3Com® Baseline Switch 2924-PWR Plus User Guide 3CBLSG24PWR www.3Com.com Part Number 10016095 Rev.
3Com Corporation 350 Campus Drive Marlborough, MA 01752-3064 Copyright © 2007, 3Com Corporation. All rights reserved. No part of this documentation may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without written permission from 3Com Corporation.
ABOUT THIS GUIDE This guide provides information about the Web user interface for the 3Com® Baseline Switch 2924-PWR Plus. The Web interface is a network management system that allows you to configure, monitor, and troubleshoot your switch from a remote web browser. The Web interface web pages are easy-to-use and easy-to-navigate. User Guide Overview This section provides an overview to the User Guide.
ABOUT THIS GUIDE ■ Configuring VLANs — Provides information for configuring VLANs. VLANs are logical subgroups with a Local Area Network (LAN) which combine user stations and network devices into a single virtual LAN segment, regardless of the physical LAN segment to which they are attached. ■ Configuring IP and MAC Address Information — Provides information for configuring IP addresses, DHCP and ARP. ■ Configuring IGMP Snooping — Provides information for configuring IGMP Snooping.
Intended Audience Intended Audience 5 This guide is intended for network administrators familiar with IT concepts and terminology. If release notes are shipped with your product and the information there differs from the information in this guide, follow the instructions in the release notes. Most user guides and release notes are available in Adobe Acrobat Reader Portable Document Format (PDF) or HTML on the 3Com Web site: ■ Conventions http://www.3Com.
CONTENTS ABOUT THIS GUIDE User Guide Overview ................................................................................. 3 Intended Audience..................................................................................... 5 Conventions .............................................................................................. 5 Related Documentation ............................................................................. 5 1 GETTING STARTED About the Switch 2924-PWR ...................
2 USING THE 3COM WEB INTERFACE Starting the 3Com Web Interface .............................................................31 Multi-Session Web Connections ..................................................... 31 Accessing the 3Com Web Interface ................................................ 32 Understanding the 3Com Web Interface...................................................33 Device Representation ....................................................................
Viewing ACL Binding ..................................................................... 83 Configuring ACL Binding ............................................................... 84 Removing ACL Binding .................................................................. 85 Enabling Broadcast Storm ........................................................................ 86 5 MANAGING SYSTEM INFORMATION Viewing System Description ...........................................................
CONFIGURING IP AND MAC ADDRESS INFORMATION Defining IP Addressing ................................................................. 126 Configuring ARP Settings .......................................................................127 Viewing ARP Settings ................................................................... 128 Defining ARP Settings .................................................................. 129 Removing ARP Entries ..................................................................
Configuring Trust Settings ........................................................... 169 Viewing Bandwidth Settings ........................................................ 170 Defining Bandwidth Settings ........................................................ 172 Defining Voice VLAN.............................................................................. 174 Viewing Voice VLANs ................................................................... 175 Defining Voice VLAN ..............................
A 3COM NETWORK MANAGEMENT 3Com Network Supervisor......................................................................212 3Com Network Director .........................................................................213 3Com Network Access Manager ............................................................213 3Com Enterprise Management Suite ......................................................214 Integration Kit with HP OpenView Network Node Manager ....................
Upgrade ...................................................................................... Initialize ....................................................................................... Reboot ........................................................................................ Logout ......................................................................................... Password .....................................................................................
1 GETTING STARTED This chapter contains introductory information about the 3Com® Baseline Switch 2924-PWR Plus (hereafter called the Switch) and how they can be used in your network.
CHAPTER 1: GETTING STARTED About the Switch 2924-PWR The Switch 2924-PWR is a Gigabit Ethernet switching products that delivers flexible three-speed performance (10/100/1000), Power over Ethernet (PoE) and advanced voice-optimized features such as auto-QoS and auto-voice VLAN. This makes the switch ideal for medium businesses and small enterprises seeking to build a secure converged network.
Front Panel Detail 15 Table 1 Hardware Features (continued) Feature Switch 2924-PWR Ethernet, Fast Ethernet, Auto-negotiating 10/100/1000BASE-T ports and Gigabit Ethernet Ports Front Panel Detail SFP Ethernet Ports Supports fiber Gigabit Ethernet long-wave (LX), and fiber Gigabit Ethernet short-wave (SX) transceivers in any combination.
CHAPTER 1: GETTING STARTED LED Status Indicators The 2924-PWR SFP Plus 24-Port Ethernet switch provides LED indicators on the front panel for your convenience to monitor the switch. Table 2 describes the meanings of the LEDs. Table 2 Description on the LEDs of the Switch 2924-PWR LED Label Status Description Power Power Green The switch starts normally. The LED flashes when the system is performing power-on self test (POST). Yellow The system has failed the POST.
System Specifications System Specifications Table 3 contains the system specifications of the 2924-PWR series switch. Table 3 System specifications of the Switch 2924PWR series switch Specification Switch 2924-PWR Plus 24-Port 3CBLSG24PWR Physical dimensions (H×W×D) 44×440×265 mm (1.73 17.3 10.43 in.) Weight 3.6 kg (7.
CHAPTER 1: GETTING STARTED Installing the Switch This section contains information that you need to install and set up your 3Com switch. WARNING: Safety Information. Before you install or remove any components from the Switch or carry out any maintenance procedures, you must read the 3Com Switch Family Safety and Regulatory Information document enclosed. AVERTISSEMENT: Consignes de securite.
Setting Up for Management Setting Up for Management 19 To make full use of the features offered by your switch, and to change and monitor the way it works, you have to access the management software that resides on the switch. This is known as managing the switch. Managing the switch can help you to improve the efficiency of the switch and therefore the overall performance of your network.
CHAPTER 1: GETTING STARTED Figure 2 Web Interface Management over the Network Switch Workstation Connect over Network via web browser Refer to “Setting Up Web Interface Management” on page 27. SNMP Management You can manage a switch using any network management workstation running the Simple Network Management Protocol (SNMP) as shown in Figure 3. For example, you can use the 3Com Network Director software, available from the 3Com website.
Switch Setup Overview 21 Figure 4 Initial Switch Setup and Management Flow Diagram Plug and Play Setup Power Up the Switch.
CHAPTER 1: GETTING STARTED IP Configuration The switch’s IP configuration is determined automatically using DHCP, or manually using values you assign. Automatic IP Configuration using DHCP By default the switch tries to configure its IP Information without requesting user intervention. It tries to obtain an IP address from a DHCP server on the network. Default IP Address If no DHCP server is detected, the switch will use its default IP information. The default IP address is 169.254.x.
Using the Command Line Interface (CLI) ■ 23 Your DHCP server does not allow you to allocate static IP addresses. (Static IP addresses are necessary to ensure that the switch is always allocated the same IP information.) For most installations, 3Com recommends that you configure the switch IP information manually. This makes management simpler and more reliable as it is not dependent on a DHCP server, and eliminates the risk of the IP address changing.
CHAPTER 1: GETTING STARTED Connecting the Workstation to the Switch 1 Connect the workstation to the console port using the console cable as shown in Figure 5. Figure 5 Connecting a Workstation to the Switch using the Console Port Workstation (with terminal emulation software installed) Switch Console Port Connection Console Cable To connect the cable: a Attach the cable’s RJ-45 connector to the Console port of the switch. b Attach the other end of the cable to the workstation.
Using the Command Line Interface (CLI) 25 1 Connect to the switch Console port as described in “Connecting to the Console Port” page 23. 2 The command line interface login sequence begins as soon as the switch detects a connection to its console port. When the process completes, the Login prompt displays. 3 At the login prompt, enter admin as your user name and press Return. The Password prompt displays. 4 Press Return. If you have logged on correctly, Select menu option# should be displayed.
CHAPTER 1: GETTING STARTED 5 Enter Summary to view a summary of allocated IP addresses. The following is an example of the display from the Summary command. Select menu option# summary IP Method: default IP address: 169.254.99.51 Subnet mask: 255.255.0.0 Runtime version: 00_00_38 (date 01-Apr-2007 time 15:31:29) Bootcode version: 1.0.0.
Setting Up Web Interface Management Setting Up Web Interface Management 27 This section describes how you can set up web interface management over the network. Prerequisites ■ Ensure you have already set up the switch with IP information as described in “Methods of Managing a Switch” on page 19. ■ Ensure that the switch is connected to the network using a Category 5 twisted pair Ethernet cable with RJ-45 connectors. ■ A suitable Web browser.
CHAPTER 1: GETTING STARTED Web Management Over the Network To manage a switch using the web interface over an IP network: 1 Be sure that you know your switch’s IP address. See “IP Configuration” on page 22, and “Viewing IP Information using the Console Port” on page 25. 2 Check that your management workstation is on the same subnet as your switch. 3 Check you can communicate with the switch by entering a ping command at the DOS or CMD prompt in the following format: c:\ ping xxx.xxx.xxx.
Default Users and Passwords Default Users and Passwords 29 If you intend to manage the switch or to change the default passwords, you must log in with a valid user name and password. The switch has one default user name. The default user is listed in Table 5. Table 5 Default Users Default User Name Password admin (no password) Access Level Management — The user can access and change all manageable parameters Use the admin default user name (no password) to login and carry out initial switch setup.
2 USING THE 3COM WEB INTERFACE This section provides an introduction to the user interface, and includes the following topics: ■ Starting the 3Com Web Interface ■ Understanding the 3Com Web Interface ■ Saving the Configuration ■ Resetting the Device ■ Restoring Factory Defaults ■ Logging Off the Device
Starting the 3Com Web Interface Starting the 3Com Web Interface Multi-Session Web Connections 31 This section includes the following topics: ■ Multi-Session Web Connections ■ Accessing the 3Com Web Interface The Multi-Session web connections feature enables 10 users to be created and access the switch concurrently. Access levels provide read or read/write permissions to users for configuring the switch. Users and access levels are described in Configuring System Access.
CHAPTER 2: USING THE 3COM WEB INTERFACE Accessing the 3Com Web Interface This section contains information on starting the 3Com Web interface. To access the 3Com user interface: 1 Open an Internet browser. 2 Enter the device IP address in the address bar and press Enter. The Enter Network Password Page opens: Figure 6 Enter Network Password Page 3 Enter your user name and password. The device default factory settings is configured with a User Name that is admin and a password that is blank.
Understanding the 3Com Web Interface 33 Figure 7 3Com Web Interface Home Page Understanding the 3Com Web Interface The 3Com Web Interface Home Page contains the following views: ■ Tab View — Provides the device summary configuration located at the top of the home page. ■ Tree View — Provides easy navigation through the configurable device features. The main branches expand to display the sub-features.
CHAPTER 2: USING THE 3COM WEB INTERFACE Figure 8 Web Interface Components The following table lists the user interface components with their corresponding numbers: Table 6: Interface Components Vi ew Des cription 1 Tree View Tree View provides easy navigation through the configurable device features. The main branches expand to display the sub-features. 2 Tab View The Tab Area enables navigation through the different device features.
Understanding the 3Com Web Interface Device Representation 35 The 3Com Web Interface Home Page contains a graphical panel representation of the device that appears within the Device View Tab. To access the Device Representation: 1 Click Device Summary > Device View. Figure 9 Device Representation 2 By selecting a specific port with your mouse, you can view the port statistics. For detailed information on configuring ports, please refer to Configuring Ports.
CHAPTER 2: USING THE 3COM WEB INTERFACE Using Screen and Table Options The 3Com Web interface contains screens and tables for configuring devices. This section contains the following topics: ■ Viewing Configuration Information ■ Adding Configuration Information ■ Modifying Configuration Information ■ Removing Configuration Information Viewing Configuration Information To view configuration information: 1 Click Port > Administration > Summary.
