Management Software ® AT-S39 ◆ User’s Guide AT-8012M, AT-8016F/xx (SC or MT), AT-8024, AT-8024GB, AT-8024M, AT-8026FC, AT-8088/xx (SC or MT) FAST ETHERNET SWITCHES VERSION 3.1.
Copyright 2003 Allied Telesyn, Inc. 960 Stewart Drive Suite B, Sunnyvale, CA 94085 USA All rights reserved. No part of this publication may be reproduced without prior written permission from Allied Telesyn, Inc. Microsoft is a registered trademark of Microsoft Corporation, Netscape Navigator is a registered trademark of Netscape Communications Corporation.
Table of Contents List of Figures ........................................................................................................................................................................................................ 9 Preface ....................................................................................................................................................................................................................12 How This Guide is Organized .......................
Table of Contents Chapter 3 Basic Switch Parameters ................................................................................................................................................................................ 36 When Does a Switch Need an IP Address? ................................................................................................................................................. 37 How Do You Assign an IP Address?...........................................................
Enabling or Disabling STP or RSTP .............................................................................................................................................................. 105 Configuring STP ................................................................................................................................................................................................. 106 Configuring a Bridge’s STP Settings .................................................................
Table of Contents Chapter 14 Class of Service .................................................................................................................................................................................................174 Class of Service Overview ...............................................................................................................................................................................175 Configuring CoS ...............................................
Section III Web Browser Management ........................................................................................................ 226 Chapter 21 Starting a Web Browser Management Session ................................................................................................................................ 227 Starting a Web Browser Management Session ......................................................................................................................................
Table of Contents Chapter 30 MAC Address Table ........................................................................................................................................................................................289 Viewing the MAC Address Table ..................................................................................................................................................................290 Adding Static and Multicast MAC Addresses ......................................
List of Figures Figure 1: Connecting a Terminal or PC to the RS232 Terminal Port ................................................................................................. 30 Figure 2: Main Menu .......................................................................................................................................................................................... 32 Figure 3: Administration Menu .........................................................................................
List of Figures Figure 38: Create VLAN Menu ...................................................................................................................................................................... 139 Figure 39: Modifying a VLAN Menu ........................................................................................................................................................... 144 Figure 40: Show VLANs Menu - User Configured ..........................................................
Figure 93: Forwarding Database Tab ........................................................................................................................................................ Figure 94: Add Static MAC Address Menu .............................................................................................................................................. Figure 95: IGMP Menu - Configuration .........................................................................................................
Preface This guide contains instructions on how to configure an AT-8000 Series Fast Ethernet Switch using the AT-S39 management software. The AT-8000 Series consists of the following Fast Ethernet switches: ❑ AT-8012M ❑ AT-8016F/xx (SC or MT) ❑ AT-8024 ❑ AT-8024GB ❑ AT-8024M ❑ AT-8026FC ❑ AT-8088/xx (SC or MT) How This Guide is Organized This manual is divided into three sections. Section I: Overview This section contains just one chapter.
AT-S39 User’s Guide A local management session is established by connecting a terminal or PC to the RS-232 Terminal Port on the front panel of the switch. A Telnet management session is established using the Telnet application protocol. This type of management session can be performed from any workstation on your network that has the application protocol.
Section II: Local and Telnet Management Document Conventions This document uses the following conventions: Note Notes provide additional information. Warning Warnings inform you that performing or omitting a specific action may result in bodily injury. Caution Cautions inform you that performing or omitting a specific action may result in equipment damage or loss of data.
AT-S39 User’s Guide Where to Find Web-based Guides The installation and user guides for all Allied Telesyn products are available in Portable Document Format (PDF) from on our web site at www.alliedtelesyn.com. You can view the documents on-line or download them onto a local workstation or server.
Section II: Local and Telnet Management Contacting Allied Telesyn To contact Technical Support by phone, find your country or region in the table below.
AT-S39 User’s Guide Management Software Updates New releases of management software for our managed products are available from our web site at www.alliedtelesyn.com and our FTP server at ftp.alliedtelesyn.com. To use the FTP server, enter ‘anonymous’ for the user name when you log in and your e-mail address for the password.
Section I Overview This section provides a brief overview of the AT-S39 management software. It explains some of the functions that you can perform with the management software and reviews different methods for accessing the AT-S39 software on an AT-8000 Series Fast Ethernet Switch.
Chapter 1 Overview The AT-S39 management software is intended for the AT-8000 Series Fast Ethernet Switches. The software is used to monitor and adjust a switch’s operating parameters.
Section I: Overview The AT-S39 management software comes pre-installed on the switch with default settings for all operating parameters. If the default settings are adequate for your network, you can use the switch as an unmanaged switch simply by connecting the unit to your network, as explained in the hardware installation guide, and powering ON the device. Note The default settings for the management software can be found in Appendix A, AT-S39 Default Settings on page 312.
AT-S39 User’s Guide Local Management Session You can establish a local management session with an AT-8000 Series switch by connecting a terminal or a PC with a terminal emulator program to the RS232 Terminal port on the front panel of the switch, using a straight-through RS-232 cable. This type of management session is referred to as “local” because you must be physically close to the switch, such as in the wiring closet where the switch is located.
Section I: Overview Telnet Management Session Any management workstation on your network that has the Telnet application protocol can be used to manage an AT-8000 Series switch. This type of management session is referred to in this guide as a remote management session because you do not have to be in the wiring closet where the switch you want to manage is located. You can manage the switch from any workstation on the network that has the application protocol.
AT-S39 User’s Guide Web Browser Management Session You can also use a web browser to manage a switch. This too is referred to as remote management, just like a Telnet management session. You can manage a switch from any workstation on your network that has a web browser. Note For instructions on starting this type of management session, refer to Starting a Web Browser Management Session on page 227.
Section I: Overview SNMP Management Session Another way to remotely manage the switch is with an SNMP management program. A familiarity with Management Information Base (MIB) objects is necessary for this type of management.
AT-S39 User’s Guide Management Access Levels There are two levels of management access on an AT-8000 Series switch: Manager and Operator. When you log in as a Manager, you can view and configure all of a switch’s operating parameters. When you log in as an Operator, you can only view the operating parameters; you cannot change any values. You log in as a manager or an operator by entering the appropriate password when you start an AT-S39 management session.
Section II Local and Telnet Management The chapters in this section explain how to manage an AT-8000 Series switch from a local or Telnet management session.
AT-S80 User’s Guide page 200 ❑ Chapter 19: Ethernet Statistics on page 208 ❑ Chapter 20: File Downloads and Uploads on page 213 27
Chapter 2 Starting a Local or Telnet Management Session This chapter contains the procedure for starting a local or Telnet management session on an AT-8000 Series switch.
AT-S39 User’s Guide Local Management Session On the front panel of the switch is a port labelled RS232 Terminal Port. You use this port to establish a local management session with the switch’s AT-S39 management software. A local management session is so named because you must be close to the switch, usually within a few meters, to start this type of management session. This typically means that you must be in the wiring closet where the switch is located.
Section II: Local or Telnet Management Starting a Local Management Session To start a local management session, perform the following procedure: 1. Connect one end of a straight-through RS232 cable with a DB-9 connector to the RS232 Terminal Port on the switch. POR TB RS- DE 232 LINK MOD E TER MIN AL P ORT FAU LT MAS TER PWR Figure 1 Connecting a Terminal or PC to the RS232 Terminal Port 2.
AT-S39 User’s Guide Note The switch has an auto-detect feature on the serial port that auomatically determines the speed of the local terminal. Activate this feature by pressing the Return or Enter key twice on your keyboard when you initially start the local interface or within five seconds after powering on or resetting the switch. The switch responds by determining the speed of the terminal and automatically configuring the speed of the RS232 Terminal Port accordingly.
Section II: Local or Telnet Management The Main Menu is displayed. Allied Telesyn Ethernet Switch AT-8024GB Login Privilege: Manager Main Menu 1 - Port Menu 2 - VLAN Menu 3 - Spanning Tree Menu 4 - Administration Menu 5 - System Config Menu 6 - MAC Address Tables 7 - Ethernet Statistics 8 - Diagnostics 9 - Enhanced Stacking C - Command Line Interface Q - Quit Figure 2 Main Menu To select a menu item, type the corresponding letter or number.
AT-S39 User’s Guide Enhanced Stacking When you start a local management session on a switch that has been designated as the Master switch of an enhanced stack, you can manage all the switches in the same subnet from the same management session. This can save you the time and trouble of having to start a separate local management session each time you want to manage a switch in your network. It can also save you from having to go to the different wiring closets where the switches are located.
Section II: Local or Telnet Management Telnet Management Session You can use the Telnet application protocol from a workstation on your network to manage an AT-8000 Series switch. This type of management is referred to as remote management because you do not have to be physically close to the switch to start the session, such as with a local management session. Any workstation on your network that has the application protocol can be used to manage the switch.
AT-S39 User’s Guide Note You can run only one Telnet management session on a switch at a time. Additionally, you cannot run both a Telnet management session and a local management session on the same switch at the same time. Quitting from a Telnet Management Session To end a Telnet management session, return to the Main Menu and type Q for Quit.
Chapter 3 Basic Switch Parameters This chapter contains a variety of information and procedures. There is a discussion on when to assign an IP address to a switch and the different ways that you can go about it. There are also procedures for resetting the switch, activating the original switch default settings, and more.
AT-S39 User’s Guide When Does a Switch Need an IP Address? One of the tasks to building or expanding a network is deciding which of the managed switches need to be assigned unique IP addresses. The rule used to be that a managed switch needed an IP address if you wanted to manage it remotely, such as with the Telnet application protocol. However, if a network contained a lot of managed switches, having to assign each one an IP address was often cumbersome and time consuming.
Section II: Local and Telnet Management How Do You Assign an IP Address? Once you have decided which, if any, switches on your network need an IP address, you have to access the AT-S39 software on the switches and assign the addresses. There are actually two ways in which a switch can obtain an IP address. The first method is for you to assign the IP configuration information manually. The procedure for this is explained in Configuring an IP Address and Switch Name on page 39.
AT-S39 User’s Guide Configuring an IP Address and Switch Name The procedure in this section explains how to manually assign an IP address, subnet mask, and gateway address to the switch from a local or Telnet management session. (If you want the switch to obtain its IP configuration from a DHCP or BOOTP server on your network, go to the procedure Activating the BOOTP and DHCP Services on page 42.
Section II: Local and Telnet Management 2. Change the parameters as desired. The parameters in the IP Parameters menu are described below: 1 - IP Address This parameter specifies the IP address of the switch. You must specify an IP address if you intend to remotely manage the switch using a web browser, a Telnet utility, or an SNMP management program, or if you want a switch to function as the Master switch of an enhanced stack. 2 - Subnet Mask This parameter specifies the subnet mask for the switch.
AT-S39 User’s Guide 9 - Reset Switch This selection resets the switch. A - Server-based Authentication This selection is used to configure the TACACS+ and RADIUS authentication protocols on the switch. For information on this feature, refer to Chapter 17, TACACS+ and RADIUS Protocols on page 191. Downloads and Uploads For information on this selection, refer to Chapter 20, File Downloads and Uploads on page 213.
Section II: Local and Telnet Management Activating the BOOTP and DHCP Services The BOOTP and DHCP application protocols were developed to simplify network management. They are used to automatically assign IP configuration information to the devices on your network, such as an IP address, subnet mask, and a default gateway address. An AT-8000 Series switch supports these protocols and can obtain its IP configuration information from a BOOTP or DHCP server on your network.
AT-S39 User’s Guide Note If you activated BOOTP/DHCP, the switch immediately begins to query the network for a BOOTP or DHCP server. The switch continues to query the network for its IP configuration until it receives a response.
Section II: Local and Telnet Management Configuring SNMP Community Strings and Trap IP Addresses To configure the SNMP community strings for the switch and to assign up to four IP addresses of management stations to receive traps from the switch, perform the following procedure: Note SNMP access is disabled by default. To enable SNMP access, refer to Configuring Management Access on page 51. 1. From the Main Menu, type 5 to select System Config Menu. The System Configuration Menu in Figure 4 is displayed.
AT-S39 User’s Guide 2. From the System Configuration Menu, type A to select Advanced Configuration. The Advanced Configuration menu in Figure 5 is displayed. Allied Telesyn AT-8024 Ethernet Switch Login Privilege: Manager Advanced Configuration Menu 1 - IGMP Snooping Configuration 2 - Broadcast Timers Setup 3 - SNMP Configuration R - Return to Previous Menu Enter your selection: Figure 5 Advanced Configuration Menu 3. From the Advanced Configuration menu, type 3 to select SNMP Configuration.
Section II: Local and Telnet Management 4. Adjust the parameters as desired. To change a value, type its corresponding number and, when prompted, enter the new value. The parameters are described below. 1 - GET Community 2 - SET Community 3- Trap Community Use these parameters to set a switch’s SNMP community strings.
AT-S39 User’s Guide Resetting a Switch To reset a switch, perform the following procedure: 1. From the Main Menu, type 4 to select Administrator Menu. 2. From the Administrator Menu, type 9 to select Reset Switch. The following prompt is displayed: Do you want to proceed with the switch reboot? [Yes/No] -> 3. Type Y to reset the switch or N to cancel this procedure. The following prompt is displayed: Please press key TWICE to proceed with the Switch Reset... 4. Press the Return key twice.
Section II: Local and Telnet Management Configuring the AT-S39 Software Security Features The AT-S39 software has several security features that can help prevent unauthorized individuals from changing the parameter settings of an AT-8000 Series switch. The security features are: ❑ Manager and Operator Passwords - The management software has two standard, management login accounts: Manager and Operator.
AT-S39 User’s Guide You log in as a Manager or an Operator by entering the appropriate password when you start an AT-S39 management session. The default password for Manager access is “friend”. The default password for Operator access is “operator”. Logins and passwords are case-sensitive. To change the Manager or Operator password, perform the following procedure: 1. From the Main Menu, type 4 to select Administrator Menu. 2. From the Administrator Menu, type 7 to select Set Password.
