Management Software ® AT-S62 ◆ Web Browser Interface User’s Guide AT-8516F/SC, AT-8524M, AT-8524POE, AT-8550GB and AT-8550SP LAYER 2+ FAST ETHERNET SWITCHES VERSION 1.3.
Copyright © 2005 Allied Telesyn, Inc. 3200 North First Street, San Jose, CA 95134 USA All rights reserved. No part of this publication may be reproduced without prior written permission from Allied Telesyn, Inc. Microsoft is a registered trademark of Microsoft Corporation, Netscape Navigator is a registered trademark of Netscape Communications Corporation. All other product names, company names, logos or other designations mentioned herein are trademarks or registered trademarks of their respective owners.
Table of Contents List of Figures ........................................................................................................................................................................................................ 9 Preface ....................................................................................................................................................................................................................13 How This Guide is Organized .......................
Table of Contents Pinging a Remote System ................................................................................................................................................................................ 44 Returning the AT-S62 Software to the Factory Default Values ........................................................................................................... 45 Chapter 4 SNMPv1 and SNMPv2c Community Strings .......................................................................
AT-S62 Web Browser Interface User’s Guide Saving the Event Log ............................................................................................................................................................................. 111 Clearing the Event Log .......................................................................................................................................................................... 111 Managing Syslog Server Definitions .....................................
Table of Contents Chapter 17 Denial of Service Defense ...........................................................................................................................................................................170 Configuring Denial of Service Attack Defense ........................................................................................................................................171 Displaying the DoS Settings ....................................................................
AT-S62 Web Browser Interface User’s Guide Displaying Notify Table Entries .......................................................................................................................................................... Displaying Target Address Table Entries ........................................................................................................................................ Displaying Target Parameters Table Entries ..............................................................
Table of Contents Chapter 25 802.1x Port-based Access Control ..........................................................................................................................................................297 Enabling or Disabling Port-based Access Control .................................................................................................................................298 Setting Port Roles ...........................................................................................
List of Figures Chapter 1 Starting a Web Browser Management Session ...................................................................................................................................19 Figure 1: Entering a Switch’s IP Address in the URL Field ..................................................................................................................... 20 Figure 2: AT-S62 Login Page ......................................................................................................
List of Figures Chapter 7 Static Port Trunks .............................................................................................................................................................................................. 77 Figure 21: Port Trunking Tab .......................................................................................................................................................................... 79 Figure 22: Add New Trunk Page .......................................
AT-S62 Web Browser Interface User’s Guide Chapter 16 IGMP Snooping ................................................................................................................................................................................................ 164 Figure 52: IGMP Tab (Configuration) ......................................................................................................................................................... 165 Chapter 17 Denial of Service Defense ................
List of Figures Figure 96: MSTP Spanning Tree Tab .......................................................................................................................................................... 259 Figure 97: Add New MSTI Window ............................................................................................................................................................. 262 Figure 98: Modify MSTI Window ...............................................................................
Preface This guide contains instructions on how to configure an AT-8500 Series Layer 2+ Fast Ethernet Switch using the web browser interface in the AT-S62 management software. For instructions on how to manage the switch from the menus or command line interface, refer to the AT-S62 Menus Interface User’s Guide or AT-S62 Command Line Interface User’s Guide. The guides are available from the Allied Telesyn web site.
Preface Section III: SNMPv3 Operations The chapter in this section explains how to configure the switch for SNMPv3. (The instructions for SNMPv1 and SNMPv2 are in Section I, Basic Operations.) Section IV: Spanning Tree Protocols The chapters in this section configure the Spanning Tree, Rapid Spanning Tree, and Multiple Spanning Tree Protocols. Section V: Virtual LANs The chapters in this section configure port-based and tagged VLANs, GVRP, and the multiple VLAN modes.
AT-S62 Web Browser Interface User’s Guide Document Conventions This document uses the following conventions: Note Notes provide additional information. Caution Cautions inform you that performing or omitting a specific action may result in equipment damage or loss of data. Warning Warnings inform you that performing or omitting a specific action may result in bodily injury.
Preface Where to Find Web-based Guides The installation and user guides for all Allied Telesyn products are available in Portable Document Format (PDF) from on our web site at www.alliedtelesyn.com. You can view the documents on-line or download them onto a local workstation or server.
AT-S62 Web Browser Interface User’s Guide Contacting Allied Telesyn This section provides Allied Telesyn contact information for technical support as well as sales or corporate information. Online Support You can request technical support online by accessing the Allied Telesyn Knowledge Base from the following web site: www.alliedtelesyn.com/kb. You can use the Knowledge Base to submit questions to our technical support staff and review answers to previously asked questions.
Section I Basic Operations The chapters in this section cover a variety of basic switch features and functions.
Chapter 1 Starting a Web Browser Management Session This chapter contains the procedure for starting a web browser management session on an AT-8500 Series switch.
Chapter 1: Starting a Web Browser Management Session Starting a Web Browser Management Session In order for you to establish a web browser management session with an AT-8500 Series switch, there has to be at least one switch in the subnet with an IP address and whose stacking status is set to master switch. Starting a web browser management session on a master switch allows you to manage all the enhanced stacking switches that reside in the enhanced stack from the same management session.
AT-S62 Web Browser Interface User’s Guide The AT-S62 software displays the login page, as shown in Figure 2. Figure 2 AT-S62 Login Page 3. Enter a user name and password. For manager access, enter “manager” as the user name. The default password is “friend”. For operator access, enter “operator” as the user name. The default password is “operator”. Login names and passwords are casesensitive. (For information on the two access levels, refer to the AT-S62 Menus Interface User’s Guide.
Chapter 1: Starting a Web Browser Management Session The main menu is on the left side of the Home page and consists of the following selections: ❑ Enhanced Stacking ❑ Configuration ❑ Monitoring ❑ Logout Note The Enhanced Stacking selection is displayed only on master switches. A web browser management session remains active even if you link to other sites. You can return to the management web pages anytime as long as you do not quit the browser.
AT-S62 Web Browser Interface User’s Guide Saving Your Parameter Changes When you make a change to a switch parameter, the change is, in most cases, immediately activated as soon as you click the Apply button. However, a change to a switch parameter is initially saved only to temporary memory and will be lost the next time you reset or power cycle the unit. To permanently save a change, you must click the Save Config button, shown in Figure 4. This updates the switch’s active configuration file.
Chapter 1: Starting a Web Browser Management Session Quitting a Web Browser Management Session To exit a web browser management session, select Logout from the main menu.
Chapter 2 Enhanced Stacking This chapter contains the following procedures: ❑ Setting a Switch’s Enhanced Stacking Status on page 26 ❑ Selecting a Switch in an Enhanced Stack on page 28 ❑ Displaying the Enhanced Stacking Status on page 30 Note For background information on enhanced stacking, refer to the AT-S62 Menus Interface User’s Guide.
Chapter 2: Enhanced Stacking Setting a Switch’s Enhanced Stacking Status The enhanced stacking status of the switch can be master, slave, or unavailable. Each status is described below: ❑ Master - A master switch of a stack is used to manage other switches in an enhanced stack. Establishing a local or remote management session on a master switch gives you access to the other switches in the enhanced stack.
AT-S62 Web Browser Interface User’s Guide Note If the window does not have an Enhanced Stacking tab, you have accessed the switch through enhanced stacking. Changing a switch’s stacking status through enhanced stacking is not allowed. The only stacking status you can change remotely from a web browser management session is the switch on which you started the session. The Enhanced Stacking tab is shown in Figure 5. Figure 5 Enhanced Stacking Tab 4. Click the desired enhanced stacking status for the switch.
Chapter 2: Enhanced Stacking Selecting a Switch in an Enhanced Stack The first thing that you should do before you perform any procedure on a switch in an enhanced stack is check to be sure that you are performing it on the correct switch. If you assigned system names to your switches, identifying your switches is easy. The management software displays the name of the switch being managed at the top of every management window.
AT-S62 Web Browser Interface User’s Guide Note The list does not include the master switch on which you started the management session or any switches with an enhanced stacking status of Unavailable. You can sort the switches in the list by switch name or MAC address by clicking on the column headers. By default, the list is sorted by MAC address. You can refresh the list by clicking Refresh. This instructs the master switch to again poll the subnet for all switches. 2.
Chapter 2: Enhanced Stacking Displaying the Enhanced Stacking Status To display the enhanced stacking status of a switch, do the following: 1. From the Home page, select Monitoring. 2. From the Monitoring page, select the Mgmt. Protocols menu option. 3. From the Layer 2 page, select the Enhanced Stacking tab. The information in the tab states the current enhanced stacking status of the switch as master, slave, or unavailable.
Chapter 3 Basic Switch Parameters This chapter contains the following sections: ❑ Configuring an IP Address and Switch Name on page 32 ❑ Activating the BOOTP or DHCP Client Software on page 36 ❑ Displaying System Information on page 37 ❑ Configuring the Manager and Operator Passwords on page 38 ❑ Rebooting a Switch on page 40 ❑ Setting the System Time on page 41 ❑ Pinging a Remote System on page 44 ❑ Returning the AT-S62 Software to the Factory Default Values on page 45 31
Chapter 3: Basic Switch Parameters Configuring an IP Address and Switch Name Note For guidelines on when to assign an IP address, subnet address, and gateway address to an AT-8500 Series switch, refer to the AT-S62 Menus Interface User’s Guide. To set basic switch parameters for an AT-8500 Series switch, perform the following procedure: 1. From the Home Page, select Configuration. 2. Select the System menu option. 3. Select the General tab. The General tab is shown in Figure 7.
AT-S62 Web Browser Interface User’s Guide Note This procedure describes the parameters in the Administration section of the tab. The Passwords section is described in Configuring the Manager and Operator Passwords on page 38. The DHCP/BOOTP options are described in Activating the BOOTP or DHCP Client Software on page 36. The MAC address aging time option is described in Changing the Aging Time on page 76. Note The Defaults button returns all parameters in this tab to their default settings.
Chapter 3: Basic Switch Parameters Comments This parameter specifies the location of the switch, (for example, 4th Floor - rm 402B). The location can be from 1 to 39 characters. The location can include spaces and special characters, such as dashes and asterisks. The default is no location. This parameter is optional. IP address This parameter specifies the IP address of the switch. You must specify an IP address if you want the switch to function as the Master switch of an enhanced stack.
AT-S62 Web Browser Interface User’s Guide 6. Click the Save Config menu option to permanently save your changes.
Chapter 3: Basic Switch Parameters Activating the BOOTP or DHCP Client Software For background information on BOOTP and DHCP, refer to the AT-S62 Menus Interface User’s Guide. To activate or deactivate the BOOTP or DHCP client software on the switch from a web browser management session, perform the following procedure: 1. From the Home Page, select Configuration. 2. Select the System menu option. 3. Select the General tab. The General tab is shown in Figure 7 on page 32. 4.
AT-S62 Web Browser Interface User’s Guide Displaying System Information To view basic information about the switch, perform the following procedure: 1. From the Home page, select Monitoring. 2. Select the System menu option. 3. Select the General tab. This tab is for viewing purposes only. You cannot change any of the values from this tab. The information in the tab is defined below: System Name The name of the switch. Administrator The name of the network administrator responsible for managing the switch.
Chapter 3: Basic Switch Parameters Configuring the Manager and Operator Passwords There are two levels of management access on an AT-8500 Series switch: manager and operator. When you log in as a manager, you can view and configure all of a switch’s operating parameters. When you log in as an operator, you can only view the operating parameters; you cannot change any values. You log in as a manager or an operator by entering the appropriate username and password when you start an AT-S62 management session.
AT-S62 Web Browser Interface User’s Guide Caution You should not use spaces or special characters, such as asterisks (*) and exclamation points (!), in a password. Many web browsers cannot handle special characters in passwords. Note A change to a password is immediately activated on the switch. You will be prompted for the new password the next time you log on. 5. Click Apply to activate your change on the switch. 6. Click Save Config to permanently save your change.
Chapter 3: Basic Switch Parameters Rebooting a Switch Note Any parameters changes that have not been saved will be discarded when a system is reset. To save parameter changes, refer to Saving Your Parameter Changes on page 23. To reboot a switch, perform the following procedure: 1. From the Home Page, select Configuration. 2. Select the System menu option. 3. Select the General tab. The General tab is shown in Figure 7 on page 32. 4. Click the Reset button. A confirmation prompt is displayed. 5.
AT-S62 Web Browser Interface User’s Guide Setting the System Time This procedure explains how to set the switch’s date and time. Setting the system time is important if you configured the switch to send traps to your management workstations. Traps from a switch where this has not been set will not contain the correct date and time, making it difficult for you to determine when the events represented by the traps occurred.
Chapter 3: Basic Switch Parameters The System Time tab is shown in Figure 8. Figure 8 System Time Tab 4. To set the system time manually, do the following: a. In the System Time section of the tab, enter the time and date in the following format. hh:mm:ss dd-mm-yyyy b. Click Apply. 5. To configure the switch to obtain its date and time from an SNTP or NTP server on your network or the Internet, configure the following options: UTC Offset Specifies the difference between the UTC and local time.
AT-S62 Web Browser Interface User’s Guide Note The switch does not set DST automatically. If the switch is in a locale that uses DST, you must remember to enable this in April when DST begins and disable it in October when DST ends. If the switch is in a locale that does not use DST, this option should be set to disabled all the time. Status Enables or disables the SNTP client on the switch. The default is disabled. Server IP Address Specifies the IP address of an SNTP server.
Chapter 3: Basic Switch Parameters Pinging a Remote System You can instruct the switch to ping a node on your network. This procedure is useful in determining whether a valid link exists between the switch and another device. To ping a network device, perform the following procedure: 1. From the Home Page, select Monitoring. 2. From the Monitoring menu, select Utilities. 3. Select the Ping Client tab. The Ping Client tab is shown in Figure 9. Figure 9 Ping Client Tab 4.
AT-S62 Web Browser Interface User’s Guide Returning the AT-S62 Software to the Factory Default Values The procedure in this section returns all AT-S62 software parameters, including IP address and subnet mask, if assigned, to their default values. Please note the following before performing this procedure: ❑ Returning all parameter settings to their default values also deletes any port-based or tagged VLANs you created on the switch.
Chapter 3: Basic Switch Parameters The System Utilities tab is shown in Figure 10. Figure 10 System Utilities Tab The TFTP File Updates and Downloads section of the tab is explained in Chapter 10, File Downloads and Uploads on page 97. 4. Click the Reboot Switch After Resetting to Defaults checkbox. 5. Click Apply. 6. Follow the prompts. Note The bottom portion of the System Utilities tab is used to download and upload files from the switch.
Chapter 4 SNMPv1 and SNMPv2c Community Strings This chapter explains how to activate SNMP management on the switch and how to create, modify, and delete SNMPv1 and SNMPv2c community strings.
Chapter 4: SNMPv1 and SNMPv2 Community Strings Enabling or Disabling SNMP Management To enable or disable SNMP management on the switch, perform the following procedure: 1. From the Home page, select Configuration. 2. Select the Mgmt. Protocols menu option. 3. Select the SNMP tab. The SNMP tab is shown in Figure 11. Figure 11 SNMP Tab (Configuration) 4. Click Enable SNMP Access to enable or disable SNMP management.
AT-S62 Web Browser Interface User’s Guide A change to SNMP access is immediately activated on the switch. 7. To permanently save the changes, use the Save Changes button in the General tab. For directions, refer to Saving Your Parameter Changes on page 23.
Chapter 4: SNMPv1 and SNMPv2 Community Strings Creating a SNMPv1 or SNMPv2c Community String To create a new SNMPv1 or SNMPv2c community string, perform the following procedure: 1. From the Home page, select Configuration. 2. Select the Mgmt. Protocols menu option. 3. Select the SNMP tab. The SNMP tab is shown in Figure 11 on page 48. 4. Click Configure in the SNMPv1/v2c section of the tab. The SNMP tab for SNMPv1 and SNMPv2c community strings is shown in Figure 12.