Using Screen and Table Options 37 Adding Configuration Information User-defined information can be added to specific 3Com Web Interface pages, by opening the IP Setup Page. To configure IP Setup: 1 Click Administration > IP Setup. The IP Setup Page opens: Figure 11 IP Setup Page 2 Enter requisite information in the text field. 3 Click updated. .
CHAPTER 2: USING THE 3COM WEB INTERFACE Modifying Configuration Information 1 Click Administration > System Access > Modify. The System Access Modify Page opens: Figure 12 System Access Modify Page 2 Modify the fields. 3 Click . The access fields are modified.
Using Screen and Table Options 39 Removing Configuration Information 1 Click Administration > System Access > Remove. The System Access Remove Page opens: Figure 13 System Access Remove Page 2 Select the user account to be deleted. 3 Click . The user account is deleted, and the device is updated.
CHAPTER 2: USING THE 3COM WEB INTERFACE Saving the Configuration Configuration changes are only saved to the device once the user saves the changes to the flash memory. The Save Configuration tab allows the latest configuration to be saved to the flash memory. To save the device configuration: 1 Click Save Configuration. The Save Configuration Page opens: Figure 14 Save Configuration Page A message appears: The operation will save your configuration. Do you wish to continue? 2 Click .
Resetting the Device Resetting the Device 41 The Reset Page enables resetting the device from a remote location. To prevent the current configuration from being lost, use the Save Configuration Page to save all user-defined changes to the flash memory before resetting the device. To reset the device: 1 Click Administration > Reset. The Reset Page opens: Figure 15 Reset Page 2 Click . A confirmation message is displayed.
CHAPTER 2: USING THE 3COM WEB INTERFACE 3 Click . The device is reset, and a prompt for a user name and password is displayed. Figure 16 User Name and Password Page 4 Enter a user name and password to reconnect to the web interface.
Restoring Factory Defaults Restoring Factory Defaults The Restore option appears on the Reset Page. The Restore option restores device factory defaults. To restore the device: 1 Click Administration > Reset. The Reset Page opens: Figure 17 Reset Page The Reset Page contains the following fields: ■ ■ 2 Click Initialize with Current IP Address — Resets the device with the factory default settings, but maintains the current IP Address.
CHAPTER 2: USING THE 3COM WEB INTERFACE Logging Off the Device To log off the device: 1 Click . The Logout Page opens. 2 The following message appears: 3 Click . The 3Com Web Interface Home Page closes.
3 VIEWING BASIC SETTINGS This section contains information for viewing basic settings. The 3Com Web Interface Home Page presents a device summary section that provides the system administrator with the option to view essential information required for setting up and maintaining device settings.
CHAPTER 3: VIEWING BASIC SETTINGS Viewing Device Settings The Device Summary Page displays parameters for viewing general device information, including the system name, location, and contact, the system MAC Address, System Object ID, System Up Time, and MAC addresses, and both software, boot, and hardware versions. To view the Device Summary Settings: 1 Click Device Summary.
■ System Object ID — Displays the vendor’s authoritative identification of the network management subsystem contained in the entity. ■ MAC Address — Displays the device MAC address. ■ System Up Time — Displays the amount of time since the most recent device reset. The system time is displayed in the following format: Days, Hours, Minutes, and Seconds. For example, 41 days, 2 hours, 22 minutes and 15 seconds. ■ Software Version — Displays the installed software version number.
CHAPTER 3: VIEWING BASIC SETTINGS Viewing Color Keys The Color Key Page provides information regarding the RJ45 or SFP port status on the device. The various colors key indicate the port status, speed and link of a selected port. To view color keys: 1 Click Device Summary > Color Key.
4 MANAGING DEVICE SECURITY The Management Security section provides information for configuring system access, defining RADIUS authentication, port-based authentication and defining access control lists. This section includes the following topics: ■ Configuring System Access ■ Defining RADIUS Clients ■ Defining Port-Based Authentication (802.
CHAPTER 4: MANAGING DEVICE SECURITY Configuring System Access Network administrators can define users, passwords, and access levels for users using the System Access Interface. The Multi-Session web feature is enabled on device and allows 10 users to be created and access the switch concurrently. Access levels provide read or read/write permissions to users for configuring the switch. Login information is managed in the local database. A unique password is required of each user.
Configuring System Access Viewing System Access Settings 51 The System Access Summary Page displays the current users and access levels defined on the device. To view System Access settings: 1 Click Administration > System Access > Summary. The System Access Summary Page opens: Figure 20 System Access Summary Page The System Access Summary Page contains the following fields: ■ User Name — Displays the user name.
CHAPTER 4: MANAGING DEVICE SECURITY Defining System Access The System Access Setup Page allows network administrators to define users, passwords, and access levels for users using the System Access Interface. Monitor users have no access to this page. To define System Access: 1 Click Administration > System Access > Setup. The System Access Setup Page opens: Figure 21 System Access Setup Page The System Access Setup Page contains the following fields: User Name — Defines the user name.
Configuring System Access Modifying System Access 53 The System Access Modify Page allows network administrators to modify users, passwords, and access levels for users using the System Access Interface. Monitor users have no access to this page. To modify System Access: 1 Click Administration > System Access > Modify. The System Access Modify Page opens: Figure 22 System Access Modify Page The System Access Modify Page contains the following fields: User Name — Displays the user name.
CHAPTER 4: MANAGING DEVICE SECURITY Removing System Access The System Access Remove Page allows network administrators to remove users from the System Access Interface. Monitor users have no access to this page. To remove users: 1 Click Administration > System Access > Remove. The System Access Remove Page opens: Figure 23 System Access Remove Page The System Access Remove Page contains the following fields: Remove User(s) — Users to be removed can be selected from the list below.
Defining RADIUS Clients Defining RADIUS Clients 55 Remote Authorization Dial-In User Service (RADIUS) servers provide additional security for networks. RADIUS servers provide a centralized authentication method for 802.1X. The default parameters are user-defined, and are applied to newly defined RADIUS servers. If new default parameters are not defined, the system default values are applied to newly defined RADIUS servers. Monitor users have no access to this page.
CHAPTER 4: MANAGING DEVICE SECURITY ■ Authentication Port — Defines the authentication port. The authentication port is used to verify the RADIUS server authentication. The authentication port default is 1812. ■ Number of Retries — Defines the number of transmitted requests sent to the RADIUS server before a failure occurs. Possible field values are 1-10. The default value is 3.
Defining Port-Based Authentication (802.1X) Defining Port-Based Authentication (802.1X) 57 Port-based authentication authenticates users on a per-port basis via an external server. Only authenticated and approved system users can transmit and receive data. Ports are authenticated via the RADIUS server using the Extensible Authentication Protocol (EAP). Port-based authentication includes: ■ Authenticators — Specifies the device port which is authenticated before permitting system access.
CHAPTER 4: MANAGING DEVICE SECURITY Viewing 802.1X Authentication The 802.1X Summary Page allows the network administrator to view port-based authentication settings. To view Port-based Authentication: 1 Click Security > 802.1X > Summary. The 802.1X Summary Page opens: Figure 25 802.1X Summary Page The 802.1X Summary Page contains the following fields: ■ Port — Displays a list of interfaces. ■ User Name — Displays the supplicant user name.
Defining Port-Based Authentication (802.1X) 59 ■ Current Port Control — Displays the current port authorization state. ■ Guest VLAN — Indicates whether an unauthorized port is allowed to join the Guest VLAN. The possible field values are: ■ ■ Enable — Enables an unauthorized port to join the Guest VLAN. ■ Disable — Disables an unauthorized port to join the Guest VLAN. Periodic Reauthentication — Indicates if periodic reauthentication is enabled on the port.
CHAPTER 4: MANAGING DEVICE SECURITY Defining 802.1X Authentication The 802.1X Setup Page contains information for configuring 802.1X global settings on the device and defining specific 802.1X setting for each port individually. Monitor users have no access to this page. To configure 802.1X Settings: 1 Click Security > 802.1X > Setup. The 802.1X Setup Page opens: Figure 26 802.1X Setup Page The 802.1X Setup Page contains the following fields: 802.
Defining Port-Based Authentication (802.1X) 61 ■ Enable Guest VLAN — Provides limited network access to authorized ports. If a port is denied network access via port-based authorization, but the Guest VLAN is enabled, the port receives limited network access. For example, a network administrator can use Guest VLANs to deny network access via port-based authentication, but grant Internet access to unauthorized users. ■ Guest VLAN ID — Specifies the guest VLAN ID. 802.
CHAPTER 4: MANAGING DEVICE SECURITY Defining Access Control Lists Access Control Lists (ACLs) allow network managers to define classification actions and rules for specific ingress ports. A network manager can configure an ACL on an ingress port so that packets are either admitted or denied entry. The user can also specify that when packets are denied entry, the ingress port is also disabled.
Defining Access Control Lists Viewing MAC Based ACLs 63 The MAC Based ACL Summary Page displays information regarding MAC Based ACLs configured on the device. Ports are reactivated from the Port Administration Setup Page. To view MAC Based ACLs: 1 Click Device > ACL > MAC Based ACL > Summary. The MAC Based ACL Summary Page opens: Figure 27 MAC Based ACL Summary Page The MAC Based ACL Summary Page contains the following fields: ■ ACL Name — Contains a list of the MAC-based ACLs.
CHAPTER 4: MANAGING DEVICE SECURITY ■ Ethertype — Provides an identifier that differentiates between various types of protocols. ■ Action — Indicates the ACL forwarding action. In addition, the port can be shut down, a trap can be sent to the network administrator, or packet is assigned rate limiting restrictions for forwarding. The options are as follows: ■ Permit — Forwards packets which meet the ACL criteria. ■ Deny — Drops packets which meet the ACL criteria.
Defining Access Control Lists 65 ■ Selection ACL — Selects an existing MAC-based ACL to which rules are to be added. ■ Create ACL — Defines a new user-defined MAC-based Access Control List. Add Rules to ACL ■ Priority — Sets the rule priority, which determines which rule is matched to a packet on a first-match basis. The possible field values are 1-2147483647. ■ Source MAC Address — Matches the source MAC address to which packets are addressed to the rule.
CHAPTER 4: MANAGING DEVICE SECURITY ■ Ethertype — Provides an identifier that differentiates between various types of protocols. ■ Action — Specifies the ACL forwarding action. In addition, the port can be shut down, a trap can be sent to the network administrator, or packet is assigned rate limiting restrictions for forwarding. The options are as follows: ■ Permit — Forwards packets which meet the ACL criteria. ■ Deny — Drops packets which meet the ACL criteria.
Defining Access Control Lists Modifying MAC Based ACLs 67 The MAC Based ACL Modify Page allows the network administrator to modify an existing MAC-based ACL rule. Monitor users have no access to this page. To modify a MAC-based ACL rule: 1 Click Device > ACL > MAC Based ACL > Modify. The MAC Based ACL Modify Page opens: Figure 29 MAC Based ACL Modify Page The MAC Based ACL Modify Page contains the following fields: ■ Select ACL — Selects the ACL to be modified.
CHAPTER 4: MANAGING DEVICE SECURITY For example, if the source MAC address is E0:3B:4A:C2:CA:E2 and the wildcard mask is 00:00:00:00:00:FF, the first five bytes of the MAC are used, while the last byte is ignored. For the source MAC address E0:3B:4A:C2:CA:E2, this wildcard mask matches all MAC addresses in the range E0:3B:4A:C2:CA:00 to E0:3B:4A:C2:CA:FF. ■ Destination MAC Address — Matches the destination MAC address to which packets are addressed to the rule.