Section II: Local and Telnet Management Caution You should not use spaces or special characters, such as asterisks (*) and exclamation points (!), in a password if you will be managing the switch from a web browser. Many web browsers cannot handle special characters in passwords.
AT-S39 User’s Guide Configuring Management Access To configure the console timer, web access, SNMP access, and TFTP server security features of the AT-S39 management software, perform the following procedure: 1. From the Main Menu, type 5 to select System Config Menu. The System Configuration Menu Figure 4 on page 44 is displayed. 2. To configure the console timer, type 3 to select Console Disconnect Timer Interval and, when prompted, enter a value of from 1 to 60 minutes.
Section II: Local and Telnet Management Viewing the AT-S39 Version Number and Switch MAC Address The procedure in this section displays the following switch information: ❑ AT-S39 version number ❑ Bootloader version number ❑ Serial number ❑ MAC Address To display the information, type 8 to select Diagnostics from the Main Menu. The Diagnostics menu in Figure 8 is displayed. Allied Telesyn Ethernet Switch AT-8024 Login Privilege: Manager Diagnostics 1 - Application Software Version .... AT-S39 v3.1.
AT-S39 User’s Guide Pinging a Remote System You can instruct the switch to ping a remote device on your network. This procedure is useful in determining whether a valid link exists between the switch and another device. To ping a network device, perform the following procedure: 1. From the Main Menu, type 4 to select Administration Menu. 2. From the Administration Menu, type P to select Ping a Remote System. The following prompt is displayed: Please enter an IP address -> 3.
Section II: Local and Telnet Management Returning the AT-S39 Software to the Factory Default Values The procedure in this section returns all AT-S39 software parameters to their default values. This procedure also deletes any VLANs that you have created on the switch. Note The AT-S39 software default values can be found in Appendix A, AT-S39 Default Settings on page 312. To return the AT-S39 management software to its default settings, perform the following procedure: 1.
AT-S39 User’s Guide Configuring the Console Startup Mode You can configure the AT-S39 software to display either the Main Menu or the command line interface prompt ($) whenever you start a local management session. The default is the Main Menu. To change the console startup mode, perform the following procedure: 1. From the Main Menu, type 5 to select System Config Menu. 2. From the System Configuration Menu, type 6 to select Console Startup Mode.
Section II: Local and Telnet Management Configuring BALUN Cable Detection You can configure the AT-S39 software to detect loopback cables for all 10/100/1000 copper ports. When a loopback cable is detected, the port is set to MANUAL/10/HDX/MDIX and a message is displayed on the console. When the loopback cable is replaced with a good cable, the original port settings are restored. To configure the switch to enable or disable balun cable detection, perform the following procedure: 1.
Chapter 4 Enhanced Stacking This chapter explains the enhanced stacking feature. The sections in this chapter include: ❑ Enhanced Stacking Overview on page 58 ❑ Setting a Switch’s Enhanced Stacking Status on page 61 ❑ Selecting a Switch in an Enhanced Stack on page 63 Note When managing the remote/telnet interface do not reset the IP address to null. This will cause disconnection without local management intervention.
Section II: Local and Telnet Management Enhanced Stacking Overview The enhanced stacking feature can make it easier for you to manage the AT-8000 Series switches in your network. It offers the following benefits: ❑ You can manage up to 24 switches from one local or remote management session. This eliminates the need of having to initiate a separate management session for each switch in your network. ❑ The switches can share the same IP address.
AT-S39 User’s Guide 2. You must assign the master switch an IP address and subnet mask. A master switch must have an IP address and subnet mask. The other switches in an enhanced stack, referred to as slave switches, do not. If an enhanced stack will have more than one master switch, you must assign each master switch a unique IP address.
Section II: Local and Telnet Management Figure 9 is an example of the enhanced stacking feature. Master 1 IP Address 149.32.11.22 Master 2 IP Address Subnet A 149.32.11.16 Router TROP LANIMRET 232-SR TLUAF RETSAM RWP Subnet B Master 1 IP Address 149.32.09.18 Master 2 IP Address 149.32.09.24 Figure 9 Enhanced Stacking Example The example consists of a network of two subnets interconnected with a router.
AT-S39 User’s Guide Setting a Switch’s Enhanced Stacking Status The enhanced stacking status of the switch can be master switch, slave switch, or unavailable. Each status is described below: ❑ Master switch - A master switch of a stack can be used to manage all the other AT-8000 Series switches in a subnet. Once you establish a local or remote management session with the Master switch, you can access and manage all the switches in the subnet. A master switch must have a unique IP address.
Section II: Local and Telnet Management The menu displays the current status of the switch at the end of selection “1 - Switch State.” For example, the switch’s current status in the figure above is Master. Note The “2 - Stacking Services” selection in the menu is available only on master switches. 2. To change a switch’s stacking status, type 1 to select Switch State. The following prompt is displayed. Enter new setup (M/S/U) -> 3.
AT-S39 User’s Guide Selecting a Switch in an Enhanced Stack The first thing that you should do before performing any procedure on a switch in an enhanced stack is check to be sure that you are performing it on the correct switch. If you assigned system names to your switches, this should be easy. The name of the switch being managed is always displayed at the top of every management menu.
Section II: Local and Telnet Management 3. Type G to select Get/Refresh List of Switches. The Master switch polls the network for all slave and Master switches in the subnet and displays a list of the switches in the Stacking Services menu. Note The Master switch on which you started the management session is not included in the list, nor are any switches with an enhanced stacking status of Unavailable.
Chapter 5 Port Parameters The chapter contains procedures for viewing and changing the parameter settings for the individual ports on a switch.
Section II: Local and Telnet Management Displaying Port Status To display the status of the ports on the switch, perform the following procedure: 1. From the Main Menu, type 1 to select Port Menu. The Port Menu in Figure 12 is displayed.
AT-S39 User’s Guide The Port Status window is displayed (see Figure 13).
Section II: Local and Telnet Management MDIO The operating configuration of the port. Possible values are Auto, MDI, MDI-X. The status Auto indicates that the port is automatically determining the appropriate MDI or MDI-X setting. Spd The operating speed of the port. Possible values are: 10 - 10 Mbps 100 - 100 Mbps 1000 - 1000 Mbps (AT-8024GB switch only) Dplx The duplex mode of the port. Possible values are half-duplex and full-duplex. PVID The port VLAN identifier currently assigned to the port.
AT-S39 User’s Guide Configuring Port Parameters To configure the parameter settings for a port on the switch, perform the following procedure: 1. From the Main Menu, type 1 to select Port Menu. 2. From the Port Menu, type 1 to select Port Configuration. The following prompt is displayed: Enter Ports List -> 3. Enter the number of the port you want to configure and press Return. To configure a range of ports, enter the first port of the range.
Section II: Local and Telnet Management Note The example Port Configuration menu in the figure above is for a 10/100 Mbps twisted pair port. The menu for a fiber optic port, a GBIC module, or a stacking module will contain a subset of the parameters. 5. Adjust the port parameters as desired. You adjust a parameter by typing its number. This toggles the parameter through its possible settings. The parameters are described below. 0 - Status You use this selection to enable or disable a port.
AT-S39 User’s Guide Flow Control Flow control applies only to ports operating in full-duplex mode. The switch uses a special pause packet to stop the end node from sending frames. The pause packet notifies the end node to stop transmitting for a specified period of time. Possible settings are: None - No flow control on the port. Transmit - Flow control only as packets are being transmitted out the port. Receive - Flow control only on as packets are being received on the port.
Section II: Local and Telnet Management B - Broadcast Control For background information on this selection and instructions on how to set the option, refer to Broadcast Storm Control Overview on page 186 and Configuring the Maximum Broadcast Frame Count on page 190. 6. Once you have set the port parameters, type S to select Save Configuration Changes. Configuration changes are immediately activated on a port. The Port configuration menu features a Reset Port selection.
AT-S39 User’s Guide Displaying Uplink Information The AT-S39 management software can display basic manufacturer information about a GBIC module in an AT-8024GB switch or the fiber optic ports in an AT-8026FC switch. To display uplink information, perform the following procedure: 1. From the Main Menu, type 8 to select Diagnostics. 2. From the Diagnostics menu, type 7 to select Uplink Information. The GBIC Information menu in Figure 15 is displayed.
Section II: Local and Telnet Management The management software displays a menu containing basic information about the GBIC module. Figure 16 is an example of the menu. Allied Telesyn AT-8024GB Ethernet Switch Login Privilege: Manager Uplink Information Menu Port Number ................... 25 Type of Serial Tranceiver ..... Unknown Extended Serial Tranceiver .... Module Not Defined Connector Type ................ Unknown Elect/Opt Tranceiver .......... Serial Encoding ...............
Chapter 6 Port Security This chapter contains the procedures for setting port security. The sections in this chapter include: ❑ Port Security Overview on page 76 ❑ Configuring Port Security on page 78 ❑ Configuring the Limited Security Mode on page 80 Note Port security does not apply to ports on GBIC modules in an AT-8024GB switch. Note Port security can only be set through a local management session, You cannot set port security from a Telnet, Web, or SNMP management session.
Section II: Local and Telnet Management Port Security Overview The port security feature can enhance the security of your network. You can use the feature to control the number of MAC addresses learned on the ports, and so control the number of network devices that can forward frames through the switch. There are four levels of port security. Only one security level can be active on a switch at a time. Automatic This operating mode disables port security.
AT-S39 User’s Guide Secure This security level instructs the switch to forward frames based solely on static MAC addresses. When this security level is activated, the switch deletes all dynamic MAC addresses and disables the MAC address table so that no new addresses can be learned. The switch also deletes any addresses in the static MAC address table. Once you have activated this security level, you must enter the static MAC addresses of the nodes whose frames the switch should forward.
Section II: Local and Telnet Management Configuring Port Security Note Port security can only be set through a local management session. You cannot set port security from a Telnet management session or from a web browser management session. To set a switch’s port security level, perform the following procedure: 1. From the Main Menu, type 1 to select Port Menu. 2. From the Port Menu, type 5 to select Port Security. The Port Security menu in Figure 17 is displayed.
AT-S39 User’s Guide page 80. ❑ To forward frames based solely on static MAC addresses, type S to select the Secured mode. After activating this security mode, you must enter the static MAC addresses of the nodes with frames the switch is to forward. For instructions on how to add static MAC addresses, refer to Adding Static and Multicast MAC Addresses on page 171.
Section II: Local and Telnet Management Configuring the Limited Security Mode The Limited security mode lets you set a maximum number of dynamic MAC addresses each port on a switch can learn. When you activate this security level, the switch deletes all MAC addresses in the dynamic MAC address table and immediately begins to learn new addresses as frames are received on the ports.
AT-S39 User’s Guide 4. Type 2 to select Configure Limited Mode Parameters. The following prompt is displayed: Enter ports list: 5. Enter the port(s) where you want to specify a new MAC address limit. You can specify the ports individually (e.g., 1,4), as a range (e.g., 4-7), or both (e.g., 2-7,11,15). The following prompt is displayed: Enter new MAC limit -> [1 to 150] -> 6. Enter the maximum number of dynamic MAC addresses you want the port to be able to learn and press Return.
Chapter 7 Port Trunking This chapter contains the procedures for creating and deleting port trunks.
AT-S39 User’s Guide Port Trunking Overview Port trunking is an economical way for you to increase the bandwidth between two Ethernet switches. A port trunk is 2, 3, or 4 ports that have been grouped together to function as one logical path. A port trunk increases the bandwidth between switches and is useful in situations where a single physical data link between switches is insufficient to handle the traffic load.
❑ When cabling a trunk, the order of the connections should be maintained on both nodes. The lowest numbered port in a trunk on the switch should be connected to the lowest numbered port of the trunk on the other device, the next lowest numbered port on the switch should be connected to the next lowest numbered port on the other device, and so on. For example, assume that you are connecting a trunk between two AT-8024 switches. On the first AT-8024 switch you had chosen ports 12, 13, 14, 15 for the trunk.
AT-S39 User’s Guide The switch assigns source addresses so as to evenly distribute the addresses, or at least as much as possible, across all the ports of the trunk. The intent is to try and ensure that all links in the trunk are utilized. Here is an example. Figure 20 shows two AT-8000 Series Switches, an AT8024 (Switch #1) and an AT-8024GB (Switch #2) interconnected with a port trunk of three data links. The trunk on Switch #1 consists of Ports 13 to 15 and on Switch #2 of Ports 1 to 3.
Now assume that you configured the port trunk on Switch #1 for SA load distribution. The switch might distribute the load as follow: Table 1 Switch #1 Load Distribution Source Workstation Source MAC Address Trunk Port A 00A0EE 2313A3 13 B 00A134 1A9032 14 C 00A301 9083B2 15 D 001B21 87C6D6 14 For example, when Workstation B sends a packet to the server, Switch #1 will use Port 14 of the trunk to transmit it to Switch #2.
AT-S39 User’s Guide So now let’s look at the SA/DA method. A switch using the SA/DA method creates a matrix of the source and destination MAC addresses and then uses the matrix to determine which port in the trunk a frame is to be transmitted. With this method, packets from a particular source node might be sent over different data links in a trunk when sent to different destination addresses. So let’s take a look at how this might look in practice.
Table 3 Trunk Port Assignments in an SA/DA Matrix Destinations Addresses Source Addresses 00A0EE 2313A3 00A134 1A9032 00A301 9083B2 001B21 87C6D6 00B012 DA0231 1 2 3 1 001230 DA2943 2 3 1 2 0042AA D45A21 3 1 2 3 00456A C23521 1 2 3 1 The bottom line is that the SA/DA method is more flexible than the SA method. A general rule to follow is if you are not sure which load distribution to choose, you should probably go with SA/DA.
AT-S39 User’s Guide Creating a Port Trunk This section contains the procedure for creating a port trunk on the switch. Be sure to review the guidelines in Port Trunking Overview on page 83 before performing the procedure. Caution Do not connect the cables to the trunk ports on the switches until after you have configured the trunk with the management software. Connecting the cables before configuring the software will create a loop in your network topology.