AT-S62 Web Browser Interface User’s Guide Open Access Displays the opened or closed access status of the string: Yes - The string’s status is open, meaning any management workstation can use it. No - The string’s status is closed, meaning only those workstations whose IP addresses have been assigned to the string can use it. Status Displays whether the string is enabled or disabled. The possible settings are: Enabled - The string can be used to access the switch.
Chapter 4: SNMPv1 and SNMPv2 Community Strings 6. In the Community Name field, enter the new community string. The name can be from one to fifteen alphanumeric characters. Spaces are allowed. 7. Use the Status option to either enable or disable the community string. A disabled community string cannot be used to access the switch. The default is enabled. 8. Use the Access Mode option to specify the access mode for the new SNMP community string.
AT-S62 Web Browser Interface User’s Guide Modifying a Community String To modify a community string, perform the following procedure: 1. From the Home page, select Configuration. 2. Select the Mgmt. Protocols menu option. 3. Select the SNMP tab. The SNMP tab is shown in Figure 11 on page 48. 4. Click Configure in the SNMPv1/v2c section of the tab The SNMP tab for SNMPv1 and SNMPv2c is shown in Figure 12 on page 50. 5. Click the button next to the community string you want to modify. 6. Click Modify.
Chapter 4: SNMPv1 and SNMPv2 Community Strings Note You cannot change the name of a community string. 7. Use the Status option to either enable or disable the community string. A disabled community string cannot be used to access the switch. 8. Use the Access Mode option to change the access mode of the community string. If you specify Read Only, the community string will only allow you to view the MIB objects on the switch.
AT-S62 Web Browser Interface User’s Guide Deleting a Community String To delete a community string, do the following: 1. From the Home page, select Configuration. 2. Select the Mgmt. Protocols menu option. 3. Select the SNMP tab. The SNMP tab is shown in Figure 11 on page 48. 4. Click Configure in the SNMPv1/v2c section of the tab. The SNMP tab for SNMPv1 and SNMPv2c is shown in Figure 12 on page 50. 5. Click the button next to the community string you want to delete.
Chapter 4: SNMPv1 and SNMPv2 Community Strings Displaying the SNMP Status and Community Strings To display the SNMPv1 and SNMPv2c community strings on the switch, do the following: 1. From the Home page, select Monitoring. 2. Select the Mgmt. Protocols menu option. 3. Select the SNMP tab. The information in the tab includes: SNMP Access Whether SNMP access is enabled or disabled. Authentication Failure Trap Whether the authentication failure trap is enabled or disabled. 4.
Chapter 5 Port Parameters This chapter explains how to view and change the parameter settings for the individual ports on a switch. Examples of the parameters that you can adjust include port speed and duplex mode.
Chapter 5: Port Parameters Configuring Port Parameters To configure the parameter settings of a port on the switch, perform the following procedure: 1. From the Home page, select Configuration. 2. From the Configuration menu, select the Layer 1 option. 3. Select the Port Settings tab. The Port Settings tab is shown in Figure 15. Figure 15 Port Settings Tab (Configuration) 4. Click the port in the graphical switch image you want to configure. The selected port turns white.
AT-S62 Web Browser Interface User’s Guide The Port Configuration page is shown Figure 16. Figure 16 Port Configuration Page Note The Port Configuration page in the figure above is for a 10/100 Mbps twisted pair port. The page for a fiber optic port will contain a subset of the parameters. If you are configuring multiple ports and the ports have different settings, the Port Configuration menu displays the settings of the lowest numbered port.
Chapter 5: Port Parameters If you are configuring a twisted pair port and you select AutoNegotiation, which is the default setting, the port’s speed, duplex mode, and MDI/MDI-X settings are set automatically. You should note the following concerning the operation of AutoNegotiation on a twisted pair port: ❑ In order for a switch port to successfully Auto-Negotiate its duplex mode with an end-node, the end-node should also be using AutoNegotiation. Otherwise, a duplex mode mismatch can occur.
AT-S62 Web Browser Interface User’s Guide HOL Blocking For a definition of Head of Line Blocking, refer to the AT-S62 Menus Interface User’s Guide. This parameter can prevent Head of Line Blocking from occurring on a port. The parameter sets a threshold on the utilization of a port’s egress queue. When the threshold for a port is exceeded, the switch signals other ports to discard packets to the oversubscribed port. The number for this value represents cells. A cell is 64 bytes.
Chapter 5: Port Parameters When you activate this feature on a port, the port will discard all egress broadcast packets. That is, if the port has a broadcast packet that is intended to be sent to the end node connected to the port, the port will instead discard the packet. It should be noted that the filtering takes place only on egress broadcast packets—packets that a port is transmitting. This filter does not apply to ingress broadcast packets.
AT-S62 Web Browser Interface User’s Guide Possible values are: Auto - The port will use flow control if it detects that the end node is using it. Disabled - No flow control on the port. Enabled - Flow control is activated. Limit - Specifies the maximum number of ingress packets that a port will receive within a 1 second period before initiating flow control. The range is 1 to 57,344 packets. The default is 8192. MDI/MDIX Crossover Use this selection to set the wiring configuration of the port.
Chapter 5: Port Parameters Displaying Port Status and Statistics The procedure in this section displays the operating status of the ports on a switch and port statistics. You can view a port’s operating speed, duplex mode, MDI/MDI-X configuration, and more. You can also view the operating status of any GBIC modules installed in an AT-8550GB. To display the status or statistics of a switch port, perform the following procedure: 1. From the Home page, select Monitoring. 2.
AT-S62 Web Browser Interface User’s Guide Link The status of the link between the port and the end node connected to the port. Possible values are: Up - indicates that a valid link exists between the port and the end node. Down - indicates that the port and the end node have not established a valid link. Neg The status of Auto-Negotiation on the port. Possible values are: Auto - Indicates that the port is using Auto-Negotiation to set operating speed and duplex mode.
Chapter 5: Port Parameters If you select Statistics, the Statistics page in Figure 18 is displayed. Figure 18 Port Statistics Page The information in this page is for viewing purposes only. The statistics are defined below: Bytes Received Number of bytes received on the port. Bytes Sent Number of bytes transmitted from the port. Frames Received Number of frames received on the port. Frames Sent Number of frames transmitted from the port.
AT-S62 Web Browser Interface User’s Guide Frames 1024 - 1518 Bytes Frames 1519 - 1522 Bytes Number of frames transmitted from the port, grouped by size. Dropped Frames The number of frames successfully received and buffered by the port, but subsequently discarded. CRC Error Number of frames with a cyclic redundancy check (CRC) error but with the proper length (64-1518 bytes) received on the port. Jabber Number of occurrences of corrupted data or useless signals appearing on the port. No.
Chapter 6 MAC Address Table This chapter contains instructions on how to view the dynamic and static addresses in the MAC address table of the switch.
AT-S62 Web Browser Interface User’s Guide Displaying the MAC Address Table To view the MAC address table, perform the following procedure: 1. From the Home page, select either Configuration or Monitoring. 2. Select the Layer 2 menu option. 3. Select the MAC Address tab. Figure 19 shows how the tab appears when displayed through the Configuration page. If displayed through the Monitoring page, the Add buttons and the Delete section at the bottom of the window are not included.
Chapter 6:MAC Address Table The top section displays unicast addresses while the middle section displays multicast addresses. The options function the same in both sections, and are described below. You can select only one option at a time. The default selection is the View All option for multicast MAC addresses. To avoid displaying the wrong MAC addresses, check to be sure that you have selected the desired unicast or multicast address option before clicking a View button.
AT-S62 Web Browser Interface User’s Guide Vlan ID - The ID number of the VLAN where the port is a member. Type - The type of the address: static or dynamic.
Chapter 6:MAC Address Table Adding Static Unicast and Multicast MAC Addresses This section contains the procedure for assigning a static unicast or multicast address to a port on the switch. You can assign up to 255 static MAC addresses per port. To add a static address to the MAC address table, perform the following procedure: 1. From the Home page, select Configuration. 2. Select the Layer 2 menu option. 3. Select the MAC Address tab. The MAC Address tab is shown in Figure 19 on page 69. 4.
AT-S62 Web Browser Interface User’s Guide 7. In the VLAN ID field, enter the VLAN ID where the port is a member. 8. Click Apply. 9. Repeat this procedure to add other static addresses to the switch. 10. To permanently save the change, select the Save Config menu option.
Chapter 6:MAC Address Table Deleting Unicast and Multicast MAC Addresses To delete a specific static or dynamic unicast or multicast MAC address from the switch, perform the following procedure: 1. From the Home page, select Configuration. 2. Select the Layer 2 menu option. 3. Select the MAC Address tab. The MAC Address tab is shown in Figure 19 on page 69. 4. Display the MAC addresses on the switch by selecting one of the options. For instructions, refer to Displaying the MAC Address Table on page 69. 5.
AT-S62 Web Browser Interface User’s Guide Deleting All Dynamic Unicast and Multicast MAC Addresses To delete all dynamic unicast and multicast MAC addresses from the switch, perform the following procedure: 1. From the Home page, select Configuration. 2. From the Configuration menu, select Layer 2. 3. Select the MAC Address tab. The MAC Address tab is shown in Figure 19 on page 69. 4. Click Delete in the Delete All Dynamic MAC Addresses section.
Chapter 6:MAC Address Table Changing the Aging Time The switch uses the aging time to delete inactive dynamic MAC addresses from the MAC address table. When the switch detects that no packets have been sent to or received from a particular MAC address in the table after the period specified by the aging time, the switch deletes the address. This prevents the table from becoming full of addresses of nodes that are no longer active. The default setting for the aging time is 300 seconds (5 minutes).
Chapter 7 Static Port Trunks This chapter contains the procedure for creating, modifying, or deleting a static port trunk from a web browser management session. Sections in this chapter include: ❑ Creating a Static Port Trunk on page 78 ❑ Modifying a Static Port Trunk on page 81 ❑ Deleting a Static Port Trunk on page 83 ❑ Displaying the Static Port Trunks on page 84 Note For background information and guidelines on static port trunks, refer to the AT-S62 Menus Interface User’s Guide.
Chapter 7: Static Port Trunks Creating a Static Port Trunk This section contains the procedure for creating a static port trunk on the switch. Be sure to review the static port trunk guidelines in the AT-S62 Menus Interface User’s Guide before performing the procedure. Caution Do not connect the cables to the trunk ports on the switches until after you have configured the static trunk with the management software.
AT-S62 Web Browser Interface User’s Guide The Port Trunking tab is shown in Figure 21. Figure 21 Port Trunking Tab This tab lists the existing trunks. Columns in the tab are defined below: ID The ID number of the trunk. Name The name of the trunk.
Chapter 7: Static Port Trunks The Add New Trunk page is shown in Figure 22. Figure 22 Add New Trunk Page 5. In the Trunk Name field, enter a name for the port trunk. The name can be up to sixteen alphanumeric characters. No spaces or special characters, such as asterisks and exclamation points, are allowed. Each trunk must be given a unique name. 6. From the Trunk Method list, select a distribution method.
AT-S62 Web Browser Interface User’s Guide Modifying a Static Port Trunk This section contains the procedure for modifying a static port trunk on the switch. You can change the name of a trunk and the ports that constitute the trunk. You cannot change the load distribute method. Be sure to review the static trunk guidelines in the AT-S62 Menus Interface User’s Guide before performing the procedure.
Chapter 7: Static Port Trunks An example of the Modify Trunk page is shown in Figure 23. Figure 23 Modify Trunk Page Note You cannot change the Trunk ID number or the load distribution method of a port trunk. 5. To change the name of the trunk, click the Trunk Name field and modify the name as needed. The name can be up to sixteen alphanumeric characters. No spaces or special characters, such as asterisks and exclamation points, are allowed. Each trunk must have a unique name. 6.
AT-S62 Web Browser Interface User’s Guide Deleting a Static Port Trunk Caution Disconnect the cables from the port trunk on the switch before performing the following procedure. Deleting a static port trunk without first disconnecting the cables can create loops in your network topology. Data loops can result in broadcast storms and poor network performance. To delete a static port trunk from the switch, perform the following procedure: 1. From the Home Page, select Configuration. 2.
Chapter 7: Static Port Trunks Displaying the Static Port Trunks To display the static port trunks on the switch, do the following: 1. From the Home page, select Monitoring. 2. From the Monitoring menu, select the Layer 1 menu option. 3. Select the Port Trunking tab. The Port Trunking tab displays the following information: ID The ID number of the trunk. Name The name of the trunk.
Chapter 8 Port Mirroring This chapter contains the procedure for creating or deleting a port mirror. Sections in the chapter include: ❑ Creating a Port Mirror on page 86 ❑ Modifying or Disabling a Port Mirror on page 89 ❑ Deleting a Port Mirror on page 90 ❑ Displaying the Port Mirror on page 91 Note For background information and guidelines on port mirroring, refer to the AT-S62 Menus Interface User’s Guide.
Chapter 8: Port Mirroring Creating a Port Mirror To create or delete a port mirror, perform the following procedure: 1. From the Home Page, select Configuration. 2. From the Configuration menu, select Layer 1. 3. Select the Port Mirroring tab. The Port Mirroring tab is shown in Figure 24. Figure 24 Port Mirroring Tab (Configuration) This tab displays any port mirror already existing on the switch.
AT-S62 Web Browser Interface User’s Guide Status This column contains the status of the mirroring feature. If enabled, traffic is being copied to the destination port. If disabled, no traffic is being mirrored. 4. Click Modify. The Modify Mirror page is shown in Figure 25. Figure 25 Modify Mirror Page 5. Click the ports of the port mirror. Clicking a port toggles it through the possible settings, which are shown here: The destination (mirror) port. There can be only one destination port. A source port.
Chapter 8: Port Mirroring Figure 26 shows an example of the Modify Mirror page configured for a port mirror. The egress traffic on Ports 11 and 12 is mirrored to the destination Port 5. Figure 26 Example of a Modify Mirror Page 6. After selecting the destination and source ports, click the Enable Mirror check box. 7. Click Apply. The port mirror is now active on the switch. You can connect a data analyzer to the destination port to monitor the traffic on the source ports. 8.
AT-S62 Web Browser Interface User’s Guide Modifying or Disabling a Port Mirror To modify a port mirror, you perform the same procedure that you did to create it, as explained in Creating a Port Mirror on page 86. But before modifying it, you should first disable it using the Enable Mirror option in the Modify Mirror page. Once you have made the necessary modifications, enable the mirror again and click Apply. To permanently save the change, use the Save Changes button in the General tab.
Chapter 8: Port Mirroring Deleting a Port Mirror To delete a port mirror so that you can use the destination port for normal network operations, perform the procedure Creating a Port Mirror on page 86. Disable the port mirror using the Enable Mirror option and then click the destination port to change it from white to black. Once black, the port is available for normal network operations. Then click Apply. To permanently save the change, use the Save Changes button in the General tab.
AT-S62 Web Browser Interface User’s Guide Displaying the Port Mirror To display the port mirror, do the following: 1. From the Home page, select Monitoring. 2. From the Monitoring menu, select the Layer 1 option. 3. Select the Port Mirroring tab. The information in the tab is described below: Mirror to Port The destination port where the traffic is copied to and where the network analyzer is located. Ingress Port(s) The source ports whose ingress traffic is mirrored to the destination port.
Section II Advanced Operations The chapters in this section explain how to manage an AT-8524M switch from a local or Telnet management session.
Chapter 9 File System This chapter contains instructions on how to display the files stored in the switch’s file system and select a new active boot configuration file. This chapter contains the following procedure: ❑ Viewing System Files or Changing the Active Configuration File on page 94 Note For background information on the file system and boot configuration files, refer to the AT-S62 Menus Interface User’s Guide.