Defining Access Control Lists Removing MAC Based ACLs 69 The MAC Based ACL Remove Page allows the user to remove MAC-based ACLs or MAC-based ACL rules. Monitor users have no access to this page. Click Device > ACL > MAC Based ACL > Remove. The MAC Based ACL Remove Page opens: Figure 30 MAC Based ACL Remove Page The MAC Based ACL Remove Page contains the following fields: ■ ACL Name — Selects a MAC-based ACL for removal. ■ Remove ACL — Enables the ACL to be removed.
CHAPTER 4: MANAGING DEVICE SECURITY ■ CoS Mask — Displays the wildcard mask bits to be applied to the CoS. ■ Ethertype — Provides an identifier that differentiates between various types of protocols. ■ Action — Indicates the ACL forwarding action. In addition, the port can be shut down, a trap can be sent to the network administrator, or packet is assigned rate limiting restrictions for forwarding. The options are as follows: ■ Permit — Forwards packets which meet the ACL criteria.
Defining Access Control Lists Viewing IP Based ACLs 71 The IP Based ACL Summary Page displays information regarding IP-based ACLs configured on the device. To view IP-based ACLs: 1 Click Device > ACL > IP Based ACL > Summary. The IP Based ACL Summary Page opens: Figure 31 IP Based ACL Summary Page The IP Based ACL Summary Page contains the following fields: ■ ACL Name — Contains a list of the IP Based ACLs.
CHAPTER 4: MANAGING DEVICE SECURITY ■ ICMP Code — Indicates the ICMP message code for filtering ICMP packets. ICMP packets that are filtered by ICMP message type can also be filtered by the ICMP message code. ■ IGMP Type — Indicates the IGMP message type filter. ■ Source Address — Matches the source IP address to which packets are addressed to the ACL. ■ Source Mask — Indicates the source IP address mask.
Defining Access Control Lists 73 Monitor users have no access to this page. To configure IP-based ACLs: Click Device > ACL > IP Based ACL > Setup. The IP Based ACL Setup Page opens: Figure 32 IP Based ACL Setup Page The IP Based ACL Setup Page contains the following fields: ■ Selection ACL — Selects an existing IP-based ACL to which rules are to be added. ■ Create ACL — Defines a new user-defined IP-based ACL. Add Rules to ACL ■ Priority — Defines the ACL priority.
CHAPTER 4: MANAGING DEVICE SECURITY ■ Source Port — Defines the source port that is used for matched packets. Enabled only when TCP or UDP are selected in the Protocol list. The field value is either user defined or Any. If Any is selected the IP based ACL is applied to any source port. ■ Destination Port — Defines the destination port that is used for matched packets. Enabled only when TCP or UDP are selected in the Protocol list. The field value is either user defined or Any.
Defining Access Control Lists 75 ■ ICMP Code — If checked, enables specifying an ICMP message code for filtering ICMP packets. ICMP packets that are filtered by ICMP message type can also be filtered by the ICMP message code. ■ IGMP — If checked, enables filtering IGMP packets for an IGMP message type. The possible values are: ■ ■ Select from List — Selects an IGMP message type from a list. ■ IGMP Type — Specifies an IGMP message type. ■ Any — Does not filter for an IGMP message type.
CHAPTER 4: MANAGING DEVICE SECURITY wildcard mask matches all IP addresses in the range 149.36.184.0 to 149.36.184.255. A wildcard mask must not contain leading zeroes. For example, a wildcard mask of 010.010.011.010 is invalid, but a wildcard mask of 10.10.11.10 is valid. ■ Match DSCP — Matches the packet DSCP value to the ACL. Either the DSCP value or the IP Precedence value is used to match packets to ACLs. ■ Match IP Precedence — Matches the packet IP Precedence value to the rule.
Defining Access Control Lists Modifying IP Based ACLs 77 The IP Based ACL Modify Page allows the network administrator to modify IP Based ACL rules. To modify an IP-based ACL rule: 1 Click Device > ACL > IP Based ACL > Modify. The IP Based ACL Modify Page opens: Monitor users have no access to this page. Figure 33 IP Based ACL Modify Page The IP Based ACL Modify Page contains the following fields: ■ Select ACL — Selects the ACL to be modified.
CHAPTER 4: MANAGING DEVICE SECURITY ■ ■ ■ Any — Enables creating an ACL based on any protocol. Destination Port — Defines the destination port that is matched to packets. Enabled only when TCP or UDP are selected in the Protocol list. ■ ■ Protocol ID — Adds user-defined protocols by which packets are matched to the rule. Each protocol has a specific protocol number which is unique. The possible field range is 0-255. Source Port — Enables creating an ACL based on a specific protocol.
Defining Access Control Lists ■ 79 ICMP — If checked, enables filtering ICMP packets for an ICMP message type. The possible values are: ■ Select from List — Selects an ICMP message type from a list. ■ ICMP Type — Specifies an ICMP message type. ■ Any — Does not filter for an ICMP message type. ■ ICMP Code — If checked, enables specifying an ICMP message code for filtering ICMP packets. ICMP packets that are filtered by ICMP message type can also be filtered by the ICMP message code.
CHAPTER 4: MANAGING DEVICE SECURITY ■ Match IP Precedence — Matches the packet IP Precedence value to the rule. Either the DSCP value or the IP Precedence value is used to match packets to the rule. ■ Action — Selects the ACL forwarding action. In addition, the port can be shut down, a trap can be sent to the network administrator, or packet is assigned rate limiting restrictions for forwarding. The options are as follows: ■ ■ ■ Permit — Forwards packets which meet the ACL criteria.
Defining Access Control Lists Figure 34 81 IP Based ACL Remove Page The IP Based ACL Remove Page contains the following fields: ■ ACL Name — Selects an ACL name from a list of the IP-based ACLs. ■ Remove ACL — Enables the ACL to be removed. ■ Checkbox (unnamed) — When checked, selects the rule for removal. The top checkbox is used to select all rules for removal. ■ Priority — Indicates the ACL priority, which determines which ACL is matched to a packet on a first-match basis.
CHAPTER 4: MANAGING DEVICE SECURITY ■ Source Address — Indicates the source IP address. ■ Source Mask — Indicates the source IP address mask. ■ Destination Address — Indicates the destination IP address. ■ Destination Mask — Indicates the destination IP address mask. ■ DSCP — Matches the packet DSCP value to the ACL. Either the DSCP value or the IP Precedence value is used to match packets to ACLs. ■ IP - Prec. — Indicates matching ip-precedence with the packet IP precedence value.
Defining Access Control Lists Viewing ACL Binding 83 The ACL Binding Summary Page displays the user-defined ACLs mapped to the interfaces. To view ACL Binding: 1 Click Device > ACL > ACL Binding > Summary. The ACL Binding Summary Page opens: Figure 35 ACL Binding Summary Page The ACL Binding Summary Page contains the following fields: ■ Interface — Displays the port or LAG number to which the ACL is bound. ■ ACL Name — Displays the name of the ACL which is bound to a selected port.
CHAPTER 4: MANAGING DEVICE SECURITY Configuring ACL Binding The ACL Binding Setup Page allows the network administrator to bind specific ports to MAC- or IP-based ACLs. The monitor user has no access to this page. To define ACL Binding: 1 Click Device > ACL > ACL Binding > Setup. The ACL Binding Setup Page opens: Figure 36 ACL Binding Setup Page The ACL Binding Setup Page contains the following fields: ■ Select Port(s) — Selects the ports to be configured.
Defining Access Control Lists Removing ACL Binding 85 The ACL Binding Remove Page allows the network administrator to remove user-defined ACLs from a selected interface. Monitor users have no access to this page. To remove ACL Binding: 1 Click Device > ACL > ACL Binding > Remove. The ACL Binding Remove Page opens: Figure 37 ACL Binding Remove Page The ACL Binding Remove Page contains the following fields: ■ Checkbox (unnamed) — Marks the ACL for removal.
CHAPTER 4: MANAGING DEVICE SECURITY Enabling Broadcast Storm Broadcast Storm limits the amount of Multicast and Broadcast frames accepted and forwarded by the device. When Layer 2 frames are forwarded, Broadcast and Multicast frames are flooded to all ports on the relevant VLAN. This occupies bandwidth, and loads all nodes on all ports. A Broadcast Storm is a result of an excessive amount of broadcast messages simultaneously transmitted across a network by a single port.
Enabling Broadcast Storm 87 Monitor users have no access to this page. To define Broadcast Storm Traffic: 1 Click Device > Broadcast Storm > Setup. The Broadcast Storm Setup Page opens: Figure 38 Broadcast Storm Setup Page The Broadcast Storm Setup Page contains the following fields: ■ Broadcast Storm Control — Defines whether forwarding Broadcast packet types is enabled on the interface. ■ Disabled — Disables broadcast control on the selected port.
5 MANAGING SYSTEM INFORMATION This section contains information for configuring general system information, and includes the following: ■ Viewing System Description ■ Defining System Settings ■ Saving the Device Configuration ■ Resetting the Device
Viewing System Description The Device View Page displays parameters for configuring general device information, including the system name, location, and contact, the system MAC Address, System Object ID, System Up Time, and MAC addresses, and both software, boot, and hardware versions. To view Device Summary Information: 1 Click Device Summary. The Device View Page opens.
CHAPTER 5: MANAGING SYSTEM INFORMATION ■ MAC Address — Displays the device MAC address. ■ System Up Time — Displays the amount of time since the most recent device reset. The system time is displayed in the following format: Days, Hours, Minutes, and Seconds. For example, 41 days, 2 hours, 22 minutes and 15 seconds. ■ Software Version — Displays the installed software version number. ■ Boot Version — Displays the current boot version running on the device.
Defining System Settings The following section allows system administrators to configure advanced system settings.
CHAPTER 5: MANAGING SYSTEM INFORMATION Configuring System Name The System Name Page allows the Network Administrator to provide a user-defined system name, location, and contact information for the device. Monitor users have read-only permissions on this page. To configure the System Name: 1 Click Administration > System Name > System Name. The System Name Page opens: Figure 40 System Name Page The System Name Page includes the following fields: ■ System Name — Defines the user-defined device name.
Configuring System Time The System Time Setup Page contains fields for defining system time parameters for the local hardware clock. Daylight Savings Time can be enabled on the device. Monitor users have limited permissions on this page. To configure the System Time: 1 Click Administration > System Time > Setup. The System Time Setup Page opens: Figure 41 System Time Setup Page The System Time Setup Page contains the following fields: Local Settings ■ Hours — Sets the hour. The field range is 0-23.
CHAPTER 5: MANAGING SYSTEM INFORMATION ■ Daylight Saving — Enables setting automatic Daylight Savings Time (DST) on the device, either on a non-recurring or recurring basis. In the non-recurring case, DST is configured to apply to one specific period of time only, defined by specifying the begin and end times, months, days, and years. Non-recurring settings need to be changed every year. In the recurring case, the year is not specified, so that the time and date settings apply to every year.
■ ■ ■ ■ Minutes — The minute of the hour at which DST ends. The field range is 0-59. Month — The month of the year in which DST ends. The field range is 1-12. Day — The day of the month at which DST ends. The field range is 1-31. Year — The year in which DST ends. The field range is 2000-2037. ■ Recurring — Enables user-defined DST for countries in which DST is constant from year to year, other than the USA and Europe.
CHAPTER 5: MANAGING SYSTEM INFORMATION Saving the Device Configuration The Save Configuration Page allows the latest device configuration to be saved to the flash memory. Monitor users have no access to this page. To save the device configuration: 1 Click Save Configuration. The Save Configuration Page opens: Figure 42 Save Configuration Page The following message appears: The operation will save your configuration. Do you wish to continue? 2 Click updated. .
Resetting the Device The Reset Page enables resetting the device from a remote location. To prevent the current configuration from being lost, save the current device configuration before resetting the device. Monitor users have no access to this page. To reset the device configuration: 1 Click Administration > Reset. The Reset Page opens: Figure 43 Reset Page The Reset Page contains the following fields: ■ Reset the device by pressing the ‘Reboot’ button. — Reboots the device.