3. Type 1 to select Trunk Ports. The following prompt is displayed. Enter Trunk Port(s) -> 4. Enter the ports that will constitute the port trunk and press Return. You can specify the ports individually (e.g., 1,2,3,4) or as a range (e.g., 7-10). Once you have specified the ports of the trunk, the following menu selection appears: 2 - Trunk Method ....... SA/DA trunking You can use this selection to specify the load distribution method. The default is SA/DA. 5.
AT-S39 User’s Guide Deleting a Port Trunk Caution Disconnect the cables from the port trunk on the switch before performing the following procedure. Deleting a port trunk without first disconnecting the cables can create loops in your network topology. Data loops can result in broadcast storms and poor network performance. To delete a port trunk from the switch, perform the following procedure: 1. From the Main Menu, type 1 to select Port Menu. 2. From the Port Menu, type 3 to select Port Trunking.
Chapter 8 Port Mirroring This chapter contains the procedures for creating and deleting a port mirror.
AT-S39 User’s Guide Port Mirroring Overview The port mirroring feature allows you to unobtrusively monitor the traffic being received and transmitted on one or more ports on a switch by having the traffic copied to another switch port. You can connect a network analyzer to the port where the traffic is being copied and monitor the traffic on the other ports without impacting network performance or speed.
Creating a Port Mirror To create a port mirror, perform the following procedure: 1. From the Main Menu, type 1 to select Port Menu. 2. From the Port Menu, type 2 to select Port Mirroring. The Port Mirroring menu in Figure 22 is displayed. Allied Telesyn Ethernet Switch AT-8024 Login Privilege: Manager Port Mirroring 1 - Mirror (Destination) Port ....... None 2 - Mirroring (Source) Port(s) ......
AT-S39 User’s Guide Deleting a Port Mirror To delete a port mirror, perform the following procedure: 1. From the Main Menu, type 1 to select Port Menu. 2. From the Port Menu, type 2 to select Port Mirroring. The Port Mirroring menu in Figure 22 on page 94 is displayed. 3. Type 1 to select Mirror (Destination) Port. The following prompt is displayed. Enter mirror port (0=None) [0 to 24] -> 4. Enter 0 and press Return. 5. Type S to select Save Configuration Changes. The port mirror on the switch is deleted.
Chapter 9 STP and RSTP This chapter provides background information on the Spanning Tree Protocol (STP) and Rapid Spanning Tree Protocol (RSTP). The chapter also contains procedures on how to adjust the STP and RSTP bridge and port parameters. The sections in this chapter include: ❑ STP and RSTP Overview on page 97 ❑ Enabling or Disabling STP or RSTP on page 105 ❑ Configuring STP on page 106 ❑ Configuring RSTP on page 110 Note For detailed information on the Spanning Tree Protocol, refer to IEEE Std 802.
AT-S39 User’s Guide STP and RSTP Overview A significant danger to Ethernet network performance is the existence of a data loop in a network topology. A data loop exists when two or more nodes on a network can transmit data to each other over more than one data link. The problem that data loops pose is that data packets can become caught in repeating cycles, referred to as broadcast storms, that needlessly consume network bandwidth and significantly reduce network performance.
Section II: Local and Telnet Management Bridge Priority and the Root Bridge The first task that bridges perform when a spanning tree protocol is activated on a network is the selection of a root bridge. A root bridge distributes network topology information to the other network bridges and is used by the other bridges to determine if there are redundant paths in the network.
AT-S39 User’s Guide Path Costs and Port Costs Once the Root Bridge has been selected, the bridges must determine if the network contains redundant paths and, if one is found, they must select a preferred path while placing the redundant paths in a backup or blocking state. Where there is only one path between a bridge and the root bridge, the bridge is referred to as the designated bridge and the port through which the bridge is communicating with the root bridge is referred to as the root port.
Section II: Local and Telnet Management RSTP port cost also features an Auto-Detect feature. This features allows RSTP to automatically set the port cost according to the speed of the port, assigning a lower value for higher speeds. Auto-Detect is the default setting on the ports when the switch is operating in RSTP. Table 6 lists the ports cost with Auto-Detect.
AT-S39 User’s Guide Forwarding Delay and Topology Changes If there is a change in the network topology due to a failure, removal, or addition of any active components, the active topology also changes. This may trigger a change in the state of some blocked ports. However, a change in a port state is not activated immediately. It might take time for the root bridge to notify all bridges that a topology change has occurred, especially if it is a large network.
Section II: Local and Telnet Management The root bridge will periodically transmit a BPDU to determine whether there have been any changes to the network topology and to inform other bridges of topology changes. The frequency with which the root bridge sends out a BPDU is called the Hello Time. This is a value that you can set on the AT-8000 Series switch. The interval is measured in seconds and the default is 2 seconds.
AT-S39 User’s Guide If a port is operating in half-duplex mode and is not connected to any further bridges participating in STP or RSTP, then the port is an edge port. Figure 24 illustrates an edge port on an AT-8024 switch. The port is connected to an Ethernet hub, which in turn is connected to a series of Ethernet workstations. This is an edge port because it is connected to a device operating at half-duplex mode and there are no participating STP or RSTP devices connected to it.
Section II: Local and Telnet Management Mixed STP and RSTP Networks RSTP IEEE 802.1w is fully compliant with STP IEEE 802.1d. Your network can consist of bridges running both protocols. STP and RSTP in the same network should be able to operate together to create a single spanning tree domain. There is no reason not to activate RSTP on an AT-8000 Series switch even when all other switches are running STP. The AT-8000 Series switch can combine its RSTP with the STP of the other switches.
AT-S39 User’s Guide Enabling or Disabling STP or RSTP To select and activate a spanning tree protocol, or to disable spanning tree, perform the following procedure: 1. From the Main Menu, type 3 to select Spanning Tree Menu. The Spanning Tree Menu in Figure 27 is displayed. Allied Telesyn Ethernet Switch AT-8024 Login Privilege: Manager Spanning Tree Menu 1 2 3 4 - Spanning Tree Status ...... Disabled Active Protocol Version ...
Section II: Local and Telnet Management Configuring STP This section contains the following procedures: ❑ Configuring a Bridge’s STP Settings on page 106 ❑ Configuring a Port’s STP Settings on page 108 Configuring a Bridge’s STP Settings This section contains the procedure for configuring a bridge’s STP settings. Caution The default STP parameters are adequate for most networks. Changing them without prior experience and an understanding of how STP works might have a negative effect on your network.
AT-S39 User’s Guide 2. Adjust the bridge STP settings as needed. The parameters are described below. 1 - Bridge Priority The priority number for the bridge. This number is used in determining the root bridge for STP. The bridge with the lowest priority number is selected as the root bridge. If two or more bridges have the same priority value, the bridge with the numerically lowest MAC address becomes the root bridge.
Section II: Local and Telnet Management Configuring a Port’s STP Settings To adjust a port’s STP parameters, perform the following procedure: 1. From the Spanning Tree Menu, type 3 to select STP Configuration. 2. From the STP Configuration menu, type 6 to select Config STP port settings. The following prompt is displayed: Starting Port to Configure [1 to 24] -> 3. Enter the number of the port you want to configure. To configure a range of ports, enter the first port of the range.
AT-S39 User’s Guide Note A change to the port priority parameter takes effect immediately. A change to the port cost value requires youto reset the switch. A new port cost value is not implemented until the unit is reset. 1 - Participating This selection activates and deactivates STP on the port. If set to Yes, which is the default, the port will participate in the spanning tree. If you select No, the port will continue to receive and transmit Ethernet frames, but it will not participate in spanning tree.
Section II: Local and Telnet Management Configuring RSTP This section contains the following procedures: ❑ Configuring a Bridge’s RSTP Settings on page 110 ❑ Configuring a Port’s RSTP Settings on page 112 Configuring a Bridge’s RSTP Settings This section contains the procedure for configuring a bridge’s RSTP settings. Caution The default RSTP parameters are adequate for most networks.
AT-S39 User’s Guide 2. Adjust the parameters as needed. The parameters are defined below. 1 - Force Version This selection determines whether the bridge will operate with RSTP or in an STP-compatible mode. If you select RSPT, the bridge will operate all ports in RSTP, except for those ports that receive STP BPDU packets. If you select Force STP Compatible, the bridge will operate in RSTP, using the RSTP parameter settings, but it will send only STP BPDU packets out the ports.
Section II: Local and Telnet Management 6 - Bridge Identifier The MAC address of the bridge. The bridge identifier is used as a tie breaker in the selection of the root bridge when two or more bridges have the same bridge priority value. This value cannot be changed. 3. After adjusting the parameters, type S to select Save Configuration Changes. Configuring a Port’s RSTP Settings To adjust a port’s RSTP parameters, perform the following procedure: 1.
AT-S39 User’s Guide The RSTP Port Configuration menu in Figure 32 is displayed. Allied Telesyn Ethernet Switch AT-8024 Login Privilege: Manager Configure RSTP Port Settings Configuring Ports 4 to 4 1 2 3 4 - Port Priority ...... Port Cost .......... Point-to-Point ..... Edge Port .......... 128 Auto Update Auto Detect Yes S - Save Configuration Changes R - Return to Previous Menu Enter your selection? Figure 32 Configure RSTP Port Settings Menu 6. Adjust the settings as needed.
Section II: Local and Telnet Management 3 - Point-to-Point This parameter defines whether the port is functioning as a pointto-point port. For an explanation of this parameter, refer to Pointto-Point Ports and Edge Ports on page 102. 4 - Edge Port This parameter defines whether the port is functioning as an edge port. For an explanation of this parameter, refer to Point-to-Point Ports and Edge Ports on page 102. After making your changes, type S to select Save Configuration Changes.
Chapter 10 Virtual LANs Overview This chapter contains overviews of AT-S39 management software switch modes and virtual LANs (VLANs).
Section II: Local and Telnet Management AT-S39 Management Software Switch Modes Understanding AT-S39 management software switch modes is essential in understanding VLANs. The AT-S39 software for Fast Ethernet Switches support two switch modes: ❑ Tagged - the Fast Ethernet Switch supports port-based and tagged VLANs(see User-Configured VLANs on page 121) or multiple VLAN configuration (see Multiple VLAN Mode Overview on page 132).
AT-S39 User’s Guide Setting the Switch Mode To configure the switch mode, perform the following procedure: 1. From the Main Menu, type 5 to select System Config Menu. 2. Type 2 to select Switch Mode. The following prompt is displayed: Enter Switch Mode (T-Tagged, B-Basic): 3. Type T to create your own port-based and tagged VLANs, or B to configure the switch for the Basic Mode. The default is Tagged mode. Press Return. 4. Type S to select Save Configuration Changes.
Section II: Local and Telnet Management Setting VLAN Status In addition to the Switch Mode parameter discussed in the previous section, switch mode status can also be configured in the VLANs menu by enabling or disabling the VLANs Status parameter. When VLANs are enabled, the switch supports Tagged mode. When VLANs are disabled, the switch supports the Basic mode. The difference between the two procedures has to do with ingress filtering.
AT-S39 User’s Guide VLAN Overview A virtual LAN (VLAN) is a logical grouping of devices on different physical LAN segments that allows users to communicate as if they were physically connected to a single LAN, independent of the physical configuration of the network. With VLAN switch management software, you can segment your network and group nodes with related functions into their own separate, logical LAN segments. For example, the marketing personnel in your company may be spread throughout a building.
Section II: Local and Telnet Management As a software-based solution, VLANs eliminate the restrictions of existing network design and cabling infrastructure and allow the centralized configuration of switches located in physically diverse locations. VLAN memberships are changed quickly and efficiently from the management console rather than the wiring closet. Increased Security VLANs provide additional security not available in a shared media network environment.
AT-S39 User’s Guide User-Configured VLANs User-configured VLANs are, as the name suggests, VLANs that are manually configured by the user. As mentioned in the previous chapter, there are two types of user-configure VLANs: ❑ Port-based (discussed in the following section) ❑ Tagged (see Tagged VLAN Overview on page 127) Port-based VLAN Overview Port-based VLANs are the simplest and most common form of a VLAN. In a port-based VLAN configuration, each port of the switch is assigned to a particular VLAN.
Section II: Local and Telnet Management VLAN Identifier Each VLAN in a network requires a unique number assigned to it. This number is called the VLAN identifier (VID). This number uniquely identifies a VLAN in the switch and the network. If a VLAN consists only of ports located on one physical switch in your network, you would assign it a VID unique from all other VLANs in your network. If a VLAN spans multiple switches, the VID for the VLAN on the different switches must be identical.
AT-S39 User’s Guide For example, assume that you were creating a port-based VLAN on a switch and you had assigned the VLAN the VID 5. Consequently, the PVID for each port in the VLAN would need to be assigned the value 5. Some switches and switch management programs require that you assign the PVID value for each port manually. However, the AT-S39 management software performs this task automatically.
Section II: Local and Telnet Management example, a VLAN that spans three switches requires one port on each switch to interconnect the various sections of that VLAN. In network configurations with many individual VLANs that span switches, ports are often ineffectively used to interconnect the various VLANs. Port-based Example 1 Figure 33 illustrates an example of one AT-8024 Fast Ethernet Switch with three port-based VLANs. (For purposes of the following examples, the Default_VLAN is not shown.
AT-S39 User’s Guide The table below lists the port assignments for the Sales, Engineering, and Production VLANs on the switch. Switch Sales VLAN (VID 2) Engineering VLAN (VID 3) Production VLAN (VID 4) AT-8024 (top) Ports 1 - 4 (PVID 2) Ports 9, 11 - 13 (PVID 3) Ports 21 - 24 (PVID 4) Each VLAN has been assigned a unique VID. You assign this number when you create a VLAN. The ports have been assigned PVID values.
Section II: Local and Telnet Management Port-based Example 2 Figure 34 illustrates more port-based VLANs. In this example, two VLANs span more than one Ethernet switch.
AT-S39 User’s Guide The table below lists the port assignments for the Sales, Engineering, and Production VLANs on the switches: Switch Sales VLAN (VID 2) Engineering VLAN (VID 3) Production VLAN (VID 4) AT-8024 (top) Ports 1 - 6, 18 (PVID 2) Ports 9 - 11, 14, 20 (PVID 3) Ports 21 - 24 (PVID 4) AT-8024 (bottom) Ports 1 - 6 (PVID 2) Ports 13, 19-24 (PVID 3) none ❑ Sales VLAN - This VLAN spans both switches.