Chapter 9: File System Viewing System Files or Changing the Active Configuration File This procedure displays the files stored in the switch’s file system. This procedure also explains how to change the active boot configuration file on the switch. The active boot configuration file is used by the switch to configure its operating parameters whenever the unit is reset or power cycled. The active boot file is also the file that is updated whenever you select the Save Config option.
AT-S62 Web Browser Interface User’s Guide The File System tab is shown in Figure 27. Figure 27 File System Tab The information in the tab is defined below: Current Drive Specifies the location of the file system. The AT-8500 Series switch has just one file system, located in flash memory. This will always indicate Flash. This cannot be changed. Default Configuration File Specifies the filename of the active configuration file.
Chapter 9: File System Attributes - This can be any of the following: ❑ Normal ❑ Read Only ❑ Hidden ❑ System ❑ Volume ❑ Directory ❑ Archive ❑ Invalid 4. To change the active boot configuration file, enter the name of the file in the Default Configuration Field field. The file must already exist in the file system. You can select a configuration file that you created on the switch or that you downloaded onto the switch from another switch.
Chapter 10 File Downloads and Uploads This chapter contains the procedure for downloading a new AT-S62 image file onto the switch from a web browser management session. This chapter also contains procedures for uploading and downloading system files, such as a boot configuration file, from the file system in the switch.
Chapter 10: File Downloads and Uploads Downloading a File This procedure explains how to download a file from a TFTP server on your network to the switch using the web browser interface. You can download any of the following files: ❑ AT-S62 image file ❑ Boot configuration file ❑ Public key ❑ CA certificate Note The public key and CA certificate are only supported on the version of AT-S62 management software that features SSL, PKI, and SSH security.
AT-S62 Web Browser Interface User’s Guide of the switch using Xmodem or, alternatively, switch to switch. For instructions, refer to the AT-S62 Menus Interface User’s Guide. To download a file, perform the following procedure: 1. From the Home Page, select Configuration. 2. Select the Utilities menu option. 3. Select the System Utilities tab. The System Utilities tab is shown in Figure 28. Figure 28 System Utilities Tab Note The top portion of the tab returns the switch to its factory default settings.
Chapter 10: File Downloads and Uploads 7. In the TFTP Local Filename field, enter a name for the file. This is the name that the switch will store the file as in its file system. If you are downloading the AT-S62 image file, enter “ats62.img” as the filename. 8. In the TFTP File Type, select one of the following: ❑ Image - Select this option to download a new AT-S62 image file.
AT-S62 Web Browser Interface User’s Guide Uploading a File This procedure explains how to upload a file from the switch’s file system to a TFTP server on your network using the web browser interface.
Chapter 10: File Downloads and Uploads Note The top portion of the tab returns the switch to its factory default settings. For instructions, refer to Returning the AT-S62 Software to the Factory Default Values on page 45. 4. In the TFTP Server IP Address field, enter the IP address of the network node with the TFTP server software. 5. In the TFTP Operation field, click Upload. 6. In the TFTP Remote Filename field, enter a name for the file.
Chapter 11 Event Log and Syslog Servers This chapter describes the event log and syslog servers. Sections in the chapter include: ❑ Managing the Event Log on page 104 ❑ Managing Syslog Server Definitions on page 112 Note For background information on the event log and syslog server definitions, refer to the AT-S62 Menus Interface User’s Guide.
Chapter 11: Event Log and Syslog Servers Managing the Event Log The event log contains event messages that are generated by a switch. These events can provide vital information about network activity on an AT-8500 Series switch that can help you identify and solve network problems. The information includes the time and date when an event occurred, the event’s severity, the AT-S62 module that generated the event, and an event description.
AT-S62 Web Browser Interface User’s Guide The Event Log tab is shown in Figure 29. Figure 29 Event Log Tab 4. For Status in Log Settings, click either Disable or Enable. If you enable the log, the switch immediately begins to add events in the log and send events to defined syslog servers. The default is enabled. 5. Click Apply. 6. To permanently save the change, select the Save Config menu selection. To display the events in the log, go to the next procedure.
Chapter 11: Event Log and Syslog Servers Displaying the Event Log To view the event log, do the following: 1. From the Home Page, click either Configuration or Monitoring. 2. Select the System menu option. 3. Select the Event Log tab. The Event Log tab is shown in Figure 29 on page 105. 4. Configure the following options: Severity Selections Displays events of a selected severity. Event severity is a predefined value assigned to an event according to its potential impact on switch operation.
AT-S62 Web Browser Interface User’s Guide all modules. You can display more than one module at a time by holding down the Shift key when making a selection. The modules are defined in Table 2.
Chapter 11: Event Log and Syslog Servers Table 2 AT-S62 Modules Module Name Description PTRUNK Port trunking QOS Quality of Service RADIUS RADIUS authentication protocol SNMP SNMP SSH Secure Shell protocol SSL Secure Sockets Layer protocol STP Spanning Tree, Rapid Spanning, and Multiple Spanning Tree protocols SYSTEM Hardware status; Manager and Operator log in and log off events.
AT-S62 Web Browser Interface User’s Guide Figure 30 shows an example of the event log in the Full display mode. The Normal display mode does not include the Filename, Line Number, and Event ID items. Figure 30 Event Log Example The columns in the log are described below: ❑ S (Severity) - The event’s severity. Table 1 on page 106 defines the different severity levels. ❑ Date/Time - The date and time the event occurred. ❑ Event ID - A unique number that identifies the event.
Chapter 11: Event Log and Syslog Servers Modifying the Event Log Full Action This procedure explains how to control what the log will do once it reaches its maximum capacity of 4,000 events. You have two options. The first is to have the switch delete the oldest entries as it adds new entries to the log. The second is to have the switch stop adding entries, so as to preserve the existing log contents. This procedure is only relevant when viewing the event log through a local or remote management session.
AT-S62 Web Browser Interface User’s Guide Saving the Event Log You can save the current events in the log as a file in the file system, from where you can view it or download it to your management workstation. To save the current events, do the following: 1. From the Home Page, click either Configuration. 2. Select the System menu option. 3. Select the Event Log tab. The Event Log tab is shown in Figure 29 on page 105. 4.
Chapter 11: Event Log and Syslog Servers Managing Syslog Server Definitions You can configure the switch to send its events to a syslog server. A syslog server can store the events of many network devices simultaneously. Storing network events on a syslog server can make managing your network easier since you need only go to one site to see all of the events. Here are the guidelines to observe when using this feature: ❑ You can define up to 19 syslog servers.
AT-S62 Web Browser Interface User’s Guide Creating a Syslog Server Definition To create a syslog server definition, perform the following procedure: 1. From the Home Page, click Configuration. 2. Select the System menu selection. 3. The Event Log tab. The Event Log tab is shown in Figure 29 on page 105. 4. In the Current Log Outputs section of the tab, click Create. The Creating Event Log Output Window is shown in Figure 32. Figure 32 Creating Event Log Output Window 5.
Chapter 11: Event Log and Syslog Servers ❑ Extended - sends the same as Normal, plus the date, time, and switch’s IP address. This is the default. Severity Selections The severity of events to be sent by the switch to the syslog server. Event severity is a predefined value assigned to an event by the switch according to its possible impact on the switch’s operation. You can use this parameter to configure the switch to send only those events that match one or more severity levels.
AT-S62 Web Browser Interface User’s Guide Table 3 Applicable RFC 3164 Numerical Code and AT-S62 Module Mappings Numerical Code 4 RFC 3164 Facility AT-S62 Module Security and authorization messages Security modules: - PSEC - PACCESS - ENCO - PKI - SSH - SSL - MGMTACL - DOS Authentication modules: - SYSTEM - RADIUS - TACACS+ 9 Clock daemon Time- based modules: - TIME (system time and SNTP) - RTC 22 Local use 6 Physical interface and data link modules: - PCFG - PMIRR - PTRUNK - STP - VLAN 23 Local
Chapter 11: Event Log and Syslog Servers ❑ LOCAL3 ❑ LOCAL4 ❑ LOCAL5 ❑ LOCAL6 ❑ LOCAL7 Each setting represents a predefined RFC 3164 numerical code. The code mappings are listed in Table 4. Table 4 Numerical Code and Facility Level Mappings Numerical Code Facility Level Setting 17 LOCAL1 18 LOCAL2 19 LOCAL3 20 LOCAL4 21 LOCAL5 22 LOCAL6 23 LOCAL7 For example, selecting LOCAL2 as the facility level assigns the numerical code of 18 to all events sent to the syslog server by the switch.
AT-S62 Web Browser Interface User’s Guide 7. To permanently save the change, click the Save Config menu selection. Modifying a Syslog Server Definition To modify a syslog server definition, perform the following procedure: 1. From the Home Page, click Configuration. 2. Select the System menu selection. 3. Select the Event Log tab. The Event Log tab is shown in Figure 29 on page 105. 4. In the Current Log Outputs section of the tab, click the syslog entry you want to modify and click Modify.
Chapter 11: Event Log and Syslog Servers Viewing a Syslog Server Definition To view the parameter settings of a syslog server definition, perform the following procedure: 1. From the Home Page, click Monitoring. 2. Select the System menu option. 3. Select the Event Log tab. 4. In the Current Log Outputs section of the tab, click the syslog definition you want to view and click View. The switch displays the parameter settings of the selected syslog definition.
Chapter 12 Classifiers A classifier defines a traffic flow. You use classifiers with access control lists to filter ingress traffic on a port. You can also use classifiers with Quality of Service policies to regulate different traffic flows that pass through a switch.
Chapter 12: Classifiers Creating a Classifier To create a new classifier, perform the following procedure: 5. From the Home Page, select Configuration. 6. Select the Network Security or Services menu selection. (The Classifier tab is accessible from both menu selections.) 7. Select the Classifier tab. An example of the Classifier tab is shown in Figure 33. Figure 33 Classifier Tab (Configuration) The tab lists the current classifiers on the switch.
AT-S62 Web Browser Interface User’s Guide assigned to a switch port, while an inactive ACL or QoS policy is currently not assigned to any port. If this column is 0 (zero), the classifier is not assigned to any ACLs or policies, active or inactive. 8. To create a new classifier, click Create. The Create Classifier page is shown in Figure 34.
Chapter 12: Classifiers Some of the variables and settings display additional selections. For example, selecting IP as the Protocol displays the selections shown in Figure 35. Figure 35 Create Classifier Page - IP Protocol 9. Configure the parameters as needed. They are defined here: ID Specifies an ID number for the classifier. Every classifier on the switch must have a unique ID number. The range is 1 to 9999. This parameter is required. Description Specifies a description for the classifier.
AT-S62 Web Browser Interface User’s Guide VLAN ID Defines a traffic flow of tagged packets by its VLAN ID number. The range is 1 to 4094. Protocol Defines a traffic flow as one of the following Layer 2 protocols: ❑ User Specified ❑ IP ❑ ARP ❑ RARP User Specified Protocol Defines a traffic flow of a Layer 2 protocol by its protocol number. The number can be entered in either decimal or hexadecimal format. For the latter, precede the number with “0x”.
Chapter 12: Classifiers format. If you use the latter, precede the number with “0x”. To set this parameter, the IP Protocol parameter must be set to User Specified. Source IP Address Source IP Mask Defines a traffic flow by a source IP address. The address can be of a specific node or a subnet. You do not need to include a source IP mask if you are filtering on the IP address of a specific end node. A mask is required, however, when filtering on a subnet.
AT-S62 Web Browser Interface User’s Guide UDP Source Port Defines a traffic flow by source UDP port. To set this parameter, IP Protocol must be set to UDP. UDP Destination Port Defines a traffic flow by a destination UDP port. To set this parameter, IP Protocol must be set to UDP. User Specified Protocol Defines a traffic flow by a protocol other than one of those listed in the Protocol or IP Protocol list. To set this parameter, Protocol must be set to User Specified.
Chapter 12: Classifiers Modifying a Classifier This procedure explains how to modify a classifier. If the classifier you want to modify is currently assigned to an active ACL or QoS policy, you must first remove the port assignments from the ACL or policy before you can modify the classifier. Once you have finished modifying the classifier, you can reassign the ports again to the ACL or QoS policy. To modify a classifier, perform the following procedure: 1. From the Home Page, select Configuration. 2.
AT-S62 Web Browser Interface User’s Guide Deleting a Classifier This procedure explains how to delete a classifier. If the classifier you want to delete is currently assigned to an ACL or QoS policy, you must first remove it from the ACL or policy. To delete a classifier, perform the following procedure: 1. From the home page, select Configuration. 2. Select the Network Security or Services menu selection. (The Classifier tab is accessible from both menu selections.) 3. Select the Classifier tab.
Chapter 12: Classifiers Displaying the Classifiers To display the classifiers on a switch, perform the following procedure: 1. From the Home Page, select Monitoring. 2. From the Monitoring menu, select either the Network Security or Services menu selection. (The Classifier tab is accessible from both menu selections.) 3. Select the Classifiers tab. This tab lists the classifiers currently existing on the switch. The columns are defined here: ID The ID of the classifier.
Chapter 13 Access Control Lists An access control list (ACL) is used to filter ingress traffic on a port. Traffic is defined by the classifiers assigned to the ACL.
Chapter 13: Access Control Lists Creating an Access Control List This procedure explains how to create an ACL. It is a good idea before performing this procedure to jot down on paper the ID number(s) of the classifier(s) you want to assign to the ACL and the action of the ACL, which is either Permit or Deny. An action of Permit instructs the port to accept packets from the defined traffic flow of the classifier, while an action of Deny discards the packets.
AT-S62 Web Browser Interface User’s Guide Description A description of the ACL. Action The action of the ACL. An action of Permit means the ACL accepts packets that match the traffic flows defined by the classifiers. An action of Deny means that the ACL discards ingress packets that match the defined traffic flows, provided that the packets do not also meet the criteria of a Permit ACL. (A Permit ACL overrides a Deny ACL.) Active The status of the ACL.
Chapter 13: Access Control Lists selections. To view the classifiers on a switch, refer to Displaying the Classifiers on page 128. An ACL must have at least one classifier. Action Use this menu to specify the action of the ACL. Deny, which is the default, discards ingress packets that match the defined traffic flow of the classifier. Permit accepts the packets. The default is Deny. Description Use this field to enter a description for the ACL.
AT-S62 Web Browser Interface User’s Guide Modifying an Access Control List To modify an ACL, perform the following procedure: 1. From the Home Page, select Configuration. 2. Select the Network Security menu selection. 3. Select the ACL tab. The ACL tab is shown in Figure 37 on page 130. 4. Click the dialog circle next to the ID number of the ACL you want to modify and click Modify. You can modify only one ACL at a time. The Modify ACLs page is shown in Figure 39. Figure 39 Modify ACLs Page 5.
Chapter 13: Access Control Lists Description Use this field to enter a description for the ACL. A description can be up to 15 alphanumeric characters, including spaces. Entering a description is optional. Port List Use this list to specify the port where you want to assign the ACL. You can assign an ACL to more than one port. To select multiple ports, hold down the Ctrl key while making your selections.
AT-S62 Web Browser Interface User’s Guide Deleting an Access Control List To delete an ACL, perform the following procedure: 1. From the Home Page, select Configuration. 2. Select the Network Security menu selection. 3. Select the ACL tab. The ACL tab is shown in Figure 37 on page 130. 4. Click the dialog circle next to the ID number of the ACL you want to delete and click Delete. You can delete only one ACL at a time. The ACL is immediately deleted. 5.