6 CONFIGURING PORTS This section contains information for configuring Port Settings, and includes the following sections: ■ Viewing Port Settings ■ Defining Port Settings ■ Viewing Port Details
Viewing Port Settings The Port Administration Summary Page permits the network manager to view the current ports configuration. When configuring the port speed and port Duplex mode, please note the following: ■ Setting the port speed to 10/100/1000 and the Duplex mode to Half = admin speed is = 10/100/1000 half and no advertisement. ■ Setting the port speed to 10/100/1000 and the Duplex mode to Full = admin speed is = 10/100/1000 full and no advertisement.
CHAPTER 6: CONFIGURING PORTS To view Port Settings: 1 Click Port > Administration > Summary. The Port Administration Summary Page opens: Figure 44 Port Administration Summary Page The Port Administration Summary Page contains the following fields: ■ Port — Indicates the selected port number. ■ Port Status — Indicates whether the port is currently operational or non-operational. The possible field values are: ■ Up — Indicates the port is currently operating.
■ ■ 10M — Indicates the port is currently operating at 10 Mbps. ■ 100M — Indicates the port is currently operating at 100 Mbps. ■ 1000M — Indicates the port is currently operating at 1000 Mbps. Duplex Mode — Displays the port duplex mode. This field is configurable only when auto negotiation is disabled, and the port speed is set to 10M or 100M or 1000M per second.
CHAPTER 6: CONFIGURING PORTS Defining Port Settings The Port Administration Setup Page allows network managers to configure port parameters for specific ports. Monitor users have no access to this page. To configure Port Settings: 1 Click Port > Administration > Setup. The Port Administration Setup Page opens: Figure 45 Port Administration Setup Page The Port Administration Setup Page contains the following fields: ■ ■ Port State — Specifies the port state.
■ ■ 10 — Indicates the port is currently operating at 10 Mbps. ■ 100 — Indicates the port is currently operating at 100 Mbps. ■ 1000 — Indicates the port is currently operating at 1000 Mbps. ■ Auto — Use to automatically configure the port. ■ No Change — Retains the current port speed. Duplex — Specifies the port duplex mode. This field is configurable only when auto negotiation is disabled, and the port speed is set to 10M or 100M.
CHAPTER 6: CONFIGURING PORTS Viewing Port Details The Port Detail Page displays the current port parameters for specific ports. Monitor users have no access to this page. To view Port Details: 1 Click Port > Administration > Detail. The Port Detail Page opens: Figure 46 Port Detail Page The Port Detail Page contains the following fields: ■ Select a port — Selects a port to display its current settings. ■ Port State — Indicates the port state.
■ ■ Speed — Displays the configured rate for the port. The port type determines what speed setting options are available. Port speeds can only be configured when auto negotiation is disabled. The possible field values are: ■ 10 — Indicates the port is currently operating at 10 Mbps. ■ 100 — Indicates the port is currently operating at 100 Mbps. ■ 1000 — Indicates the port is currently operating at 1000 Mbps. ■ Auto — Use to automatically configure the port.
7 AGGREGATING PORTS This section contains information for configuring Link Aggregation, which optimizes port usage by linking a group of ports together to form a single LAG. A Link Aggregation Group (LAG) aggregates ports or VLANs into a single virtual port or VLAN. Aggregating ports multiplies the bandwidth between the devices, increases port flexibility, and provides link redundancy. Ensure the following: ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ All ports within a LAG must be the same media type.
Viewing Link Aggregation The Link Aggregation Summary Page displays port usage by linking a group of ports together to form a single LAG. Aggregating ports multiplies the bandwidth between the devices, increases port flexibility, and provides link redundancy. To view Link Aggregation: 1 Click Port > Link Aggregation > Summary.
CHAPTER 7: AGGREGATING PORTS Monitor users have no access to this page. To create Link Aggregation: 1 Click Port > Link Aggregation > Create. The Link Aggregation Create Page opens: Figure 48 Link Aggregation Create Page The Link Aggregation Create Page includes the following fields: ■ Enter aggregation Group ID — Defines the group ID. The field range is 1-8. ■ Static — Selects the link aggregation type to be static. ■ LACP — Selects the link aggregation type to be LACP.
Summary ■ Group ID — Displays the Link Aggregated Group ID. The field range is 1-8. ■ Type — Displays the type of link aggregation. The possible field values are Static or LACP. ■ Member Ports — Displays the ports configured to the link aggregation. 2 Define the fields. 3 Click . The link aggregation configuration is defined, and the device is updated.
CHAPTER 7: AGGREGATING PORTS Modifying Link Aggregation The Link Aggregation Modify Page optimizes port usage by linking a group of ports together to form a single LAG. Aggregating ports multiplies the bandwidth between the devices, increases port flexibility, and provides link redundancy. Monitor users have no access to this page. To modify Link Aggregation: 1 Click Port > Link Aggregation > Modify.
Deselected ports ■ White — Not a member of any aggregation. ■ Grey — Displays a member of an existing aggregation or VLAN. Summary ■ Group ID — Displays the Link Aggregated Group ID. The field range is 1-8. ■ Type — Displays the link aggregation type. The possible field values are Static or LACP. ■ Member Ports — Displays the ports configured to the link aggregation. 2 Define the fields. 3 Click updated. .
CHAPTER 7: AGGREGATING PORTS Removing Link Aggregation The Link Aggregation Remove Page allows the network manager to remove group IDs containing member ports. Monitor users have no access to this page. To remove Link Aggregation: 1 Click Port > Link Aggregation > Remove. The Link Aggregation Remove Page opens: Figure 50 Link Aggregation Remove Page The Link Aggregation Remove Page includes the following fields: ■ Select Aggregation(s) to Remove — Displays the Link Aggregation table.
Viewing LACP LAG ports can contain different media types if the ports are operating at the same speed. Aggregated links can be set up manually or automatically established by enabling LACP on the relevant links. Aggregate ports can be linked into link-aggregation port-groups. The LACP Summary Page contains fields for viewing Link Aggregation Group Protocol (LACP) LAGs. To view LACP for LAGs: 1 Click Port > LACP > Summary.
CHAPTER 7: AGGREGATING PORTS Modifying LACP LAG ports can contain different media types if the ports are operating at the same speed. Aggregated links can be set up manually or automatically established by enabling LACP on the relevant links. Aggregate ports can be linked into link-aggregation port-groups. The LACP Modify Page contains fields for modifying LACP LAGs. To modify LACP for LAGs: 1 Click Port > LACP > Modify.
2 Define the fields. 3 Click . The LACP Link Aggregation is modified, and the application is updated.
8 CONFIGURING VLANS VLANs are logical subgroups with a Local Area Network (LAN) which combine user stations and network devices into a single unit, regardless of the physical LAN segment to which they are attached. VLANs allow network traffic to flow more efficiently within subgroups. VLANs use software to reduce the amount of time it takes for network changes, additions, and moves to be implemented. VLANs restrict traffic within the VLAN.
Viewing VLAN Details The VLAN Detail Page provides information and global parameters on VLANs configured on the system. To view VLAN details: 1 Click Device > VLAN > VLAN Detail. The VLAN Detail Page opens: Figure 53 VLAN Detail Page The VLAN Detail Page contains the following information: ■ Select a VLAN to Display— Selects a VLAN to be display its settings. ■ Membership type — Displays the membership type for each VLAN.
CHAPTER 8: CONFIGURING VLANS Viewing VLAN Port Details The VLAN Port Detail Page provides information on VLAN configured ports. To view VLAN Port details: 1 Click Device > VLAN > Port Detail. The VLAN Port Detail Page opens: Figure 54 VLAN Port Detail Page The VLAN Port Detail Page contains the following information: ■ Select Port — Selects the ports to be displayed. ■ Untagged membership — Indicates the port is an untagged member of the VLAN.
Creating VLANs The VLAN Setup Page allows the network administrator to create or rename VLANs. The monitor users have no access to this page. To create VLANs: 1 Click Device > VLAN > Setup. The VLAN Setup Page opens: Figure 55 VLAN Setup Page The VLAN Setup Page contains the following fields: Create ■ VLAN IDs — Defines the VLAN ID(s) to create. ■ Create — Creates the VLAN ID(s). ■ ID — Displays the VLAN ID. ■ Name — Displays the user-defined VLAN name.
CHAPTER 8: CONFIGURING VLANS Rename VLAN ■ ID — Displays the VLAN ID selected from the above list. ■ Name — Defines the new VLAN name. ■ Rename — Renames the user-defined VLAN name. 2 Enter the VLAN ID number(s). 3 Click . The VLAN(s) are created, and the device is updated. To rename a VLAN: 1 Highlight a VLAN to be renamed from the VLAN list. 2 Enter the new name for the VLAN. 3 Click . The VLAN is renamed, and the device is updated.
Modifying VLAN Settings The Modify VLAN Page allows the network manager to rename VLANs and change VLAN membership. The monitor users have no access to this page. To edit VLAN Settings: Click Device > VLAN > Modify VLAN. The Modify VLAN Page opens: Figure 56 Modify VLAN Page The Modify VLAN Page contains the following fields: ■ Select a VLAN to modify — Selects a VLAN name to modify its settings. ■ Rename — Renames the VLAN name.
CHAPTER 8: CONFIGURING VLANS ■ ■ Not A Member — Indicates the interface is not a member of the VLAN. Not available for selection — Indicates the interface is not available for selection. ■ Select port to add to this VLAN — Adds a selected port to the VLAN. ■ Select All — Allows the user to select all ports to be added to the VLAN. ■ Select None — Removes the ports selected. To rename VLANs: 1 Select a VLAN from the list to be renamed. 2 Click . The VLAN is renamed, and the device is updated.
Modifying Port VLAN Settings The Modify VLAN Port Page allows the network manager to modify port VLAN settings. The monitor users have no access to this page. To modify Port VLAN Settings: 1 Click Device > VLAN > Modify Port. The Modify VLAN Port Page opens: Figure 57 Modify VLAN Port Page The Modify VLAN Port Page contains the following fields: ■ Select a Port — Selects a port to be modified. ■ Select membership type — Displays the membership type for each port on the VLAN.
CHAPTER 8: CONFIGURING VLANS 2 Select a port. 3 Select the port’s membership type. 4 Enter the VLAN ID to be assigned to the port. 5 Click Removing VLANs . The VLANs are configured, and the device is updated. The VLAN Remove Page allows the network administrator to remove VLANs. The monitor users have no access to this page. To delete VLANs: 1 Click Device > VLAN > Remove.
9 CONFIGURING IP AND MAC ADDRESS INFORMATION This section contains information for defining IP interfaces, and includes the following sections: ■ Defining IP Addressing ■ Configuring ARP Settings ■ Configuring Address Tables
CHAPTER 9: CONFIGURING IP AND MAC ADDRESS INFORMATION Defining IP Addressing The IP Setup Page contains fields for assigning an IP address. The Default Gateway is erased when the IP Address is modified and changed. Packets are forwarded to the default gateway when sent to a remote network. The monitor user has no access to this page. To define an IP interface: 1 Click Administration > IP Setup.
Configuring ARP Settings Configuring ARP Settings 127 The Address Resolution Protocol (ARP) converts IP addresses into physical addresses, and maps the IP address to a MAC address. ARP allows a host to communicate with other hosts when only the IP address of its neighbors is known.
CHAPTER 9: CONFIGURING IP AND MAC ADDRESS INFORMATION Viewing ARP Settings The ARP Settings Summary Page displays the current ARP settings. To view ARP Settings: 1 Click Administration > ARP Settings > Summary. The ARP Settings Summary Page opens: Figure 60 ARP Settings Summary Page The ARP Settings Summary Page contains the following fields: ■ Interface — Indicates the VLAN for which ARP parameters are defined.