Section II: Local and Telnet Management The VLAN information within an Ethernet frame is referred to as a tag or tagged header. A tag, which follows the source and destination addresses in a frame, contains the VID of the VLAN to which the frame belongs (IEEE 802.3ac standard). As explained earlier in this chapter in VLAN Identifier on page 122, this number uniquely identifies each VLAN in a network.
AT-S39 User’s Guide Tagged and Untagged Ports You must specify which ports are members of the VLAN. In the case of a tagged VLAN, VLAN members are usually a combination of both tagged and untagged ports. When you create the VLAN, you specify which ports are tagged and which ports are untagged. An untagged port, whether a member of a port-based VLAN or a tagged VLAN, can be in only one VLAN at a time. However, a tagged port can be a member of more than one VLAN.
Section II: Local and Telnet Management Tagged VLAN Example Figure 35 illustrates how tagged ports can be used to interconnect IEEE 802.1Q-based products. Engineering VLAN (VID 3) Legacy Server Production VLAN (VID 4) Sales VLAN (VID 2) AT-8024 Ethernet Switch AT-8024 RS-232 TERMINAL PORT 10Base-T / 100Base-TX Fast Ethernet Switch MODE Link COL Mode Link 100 Mode ACT FAULT MASTER FULL PWR WAN IEEE 802.
AT-S39 User’s Guide The port assignments for the VLANs are as follows: Switch Sales VLAN (VID 2) Engineering VLAN (VID 3) Production VLAN (VID 4) Untagged Ports Tagged Ports Untagged Ports Tagged Ports Untagged Ports Tagged Ports AT-8024 (top) 1 to 5, 18 (PVID 2) 8, 16 9 to 11, 20 (PVID 3) 8, 16 21 to 24 (PVID 4) 8 AT-8024 (bottom) 1 to 5 (PVID 2) 15 19 to 24 (PVID 3) 15 none none This example is nearly identical to the Port-based Example 2 on page 126.
Section II: Local and Telnet Management Multiple VLAN Mode Overview The Multiple VLAN mode simplifies the task of configuring the switch in network environments that require a high degree of network segmentation. When Multiple VLAN mode is activated, the switch automatically assigns each port as an untagged port to a separate VLAN. Each VLAN is given a unique name and VID number based on the port number.
AT-S39 User’s Guide Configuring Multiple VLANs on cascaded switches can also affect Enhanced Stacking as the Master switch may not be able to detect member switches beyond the first cascaded switch. Note Port-based and Tagged VLAN configurations are restored when the user enables user-configured VLAN mode. 802.1QCompliant Multiple VLANs mode 802.1Q Multiple VLAN configuration is appropriate when the device connected to the uplink port is 802.
Section II: Local and Telnet Management VLAN Name VID Untagged Port Tagged Port Client_VLAN_4 4 4 15 Client_VLAN_5 5 5 15 Client_VLAN_6 6 6 15 Client_VLAN_7 7 7 15 Client_VLAN_8 8 8 15 Client_VLAN_9 9 9 15 Client_VLAN_10 10 10 15 Client_VLAN_11 11 11 15 Client_VLAN_12 12 12 15 Client_VLAN_13 13 13 15 Client_VLAN_14 14 14 15 Uplink_VLAN 15 15 Client_VLAN_16 16 16 15 Client_VLAN_17 17 17 15 Client_VLAN_18 18 18 15 Client_VLAN_19 19 19 15 Clie
AT-S39 User’s Guide Non-802.1Q Compliant Multiple VLANs Non-802.1Q Multiple VLAN configuration is appropriate when the device connected to the uplink port is non-802.1Q compatible, meaning that the device cannot handle tagged packets. When Non-802.1Q Multiple VLANs is selected, the AT-S39 software configures all ports on that switch as Client VLANs except for one userspecified port that is designated as an Uplink VLAN (also referred to as management VLAN).
Section II: Local and Telnet Management VLAN Name VID Untagged Port Client_VLAN_3 3 3,15 Client_VLAN_4 4 4,15 Client_VLAN_5 5 5,15 Client_VLAN_6 6 6,15 Client_VLAN_7 7 7,15 Client_VLAN_8 8 8,15 Client_VLAN_9 9 9,15 Client_VLAN_10 10 10,15 Client_VLAN_11 11 11,15 Client_VLAN_12 12 12,15 Client_VLAN_13 13 13,15 Client_VLAN_14 14 14,15 Uplink_VLAN 15 ALL Client_VLAN_16 16 16, 15 Client_VLAN_17 17 17,15 Client_VLAN_18 18 18,15 Client_VLAN_19 19 19,15 Client
Chapter 11 Configuring User-Created VLANs This chapter contains procedures for creating, modifying, and deleting user-configured VLANs from a local or Telnet management session. For overviews of user-configured port-based and tagged-base VLANs, refer to the previous chapter: ❑ User-Configured VLANs on page 121 ❑ Port-based VLAN Overview on page 121 ❑ Tagged VLAN Overview on page 127 To create port-based and tagged-base VLANs, the switch mode must be set to tagged.
Section II: Local and Telnet Management Creating a New Port-based or Tagged VLAN To create a new port-based or tagged VLAN, perform the following procedure: 1. From the Main Menu, type 2 to select VLAN Menu. The VLAN Menu shown in Figure 36 is displayed. Allied Telesyn Ethernet Switch AT-8024 Login Privilege: Manager VLAN Menu 1 - VLANs Status ................Enabled 2 - Ingress Filtering Status ....Enabled 3 - VLANs Mode ..................User Configured 4 - Management VLAN .............
AT-S39 User’s Guide 2. From the VLAN Menu, type 5 to select Configure VLANs. The Configure VLANs menu in Figure 37 is displayed. Allied Telesyn Ethernet Switch AT-8024 Login Privilege: Manager Configure VLANs 1 - Create VLAN 2 - Modify VLAN 3 - Delete VLAN 4 - Clear All Vlans S - Save Configuration changes R - Return to Previous Menu Figure 37 Configure VLANs Menu 3. From the Configure VLANs menu, type 1 to select Create VLAN. The Create VLAN menu in Figure 38 is displayed.
Section II: Local and Telnet Management If the VLAN will be unique in your network, then the name should be unique as well. If the VLAN will be part of a larger VLAN that spans multiple switches, then the name for the VLAN should be the same on each switch where nodes of the VLAN are connected. Using this type of naming convention, makes multiple switches in a network easier to maintain, administer, and troubleshoot. Note A VLAN must be assigned a name. 5.
AT-S39 User’s Guide However, the more ports you mirror, the less likely the mirroring port will be able to handle all the traffic. For example, if you mirror the traffic of six heavily active ports, the mirror port is likely to drop packets, meaning that it will not provide an accurate mirror of the traffic of the other six ports. ❑ The ports to be mirrored and the mirroring port must be located on the same switch. ❑ The ports to be mirrored and the mirroring port must be operating at the same speed.
Section II: Local and Telnet Management Creating a Port-based VLAN Example The following procedure creates the Sales VLAN illustrated in Figure 33 on page 124. This VLAN will be assigned a VID of 2 and will consist of four untagged ports, Ports 1 to 4. The VLAN will not contain any tagged ports. The VLAN traffic will not be mirrored on another port. To create the example Sales VLAN, perform the following procedure: 1. From the Main Menu, type 2 to select VLAN Menu. 2.
AT-S39 User’s Guide Creating a Tagged VLAN Example The following procedure creates the Engineering VLAN in the top switch illustrated in Figure 35 on page 130. This VLAN will be assigned a VID of 3. It will consist of four untagged ports, Ports 9, 10, 11, and 20, and two tagged ports, Ports 8 and 16. The VLAN traffic will not be mirrored on another port. To create the example Engineering VLAN, perform the following procedure: 1. From the Main Menu, type 2 to select VLAN Menu. 2.
Section II: Local and Telnet Management Modifying a VLAN Note To modify a VLAN, you must know the VLAN VID. To view VLAN VIDs, refer to the procedure Displaying VLAN Information on page 147. To modify a VLAN, perform the following procedure: 1. From the Main Menu, type 2 to select VLAN Menu. 2. From the VLAN Menu, type 5 to select Configure VLANS. 3. From the Configure VLANS menu, type 2 to select Modify a VLAN. The Modify a VLAN menu in Figure 39 is displayed.
AT-S39 User’s Guide When changing a VLAN’s name, observe the following guidelines: ❑ A VLAN’s new name cannot be the same as the name of another VLAN on the same switch. For example, if the switch already contains a VLAN called Sales, you cannot change an existing VLAN’s name to Sales. ❑ You cannot change the name of the Default_VLAN. Note A VLAN must be assigned a name. 2 - VLAN ID (VID) This is the VLAN’s VID value. You cannot change this value.
Section II: Local and Telnet Management ❑ To remove all untagged ports from a VLAN, enter a 0 (zero) for this value. ❑ You cannot remove untagged ports directly from the Default_VLAN. Instead, you remove an untagged port from the Default_VLAN by assigning the port as an untagged port to another VLAN. An untagged port removed from a VLAN is automatically returned to the Default_VLAN as an untagged port.
AT-S39 User’s Guide Displaying VLAN Information To view the name, VID number, and member ports of all the VLANs on a switch, perform the following procedure: 1. From the Main Menu, type 2 to select VLAN Menu. 2. From the VLAN Menu, type 7 to select Show VLANs. The Show VLANs menu is displayed (see Figure 40).
Section II: Local and Telnet Management Deleting a VLAN Note To perform this procedure, you must know the VID of the VLAN that you want to delete. To view a VLAN’s VID, refer to the procedure Displaying VLAN Information on page 147. To delete a VLAN, perform the following procedure: 1. From the Main Menu, type 2 to select VLAN Menu. 2. From the VLAN Menu, type 5 to select Configure VLANS. 3. From the Configure VLANS menu, type 3 to select Delete VLAN. The Delete a VLAN menu in Figure 41 is displayed.
AT-S39 User’s Guide 6. Type D to delete the VLAN or R to cancel the procedure. The following confirmation prompt is displayed: Are you sure you want to delete this VLAN [Yes/No] -> 7. Type Y to delete the VLAN or N to cancel the procedure. Press Return. A confirmation message is displayed: 8. Press any key. 9. Type S to select Save Configuration Changes. The VLAN has been deleted. All untagged ports in the deleted VLAN are returned to the Default_VLAN as untagged ports. 10.
Section II: Local and Telnet Management Deleting All VLANs This section contains the procedure for deleting all VLANs, except the Default_VLAN, on a switch. Note To delete selected VLANs, perform the procedure Deleting a VLAN on page 148. To delete all VLANs on a switch, perform the following procedure: 1. From the Main Menu, type 2 to select VLAN Menu. 2. From the VLAN Menu, type 5 to select Configure VLANS. 3. From the Configure VLANS menu, type 4 to select Clear All VLANs.
AT-S39 User’s Guide Displaying PVIDs and Priorities The following procedure displays a window that lists the PVIDs for all the ports on the switch. The window also contains the current priority queue settings for each port. To display the PVID settings on the switch, perform the following procedure: 1. From the Main Menu, type 2 to select VLAN Menu. 2. From the VLAN Menu, type 8 to select Show PVIDs & Priorities. The Show PVIDs & Priorities window is displayed.
Section II: Local and Telnet Management Enabling or Disabling Ingress Filtering There are certain rules that a switch follows as it receives and forwards an Ethernet frame. There are rules for frames as they enter a port (called ingress rules) and rules for when a frame is transmitted out a port (called egress rules). A switch will not accept and forward a frame unless the frame passes the ingress and egress rules. There are quite a few ingress and egress rules for Fast Ethernet switches.
AT-S39 User’s Guide There is one other thing that should be mentioned about ingress filtering and tagged packets, and that is the priority tag. Each tagged frame has a priority tag in it that instructs the switch as to the importance of the frame. Frames with a high priority are handled ahead of frames with a low priority. Activating or deactivating ingress filtering has no effect on the switch’s handling of priority tags.
Section II: Local and Telnet Management Designating a Management VLAN To remotely manage an AT-8300 Series Switch, there must exist a communications path through which the management station and the switch to be managed can communicate. If the management station is connected directly to a port on the switch, either through a tagged or untagged port, then the communications path automatically exists and you can fully manage the switch.
AT-S39 User’s Guide Now let’s assume that you have decided to create a VLAN called NMS with a VID of 24 for the sole purpose of remote network management. For this, you would need to create the NMS VLAN on each AT-8000 Series switch that you want to manage remotely, being sure to assign each NMS VLAN the VID of 24. Then you would need to be sure that the uplink and downlink ports connecting the switches together are either tagged or untagged members of the NMS VLAN.
Chapter 12 Multiple VLAN Configuration This chapter contains explains how to select a multiple VLAN mode. For an overview on multiple VLANs mode, refer to the following sections Multiple VLAN Mode Overview on page 132. To select a multiple VLAN configuration, the switch mode of the switch must be set to tagged. For instructions on setting the switch mode, please refer to Setting the Switch Mode on page 117.
AT-S39 User’s Guide Preserving User-Configured VLAN Definitions When the VLAN mode is set to either of the Multiple VLAN mode, userconfigured VLAN definitions cannot be created or modified. However, the software preserves user-configured VLANs that were configured before multiple VLAN mode was enabled. When the user switches back to user-configured VLANs mode, the software automatically enables the user-configured VLANs with the pre-existing configuration.
Section II: Local and Telnet Management Activating or Deactivating the Multiple VLAN Mode The following procedure explains how to enable or disable multiple VLANs mode on an AT-8000 Series Switch. 1. From the Main Menu, type 2 to select VLAN Menu. 2. From the VLAN Menu, type 3 to select VLANs Mode. Current status for this functionality (enabled or disabled) is displayed next to this feature selection. The following prompt is displayed: Enter VLAN Mode (U-UserConfig, M-Multiple, Q-802.
AT-S39 User’s Guide Uplink VLANs - Multiple VLANs Mode Management An overview of management VLANs is provided in the previous chapter (Designating a Management VLAN on page 154). Although both multiple VLAN modes support remote management of the switch via a management VLAN, the management VLAN would be designated to the Uplink VLAN port and the user would not be allowed to modify it.