Chapter 13: Access Control Lists Displaying the Access Control Lists To display the current ACLs on the switch, perform the following procedure: 1. From the Home Page, select Monitoring. 2. From the Monitoring menu, select the Network Security menu selection. 3. Select the ACL tab. The ACL tab displays a table of the currently configured ACLs that contains the following columns of information: ID The ID number of the ACL. Description A description of the ACL. Action The action of the ACL.
Chapter 14 Quality of Service This chapter contains instructions on how to configure Quality of Service (QoS). This chapter contains the following procedures: ❑ Managing Flow Groups on page 138 ❑ Managing Traffic Classes on page 144 ❑ Managing Policies on page 151 Note For background information and guidelines on QoS, refer to the AT-S62 Menus Interface User’s Guide.
Chapter 14: Quality of Service Managing Flow Groups Flow groups are groups of classifiers that group together similar traffic flows. This section contains the following procedures: ❑ Creating a Flow Group on page 138 ❑ Modifying a Flow Group on page 140 ❑ Deleting a Flow Group on page 142 ❑ Displaying Flow Groups on page 142 Creating a Flow Group To create a flow group, perform the following procedure: 1. From the Home Page, select Configuration. 2. Select the Services menu selection. 3.
AT-S62 Web Browser Interface User’s Guide Active The active status of the flow group. A flow group is deemed active if it is part of a policy that is assigned to a switch port. A flow group is considered inactive if it is not a part of any policies or if the policies have not been assigned to any ports. Parent Traffic Class ID The traffic class to which the flow group is assigned. Classifier List The classifiers assigned to the flow group. 4. Click Create. The Create Flow Group page is shown in Figure 41.
Chapter 14: Quality of Service Description Specifies the flow group description. A description can be up to 15 alphanumeric characters, including spaces. Priority (802.1p) Specifies a new user priority value for the packets. The range is 0 to 7. If you specify a new user priority value here and in Traffic Class, the value here overrides the value in Traffic Class. If you want the packets to retain the new value when they exit the switch, change Remark Priority to Yes.
AT-S62 Web Browser Interface User’s Guide The Modify Flow Group page is shown in Figure 42. Figure 42 Modify Flow Group Page 5. Configure the following parameters as necessary: ID Specifies the ID number for this flow group. You cannot change this value. DSCP Specifies a replacement value to write into the DSCP (TOS) field of the packets. The range is 0 to 63. A new DSCP value can be set at all three levels: flow group, traffic class, and policy.
Chapter 14: Quality of Service Classifier List The classifier to be assigned to the flow group. The specified classifier must already exist. You can assign more than one classifier to a flow group. To assign multiple classifiers, hold down the Ctrl key when making your selections. 6. Click Apply. The changes are immediately applied to the flow group. 7. To permanently save your changes, select the Save Config menu selection. Deleting a Flow Group This procedure explains how to delete a flow group.
AT-S62 Web Browser Interface User’s Guide Active The active status of the flow group. A flow group is deemed active if it is part of a policy that is assigned to a switch port. A flow group is considered inactive if it is not connected to any policies or if the policies have not been assigned to any ports. Parent Traffic Class ID The traffic class to which the flow group is assigned. Classifier List The classifiers assigned to the flow group. 4.
Chapter 14: Quality of Service Managing Traffic Classes Traffic classes consist of a set of QoS parameters and a group of QoS flow groups. This section contains the following procedures: ❑ “Creating a Traffic Class,” next ❑ Modifying a Traffic Class on page 148 ❑ Deleting a Traffic Class on page 149 ❑ Displaying the Traffic Classes on page 150 Creating a Traffic Class To create a traffic class, perform the following procedure: 1. From the Home Page, select Configuration. 2.
AT-S62 Web Browser Interface User’s Guide Active Whether or not this traffic class is active on the switch. An active traffic class is part of a policy that is assigned to one or more switch ports. An inactive traffic class is not assigned to any policies or to policies that are not assigned to switch ports. Parent Policy ID The QoS policies to which the traffic class is assigned. Flow Group List The flow groups assigned to this traffic class. 4. To create a new traffic class, click Create.
Chapter 14: Quality of Service traffic exceeding the bandwidth is discarded. If remark is selected, the packets are forwarded after replacing the DSCP value with the new value specified in Exceed Remark Value. The default is drop. DSCP Specifies a replacement value to write into the DSCP (TOS) field of the packets. The range is 0 to 63. A new DSCP value can be set at all three levels: flow group, traffic class, and policy.
AT-S62 Web Browser Interface User’s Guide Remark Priority Replaces the user priority value in the packets with the new value specified in the Priority parameter, if set to Yes. If set to No, which is the default, the packets retain their preexisting priority level when they leave the switch. Description Specifies the traffic class description. A description can be up to 15 alphanumeric characters, including spaces.
Chapter 14: Quality of Service If you specify a new user priority value here and in Flow Group, the value in Flow Group overwrites the value here. Flow Group List The flow groups assigned to this traffic class. Use click to select more than one. 6. After you have configured the necessary parameters, click Apply. The new traffic class is created on the switch. 7. To permanently save your changes, select the Save Config menu selection.
AT-S62 Web Browser Interface User’s Guide The Modify Traffic Class page is shown in Figure 45. Figure 45 Modify Traffic Class Page 5. Configure the following parameters as necessary. For descriptions of the parameters, refer to Creating a Traffic Class on page 144. 6. Click Apply. The changes are immediately implemented in the traffic class. 7. To permanently save your changes, select the Save Config menu selection. Deleting a Traffic Class This procedure explains how to delete a traffic class.
Chapter 14: Quality of Service Displaying the Traffic Classes To display the traffic classes, perform the following procedure: 1. From the Home page, select Monitoring. 2. From the Monitoring menu, select Services. 3. Select the Traffic Class tab. The Traffic Class tab displays the currently configured flow groups in a table that contains the following columns of information: The columns in the tab are defined here: ID The ID of the traffic class. Description A description of the traffic class.
AT-S62 Web Browser Interface User’s Guide Managing Policies QoS policies consist of a collection of user-defined traffic classes. This section contains the following procedures: ❑ Creating a Policy on page 151 ❑ Modifying a Policy on page 154 ❑ Deleting a Policy on page 154 ❑ Displaying Policies on page 155 Creating a Policy To create a policy, perform the following procedure: 1. From the Home Page, select Configuration. 2. Select the Services menu selection. 3. Select the Policies tab.
Chapter 14: Quality of Service Active Whether or not this policy is active on the switch. An active policy is assigned to one or more switch ports. An inactive policy is not assigned to any switch ports. Traffic Class List The traffic classes assigned to the policy. Ingress Port List The ingress ports to which the policy is assigned. 4. Click Create. The Create Policy page is shown in Figure 47. Figure 47 Create Policy Page 5.
AT-S62 Web Browser Interface User’s Guide DSCP Value Specifies a replacement value to write into the DSCP (TOS) field of the packets. The range is 0 to 63. A new DSCP value can be set at all three levels: flow group, traffic class, and policy. A DSCP value specified in a flow group overrides a DSCP value specified at the traffic class or policy level. A DSCP value specified at the policy level is used only if no value has been specified at the flow group and traffic class levels.
Chapter 14: Quality of Service Modifying a Policy To modify a policy, perform the following procedure: 1. From the Home Page, select Configuration. 2. Select the Services menu selection. 3. Select the Policies tab. The Policies tab is shown in Figure 46 on page 151. 4. Select the policy to modify from the list and click Modify. The Modify Policy page is shown in Figure 48. Figure 48 Modify Policy Page 5. Modify the parameters as necessary.
AT-S62 Web Browser Interface User’s Guide ❑ To delete just one policy, select the policy from the list and click Delete. ❑ To delete all the policies, click Purge. Displaying Policies To display the policies, perform the following procedure: 1. From the Home Page, select Monitoring. 2. Select the Services menu selection. 3. Select the Policies tab. The Policies tab displays the existing policies in a table that contains the following columns of information: ID The ID of the policy.
Chapter 15 Class of Service This chapter contains instructions on how to configure Class of Service (CoS). This chapter contains the following procedure: ❑ Configuring CoS on page 157 ❑ Mapping CoS Priorities to Egress Queues on page 159 ❑ Configuring Egress Scheduling on page 161 ❑ Displaying the CoS Settings on page 162 ❑ Displaying QoS Queuing and Scheduling on page 163 Note For background information on CoS, refer to the AT-S62 Menus Interface User’s Guide.
AT-S62 Web Browser Interface User’s Guide Configuring CoS This procedure explains how to change the egress queue used to handle untagged ingress packets on a port. This procedure can also be used to override the priority levels in tagged ingress packets. To configure CoS, perform the following procedure: 1. From the Home Page, select Configuration. 2. From the Configuration menu, select the Services menu option. 3. Select the CoS tab. The CoS tab is shown in Figure 49. Figure 49 CoS Tab 4.
Chapter 15: Class of Service The CoS Setting for Port page is shown in Figure 50. Figure 50 CoS Setting for Port Page 6. Use the Priority list to select a value from Level 1 to Level 7 that corresponds to the egress queue where you want all untagged ingress frames received on the port to be stored. For example, if you select Level 4, all untagged packets received on the port will be stored in egress queue Q2 of the egress port. The default is Level 0, which corresponds to Q0.
AT-S62 Web Browser Interface User’s Guide Mapping CoS Priorities to Egress Queues This procedure explains how to change the default mappings of CoS priorities to egress priority queues, shown in Table 5. This is set at the switch level. Table 5 Default Mappings of IEEE 802.1p Priority Levels to Priority Queues IEEE 802.1p Priority Level Port Priority Queue 0 Q1 1 Q0 2 Q0 3 Q1 4 Q2 5 Q2 6 Q3 7 Q3 To change the mappings, perform the following procedure. 1.
Chapter 15: Class of Service The Scheduling tab is shown in Figure 51. Figure 51 Queuing and Scheduling Tab Note The Configure Egress Weights section in the tab is explained in the next procedure, Configuring Egress Scheduling on page 161. 4. In the Configure CoS Queues to Egress Queues section of the tab, click the list for a CoS priority whose queue assignment you want to change and select the new queue.
AT-S62 Web Browser Interface User’s Guide Configuring Egress Scheduling This procedure explains how to select and configure a scheduling method for QoS. Scheduling determines the order in which the ports handle packets in their egress queues. For an explanation of the two scheduling methods, refer to the AT-S62 Menus Interface User’s Guide. Scheduling is set at the switch level. You cannot set this at the port level. To change scheduling, perform the following procedure. 1.
Chapter 15: Class of Service Displaying the CoS Settings To display the CoS settings, do the following: 1. From the Home page, select Monitoring. 2. From the Monitoring menu, select the Services menu option. 3. Select the CoS tab. 4. Click the port whose CoS settings you want to view. You can select more than one port at a time. A selected port turns white. (To deselect a port, click it again.) 5. Click View. The CoS Setting for Port page is shown for the selected port.
AT-S62 Web Browser Interface User’s Guide Displaying QoS Queuing and Scheduling To display QoS queuing and scheduling, do the following: 1. From the Home page, select Monitoring. 2. From the Monitoring menu, select the Services menu option. 3. Select the Queuing & Scheduling tab. The upper section of the tab displays the CoS priority to egress queue assignments. The lower half displays the egress weight settings.
Chapter 16 IGMP Snooping This chapter describes how to configure the IGMP snooping feature on the switch. Sections in the chapter include: ❑ Configuring IGMP Snooping on page 165 ❑ Displaying a List of Host Nodes and Multicast Routers on page 168 Note For background information on IGMP snooping, refer to the AT-S62 Menus Interface User’s Guide.
AT-S62 Web Browser Interface User’s Guide Configuring IGMP Snooping To configure IGMP snooping from a web browser management session, perform the following procedure: 1. From the Home Page, select Configuration. 2. Select the Multicast menu option. The IGMP tab is shown in Figure 52. Figure 52 IGMP Tab (Configuration) 3. Adjust the IGMP parameters as necessary. The parameters are explained below: Enable IGMP Snooping Enables and disables IGMP snooping on the switch.
Chapter 16: IGMP Snooping forwards the leave request to the router and simultaneously ceases transmission of any further multicast packets out the port where the host node is connected. The Intermediate (Multi-Host) setting is appropriate if there is more than one host node connected to a switch port, such as when a port is connected to an Ethernet hub to which multiple host nodes are connected.
AT-S62 Web Browser Interface User’s Guide This parameter is useful with networks that contain a large number of multicast groups. You can use the parameter to prevent the switch’s MAC address table from filling up with multicast addresses, leaving no room for dynamic or static MAC addresses. The range is 1 address to 2048 addresses. The default is 256 multicast addresses. 4. After setting the IGMP snooping parameters, click Apply. 5. To permanently save the change, click the Save Config menu option.
Chapter 16: IGMP Snooping Displaying a List of Host Nodes and Multicast Routers You can use the AT-S62 software to display a list of the multicast groups on a switch, as well as the host nodes. You can also view the multicast routers. A multicast router is a router that is receiving multicast packets from a multicast application and transmitting the packets to host nodes. To view host nodes and multicast routers, perform the following procedure: 1. From the Home page, select Monitoring. 2.
AT-S62 Web Browser Interface User’s Guide Router IP The IP address of the port on the router.
Chapter 17 Denial of Service Defense This chapter contains instructions on how to configure the Denial of Service defense feature on the switch. The sections include: ❑ Configuring Denial of Service Attack Defense on page 171 ❑ Displaying the DoS Settings on page 174 Note For background information and guidelines on the Denial of Service defense feature, refer to the AT-S62 Menus Interface User’s Guide. Be sure to read the overview before implementing a DoS defense.
AT-S62 Web Browser Interface User’s Guide Configuring Denial of Service Attack Defense To configure the ports on the switch for a Denial of Service defense, perform the following procedure: 1. From the Home Page, select Configuration. 2. From the Configuration menu, select Security. 3. Select the DoS tab. The DoS tab is shown in Figure 53. Figure 53 DoS Tab 4. If you are implementing the SMURF or Land defense, you must provide an IP address and mask for your LAN.
Chapter 17: Denial of Service Defense b. In the DoS Subnet Mask field, enter the LAN’s mask. A binary “1” indicates the switch should filter on the corresponding bit of the IP address, while a “0” indicates that it should not. As an example, assume that the devices connected to a switch are using the IP address range 149.11.11.1 to 149.11.11.50. The mask would be 0.0.0.63. c. If you are activating the Land defense, in the DoS Uplink Port field enter the number of the port connected to the device (e.g.
AT-S62 Web Browser Interface User’s Guide 8. Adjust the settings as needed. The parameters are described below. Status Enables or disables the DoS on the selected ports. Mirror Port This option applies to Land, Tear Drop, Ping of Death, and IP Options. You can use this option to copy invalid traffic to another port on the switch. You can specify only one mirror port. Specifying a mirror port is not required. 9. Click Apply. The defense is immediately activated or deactivated on the ports. 10.
Chapter 17: Denial of Service Defense Displaying the DoS Settings To display the DoS settings, do the following: 1. From the Home page, select Monitoring. 2. From the Monitoring menu, select the Security option. 3. Select the DoS tab. The DoS tab is shown in Figure 55. Figure 55 DoS Tab (Monitoring) 4. Click the port whose DoS settings you want to view. You can select more than one port at a time. 5. Using the DoS Type list, select the type of Denial of Service defense whose settings you want to view. 6.
Chapter 18 Power Over Ethernet This chapter contains the procedures for configuring Power over Ethernet (PoE) for an AT-8524POE switch. Sections in the chapter include: ❑ Setting the PoE Threshold on page 176 ❑ Configuring PoE Port Settings on page 178 ❑ Displaying PoE Status and Settings on page 181 Note PoE only applies to the AT-8524POE switch. For background information on PoE, refer to the AT-S62 Menus Interface User’s Guide.