Configuring ARP Settings Defining ARP Settings 129 The ARP Settings Setup Page allows network managers to define ARP parameters for specific interfaces. The monitor users have no access to this page. To configure ARP entries: 1 Click Administration > ARP Settings > Setup. The ARP Settings Setup Page opens: Figure 61 ARP Settings Setup Page The ARP Settings Setup Page contains the following fields: ■ VLAN — Selects the VLAN for which ARP parameters are defined.
CHAPTER 9: CONFIGURING IP AND MAC ADDRESS INFORMATION Removing ARP Entries The ARP Settings Remove Page provides parameters for removing ARP entries from the ARP Table. The monitor user has no access to this page. To remove ARP entries: 1 Click Administration > ARP Settings > Remove. The ARP Settings Remove Page opens: Figure 62 ARP Settings Remove Page The ARP Settings Remove Page contains the following fields: ■ Clear ARP Table Entries — Specifies the types of ARP entries that are cleared.
Configuring ARP Settings 131 ■ MAC Address — Displays the station MAC address, which is associated in the ARP table with the IP address. ■ Status — Displays the ARP table entry type. Possible field values are: ■ Dynamic — Indicates the ARP entry is learned dynamically. ■ Static — Indicates the ARP entry is a static entry. 2 For each ARP entry to be removed, check the box to the left of the row in the table. To remove all ARP entries, the topmost box may be checked. 3 Click updated. .
CHAPTER 9: CONFIGURING IP AND MAC ADDRESS INFORMATION Configuring Address Tables MAC addresses are stored in either the Static Address or the Dynamic Address databases. A packet addressed to a destination stored in one of the databases is forwarded immediately to the port. The Dynamic Address Table can be sorted by interface, VLAN, and MAC address. MAC addresses are dynamically learned as packets from sources arrive at the device.
Configuring Address Tables Viewing Address Table Settings 133 The Address Table Summary Page displays the current MAC address table configuration. To view address table settings: 1 Click Monitoring > Address Table > Summary. The Address Table Summary Page opens: Figure 63 Address Table Summary Page The Address Table Summary Page contains the following fields: ■ State — Filters the list of MAC addresses displayed according to the type of MAC address configuration.
CHAPTER 9: CONFIGURING IP AND MAC ADDRESS INFORMATION ■ State — Displays the MAC address configuration method. Possible values are: ■ ■ Viewing Port Summary Settings Config Static — Indicates the MAC address is statically configured. Config Dynamic — Indicates the MAC address is dynamically configured. ■ Port Index — Indicates the port through which the address was learned.
Configuring Address Tables ■ 135 State — Filters the list of MAC addresses displayed according to the type of MAC address configuration. Possible values are: ■ All — Displays all MAC addresses assigned to the port. ■ Static — Displays static MAC addresses assigned to the port. ■ Dynamic — Displays dynamic MAC addresses assigned to the port. ■ MAC Address — Displays MAC addresses currently listed in the MAC address table, filtered by the selected value of the State field.
CHAPTER 9: CONFIGURING IP AND MAC ADDRESS INFORMATION Adding MAC Addresses to the Address Table The Address Table Add Page allows the network manager to assign MAC addresses to ports with VLANs. The monitor users have no access to this page. To add MAC addresses to the Address Table: 1 Click Monitoring > Address Table > Add. The Address Table Add Page opens: Figure 65 Address Table Add Page The Address Table Add Page contains the following fields: ■ VLAN ID — Selects a VLAN ID.
Configuring Address Tables 137 ■ MAC Address — Displays the current MAC addresses listed in the MAC address table. ■ VLAN ID — Displays the VLAN ID associated with the port and MAC address. ■ State — Displays the current MAC address configuration method. Possible values are: ■ Config Static — Indicates the MAC address is statically configured. ■ Port Index — Indicates the port through which the address was learned.
CHAPTER 9: CONFIGURING IP AND MAC ADDRESS INFORMATION Defining Aging Time The Address Table Setup Page allows the network manager to define the Address Table Aging Time. The Aging Time is the amount of time the MAC addresses remain in the Dynamic Address table before they are timed out if no traffic from the source is detected. The default value is 300 seconds. The monitor users have no access to this page. To define the Aging Time: 1 Click Monitoring > Address Table > Setup.
Configuring Address Tables Removing Address Table Ports 139 The Port Remove Page allows the network manager to remove ports from the Address Table. The monitor users have no access to this page. To remove ports: 1 Click Monitoring > Address Table > Port Remove. The Port Remove Page opens: Figure 67 Port Remove Page The Port Remove Page contains the following fields: ■ Select a Port — Selects the port to remove.
CHAPTER 9: CONFIGURING IP AND MAC ADDRESS INFORMATION ■ State — Displays the MAC address configuration method. Possible values are: ■ Config Static — Indicates the MAC address is statically configured. ■ Port Index — Indicates the port through which the address was learned. ■ Aging Time — Indicates the amount of time the MAC address remains in the Dynamic Address table before it is timed out if no traffic from the source is detected. The default value is 300 seconds.
Configuring Address Tables Removing MAC Addresses from the Address Table 141 The Address Table Remove Page allows the network manager to remove current MAC addresses from the Address Table. The monitor users have no access to this page. To remove MAC addresses from the Address Table: 1 Click Monitoring > Address Table > Remove.
CHAPTER 9: CONFIGURING IP AND MAC ADDRESS INFORMATION ■ Port Index — Indicates the port through which the address was learned. ■ Aging Time — Indicates the amount of time the MAC address remains in the Dynamic Address table before it is timed out if no traffic from the source is detected. The default value is 300 seconds. ■ Select All — Selects all current MAC addresses in the table for removal. ■ Select None — De-selects all current MAC addresses in the table for removal.
10 CONFIGURING IGMP SNOOPING This section contains information for configuring IGMP Snooping. When IGMP Snooping is enabled globally, all IGMP packets are forwarded to the CPU. The CPU analyzes the incoming packets and determines: ■ Which ports want to join which Multicast groups. ■ Which ports have Multicast routers generating IGMP queries. ■ Which routing protocols are forwarding packets and Multicast traffic.
CHAPTER 10: CONFIGURING IGMP SNOOPING Defining IGMP Snooping The IGMP Snooping Setup Page allows network managers to define IGMP Snooping parameters for VLANs. The monitor users have read-only access to this page. To configure IGMP Snooping: Click Device > IGMP Snooping > Setup. The IGMP Snooping Setup Page opens: Figure 69 IGMP Snooping Setup Page The IGMP Snooping Setup Page contains the following fields: ■ IGMP Snooping Status — Defines whether IGMP Snooping is enabled on the device.
■ Enable — Enables IGMP Snooping on the VLAN. ■ VLAN — Displays the VLAN ID. ■ Status — Displays the IGMP snooping status for the VLAN. The possible field values are Enable and Disable. To enable or disable IGMP Snooping on the device: 1 Select Enable or Disable from the IGMP Snooping Status list. 2 Click . IGMP Snooping is enabled or disabled on the device, and the device is updated. To enable or disable IGMP Snooping on a selected VLAN: 1 Enable IGMP Snooping on the device.
11 CONFIGURING SPANNING TREE This section contains information for configuring STP. The Spanning Tree Protocol (STP) provides tree topography for any arrangement of bridges. STP also provides a single path between end stations on a network, eliminating loops. Loops occur when alternate routes exist between hosts. Loops in an extended network can cause bridges to forward traffic indefinitely, resulting in increased traffic and reducing network efficiency.
Viewing Spanning Tree The Spanning Tree Summary Page displays the current Spanning Tree parameters for all ports. To view Spanning Tree Summary: 1 Click Device > Spanning Tree > Summary. The Spanning Tree Summary Page opens: Figure 70 Spanning Tree Summary Page The Spanning Tree Summary Page contains the following fields: ■ Port — Indicates the interface for which the information is displayed. ■ STP — Indicates if STP is enabled on the port.
CHAPTER 11: CONFIGURING SPANNING TREE ■ ■ Root Guard — Indicates if the interface is acting as the root port of the switch. The possible field values are: ■ Enable — Indicates Root Guard is enabled on the port ■ Disable — Indicates Root Guard is disabled on the port. Port State — Displays the current STP state of a port. If enabled, the port state determines what action is taken on traffic.
■ Path Cost — Indicates the port contribution to the root path cost. The path cost is adjusted to a higher or lower value, and is used to forward traffic when a path is re-routed. ■ Priority — Indicates the priority value of the port. The priority value influences the port choice when a bridge has two ports connected in a loop. The priority range is between 0-240. The priority value is determined in increments of 16.
CHAPTER 11: CONFIGURING SPANNING TREE Defining Spanning Tree Network administrators can assign STP settings to specific interfaces using the Spanning Tree Setup Page. The monitor user has no access to this page. To configure Spanning Tree Setup: 1 Click Device > Spanning Tree > Setup. The Spanning Tree Setup Page opens: Figure 71 Spanning Tree Setup Page The Spanning Tree Setup Page contains the following fields: Global Settings ■ Spanning Tree State — Defines whether STP is enabled on the device.
■ BPDU Handling — Determines how BPDU packets are managed when STP is disabled on the port or device. BPDUs are used to transmit spanning tree information. The possible field values are: ■ ■ ■ Filtering — Filters BPDU packets when spanning tree is disabled on an interface. This is the default value. Flooding — Floods BPDU packets when spanning tree is disabled on an interface. Path Cost Default Values — Specifies the method used to assign default path cost to STP ports.
CHAPTER 11: CONFIGURING SPANNING TREE Designated Root ■ Bridge ID — Identifies the Bridge priority and MAC address. ■ Root Bridge ID — Identifies the Root Bridge priority and MAC address. ■ Root Port — Indicates the port number that offers the lowest cost path from this bridge to the Root Bridge. This field is significant when the bridge is not the Root Bridge. The default is zero. ■ Root Path Cost — Indicates the cost of the path from this bridge to the Root Bridge.
Modifying Spanning Tree TheSpanning Tree Modify Page contains information for modifying Spanning Tree parameters. Monitor users have no access to this page. To modify Spanning Tree: 1 Click Device > Spanning Tree > Modify. The Spanning Tree Modify Page opens: Figure 72 Spanning Tree Modify Page The Spanning Tree Modify Page contains the following fields: ■ ■ STP — Specifies if STP is enabled on the port. The possible field values are: ■ Enable — Indicates that STP is enabled on the port.
CHAPTER 11: CONFIGURING SPANNING TREE ■ ■ ■ Enabled — Indicates fast link is enabled on the port. ■ Auto — Enables the device to automatically establish a fast link. ■ Disabled — Indicates fast link is disabled on the port. Root Guard — Restricts the interface from acting as the root port of the switch. The possible field values are: ■ Enable — Indicates Root Guard is enabled on the port ■ Disable — Indicates Root Guard is disabled on the port.
12 CONFIGURING SNMP Simple Network Management Protocol (SNMP) provides a method for managing network devices. The device supports the following SNMP versions: ■ SNMP version 1 ■ SNMP version 2c SNMP v1 and v2c The SNMP agents maintain a list of variables, which are used to manage the device. The variables are defined in the Management Information Base (MIB). The SNMP agent defines the MIB specification format, as well as the format used to access the information over the network.
CHAPTER 12: CONFIGURING SNMP Defining SNMP Communities Access rights are managed by defining communities in the SNMP Communities Setup Page. When the community names are changed, access rights are also changed. SNMP communities are defined only for SNMP v1 and SNMP v2c. Monitor users have no access to this page. To define SNMP communities: 1 Click Administration > SNMP > Communities > Setup.