Section II: Local and Telnet Management Displaying VLAN Information To view the name, VID number, and member ports of all the VLANs on a switch, perform the following procedure: 1. From the Main Menu, type 2 to select VLAN Menu. 2. From the VLAN Menu, type 7 to select Show VLANs. The Show VLANs window is displayed. An example of the window is shown in Figure 43.
Chapter 13 MAC Address Table The chapter contains the procedures for viewing the static and dynamic MAC address table.
Section II: Local and Telnet Management MAC Address Overview Every hardware device that you connect to your network has a unique MAC address associated with it. A MAC address is assigned to a device by the device’s manufacturer. For example, every network interface card that you use to connect your computers to your network has a MAC address assigned to it by the adapter’s manufacturer. The AT-8000 Series switch contains a 4 kilobyte MAC address table.
AT-S39 User’s Guide The type of MAC address described above is referred to as a dynamic MAC address. Dynamic MAC addresses are addresses that the switch learns by examining the source MAC addresses of the frames received on the ports. Dynamic MAC addresses are not stored indefinitely in the MAC address table. The switch deletes a dynamic MAC address from the table if it does not receive any frames from the node over a specified period of time.
Section II: Local and Telnet Management Displaying MAC Addresses The management software has two menu selections for displaying the MAC addresses of a switch. One selection displays the static, dynamic, and multicast MAC addresses while the other displays just the static and multicast addresses, but no dynamic addresses. To display the MAC address table, perform the following procedure: 1. From the Main Menu, type 6 to select MAC Address Tables. The MAC Address Table menu in Figure 44 is displayed.
AT-S39 User’s Guide The management software displays the MAC addresses. Figure 45 is an example of the Show All MAC Addresses window, which displays both static and dynamic MAC addresses. The static MAC address window is exactly the same, except for the title and the fact that it displays only static MAC addresses.
Section II: Local and Telnet Management The port numbering scheme is from right to left. As an example, assume that ports 1 through 4 on the switch were members of the same multicast group. This would be represented in the column as follows: “0000000F”. Another example is “000020F. This example would indicate that ports 1 to 4 and port 10 on the switch were members of the same multicast group. CPU This feature is not supported. MIR Indicates whether the traffic on the port is being mirrored.
AT-S39 User’s Guide Viewing MAC Addresses by Port This section contains the procedure for viewing the dynamic MAC addresses that have been learned on a particular port. You can also use this procedure to view any static MAC addresses that have been assigned to a port. 1. From the Main Menu, type 6 to select MAC Address Table. 2. From the MAC Address Tables menu, type 6 to select View MAC Addresses by Port Menu. The following prompt is displayed: Please enter port number -> [1 to 26] -> 3.
Section II: Local and Telnet Management Identifying a Port Number by MAC Address In some situations, you might want to know which port a particular MAC address was learned. You could display the MAC address table and scroll through the list looking for the MAC address. But if the switch is part of a large network, finding the address could prove difficult. The procedure in this section offers an easier way.
AT-S39 User’s Guide Viewing the MAC Addresses of a VLAN The procedure in this section can be useful if you created VLANs on the switch and want to view the MAC addresses of the nodes of a particular VLAN. (This procedure is not of much value if the switch contains only the Default_VLAN, in which case displaying the entire MAC address table, as explained earlier in this chapter, produces the same result.
Section II: Local and Telnet Management Deleting All Dynamic MAC Addresses The management software allows you to purge the MAC address table of all dynamic MAC addresses. Once the table has been purged, the switch immediately begins to relearn the MAC addresses as frames are received on the ports. Note This procedure does not delete static MAC addresses. To delete all dynamic MAC addresses from the MAC address table, perform the following procedure. 1.
AT-S39 User’s Guide Adding Static and Multicast MAC Addresses This section contains the procedure for adding static and multicast addresses to the switch. You can assign up to 255 static MAC addresses per port on an AT-8000 Series switch. To add a static or multicast address to the MAC address table, perform the following procedure: 1. From the Main Menu, type 6 to select MAC Address Tables. 2. From the MAC Address Tables menu, type 2 to select Add Static MAC Address.
Section II: Local and Telnet Management Deleting MAC Addresses The following procedure explains how to delete a static, dynamic, or multicast MAC address from the MAC address table. To delete an address from the MAC address table, perform the following procedure: 1. From the Main Menu, type 6 to select MAC Address Tables. 2. From the MAC Address Tables menu, type 3 to select Delete MAC Address. The following prompt is displayed: Please enter a MAC address -> 3.
AT-S39 User’s Guide Changing the Aging Time The switch uses the aging time to delete inactive dynamic MAC addresses from the MAC address table. When the switch detects that no packets have been sent to or received from a particular MAC address in the table after the period specified by the aging time, the switch deletes the address. This prevents the table from becoming full of addresses of nodes that are no longer active. The default setting for the aging time is 300 seconds (5 minutes).
Chapter 14 Class of Service This chapter contains the procedures for configuring the Class of Service (CoS) feature of the AT-S39 software.
AT-S39 User’s Guide Class of Service Overview The AT-8000 Series switch supports CoS as specified in the IEEE 802.1p and 802.1Q standards. CoS can be important in network environments where there are time-critical applications, such as voice transmission or video conferencing, that can be adversely affected by packet transfer delays. Prior to CoS, network traffic was handled in a best-effort manner. File transfer delays did occur, but were mostly transparent to network users.
Section II: Local and Telnet Management Configuring CoS To configure CoS for a port, perform the following procedure: 1. From the Main Menu, type 2 to select VLAN Menu. 2. From the VLAN Menu, type 3 to select Configure Port VLANS & Priorities. 3. Type 1 to select Configure Port VLANs & Priorities. The following prompt is displayed: Enter port number -> [1 to 24] -> 4. Enter the number of the port on the switch where you want to configure CoS. Press Return.
Chapter 15 IGMP Snooping This chapter explains how to activate and configure the Internet Group Management Protocol (IGMP) snooping feature on the switch.
Section II: Local and Telnet Management IGMP Snooping Overview IGMP snooping is best explained by first defining IGMP. This protocol enables routers to create lists of nodes that are members of multicast groups. (A multicast group is a group of end nodes that want to receive multicast packets from a multicast application.) The router creates a multicast membership list by periodically sending out queries to the local area networks connected to its ports.
AT-S39 User’s Guide Without IGMP snooping, a switch would have to flood multicast packets out all of its ports, except the port on which it received the packet. Such flooding of packets can negatively impact switch and network performance. The AT-8000 Series switch supports both IGMP Version 1 and Version 2.
Section II: Local and Telnet Management Activating IGMP Snooping To activate or deactivate IGMP snooping on the switch and to configure IGMP snooping parameters, perform the following procedure: 1. From the Main Menu, type 5 to select System Config Menu. 2. From the System Configuration Menu, type A to select Advanced Configuration. 3. From the Advanced Configuration menu, type 1 to select IGMP Snooping Configuration. The IGMP Snooping Configuration menu in Figure 46 is displayed.
AT-S39 User’s Guide multicast group by sending a leave request or when the host node stops sending reports. The switch responds by immediately ceasing the transmission of further multicast packets out the port where the host node is connected. The Multi-Host setting is appropriate if there is more than one host node connected to a switch port, such as when a port is connected to an Ethernet hub to which multiple host nodes are connected.
Section II: Local and Telnet Management 5 - Multicast Router Port(s) Specifies the port on the switch to which the multicast router is detected. You can let the switch determine this automatically by selecting Auto Detect, or you can specify the port yourself by entering a port number. To select Auto Detect, enter “0” (zero) for this parameter. You can specify more than one port. Note Selections 6 and 7 in the menu are discussed later in this chapter. 4.
AT-S39 User’s Guide Displaying a List of Host Nodes You can use the AT-S39 software to display a list of the multicast groups on a switch, as well as the host nodes. To display the list, perform the following procedure: 1. From the Main Menu, type 5 to select System Config Menu. 2. From the System Configuration Menu, type A to select Advanced Configuration. 3. From the Advanced Configuration menu, type 1 to select IGMP Snooping Configuration. The IGMP Snooping Configuration menu in Figure 46 is displayed.
Section II: Local and Telnet Management Displaying a List of Multicast Routers A multicast router is a router that is receiving multicast packets from a multicast application and transmitting the packets to host nodes. You can use the AT-S39 software to display a list of the multicast routers that are connected to the switch. To display a list of the multicast routers, perform the following procedure: 1. From the Main Menu, type 5 to select System Config Menu. 2.
Chapter 16 Broadcast Storm Control This chapter contains the procedures for configuring the Broadcast Storm Control feature of the AT-S39 management software.
Section II: Local and Telnet Management Broadcast Storm Control Overview Most frames on an Ethernet network are unicast frames. A unicast frame is a frame that is sent to a single destination. That is, the node sending a unicast frame intends the frame for a particular node on the network. For example, when a node needs to send a file to a network server for storage, the node sends the file in unicast Ethernet frames containing the destination address of the server where the file is to be stored.
AT-S39 User’s Guide It is important to note that the maximum number applies to the egress port of a broadcast frame, not the ingress port. That is, any port on the switch will accept any number of broadcast frames. But a port will transmit out (forward) a broadcast frame only if it has not exceeded the maximum number of broadcast frames it can transmit. Here’s an example.
Section II: Local and Telnet Management Configuring the Interval Timer To set the interval timer for the Broadcast Storm Control feature, perform the following procedure: 1. From the Main Menu, type 5 to select System Config Menu. 2. From the System Configuration Menu, type A to select Advanced Configuration. 3. From the Advanced Configuration Menu, type 2 to select Broadcast Timers Setup. The Broadcast Storm Control menu in Figure 49 is displayed.
AT-S39 User’s Guide 5. Once you have set the desired timer intervals, type S to select Save Configuration Changes. Your changes are immediately activated on the switch. 6. Go to the next procedure and specify the maximum number of broadcast frames the ports on the switch can receive.
Section II: Local and Telnet Management Configuring the Maximum Broadcast Frame Count To specify the maximum number of broadcast frames a port on the switch can receive and forward, perform the following procedure: 1. From the Main Menu, type 1 to select Port Menu. 2. From the Port Menu, type 1 to select Port Configuration. The following prompt is displayed: Enter Ports List -> 3. Enter the port(s)that you want to configure and press Return. The Port Configuration menu is shown in Figure 14 on page 69. 4.
Chapter 17 TACACS+ and RADIUS Protocols This chapter contains the procedure for configuring the two authentication protocols TACACS+ and RADIUS.
Section II: Local and Telnet Management TACACS+ and RADIUS Overview The AT-S39 software has two standard management login accounts: Manager and Operator. The Manager account lets you change a switch’s parameter settings while the Operator account only lets you view the settings. Each account has its own password. The Manager account has a default password of “friend” and the Operator account has a default password “operator.
AT-S39 User’s Guide The final function of the TACACS+ protocol is accounting, which is used to keep track of user activity on network devices. The AT-8000 Series switch does not support this function. Note The AT-S39 management software does not support the two earlier versions of the TACACS+ protocol, TACACS and XTACACS. So what does it take to use the TACACS+ and RADIUS protocols on an AT-8000 Series switch? Here are the main points.
Section II: Local and Telnet Management By default, authentication protocol is disabled on an AT-8000 Series switch. Once you activate it, you will need to provide the following information: ❑ Which authentication protocol you want to use. Only one authentication protocol can be active on a switch at a time. ❑ IP addresses of up to three authentication servers. ❑ The encryption key used by the authentication servers. Note For more information on TACACS+, refer to the RFC 1492 standard.
AT-S39 User’s Guide Configuring an Authentication Method To enable or disable the server-based authentication feature on the switch and to configure the TACACS+ and RADIUS settings, perform the following procedure: 1. From the Main Menu, type 4 to select Administration Menu. 2. From the Administration Menu, type A to select Server-based Authentication. The Authentication Menu in Figure 50 is displayed.
Section II: Local and Telnet Management Once you have activated the authentication feature on the switch and designated which authentication protocol you intend to use, you are ready to configure the selected protocol. If you selected TACACS+, go to Step 7. If you selected RADIUS, go to Step 8. 7. To configure TACACS+, do the following: a. Type 3 to select TACACS+ Configuration.
AT-S39 User’s Guide Enter per-server secret [max 40 characters] -> Use this prompt to enter the encryption secret for the TACACS+ server whose IP address you are specifying. 4 - TAC Server Order You use this selection to indicate the order in which you want the switch to query the TACACS+ servers for logon authentication. Of course, you can skip this option if you specified only one IP address. The default is 1, 2, and 3, in that order.
Section II: Local and Telnet Management The following menu is displayed: Allied Telesyn Ethernet Switch AT-8024 Login Privilege: Manager RADIUS Client Configuration 1 2 3 4 5 6 - Global Encryption Key ............. Global Server Timeout period....... RADIUS Server 1 Configuration ..... RADIUS Server 2 Configuration ..... RADIUS Server 3 Configuration ..... Show Status 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.
AT-S39 User’s Guide 3 - RADIUS Server 1 Configuration 4 - RADIUS Server 1 Configuration 5 - RADIUS Server 1 Configuration Use these parameters to specify the IP addresses of up to three network servers containing the RADIUS server software. Selecting one of the options displays the following menu: Allied Telesyn Ethernet Switch AT-8024 Login Privilege: Manager RADIUS Server 1 Configuration 1 - Server IP Address ................. 0.0.0.0 2 - Server Authentication UDP Port ....
Chapter 18 802.1x Port-Based Network Access Control This chapter contains an overview and procedures for 802.1x Port-based Network Access Control features. Sections are as follows: ❑ Port Access Control Overview on page 201 ❑ Enabling and Disabling Port Access Control on page 203 ❑ Type S to select Save Configuration Changes.
AT-S39 User’s Guide Port Access Control Overview The AT-S39 software’s IEEE 802.1X-based Port Access Control feature is a client-server-based access control and authentication protocol that restricts unauthorized clients who attempt to connect to a network through accessible, local ports. When Port Access Control is enabled, the authentication server authenticates each client connected to a port before making available the network or any services offered by the switch.
