 PartnerChurnCount 5-38 PartnerChurnState 5-38 Port Instance 5-37 PsyncTransCount 5-38 RxState 5-37 UnknownR 5-37 802.
E EAP 3-15 EAP (Port) Configuration screen 3-35 screen fields Authentication State 3-36 Backend State 3-37 Force Reauth 3-39 Initialized Port 3-39 Maximum Requirements 3-39 Port 3-36 Port Control 3-38 EAP Authenticator Statistics screen 3-44 screen fields CLEAR COUNTERS 3-46 Frame Source 3-46 Frame Version 3-46 Invalid Frames Rx 3-46 Length Error Frames Rx 3-46 Logoff Frames Rx 3-45 Port Number 3-46 Request Frames Tx 3-46 Request Id Frames Tx 3-46 Response Frames Rx 3-46 Response Id Frames Rx 3-46 Start Fra
Examples 12-21 Extensible Authentication Protocol 3-15 F FID.
Interface Robustness 9-5 Last Member Query Interval 9-5 Multicast Pool Size 9-6 Querier Address 9-6 Querier Expire Time 9-6 Querier Uptime 9-6 Query Interval 9-5 Query Response Time 9-5 Switch Query IP 9-6 VLAN ID 9-7 Ingress Filtering enabling or disabling of port 7-21 Input field 1-5 Interface Statistics screen 10-5 screen fields Address 10-7 Admin Status 10-8 CLEAR COUNTERS 10-8 InDiscards 10-7 InErrors 10-7 InNonUnicast 10-7 InOctets 10-6 Interface 10-6 Interface (command) 10-8 InUnicast 10-7 InUnknownP
when not configured with VLANs 12-12 Module Login Passwords screen (Security) 3-25 Access Policy 3-26 Password 3-26 Restrict NVRAM Passwords from Upload/ Download 3-26 Switch 8 3-26 Module Time 4-6 Moving the cursor 1-3 N Name Services Configuration screen 3-31 Names Services Configuration screen screen fields Name Services 3-32 Secure Harbour IP 3-32 Switch Name 3-32 Web Authentication 3-32 Navigating screens 3-1 Network management in-band 1-3 out-of-band 1-3 Network Tools built-in commands 11-2 alias 11-
screen fields Port 8-6 Port Redirect Configuration screen 5-15 screen fields Destination Port 5-16 Destination Port [n] 5-17 Frame Format (Read-Only) 5-17 Frame Format (Selectable) 5-17 Redirect Errors 5-17 Redirect Errors (Toggle) 5-17 Source Port 5-16 Source Port [n] 5-17 Status 5-17 Port Security setup example 12-36 Port VLAN list 12-5 Port Web Authentication 3-15 Ports setting Egress types on 7-13 PREVIOUS command how to use 3-4 Priority Classification Configuration screen 8-16 screen fields ADD 8-18 Cl
example of 8-44 more about 8-44 Rate Limiting Configuration screen 8-37 screen fields ADD 8-41 DEL ALL/DEL MARKED 8-41 Direction 8-39–8-40 Dropped Events 8-39 Feature 8-39 Kbps 8-41 Max Traffic Rate 8-39 Port 8-38 Port Number 8-39 Port Type 8-39 Priority List 8-38, 8-40 Redirect Configuration Menu screen 5-13 Related manuals xx Remote management.
EAP Session Statistics screen 3-42 EAP Statistics Menu screen 3-40 Ethernet Interface Configuration screen 5-4 Ethernet Port Configuration screen 5-7 exiting from 3-3 FLASH Download Configuration screen 4-30 General Configuration screen 4-4 hierarchy of 3-1 HSIM/VHSIM Configuration screen 5-13 IGMP/VLAN Configuration screen 9-3 Interface Statistics screen 10-5 Layer 3 Extensions Menu screen 9-1 Link Aggregation Menu screen. See 802.
trap table configuration 4-22 Spanning Tree Configuration Menu screen 6-4 Spanning Tree Configuration screen 6-5 screen fields ADD ALL CONFIGURED VLAN 6-7 Age Time 6-6 Current STP Mode 6-7 Operation 6-7 Priority 6-7 VLAN 6-6 VLAN (Modifiable) 6-7 Spanning Tree Port Configuration screen 6-9 screen fields Age Time 6-10 MAC Address 6-10 Number of Ports 6-10 PORT # 6-10 State 6-10 Status 6-10 STP Instance 6-10 Switch Address 6-10 Special commands use of 11-3 Special Commands, Network Tools 11-40 Static VLAN Con
Traffic Class 8-11 Traffic Class Information screen 8-7 screen fields Port 8-9 Priority 8-9 Traffic Class to Port Priority assignment of 8-11 Transmit Queues Configuration screen 8-12 screen fields Current Queueing Mode 8-14 Number of Queues 8-14 Port 8-14 SET ALL PORTS 8-14 Weights Q0, Q1, Q2, Q3 8-14 Trap table configuration 4-22 Traps enable 4-22 U Uninterruptible Power Supply COM configuration for 2-4 connection of 2-4 Untagged frame 12-5, 12-10 V VLAN assigning ports 12-8 components 12-7 configuratio