■ Insert New Community — Enables adding an SNMP community. SNMP Management ■ Management Station— Defines the management station IP address for which the SNMP community is to be defined. ■ Open Access (0.0.0.0) — Provides SNMP access to all the stations. Community String ■ Standard — Selects pre-defined community strings. The possible field values are: ■ public — Displays the pre-defined public community string name. ■ private — Displays the pre-defined private community string name.
CHAPTER 12: CONFIGURING SNMP Removing SNMP Communities The SNMP Communities Remove Page allows the system manager to remove SNMP Communities. Monitor users have no access to this page. To remove SNMP communities: 1 Click Administration > SNMP > Communities > Remove. The SNMP Communities Remove Page opens: Figure 74 SNMP Communities Remove Page The SNMP Communities Remove Page contains the following fields: ■ Checkbox (unnamed) — When checked, selects an SNMP community for removal.
■ Access Mode — Displays the access rights of the community. The possible field values are: ■ ■ Read Only — Management access is restricted to read-only, and changes cannot be made to the community. Read Write — Management access is read-write and changes can be made to the device configuration, but not to the community. 2 For each SNMP Community to be removed, check the box to the left of the row in the table. To remove all SNMP Communities, the topmost box may be checked. 3 Click updated.
CHAPTER 12: CONFIGURING SNMP The SNMP Traps Setup Page contains the following fields: ■ Recipients IP Address — Defines the IP address to which the traps are sent. ■ Community String — Defines the community string of the trap manager. ■ Trap Version — Specifies the trap type. The possible field values are: ■ SNMP V1 — Indicates that SNMP Version 1 traps are sent. ■ SNMP V2c — Indicates that SNMP Version 2 traps are sent. 2 Define the relevant fields. 3 Click Removing SNMP Traps .
The SNMP Traps Remove Page contains the following fields: ■ Checkbox (unnamed) — When checked, selects an SNMP trap for removal. The top checkbox is used to select all SNMP traps for removal ■ Recipients IP — Displays the IP address to which the traps are sent. ■ Trap — Displays the trap type. The possible field values are: ■ ■ SNMP V1 — Indicates that SNMP Version 1 traps are sent. ■ SNMP V2c — Indicates that SNMP Version 2 traps are sent.
13 CONFIGURING QUALITY OF SERVICE Quality of Service (QoS) provides the ability to implement QoS and priority queuing within a network. For example, certain types of traffic that require minimal delay, such as Voice, Video, and real-time traffic can be assigned a high priority queue, while other traffic can be assigned a lower priority queue. The result is an improved traffic flow for traffic with high demand.
Viewing CoS Settings The CoS Summary Page displays CoS default settings assigned to ports. To view CoS Settings: 1 Click Device > QoS > CoS > Summary. The CoS Summary Page opens: Figure 77 CoS Summary Page The CoS Summary Page contains the following fields: ■ Interface — Displays the interface for which the CoS default value is defined. ■ Default CoS — Displays the default CoS value for incoming packets for which a VLAN priority tag is not defined. The possible field values are 0-7.
CHAPTER 13: CONFIGURING QUALITY OF SERVICE Defining CoS The CoS Setup Page contains information for enabling QoS globally. Monitor users have no access to this page. To configure CoS Settings: 1 Click Device > QoS > CoS Setup. The CoS Setup Page opens: Figure 78 CoS Setup Page The CoS Setup Page contains the following fields: QoS Mode — Specifies if QoS is enabled on the device. The possible values are: ■ Disable — Disables QoS on the device. ■ Enable — Enables QoS on the device.
Viewing CoS to Queue The CoS to Queue Summary Page contains a table that displays the CoS values mapped to traffic queues. To view CoS Values to Queues: 1 Click Device > QoS > CoS to Queue > Summary. The CoS to Queue Summary Page opens: Figure 79 CoS to Queue Summary Page The CoS to Queue Summary Page contains the following fields: Defining CoS to Queue ■ Class of Service — Displays the CoS priority tag values, where 0 is the lowest and 7 is the highest.
CHAPTER 13: CONFIGURING QUALITY OF SERVICE To configure CoS values to queues: 1 Click Device > QoS > CoS to Queue > Setup. The CoS to Queue Setup Page opens: Figure 80 CoS to Queue Setup Page The CoS to Queue Setup Page contains the following fields: ■ Restore Defaults — Restores the device factory defaults for mapping CoS values to a forwarding queue. ■ Class of Service — Specifies the CoS priority tag values, where 0 is the lowest and 7 is the highest.
Viewing DSCP to Queue The DSCP to Queue Summary Page contains fields for mapping DSCP settings to traffic queues. For example, a packet with a DSCP tag value of 3 can be assigned to queue 4. To view the DSCP Queue: 1 Click Device > QoS > DSCP to Queue > Summary. The DSCP to Queue Summary Page opens: Figure 81 DSCP to Queue Summary Page The DSCP to Queue Summary Page contains the following fields: ■ DSCP — Displays the incoming packet’s DSCP value.
CHAPTER 13: CONFIGURING QUALITY OF SERVICE Configuring DSCP Queue The DSCP to Queue Setup Page contains fields for mapping DSCP settings to traffic queues. For example, a packet with a DSCP tag value of 3 can be assigned to queue 1. The monitor user has no access to this page. To map CoS to Queues: 1 Click Device > QoS > DSCP to Queue > Setup.
Configuring Trust Settings The Trust Setup Page contains information for enabling trust on the device. To enable Trust: 1 Click Device > QoS > Trust > Setup. The Trust Setup Page opens: Figure 83 Trust Setup Page The Trust Setup Page contains the following fields: ■ Trust Mode — Specifies which packet fields to use for classifying packets entering the device. When no rules are defined, the traffic containing the predefined packet CoS field is mapped according to the relevant trust modes table.
CHAPTER 13: CONFIGURING QUALITY OF SERVICE Viewing Bandwidth Settings The Bandwidth Summary Page displays bandwidth settings for a specified interface. To view Bandwidth Settings: 1 Click Device > QoS > Bandwidth > Summary. The Bandwidth Summary Page opens: Figure 84 Bandwidth Summary Page The Bandwidth Summary Page contains the following fields: ■ Interface — Displays the interface for which rate limit and shaping parameters are defined.
Egress Shaping Rates ■ Status — Indicates the egress traffic shaping status for the interface. The possible field values are: ■ ■ Enable — Egress traffic shaping is enabled for the interface. Disable — Egress traffic shaping is disabled for the interface. This is the default. ■ CIR — Indicates the Committed Information Rate (CIR) for the interface. The field range is 64-1,000,000,000 kbits per second. ■ CbS — Indicates the Committed Burst Size (CbS) for the interface.
CHAPTER 13: CONFIGURING QUALITY OF SERVICE Defining Bandwidth Settings The Bandwidth Setup Page allows network managers to define the bandwidth settings for a specified interface. Interface shaping can be based on an interface. Shaping is determined by the lower specified value. The interface shaping type is selected in the Bandwidth Setup Page. The monitor user has no access to this page. To configure Bandwidth Settings: 1 Click Device > QoS > Bandwidth > Setup.
Egress Shaping Rate ■ Enable Egress Shaping Rate — Enables setting Egress Shaping Rates. ■ Committed Information Rate (CIR) — Defines the CIR for the interface. The field range is 64-1,000,000,000 kbits per second. ■ Committed Burst Size (CbS) — Defines the CbS for the interface. The field range is 4096-16,769,020 bytes per second. ■ Select ports — Selects the ports to be configured. 2 Select the ports to be configured. 3 Define the fields. 4 Click .
CHAPTER 13: CONFIGURING QUALITY OF SERVICE Defining Voice VLAN Voice VLAN allows network administrators to enhance VoIP service by configuring ports to carry IP voice traffic from IP phones on a specific VLAN. VoIP traffic has a preconfigured OUI prefix in the source MAC address. Network Administrators can configure VLANs on which voice IP traffic is forwarded. Non-VoIP traffic is dropped from the Voice VLAN in auto Voice VLAN secure mode.
Defining Voice VLAN Viewing Voice VLANs 175 The Voice VLAN Summary Page contains information about the Voice VLAN currently enabled on the device, including the ports enabled and included in the Voice VLAN. To view Voice VLAN Settings: 1 Click Device > QoS > VoIP Traffic Setting > Summary. The Voice VLAN Summary Page opens: Figure 86 Voice VLAN Summary Page The Voice VLAN Summary Page contains the following fields: ■ Voice VLAN State — Indicates if Voice VLAN is enabled on the device.
CHAPTER 13: CONFIGURING QUALITY OF SERVICE ■ Ports in the Voice VLAN — Displays the ports which are included in the Voice VLAN. The possible values are: ■ ■ Defining Voice VLAN Dynamic Members — Displays dynamic ports added to the Voice VLAN in Auto mode. Static Members — Displays static ports that were manually added to the Voice VLAN. The Voice VLAN Setup Page provides information for enabling and defining Voice VLAN globally on the device.
Defining Voice VLAN ■ 177 Voice VLAN Aging Time — Defines the amount of time after the last IP phone's OUI is aged out for a specific port. The Voice VLAN aging time starts after the MAC Address is aged out from the Dynamic MAC Address table. The port will age out after the bridge and voice aging times. The default bridge aging time is 300 seconds. The default voice aging time is 1 day. The possible fields are: ■ Day — The field range is 0-30. ■ Hour — The field range is 0-23.
CHAPTER 13: CONFIGURING QUALITY OF SERVICE The Voice VLAN Port Setup Page contains the following fields: ■ Voice VLAN Port Mode — Specifies the Voice VLAN mode. The possible field values are: ■ ■ ■ ■ ■ Voice VLAN Port Security — Specifies if port security is enabled on the Voice VLAN. Port security ensures that packets arriving with an unrecognized MAC address are dropped. Port Security is only applicable when Voice VLAN Port Mode is set to Auto.
Defining Voice VLAN Viewing Voice VLAN Port Definitions 179 The Voice VLAN Port Details Page displays the Voice VLAN port settings for specific ports. The Voice VLAN Port Details Page contains the following fields: ■ Select Port — Selects specific ports to display their Voice VLAN port definitions. The ports are color-coded as follows: ■ ■ Blue — Indicates the port is selected, and its Voice VLAN settings are displayed in the text box below.
CHAPTER 13: CONFIGURING QUALITY OF SERVICE To view Voice VLAN Port Detail Settings: 1 Click Device > QoS > VoIP Traffic Setting > Port Detail. The Voice VLAN Port Details Page opens: Figure 89 Voice VLAN Port Details Page 2 Select a port to view its settings. The port is highlighted blue, and the Voice VLAN port settings are displayed in the text box. Viewing the OUI Summaries The Voice VLAN OUI Summary Page lists the Organizationally Unique Identifiers (OUIs) associated with the Voice VLAN.
Defining Voice VLAN 181 To view Voice VLAN OUI Settings: 1 Click Device > QoS > VoIP Traffic Setting > OUI Summary. The Voice VLAN OUI Summary Page opens: Figure 90 Voice VLAN OUI Summary Page The Voice VLAN OUI Summary Page contains the following fields: OUI List ■ Telephony OUI(s) — Lists the OUIs currently enabled on the Voice VLAN. The following OUIs are enabled by default. ■ ■ ■ ■ ■ ■ ■ ■ 00:E0:BB — Assigned to 3Com IP Phones. 00:03:6B — Assigned to Cisco IP Phones.
CHAPTER 13: CONFIGURING QUALITY OF SERVICE Modifying OUI Definitions The Voice VLAN OUI Modify Page allows network administrators to add new OUIs or to remove previously defined OUIs from the Voice VLAN. The OUI is the first half (three most significant bytes) of the MAC address and is manufacturer specific, while the last three bytes contain a unique station ID. The packet priority derives from the source/destination MAC prefix.