Section II: Local and Telnet Management For information on RADIUS, refer TACACS+ and RADIUS Protocols on page 191, Note Port access control can only be configured via local and Telnet management. The following sections describe procedures for configuring Port Access Control.
AT-S39 User’s Guide Enabling and Disabling Port Access Control To globally enable or disable Port Access Control, perform the following procedure: Note Enabling or disabling Port Access Control can only be performed in a local management session. Note Before activating this feature, you must have the RADIUS EAP specified and enabled as the authenication method. This is discussed in Configuring an Authentication Method on page 195. 1. From the Main Menu, type 1 to select Port Menu (shown in Figure 54). 2.
Section II: Local and Telnet Management Configuring Port Access Control Parameters To configure port access control parameters, perform the following procedure: 1. From the main menu, type 1 to select the Port menu. 2. In the Port menu, type 6 to select the Port Access Control menu. 3. In the Port Access Control Menu, type 3 to select Configure Port Access Parameters. The following prompt is displayed: Enter ports list -> 4. Enter the port or the range of ports that you want to configure. Press Return.
AT-S39 User’s Guide Allied Telesyn Ethernet Switch AT-8024 Login Privilege: Manager Configure Port Access Parameters Configuring Ports 3 0 - Port Role ......... Authenticator 1 - Port Control ...... Auto 2 - quietPeriod ....... 60 3 - txPeriod .......... 30 4 - reAuthPeriod ...... 3600 5 - suppTimeout ....... 30 6 - serverTimeout ..... 30 7 - maxReq ............ 2 S - Save Configuration changes R - Return to Previous Menu Enter your selection? Figure 56 Configure Port Access Parameters Menu 7.
Section II: Local and Telnet Management ❑ Auto: Enables 802.1X port-based authentication and causes the port to begin in the unauthorized state, allowing only EAPOL frames to be sent and received through the port. The authentication process begins when the link state of the port changes . The switch requests the identity of the client and begins relaying authentication messages between the client and the authentication server.
AT-S39 User’s Guide Viewing Port Access Status To view port access status, perform the following procedure: 1. From the main menu, type 1 to select the Port menu. 2. In the Port menu, type 6 to select the Port Access Control menu. 3. From the Port Access Control Menu, type 5 to select Display Port Access Status. The Port Access Status is displayed (see Figure 57).
Chapter 19 Ethernet Statistics This chapter contains the procedures for displaying data traffic statistics.
AT-S39 User’s Guide Displaying Port Statistics To display Ethernet port statistics, perform the following procedure: 1. From the Main Menu, type 7 to select Ethernet Statistics. The Ethernet Statistics menu in Figure 58 is displayed. Allied Telesyn AT-8024 Ethernet Switch Login Sesion: Manager Ethernet Statistics 1 - Display Port Statistics 2 - Display Module Statistics 3 - Clear Statistics R - Return to Previous Menu Enter your selection? Figure 58 Ethernet Statistics Menu 2.
Section II: Local and Telnet Management CRC Error (CRC_ERROR) Number of packets with a cyclic redundancy check (CRC) error but with the proper length (64-1518 bytes) received on the port. Undersize Packets (UNDERSIZE) Number of packets that were less than the minimum length specified by IEEE 802.3 (64 bytes including the CRC) received on the port. Oversize Packets (OVERSIZE) Number of packets exceeding the maximum specified by IEEE 802.3 (1518 bytes including the CRC) received on the port.
AT-S39 User’s Guide Displaying Switch Statistics To display Ethernet statistics for an entire switch, perform the following procedure: 1. From the Main Menu, type 7 to select Ethernet Statistics. 2. From the Ethernet Statistics menu, type 2 to select Display Module Statistics. The statistics for the port are displayed in the Display Module Statistics window, shown in Figure 59.
Section II: Local and Telnet Management Received Overflow Number of times the capacity of the port buffers have been exceeded. Received Broadcast Number of broadcast packets received on the switch. Received Multicast Number of multicast packets received on the switch. CRC Error Number of packets with a cyclic redundancy check (CRC) error but with the proper length (64-1518 bytes) received by the switch. Undersize Packets Number of packets that were less than the minimum length specified by IEEE 802.
Chapter 20 File Downloads and Uploads There are three files that coexist on an AT-8000 Series switch while the device is operating. They are: ❑ AT-S39 management software This is the operating software for the switch. ❑ AT-S39 bootloader This image contains the code that initially controls the switch whenever you power on or reset the unit. ❑ Switch configuration file This file contains the settings for the different switch parameters. such as VLANs, STP settings, and so forth.
Section II: Local and Telnet Management the same. What you can do is configure one of the AT-8000 Series switches in your network, and then download its configuration file to the other switches. This can save you the trouble of having to configure each switch individually. There are a several different ways for downloading and uploading files onto a switch.
AT-S39 User’s Guide Obtaining Software Updates New releases of the AT-S39 management software are available from the Allied Telesyn web site at www.alliedtelesyn.com and our FTP server at ftp.alliedtelesyn.com. To log on to the FTP server, enter “anonymous” for the user name and your email address for the password. Management software for these switches will have “S39” as part of the filename. Note All switch models in the AT-8000 Series use the same management software image.
Section II: Local and Telnet Management Transferring Files from a Local Management Session This section contains the procedure for downloading or uploading the following files onto a switch from a local management session. ❑ New AT-S39 software image and bootloader software ❑ Configuration file You can transfer a file using Xmodem or TFTP. In order to use TFTP, there must be a node on your network with the TFTP server software and the file to download must be stored on the same node.
AT-S39 User’s Guide The following menu is displayed: Allied Telesyn Ethernet Switch AT-8024 Login Session: Manger Downloads & Uploads 1 - Download Application Image/Bootloader 2 - Download Configuration Data 3 - Upload Application Image 4 - Upload Configuration Data R - Return to Previous Menu Enter your selection? Figure 60 Downloads & Uploads Menu Note Options 3 and 4 in the menu are described in Uploading Files on page 225. 4. To download a new software image and bootloader onto the switch, type 1.
Section II: Local and Telnet Management 6. To download a file using Xmodem, type X at the prompt displayed in Step 4. The following prompt is displayed: You are going to invoke the Xmodem download utility. Do you wish to continue? [Yes/No] Note:Please select 1K Xmodem protocol for faster download. 7. Type Y for Yes. The prompt “Downloading” is displayed. 8. Begin the file transfer of the new management software image. Note The transfer protocol must be Xmodem or 1K Xmodem.
AT-S39 User’s Guide 10. Click the Browse button and specify the location and file to be downloaded onto the switch. 11. Click on the Protocol field and select as the transfer protocol either Xmodem or, for a faster download, 1K XModem. 12. Click Send. The software immediately begins to download onto the switch. The Xmodem File Send window in Figure 63 displays current status of the software download. The download process takes a couple minutes to complete.
Section II: Local and Telnet Management Transferring Files from a Telnet Session This section contains the procedure for downloading or uploading the following files onto a switch from a Telnet session. ❑ New AT-S39 software image and bootloader software ❑ Configuration file You can transfer a file using TFTP. To use TFTP, there must be a node on your network with the TFTP server software and the file to download must be stored on the same node.
AT-S39 User’s Guide The following menu is displayed: Allied Telesyn Ethernet Switch AT-8024 Login Session: Manger Downloads & Uploads 1 - Download Application Image/Bootloader 2 - Download Configuration Data 3 - Upload Application Image 4 - Upload Configuration Data R - Return to Previous Menu Enter your selection? Figure 64 Downloads & Uploads Menu Note Options 3 and 4 in the menu are described in Uploading Files on page 225. 4. To download a new software image and bootloader onto the switch, type 1.
Section II: Local and Telnet Management Note If you are installing a new management image, the switch begins to initialize the software after it is installed, a process that takes approximately one minute to complete. Once the management software is initialized, the switch automatically resets, disconnecting the current telnet management session. After allowing the switch to reset, the user must reestablish the Telnet management session.
AT-S39 User’s Guide Downloading Files Switch to Switch The previous procedure explained how to download an AT-S39 software image or configuration file onto a switch from a local management session. This procedure explains how to download an AT-S39 software image or configuration file from one AT-8000 Series switch to another switch. This procedure is useful in networks that contain a large number of AT8000 Series switches.
Section II: Local and Telnet Management The following prompt is displayed: Enter the starting remote switch number -> [1 to 12] 4. Enter the number of the switch whose software or configuration file you want to update. To update a range of switches, enter the number of the first switch. The following prompt is displayed: Enter the ending remote switch number -> [1 to 12] 5. Enter the last switch in the range you want to update.
AT-S39 User’s Guide Uploading Files To upload a management software image or configuration from a switch onto your management station, perform the following procedure: Note It is not recommended that you upload an AT-S39 software image onto a management workstation for download onto another switch. New AT-S39 software images for downloading onto a switch should only be obtained from the Allied Telesyn web site. 1.
Section III Web Browser Management The chapters in this section explain how to manage an AT-8024 or AT-8024GB Fast Ethernet switch using a web browser.
Chapter 21 Starting a Web Browser Management Session This chapter contains the procedure for starting a management session on an AT-8000 Series switch using a web browser, such as Microsoft Internet Explorer or Netscape Navigator.
Starting a Web Browser Management Session This section explains how to start a web browser management session. There must be at least one AT-8000 Series switch on your network that has been assigned an IP address. The switch with the IP address is referred to as the master switch. Once you have started a Telnet management session on the master switch, you will have management access to all other AT-8000 Series switches that reside in the same subnet.
AT-S39 User’s Guide The user names cannot be changed. To change a password, refer to Configuring an IP Address and Switch Name on page 39. The window shown in Figure 66 is displayed. Figure 66 Home Page This is the Home page of the management software. In the left portion of the Home page is the main menu: ❑ Configuration ❑ Monitoring ❑ Exit Note A web browser management session remains active even if you link to other sites.
Quitting from a Web Browser Management Session To exit from a web browser management session, return to the Home page and select Exit from the main menu.
Chapter 22 Basic Switch Parameters This chapter contains the following sections: ❑ Configuring an IP Address and Switch Name on page 232 ❑ Activating the BOOTP and DHCP Services on page 236 ❑ Viewing System Information on page 237 ❑ Configuring the SNMP Parameters and Trap IP Addresses on page 239 ❑ Resetting a Switch on page 241 ❑ Pinging a Remote System on page 242 ❑ Returning the AT-S39 Software to the Factory Default Values on page 243 231
Section III: Web Browser Management Configuring an IP Address and Switch Name Note For guidelines on when to assign an IP address, subnet address, and gateway address to an AT-8024 or AT-8024GB switch, refer to When Does a Switch Need an IP Address? on page 37. To set the basic switch parameters for an AT-8024 or AT-8024GB Fast Ethernet switch, perform the following procedure: 1. From the Home Page, select Configuration. The Configuration menu is displayed with the System menu option selected by default.
AT-S39 User’s Guide The General tab in Figure 67 is displayed. Figure 67 General Tab Menu - Configuration Note This procedure describes the parameters in the Administration section of the menu. The parameters in the Configuration and Broadcast Storm Control sections are discussed later in this guide. Note The Reset button at the bottom of the menu is used to reset the switch.
Section III: Web Browser Management 3. Change the parameters as desired. The parameters are described below: System Name This parameter specifies a name for the switch (for example, Sales Ethernet switch). Entering a value for this parameter is optional. Note You should assign each switch a name. The names can help you identify the various switches in your network. This can help you avoid performing a configuration procedure on the wrong switch.
AT-S39 User’s Guide Caution You should not use spaces or special characters, such as asterisks (*) and exclamation points (!), in a password if you will be managing the switch from a web browser. Many web browsers cannot handle special characters in passwords. IP address This parameter specifies the IP address of the switch. You must specify an IP address if you intend to remotely manage the switch using a web browser, a Telnet utility, or an SNMP management program.
Section III: Web Browser Management Activating the BOOTP and DHCP Services For background information on BOOTP and DHCP, refer to the section Activating the BOOTP and DHCP Services on page 42. To activate or deactivate the BOOTP and DHCP protocols on the switch from a web browser management session, perform the following procedure: 1. From the Home Page, select Configuration. The Configuration menu is displayed with the System menu option selected by default. 2.
AT-S39 User’s Guide Viewing System Information To view basic information about the switch, perform the following procedure: 1. From the Home page, select Monitoring. 2. From the Monitoring menu, select System. 3. Select the General tab. The General tab window in Figure 68 is displayed.
Section III: Web Browser Management This window is for viewing purposes only. You cannot change any of the values from this window. The sections in the window are defined below. General This section displays the switch’s serial number and the switch’s MAC address. These values cannot be changed. Administration This section contains a variety of information, including the IP address of the switch and the system name.
AT-S39 User’s Guide Configuring the SNMP Parameters and Trap IP Addresses To change the switch’s SNMP community strings or to specify the IP addresses of management stations to receive traps from the switch, perform the following procedure: 1. From the Home page, select Configuration. 2. From the Configuration menu, select System. 3. Select the SNMP tab. The SNMP menu in Figure 69 is displayed. Figure 69 SNMP Tab 4. Adjust the parameters as desired. The parameters are described below.
Section III: Web Browser Management Trap Receiver 1 Trap Receiver 2 Trap Receiver 3 Trap Receiver 4 Use these selections to specify the IP addresses of up to four management workstations on your network to receive traps from the switch. Note The Enable SNMP Access check box in the menu controls whether the switch can be remotely managed using an SNMP application program. If the check box is empty, the switch cannot be managed through SNMP. This is the default. 5.
AT-S39 User’s Guide Resetting a Switch To reset a switch, perform the following procedure: 1. From the Home Page, select Configuration. The Configuration menu is displayed with the System option selected by default. 2. If the System menu option is not selected, select it and then select the General tab. 3. Click the Reset button at the bottom of the menu. A confirmation prompt is displayed. 4. Click OK to reset the switch or Cancel to cancel the procedure.