Chapter 18: Power Over Ethernet Setting the PoE Threshold The PoE threshold is a percentage of the total maximum PoE power on the switch, which for the AT-8524POE switch is 400 W. If the total power requirements of the powered devices exceed this threshold, the switch sends an SNMP trap to your management workstation and enters an event in the event log. At the default setting of 95%, the threshold is exceeded when the PoE devices require more than 380 W, which is 95% of 400 W. The threshold is adjustable.
AT-S62 Web Browser Interface User’s Guide The Maximum Available Power field displays the maximum amount of PoE available from the switch for the powered devices connected to its ports. This value is 400W for the AT-8524POE switch. This value cannot be changed. 4. In the Power Threshold field, enter the new threshold value as a percentage of the total available PoE power on the switch.
Chapter 18: Power Over Ethernet Configuring PoE Port Settings This procedure enables and disables PoE on a port. This procedure also sets a port’s priority level and its maximum power usage. The default setting for PoE on a port is enabled. You do not have to disable PoE on ports that are connected to non-powered devices (that is, devices that receive their power from another power source). A port connected to a network node that is not a powered device functions as a regular Ethernet port, without PoE.
AT-S62 Web Browser Interface User’s Guide The top portion of the page displays the PoE operating status of the selected ports. The columns are defined here: Port Port number. PoE Function Whether PoE is enabled or disabled on the port. The default setting is enabled. Power Consumed The amount of power in milliwatts currently consumed by the powered device connected to the port. If the port is not connected to a powered device, this value will be 0 (zero).
Chapter 18: Power Over Ethernet 8. To change the maximum amount of power the port can supply to the device, enter a new value in the Power Limit field. The value is entered in milliwatts. The default value is 15,400 mW. The range is 3,000 to 15,400 mW. 9. After you finish setting the PoE parameters, click Apply. Changes to a port’s PoE settings are immediately activated on the switch. 10. To permanently save the changes, select the Save Config menu selection.
AT-S62 Web Browser Interface User’s Guide Displaying PoE Status and Settings Use this procedure to display PoE status and settings at the switch and port level. To display PoE information, do the following: 1. From the Home Page, select Configuration. 2. Select the System menu option. 3. Select the Power Over Ethernet tab. Note The Power Over Ethernet tab appears only for AT-8524POE switches.
Chapter 18: Power Over Ethernet Power Limit The maximum amount of power allowed by the port for the device. The default is 15,400 milliwatts (15.4 W). Power Priority The port priority. This can be Critical, High, or Low. The default is Low. Power Class The IEEE 802.3af class of the device. Voltage The voltage being delivered to the powered device Current The current drawn by the powered device. Power Status Whether power is being supplied to the device.
Section III SNMPv3 Operations This section contains the following chapter: ❑ Chapter 19: SNMPv3 Protocol on page 184 183
Chapter 19 SNMPv3 Protocol This chapter provides the following procedures for configuring basic switch parameters using a web browser management session: ❑ Configuring the SNMPv3 Protocol on page 185 ❑ Enabling the SNMP Protocol on page 186 ❑ Configuring the SNMPv3 User Table on page 188 ❑ Configuring the SNMPv3 View Table on page 195 ❑ Configuring the SNMPv3 Access Table on page 201 ❑ Configuring the SNMPv3 SecurityToGroup Table on page 208 ❑ Configuring the SNMPv3 Notify Table on page 213 ❑ Configuring
AT-S62 Web Browser Interface User’s Guide Configuring the SNMPv3 Protocol To configure the SNMPv3 protocol, you need to configure the SNMPv3 tables. To enable a manager to access the SNMPv3 protocol on the switch, you need to enable the SNMP protocol.
Chapter 19: SNMPv3 Protocol Enabling the SNMP Protocol In order to allow an NMS (an SNMP manager) to access the switch, you need to enable SNMP access. In addition, to allow the switch to send a trap when it receives a request message, you need to enable authentication failure traps. This section provides a procedure to accomplish both of these tasks. To enable SNMP access and authentication failure traps, perform the following procedure. 1. From the Home Page, select Configuration. 2.
AT-S62 Web Browser Interface User’s Guide Note If the check box in the Enable SNMP Access box is empty, the switch cannot be managed through SNMP. This is the default. 5. To enable authentication failure traps to be sent on behalf of the switch, click the box next to Enable Authentication Failure Trap. 6. Click Apply to update the User Table. 7. To save your changes, select the Save Config menu selection.
Chapter 19: SNMPv3 Protocol Configuring the SNMPv3 User Table You can create, delete, and modify an SNMPv3 User Table entry. See the following procedures: ❑ Creating a User Table Entry on page 188 ❑ Deleting a User Table Entry on page 191 ❑ Modifying a User Table Entry on page 191 For reference information about the SNMPv3 User Table, refer to the AT-S62 Menus Interface User’s Guide.. Creating a User Table Entry To create an entry in the SNMPv3 User Table, perform the following procedure. 1.
AT-S62 Web Browser Interface User’s Guide 5. Click the Add button to add a new SNMPv3 User Table entry. The Add New SNMPv3 User Page is shown in Figure 60 Figure 60 Add New SNMPv3 User Page 6. In the User Name field, enter a name, or logon id, that consists of up to 32 alphanumeric characters 7. In the Authentication Protocol field, enter an authentication protocol. This is an optional parameter. Select one of the following: MD5 This value represents the MD5 authentication protocol.
Chapter 19: SNMPv3 Protocol 9. In the Confirm Authentication Password field, re-enter the authentication password. Note If you have the AT-S60 software version 2.1.0 that does not contain the encryption features, then the Privacy Protocol field is read-only field and it is set to None. Note You can only configure the Privacy Protocol if you have configured the Authentication Protocol with the MD5 or SHA values. 10.
AT-S62 Web Browser Interface User’s Guide 14. Click Apply to update the SNMPv3 User Table. 15. To save your changes, select the Save Config menu selection. Deleting a User Table Entry To delete an entry in the SNMPv3 User Table, perform the following procedure. 1. From the Home Page, select Configuration. 2. Select the Mgmt Protocols menu selection. 3. Select the SNMP Tab. The SNMP Tab is shown in Figure 58 on page 186. 4. In the SNMPv3 section of the page, click the circle next to Configure User Table.
Chapter 19: SNMPv3 Protocol The Modify SNMPv3 User Page is shown in Figure 61. Figure 61 Modify SNMPv3 User Page 6. In the Authentication Protocol field, enter an authentication protocol. This is an optional parameter. Select one of the following: MD5 This value represents the MD5 authentication protocol. With this selection, users are authenticated with the MD5 authentication protocol after a message is received. With this selection, you can configure a Privacy Protocol.
AT-S62 Web Browser Interface User’s Guide 7. In the Authentication Password field, enter an authentication password of up to 32 alphanumeric characters. 8. In the Confirm Authentication Password field, re-enter the authentication password. Note If you have the AT-S60 software version 2.1.0 that does not contain the encryption features, then the Privacy Protocol field is read-only field and it is set to None.
Chapter 19: SNMPv3 Protocol Note The Row Status parameter is a read-only field in the Web interface. The Active value indicates the SNMPv3 User Table entry takes effect immediately. 13. Click Apply to update the SNMPv3 User Table. 14. To save your changes, select the Save Config menu selection.
AT-S62 Web Browser Interface User’s Guide Configuring the SNMPv3 View Table You can create, delete, and modify an SNMPv3 View Table entry. See the following procedures: ❑ Creating a View Table Entry on page 195 ❑ Deleting a View Table Entry on page 198 ❑ Modifying a View Table Entry on page 199 For reference information about the SNMPv3 View Table, see Configuring the SNMPv3 View Table on page 195.
Chapter 19: SNMPv3 Protocol 5. To create a new SNMPv3 View Table entry click Add. The Add New SNMPv3 View Page is shown in Figure 63. Figure 63 Add New SNMPv3 View Page 6. In the View Name field, enter a descriptive name of this view. Assign a name that reflects the subtree OID, for example, “internet.” Enter a unique name of up to 32 alphanumeric characters. Note The “defaultViewAll” value is the default entry for the SNMPv1 and SNMPv2c configuration.
AT-S62 Web Browser Interface User’s Guide The View Subtree parameter defines a MIB View and the Subtree Mask further restricts a user’s view, for example, to a specific row of the MIB tree. The value of the Subnet Mask parameter is dependent on the subtree you select. See RFC 2575 for detailed information about defining a subnet mask. 9. In the View Type field, enter one of the following view types: Included Enter this value to permit the user to see the subtree specified above.
Chapter 19: SNMPv3 Protocol Deleting a View Table Entry To delete an entry in the SNMPv3 View Table, perform the following procedure. 1. From the Home Page, select Configuration. 2. Select the Mgmt Protocols menu selection. 3. Select the SNMP Tab. The SNMP Tab is shown in Figure 58 on page 186. 4. In the SNMPv3 section of the page, click the circle next to Configure View Table. Then click Configure. 5. The SNMPv3 View Table Page is shown in Figure 62 on page 195. 6.
AT-S62 Web Browser Interface User’s Guide Modifying a View Table Entry To modify an entry in the SNMPv3 View Table, perform the following procedure. 1. From the Home Page, select Configuration. 2. Select the Mgmt Protocols menu selection. 3. Select the SNMP Tab. The SNMP Tab is shown in Figure 58 on page 186. 4. In the SNMPv3 section of the page, click the circle next to Configure View Table. Then click Configure at the bottom of the page. The SNMPv3 View Table Page is shown in Figure 62 on page 195. 5.
Chapter 19: SNMPv3 Protocol 7. In the View Type field, enter one of the following view types: Included Enter this value to permit the View Name to see the subtree specified above. Excluded Enter this value to not permit the View Name to see the subtree specified above. 8. In the Storage Type field, enter a storage type for this table entry: Volatile Select this storage type if you do not want the ability to save an entry in the Target Parameters Table to the configuration file.
AT-S62 Web Browser Interface User’s Guide Configuring the SNMPv3 Access Table You can create, delete, and modify an SNMPv3 Access Table entry. See the following procedures: ❑ Creating an Access Table on page 201 ❑ Deleting an Access Table Entry on page 204 ❑ Modifying an Access Table Entry on page 206 For reference information about the SNMPv3 Access Table, see Configuring the SNMPv3 Access Table on page 201.
Chapter 19: SNMPv3 Protocol 5. To create an SNMPv3 Access Table entry, click Add. The Add New SNMPv3 Access Page is shown in Figure 66. Figure 66 Add New SNMPv3 Access Page 6. In the Group Name field, enter a descriptive name of the group. The Group Name can consist of up to 32 alphanumeric characters. You are not required to enter a unique value here because the SNMPv3 Access Table entry is indexed with the Group Name, Security Model, and Security Level parameter values.
AT-S62 Web Browser Interface User’s Guide This parameter allows the users assigned to this Group Name to view the information specified by the View Table entry. This value does not need to be unique. 8. In the Write View Name field, enter a value that you configured with the View Name parameter in the SNMPv3 View Table. This parameter allows the users assigned to this Security Group to write, or modify, the information in the specified View Table. This value does not need to be unique. 9.
Chapter 19: SNMPv3 Protocol SNMP users, but you do not want to encrypt messages using a privacy protocol.You can select this value if you configured the Security Model parameter with the SNMPv3 protocol. Privacy This option represents authentication and the privacy protocol. Select this security level to allow authentication and encryption. This level provides the greatest level of security. You can select this value if you configured the Security Model parameter with the SNMPv3 protocol.
AT-S62 Web Browser Interface User’s Guide 4. In the SNMPv3 section of the page, click the circle next to Configure Access Table. Then click Configure at the bottom of the page. The SNMPv3 Access Table Page is shown in Figure 65 on page 201. 5. Display the Access Table entry that you want to delete. Click Next or Previous to display an entry. 6. Click Remove. A warning message is displayed. Click OK to remove the Access Table entry. 7. To save your changes, select the Save Config menu selection.
Chapter 19: SNMPv3 Protocol Modifying an Access Table Entry To modify an entry in the SNMPv3 Access Table, perform the following procedure. 1. From the Home Page, select Configuration. 2. Select the Mgmt Protocols menu selection. 3. Select the SNMP Tab. The SNMP Tab is shown in Figure 58 on page 186. 4. In the SNMPv3 section of the page, click the circle next to Configure Access Table. Then click Configure at the bottom of the page. The SNMPv3 Access Table Page is shown in Figure 65 on page 201. 5.
AT-S62 Web Browser Interface User’s Guide 8. In the Write View Name field, enter a value that you configured with the View Name parameter in the View Table. This parameter allows the users assigned to this Security Group to write, or modify, the information in the specified View Table. This value does not need to be unique. 9. In the Notify View Name field, enter a value that you configured with the View Name parameter in the View Table.
Chapter 19: SNMPv3 Protocol Configuring the SNMPv3 SecurityToGroup Table You can create, delete, and modify an SNMPv3 SecurityToGroup Table entry. See the following procedures: ❑ Creating a SecurityToGroup Table Entry on page 208 ❑ Deleting a SecurityToGroup Table Entry on page 210 ❑ Modifying a SecurityToGroup Table Entry on page 211 For reference information about the SNMPv3Configuring the SNMPv3 SecurityToGroup Table on page 208.
AT-S62 Web Browser Interface User’s Guide 5. To create an SNMPv3 SecurityToGroup Table entry, click Add. The Add New SNMPv3 SecurityToGroup Page is shown in Figure 69. Figure 69 Add New SNMPv3 SecurityToGroup Page 6. In the Security Model field, select the SNMP protocol that was configured for this User Name. Choose from the following: v1 Select this value to associate the User Name with the SNMPv1 protocol. v2c Select this value to associate the User Name with the SNMPv2c protocol.
Chapter 19: SNMPv3 Protocol There are four default values for this field that are reserved for SNMPv1 and SNMPv2c implementations: ❑ defaultV1GroupReadOnly ❑ defaultV1GroupReadWrite ❑ defaultV2cGroupReadOnly ❑ defaultV2cGroupReadWrite 9. In the Storage Type field, select one of the following storage types for this table entry: Volatile Select this storage type if you do not want the ability to save an entry in the SecurityToGroup Table to the configuration file.
AT-S62 Web Browser Interface User’s Guide 5. Click the circle next to the SecurityToGroup Table entry that you want to delete. Then click Remove. A warning message is displayed. Click OK to remove the SNMPv3 SecurityToGroup Table entry. 6. To save your changes, select the Save Config menu selection. Modifying a SecurityToGroup Table Entry To modify an entry SNMPv3 SecurityToGroup Table, perform the following procedure. 1. From the Home Page, select Configuration. 2.
Chapter 19: SNMPv3 Protocol ❑ defaultV1GroupReadOnly ❑ defaultV1GroupReadWrite ❑ defaultV2cGroupReadOnly ❑ defaultV2cGroupReadWrite 7. In the Storage Type field, select one of the following storage types for this table entry: Volatile Select this storage type if you do not want the ability to save an entry in the SecurityToGroup Table to the configuration file. After making changes to a SecurityToGroup Table entry with a Volatile storage type, the Save Config menu selection does not appear.
AT-S62 Web Browser Interface User’s Guide Configuring the SNMPv3 Notify Table You can create, delete, and modify an SNMPv3 Notify Table entry. See the following procedures: ❑ Creating a Notify Table Entry on page 213 ❑ Deleting a Notify Table Entry on page 215 ❑ Modifying a Notify Table Entry on page 216 For reference information about the SNMPv3 Notify Table, see Configuring the SNMPv3 Notify Table on page 213.
Chapter 19: SNMPv3 Protocol 5. To create an SNMPv3 Notify Table entry, click Add. The Add New SNMPv3 Notify Page is shown in Figure 72. Figure 72 Add New SNMPv3 Notify Page 6. In the Notify Name field, enter the name associated with this trap message. Enter a descriptive name of up to 32 alphanumeric characters. For example, you might want to define a trap message for hardware engineering and enter a value of “hardwareengineeringtrap” for the Notify Name. 7.