Defining Voice VLAN 183 2 Enter an OUI in the Telephony OUI field. 3 Enter an OUI description in the Description field. 4 Click to define a new OUI, or click to delete an existing OUI. The Voice VLAN table is modified, and the device is updated.
14 MANAGING SYSTEM FILES The configuration file structure consists of the following configuration files: ■ Startup Configuration File — Contains the commands required to reconfigure the device to the same settings as when the device is powered down or rebooted. The Startup file is created by copying the configuration commands from the Running Configuration file or by downloading the configuration file from via TFTP or HTTP.
This section contains information for defining File maintenance and includes both configuration file management as well as device access.
CHAPTER 14: MANAGING SYSTEM FILES Backing Up System Files The Backup Page permits network managers to backup the system configuration to a TFTP or HTTP server. The monitor users have no access to this page. To backup System files: 1 Click Administration > Backup & Restore > Backup. The Backup Page opens: Figure 92 Backup Page The Backup Page contains the following fields: ■ Upload via TFTP — Enables initiating a TFTP upload. ■ Upload via HTTP — Enables initiating an HTTP or HTTPS upload.
Restoring Files The Restore Page restores files from the TFTP or HTTP server. The monitor users have no access to this page. To restore System files: 1 Click Administration > Backup & Restore > Restore. The Restore Page opens: Figure 93 Restore Page The Restore Page contains the following fields: ■ Download via TFTP — Enables initiating a download from the TFTP server. ■ Download via HTTP — Enables initiating a download from the HTTP server or HTTPS server.
CHAPTER 14: MANAGING SYSTEM FILES Restore the Software Image The Restore Image Page permits network managers to retrieve the device software. The monitor user has no access to this page To download the software image: 1 Click Administration > Firmware Upgrade > Restore Image. The Restore Image Page opens: Figure 94 Restore Image Page The Restore Image Page contains the following fields: ■ Download via TFTP — Enables initiating a download via TFTP.
Activating Image Files The Active Image Page allows network managers to select and reset the Image files. To upload System files: 1 Click Administration > Firmware Upgrade > Active Image. The Active Image Page opens: Figure 95 Active Image Page The Active Image Page contains the following fields: ■ Active Image After Reset — Selects the image file which is active on the unit after the device is reset.
15 MANAGING POWER OVER ETHERNET DEVICES Power over Ethernet (PoE) provides power to devices over existing LAN cabling, without updating or modifying the network infrastructure. Power over Ethernet removes the necessity of placing network devices next to power sources.
Viewing PoE Settings The Port PoE Summary Page displays system PoE information on the device and attached ports, monitoring the current power usage and operational status. To view PoE Settings: 1 Click Port > PoE > Summary. The Port PoE Summary Page opens: Figure 96 Port PoE Summary Page The Port PoE Summary Page displays the following information: Device Power Display ■ State — Indicates the inline power source status.
CHAPTER 15: MANAGING POWER OVER ETHERNET DEVICES ■ Power Used(watts) — Indicates the actual amount of power currently used by the device. The field value is displayed in Watts. ■ Power Free(watts) — Displays the amount of additional power currently available to the device. The field value is displayed in Watts. ■ Select Port — Selects the ports to view PoE settings. The selected ports are color-coded as follows: ■ Green — Indicates the device is delivering power to the port.
Defining PoE Settings The Port PoE Setup Page allows users to configure ports for PoE. To configure Port PoE Settings: 1 Click Port > PoE > Setup. The Port PoE Setup Page opens: Figure 97 Port PoE Setup Page The Port PoE Setup Page contains the following fields: ■ Select Ports — Selects the ports to be configured. ■ PoE State — Defines the port PoE state. The possible values are: ■ ■ Enabled — Enables the port for PoE. ■ Disabled — Disables the port for PoE.
CHAPTER 15: MANAGING POWER OVER ETHERNET DEVICES ■ Guarantee Power Summary — Displays guaranteed and total PoE power: ■ ■ ■ ■ Total PoE Available — The total amount of PoE power that can be provided by the Switch. Guarantee PoE — The maximum amount of PoE power that has been guaranteed for selected ports. This value is defined by the number of ports you have set to Guarantee.
16 MANAGING SYSTEM LOGS This section provides information for managing system logs. The system logs enable viewing device events in real time, and recording the events for later usage. System Logs record and manage events and report errors and informational messages. Event messages have a unique format, as per the Syslog protocols recommended message format for all error reporting.
CHAPTER 16: MANAGING SYSTEM LOGS Viewing Logs The Logging Display Page contains all system logs in a chronological order that are saved in RAM (Cache). The monitor user has read-only access to this feature. To view Logging: 1 Click Administration > Logging > Display. The Logging Display Page opens: Figure 98 Logging Display Page The Logging Display Page contains the following fields and buttons: ■ Save Preview — Saves the displayed Log table to a web (html) page.
Configuring Logging The Logging Setup Page contains fields for defining which events are recorded to which logs. It contains fields for enabling logs globally, and parameters for defining logs. Log messages are listed from the highest severity to the lowest severity level. The monitor users have no access to this page. To define Log Parameters: 1 Click Administration > Logging > Setup.
CHAPTER 16: MANAGING SYSTEM LOGS The Logging Setup Page contains the following fields: ■ Enable Local Logging — Specifies if device local logs for Cache and servers are enabled. Console logs are enabled by default. ■ Severity level — Specifies the minimum severity level for which a message will be logged. When a severity level is selected, all severity level choices above the selection are selected automatically. The possible field values are: ■ ■ ■ ■ ■ Emergency — The highest warning level.
■ Enable Syslogging — Specifies if device syslogs for Cache and servers are enabled. ■ Severity level — Specifies the minimum severity level for which a message will be logged. When a severity level is selected, all severity level choices above the selection are selected automatically. The possible field values are: ■ ■ ■ ■ ■ Emergency — The highest warning level. If the device is down or not functioning properly, an emergency log message is saved to the specified logging location.
17 VIEWING STATISTICS This section contains information for viewing port statistics, and contains the following topics: ■ Viewing Port Statistics
Viewing Port Statistics The Port Statistics Summary Page contains fields for viewing information about device utilization and errors that occurred on the device. To view RMON statistics: 1 Click Port > Statistics > Summary. The Port Statistics Summary Page opens: Figure 100 Port Statistics Summary Page The Port Statistics Summary Page contains the following fields: ■ Select Port — Selects the specific port for which RMON statistics are displayed.
CHAPTER 17: VIEWING STATISTICS ■ Received Bytes (Octets) — Displays the number of octets received on the interface since the device was last refreshed. This number includes bad packets and FCS octets, but excludes framing bits. ■ Received Packets — Displays the number of packets received on the interface, including bad packets, Multicast and broadcast packets, since the device was last refreshed.
■ Frames of 128 to 255 Bytes — Displays the number of 128 to 255 byte frames received on the interface since the device was last refreshed. ■ Frames of 256 to 511 Bytes — Displays the number of 256 to 511 byte frames received on the interface since the device was last refreshed. ■ Frames of 512 to 1023 Bytes — Displays the number of 512 to 1023 byte frames received on the interface since the device was last refreshed.
18 MANAGING DEVICE DIAGNOSTICS This section contains information for viewing and configuring port and cable diagnostics, and includes the following topics: ■ Configuring Port Mirroring ■ Viewing Cable Diagnostics
Configuring Port Mirroring Configuring Port Mirroring 205 Port mirroring monitors and mirrors network traffic by forwarding copies of incoming and outgoing packets from one port to a monitoring port. Port mirroring can be used as a diagnostic tool as well as a debugging feature. Port mirroring also enables switch performance monitoring. Network administrators can configure port mirroring by selecting a specific port from which to copy all packets, and other ports to which the packets copied.
CHAPTER 18: MANAGING DEVICE DIAGNOSTICS Defining Port Mirroring The Port Mirroring Setup Page contains parameters for configuring port mirroring. The monitor user has limited access to this page. To enable port mirroring: 1 Click Monitoring > Port Mirroring > Setup.
Configuring Port Mirroring 207 ■ Select port — Selects the port for mirroring or monitoring. A port unavailable for mirroring is colored grey. ■ Summary — Displays the current monitor and mirror ports. The fields displayed are: ■ Monitor — Displays the monitor port. ■ Mirror In — Displays ports that are monitored on the RX. ■ Mirror Out — Displays ports that are monitored on the TX. 2 Select a port type. 3 If the Mirror port type has been selected, select Mirror In and/or Mirror Out.
CHAPTER 18: MANAGING DEVICE DIAGNOSTICS Removing Port Mirroring The Port Mirroring Remove Page permits the network manager to terminate port mirroring or monitoring. The monitor users have no access to this page. To remove port mirroring: 1 Click Monitoring > Port Mirroring > Remove. The Port Mirroring Remove Page opens: Figure 102 Port Mirroring Remove Page The Port Mirroring Remove Page contains the following fields: ■ Monitor — Displays the monitor port.
Viewing Cable Diagnostics Viewing Cable Diagnostics 209 The Cable Diagnostics Summary Page contains fields for viewing tests on copper cables. Cable testing provides information about where errors occurred in the cable, the last time a cable test was performed, and the type of cable error which occurred. The tests use Time Domain Reflectometry (TDR) technology to test the quality and characteristics of a copper cable attached to a port. The monitor users have limited access to this page.
CHAPTER 18: MANAGING DEVICE DIAGNOSTICS Configuring Cable Diagnostics ■ Cable Fault Distance — Indicates the distance in meters from the port where the cable error occurred. ■ Last Update — Indicates the last time the port was tested. The Diagnostics Page contains fields for performing tests on copper cables. Cable testing provides information about where errors occurred in the cable, the last time a cable test was performed, and the type of cable error which occurred.
Viewing Cable Diagnostics 211 To test cables: 1 Click Monitoring > Cable Diagnostics > Diagnostics. The Diagnostics Page opens: Figure 104 Diagnostics Page The Diagnostics Page contains the following fields: ■ Select a Port — Selects the port to be tested. ■ Test Result — Displays the cable test results. Possible values are: ■ ■ No Cable — Indicates that a cable is not connected to the port, or the cable is connected on only one side or the cable is shorter than 1 meter.
A 3COM NETWORK MANAGEMENT 3Com has a range of network management applications to address networks of all sizes and complexity, from small and medium businesses through large enterprises. The applications include: ■ 3Com Network Supervisor ■ 3Com Network Director ■ 3Com Network Access Manager ■ 3Com Enterprise Management Suite ■ Integration Kit with HP OpenView Network Node Manager Details of these and other 3Com Network Management Solutions can be found at www.3com.
3Com Network Director 3Com Network Director 213 3Com Network Director (3ND) is a standalone application that allows you to carry out key management and administrative tasks on midsized networks. By using 3ND you can discover, map, and monitor all your 3Com devices on the network. It simplifies tasks such as backup and restore for 3Com device configurations as well as firmware and agent upgrades.
APPENDIX A: 3COM NETWORK MANAGEMENT 3Com Enterprise Management Suite 3Com Enterprise Management Suite (EMS) delivers comprehensive management that is flexible and scalable enough to meet the needs of the largest enterprises and advanced networks.
B Related Standards Environmental Physical DEVICE SPECIFICATIONS AND FEATURES The 3Com® Baseline Switch 2924-PWR Plus has been designed to the following standards: Function 8802-3, IEEE 802.3 (Ethernet), IEEE 802.3u (Fast Ethernet), IEEE 802.3ab (Gigabit Ethernet), IEEE 802.1D (Bridging) Safety UL 60950-1, EN 60950-1, CSA 22.2 No. 60950-1, IEC 60950-1 EMC Emissions EN55022 Class A, CISPR 22 Class A, FCC Part 15 Subpart B Class A, ICES-003 Class A, VCCI Class A, EN61000-3-2, EN61000-3-3.