Section III: Web Browser Management Pinging a Remote System You can instruct the switch to ping a node on your network. This procedure is useful in determining whether a valid link exists between the switch and another device. To ping a network device, perform the following procedure: 1. From the Home Page, select Monitoring. 2. From the Monitoring menu, select the System menu option. 3. Select the Ping Client tab. The menu in Figure 70 is displayed. Figure 70 Ping Client Menu 4.
AT-S39 User’s Guide Returning the AT-S39 Software to the Factory Default Values The procedure in this section returns all AT-S39 software parameters, except the IP address, subnet mask, and gateway address, to their default values. This procedure also deletes any VLANs that you have created on the switch. Note The AT-S39 software default values can be found in Appendix A, AT-S39 Default Settings on page 312.
Chapter 23 Enhanced Stacking This chapter contains the following procedures: ❑ Setting a Switch’s Enhanced Stacking Status on page 245 ❑ Selecting a Switch in an Enhanced Stack on page 247 Note For background information on enhanced stacking, refer to Enhanced Stacking Overview on page 58. Note Configuring Multiple VLANs on cascaded switches can affect Enhanced Stacking as the Master switch may not be able to detect member switches beyond the first cascaded switch.
AT-S39 User’s Guide Setting a Switch’s Enhanced Stacking Status The enhanced stacking status of the switch can be master, slave, or unavailable. Each status is described below: ❑ Master - A master switch of a stack can be used to manage all other AT-8000 Series switches in a subnet. Once you have established a local or remote management session with the master switch, you can access and manage all the switches in the subnet. A master switch must have a unique IP address.
Section III: Web Browser Management The Enhanced Stacking tab is shown in Figure 72. Figure 72 Enhanced Stacking Tab 4. Click the desired enhanced stacking status for the switch. 5. Click Apply. The new enhanced stacking status is immediately activated on the switch.
AT-S39 User’s Guide Selecting a Switch in an Enhanced Stack The first thing that you should do before you perform any procedure on a switch in an enhanced stack is check to be sure that you are performing it on the correct switch. If you assigned system names to your switches, then it is very easy. The name of the switch being managed is displayed at the top of every management menu.
Section III: Web Browser Management Note The master switch on which you started the management session is not included in the list, nor are any switches with an enhanced stacking status of Unavailable. You can sort the switches in the list by switch name or MAC address by clicking on the column headers. By default, the list is sorted by MAC address. You can refresh the list by clicking Refresh. This instructs the master switch to again poll the subnet for all AT-8000 Series switches. 2.
Chapter 24 Port Parameters The procedures in this chapter allow you to view and change the parameter settings for the individual ports on a switch. Examples of port parameters that you can adjust include duplex mode and port speed.
Section III: Web Browser Management Configuring Port Parameters To configure the parameter settings for a port on a switch, perform the following procedure: 1. From the Home page, select Configuration. 2. From the Configuration page, select Layer 1. 3. Select the Port Setting tab. The Port Setting tab is shown in Figure 74. Figure 74 Port Setting Configuration Tab 4. Click the port in the graphical switch image that you want to configure. The selected port turns white.
AT-S39 User’s Guide The Settings for Port menu is displayed. An example of the menu is shown in Figure 75. Figure 75 Settings for Port Menu Note Clicking the Default button returns the port settings to the default values. Default values are listed in Appendix A, AT-S39 Default Settings on page 312. 6. Adjust the port parameters as desired. The parameters are described below. Disable Port You can use this check box to enable or disable a port. A disabled port will not accept or transmit frames.
Section III: Web Browser Management ❑ 100Mbps - Half Duplex ❑ 100Mbps - Full Duplex Broadcast Storm Control The maximum number of broadcast packets the port can receive within a specified period of time. If the threshold is reach, any additional broadcast packets received on the port are discarded by the switch. For background information on this feature, refer to Broadcast Storm Control Overview on page 186.
AT-S39 User’s Guide Displaying Port Status and Statistics The procedure in this section displays the operating status of the ports on a switch and port statistics. You can view a port’s operating speed, duplex mode, MDI/MDI-X configuration, and more. You can also view the operating status of any GBIC modules installed in an AT-8024GB. To display the status or statistics of a switch port, perform the following procedure: 1. From the Home page, select Monitoring. 2. From the Monitoring page, select Layer 1.
Section III: Web Browser Management If you select port status, the Port Status window in Figure 77 is displayed. Figure 77 Port Status Window The information in this window is for viewing purposes only. To adjust port parameters, refer to Configuring Port Parameters on page 250. The columns in the window are described below: Port The port number. Link The status of the link between the port and the end node connected to the port.
AT-S39 User’s Guide MDI The operating configuration of the port. Possible values are MDI and MDI-X. Speed The operating speed of the port. Possible values are: 0010 - 10 Mbps 0100 - 100 Mbps 1000 - 1000 Mbps Dplx The duplex mode of the port. Possible values are half-duplex and full-duplex. Flow Control The port’s flow control setting. Possible values are: None - No flow control on the port. Transmit - Flow control only on packets being transmitted out the port.
Section III: Web Browser Management Priority Level The priority queue to which untagged packets are directed when received on the port. A value of 1 to 3 directs untagged packets to the low priority queue while a value of 4 to 7 directs packets to the high priority queue. If the override priority feature has been activated on the port, tagged packets will be directed to the priority queue reflected by this status parameter.
AT-S39 User’s Guide Received Multicast Number of multicast packets received on the port. CRC Error Number of packets with a cyclic redundancy check (CRC) error but with the proper length (64-1518 bytes) received on the port Total Packets Number of packets received and transmitted on the port. Undersize Packets Number of packets that were less than the minimum length specified by IEEE 802.3 (64 bytes including the CRC) received on the port.
Chapter 25 Port Security This chapter explains how to display the current port security level on the switch from a web browser management session. Note For background information on port security, refer to Port Security Overview on page 76. Note A switch’s port security level can be changed only from a local management session.
AT-S39 User’s Guide Displaying the Port Security Level To display the switch’s port security level, perform the following procedure: 1. From the Home page, select Monitoring. 2. From the Configuration page, select Layer 2. 3. From the Layer 2 page, select the Port Security tab. The current security level is displayed.
Chapter 26 Port Trunks This chapter contains the procedure for creating or deleting a port trunk from a web browser management session. Note For background information on port trunking, refer to Port Trunking Overview on page 83.
AT-S39 User’s Guide Creating or Deleting a Port Trunk Caution Do not connect the cables of a port trunk to the ports on the switch until after you have configured the ports on both the switch and the end node. Connecting the cables prior to configuring the ports can create loops in your network topology. Loops can result in broadcast storms, which can adversely effect the operations of your network. If you are deleting a port trunk, disconnect the cables from the ports before you delete the trunk.
Section III: Web Browser Management 4. To create a port trunk, do the following: a. Click the ports that will make up the port trunk. A selected port changes to white. An unselected port is black. A port trunk can contain 2, 3, or 4 ports. b. Click Apply. Once you have selected the ports of the trunk, the following appear under Trunk Method. c. Click the desired load distribution method. The default is SA/DA. d. Configure the ports on the remote switch for port trunking.
Chapter 27 Port Mirroring This chapter contains the procedure for creating or deleting a port mirror. Note For background information on port mirroring, refer to Port Mirroring Overview on page 93.
Section III: Web Browser Management Creating or Deleting a Port Mirror To create or delete a port mirror, perform the following procedure: 1. From the Home page, select Configuration. 2. From the Configuration page, select Layer 1. 3. Select the Port Mirroring tab. The management software displays the Port Mirroring menu in Figure 81. Figure 81 Port Mirroring Menu 4. To create a port mirror, do the following: a. Use the pull-down menu from Mirroring Port to select the port to function as the port mirror.
AT-S39 User’s Guide 5. To disable port mirroring, select “None“ from the Mirroring Port pulldown menu and click Apply. The port mirror is deleted. The port that was functioning as the mirror port can now be used for normal network operations.
Chapter 28 STP and RSTP This chapter explains how to configure the STP and RSTP parameters on an AT-8000 Series switch from a web browser management session. Sections in the chapter include: ❑ Enabling or Disabling STP or RSTP on page 267 ❑ Configuring STP on page 268 ❑ Configuring RSTP on page 272 ❑ Displaying STP or RSTP Settings on page 276 Note For background information on spanning tree, refer to STP and RSTP Overview on page 97.
AT-S39 User’s Guide Enabling or Disabling STP or RSTP To enable or disable spanning tree on the bridge, do the following: 1. From the Home page, select Configuration. 2. From the Configuration page, select Layer 2. 3. From the Layer 2 page, select the Spanning Tree tab. The Spanning Tree tab in Figure 82 is displayed. Figure 82 Spanning Tree Tab 4. To enable or disable spanning tree, click the Enable Spanning Tree check box.
Section III: Web Browser Management Configuring STP Caution The bridge provides default STP parameters that are adequate for most networks. Changing them without prior experience and an understanding of how STP works might have a negative effect on your network. You should consult the IEEE 802.1d standard before changing any of the STP parameters. 1. From the Spanning Tree tab menu, click STP Configuration and click Configure. The Spanning Tree menu in Figure 83 is displayed.
AT-S39 User’s Guide 2. Adjust the bridge STP settings as needed. The parameters are described below. Bridge Identifier The MAC address of the bridge. The bridge identifier is used as a tie breaker in the selection of the root bridge when two or more bridges have the same bridge priority value. This value cannot be changed. Bridge Priority The priority number for the bridge. This number is used in determining the root bridge for STP. The bridge with the lowest priority number is selected as the root bridge.
Section III: Web Browser Management Note The aging time for BPDUs is different from the aging time used by the MAC address table. 3. After you have made the desired changes, click Apply. 4. To adjust a port’s STP settings, click on the port in the switch image and click Modify. You can select more than one port at a time. The Port Spanning Tree Protocol menu in Figure 84 is displayed. Figure 84 STP Port Configuration Menu 5. Adjust the settings as desired. The parameters are described below.
AT-S39 User’s Guide Port Priority This parameter is used as a tie breaker when two or more ports are determined to have equal costs to the root bridge. The default value for priority is 128. The range is 0-255. Bridge Hello Time The time interval between generating and sending configuration messages by the bridge. The default is 2 seconds. This value cannot be changed from this menu. To change this value, refer to earlier in this procedure.
Section III: Web Browser Management Configuring RSTP Caution The bridge provides default RSTP parameters that are adequate for most networks. Changing them without prior experience and an understanding of how RSTP works might have a negative effect on your network. You should consult the IEEE 802.1w standard before changing any of the RSTP parameters. 1. From the Spanning Tree tab menu, click RSTP Configuration and click Configure. The RSTP Bridge Configuration menu in Figure 83 is displayed.
AT-S39 User’s Guide 2. Adjust the parameters are desired. The parameters are defined below. Force Version This selection determines whether the bridge will operate with RSTP or in an STP-compatible mode. If you select RSPT, the bridge will operate all ports in RSTP, except for those ports that receive STP BPDU packets. If you select Force STP Compatible, the bridge will operate all ports in STP. The default is RSTP. Bridge Priority The priority number for the bridge.
Section III: Web Browser Management Bridge Identifier The MAC address of the bridge. The bridge identifier is used as a tie breaker in the selection of the root bridge when two or more bridges have the same bridge priority value. This value cannot be changed. Root Bridge The MAC address of the bridge functioning as the root bridge in the spanning tree domain. This value is for display purposes only and cannot be changed. Root Priority The priority number of the root bridge. 3.
AT-S39 User’s Guide Port Cost The spanning tree algorithm uses the cost parameter to decide which port provides the lowest cost path to the root bridge for that LAN. The range is 0 to 20 000 000. The default setting is Autodetect, which sets port cost depending on the speed of the port. Default values are 100 for a 10 Mbps port, 10 for a 100 Mbps port, and 4 for a 1 Gbps port. MCHECK This option instructs the bridge to send out RSTP BPDU packets for several seconds from the selected port.
Section III: Web Browser Management Displaying STP or RSTP Settings To display STP or RSTP parameter settings, perform the following procedure: 1. From the Home page, select Monitoring. 2. From the Monitoring menu, select Layer 2. 3. From the Layer 2 page, select the Spanning Tree tab. The Spanning Tree menu in Figure 88 is displayed. This menu displays information on whether spanning tree is enable or disabled and which protocol version, STP or RSTP, is active. Figure 87 Spanning Tree Tab - Monitoring 4.
AT-S39 User’s Guide The example in Figure 88 is for RSTP. The information in this window is for viewing purposes only. Figure 88 Rapid Spanning Tree Window - Monitoring 5. To view port settings, click a port in the switch and click Status or Settings.
Chapter 29 Virtual LANs This chapter explains how to create, modify, and user-configured (portbased and tagged) and multiple VLANs in a web browser management session. This chapter also explains how to select a multiple VLANchange a switch’s VLAN operating mode. Note For background information on switch modes and VLAN modes, refer to Chapter 10, Virtual LANs.
AT-S39 User’s Guide Creating A New Port-Based or Tagged VLAN To create a new port-basedor tagged VLAN, perform the procedure below: 1. From the Home page, select Configuration. 2. From the Configuration menu, select Layer 2. 3. From the Layer 2 window, select the VLAN tab. The VLAN menu in Figure 89 is displayed.
Section III: Web Browser Management 4. Click Add. The Add VLAN menu in Figure 90 is displayed. Figure 90 Add VLAN Menu 5. Select the Name field and enter a name for the new VLAN. The name can be from one to 10 characters in length. The name should reflect the function of the nodes of the VLAN (for example, Sales or Accounting). The name can contain spaces but not special characters, such as asterisks (*) or exclamation points (!).
AT-S39 User’s Guide example, if you are creating a VLAN called Sales that will span three switches, you must assign the same VID value to each Sales VLAN on the three switches. Note A VLAN must have a VID. 7. If you want all received traffic on the ports of the VLAN to be mirrored to another port on the switch, select the mirroring port from the Mirroring Port pull-down menu. This feature is useful when troubleshooting a VLAN.
Section III: Web Browser Management Modifying a Port-Based or Tagged VLAN To modify a VLAN, perform the following procedure: 1. From the Home page, select Configuration. 2. From the Configuration menu, select Layer 2. 3. From the Layer 2 window, select the VLAN tab. The VLAN menu in Figure 89 on page 279 is displayed. 4. Click the circle next to the name of the VLAN you want to modify. 5. Click Modify. The configuration menu for the VLAN is displayed. 6.
AT-S39 User’s Guide Deleting a Port-Based or Tagged VLAN To delete a VLAN from the switch, perform the following procedure: 1. From the Home page, select Configuration. 2. From the Configuration menu, select Layer 2. 3. From the Layer 2 window, select the VLAN tab. The VLAN menu in Figure 89 on page 279 is displayed. 4. Click the circle next to the name of the VLAN you want to delete. 5. Click Remove. A confirmation prompt is displayed. 6. Click OK to delete the VLAN or Cancel to cancel the procedure.
Section III: Web Browser Management Displaying VLANs To display all the existing VLANs on a switch, perform the following procedure: 1. From the Home page, select Monitoring. 2. From the Monitoring page, select Layer 2. 3. From the Layer 2 page, select the VLAN tab. The management software displays the window in Figure 91. The information in this window is for viewing purposes only.
AT-S39 User’s Guide Selecting a Multiple VLANs Mode To select a multiple VLAN mode, perform the procedure below: Note In 802.1Q Multiple VLANs mode, any device connected to the Uplink VLAN must be 802.1Q-compliant. 1. From the Home page, select Configuration. 2. From the Configuration menu, select Layer 2. 3. From the Layer 2 window, select the VLAN tab. The VLAN menu in Figure 89 is displayed.
Section III: Web Browser Management 4. Under VLAN Mode, select the non-802.1Q compliant Multiple VLANs or 802.1Q Multiple VLANs. 5. In the Uplink VLAN Port field (under VLAN Mode), specify the port on the switch that will function as the uplink port for the VLANs. 6. Click Apply. 7. Reset the switch. For instructions, refer to Resetting a Switch on page 241. For information on the difference between Multiple VLANs or 802.1Q Multiple VLANs, refer to Multiple VLAN Mode Overview on page 132.
AT-S39 User’s Guide Setting the Switch’s Mode This section contains the procedure for setting a switch’s mode. You can configure a switch to Tagged mode or Basic mode. Note For descriptions of switch modes and VLAN modes, refer to Virtual LANs Overview on page 115. To set the switch’s VLAN mode, perform the following procedure: 1. From the Home Page, select Configuration. 2. From the Configuration menu, choose System. 3. Select the General tab. 4.
Section III: Web Browser Management Enabling or Disabling VLANs This procedure performs exactly the same function as the previous procedure. It sets a switch’s VLAN mode. When VLANs are enabled, the switch supports port-based and tagged VLANs. When VLANs are disabled, the switch supports the Basic mode. The difference between the two procedures has to do with ingress filtering. If you activate the Basic Mode using the previous procedure, ingress filtering is disabled.
Chapter 30 MAC Address Table This chapter contains instructions on how to view the dynamic and static addresses in the MAC address table of the switch. This chapter contains the following procedure: ❑ Viewing the MAC Address Table on page 290 ❑ Adding Static and Multicast MAC Addresses on page 293 ❑ Deleting MAC Addresses on page 294 ❑ Changing the Aging Time on page 295 Note For background information on MAC addresses, refer to MAC Address Overview on page 162.
Section III: Web Browser Management Viewing the MAC Address Table To view the MAC address table, perform the following procedure: 1. From the Home page, select either Configuration or Monitoring. 2. Select Layer 2. 3. From the Layer 2 page, select the MAC Address tab. The MAC Address menu is displayed. Figure 93 shows how this menu appears when you display it through the Configuration main menu selection. If displayed through the Monitoring main menu selection, the Add button is not included.
AT-S39 User’s Guide View All Static Addresses This option displays only the static MAC addresses. Static MAC addresses are addresses that you entered manually into the MAC address table. View All IP Multicast Addresses This option displays the multicast MAC addresses. View By Port The pull-down menu with this option is used to display the MAC addresses learned on a particular port. View By VLAN ID This option displays the MAC addresses learned by a particular VLAN on the switch.
Section III: Web Browser Management MIR Indicates whether the traffic on the port is being mirrored. Yes means the traffic is being mirrored while No indicates that it is not. EMP Indicates whether multicast packets are being forwarded by ports in the blocking state. This feature is not supported at this time. This column will indicate “No” for all multicast addresses, except for the switch’s MAC address. Multicast packets are forwarded only by ports in the forwarding state.
AT-S39 User’s Guide Adding Static and Multicast MAC Addresses This section contains the procedure for assigning static or multicast address to ports on the switch. You can assign up to 255 static MAC addresses per port. To add a static or multicast address to the MAC address table, perform the following procedure: 1. From the Home page, select Configuration. 2. From the Configuration page, select Layer 2. 3. From the Layer 2 page, select the MAC Address tab.
Section III: Web Browser Management Deleting MAC Addresses To delete a static, dynamic, or multicast MAC address from the switch, perform the following procedure: 1. From the Home page, select Configuration. 2. From the Configuration page, select Layer 2. 3. From the Layer 2 page, select the MAC Address tab. The MAC Address menu in Figure 93 on page 290 is displayed. 4. Display the MAC addresses on the switch by selecting one of the options.
AT-S39 User’s Guide Changing the Aging Time The switch uses the aging time to delete inactive dynamic MAC addresses from the MAC address table. When the switch detects that no packets have been sent to or received from a particular MAC address in the table after the period specified by the aging time, the switch deletes the address. This prevents the table from becoming full of addresses of nodes that are no longer active. The default setting for the aging time is 300 seconds (5 minutes).
Chapter 31 Class of Service This chapter contains instructions on how to configure CoS. This chapter contains the following procedure: ❑ Configuring CoS on page 297 Note For background information on CoS, refer to Class of Service Overview on page 175.
AT-S39 User’s Guide Configuring CoS To configure CoS, perform the following procedure: 1. From the Home page, select Configuration. 2. From the Configuration page, select Layer 2. 3. From the Layer 2 page, select the CoS tab. A graphical image of the switch is displayed. 4. Click the port where you want to configure CoS. You can select only one port at a time. A selected port turns white. (To deselect a port, click it again.) 5. Click Modify. The CoS Settings menu is displayed. 6.
Chapter 32 IGMP Snooping This chapter describes how to configure the IGMP snooping feature on the switch. Note For background information on this feature, refer to IGMP Snooping Overview on page 178.
AT-S39 User’s Guide Configuring IGMP Snooping To configure IGMP snooping from a web browser management session, perform the following procedure: 1. From the Home page, select Configuration. 2. From the Configuration menu, select System. 3. Select the IGMP tab. The IGMP tab in Figure 95 is displayed. Figure 95 IGMP Menu - Configuration 4. Adjust the IGMP parameters as necessary. The parameters are explained below: Enable IGMP Snooping Status Enables and disables IGMP snooping on the switch.
Section III: Web Browser Management Snoop Topology Defines whether there is only one host node per switch port or multiple host nodes per port. Possible settings are Edge (SingleHost/Port) and Intermediate (Multi-Host/Port). The Edge (Single-Host/Port) setting is appropriate when there is only one host node connected to each port on the switch.
AT-S39 User’s Guide This parameter is useful with networks that contain a large number of multicast groups. You can use the parameter to prevent the switch’s MAC address table from filling up with multicast addresses, leaving no room for dynamic or static MAC addresses. The range is 1 address to 2048 addresses. The default is 256 multicast addresses. Multicast Router Port(s) Specifies the port on the switch to which the multicast router is detected.
Section III: Web Browser Management Displaying a List of Host Nodes and Multicast Routers You can use the AT-S39 software to display a list of the multicast groups on a switch, as well as the host nodes. You can also view the multicast routers. A multicast router is a router that is receiving multicast packets from a multicast application and transmitting the packets to host nodes. To view host nodes and multicast routers, perform the following procedure: 1. From the Home Page, select Monitoring. 2.
AT-S39 User’s Guide Viewing a list of host nodes displays a window containing the following information. The information in the window is for viewing purposes only. Multicast Group The multicast address of the group. Member Port The port(s) on the switch to which one or more host nodes of the multicast group are connected. VLAN ID The VID of the VLAN in which the port is an untagged member. Host IP The IP address(es) of the host node(s) connected to the port.
Chapter 33 Broadcast Storm Control This chapter contains instructions on how to configure the Broadcast Storm Control feature on the switch. Note For background information on this feature, refer to Broadcast Storm Control Overview on page 186.
AT-S39 User’s Guide Configuring the Interval Timer The interval timer defines the time period used in counting the number of broadcast packets transmitted by a port. A port will not transmit more than its maximum number of broadcast frames during the specified timer interval. If a port reaches its maximum number, it will discard and not forward any additional broadcast frames. You can specify a different interval timer for 10 and 100 Mbps ports and 1000 Mbps ports.
Section III: Web Browser Management Setting the Maximum Number of Broadcast Frames To set the maximum number of broadcast frames you want the ports on the switch to transmit, perform the following procedure: 1. From the Home page, select Configuration. 2. From the Configuration page, select Layer 1. When you open the Layer 1 page, the Port Settings tab is selected by default. If it is not selected, select it now. 3.
Chapter 34 TACACS+ and RADIUS Protocols This chapter contains instructions on how to configure the authentication protocols. This chapter contains the following procedure: ❑ Configuring TACACS+ and RADIUS on page 308 Note For background information on the authentication protocols, refer to TACACS+ and RADIUS Overview on page 192.
Section III: Web Browser Management Configuring TACACS+ and RADIUS To configure the authentication protocols, perform the following procedure: 1. From the Home page, select Configuration. 2. From the Configuration page, select System. 3. From the System page, select the Server-based Authentication tab. The tab is shown in Figure 97. Figure 97 Server-based Authentication Tab 4. To enable or disable the authentication feature on the switch, click the Disable Server-based Authentication check box.
AT-S39 User’s Guide Note If you activated the authentication feature, go to Step 6 to configure TACACS+ or Step 7 to configure RADIUS. 7. To configure TACACS+, do the following: a. From the Server-based Authentication tab, click the check circle next to TACACS+ Configuration and click Configure. The TACACS+ Configuration menu in Figure 98 is displayed. Figure 98 TACACS+ Configuration Menu b. Configure the parameters as needed. They are described below.
Section III: Web Browser Management IP Address and Encryption Secret Use these fields to specify the IP addresses and encryption secrets of up to three network servers containing TACACS+ server software. You can leave an encryption field blank if you entered the server’s secret in the Global Secret field. c. After you have finished configuring the parameters, click Apply. 8. To configure RADIUS, do the following: a.
AT-S39 User’s Guide queries the next TACACS+ server in the list. If there aren’t any more servers, than the switch will default to the standard Manager and Operator accounts. The default is 30 seconds. The range is 1 to 30 seconds. IP Address, Port #, and Encryption Key Use these fields to specify the IP address, UDP port number, and encryption key of each RADIUS server. You can specify up to a maximum of three servers.
Appendix A AT-S39 Default Settings This appendix lists the AT-S39 factory default settings. Settings Default IP Address Subnet Mask 0.0.0.0 255.255.0.
AT-S39 User’s Guide Settings Default SNMP Trap Receiver Server-Based Authentication Server Authentication Default Authentication Method Spanning Tree Protocol Status Bridge Priority Bridge Max Age Time Bridge Hello Time Bridge Forwarding Delay Port Costs Addr4 Port Priority Fast Mode Rapid Spanning Tree Protocol Status Bridge Priority Bridge Max Age Time Bridge Hello Time Bridge Forwarding Delay Port Costs Port Priority Point-to-Point Edge Port IGMP Snooping Status Topology Host/Router Time-out Interv
AT-S39 Default Settings Settings TACACS Menu TACACS Timeout Server IP 1 Server IP 2 Server IP 3 Server Key 1 Server Key 2 Server Key 3 RADIUS Menu Default Encryption Key Server Timeout Management Interface Manager Login Name (web browser session only) Manager Password Operator Login Name (web browser session only) Operator Password Time Out Value Twisted Pair Ports Status Duplex Mode Speed Flow Control Broadcast Packets Security VLANs Default_VLAN Name Ingress Filtering VLANs Mode VID Basic Mode Broadcast
AT-S39 User’s Guide Settings Management Access Telnet Web SNMP Port Access Control Port Role Port Control Quiet Period Tx Period Reauth Period Supplicant Timeout Server Timeout Max Requests RS232 Port Data Bits Stop Bits Parity Flow Control Data Rate Default Enabled Enabled Disabled Authenticator Auto 60 seconds 30 seconds 3600 seconds 5 seconds 30 seconds 10 8 1 None Full-duplex Auto-detect (default 9600 bps) 315
Index 802.
AT-S39 User’s Guide E enhanced stacking changing switches, 63, 247 defined, 33, 37, 58 guidelines, 58 setting switch status, 61, 245 F Fast Mode, 109 flow control, 71, 252 force version, 111, 273 forwarding delay, 101, 107 G gateway address, 40, 235 H hello time, 102, 107, 271 host nodes defined, 178 displaying, 183, 302 host/router timeout interval, 181, 300 I IEEE 802.
port access status viewing, 207 port control auto, 206 force-authorized, 205 force-unauthorized, 205 port control, 205 port cost defined, 99 setting, 109, 113, 270, 275 port mirroring creating, 94, 264 defined, 93 deleting, 95, 264 port role, 205 port security configuring, 78 defined, 76 displaying, 259 port trunking creating, 89, 261 defined, 83 deleting, 91, 261 guidelines, 83 load distribution methods, 84 port VLAN identifier (PVID) defined, 122, 129 port-based VLAN creating, 138, 142, 279, 285 defined,
AT-S39 User’s Guide subnet mask, 40, 235 suppTimeout, 206 switch mode configuring, 117 switch statistics, 211 system name, 40, 234 T TACACS+ configuring, 195, 308 overview, 192 tagged VLAN creating, 138, 143, 279, 285 defined, 127 deleting all, 150 deleting, 148, 283 displaying, 147, 160, 284 modifying, 144, 282 Telnet management session defined, 22 quitting, 35 starting, 34 TFTP, downloading and uploading files, 216, 220 txPeriod, 206 defined, 132 non-802.