AT-S62 Web Browser Interface User’s Guide NonVolatile Select this storage type if you want the ability to save an entry in the Notify Table to the configuration file. After making changes to a Notify Table entry with a NonVolatile storage type, the Save Config menu selection appears. Note The Row Status parameter is a read-only field in the Web interface. The Active value indicates the SNMPv3 Notify Table entry takes effect immediately. 10. Click Apply to update the SNMPv3 Notify Table. 11.
Chapter 19: SNMPv3 Protocol Modifying a Notify Table Entry To modify an entry in the SNMPv3 Notify Table, perform the following procedure. 1. From the Home Page, select Configuration. 2. Select the Mgmt Protocols menu selection. 3. Select the SNMP Tab. The SNMP Tab is shown in Figure 58 on page 186. 4. In the SNMPv3 section of the page, click the circle next to Configure Notify Table. Then click Configure at the bottom of the page. The SNMPv3 Notify Table Page is shown in Figure 71 on page 213. 5.
AT-S62 Web Browser Interface User’s Guide 8. In the Storage Type field, select one of the following storage types for this table entry: Volatile Select this storage type if you do not want the ability to save an entry in the Notify Table to the configuration file. After making changes to an Notify Table entry with a Volatile storage type, the Save Config menu selection does not appear.
Chapter 19: SNMPv3 Protocol Configuring the SNMPv3 Target Address Table You can create, delete, and modify an SNMPv3 Target Address Table entry. See the following procedures: ❑ Creating a Target Address Table Entry on page 218 ❑ Deleting a Target Address Table Entry on page 221 ❑ Modifying Target Address Table Entry on page 222 For reference information about the SNMPv3 Target Address Table, see Configuring the SNMPv3 Target Address Table on page 218.
AT-S62 Web Browser Interface User’s Guide The SNMPv3 Target Address Table Page is shown in Figure 74. Figure 74 SNMPv3 Target Address Table Page 5. To create an SNMPv3 Target Address Table entry, click Add. The Add New SNMPv3 Target Address Table Page is shown in Figure 75.
Chapter 19: SNMPv3 Protocol 6. In the Target Address Name field, enter the name of the SNMP manager, or host, that manages the SNMP activity on your switch. You can enter a name of up to 32 alphanumeric characters. 7. In the IP Address field, enter the IP address of the host. Use the following format for an IP address: XXX.XXX.XXX.XXX 8. In the UDP Port Number field, enter a UDP port number. You can enter a UDP port in the range of 0 to 65,535. The default UDP port is 162. 9.
AT-S62 Web Browser Interface User’s Guide NonVolatile Select this storage type if you want the ability to save an entry in the Target Address Table to the configuration file. After making changes to a Target Address Table entry with a NonVolatile storage type, the Save Config menu selection appears. Note The Row Status parameter is a read-only field in the Web interface. The Active value indicates the SNMPv3 Target Address Table entry takes effect immediately. 14.
Chapter 19: SNMPv3 Protocol Modifying Target Address Table Entry To modify an entry in the SNMPv3 Target Address Table, perform the following procedure. 1. FFrom the Home Page, select Configuration. 2. Select the Mgmt Protocols menu selection. 3. Select the SNMP Tab. The SNMP Tab is shown in Figure 58 on page 186. 4. In the SNMPv3 section of the page, click the circle next to Configure Target Address Table. Then click Configure at the bottom of the page.
AT-S62 Web Browser Interface User’s Guide You can enter a UDP port in the range of 0 to 65,535. The default UDP port is 162. 9. In the Timeout field, enter a timeout value in milliseconds. When an Inform message is generated, it requires a response from the switch. The timeout value determines how long the switch considers the Inform message an active message. This parameter applies to Inform messages only. The range is from 0 to 2,147,483,647 milliseconds. The default value is 1500 milliseconds. 10.
Chapter 19: SNMPv3 Protocol Configuring the SNMPv3 Target Parameters Table You can create, delete, and modify an SNMPv3 Target Parameters Table entry. See the following procedures: ❑ Creating a Target Address Table Entry on page 218 ❑ Deleting a Target Address Table Entry on page 221 ❑ Modifying Target Address Table Entry on page 222 For reference information about the SNMPv3 Target Parameters Table, see Configuring the SNMPv3 Target Parameters Table on page 224.
AT-S62 Web Browser Interface User’s Guide 5. To create an SNMPv3 Target Parameters Table entry, click Add. The Add New SNMPv3 Target Parameter Table Page is shown in Figure 78. Figure 78 Add New SNMPv3 Target Parameters Table Page 6. In the Target Parameters Name field, enter a name of the SNMP manager or host. Enter a value of up to 32 alphanumeric characters. Note Enter a value for the Message Processing Model parameter only if you select SNMPv1 or SNMPv2c as the Security Model.
Chapter 19: SNMPv3 Protocol 8. In the Security Model field, select one of the following SNMP protocols as the Security Model for this Security Name, or User Name. v1 Select this value to associate the Security Name, or User Name, with the SNMPv1 protocol. v2c Select this value to associate the Security Name, or User Name, with the SNMPv2c protocol. v3 Select this value to associate the Security Name, or User Name, with the SNMPv3 protocol. 9.
AT-S62 Web Browser Interface User’s Guide This level provides the greatest level of security. You can select this value if you configured the Security Model parameter with the SNMPv3 protocol. 11. In the Storage Type parameter, select one of the following storage types for this table entry: Volatile Select this storage type if you do not want the ability to save an entry in the Target Parameters Table to the configuration file.
Chapter 19: SNMPv3 Protocol A warning message is displayed. Click OK to remove the Target Parameters Table entry. 6. To save your changes, select the Save Config menu selection. Modifying a Target Parameters Table Entry To modify an SNMPv3 Target Parameters Table entry, perform the following procedure. 1. From the Home Page, select Configuration. 2. Select the Mgmt Protocols menu selection. 3. Select the SNMP Tab. The SNMP Tab is shown in Figure 58 on page 186. 4.
AT-S62 Web Browser Interface User’s Guide Note Enter a value for the Message Processing Model field only if you select SNMPv1 or SNMPv2c as the Security Model. If you select the SNMPv3 protocol as the Security Model, then the switch automatically assigns the Message Processing Model to SNMPv3. 6. In the Message Processing Model field, enter a Security Model that is used to process messages. Select one of the following SNMP protocols: v1 Select this value to process messages with the SNMPv1 protocol.
Chapter 19: SNMPv3 Protocol Note If you have selected SNMPv1 or SNMPv2c as the Security Model, you must select No Authentication/Privacy as the Security Level. Authentication This option represents authentication, but no privacy protocol. Select this security level if you want to authenticate SNMP users, but you do not want to encrypt messages using a privacy protocol.You can select this value if you configured the Security Model parameter with the SNMPv3 protocol.
AT-S62 Web Browser Interface User’s Guide Configuring the SNMPv3 Community Table You can create, delete, and modify an SNMPv3 Community Table entry. See the following procedures: ❑ Creating an SNMPv3 Community Table Entry on page 231 ❑ Deleting an SNMPv3 Community Table Entry on page 234 ❑ Modifying an SNMPv3 Community Table Entry on page 235 For reference information about the SNMPv3 Community Table, see Configuring the SNMPv3 Community Table on page 231.
Chapter 19: SNMPv3 Protocol Figure 80 SNMPv3 Community Table Page 5. To create an SNMPv3 Community Table entry, click Add. The Add New SNMPv3 Community Table Page is shown in Figure 81.
AT-S62 Web Browser Interface User’s Guide 6. In the Community Index field, enter a numerical value for this Community. This parameter is used to index the other parameters in an SNMPv3 Community Table entry. Enter a value of up to 32alphanumeric characters. 7. In the Community Name field, enter a Community Name of up to 64-alphanumeric characters. The value of the Community Name parameter acts as a password for the SNMPv3 Community Table entry. This parameter is case sensitive.
Chapter 19: SNMPv3 Protocol making changes to an SNMPv3 Community Table entry with a NonVolatile storage type, the Save Config menu selection appears. Note The Row Status parameter is a read-only field in the Web interface. The Active value indicates the SNMPv3 Community Table entry takes effect immediately. 11. Click Apply to update the SNMPv3 Community Table. 12. To save your changes, select the Save Config menu selection.
AT-S62 Web Browser Interface User’s Guide Modifying an SNMPv3 Community Table Entry To modify an entry in the SNMPv3 Community Table, perform the following procedure. 1. From the Home Page, select Configuration. 2. Select the Mgmt Protocols menu selection. 3. Select the SNMP Tab. The SNMP Tab is shown in Figure 58 on page 186. 4. In the SNMPv3 section of the page, click the circle next to Configure Community Table. Then click Configure at the bottom of the page.
Chapter 19: SNMPv3 Protocol This name must be unique. Enter a value of up to 32 alphanumeric characters. Note Do not use a value configured with the User Name parameter in the SNMPv3 User Table. 8. In the Transport Tag field, enter a name of up to 32 alphanumeric characters. The Transport Tag parameter links an SNMPv3 Community Table entry with an SNMPv3 Target Address Table entry. Add the value you configure for the Transport Tag parameter to the Tag List parameter in the Target Address Table as desired.
AT-S62 Web Browser Interface User’s Guide Displaying SNMPv3 Tables This section contains procedures to display the SNMPv3 Tables.
Chapter 19: SNMPv3 Protocol Displaying User Table Entries To display entries in the SNMPv3 User Table, perform the following procedure. 1. From the Home Page, select Monitoring. 2. Select the Mgmt Protocols menu selection. 3. Select the SNMP Tab. 4. From the SNMP Monitoring Tab, click the circle next to View User Table. 5. Click View at the bottom of the page. The Monitoring, SNMPv3 User Table Page is shown in Figure 83.
AT-S62 Web Browser Interface User’s Guide Displaying View Table Entries To display entries in the SNMPv3 View Table, perform the following procedure. 1. From the Home Page, select Monitoring. 2. Select the Mgmt Protocols menu selection. 3. Select the SNMP Tab. 4. From the SNMP Monitoring Tab, click the circle next to View View Table. 5. Click View at the bottom of the page. The Monitoring, SNMPv3 View Table Page is shown in Figure 84.
Chapter 19: SNMPv3 Protocol Displaying Access Table Entries To display entries in the SNMPv3 Access Table, perform the following procedure. 1. From the Home Page, select Monitoring. 2. Select the Mgmt Protocols menu selection. 3. Select the SNMP Tab. 4. From the SNMP Monitoring Tab, click the circle next to View Access Table. 5. Click View at the bottom of the page. The Monitoring, SNMPv3 Access Table Page is shown in Figure 85.
AT-S62 Web Browser Interface User’s Guide Displaying SecurityToGroup Table Entries To display entries in the SNMPv3 SecurityToGroup Table, perform the following procedure. 1. From the Home Page, select Monitoring. 2. Select the Mgmt Protocols menu selection. 3. Select the SNMP Tab. 4. From the SNMP Monitoring Tab, click the circle next to the View SecurityToGroup Table. 5. Click View at the bottom of the page. The Monitoring, SNMPv3 SecurityToGroup Table Page is shown in Figure 86.
Chapter 19: SNMPv3 Protocol Displaying Notify Table Entries To display entries in the SNMPv3 Notify Table, perform the following procedure. 1. From the Home Page, select Monitoring. 2. Select the Mgmt Protocols menu selection. 3. Select the SNMP Tab. 4. From the SNMP Monitoring Tab, click the circle next to View Notify Table. 5. Click View at the bottom of the page. The Monitoring, SNMPv3 Notify Table Page is shown in Figure 87.
AT-S62 Web Browser Interface User’s Guide Displaying Target Address Table Entries To display entries in the SNMPv3 Target Address Table, perform the following procedure. 1. From the Home Page, select Monitoring. 2. Select the Mgmt Protocols menu selection. 3. Select the SNMP Tab. 4. From the SNMP Monitoring Tab, click the circle next to View Target Address Table. 5. Click View at the bottom of the page. The Monitoring, SNMPv3 Target Address Table Page is shown in Figure 88.
Chapter 19: SNMPv3 Protocol Displaying Target Parameters Table Entries To display entries in the SNMPv3 Target Parameters Table, perform the following procedure. 1. From the Home Page, select Monitoring. 2. Select the Mgmt Protocols menu selection. 3. Select the SNMP Tab. 4. From the SNMP Monitoring Tab, click the circle next to the View Target Parameters Table. 5. Click View at the bottom of the page. The Monitoring, SNMPv3 Target Parameters Table Page is shown in Figure 88.
AT-S62 Web Browser Interface User’s Guide Displaying SNMPv3 Community Table Entries To display entries in the SNMPv3 Community Table, perform the following procedure. 1. From the Home Page, select Monitoring. 2. Select the Mgmt Protocols menu selection. 3. Select the SNMP Tab. 4. From the SNMP Monitoring Tab, click the circle next to the View Community Table. 5. Click View at the bottom of the page. The Monitoring, SNMPv3 Community Table Page is shown in Figure 90.
Section IV Spanning Tree Protocols The chapter in this section explain the spanning tree protocols: ❑ Chapter 20: STP, RSTP, and MSTP on page 247 246
Chapter 20 STP, RSTP, and MSTP This chapter explains how to configure the STP, RSTP and MSTP parameters on an AT-8500 Series switch from a web browser management session. Sections in the chapter include: ❑ Enabling or Disabling Spanning Tree on page 248 ❑ Configuring STP on page 249 ❑ Configuring RSTP on page 254 ❑ Configuring MSTP on page 258 ❑ Displaying Spanning Tree Settings on page 268 Note For background information on STP, RSTP, and MSTP, refer to the AT-S62 Menus Interface User’s Guide.
Chapter 20: STP, RSTP, and MSTP Enabling or Disabling Spanning Tree To enable or disable spanning tree on the switch, do the following: 1. From the Home page, select Configuration. 2. From the Configuration menu, select Layer 2. 3. Select the Spanning Tree tab. The Spanning Tree tab is shown in Figure 91. Figure 91 Spanning Tree Tab (Configuration) 4. To select an active spanning tree for the switch, click either STP, RSTP, or MSTP for the Active Protocol Version parameter.
AT-S62 Web Browser Interface User’s Guide Configuring STP Caution The bridge provides default STP parameters that are adequate for most networks. Changing them without prior experience and an understanding of how STP works might have a negative effect on your network. You should consult the IEEE 802.1d standard before changing any of the STP parameters. This procedure assumes that you have already designated STP as the active spanning tree on the switch.
Chapter 20: STP, RSTP, and MSTP 2. Adjust the STP bridge settings as needed. The parameters are described below. Bridge Priority The priority number for the bridge. This number is used in determining the root bridge for RSTP. The bridge with the lowest priority number is selected as the root bridge. If two or more bridges have the same priority value, the bridge with the numerically lowest MAC address becomes the root bridge.
AT-S62 Web Browser Interface User’s Guide Bridge Max Age The length of time after which stored bridge protocol data units (BPDUs) are deleted by the bridge. All bridges in a bridged LAN use this aging time to test the age of stored configuration messages called bridge protocol data units (BPDUs). For example, if you use the default value 20, all bridges delete current configuration messages after 20 seconds. This parameter can be from 6 to 40 seconds.
Chapter 20: STP, RSTP, and MSTP port priority is 0 to 240. As with bridge priority, this range is broken into increments, in this case multiples of 16. To select a port priority for a port, you enter the increment of the desired value. Table 7 lists the values and increments. The default value is 128, which is increment 8.
AT-S62 Web Browser Interface User’s Guide Table 9 lists the STP port costs with Auto-Detect when a port is part of a port trunk. Table 9 STP Auto-Detect Port Trunk Costs Port Speed Port Cost 10 Mbps 4 100 Mbps 4 1000 Mbps 2 6. After configuring the parameters, click Apply. 7. To permanently save the change, use the Save Changes button in the General tab. For directions, refer to Saving Your Parameter Changes on page 23.
Chapter 20: STP, RSTP, and MSTP Configuring RSTP Caution The bridge provides default RSTP parameters that are adequate for most networks. Changing them without prior experience and an understanding of how RSTP works might have a negative effect on your network. You should consult the IEEE 802.1w standard before changing any of the RSTP parameters. This procedure assumes that you have already designated RSTP as the active spanning tree on the switch.
AT-S62 Web Browser Interface User’s Guide 2. Adjust the parameters are desired. The parameters are defined below. 1 - Force Version This selection determines whether the bridge will operate with RSTP or in an STP-compatible mode. If you select RSTP, the bridge operates all ports in RSTP, except for those ports that receive STP BPDU packets. If you select Force STP Compatible, the bridge operates in RSTP, using the RSTP parameter settings, but it sends only STP BPDU packets out the ports.
Chapter 20: STP, RSTP, and MSTP 6 - Bridge Identifier The MAC address of the bridge. The bridge identifier is used as a tie breaker in the selection of the root bridge when two or more bridges have the same bridge priority value. This value cannot be changed. 3. After you have made your changes, click Apply. 4. To adjust RSTP port settings, click on the port in the switch image and click Modify. You can select more than one port at a time. The RSTP Port Settings window is shown in Figure 95.
AT-S62 Web Browser Interface User’s Guide Table 10 RSTP Auto-Detect Port Costs Port Speed Port Cost 100 Mbps 200,000 1000 Mbps 20,000 Table 11 lists the RSTP port costs with Auto-Detect when the port is part of a port trunk. Table 11 RSTP Auto-Detect Port Trunk Costs Port Speed Port Cost 10 Mbps 20,000 100 Mbps 20,000 1000 Mbps 2,000 3 - Point-to-Point This parameter defines whether the port is functioning as a pointto-point port.
Chapter 20: STP, RSTP, and MSTP Configuring MSTP This section is divided into the following procedures: ❑ Configuring MSTP and CIST Parameters on page 258 ❑ Associating VLANs to MSTIs on page 261 ❑ Configuring MSTP Port Parameters on page 264 This procedure assumes that you have already designated MSTP as the active spanning tree on the switch. For instructions, refer to Enabling or Disabling Spanning Tree on page 248.
AT-S62 Web Browser Interface User’s Guide The MSTP Spanning Tree tab is shown in Figure 96. Figure 96 MSTP Spanning Tree Tab Note This procedure explains the Configure MSTP Parameters and Configure CIST Parameters sections of the web page. The CIST/MSTI Table is explained in Associating VLANs to MSTIs on page 261. The graphic image of the switch is described in Configuring MSTP Port Parameters on page 264.
Chapter 20: STP, RSTP, and MSTP 5. Adjust the bridge MSTP settings as needed. The parameters are described below. Force Version This selection determines whether the bridge will operate with MSTP or in an STP-compatible mode. If you select MSTP, the bridge operates all ports in MSTP, except those ports that receive STP or RSTP BPDU packets. If you select Force STP Compatible, the bridge uses its MSTP parameter settings, but sends only STP BPDU packets from the ports. The default is MSTP.
AT-S62 Web Browser Interface User’s Guide ❑ MaxAge must be less than (2 x (ForwardingDelay - 1)) Bridge Max Hops MSTP regions use this parameter to discard BPDUs. The Max Hop counter in a BPDU is decremented every time the BPDU crosses an MSTP region boundary. Once the counter reaches zero, the BPDU is deleted. Revision Level The revision level of an MSTP region. This is an arbitrary number that you assign to a region. The revision level must be the same on all bridges in a region.
Chapter 20: STP, RSTP, and MSTP 2. To create or delete an MSTI ID and to associate VLANs to MSTIs, do the following: a. In the CIST/MSTI Table section of the menu, click Add. The Add New MSTI window is shown in Figure 97. Figure 97 Add New MSTI Window b. In the MSTI ID field, enter a new MSTI ID. The range is 1 to 15. c. In the Priority field, enter a MSTI Priority value. This parameter is used in selecting a regional root for the MSTI.
AT-S62 Web Browser Interface User’s Guide The Modify MSTI window is shown in Figure 98. Figure 98 Modify MSTI Window c. In the Priority field, enter a new MSTI Priority value. This parameter is used in selecting a regional root for the MSTI. The range is 0 (zero) to 61,440 in increments of 4,096, with 0 being the highest priority. The default is 0.There are sixteen increments. You specify the increment representing the desired bridge priority value. The increments are shown in Table 6 on page 250. d.
Chapter 20: STP, RSTP, and MSTP Configuring MSTP Port Parameters To configure MSTP port parameters, perform the following procedure: 1. Perform Steps 1 through 4 in the procedure Configuring MSTP and CIST Parameters on page 258 to display the Spanning Tree Expanded Web Page for MSTP. 2. In the diagram of the switch at the bottom of the MSTP Spanning Tree Expanded Web Page, click the port you want to configure. You can select more than one port at a time. A selected port turns white. 3. Click Configure.
AT-S62 Web Browser Interface User’s Guide An MSTI-specific parameter can be set on a per MSTI basis. This means that you can assign different values to a port’s MSTIspecific parameters for each spanning tree instance where the port is a member. These parameters are: ❑ Internal path cost ❑ Port priority When setting an MSTI-specific parameter, use the MSTI List in the window to select the intended MSTI.
Chapter 20: STP, RSTP, and MSTP Table 11 lists the MSTP port costs with Auto Update when the port is part of a port trunk. Table 13 MSTP Auto Update Port Trunk Internal Path Costs Port Speed Port Cost 10 Mbps 20,000 100 Mbps 20,000 1000 Mbps 2,000 This is also an MSTI-specific parameter. Like the priority parameter, you can, using the MSTI List, assign a different internal path cost for each MSTI where the port is a member.
AT-S62 Web Browser Interface User’s Guide Table 15 lists the MSTP port costs with the Auto setting when the port is part of a port trunk. Table 15 MSTP Auto External Path Trunk Costs Port Speed Port Cost 10 Mbps 20,000 100 Mbps 20,000 1000 Mbps 2,000 5. After adjusting the parameters, click Apply. 6. To permanently save the changes, select the Save Config menu selection. 7. Repeat this procedure to configure MSTP parameters for other switch ports.
Chapter 20: STP, RSTP, and MSTP Displaying Spanning Tree Settings To display the parameter settings for the active spanning tree, perform the following procedure: 1. From the Home page, select Monitoring. 2. From the Monitoring menu, select Layer 2. 3. Select the Spanning Tree tab. The Spanning Tree tab is shown in Figure 100. Figure 100 Spanning Tree Tab (Monitoring) This tab displays information on whether spanning tree is enable or disabled and which protocol version is active. 4. Click View. 5.
Section V Virtual LANs The chapters in this section explain virtual LANs (VLANs).
Chapter 21 Virtual LANs This chapter explains how to create, modify, and delete port-based and tagged VLANs from a web browser management session. This chapter also explains how to select a multiple VLAN mode.
AT-S62 Web Browser Interface User’s Guide Creating a New Port-based or Tagged VLAN To create a new port-based or tagged VLAN, perform the procedure below: 1. From the Home Page, select Configuration. 2. Select the Layer 2 menu selection. 3. Select the VLAN tab. The VLAN tab is shown in Figure 101. Figure 101 VLAN Tab (Configuration) Note The tab will not include the Modify and Remove buttons if the only VLAN on the switch is the Default_VLAN.
Chapter 21: Virtual LANs This tab displays the VLANs on the switch. The columns in the tab are defined below: VLAN ID The VID number assigned to the VLAN. (Client) Name The name of the VLAN. Uplink Port This column contains “NA,” meaning Not Applicable, for tagged and port-based VLANs. For a protected ports VLAN, this column contains the uplink port(s) for the port groups. A tagged uplink port is designated with a “T” and an untagged uplink port has a “U.
AT-S62 Web Browser Interface User’s Guide 5. Select the VID field and enter a VID value for the new VLAN. The range of the VID value is 2 to 4096. The default is the next available VID number on the switch. If this VLAN will be unique in your network, then its VID should also be unique. If this VLAN will be part of a larger VLAN that spans multiple switches, than the VID value for the VLAN should be the same on each switch.
Chapter 21: Virtual LANs 8. To select the ports for the VLAN, click the ports in the switch image. Clicking repeatedly on a port toggles it through the following possible settings: Untagged port Tagged port Port not a member of the VLAN 9. Click Apply. Note Any untagged ports you assign to the new VLAN are automatically removed from their current untagged VLAN assignment. The new user-configured VLAN is now ready for network operations. 10.
AT-S62 Web Browser Interface User’s Guide Modifying a Port-based or Tagged VLAN This procedure explains how to add or remove ports from a port-based or tagged VLAN. When modifying a VLAN, note the following: ❑ You cannot change the VID of a VLAN. ❑ You cannot change the name of a VLAN from a web browser management session; you can from a local, Telnet, or SSH session. ❑ You cannot modify VLANs when the switch is operating in one of the multiple VLAN modes.
Chapter 21: Virtual LANs The modified VLAN is now ready for network operations. 8. To permanently save the change, select the Save Config menu selection.
AT-S62 Web Browser Interface User’s Guide Deleting a Port-based or Tagged VLAN To delete a port-based or tagged VLAN from the switch, perform the following procedure: 1. From the Home Page, select Configuration. 2. Select the Layer 2 menu selection. 3. Select the VLAN tab. The VLAN tab is shown in Figure 101 on page 271. 4. Click the button next to the name of the VLAN you want to delete. You cannot delete the Default_VLAN. 5. Click Remove. A confirmation prompt is displayed. 6.
Chapter 21: Virtual LANs Displaying VLANs To display the current VLANs on a switch, perform the following procedure: 1. From the Home page, select Monitoring. 2. Select the Layer 2 menu selection. 3. Select the VLAN tab. The columns in the tab are defined below. VLAN ID The VID number assigned to the VLAN. (Client) Name The name of the VLAN.
AT-S62 Web Browser Interface User’s Guide Selecting a VLAN Mode The AT-S62 management software features three VLAN modes: ❑ Port-based and tagged VLAN Mode (default mode) ❑ IEEE 802.1Q-compliant Multiple VLAN Mode ❑ Non-IEEE 802.1Q compliant Multiple VLAN Mode For background information on port-based and tagged VLANs and the multiple VLAN modes, refer to the AT-S62 Menus Interface User’s Guide.
Chapter 21: Virtual LANs Specifying a Management VLAN The management VLAN is the VLAN through which an AT-8500 Series switch expects to receive management packets. This VLAN is important if you will be managing a switch remotely or using the enhanced stacking feature of the switch. Management packets are packets generated by a management workstation when you remotely manage a switch using Telnet, SSH, or a web browser.
AT-S62 Web Browser Interface User’s Guide Now let’s assume that you decide to create a VLAN called NMS with a VID of 24 for the sole purpose of remote Telnet, SSH, and web browser network management of your switches. For this, you would need to create the NMS VLAN on each AT-8500 Series switch that you want to manage remotely, being sure to assign each NMS VLAN the VID of 24.
Chapter 22 GARP VLAN Registration Protocol This chapter explains how to configure GVRP on the switch. The procedures include: ❑ Configuring GVRP on page 283 ❑ Enabling or Disabling GVRP on a Port on page 285 ❑ Displaying the GVRP Settings on page 286 Note For background information and guidelines on GVRP, refer to the AT-S62 Menus Interface User’s Guide.
AT-S62 Web Browser Interface User’s Guide Configuring GVRP To configure the GVRP parameters, perform the following procedure: 1. From the Home Page, select Configuration. 2. Select the Layer 2 menu selection. 3. Select the GVRP tab. The GVRP tab is shown in Figure 103. Figure 103 GVRP Tab (Configuring) The GVRP tab is not shown if MSTP is enabled on the switch. The Default button returns all GVRP parameter settings to their default values. 4.
Chapter 22: GARP VLAN Registration Protocol Join Time Sets the duration of the Join Period timer. The range is from 10 to 60 centiseconds and the default is 20. If you change this timer, it must in relation to the GVRP Leave Timer according to the following equation: Join Timer <= 2 x (GVRP Leave Timer) Enable GIP Enables the operation of GIP. If enabled, attribute registrations and de-registrations processed on a port are propagated to other ports in the GIP-connected ring.
AT-S62 Web Browser Interface User’s Guide Enabling or Disabling GVRP on a Port This procedure enables and disables GVRP on a switch port. The default setting for GVRP on a port is enabled. Only those ports where GVRP is enabled transmit PDUs. Note Allied Telesyn recommends disabling GVRP on unused ports and those ports that are connected to GVRP-inactive devices. This will protect against unauthorized access to restricted areas of your network. 1. From the Home Page, select Configuration. 2.
Chapter 22: GARP VLAN Registration Protocol Displaying the GVRP Settings To view the GVRP settings, perform the following procedure: 1. From the Home page, select Monitoring. 2. Select the Layer 2 option. 3. Select the GVRP tab. For definitions of the GVRP parameters, refer to Configuring GVRP on page 283. 4. To view GVRP switch and port configuration information, select one of the following and click View: View Port Configuration Displays the status of GVRP on each port.
Chapter 23 Protected Ports VLANs This chapter explains how to create, modify, and delete a protected ports VLAN using a web browser management session. This chapter contains the following sections: ❑ Deleting a Protected Ports VLAN on page 288 ❑ Displaying a Protected Ports VLAN on page 289 Note For background information on protected ports VLANs, refer to the AT-S62 Menus Interface User’s Guide. Note You cannot create or modify protected ports VLANs from the web browser interface.
Chapter 23: Protected Ports VLANs Deleting a Protected Ports VLAN To delete a protected ports VLAN from the switch, perform the following procedure: 1. From the Home Page, select Configuration. 2. Select the Layer 2 menu selection. 3. Select the VLAN tab. 4. Click the button next to the name of the protected ports VLAN you want to delete. You cannot delete the Default_VLAN. 5. Click Remove. A confirmation prompt is displayed. 6. Click OK to delete the VLAN or Cancel to cancel the procedure.
AT-S62 Web Browser Interface User’s Guide Displaying a Protected Ports VLAN To display the details of a protected port VLAN, perform the following procedure: 1. From the Home page, select Monitoring. 2. Select the Layer 2 menu selection. 3. Select the VLAN tab. 4. Click the circle next to the protected ports VLAN you want to view and click View. The specifications of the selected VLAN are displayed.
Section VI Port Security The chapters in this section explain the port security features of the AT-8524M switch The chapters include: ❑ Chapter 24: MAC Address Security on page 291 ❑ Chapter 25: 802.
Chapter 24 MAC Address Security This chapter explains how to display and configure MAC address security on the ports on a switch. It contains the following section: ❑ Configuring MAC Address Security on page 292 ❑ Displaying MAC Address Security on page 295 Note For background information and guidelines on MAC address security, refer to the AT-S62 Menus Interface User’s Guide.
Chapter 24: MAC Address Security Configuring MAC Address Security MAC address security allows you to control access to a port on the switch using the MAC addresses of the end nodes. To configure MAC address security, perform the following procedure: 1. From the Home page, select Configuration. 2. Select the Network Security menu selection. 3. Select the Port Security tab. The Port Security tab is shown in Figure 105. Figure 105 Port Security Tab 4. Click the port you want to configure.
AT-S62 Web Browser Interface User’s Guide The Security for Port(s) window is shown in Figure 106. Figure 106 Security for Port(s) Window The top portion of the window displays the current security settings of the selected ports. 6. From the Security Mode pull-down menu, select the desired port security level for the port. Options are: Automatic Disables port security on a port. This is the default setting. Limited Allows you to specify a maximum number of dynamic source MAC addresses a port can learn.
Chapter 24: MAC Address Security Locked Instructs a port to immediately stop learning new dynamic MAC addresses. Frames are forwarded using the dynamic MAC addresses that the port has already learned and any static MAC addresses assigned to the port. Dynamic MAC addresses learned by the port prior to the activation of this security level never time out from the MAC address table, even when the corresponding end nodes are inactive. However, the port will not learn any new dynamic addresses.
AT-S62 Web Browser Interface User’s Guide Displaying MAC Address Security To display the MAC address security level of a port, perform the following procedure: 1. From the Home page, select Monitoring. 2. Select Network Security. 3. Select the Port Security tab. 4. Click the port whose port security level you want to view. A selected port turns white. You can select more than one port at a time. 5. Click View. The security information for the selected ports is displayed in the Security for Port(s) page.
Chapter 24: MAC Address Security Participating This column applies only when the intrusion action on a port is set to trap or disable. It does not apply when intrusion action is set to discard. If this column contains No when intrusion action is set to trap or disable, the port discards invalid packets, but it does not send the SNMP trap or disable the port. When this column contains Yes, the port sends a trap and/or is disabled after receiving an invalid frame.
Chapter 25 802.1x Port-based Access Control This chapter contains instructions on how to configure the 802.1x portbased access control feature on the switch. ❑ Enabling or Disabling Port-based Access Control on page 298 ❑ Setting Port Roles on page 300 ❑ Configuring Authenticator Port Parameters on page 302 ❑ Configuring Supplicant Port Parameters on page 306 ❑ Displaying the Port-based Access Control Settings on page 308 Note For background information and guidelines on 802.
Chapter 25: 802.1x Port-based Access Control Enabling or Disabling Port-based Access Control This procedure explains how to enable or disable port-based access control on the switch. If you have not assigned port roles and configured the parameter settings, you should skip this procedure and go first to Setting Port Roles on page 300. This procedure also explains how to configure RADIUS accounting.
AT-S62 Web Browser Interface User’s Guide 4. To enable or disable the feature, do the following: a. Click the Enable Port Access check box. A check in the box means that the feature is activated on the switch. No check means that the feature is disabled. The default is disabled. b. Click Apply. 5. If you want to use the RADIUS accounting feature, configure the parameters in the RADIUS Accounting section of the tab.
Chapter 25: 802.1x Port-based Access Control Setting Port Roles To set port roles for port-based access control, perform the following procedure: 1. From the Home Page, select Configuration. 2. Select Security. 3. Select the 802.1x Port Access tab. The Security page is as shown in Figure 108 on page 298. The graphic image of the switch shows which ports have been assigned port roles. Ports with an “A” are authenticators while ports with an “S” are supplicants.
AT-S62 Web Browser Interface User’s Guide 9. To configure authenticator port settings, go to Configuring Authenticator Port Parameters on page 302. To configure supplicant port settings, go to Configuring Supplicant Port Parameters on page 306.
Chapter 25: 802.1x Port-based Access Control Configuring Authenticator Port Parameters To configure authenticator port parameters, perform the following procedure: 1. From the 802.1x Port Access tab shown in Figure 108 on page 298, click the authenticator port that you want to configure. You can select more that one authenticator port at a time. The selected port turns white. Note A port must already be designated as an authenticator before you can configure its settings.
AT-S62 Web Browser Interface User’s Guide changes or the port receives an EAPOL-Start packet from a supplicant. The switch requests the identity of the client and begins relaying authentication messages between the client and the authentication server. Each client that attempts to access the network is uniquely identified by the switch using the client's MAC address. This is the default setting. ❑ Force-authorized: Disables IEEE 802.
Chapter 25: 802.1x Port-based Access Control regardless of the client. If set to Disabled, then the switch port forwards only those packets from the client who was authenticated and discards packets from all other users. Quiet Period Sets the number of seconds that the port remains in the quiet state following a failed authentication exchange with the client. The range is 0 to 65,535 seconds. The default value is 60 seconds.
AT-S62 Web Browser Interface User’s Guide 5. To permanently save the changes, select the Save Config menu selection.
Chapter 25: 802.1x Port-based Access Control Configuring Supplicant Port Parameters To configure supplicant port parameters, perform the following procedure: 1. From the 802.1x Port Access tab shown in Figure 108 on page 298, click the supplicant port that you want to configure. You can select more that one supplicant port at a time. The selected port turns white. Note A port must already be designated as a supplicant before you can configure its settings.
AT-S62 Web Browser Interface User’s Guide Held Period Specifies the amount of time in seconds the supplicant is to refrain from retrying to re-contact the authenticator in the event the end user provides an invalid username and/or password. Once the time period has expired, the supplicant can attempt to log on again. The range is 0 to 65,535 seconds. The default value is 60 seconds.
Chapter 25: 802.1x Port-based Access Control Displaying the Port-based Access Control Settings To display port-based access control settings, do the following: 1. From the Home page, select Monitoring. 2. Select the Network Security menu selection. 3. Select the 802.1x Port Access tab. For definitions of the parameters in the tab, refer to Enabling or Disabling Port-based Access Control on page 298. 4. To view the status of a port, click the port and click Status.
Section VII Management Security The chapters in this section explain the management security features of the AT-S62 software.
Chapter 26 Encryption Keys, PKI, and SSL This chapter explains how to view the encryption keys, PKI certificates, and SSL settings. It includes the following sections: ❑ Displaying Encryption Keys on page 311 ❑ Displaying PKI Settings and Certificates on page 312 ❑ Displaying the SSL Settings on page 315 Note For background information on encryption keys and certificates, refer to the AT-S62 Menus Interface User’s Guide.
AT-S62 Web Browser Interface User’s Guide Displaying Encryption Keys To display the SSL and SSH encryption key pairs, do the following: 1. From the Home page, select Monitoring. 2. Select the Mgmt. Security menu selection. 3. Select the Keys tab. The Keys tab is shown in Figure 112. Figure 112 Keys Tab (Monitoring) This tab lists the key pairs existing on the switch. The fields in the menu are described below: ID The identification number of the key.
Chapter 26: Encryption Keys, SSL, and PKI Displaying PKI Settings and Certificates To display the self-signed and CA certificates stored in the certificate database and the PKI settings, do the following: 1. From the Home page, select Monitoring. 2. Select the Mgmt. Security menu selection. 3. Select the PKI tab. The PKI tab is shown in Figure 112. Figure 113. PKI Tab (Monitoring) The upper section states the maximum number of certificates that can be configured on the switch.
AT-S62 Web Browser Interface User’s Guide MTrust (Manually Trusted) The certificate has been manually verified that it is from a trusted or untrusted authority. Type The certificate type, one of the following: ❑ EE - The certificate was issued by a CA. ❑ CA - The certificate belongs to a CA. ❑ Self - A self-signed certificate. Source The certificate was created on the switch. 4. To view the details about a certificate, click the certificate and click View.
Chapter 26: Encryption Keys, SSL, and PKI Subject The Subject distinguished name. Issuer The certificate issuer’s distinguished name. MD5 Fingerprint The MD5 algorithm. This value provides a unique sequence for each certificate consisting of 16 bytes. SHA1 Fingerprint The Secure Hash Algorithm. This value provides a unique sequence for each certificate consisting of 20 bytes. 5. Click Close to close the page.
AT-S62 Web Browser Interface User’s Guide Displaying the SSL Settings To display the SSL settings, perform the following procedure: 1. From the Home page, select Monitoring. 2. Select the Mgmt. Protocols menu selection. 3. Select the SSL tab. The SSL tab is shown in Figure 114. Figure 114 SSL Tab (Monitoring) The SSL tab provides the following information: Maximum Number of Sessions The maximum number of SSL sessions allowed at one time.
Chapter 27 Secure Shell Protocol This chapter contains the procedure for configuring the SSH protocol settings. Sections in this chapter include: ❑ Configuring the SSH Server on page 317 ❑ Displaying SSH Information on page 319 Note For background information on SSH, refer to the AT-S62 Menus Interface User’s Guide.
AT-S62 Web Browser Interface User’s Guide Configuring the SSH Server This section describes how to configure the SSH server software on the switch. For an overview of all the steps to configuring the SSH server, refer to the AT-S62 Menus Interface User’s Guide. This procedure assumes that you have already created the two key pairs. You cannot create encryption keys from a web browser management session. Prior to configuring the SSH feature, you must disable the SSH server.
Chapter 27: Secure Shell Protocol 4. Configure the parameters as needed. The parameters are described below: Status Enables or disables the feature. Choose from one of the following: Disabled - Disables the SSH server. You must set this field to Disabled when configuring SSH. This is the default. Enabled - Enables the SSH server. Select this value after you have finished configuring SSH and want to log on to the server. Note You cannot disable the SSH server when there is an active SSH connection.
AT-S62 Web Browser Interface User’s Guide Displaying SSH Information To display SSH information, do the following: 1. From the Home page, select Monitoring. 2. Select the Mgmt. Protocols menu selection. 3. Select the Secure Shell tab. The tab contains the following information: ❑ Versions Supported: Indicates the versions of SSH supported by the AT-S62 software. ❑ Status: Indicates whether or not the SSH server is enabled or disabled. ❑ Server Port: Indicates the well-known port for SSH.
Chapter 28 RADIUS and TACACS+ Authentication Protocols This chapter contains instructions on how to configure the authentication protocols. This chapter contains the following procedures: ❑ Configuring RADIUS and TACACS+ on page 321 ❑ Displaying the RADIUS or TACSACS+ Settings on page 325 Note For background information and guidelines on the authentication protocols, refer to the AT-S62 Menus Interface User’s Guide.
AT-S62 Web Browser Interface User’s Guide Configuring RADIUS and TACACS+ To configure the authentication protocols, perform the following procedure: 1. From the Home Page, select Configuration. 2. Select the Mgmt. Protocols menu selection. 3. Select the Server-based Authentication tab. The Server-based Authentication tab is shown in Figure 116. Figure 116 Server-based Authentication Tab (Configuration) Note The Enable Server-based Authentication check box applies only to new manager accounts.
Chapter 28: RADIUS and TACACS+ Authentication Protocols 5. Click Apply. Note To configure TACACS+, go to Step 6. To configure RADIUS, go to Step 7. 6. To configure TACACS+, do the following: a. In lower section of the Server-based Authentication tab, click TACACS+ Configuration and click Configure. The TACACS+ Client Configuration page is shown in Figure 117. Figure 117 TACACS+ Configuration Page b. Configure the parameters as needed. They are described below.
AT-S62 Web Browser Interface User’s Guide IP Address and Server Secret Use these fields to specify the IP addresses and encryption secrets of up to three network servers containing TACACS+ server software. You can leave an encryption field blank if you entered the server’s secret in the Global Secret field. c. When you are finished configuring the parameters, click Apply. d. To enable the authentication feature on the switch, click the Enable Server-based Authentication check box.
Chapter 28: RADIUS and TACACS+ Authentication Protocols Global Server Timeout This parameter specifies the maximum amount of time the switch waits for a response from a RADIUS server before assuming the server will not respond. If the timeout expires and the server has not responded, the switch queries the next RADIUS server in the list. If there aren’t any more servers, than the switch will default to the standard Manager and Operator accounts. The default is 30 seconds. The range is 1 to 30 seconds.
AT-S62 Web Browser Interface User’s Guide Displaying the RADIUS or TACSACS+ Settings To display the RADIUS or TACACS+ settings on a switch, do the following: 1. From the Home page, select Monitoring. 2. Select the Mgmt. Protocols menu selection, 3. Select the Server-based Authentication tab. The upper part of the page displays whether server-based authentication is enabled or disabled and the authentication method. The lower part of the page allows you to view the authentication protocol settings. 4.
Chapter 29 Management Access Control List This chapter explains how to create a Management Access Control List (ACL). You can use the ACL to restrict Telnet and web browser management access to the switch. Sections in this chapter include: ❑ Creating a Management ACL on page 327 ❑ Adding or Deleting an ACE on page 329 ❑ Displaying the Management ACL on page 330 Note For background information on the Management ACL, refer to the AT-S62 Menus Interface User’s Guide.
AT-S62 Web Browser Interface User’s Guide Creating a Management ACL To create a Management ACL, perform the following procedure: Note Activating the Management ACL without specifying any ACEs will block you from managing the device remotely. 1. From the Home Page, select Configuration. 2. Select the Mgmt Security menu option. This menu option has only one tab, Mgmt ACL, shown in Figure 119. Figure 119 Mgmt.
Chapter 29: Management Access Control List 4. In the Mgmt. ACL IP Mask field enter a mask that indicates the parts of the IP address the switch should filter on. A binary “1” indicates the switch should filter on the corresponding bit of the address, while a “0” indicates that it should not. If you are filtering on a specific IP address, use the mask 255.255.255.255. If you are filtering on a subnet, the mask will depend on the address. For example, to allow all management workstations in the subnet 149.
AT-S62 Web Browser Interface User’s Guide Adding or Deleting an ACE You can add or delete ACEs from the management ACL at any time. To add a new ACE, simply repeat the procedure in the previous section. New ACEs are immediately activated on the switch once added to the ACL. To remove an ACE, from the Mgmt ACL menu, click the button next to the ACE you want to delete and click Delete. You can delete only one ACE at a time.
Chapter 29: Management Access Control List Displaying the Management ACL To display the ACEs in the Management ACL, do the following: 1. From the Home page, select Monitoring. 2. Click Mgmt. Security. 3. Select the Mgmt ACL tab. The information in the tab is described below: IP Address The IP address of a management workstation or subnet. IP Mask The mask used by the switch to filter the IP address. Protocol The protocol of the Telnet or web browser management packets. This will be either TCP or ALL.
Index Numerics 802.
Index C ciphers available parameter 319 CIST priority 261 Class of Service (CoS) configuring 157 mapping to egress queues 159 scheduling 161 classifiers creating 120 deleting 127 displaying 128 modifying 126 Common and Internal Spanning Tree 258 community name parameter, SNMPv3 protocol 233, 235 configuration name, MSTP region 260 control direction 304 D data compression parameter 319 daylight savings time (DST) 42 default gateway 37 default values, returning switch to 45 Denial of Service (DoS) defense co
AT-S62 Web Browser Interface User’s Guide M MAC address table adding addresses 72 aging time 37, 76 deleting addresses 74, 75 displaying 69 MACs available parameter 319 management access control list creating 327 displaying 330 management access levels 38 management VLAN 280 manager access 38 manager password, configuring 38 master switch assigning 26 defined 26 returning to 29 max requests 304 max start 307 maximum multicast groups 166 MDI/MDIX mode 63 multicast groups, maximum 166 multicast host topology
Index Power over Ethernet (PoE) configuring port settings 178 displaying status 181 setting threshold 176 protected ports VLANs deleting 288 displaying 289 Q quiet period 304 R RADIUS configuring 321 displaying 325 Rapid Spanning Tree Protocol (RSTP) configuring bridge parameters 254 configuring port parameters 255 disabling 248 displaying parameters 268 enabling 248 setting port parameters 256 reauth enabled 303 reauth period 303 rebooting switch 40 revision level, MSTP region 261 S Secure Shell (SSH) ser
AT-S62 Web Browser Interface User’s Guide Spanning Tree Protocol (STP) configuring bridge parameters 249 configuring port parameters 251 disabling 248 displaying parameters 268 enabling 248 See also Rapid Spanning Tree Protocol (RSTP) and Multiple Spanning Tree Protocol (MSTP) start period 307 static MAC addresses adding 72 deleting 74, 75 displaying 69 static port trunk creating 78 deleting 83 displaying 84 modifying 81 subnet mask 34, 37 supplicant port parameters 306, 308 supplicant timeout 303 switch h