APPENDIX B: DEVICE SPECIFICATIONS AND FEATURES Electrical Switch Features Line Frequency 50/60 Hz Input Voltage 100–240 Vac (auto range) Current Rating 5.1 Amp (Max) Maximum Power Consumption 350 Watts Max Heat Dissipation 1194.6 BTU/hr This section describes the device features.
Switch Features 217 Table 9 Features of the Baseline Switch 2924-PWR Plus (continued) Feature Description Command Line Interface The Command Line Interface (CLI) is an interface using a serial connection that allows basic features to be configured, including IP address management and firmware upgrading. The CLI is not intended as the main interface for the switch. Configuration File Management The device configuration is stored in a configuration file.
APPENDIX B: DEVICE SPECIFICATIONS AND FEATURES Table 9 Features of the Baseline Switch 2924-PWR Plus (continued) Feature Description LACP LACP uses peer exchanges across links to determine, on an ongoing basis, the aggregation capability of various links, and continuously provides the maximum level of aggregation capability achievable between a given pair of systems. LACP automatically determines, configures, binds and monitors the port binding within the system.
Switch Features 219 Table 9 Features of the Baseline Switch 2924-PWR Plus (continued) Feature Description Power over Ethernet Provides power to devices over LAN connection. RADIUS Clients RADIUS is a client/server-based protocol. A RADIUS server maintains a user database, which contains per-user authentication information, such as user name, password and accounting information.
APPENDIX B: DEVICE SPECIFICATIONS AND FEATURES Table 9 Features of the Baseline Switch 2924-PWR Plus (continued) Feature Description VLAN Support VLANs are collections of switching ports that comprise a single broadcast domain. Packets are classified as belonging to a VLAN based on either the VLAN tag or based on a combination of the ingress port and packet contents. Packets sharing common attributes can be grouped in the same VLAN.
C Null Modem Cable PIN-OUTS RJ-45 to RS-232 25-pin Switch 5500 Cable connector: RJ-45 female PC-AT Serial Cable PC/Terminal Cable connector: 25-pin male/female Screen TxD RxD Ground RTS CTS Shell 3 2 5 7 8 1 3 2 7 4 20 Screen RxD TxD Ground RTS DTR DSR DCD DTR 6 1 4 5 6 8 CTS DSR DCD only required if screen always required required for handshake RJ-45 to 9-pin Switch 5500 Cable connector: RJ-45 female PC-AT Serial Port Cable connector: 9-pin female Screen DTR TxD RxD CTS Ground Shell 4 3
APPENDIX C: PIN-OUTS Modem Cable RJ-45 to RS-232 25-pin Switch 5500 Cable connector: RJ-45 female Ethernet Port RJ-45 Pin Assignments Screen TxD RxD RTS CTS DSR Shell 3 2 7 8 6 Ground DCD DTR 5 1 4 RS-232 Modem Port Cable connector: 25-pin male 1 2 3 4 5 6 7 8 20 Screen TxD RxD RTS CTS DSR Ground DCD DTR 10/100 and 1000BASE-T RJ-45 connections.
Ethernet Port RJ-45 Pin Assignments Table 11 Pin assignments Pin Number 10/100 1000 1 Receive Data + Bidirectional Data B+ 2 Receive Data − Bidirectional Data B− 3 Transmit Data + Bidirectional Data A+ 4 Not assigned Bidirectional Data A− 5 Not assigned Bidirectional Data D+ 6 Transmit Data − Bidirectional Data D− 7 Not assigned Bidirectional Data C+ 8 Not assigned Bidirectional Data C− Ports configured as MDIX 223
D TROUBLESHOOTING This section describes problems that may arise when installing the and how to resolve these issue. This section includes the following topics: ■ Problem Management — Provides information about problem management. ■ Troubleshooting Solutions — Provides a list of troubleshooting issues and solutions for using the device. Problem Management Problem management includes isolating problems, quantifying the problems, and then applying the solution.
Troubleshooting Solutions Problems Possible Cause Cannot connect to management using RS-232 serial connection 225 Solution Be sure the terminal emulator program is set to VT-100 compatible, 38400 baud rate, no parity, 8 data bits and one stop bit Use the included cable, or be sure that the pin-out complies with a standard null-modem cable Cannot connect to switch management using HTTP, SNMP, etc.
APPENDIX D: TROUBLESHOOTING Problems Possible Cause Solution No connection and the port LED is off Incorrect ethernet cable, e.g., crossed rather than straight cable, or vice versa, split pair (incorrect twisting of pairs) Check pinout and replace if necessary Fiber optical cable connection is reversed Bad cable Wrong cable type Change if necessary.
E 3COM CLI REFERENCE GUIDE This section describes using the Command Line Interface (CLI) to manage the device. The device is managed through the CLI from a direct connection to the device console port Getting Started with the Command Line Interface Console Port Using the CLI, network managers enter configuration commands and parameters to configure the device. Using the CLI is very similar to entering commands on a UNIX system.
APPENDIX E: 3COM CLI REFERENCE GUIDE 3 Press Enter. The Password prompt displays: Password: The Login information is verified, and displays the following CLI menu: Select menu option# If the password is invalid, the following message appears and Login process restarts. Incorrect Password Automatic Logout The user session is automatically terminated after 30 minutes in which no device configuration activity has occurred. The following message is displayed: Session closed by automatic logout.
CLI Commands ? 229 The ? command displays a list of CLI commands on the device. Syntax ? Default Configuration This command has no default configuration. User Guidelines There are no user guidelines for this command. Example The following displays the list presented for the ? command: Select menu option#? initialize Reset the device to factory default and reboot. ipsetup Configures IP address logout Logout from this session. ping Send echo messages reboot Power cycles the device.
APPENDIX E: 3COM CLI REFERENCE GUIDE Ping The Ping command sends ICMP echo request packets to another node on the network. Syntax ping [IP address | URL| hostname] Parameters ■ IP Address — IP address to ping. ■ URL — URL address to ping. ■ hostname — hostname to ping. (Range: 1 - 158 characters) Default Configuration This command has no default configuration. User Guidelines There are no user guidelines for this command.
CLI Commands Summary 231 The Summary command displays the current IP configuration and software versions running on the device. It is intended for devices that support separate runtime and bootcode Images. Syntax summary Default Configuration This command has no default configuration. User Guidelines There are no user guidelines for this command.
APPENDIX E: 3COM CLI REFERENCE GUIDE ipSetup The ipSetup command allows the user to define an IP address on the device either manually or via a DHCP server. Syntax ipSetup [dhcp| ip-address mask [default-gateway ip-address]] Parameters ■ ■ dhcp — Specifies the IP address is acquired automatically from the Dynamic Host Configuration Protocol (DHCP) server. ip-address mask— Specifies that the IP address and default gateway are configured manually by the user (Range: 0.0.0.0. 223.255.255.255).
CLI Commands Upgrade 233 The Upgrade command starts a system download and thereby allowing a system upgrade. Syntax upgrade [TFTP Server IP Address|Destination File Name| File Type] Parameters ■ TFTP Server IP Address — Defines the TFTP server’s IP address. ■ Source File Name — Specifies the source file name. ■ File Type — Defines the file type to be downloaded. The possible values are: runtime — Downloads the runtime software application file. ■ bootcode — Downloads the bootcode software file.
APPENDIX E: 3COM CLI REFERENCE GUIDE Initialize The Initialize command resets the device configuration to factory defaults, including the IP configuration. Syntax Initialize Default Configuration This command has no default configuration. User Guidelines The system prompts for confirmation of the request. If no response is entered within 15 seconds, timeout occurs and the command is not executed.
CLI Commands Reboot 235 The Reboot command simulates a power cycle of the device. Syntax reboot Default Configuration This command has no default configuration. User Guidelines There are no user guidelines for this command.
APPENDIX E: 3COM CLI REFERENCE GUIDE Logout The Logout command terminates the CLI session. Syntax logout Default Configuration This command has no default configuration. User Guidelines There are no user guidelines for this command. Example Select menu option: logout exiting session...
CLI Commands Password 237 The Password command changes the user’s password. Syntax password Default Configuration This command has no default configuration. User Guidelines The user needs to login to the session in order to change the password. Example Select menu option: password Change password for user: username Old password: Enter new password: Retype password: The command line interface password has been successfully changed.
F GLOSSARY Access Control List (ACL) ACLs can limit network traffic and restrict access to certain users or devices by checking each packet for certain IP or MAC (i.e., Layer 2) information. Address Resolution Protocol (ARP) ARP converts between IP addresses and MAC (i.e., hardware) addresses. ARP is used to locate the MAC address corresponding to a given IP address.
Extensible Authentication Protocol over LAN (EAPOL) Generic Multicast Registration Protocol (GMRP) EAPOL is a client authentication protocol used by this switch to verify the network access rights for any device that is plugged into the switch. A user name and password is requested by the switch, and then passed to an authentication server (e.g., RADIUS) for verification. EAPOL is implemented as part of the IEEE 802.1X Port Authentication standard.
APPENDIX F: GLOSSARY Internet Control Message Protocol (ICMP) Internet Group Management Protocol (IGMP) In-Band Management IP Multicast Filtering A network layer protocol that reports errors in processing IP packets. ICMP is also used by routers to feed back information about better routing choices. A protocol through which hosts can register with their local router for multicast services.
Multicast Switching Out-of-Band Management Port Authentication Port Mirroring Port Trunk A process whereby the switch filters incoming multicast frames for services for which no attached host has registered, or forwards them to all ports contained within the designated multicast VLAN group. Management of the network from a station not attached to the network. See IEEE 802.1X. A method whereby data on a target port is mirrored to a monitor port for troubleshooting with a logic analyzer or RMON probe.
APPENDIX F: GLOSSARY Remote Authentication Dial-in User Service (RADIUS) RADIUS is a logon authentication protocol that uses software running Remote Monitoring (RMON) RMON provides comprehensive network monitoring capabilities. It eliminates the polling required in standard SNMP, and can set alarms on a variety of traffic conditions, including specific error types.
IP-like services. UDP packets are delivered just like IP packets – connection-less datagrams that may be discarded before reaching their targets. UDP is useful when TCP would be too complex, too slow, or just unnecessary. Virtual LAN (VLAN) XModem A Virtual LAN is a collection of network nodes that share the same collision domain regardless of their physical location or connection point in the network.
G OBTAINING SUPPORT FOR YOUR 3COM PRODUCTS 3Com offers product registration, case management, and repair services through eSupport.3com.com. You must have a user name and password to access these services, which are described in this appendix. Register Your Product to Gain Service Benefits To take advantage of warranty and other service benefits, you must first register your product at: http://eSupport.3com.
Access Software Downloads 245 Contact your authorized 3Com reseller or 3Com for additional product and support information. See the table of access numbers later in this appendix. Access Software Downloads You are entitled to bug fix / maintenance releases for the version of software that you initially purchased with your 3Com product. To obtain access to this software, you need to register your product and then use the Serial Number as your login. Restricted Software is available at: http://eSupport.
APPENDIX G: OBTAINING SUPPORT FOR YOUR 3COM PRODUCTS To send a product directly to 3Com for repair, you must first obtain a return materials authorization number (RMA). Products sent to 3Com without authorization numbers clearly marked on the outside of the package will be returned to the sender unopened, at the sender’s expense. If your product is registered and under warranty, you can obtain an RMA number online at http://eSupport.3com.com/. First-time users must apply for a user name and password.
Contact Us Country Telephone Number Country 247 Telephone Number You can also obtain support in this region using this URL: http://emea.3com.com/support/email.html You can also obtain non-urgent support in this region at these email addresses: Technical support and general requests: customer_support@3com.com Return material authorization: warranty_repair@3com.com Contract requests: emea_contract@3com.
REGULATORY NOTICES FCC STATEMENT This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications.