Management Software AT-S62 ◆ Web Browser Interface User’s Guide AT-8500 Series Layer 2+ Fast Ethernet Switches Version 1.4.0 613-000127 Rev.
Copyright © 2006 Allied Telesyn, Inc. All rights reserved. No part of this publication may be reproduced without prior written permission from Allied Telesyn, Inc. Microsoft and Internet Explorer are registered trademarks of Microsoft Corporation. Netscape Navigator is a registered trademark of Netscape Communications Corporation. All other product names, company names, logos or other designations mentioned herein are trademarks or registered trademarks of their respective owners. Allied Telesyn, Inc.
Contents Preface ............................................................................................................................................................ 13 How This Guide is Organized........................................................................................................................... 14 Document Conventions ....................................................................................................................................
Contents Chapter 5: Port Parameters .......................................................................................................................... 71 Configuring Port Parameters ............................................................................................................................ 72 Displaying Port Status and Statistics ................................................................................................................ 78 Chapter 6: MAC Address Table ..........
AT-S62 Management Software Web Browser Interface User’s Guide Chapter 14: Quality of Service ................................................................................................................... 155 Managing Flow Groups .................................................................................................................................. 156 Creating a Flow Group ........................................................................................................................
Contents Modifying a SecurityToGroup Table Entry................................................................................................232 Configuring the SNMPv3 Notify Table ............................................................................................................234 Creating a Notify Table Entry ...................................................................................................................234 Deleting a Notify Table Entry.....................................
AT-S62 Management Software Web Browser Interface User’s Guide Chapter 23: Protected Ports VLANs .......................................................................................................... 317 Deleting a Protected Ports VLAN ................................................................................................................... 318 Displaying a Protected Ports VLAN................................................................................................................
Contents 8
Figures Chapter 1: Starting a Web Browser Management Session ....................................................................... 23 Figure 1: Entering a Switch’s IP Address in the URL Field...................................................................................................24 Figure 2: AT-S62 Login Page ...............................................................................................................................................25 Figure 3: Home Page ......................
Figures Chapter 11: Event Log and Syslog Servers............................................................................................... 121 Figure 29: Event Log Tab ...................................................................................................................................................123 Figure 30: Event Log Example............................................................................................................................................
AT-S62 Management Software Web Browser Interface User’s Guide Figure 72: Add New SNMPv3 Notify Page .........................................................................................................................235 Figure 73: Modify SNMPv3 Notify Page .............................................................................................................................237 Figure 74: SNMPv3 Target Address Table Page .............................................................................
Figures Chapter 28: TACACS+ and RADIUS Authentication Protocols ............................................................... 355 Figure 116: Server-based Authentication Tab (Configuration) ...........................................................................................356 Figure 117: TACACS+ Configuration Page ........................................................................................................................357 Figure 118: RADIUS Configuration Page .......................
Preface This guide contains instructions on how to configure an AT-8500 Series Layer 2+ Fast Ethernet Switch using the web browser interface in the AT-S62 management software. For instructions on how to manage the switch from the menus or command line interface, refer to the AT-S62 Menus Interface User’s Guide or AT-S62 Command Line Interface User’s Guide. The guides are available from the Allied Telesyn web site.
Preface How This Guide is Organized This manual is divided into the following sections. Section I: Basic Operations The chapters in this section explain how to perform basic operations on the switch using the web browser interface. Some of the operations include setting port parameters, creating static port trunks, and viewing the MAC address table.
AT-S62 Management Software Web Browser Interface User’s Guide Document Conventions This document uses the following conventions: Note Notes provide additional information. Caution Cautions inform you that performing or omitting a specific action may result in equipment damage or loss of data. Warning Warnings inform you that performing or omitting a specific action may result in bodily injury.
Preface Where to Find Web-based Guides The installation and user guides for all Allied Telesyn products are available in Portable Document Format (PDF) from on our web site at www.alliedtelesyn.com. You can view the documents on-line or download them onto a local workstation or server.
AT-S62 Management Software Web Browser Interface User’s Guide Contacting Allied Telesyn This section provides Allied Telesyn contact information for technical support as well as sales or corporate information. Online Support You can request technical support online by accessing the Allied Telesyn Knowledge Base from the following web site: www.alliedtelesyn.com/kb. You can use the Knowledge Base to submit questions to our technical support staff and review answers to previously asked questions.
Preface New Features History The following subsection contains the new features in the AT-S62 management software. Version 1.4.0 Table 1 lists the new features in version 1.4.0 of the AT-S62 management software. Table 1. New Features in AT-S62 Version 1.4.0 Change Chapter and Procedure Fan Control Feature for the AT-8524POE Switch New feature. The fan control feature is not supported from the web browser interface. Use the menus or the command line interface to configure the feature.
AT-S62 Management Software Web Browser Interface User’s Guide Table 1. New Features in AT-S62 Version 1.4.0 (Continued) Change Chapter and Procedure 802.1x Port-based Network Access Control Added the following new features: Supplicant mode for supporting more than one client on an authenticator port. Guest VLAN. VLAN Assignment and Secure VLAN for supporting dynamic VLAN assignments from a RADIUS authentication server for supplicant accounts.
Preface 20
Section I Basic Operations The chapters in this section cover a variety of basic switch features and functions.
Section I: Basic Operations
Chapter 1 Starting a Web Browser Management Session This chapter contains the procedures for starting and quitting a web browser management session on an AT-8500 Series switch.
Chapter 1: Starting a Web Browser Management Session Starting a Web Browser Management Session In order to establish a web browser management session with an AT-8500 Series switch, the switch must be part of an enhanced stack or be assigned an IP address. If the switch is part of an enhanced stack, such as a slave switch, starting a web browser management session on the stack’s master switch gives you access to all of the switches in the stack.
AT-S62 Management Software Web Browser Interface User’s Guide The AT-S62 software displays the login page, shown in Figure 2. Figure 2. AT-S62 Login Page 3. Enter a user name and password. For manager access, enter “manager” as the user name. The default password is “friend”. For operator access, enter “operator” as the user name. The default password is “operator”. Login names and passwords are casesensitive.
Chapter 1: Starting a Web Browser Management Session The main menu is on the left side of the Home page and consists of the following selections: Enhanced Stacking Configuration Monitoring Logout Note The Enhanced Stacking selection is displayed only on master switches. A web browser management session remains active even when you link to other sites. You can return to the management web pages anytime as long as you do not quit the browser.
AT-S62 Management Software Web Browser Interface User’s Guide Browser Tools You can use the browser tools to move around the management pages. Selecting Back on your browser’s toolbar returns you to the previous display. You can also use the browser’s bookmark feature to save the link to the switch.
Chapter 1: Starting a Web Browser Management Session Saving Your Parameter Changes When you make a change to a switch parameter, the change is, in most cases, immediately activated as soon as you click the Apply button. However, a change to a switch parameter is initially saved only to temporary memory. It is lost the next time you reset or power cycle the unit. To permanently save a change, you must click the Save Config button in the Configuration menu, shown in Figure 4.
AT-S62 Management Software Web Browser Interface User’s Guide Quitting a Web Browser Management Session To exit a web browser management session, select Logout from the main menu.
Chapter 1: Starting a Web Browser Management Session Ports 49R and 50R on the AT-8550GB and AT-8550SP Switches This section applies to the 10/100/1000Base-T twisted pair ports 49R and 50R and the SFP and GBIC slots on the AT-8550GB and AT-8550SP switches. Note the following when configuring these ports: 30 Twisted pair ports 49R and 50R change to the redundant status mode when an SFP or GBIC module is installed and establishes a link with its end node.
AT-S62 Management Software Web Browser Interface User’s Guide Web Browser Interface Limitations The web browser interface does not support the following management tasks. These functions must be performed from the menus interface or the command line interface.
Chapter 1: Starting a Web Browser Management Session 32 Section I: Basic Operations
Chapter 2 Basic Switch Parameters This chapter contains the following sections: Section I: Basic Operations “Configuring an IP Address and Switch Name” on page 34 “Activating the BOOTP or DHCP Client Software” on page 38 “Displaying System Information” on page 40 “Configuring the Manager and Operator Passwords” on page 42 “Rebooting a Switch” on page 44 “Setting the System Date and Time” on page 45 “Pinging a Remote System” on page 48 “Returning the AT-S62 Software to the
Chapter 2: Basic Switch Parameters Configuring an IP Address and Switch Name Note For guidelines on when to assign an IP address, subnet address, and gateway address to an AT-8500 Series switch, refer to Chapter 3, “Basic Switch Parameters” the AT-S62 Management Software Menus Interface User’s Guide. To set basic switch parameters for an AT-8500 Series switch, perform the following procedure: 1. From the Home Page, select Configuration. 2. Select the System menu option. 3. Select the General tab.
AT-S62 Management Software Web Browser Interface User’s Guide Note This procedure describes the parameters in the Administration section of the tab. The Passwords section is described in “Configuring the Manager and Operator Passwords” on page 42. The DHCP/BOOTP options are described in “Activating the BOOTP or DHCP Client Software” on page 38. Note The Defaults button returns all parameters in this tab to their default settings.
Chapter 2: Basic Switch Parameters Note The following three parameters are used to manually assign the switch an IP address, subnet mask, and default gateway. An alternative method to configuring these parameters is with a DHCP or BOOTP server, which can assign values to these parameters automatically. See “Activating the BOOTP or DHCP Client Software” on page 38 Note To manually assign the switch an IP address and subnet mask, the selection Static must be selected under Obtain IP Address From.
AT-S62 Management Software Web Browser Interface User’s Guide 5. Click the Apply button to activate your changes on the switch. A change to any of the above parameters is immediately activated on the switch. 6. Click the Save Config menu option to permanently save your changes.
Chapter 2: Basic Switch Parameters Activating the BOOTP or DHCP Client Software For background information on BOOTP and DHCP, refer to the AT-S62 Management Software Menus Interface User’s Guide. Review the following prior to activating the BOOTP or DHCP client: The switch can be running either BOOTP or DHCP, but not both simultaneously. There must be a BOOTP or DHCP server on your network. The BOOTP or DHCP server must be a member of the switch’s management VLAN.
AT-S62 Management Software Web Browser Interface User’s Guide Note If you activated the BOOTP or DHCP client software, the switch immediately begins to query the network for a BOOTP or DHCP server. The switch continues to query the network for its IP configuration until it receives a response. If you had manually assigned the switch and IP address, that address is deleted and replaced by the IP address received from the BOOTP or DHCP server. 6. Click Save Config to permanently save your changes.
Chapter 2: Basic Switch Parameters Displaying System Information To view basic information about the switch, perform the following procedure: 1. From the Home page, select Monitoring. 2. Select the System menu option. 3. Select the General tab. This tab is for viewing purposes only. The information in the tab is defined below: MAC address - The MAC address of the switch. This value cannot be changed. Model Name - The switch model. This value cannot be changed.
AT-S62 Management Software Web Browser Interface User’s Guide BOOTP or DHCP, refer to “Activating the BOOTP or DHCP Client Software” on page 38. Section I: Basic Operations Application Software and Build Date - The version number and build date of the AT-S62 management software. Bootloader and Build Date - The version number and build date of the AT-S62 bootloader. Main Power Supply - The status of the switch’s internal power supply.
Chapter 2: Basic Switch Parameters Configuring the Manager and Operator Passwords There are two levels of management access on an AT-8500 Series switch: manager and operator. When you log in as a manager, you can view and configure all of a switch’s operating parameters. When you log in as an operator, you can only view the operating parameters; you cannot change any values. You log in as a manager or an operator by entering the appropriate username and password when you start an AT-S62 management session.
AT-S62 Management Software Web Browser Interface User’s Guide Caution You should not use spaces or special characters, such as asterisks (*) and exclamation points (!), in a password. Many web browsers cannot handle special characters in passwords. Note A change to a password is immediately activated on the switch. You will be prompted for the new password the next time you log on. 5. Click Apply to activate your change on the switch. 6. Click Save Config to permanently save your change.
Chapter 2: Basic Switch Parameters Rebooting a Switch Note Any parameters changes that have not been saved will be discarded when a system is reset. To save parameter changes, refer to “Saving Your Parameter Changes” on page 28. To reboot a switch, perform the following procedure: 1. From the Home Page, select Configuration. 2. Select the System menu option. 3. Select the General tab. The General tab is shown in Figure 5 on page 34. 4. Click the Reset button. A confirmation prompt is displayed. 5.
AT-S62 Management Software Web Browser Interface User’s Guide Setting the System Date and Time This procedure explains how to set the switch’s date and time. Setting the date and time is important if you plan to view the events in the switch’s event log or send the events to a syslog server. The correct date and time are also important if the management software will be sending traps to your management workstation or if you plan to create a self-signed SSL certificate.
Chapter 2: Basic Switch Parameters The System Time tab is shown in Figure 6. Figure 6. System Time Tab 4. To set the system time manually, do the following: a. In the System Time section of the tab, enter the time and date in the following format. hh:mm:ss dd-mm-yyyy b. Click Apply. 5. To configure the switch to obtain its date and time from an SNTP or NTP server on your network or the Internet, configure the following options: UTC Offset Specifies the difference between the UTC and local time.
AT-S62 Management Software Web Browser Interface User’s Guide Daylight Savings Time (DST) Enables or disables the system’s adjustment for daylight savings time. The default is enabled. Note The switch does not set DST automatically. If the switch is in a locale that uses DST, you must remember to enable this in April when DST begins and disable it in October when DST ends. If the switch is in a locale that does not use DST, this option should be set to disabled all the time.
Chapter 2: Basic Switch Parameters Pinging a Remote System This procedure instructs the switch to ping a node on your network. This function can establish whether a valid link exists between the switch and another device. Note the following before performing the procedure: The switch must have an IP address. The device to be pinged must be a member of the switch’s management VLAN, meaning it must be communicating with the switch through an untagged or tagged port of the management VLAN.
AT-S62 Management Software Web Browser Interface User’s Guide Returning the AT-S62 Software to the Factory Default Values The procedure in this section returns all AT-S62 software parameters, including IP address and subnet mask, if assigned, to their default values. Please note the following before performing this procedure: Returning all parameter settings to their default values also deletes any port-based or tagged VLANs on the switch.
Chapter 2: Basic Switch Parameters To return the AT-S62 management software to the default settings, perform the following procedure: 1. From the Home Page, select Configuration. 2. Select Utilities menu option. 3. Select the System Utilities tab. The System Utilities tab is shown in Figure 8. Figure 8. System Utilities Tab Note The bottom portion of the System Utilities tab is used to download and upload files from the switch.
AT-S62 Management Software Web Browser Interface User’s Guide The switch resets and returns all values to the default settings. After the reset is complete, you must reestablish your management session if you want to continue managing the unit. 7. As mentioned at the start of this procedure, returning a switch to is default settings does not alter the contents of the active boot configuration file.
Chapter 2: Basic Switch Parameters 52 Section I: Basic Operations
Chapter 3 Enhanced Stacking This chapter contains the following procedures: “Setting a Switch’s Enhanced Stacking Status” on page 54 “Selecting a Switch in an Enhanced Stack” on page 56 “Returning to the Master Switch” on page 58 “Displaying the Enhanced Stacking Status” on page 59 Note For background information, refer to Chapter 4, “Enhanced Stacking” in the AT-S62 Management Software Menus Interface User’s Guide.
Chapter 3: Enhanced Stacking Setting a Switch’s Enhanced Stacking Status The enhanced stacking status of the switch can be master, slave, or unavailable. Each status is described below: Master - A master switch of a stack is used to manage other switches in an enhanced stack. Establishing a local or remote management session on a master switch gives you access to the other switches in the enhanced stack.
AT-S62 Management Software Web Browser Interface User’s Guide Note If the window does not have an Enhanced Stacking tab, you have accessed the switch through enhanced stacking. Changing a switch’s stacking status through enhanced stacking is not allowed. The only stacking status you can change remotely from a web browser management session is the switch on which you started the session. The Enhanced Stacking tab is shown in Figure 9. Figure 9. Enhanced Stacking Tab 4.
Chapter 3: Enhanced Stacking Selecting a Switch in an Enhanced Stack The first thing that you should do before you perform any procedure on a switch in an enhanced stack is check to be sure that you are performing it on the correct switch. If you assigned system names to your switches, identifying your switches is easy. The management software displays the name of the switch being managed at the top of every management window.
AT-S62 Management Software Web Browser Interface User’s Guide Note The list does not include the master switch on which you started the management session or any switches with an enhanced stacking status of Unavailable. You can sort the switches in the list by switch name or MAC address by clicking on the column headers. By default, the list is sorted by MAC address. You can refresh the list by clicking Refresh. This instructs the master switch to again poll the subnet for all switches. 2.
Chapter 3: Enhanced Stacking Returning to the Master Switch When you are finished managing a slave switch and want to manage another switch in the stack, return to the Home page of the switch and select Disconnect from the menu. This returns you to the Enhanced Stacking page in Figure 10 on page 56. When that page reappears, you are again addressing the master switch where you started the management session.
AT-S62 Management Software Web Browser Interface User’s Guide Displaying the Enhanced Stacking Status To display the enhanced stacking status of a switch, do the following: 1. From the Home page, select Monitoring. 2. From the Monitoring page, select the Mgmt. Protocols menu option. 3. From the Layer 2 page, select the Enhanced Stacking tab. The information in the tab states the current enhanced stacking status of the switch as master, slave, or unavailable.
Chapter 3: Enhanced Stacking 60 Section I: Basic Operations
Chapter 4 SNMPv1 and SNMPv2c Community Strings This chapter explains how to activate SNMP management on the switch and how to create, modify, and delete SNMPv1 and SNMPv2c community strings.
Chapter 4: SNMPv1 and SNMPv2c Community Strings Enabling or Disabling SNMP Management To enable or disable SNMP management on the switch, perform the following procedure: 1. From the Home page, select Configuration. 2. Select the Mgmt. Protocols menu option. 3. Select the SNMP tab. The SNMP tab is shown in Figure 11. Figure 11. SNMP Tab (Configuration) 4. Click Enable SNMP Access to enable or disable SNMP management.
AT-S62 Management Software Web Browser Interface User’s Guide 6. Click Apply. A change to SNMP access is immediately activated on the switch. 7. To permanently save your changes, select the Save Config menu option.
Chapter 4: SNMPv1 and SNMPv2c Community Strings Creating a New SNMPv1 or SNMPv2c Community String To create a new SNMPv1 or SNMPv2c community string, perform the following procedure: 1. From the Home page, select Configuration. 2. Select the Mgmt. Protocols menu option. 3. Select the SNMP tab. The SNMP tab is shown in Figure 11 on page 62. 4. Click Configure in the SNMPv1/v2c section of the tab. The SNMP tab for SNMPv1 and SNMPv2c community strings is shown in Figure 12. Figure 12.
AT-S62 Management Software Web Browser Interface User’s Guide Trap Receivers The IP addresses of management stations to receive SNMP traps from the switch. Open Access Displays the opened or closed access status of the string: Yes - The string’s status is open, meaning any management workstation can use it. No - The string’s status is closed, meaning only those workstations whose IP addresses have been assigned to the string can use it. Status Displays whether the string is enabled or disabled.
Chapter 4: SNMPv1 and SNMPv2c Community Strings 6. Configure the following parameters: Community Name Enter the new community string. The name can be up to 32 alphanumeric characters. No spaces or special characters (such as /, #, or &) are allowed. Status Enable or disable the community string. A disabled community string cannot be used to access the switch. The default is enabled. Access Mode Specify the access mode for the SNMP community string.
AT-S62 Management Software Web Browser Interface User’s Guide Modifying an SNMPv1 or SNMPv2c Community String To modify a community string, perform the following procedure: 1. From the Home page, select Configuration. 2. Select the Mgmt. Protocols menu option. 3. Select the SNMP tab. The SNMP tab is shown in Figure 11 on page 62. 4. Click Configure in the SNMPv1/v2c section of the tab The SNMP tab for SNMPv1 and SNMPv2c is shown in Figure 12 on page 64. 5.
Chapter 4: SNMPv1 and SNMPv2c Community Strings Note You cannot change the name of a community string. 7. Configure the following parameters: Status Enable or disable the community string. A disabled community string cannot be used to access the switch. The default is enabled. Access Mode Specify the access mode for the SNMP community string. If you specify Read Only, you can use the community string to view but not change the MIB objects on the switch.
AT-S62 Management Software Web Browser Interface User’s Guide Deleting an SNMPv1 or SNMPv2c Community String To delete a community string, do the following: 1. From the Home page, select Configuration. 2. Select the Mgmt. Protocols menu option. 3. Select the SNMP tab. 4. Click Configure in the SNMPv1/v2c section of the tab. The SNMP tab for SNMPv1 and SNMPv2c is shown in Figure 12 on page 64. 5. Click the button next to the community string you want to delete. You can select only one community string. 6.
Chapter 4: SNMPv1 and SNMPv2c Community Strings Displaying the SNMP Status and Community Strings To display the SNMPv1 and SNMPv2c community strings on the switch, do the following: 1. From the Home page, select Monitoring. 2. Select the Mgmt. Protocols menu option. 3. Select the SNMP tab. The information in the tab includes: SNMP Access Whether SNMP access is enabled or disabled. Authentication Failure Trap Whether the authentication failure trap is enabled or disabled. 4.
Chapter 5 Port Parameters This chapter explains how to view and change the parameter settings for the ports on a switch, such as port speed and duplex mode.
Chapter 5: Port Parameters Configuring Port Parameters To configure the parameter settings for a port on the switch, perform the following procedure: 1. From the Home page, select Configuration. 2. From the Configuration menu, select the Layer 1 option. 3. Select the Port Settings tab. The Port Settings tab is shown in Figure 15. Figure 15. Port Settings Tab (Configuration) 4. Click a port in the graphical switch image to configure. The selected port turns white.
AT-S62 Management Software Web Browser Interface User’s Guide Figure 16. Port Configuration Page Note The Port Configuration page in the figure above is for a 10/100 Mbps twisted pair port. The page for a fiber optic port will contain a subset of the parameters. If you are configuring multiple ports and the ports have different settings, the Port Configuration menu displays the settings of the lowest numbered port.
Chapter 5: Port Parameters If you are configuring a twisted pair port and you select AutoNegotiation, which is the default setting, the port’s speed, duplex mode, and MDI/MDI-X settings are set automatically. Note the following regarding the operation of Auto-Negotiation on a twisted pair port: In order for a switch port to successfully Auto-Negotiate its duplex mode with an end-node, the end-node should also be using AutoNegotiation. Otherwise, a duplex mode mismatch can occur.
AT-S62 Management Software Web Browser Interface User’s Guide HOL Blocking For a definition of Head of Line Blocking, refer to the AT-S62 Management Software Menus Interface User’s Guide. This parameter can prevent Head of Line Blocking from occurring on a port. The parameter sets a threshold on the utilization of a port’s egress queues. When the threshold for a port is exceeded, the switch signals other ports to discard packets to the oversubscribed port. The number for this value represents cells.
Chapter 5: Port Parameters Broadcast Filter Most frames on an Ethernet network are usually unicast frames. A unicast frame is a frame that is sent to a single destination. A node sending a unicast frame intends the frame for a particular node on the network. For example, when a node sends a file to a network server for storage, the node sends the file in unicast Ethernet frames containing the destination address of the server where the file is to be stored. Broadcast frames are different.
AT-S62 Management Software Web Browser Interface User’s Guide The Limit field specifies the number of cells. A cell represents 64 bytes. The range is 1 to 57,344 cells. The default is 57,344. Unknown Multicast Filtering Discards all unknown ingress multicast packets on a port when activated. This feature can help improve switch performance in instances where a multicast stream arrives on a port of a switch where there are no host nodes.
Chapter 5: Port Parameters Displaying Port Status and Statistics The procedure in this section displays the operating status of the ports on a switch and port statistics. You can view a port’s operating speed, duplex mode, MDI/MDI-X configuration, and more. You can also view the operating status of any GBIC modules installed in an AT-8550GB. To display the status or statistics of a switch port, perform the following procedure: 1. From the Home page, select Monitoring. 2.
AT-S62 Management Software Web Browser Interface User’s Guide Link The status of the link between the port and the end node connected to the port. Possible values are: Up - indicates that a valid link exists between the port and the end node. Down - indicates that the port and the end node have not established a valid link. Neg The status of Auto-Negotiation on the port. Possible values are: Auto - Indicates that the port is using Auto-Negotiation to set operating speed and duplex mode.
Chapter 5: Port Parameters If you select Statistics, the Statistics page in Figure 18 is displayed. Figure 18. Port Statistics Page The information in this page is for viewing purposes only. The statistics are defined below: Bytes Received Number of bytes received on the port. Bytes Sent Number of bytes transmitted from the port. Frames Received Number of frames received on the port. Frames Sent Number of frames transmitted from the port.
AT-S62 Management Software Web Browser Interface User’s Guide Frames 64 Bytes Frames 65 - 127 Bytes Frames 128 - 255 Bytes Frames 256 - 511 Bytes Frames 512 - 1023 Bytes Frames 1024 - 1518 Bytes Frames 1519 - 1522 Bytes Number of frames transmitted from the port, grouped by size. Dropped Frames The number of frames successfully received and buffered by the port, but subsequently discarded.
Chapter 5: Port Parameters 82 Section I: Basic Operations
Chapter 6 MAC Address Table This chapter contains instructions on how to view the dynamic and static addresses in the MAC address table of the switch.
Chapter 6: MAC Address Table Displaying the MAC Address Table To view the MAC address table, perform the following procedure: 1. From the Home page, select either Configuration or Monitoring. 2. Select the Layer 2 menu option. 3. Select the MAC Address tab. Figure 19 on page 85 shows how the tab appears when displayed through the Configuration page. If displayed through the Monitoring page, the Add buttons and the Delete section at the bottom of the window are not included.
AT-S62 Management Software Web Browser Interface User’s Guide Figure 19. MAC Address Tab (Configuration) The two sections View/Add Unicast MAC Addresses and View/Add Multicast MAC Addresses are used to view and add unicast and multicast addresses The options function the same in both sections, and are described below. You can select only one option at a time. Note The MAC Address Aging Time section is described in “Changing the Aging Time” on page 91.
Chapter 6: MAC Address Table The default selection is the View All option for unicast MAC addresses. To avoid displaying the wrong MAC addresses, check to be sure that you have selected the desired unicast or multicast address option before clicking a View button. View All This selection displays all dynamic addresses learned on the ports of the switch and all static addresses that have been assigned to the ports.
AT-S62 Management Software Web Browser Interface User’s Guide Adding Static Unicast and Multicast MAC Addresses This section contains the procedure for assigning a static unicast or multicast address to a port on the switch. You can assign up to 255 static MAC addresses per port. To add a static address to the MAC address table, perform the following procedure: 1. From the Home page, select Configuration. 2. Select the Layer 2 menu option. 3. Select the MAC Address tab.
Chapter 6: MAC Address Table specify the ports individually (e.g., 1,4,5), as a range (e.g., 11-14) or both (e.g., 15-17,22,24). 7. In the VLAN ID field, enter the VLAN ID where the port is a member. 8. Click Apply. 9. Repeat this procedure to add other static addresses to the switch. 10. To permanently save the change, select the Save Config menu option.
AT-S62 Management Software Web Browser Interface User’s Guide Deleting Unicast and Multicast MAC Addresses To delete a specific static or dynamic unicast or multicast MAC address from the switch, perform the following procedure: 1. From the Home page, select Configuration. 2. Select the Layer 2 menu option. 3. Select the MAC Address tab. The MAC Address tab is shown in Figure 19 on page 85. 4. Display the MAC addresses on the switch by selecting one of the options.
Chapter 6: MAC Address Table Deleting All Dynamic Unicast and Multicast MAC Addresses To delete all dynamic unicast and multicast MAC addresses from the switch, perform the following procedure: 1. From the Home page, select Configuration. 2. From the Configuration menu, select Layer 2. 3. Select the MAC Address tab. The MAC Address tab is shown in Figure 19 on page 85. 4. Click Delete in the Delete All Dynamic MAC Addresses section.
AT-S62 Management Software Web Browser Interface User’s Guide Changing the Aging Time The switch uses the aging time to delete inactive dynamic MAC addresses from the MAC address table. When the switch detects that no packets have been sent to or received from a particular MAC address in the table after the period specified by the aging time, the switch deletes the address. This prevents the table from becoming full of addresses of nodes that are no longer active.
Chapter 6: MAC Address Table 92 Section I: Basic Operations
Chapter 7 Static Port Trunks This chapter contains the procedure for creating, modifying, and deleting static port trunks from a web browser management session.
Chapter 7: Static Port Trunks Creating a Static Port Trunk This section contains the procedure for creating a static port trunk on the switch. Be sure to review the static port trunk guidelines in the AT-S62 Menus Interface User’s Guide before performing the procedure. Caution Do not connect the cables to the trunk ports on the switches until after you have configured the static trunk with the management software.
AT-S62 Management Software Web Browser Interface User’s Guide The Port Trunking tab is shown in Figure 21. Figure 21. Port Trunking Tab This tab lists the existing trunks. Columns in the tab are defined below: ID The ID number of the trunk. Name The name of the trunk.
Chapter 7: Static Port Trunks The Add New Trunk page is shown in Figure 22. Figure 22. Add New Trunk Page 5. In the Trunk Name field, enter a name for the port trunk. The name can be up to sixteen alphanumeric characters. No spaces or special characters, such as asterisks and exclamation points, are allowed. Each trunk must be given a unique name. 6. From the Trunk Method list, select a distribution method.
AT-S62 Management Software Web Browser Interface User’s Guide Modifying a Static Port Trunk This section contains the procedure for modifying a static port trunk on the switch. You can change the name of a trunk and the ports that constitute the trunk. You cannot change the load distribute method. Be sure to review the static trunk guidelines in the AT-S62 Menus Interface User’s Guide before performing the procedure.
Chapter 7: Static Port Trunks An example of the Modify Trunk page is shown in Figure 23. Figure 23. Modify Trunk Page Note You cannot change the Trunk ID number or the load distribution method of a port trunk. 5. To change the name of the trunk, click the Trunk Name field and modify the name as needed. The name can be up to sixteen alphanumeric characters. No spaces or special characters, such as asterisks and exclamation points, are allowed. Each trunk must have a unique name. 6.
AT-S62 Management Software Web Browser Interface User’s Guide Deleting a Static Port Trunk Caution Disconnect the cables from the port trunk on the switch before performing the following procedure. Deleting a static port trunk without first disconnecting the cables can create loops in your network topology. Data loops can result in broadcast storms and poor network performance. To delete a static port trunk from the switch, perform the following procedure: 1. From the Home Page, select Configuration. 2.
Chapter 7: Static Port Trunks Displaying the Static Port Trunks To display the static port trunks on the switch, do the following: 1. From the Home page, select Monitoring. 2. From the Monitoring menu, select the Layer 1 menu option. 3. Select the Port Trunking tab. The Port Trunking tab displays the following information: ID The ID number of the trunk. Name The name of the trunk.
Chapter 8 Port Mirroring This chapter contains the procedure for creating or deleting a port mirror. Sections in the chapter include: “Creating a Port Mirror” on page 102 “Modifying or Disabling a Port Mirror” on page 105 “Deleting a Port Mirror” on page 106 “Displaying the Port Mirror” on page 107 Note For background information, refer to Chapter 9, “Port Mirroring” in the AT-S62 Management Software Menus Interface User’s Guide.
Chapter 8: Port Mirroring Creating a Port Mirror To create or delete a port mirror, perform the following procedure: 1. From the Home Page, select Configuration. 2. From the Configuration menu, select Layer 1. 3. Select the Port Mirroring tab. The Port Mirroring tab is shown in Figure 24. Figure 24. Port Mirroring Tab (Configuration) This tab displays any port mirror already existing on the switch.
AT-S62 Management Software Web Browser Interface User’s Guide Status This column contains the status of the mirroring feature. If enabled, traffic is being copied to the destination port. If disabled, no traffic is being mirrored. 4. Click Modify. The Modify Mirror page is shown in Figure 25. Figure 25. Modify Mirror Page 5. Click the ports of the port mirror. Clicking a port toggles it through the possible settings, which are shown here: The destination (mirror) port.
Chapter 8: Port Mirroring Figure 26 shows an example of the Modify Mirror page configured for a port mirror. The egress traffic on Ports 11 and 12 is mirrored to the destination Port 5. Figure 26. Example of a Modify Mirror Page 6. After selecting the destination and source ports, click the Enable Mirror check box. 7. Click Apply. The port mirror is now active on the switch. You can connect a data analyzer to the destination port to monitor the traffic on the source ports. 8.
AT-S62 Management Software Web Browser Interface User’s Guide Modifying or Disabling a Port Mirror To modify a port mirror, you perform the same procedure that you did to create it, explained in “Creating a Port Mirror” on page 102. But before modifying it, you should first disable it using the Enable Mirror option in the Modify Mirror page. Once you have made the necessary modifications, enable the mirror again and click Apply. To permanently save the change, click the Save Config menu option.
Chapter 8: Port Mirroring Deleting a Port Mirror To delete a port mirror so that you can use the destination port for normal network operations, do the following: 1. Perform Steps 1 to 3 in “Creating a Port Mirror” on page 102 to display the Port Mirroring tab. 2. Disable the port mirror using the Enable Mirror option. 3. Click the destination port to change it from white to black. Once black, the port is available for normal network operations. 4. Click Apply.
AT-S62 Management Software Web Browser Interface User’s Guide Displaying the Port Mirror To display the port mirror, do the following: 1. From the Home page, select Monitoring. 2. From the Monitoring menu, select the Layer 1 option. 3. Select the Port Mirroring tab. The information in the tab is described below: Mirror to Port The destination port where the traffic is copied to and where the network analyzer is located.
Chapter 8: Port Mirroring 108 Section I: Basic Operations
Section II Advanced Operations The chapters in this section explain how to perform some of the advanced management functions.
Section II: Advanced Operations
Chapter 9 File System This chapter contains instructions on how to display the files stored in the switch’s file system. It also explains how to select a new active boot configuration file. This chapter contains the following procedure: “Viewing System Files and Changing the Active Configuration File” on page 112 Note For background information, refer to Chapter 10, “File System” in the AT-S62 Management Software Menus Interface User’s Guide.
Chapter 9: File System Viewing System Files and Changing the Active Configuration File This procedure displays the files stored in the switch’s file system. This procedure also explains how to change the active boot configuration file on the switch. The active boot configuration file is used by the switch to configure its operating parameters whenever the unit is reset or power cycled. The active boot file is also the file that is updated whenever you select the Save Config option.
AT-S62 Management Sofwatre Web Browser Interface User’s Guide The File System tab is shown in Figure 27. Figure 27. File System Tab The information in the tab is defined below: Current Drive Specifies the location of the file system. The AT-8500 Series switch has just one file system, located in flash memory. This will always indicate Flash. This cannot be changed. Default Configuration File Specifies the filename of the active configuration file.
Chapter 9: File System Attributes - This can be any of the following: Normal Read Only Hidden System Volume Directory Archive Invalid 4. To change the active boot configuration file, enter the name of the file in the Default Configuration Field field. The file must already exist in the file system. You can select a configuration file that you created on the switch or that you downloaded onto the switch from another switch.
Chapter 10 File Downloads and Uploads This chapter contains the procedure for downloading a new AT-S62 image file onto the switch from a web browser management session. This chapter also contains procedures for uploading and downloading system files, such as a boot configuration file, from the file system in the switch.
Chapter 10: File Downloads and Uploads Downloading a File This procedure downloads a file from a TFTP server on your network to the switch using the web browser interface. You can download any of the following files: AT-S62 image file Boot configuration file CA certificate Caution Installing a new AT-S62 image file invokes a switch reset. Some network traffic may be lost. A switch reset is also invoked when downloading a configuration file as the switch’s new active boot configuration file.
AT-S62 Management Software Web Browser Interface User’s Guide The System Utilities tab is shown in Figure 28. Figure 28. System Utilities Tab Note The top portion of the tab resets the switch to its factory default settings. For instructions, refer to “Returning the AT-S62 Software to the Factory Default Values” on page 49. 4. In the TFTP Server IP Address field, enter the IP address of the network node with the TFTP server software. 5. In the TFTP Operation field, click Download. 6.
Chapter 10: File Downloads and Uploads Config (set default and reboot) - Select this option to download a configuration file as the new active boot configuration file for the switch. File - Select this option to download a CA certificate or a configuration file that is not to be the switch’s active boot configuration file. 9. Click Apply. The management software notifies you when the download is complete.
AT-S62 Management Software Web Browser Interface User’s Guide Uploading a File This procedure explains how to upload a file from the switch’s file system to a TFTP server on your network using the web browser interface. You can upload any of the following files: Boot configuration file Public encryption key CA certificate CA enrollment request Event log file Note the following before you begin this procedure: You must use TFTP to upload a file using a web browser management session.
Chapter 10: File Downloads and Uploads 6. In the TFTP Remote Filename field, enter a name for the file. The file is stored on the TFTP server with this name. 7. In the TFTP Local Filename field, enter the name of the file in the switch’s file system to upload to the TFTP server. 8. In TFTP File Type, select File. Note Selecting Image as the TFTP File Type uploads the active AT-S62 image file from the application block on the switch to the FTP server, storing it under the name specified in step 6.
Chapter 11 Event Log and Syslog Servers This chapter describes the event log and syslog servers. Sections in the chapter include: “Managing the Event Log” on page 122 “Managing Syslog Server Definitions” on page 129 Note For background information, refer to Chapter 12, “Event Log and Syslog Servers” in the AT-S62 Management Software Menus Interface User’s Guide.
Chapter 11: Event Log and Syslog Servers Managing the Event Log The event log contains event messages that are generated by a switch. These events can provide vital information about network activity on an AT-8500 Series switch that can help you identify and solve network problems. The information includes the time and date when an event occurred, the event’s severity, the AT-S62 module that generated the event, and an event description.
AT-S62 Management Software Web Browser Interface User’s Guide The Event Log tab is shown in Figure 29. Figure 29. Event Log Tab 4. For Status in Log Settings, click either Disable or Enable. The default is enabled. 5. Click Apply. If you enabled the log, the switch immediately begins to add events to the log and send events to defined syslog servers. 6. To permanently save the change, select the Save Config menu selection. To display the events in the log, go to the next procedure.
Chapter 11: Event Log and Syslog Servers Displaying the Event Log To view the event log, do the following: 1. From the Home Page, click either Configuration or Monitoring. 2. Select the System menu option. 3. Select the Event Log tab. The Event Log tab is shown in Figure 29 on page 123. 4. Configure the following options: Severity Selections Displays events of a selected severity. Event severity is a predefined value assigned to an event according to its potential impact on switch operation.
AT-S62 Management Software Web Browser Interface User’s Guide display more than one module at a time by holding down the Shift key when making a selection. The modules are defined in Table 3. Table 3.
Chapter 11: Event Log and Syslog Servers Table 3. AT-S62 Modules Module Name Description SSH Secure Shell protocol SSL Secure Sockets Layer protocol STP Spanning Tree, Rapid Spanning, and Multiple Spanning Tree protocols SYSTEM Hardware status; Manager and Operator log in and log off events. TACACS TACACS+ authentication protocol Telnet Telnet TFTP TFTP Time SNTP VLAN Port-based and tagged VLANs, and multiple VLAN modes 5. Once you have set the log filters, click View.
AT-S62 Management Software Web Browser Interface User’s Guide The columns in the log are described below: Modifying the Event Log Full Action S (Severity) - The event’s severity. Table 2 on page 124 defines the different severity levels. Date/Time - The date and time the event occurred. Event ID - A unique number that identifies the event. (Displayed only in the Full display mode.) Filename:Line - The subpart of the AT-S62 module and the line number that generated the event.
Chapter 11: Event Log and Syslog Servers 5. Using the Action pull-down menu, select one of the following: Wrap The switch deletes the oldest entries as it adds new entries. Halt The switch stops adding entries when the log reaches maximum capacity of 4,000 entries. 6. Click Apply. 7. To permanently save the change, select the Save Config menu selection.
AT-S62 Management Software Web Browser Interface User’s Guide Managing Syslog Server Definitions You can configure the switch to send its events to a syslog server. A syslog server can store the events of many network devices simultaneously. Storing network events on a syslog server can make managing your network easier since you need only go to one site to see all of the events. Here are the guidelines to observe when using this feature: You can define up to 19 syslog servers.
Chapter 11: Event Log and Syslog Servers Creating a Syslog Server Definition To create a syslog server definition, perform the following procedure: 1. From the Home Page, click Configuration. 2. Select the System menu selection. 3. Select the Event Log tab. The Event Log tab is shown in Figure 29 on page 123. 4. In the Current Log Outputs section of the tab, click Create. The Creating Event Log Output Window is shown in Figure 32. Figure 32. Creating Event Log Output Window 5.
AT-S62 Management Software Web Browser Interface User’s Guide Message Format The information sent with each event. Choices are: Normal - sends the severity, module, and description. Extended - sends the same as Normal, plus the date, time, and switch’s IP address. This is the default. Severity Selections The severity of events to be sent by the switch to the syslog server.
Chapter 11: Event Log and Syslog Servers Table 4.
AT-S62 Management Software Web Browser Interface User’s Guide LOCAL6 LOCAL7 Each setting represents a predefined RFC 3164 numerical code. The code mappings are listed in Table 5. Table 5. Numerical Code and Facility Level Mappings Numerical Code Facility Level Setting 17 LOCAL1 18 LOCAL2 19 LOCAL3 20 LOCAL4 21 LOCAL5 22 LOCAL6 23 LOCAL7 For example, selecting LOCAL2 as the facility level assigns the numerical code of 18 to all events sent to the syslog server by the switch.
Chapter 11: Event Log and Syslog Servers Modifying a Syslog Server Definition To modify a syslog server definition, perform the following procedure: 1. From the Home Page, click Configuration. 2. Select the System menu selection. 3. Select the Event Log tab. The Event Log tab is shown in Figure 29 on page 123. 4. In the Current Log Outputs section of the tab, click the syslog entry you want to modify and click Modify. The Modify Event Log Output window for the selected syslog definition is displayed. 5.
AT-S62 Management Software Web Browser Interface User’s Guide Viewing a Syslog Server Definition To view the parameter settings of a syslog server definition, perform the following procedure: 1. From the Home Page, click Monitoring. 2. Select the System menu option. 3. Select the Event Log tab. 4. In the Current Log Outputs section of the tab, click the syslog definition you want to view and click View. The switch displays the parameter settings of the selected syslog definition.
Chapter 11: Event Log and Syslog Servers 136 Section II: Advanced Operations
Chapter 12 Classifiers A classifier defines a traffic flow. You can use classifiers with access control lists to filter ingress traffic on a port and with Quality of Service policies to regulate the different traffic flows that pass through a switch.
Chapter 12: Classifiers Creating a Classifier To create a new classifier, perform the following procedure: 1. From the Home Page, select Configuration. 2. Select the Network Security or Services menu selection. (The Classifier tab is accessible from both menu selections.) 3. Select the Classifier tab. An example of the Classifier tab is shown in Figure 33. Figure 33. Classifier Tab (Configuration) The tab lists the current classifiers on the switch.
AT-S62 Management Software Web Browser Interface User’s Guide No. Refs. (Attached) The number of active and inactive ACLs and QoS policies to which the classifier is currently assigned. An active ACL or QoS is assigned to a switch port, while an inactive ACL or QoS policy is currently not assigned to any port. If this column is 0 (zero), the classifier is not assigned to any ACLs or policies, active or inactive. 4. To create a new classifier, click Create. The Create Classifier page is shown in Figure 34.
Chapter 12: Classifiers Some of the variables and settings display additional selections. For example, selecting IP as the Protocol displays the selections shown in Figure 35. Figure 35. Create Classifier Page - IP Protocol 5. Configure the parameters as needed. They are defined here: ID Specifies an ID number for the classifier. Every classifier on the switch must have a unique ID number. The range is 1 to 9999. This parameter is required. Description Specifies a description for the classifier.
AT-S62 Management Software Web Browser Interface User’s Guide Priority Defines a traffic flow by the user priority level in tagged Ethernet frames. The range is 0 to 7. VLAN ID Defines a traffic flow of tagged packets by its VLAN ID number. The range is 1 to 4094. Protocol Defines a traffic flow as one of the following Layer 2 protocols: User Specified IP ARP RARP User Specified Protocol Defines a traffic flow of a Layer 2 protocol by its protocol number.
Chapter 12: Classifiers User Specified IP Protocol Defines a traffic flow of a Layer 3 protocol by its protocol number. The number can be entered in either decimal or hexadecimal format. If you use the latter, precede the number with “0x”. To set this parameter, the IP Protocol parameter must be set to User Specified. Source IP Address Source IP Mask Defines a traffic flow by a source IP address. The address can be of a specific node or a subnet.
AT-S62 Management Software Web Browser Interface User’s Guide UDP Source Port Defines a traffic flow by source UDP port. To set this parameter, IP Protocol must be set to UDP. UDP Destination Port Defines a traffic flow by a destination UDP port. To set this parameter, IP Protocol must be set to UDP. User Specified Protocol Defines a traffic flow by a protocol other than one of those listed in the Protocol or IP Protocol list. To set this parameter, Protocol must be set to User Specified.
Chapter 12: Classifiers Modifying a Classifier This procedure explains how to modify a classifier. If the classifier you want to modify is currently assigned to an active ACL or QoS policy, you must first remove the port assignments from the ACL or policy before you can modify the classifier. Once you have finished modifying the classifier, you can reassign the ports again to the ACL or QoS policy. To modify a classifier, perform the following procedure: 1. From the Home Page, select Configuration. 2.
AT-S62 Management Software Web Browser Interface User’s Guide Deleting a Classifier This procedure explains how to delete a classifier. If the classifier you want to delete is currently assigned to an ACL or QoS policy, you must first remove it from the ACL or policy. To delete a classifier, perform the following procedure: 1. From the home page, select Configuration. 2. Select the Network Security or Services menu selection. (The Classifier tab is accessible from both menu selections.) 3.
Chapter 12: Classifiers Displaying the Classifiers To display the classifiers on a switch, perform the following procedure: 1. From the Home Page, select Monitoring. 2. From the Monitoring menu, select either the Network Security or Services menu selection. (The Classifier tab is accessible from both menu selections.) 3. Select the Classifiers tab. This tab lists the classifiers currently existing on the switch. The columns are defined here: ID The ID of the classifier.
Chapter 13 Access Control Lists An access control list (ACL) is used to filter ingress traffic on a port. Traffic is defined by the classifiers assigned to the ACL.
Chapter 13: Access Control Lists Creating an Access Control List This procedure explains how to create an ACL. Before performing this procedure, jot down on paper the ID number(s) of the classifier(s) you want to assign to the ACL and the action of the ACL, which can be either Permit or Deny. An action of Permit instructs the port to accept packets from the defined traffic flow of the classifier, while an action of Deny discards the packets.
AT-S62 Management Software Web Browser Interface User’s Guide Description A description of the ACL. Action The action of the ACL. An action of Permit means the ACL accepts packets that match the traffic flows defined by the classifiers. An action of Deny means that the ACL discards ingress packets that match the defined traffic flows, provided that the packets do not also meet the criteria of a Permit ACL. (A Permit ACL overrides a Deny ACL.) Active The status of the ACL.
Chapter 13: Access Control Lists Action Use this menu to specify the action of the ACL. Deny, which is the default, discards ingress packets that match the defined traffic flow of the classifier. Permit accepts the packets. The default is Deny. Description Use this field to enter a description for the ACL. A description can be up to 15 alphanumeric characters, including spaces. A description is optional. Port List Use this list to specify the port where you want to assign the ACL.
AT-S62 Management Software Web Browser Interface User’s Guide Modifying an Access Control List To modify an ACL, perform the following procedure: 1. From the Home Page, select Configuration. 2. Select the Network Security menu selection. 3. Select the ACL tab. The ACL tab is shown in Figure 37 on page 148. 4. Click the dialog circle next to the ID number of the ACL you want to modify and click Modify. You can modify only one ACL at a time. The Modify ACLs page is shown in Figure 39. Figure 39.
Chapter 13: Access Control Lists Description Use this field to enter a description for the ACL. A description can be up to 15 alphanumeric characters, including spaces. Entering a description is optional. Port List Use this list to specify the port where you want to assign the ACL. You can assign an ACL to more than one port. To select multiple ports, hold down the Ctrl key while making your selections.
AT-S62 Management Software Web Browser Interface User’s Guide Deleting an Access Control List To delete an ACL, perform the following procedure: 1. From the Home Page, select Configuration. 2. Select the Network Security menu selection. 3. Select the ACL tab. The ACL tab is shown in Figure 37 on page 148. 4. Click the dialog circle next to the ID number of the ACL you want to delete and click Delete. You can delete only one ACL at a time. The ACL is immediately deleted. 5.
Chapter 13: Access Control Lists Displaying the Access Control Lists To display the current ACLs on the switch, perform the following procedure: 1. From the Home Page, select Monitoring. 2. From the Monitoring menu, select the Network Security menu selection. 3. Select the ACL tab. The ACL tab displays a table of the currently configured ACLs that contains the following columns of information: ID The ID number of the ACL. Description A description of the ACL. Action The action of the ACL.
Chapter 14 Quality of Service This chapter contains instructions on how to configure Quality of Service (QoS). This chapter contains the following procedures: “Managing Flow Groups” on page 156 “Managing Traffic Classes” on page 162 “Managing Policies” on page 169 Note For background information, refer to Chapter 15, “Quality of Service” in the AT-S62 Management Software Menus Interface User’s Guide.
Chapter 14: Quality of Service Managing Flow Groups Flow groups are groups of classifiers that group together similar traffic flows. This section contains the following procedures: Creating a Flow Group “Creating a Flow Group” on page 156 “Modifying a Flow Group” on page 158 “Deleting a Flow Group” on page 160 “Displaying Flow Groups” on page 160 To create a flow group, perform the following procedure: 1. From the Home Page, select Configuration. 2. Select the Services menu selection. 3.
AT-S62 Management Software Web Browser Interface User’s Guide Active The active status of the flow group. A flow group is deemed active if it is part of a policy that is assigned to a switch port. A flow group is considered inactive if it is not a part of any policies or if the policies have not been assigned to any ports. Parent Traffic Class ID The traffic class to which the flow group is assigned. Classifier List The classifiers assigned to the flow group. 4. Click Create.
Chapter 14: Quality of Service Description Specifies the flow group description. A description can be up to 15 alphanumeric characters, including spaces. Priority (802.1p) Specifies a new user priority value for the packets. The range is 0 to 7. If you specify a new user priority value here and in Traffic Class, the value here overrides the value in Traffic Class. If you want the packets to retain the new value when they exit the switch, change Remark Priority to Yes.
AT-S62 Management Software Web Browser Interface User’s Guide The Modify Flow Group page is shown in Figure 42. Figure 42. Modify Flow Group Page 5. Configure the following parameters as necessary: ID Specifies the ID number for this flow group. You cannot change this value. DSCP Specifies a replacement value to write into the DSCP (TOS) field of the packets. The range is 0 to 63. A new DSCP value can be set at all three levels: flow group, traffic class, and policy.
Chapter 14: Quality of Service Classifier List The classifier to be assigned to the flow group. The specified classifier must already exist. You can assign more than one classifier to a flow group. To assign multiple classifiers, hold down the Ctrl key when making your selections. 6. Click Apply. The changes are immediately applied to the flow group. 7. To permanently save your changes, select the Save Config menu selection. Deleting a Flow Group This procedure explains how to delete a flow group.
AT-S62 Management Software Web Browser Interface User’s Guide Active The active status of the flow group. A flow group is deemed active if it is part of a policy that is assigned to a switch port. A flow group is considered inactive if it is not connected to any policies or if the policies have not been assigned to any ports. Parent Traffic Class ID The traffic class to which the flow group is assigned. Classifier List The classifiers assigned to the flow group. 4.
Chapter 14: Quality of Service Managing Traffic Classes Traffic classes consist of a set of QoS parameters and a group of QoS flow groups. This section contains the following procedures: Creating a Traffic Class “Creating a Traffic Class” on page 162 “Modifying a Traffic Class” on page 166 “Deleting a Traffic Class” on page 167 “Displaying the Traffic Classes” on page 168 To create a traffic class, perform the following procedure: 1. From the Home Page, select Configuration. 2.
AT-S62 Management Software Web Browser Interface User’s Guide Active Whether or not this traffic class is active on the switch. An active traffic class is part of a policy that is assigned to one or more switch ports. An inactive traffic class is not assigned to any policies or to policies that are not assigned to switch ports. Parent Policy ID The QoS policies to which the traffic class is assigned. Flow Group List The flow groups assigned to this traffic class. 4.
Chapter 14: Quality of Service forwarded after replacing the DSCP value with the new value specified in Exceed Remark Value. The default is drop. DSCP Specifies a replacement value to write into the DSCP (TOS) field of the packets. The range is 0 to 63. A new DSCP value can be set at all three levels: flow group, traffic class, and policy. A DSCP value specified in a flow group overrides a DSCP value specified at the traffic class or policy level.
AT-S62 Management Software Web Browser Interface User’s Guide Remark Priority Replaces the user priority value in the packets with the new value specified in the Priority parameter, if set to Yes. If set to No, which is the default, the packets retain their preexisting priority level when they leave the switch. Description Specifies the traffic class description. A description can be up to 15 alphanumeric characters, including spaces.
Chapter 14: Quality of Service If you specify a new user priority value here and in Flow Group, the value in Flow Group overwrites the value here. Flow Group List The flow groups assigned to this traffic class. Use click to select more than one. 6. When you are finished configuring the parameters, click Apply. The new traffic class is created on the switch. 7. To permanently save your changes, select the Save Config menu selection.
AT-S62 Management Software Web Browser Interface User’s Guide The Modify Traffic Class page is shown in Figure 45. Figure 45. Modify Traffic Class Page 5. Configure the following parameters as necessary. For descriptions of the parameters, refer to “Creating a Traffic Class” on page 162. 6. Click Apply. The changes are immediately implemented in the traffic class. 7. To permanently save your changes, select the Save Config menu selection.
Chapter 14: Quality of Service 4. Select the traffic class you want to delete and click Delete. The traffic class is deleted from the switch. Displaying the Traffic Classes To display the traffic classes, perform the following procedure: 1. From the Home page, select Monitoring. 2. From the Monitoring menu, select Services. 3. Select the Traffic Class tab.
AT-S62 Management Software Web Browser Interface User’s Guide Managing Policies QoS policies consist of a collection of user-defined traffic classes. This section contains the following procedures: Creating a Policy “Creating a Policy” on page 169 “Modifying a Policy” on page 172 “Deleting a Policy” on page 172 “Displaying Policies” on page 173 To create a policy, perform the following procedure: 1. From the Home Page, select Configuration. 2. Select the Services menu selection. 3.
Chapter 14: Quality of Service Active Whether or not this policy is active on the switch. An active policy is assigned to one or more switch ports. An inactive policy is not assigned to any switch ports. Traffic Class List The traffic classes assigned to the policy. Ingress Port List The ingress ports to which the policy is assigned. 4. Click Create. The Create Policy page is shown in Figure 47. Figure 47. Create Policy Page 5.
AT-S62 Management Software Web Browser Interface User’s Guide All - All packets are remarked. DSCP Value Specifies a replacement value to write into the DSCP (TOS) field of the packets. The range is 0 to 63. A new DSCP value can be set at all three levels: flow group, traffic class, and policy. A DSCP value specified in a flow group overrides a DSCP value specified at the traffic class or policy level.
Chapter 14: Quality of Service Modifying a Policy To modify a policy, perform the following procedure: 1. From the Home Page, select Configuration. 2. Select the Services menu selection. 3. Select the Policies tab. The Policies tab is shown in Figure 46 on page 169. 4. Select the policy to modify from the list and click Modify. The Modify Policy page is shown in Figure 48. Figure 48. Modify Policy Page 5. Modify the parameters as necessary.
AT-S62 Management Software Web Browser Interface User’s Guide The Policies tab is shown in Figure 46 on page 169. 4. Do one of the following: Displaying Policies To delete just one policy, select the policy from the list and click Delete. To delete all the policies, click Purge. To display the policies, perform the following procedure: 1. From the Home Page, select Monitoring. 2. Select the Services menu selection. 3. Select the Policies tab.
Chapter 14: Quality of Service 174 Section II: Advanced Operations
Chapter 15 Class of Service This chapter contains instructions on how to configure Class of Service (CoS).
Chapter 15: Class of Service Configuring CoS This procedure sets the Class of Service priority level for ingress untagged packets on a port. The priority level dictates which priority queue the packets are stored in on the egress port. In the default settings, ingress untagged packets on a port are assigned a priority level of 0 and are stored in egress queue Q1 on the egress port. This procedure also overrides the priority level in tagged ingress packets.
AT-S62 Management Software Web Browser Interface User’s Guide The CoS Setting for Port page is shown in Figure 50. Figure 50. CoS Setting for Port Page 6. Use the Priority list to select a new Class of Service priority level for the port. The default is level 0. The new priority level will apply to all ingress untagged packets. (If you perform Step 7 and override the priority level in tagged packets, the new priority level will also apply to all ingress tagged packets.) 7.
Chapter 15: Class of Service Mapping CoS Priorities to Egress Queues This procedure explains how to change the default mappings of CoS priorities to egress priority queues, shown in Table 6. This is set at the switch level. Table 6. Default Mappings of IEEE 802.1p Priority Levels to Egress Priority Queues IEEE 802.1p Priority Level Egress Port Priority Queue 0 Q1 1 Q0 2 Q0 3 Q1 4 Q2 5 Q2 6 Q3 7 Q3 To change the mappings, perform the following procedure. 1.
AT-S62 Management Software Web Browser Interface User’s Guide The Scheduling tab is shown in Figure 51. Figure 51. Queuing and Scheduling Tab Note The Configure Egress Weights section in the tab is explained in the next procedure, “Configuring Egress Scheduling” on page 180. 4. In the Configure CoS Queues to Egress Queues section of the tab, click the list for a CoS priority whose queue assignment you want to change and select the new queue.
Chapter 15: Class of Service Configuring Egress Scheduling This procedure explains how to select and configure a scheduling method for QoS. Scheduling determines the order in which the ports handle packets in their egress queues. For an explanation of the two scheduling methods, refer to the AT-S62 Menus Interface User’s Guide. Scheduling is set at the switch level. You cannot set this at the port level. To change scheduling, perform the following procedure. 1. From the Home Page, select Configuration. 2.
AT-S62 Management Software Web Browser Interface User’s Guide Displaying the CoS Settings To display the CoS settings, do the following: 1. From the Home page, select Monitoring. 2. From the Monitoring menu, select the Services menu option. 3. Select the CoS tab. 4. Click the port whose CoS settings you want to view. You can select more than one port at a time. A selected port turns white. (To deselect a port, click it again.) 5. Click View. The CoS Setting for Port page is shown for the selected port.
Chapter 15: Class of Service Displaying QoS Queuing and Scheduling To display QoS queuing and scheduling, do the following: 1. From the Home page, select Monitoring. 2. From the Monitoring menu, select the Services menu option. 3. Select the Queuing & Scheduling tab. The upper section of the tab displays the CoS priority to egress queue assignments. The lower half displays the egress weight settings.
Chapter 16 IGMP Snooping This chapter describes how to configure the IGMP snooping feature on the switch. Sections in the chapter include: “Configuring IGMP Snooping” on page 184 “Displaying a List of Host Nodes and Multicast Routers” on page 187 Note For background information, refer to Chapter 17, “IGMP Snooping” in the AT-S62 Management Software Menus Interface User’s Guide.
Chapter 16: IGMP Snooping Configuring IGMP Snooping To configure IGMP snooping from a web browser management session, perform the following procedure: 1. From the Home Page, select Configuration. 2. Select the Multicast menu option. The IGMP tab is shown in Figure 52. Figure 52. IGMP Tab (Configuration) 3. Adjust the IGMP parameters as necessary. The parameters are explained below: Enable IGMP Snooping Enables and disables IGMP snooping on the switch. A check in the box indicates that IGMP is enabled.
AT-S62 Management Software Web Browser Interface User’s Guide router and simultaneously ceases transmission of any further multicast packets out the port where the host node is connected. The Intermediate (Multi-Host) setting is appropriate if there is more than one host node connected to a switch port, such as when a port is connected to an Ethernet hub to which multiple host nodes are connected.
Chapter 16: IGMP Snooping This parameter is useful with networks that contain a large number of multicast groups. You can use the parameter to prevent the switch’s MAC address table from filling up with multicast addresses, leaving no room for dynamic or static MAC addresses. The range is 1 address to 2048 addresses. The default is 256 multicast addresses. 4. After setting the IGMP snooping parameters, click Apply. A change to an IGMP parameter is immediately implemented on the switch. 5.
AT-S62 Management Software Web Browser Interface User’s Guide Displaying a List of Host Nodes and Multicast Routers You can use the AT-S62 software to display a list of the multicast groups on a switch, as well as the host nodes. You can also view the multicast routers. A multicast router is a router that is receiving multicast packets from a multicast application and transmitting the packets to host nodes. To view host nodes and multicast routers, perform the following procedure: 1.
Chapter 16: IGMP Snooping Router IP The IP address of the port on the router.
Chapter 17 Denial of Service Defense This chapter contains instructions on how to configure the Denial of Service defense feature on the switch. The sections include: “Configuring Denial of Service Attack Defense” on page 190 “Displaying the DoS Settings” on page 193 Note For background information, refer to Chapter 18, “Denial of Service Defenses” in the AT-S62 Management Software Menus Interface User’s Guide. Be sure to read the background information before implementing a DoS defense.
Chapter 17: Denial of Service Defense Configuring Denial of Service Attack Defense To configure the ports on the switch for a Denial of Service defense, perform the following procedure: 1. From the Home Page, select Configuration. 2. From the Configuration menu, select Network Security. 3. Select the DoS tab. The DoS tab is shown in Figure 53. Figure 53. DoS Tab 4. If you are implementing the SMURF or Land defense, you must provide an IP address and mask for your LAN.
AT-S62 Management Software Web Browser Interface User’s Guide c. If you are activating the Land defense, in the DoS Uplink Port field enter the number of the port connected to the device (e.g., DSL router) that leads outside your network. You can specify only one uplink port. The default is the highest numbered existing port in the switch. For example, the default uplink port for an AT-8524M switch with no installed expansion modules would be Port 24. 5.
Chapter 17: Denial of Service Defense where you can connect a data analyzer. To define the destination port, refer to “Creating a Port Mirror” on page 102. 9. Click Apply. The defense is immediately activated or deactivated on the ports. 10. To permanently save your changes, select the Save Config menu selection.
AT-S62 Management Software Web Browser Interface User’s Guide Displaying the DoS Settings To display the DoS settings, do the following: 1. From the Home page, select Monitoring. 2. From the Monitoring menu, select the Security option. 3. Select the DoS tab. The DoS tab is shown in Figure 55. Figure 55. DoS Tab (Monitoring) 4. Click a port whose DoS settings you want to view. You can select more than one port at a time. 5.
Chapter 17: Denial of Service Defense 194 Section II: Advanced Operations
Chapter 18 Power Over Ethernet This chapter contains the procedures for configuring Power over Ethernet (PoE) for an AT-8524POE switch. Sections in the chapter include: “Setting the PoE Threshold” on page 196 “Configuring PoE Port Settings” on page 198 “Displaying PoE Status and Settings” on page 201 Note PoE only applies to the AT-8524POE switch. For background information, refer to Chapter 19, “Power Over Ethernet” in the AT-S62 Management Software Menus Interface User’s Guide.
Chapter 18: Power Over Ethernet Setting the PoE Threshold The PoE threshold is a percentage of the total maximum PoE power on the switch, which for the AT-8524POE switch is 400 W. The switch sends an SNMP trap to your management workstation and enters an event in the event log whenever the total power requirements of the powered devices exceed the threshold. At the default setting of 95%, the threshold is 380 W, which is 95% of 400 W. The threshold is adjustable.
AT-S62 Management Software Web Browser Interface User’s Guide The Maximum Available Power field displays the maximum amount of PoE available from the switch for the powered devices connected to its ports. This value is 400W for the AT-8524POE switch. This value cannot be changed. 4. In the Power Threshold field, enter the new threshold value as a percentage of the total available PoE power on the switch.
Chapter 18: Power Over Ethernet Configuring PoE Port Settings This procedure enables and disables PoE on a port. This procedure also sets a port’s priority level and its maximum power usage. The default setting for PoE on a port is enabled. You do not have to disable PoE on ports connected to non-powered devices (that is, devices that receive their power from another power source). A port connected to a network node that is not a powered device functions as a regular Ethernet port, without PoE.
AT-S62 Management Software Web Browser Interface User’s Guide The PoE Port Configuration menu is shown in Figure 57. Figure 57. PoE Port Configuration Page The top portion of the page displays the PoE operating status of the selected ports. The columns are defined here: Port Port number. PoE Function Whether PoE is enabled or disabled on the port. The default setting is enabled. Power Consumed The amount of power in milliwatts currently consumed by the powered device connected to the port.
Chapter 18: Power Over Ethernet Power Status Whether power is being supplied to the device. Status will be one of the following: ON: Power is being supplied to a powered device. OFF - Disabled by user: PoE is disabled on the port. Off - Detection in process: PoE is enabled on the port, but either no device is connected to the port or the device is not a powered device. 6. To enable or disable PoE on a port, set PoE Function to either Enable or Disable. The default is enabled. 7.
AT-S62 Management Software Web Browser Interface User’s Guide Displaying PoE Status and Settings Use this procedure to display PoE status and settings at the switch and port level. To display PoE information, do the following: 1. From the Home Page, select Configuration. 2. Select the System menu option. 3. Select the Power Over Ethernet tab. Note The Power Over Ethernet tab appears only for AT-8524POE switches.
Chapter 18: Power Over Ethernet Power Limit The maximum amount of power allowed by the port for the device. The default is 15,400 milliwatts (15.4 W). Power Priority The port priority. This can be Critical, High, or Low. The default is Low. Power Class The IEEE 802.3af class of the device. Voltage The voltage being delivered to the powered device Current The current drawn by the powered device. Power Status Whether power is being supplied to the device.
Section III SNMPv3 Operations This section contains the following chapter: Section III: SNMPv3 Operations Chapter 19: “SNMPv3” on page 205 203
Section III: SNMPv3 Operations
Chapter 19 SNMPv3 This chapter explains how to configure the switch for SNMPv3 management.
Chapter 19: SNMPv3 Enabling the SNMP Protocol In order to allow an NMS (an SNMP manager) to access the switch, you need to enable SNMP access. In addition, to allow the switch to send a trap when it receives a request message, you need to enable authentication failure traps. This section provides a procedure to accomplish both of these tasks. To enable SNMP access and authentication failure traps, perform the following procedure. 1. From the Home Page, select Configuration. 2.
AT-S62 Management Software Web Browser Interface User’s Guide 4. To enable SNMP Access, click the box next to Enable SNMP Access. Use this parameter to enable the switch to be remotely managed with an SNMP application program. Note If the check box in the Enable SNMP Access box is empty, the switch cannot be managed through SNMP. This is the default. 5. To enable authentication failure traps to be sent on behalf of the switch, click the box next to Enable Authentication Failure Trap. 6.
Chapter 19: SNMPv3 Configuring the SNMPv3 User Table You can create, delete, and modify an SNMPv3 User Table entry. See the following procedures: “Creating a User Table Entry” on page 208 “Deleting a User Table Entry” on page 211 “Modifying a User Table Entry” on page 211 For reference information about the SNMPv3 User Table, refer to the AT-S62 Menus Interface User’s Guide. Creating a User Table Entry To create an entry in the SNMPv3 User Table, perform the following procedure. 1.
AT-S62 Management Software Web Browser Interface User’s Guide 5. Click the Add button to add a new SNMPv3 User Table entry. The Add New SNMPv3 User Page is shown in Figure 60 Figure 60. Add New SNMPv3 User Page 6. In the User Name field, enter a name, or logon id, that consists of up to 32 alphanumeric characters 7. In the Authentication Protocol field, enter an authentication protocol. This is an optional parameter. Select one of the following: MD5 This value represents the MD5 authentication protocol.
Chapter 19: SNMPv3 8. In the Authentication Password field, enter an authentication password of up to 32 alphanumeric characters. 9. In the Confirm Authentication Password field, re-enter the authentication password. Note If you have the AT-S60 software version 2.1.0 that does not contain the encryption features, then the Privacy Protocol field is read-only field and it is set to None.
AT-S62 Management Software Web Browser Interface User’s Guide Note The Row Status parameter is a read-only field in the Web interface. The Active value indicates the SNMPv3 User Table entry takes effect immediately. 14. Click Apply to update the SNMPv3 User Table. 15. To save your changes, select the Save Config menu selection. Deleting a User Table Entry To delete an entry in the SNMPv3 User Table, perform the following procedure. 1. From the Home Page, select Configuration. 2.
Chapter 19: SNMPv3 The Modify SNMPv3 User Page is shown in Figure 61. Figure 61. Modify SNMPv3 User Page 6. In the Authentication Protocol field, enter an authentication protocol. This is an optional parameter. Select one of the following: MD5 This value represents the MD5 authentication protocol. With this selection, users are authenticated with the MD5 authentication protocol after a message is received. With this selection, you can configure a Privacy Protocol.
AT-S62 Management Software Web Browser Interface User’s Guide 7. In the Authentication Password field, enter an authentication password of up to 32 alphanumeric characters. 8. In the Confirm Authentication Password field, re-enter the authentication password. Note If you have the AT-S60 software version 2.1.0 that does not contain the encryption features, then the Privacy Protocol field is read-only field and it is set to None.
Chapter 19: SNMPv3 Note The Row Status parameter is a read-only field in the Web interface. The Active value indicates the SNMPv3 User Table entry takes effect immediately. 13. Click Apply to update the SNMPv3 User Table. 14. To save your changes, select the Save Config menu selection.
AT-S62 Management Software Web Browser Interface User’s Guide Configuring the SNMPv3 View Table You can create, delete, and modify an SNMPv3 View Table entry. See the following procedures: “Creating a View Table Entry” on page 215 “Deleting a View Table Entry” on page 218 “Modifying a View Table Entry” on page 219 For reference information about the SNMPv3 View Table, see “Configuring the SNMPv3 View Table” on page 215.
Chapter 19: SNMPv3 5. To create a new SNMPv3 View Table entry click Add. The Add New SNMPv3 View Page is shown in Figure 63. Figure 63. Add New SNMPv3 View Page 6. In the View Name field, enter a descriptive name of this view. Assign a name that reflects the subtree OID, for example, “internet.” Enter a unique name of up to 32 alphanumeric characters. Note The “defaultViewAll” value is the default entry for the SNMPv1 and SNMPv2c configuration.
AT-S62 Management Software Web Browser Interface User’s Guide the MIB tree. The value of the Subnet Mask parameter is dependent on the subtree you select. See RFC 2575 for detailed information about defining a subnet mask. 9. In the View Type field, enter one of the following view types: Included Enter this value to permit the user to see the subtree specified above. Excluded Enter this value to not permit the user to see the subtree specified above. 10.
Chapter 19: SNMPv3 Deleting a View Table Entry To delete an entry in the SNMPv3 View Table, perform the following procedure. 1. From the Home Page, select Configuration. 2. Select the Mgmt Protocols menu selection. 3. Select the SNMP Tab. The SNMP Tab is shown in Figure 58 on page 206. 4. In the SNMPv3 section of the page, click the circle next to Configure View Table. Then click Configure. 5. The SNMPv3 View Table Page is shown in Figure 62 on page 215. 6.
AT-S62 Management Software Web Browser Interface User’s Guide Modifying a View Table Entry To modify an entry in the SNMPv3 View Table, perform the following procedure. 1. From the Home Page, select Configuration. 2. Select the Mgmt Protocols menu selection. 3. Select the SNMP Tab. The SNMP Tab is shown in Figure 58 on page 206. 4. In the SNMPv3 section of the page, click the circle next to Configure View Table. Then click Configure at the bottom of the page.
Chapter 19: SNMPv3 7. In the View Type field, enter one of the following view types: Included Enter this value to permit the View Name to see the subtree specified above. Excluded Enter this value to not permit the View Name to see the subtree specified above. 8. In the Storage Type field, enter a storage type for this table entry: Volatile Select this storage type if you do not want the ability to save an entry in the Target Parameters Table to the configuration file.
AT-S62 Management Software Web Browser Interface User’s Guide Configuring the SNMPv3 Access Table You can create, delete, and modify an SNMPv3 Access Table entry. See the following procedures: “Creating an Access Table” on page 221 “Deleting an Access Table Entry” on page 226 “Modifying an Access Table Entry” on page 227 For reference information about the SNMPv3 Access Table, see “Configuring the SNMPv3 Access Table” on page 221.
Chapter 19: SNMPv3 Figure 65. SNMPv3 Access Table Page 5. To create an SNMPv3 Access Table entry, click Add. The Add New SNMPv3 Access Page is shown in Figure 66. Figure 66.
AT-S62 Management Software Web Browser Interface User’s Guide 6. In the Group Name field, enter a descriptive name of the group. The Group Name can consist of up to 32 alphanumeric characters. You are not required to enter a unique value here because the SNMPv3 Access Table entry is indexed with the Group Name, Security Model, and Security Level parameter values. However, a unique group name makes it easier for you to tell the groups apart.
Chapter 19: SNMPv3 v1 Select this value to associate the Group Name with the SNMPv1 protocol. v2c Select this value to associate the Group Name with the SNMPv2c protocol. v3 Select this value to associate the Group Name with the SNMPv3 protocol. 11. In the Security Level field, enter a security level. Select one of the following security levels: No Authentication/Privacy This option represents neither an authentication nor privacy protocol.
AT-S62 Management Software Web Browser Interface User’s Guide the Access Table to the configuration file. After making changes to an Access Table entry with a Volatile storage type, the Save Config menu selection does not appear. NonVolatile Select this storage type if you want the ability to save an entry in the Access Table to the configuration file. After making changes to an Access Table entry with a NonVolatile storage type, the Save Config menu selection appears.
Chapter 19: SNMPv3 Deleting an Access Table Entry To delete an entry in the SNMPv3 Access Table, perform the following procedure. 1. From the Home Page, select Configuration. 2. Select the Mgmt Protocols menu selection. 3. Select the SNMP Tab. The SNMP Tab is shown in Figure 58 on page 206. 4. In the SNMPv3 section of the page, click the circle next to Configure Access Table. Then click Configure at the bottom of the page. The SNMPv3 Access Table Page is shown in Figure 65 on page 222. 5.
AT-S62 Management Software Web Browser Interface User’s Guide Modifying an Access Table Entry To modify an entry in the SNMPv3 Access Table, perform the following procedure. 1. From the Home Page, select Configuration. 2. Select the Mgmt Protocols menu selection. 3. Select the SNMP Tab. The SNMP Tab is shown in Figure 58 on page 206. 4. In the SNMPv3 section of the page, click the circle next to Configure Access Table. Then click Configure at the bottom of the page.
Chapter 19: SNMPv3 This parameter allows the users assigned to this Group Name to view the information specified by the View Table entry. This value does not need to be unique. 8. In the Write View Name field, enter a value that you configured with the View Name parameter in the View Table. This parameter allows the users assigned to this Security Group to write, or modify, the information in the specified View Table. This value does not need to be unique. 9.
AT-S62 Management Software Web Browser Interface User’s Guide Configuring the SNMPv3 SecurityToGroup Table You can create, delete, and modify an SNMPv3 SecurityToGroup Table entry. See the following procedures: “Creating a SecurityToGroup Table Entry” on page 229 “Deleting a SecurityToGroup Table Entry” on page 231 “Modifying a SecurityToGroup Table Entry” on page 232 For reference information about the SNMPv3“Configuring the SNMPv3 SecurityToGroup Table” on page 229.
Chapter 19: SNMPv3 5. To create an SNMPv3 SecurityToGroup Table entry, click Add. The Add New SNMPv3 SecurityToGroup Page is shown in Figure 69. Figure 69. Add New SNMPv3 SecurityToGroup Page 6. In the Security Model field, select the SNMP protocol that was configured for this User Name. Choose from the following: v1 Select this value to associate the User Name with the SNMPv1 protocol. v2c Select this value to associate the User Name with the SNMPv2c protocol.
AT-S62 Management Software Web Browser Interface User’s Guide defaultV1GroupReadWrite defaultV2cGroupReadOnly defaultV2cGroupReadWrite 9. In the Storage Type field, select one of the following storage types for this table entry: Volatile Select this storage type if you do not want the ability to save an entry in the SecurityToGroup Table to the configuration file. After making changes to a SecurityToGroup Table entry with a Volatile storage type, the Save Config menu selection does not appear.
Chapter 19: SNMPv3 A warning message is displayed. Click OK to remove the SNMPv3 SecurityToGroup Table entry. 6. To save your changes, select the Save Config menu selection. Modifying a SecurityToGroup Table Entry To modify an entry SNMPv3 SecurityToGroup Table, perform the following procedure. 1. From the Home Page, select Configuration. 2. Select the Mgmt Protocols menu selection. 3. Select the SNMP Tab. The SNMP Tab is shown in Figure 58 on page 206. 4.
AT-S62 Management Software Web Browser Interface User’s Guide defaultV1GroupReadWrite defaultV2cGroupReadOnly defaultV2cGroupReadWrite 7. In the Storage Type field, select one of the following storage types for this table entry: Volatile Select this storage type if you do not want the ability to save an entry in the SecurityToGroup Table to the configuration file. After making changes to a SecurityToGroup Table entry with a Volatile storage type, the Save Config menu selection does not appear.
Chapter 19: SNMPv3 Configuring the SNMPv3 Notify Table You can create, delete, and modify an SNMPv3 Notify Table entry. See the following procedures: “Creating a Notify Table Entry” on page 234 “Deleting a Notify Table Entry” on page 236 “Modifying a Notify Table Entry” on page 237 For reference information about the SNMPv3 Notify Table, see “Configuring the SNMPv3 Notify Table” on page 234.
AT-S62 Management Software Web Browser Interface User’s Guide 5. To create an SNMPv3 Notify Table entry, click Add. The Add New SNMPv3 Notify Page is shown in Figure 72. Figure 72. Add New SNMPv3 Notify Page 6. In the Notify Name field, enter the name associated with this trap message. Enter a descriptive name of up to 32 alphanumeric characters. For example, you might want to define a trap message for hardware engineering and enter a value of “hardwareengineeringtrap” for the Notify Name. 7.
Chapter 19: SNMPv3 NonVolatile Select this storage type if you want the ability to save an entry in the Notify Table to the configuration file. After making changes to a Notify Table entry with a NonVolatile storage type, the Save Config menu selection appears. Note The Row Status parameter is a read-only field in the Web interface. The Active value indicates the SNMPv3 Notify Table entry takes effect immediately. 10. Click Apply to update the SNMPv3 Notify Table. 11.
AT-S62 Management Software Web Browser Interface User’s Guide Modifying a Notify Table Entry To modify an entry in the SNMPv3 Notify Table, perform the following procedure. 1. From the Home Page, select Configuration. 2. Select the Mgmt Protocols menu selection. 3. Select the SNMP Tab. The SNMP Tab is shown in Figure 58 on page 206. 4. In the SNMPv3 section of the page, click the circle next to Configure Notify Table. Then click Configure at the bottom of the page.
Chapter 19: SNMPv3 8. In the Storage Type field, select one of the following storage types for this table entry: Volatile Select this storage type if you do not want the ability to save an entry in the Notify Table to the configuration file. After making changes to an Notify Table entry with a Volatile storage type, the Save Config menu selection does not appear. NonVolatile Select this storage type if you want the ability to save an entry in the Notify Table to the configuration file.
AT-S62 Management Software Web Browser Interface User’s Guide Configuring the SNMPv3 Target Address Table You can create, delete, and modify an SNMPv3 Target Address Table entry. See the following procedures: “Creating a Target Address Table Entry” on page 239 “Deleting a Target Address Table Entry” on page 242 “Modifying Target Address Table Entry” on page 243 For reference information about the SNMPv3 Target Address Table, see “Configuring the SNMPv3 Target Address Table” on page 239.
Chapter 19: SNMPv3 The SNMPv3 Target Address Table Page is shown in Figure 74. Figure 74. SNMPv3 Target Address Table Page 5. To create an SNMPv3 Target Address Table entry, click Add. The Add New SNMPv3 Target Address Table Page is shown in Figure 75. Figure 75.
AT-S62 Management Software Web Browser Interface User’s Guide 6. In the Target Address Name field, enter the name of the SNMP manager, or host, that manages the SNMP activity on your switch. You can enter a name of up to 32 alphanumeric characters. 7. In the IP Address field, enter the IP address of the host. Use the following format for an IP address: XXX.XXX.XXX.XXX 8. In the UDP Port Number field, enter a UDP port number. You can enter a UDP port in the range of 0 to 65,535. The default UDP port is 162.
Chapter 19: SNMPv3 changes to a Target Address Table entry with a Volatile storage type, the Save Config menu selection does not appear. NonVolatile Select this storage type if you want the ability to save an entry in the Target Address Table to the configuration file. After making changes to a Target Address Table entry with a NonVolatile storage type, the Save Config menu selection appears. Note The Row Status parameter is a read-only field in the Web interface.
AT-S62 Management Software Web Browser Interface User’s Guide Modifying Target Address Table Entry To modify an entry in the SNMPv3 Target Address Table, perform the following procedure. 1. From the Home Page, select Configuration. 2. Select the Mgmt Protocols menu selection. 3. Select the SNMP Tab. The SNMP Tab is shown in Figure 58 on page 206. 4. In the SNMPv3 section of the page, click the circle next to Configure Target Address Table. Then click Configure at the bottom of the page.
Chapter 19: SNMPv3 8. In the UDP Port Number field, enter a UDP port number. You can enter a UDP port in the range of 0 to 65,535. The default UDP port is 162. 9. In the Timeout field, enter a timeout value in milliseconds. When an Inform message is generated, it requires a response from the switch. The timeout value determines how long the switch considers the Inform message an active message. This parameter applies to Inform messages only. The range is from 0 to 2,147,483,647 milliseconds.
AT-S62 Management Software Web Browser Interface User’s Guide 15. To save your changes, select the Save Config menu selection.
Chapter 19: SNMPv3 Configuring the SNMPv3 Target Parameters Table You can create, delete, and modify an SNMPv3 Target Parameters Table entry. See the following procedures: “Creating a Target Address Table Entry” on page 239 “Deleting a Target Address Table Entry” on page 242 “Modifying Target Address Table Entry” on page 243 For reference information about the SNMPv3 Target Parameters Table, see “Configuring the SNMPv3 Target Parameters Table” on page 246.
AT-S62 Management Software Web Browser Interface User’s Guide 5. To create an SNMPv3 Target Parameters Table entry, click Add. The Add New SNMPv3 Target Parameter Table Page is shown in Figure 78. Figure 78. Add New SNMPv3 Target Parameters Table Page 6. In the Target Parameters Name field, enter a name of the SNMP manager or host. Enter a value of up to 32 alphanumeric characters. Note Enter a value for the Message Processing Model parameter only if you select SNMPv1 or SNMPv2c as the Security Model.
Chapter 19: SNMPv3 v3 Select this value to process messages with the SNMPv3 protocol. 8. In the Security Model field, select one of the following SNMP protocols as the Security Model for this Security Name, or User Name. v1 Select this value to associate the Security Name, or User Name, with the SNMPv1 protocol. v2c Select this value to associate the Security Name, or User Name, with the SNMPv2c protocol. v3 Select this value to associate the Security Name, or User Name, with the SNMPv3 protocol. 9.
AT-S62 Management Software Web Browser Interface User’s Guide Privacy This option represents authentication and the privacy protocol. Select this security level to allow authentication and encryption. This level provides the greatest level of security. You can select this value if you configured the Security Model parameter with the SNMPv3 protocol. 11.
Chapter 19: SNMPv3 A warning message is displayed. Click OK to remove the Target Parameters Table entry. 6. To save your changes, select the Save Config menu selection. Modifying a Target Parameters Table Entry To modify an SNMPv3 Target Parameters Table entry, perform the following procedure. 1. From the Home Page, select Configuration. 2. Select the Mgmt Protocols menu selection. 3. Select the SNMP Tab. The SNMP Tab is shown in Figure 58 on page 206. 4.
AT-S62 Management Software Web Browser Interface User’s Guide Note Enter a value for the Message Processing Model field only if you select SNMPv1 or SNMPv2c as the Security Model. If you select the SNMPv3 protocol as the Security Model, then the switch automatically assigns the Message Processing Model to SNMPv3. 6. In the Message Processing Model field, enter a Security Model that is used to process messages.
Chapter 19: SNMPv3 No Authentication/Privacy This option represents neither an authentication nor privacy protocol. Select this security level if you do not want to authenticate users and you do not want to encrypt messages using a privacy protocol. This security level provides the least security. Note If you have selected SNMPv1 or SNMPv2c as the Security Model, you must select No Authentication/Privacy as the Security Level. Authentication This option represents authentication, but no privacy protocol.
AT-S62 Management Software Web Browser Interface User’s Guide Configuring the SNMPv3 Community Table You can create, delete, and modify an SNMPv3 Community Table entry. See the following procedures: “Creating an SNMPv3 Community Table Entry” on page 253 “Deleting an SNMPv3 Community Table Entry” on page 256 “Modifying an SNMPv3 Community Table Entry” on page 257 For reference information about the SNMPv3 Community Table, see “Configuring the SNMPv3 Community Table” on page 253.
Chapter 19: SNMPv3 Figure 80. SNMPv3 Community Table Page 5. To create an SNMPv3 Community Table entry, click Add. The Add New SNMPv3 Community Table Page is shown in Figure 81. Figure 81.
AT-S62 Management Software Web Browser Interface User’s Guide 6. In the Community Index field, enter a numerical value for this Community. This parameter is used to index the other parameters in an SNMPv3 Community Table entry. Enter a value of up to 32- alphanumeric characters. 7. In the Community Name field, enter a Community Name of up to 64-alphanumeric characters. The value of the Community Name parameter acts as a password for the SNMPv3 Community Table entry. This parameter is case sensitive.
Chapter 19: SNMPv3 NonVolatile Select this storage type if you want the ability to save an entry in the SNMPv3 Community Table to the configuration file. After making changes to an SNMPv3 Community Table entry with a NonVolatile storage type, the Save Config menu selection appears. Note The Row Status parameter is a read-only field in the Web interface. The Active value indicates the SNMPv3 Community Table entry takes effect immediately. 11. Click Apply to update the SNMPv3 Community Table. 12.
AT-S62 Management Software Web Browser Interface User’s Guide Modifying an SNMPv3 Community Table Entry To modify an entry in the SNMPv3 Community Table, perform the following procedure. 1. From the Home Page, select Configuration. 2. Select the Mgmt Protocols menu selection. 3. Select the SNMP Tab. The SNMP Tab is shown in Figure 58 on page 206. 4. In the SNMPv3 section of the page, click the circle next to Configure Community Table. Then click Configure at the bottom of the page.
Chapter 19: SNMPv3 7. In the Security Name field, enter a name of an SNMPv1 and SNMPv2c user. This name must be unique. Enter a value of up to 32 alphanumeric characters. Note Do not use a value configured with the User Name parameter in the SNMPv3 User Table. 8. In the Transport Tag field, enter a name of up to 32 alphanumeric characters. The Transport Tag parameter links an SNMPv3 Community Table entry with an SNMPv3 Target Address Table entry.
AT-S62 Management Software Web Browser Interface User’s Guide Displaying SNMPv3 Tables This section contains procedures to display the SNMPv3 Tables.
Chapter 19: SNMPv3 Displaying User Table Entries To display entries in the SNMPv3 User Table, perform the following procedure. 1. From the Home Page, select Monitoring. 2. Select the Mgmt Protocols menu selection. 3. Select the SNMP Tab. 4. From the SNMP Monitoring Tab, click the circle next to View User Table. 5. Click View at the bottom of the page. The Monitoring, SNMPv3 User Table Page is shown in Figure 83. Figure 83.
AT-S62 Management Software Web Browser Interface User’s Guide Displaying View Table Entries To display entries in the SNMPv3 View Table, perform the following procedure. 1. From the Home Page, select Monitoring. 2. Select the Mgmt Protocols menu selection. 3. Select the SNMP Tab. 4. From the SNMP Monitoring Tab, click the circle next to View Table. 5. Click View at the bottom of the page. The Monitoring, SNMPv3 View Table Page is shown in Figure 84. Figure 84.
Chapter 19: SNMPv3 Displaying Access Table Entries To display entries in the SNMPv3 Access Table, perform the following procedure. 1. From the Home Page, select Monitoring. 2. Select the Mgmt Protocols menu selection. 3. Select the SNMP Tab. 4. From the SNMP Monitoring Tab, click the circle next to View Access Table. 5. Click View at the bottom of the page. The Monitoring, SNMPv3 Access Table Page is shown in Figure 85. Figure 85.
AT-S62 Management Software Web Browser Interface User’s Guide Displaying SecurityToGroup Table Entries To display entries in the SNMPv3 SecurityToGroup Table, perform the following procedure. 1. From the Home Page, select Monitoring. 2. Select the Mgmt Protocols menu selection. 3. Select the SNMP Tab. 4. From the SNMP Monitoring Tab, click the circle next to the View SecurityToGroup Table. 5. Click View at the bottom of the page. The Monitoring, SNMPv3 SecurityToGroup Table Page is shown in Figure 86.
Chapter 19: SNMPv3 Displaying Notify Table Entries To display entries in the SNMPv3 Notify Table, perform the following procedure. 1. From the Home Page, select Monitoring. 2. Select the Mgmt Protocols menu selection. 3. Select the SNMP Tab. 4. From the SNMP Monitoring Tab, click the circle next to View Notify Table. 5. Click View at the bottom of the page. The Monitoring, SNMPv3 Notify Table Page is shown in Figure 87. Figure 87.
AT-S62 Management Software Web Browser Interface User’s Guide Displaying Target Address Table Entries To display entries in the SNMPv3 Target Address Table, perform the following procedure. 1. From the Home Page, select Monitoring. 2. Select the Mgmt Protocols menu selection. 3. Select the SNMP Tab. 4. From the SNMP Monitoring Tab, click the circle next to View Target Address Table. 5. Click View at the bottom of the page. The Monitoring, SNMPv3 Target Address Table Page is shown in Figure 88. Figure 88.
Chapter 19: SNMPv3 Displaying Target Parameters Table Entries To display entries in the SNMPv3 Target Parameters Table, perform the following procedure. 1. From the Home Page, select Monitoring. 2. Select the Mgmt Protocols menu selection. 3. Select the SNMP Tab. 4. From the SNMP Monitoring Tab, click the circle next to the View Target Parameters Table. 5. Click View at the bottom of the page. The Monitoring, SNMPv3 Target Parameters Table Page is shown in Figure 88. Figure 89.
AT-S62 Management Software Web Browser Interface User’s Guide Displaying SNMPv3 Community Table Entries To display entries in the SNMPv3 Community Table, perform the following procedure. 1. From the Home Page, select Monitoring. 2. Select the Mgmt Protocols menu selection. 3. Select the SNMP Tab. 4. From the SNMP Monitoring Tab, click the circle next to the View Community Table. 5. Click View at the bottom of the page. The Monitoring, SNMPv3 Community Table Page is shown in Figure 90. Figure 90.
Chapter 19: SNMPv3 268 Section III: SNMPv3
Section IV Spanning Tree Protocols The chapter in this section explain the spanning tree protocols: Section IV: Spanning Tree Protocols Chapter 20: “Spanning Tree, Rapid Spanning Tree, and Multiple Spanning Tree Protocols” on page 271 269
Section IV: Spanning Tree Protocols
Chapter 20 Spanning Tree, Rapid Spanning Tree, and Multiple Spanning Tree Protocols This chapter explains how to configure the STP, RSTP and MSTP parameters on an AT-8500 Series switch from a web browser management session.
Chapter 20: Spanning Tree, Rapid Spanning Tree, and Multiple Spanning Tree Protocols Enabling or Disabling Spanning Tree To enable or disable spanning tree on the switch, do the following: 1. From the Home page, select Configuration. 2. From the Configuration menu, select Layer 2. 3. Select the Spanning Tree tab. The Spanning Tree tab is shown in Figure 91. Figure 91. Spanning Tree Tab (Configuration) 4.
AT-S62 Management Software Web Browser Interface User’s Guide 8. If you activated STP, go to “Configuring STP” on page 274. If you activated RSTP go to “Configuring RSTP” on page 279. If you selected MSTP, go to “Configuring MSTP” on page 283.
Chapter 20: Spanning Tree, Rapid Spanning Tree, and Multiple Spanning Tree Protocols Configuring STP Caution The bridge provides default STP parameters that are adequate for most networks. Changing them without prior experience and an understanding of how STP works might have a negative effect on your network. You should consult the IEEE 802.1d standard before changing any of the STP parameters. This procedure assumes that you have already designated STP as the active spanning tree on the switch.
AT-S62 Management Software Web Browser Interface User’s Guide 2. Adjust the STP bridge settings as needed. The parameters are described below. Bridge Priority The priority number for the bridge. This number is used in determining the root bridge for RSTP. The bridge with the lowest priority number is selected as the root bridge. If two or more bridges have the same priority value, the bridge with the numerically lowest MAC address becomes the root bridge.
Chapter 20: Spanning Tree, Rapid Spanning Tree, and Multiple Spanning Tree Protocols this aging time to test the age of stored configuration messages called bridge protocol data units (BPDUs). For example, if you use the default value 20, all bridges delete current configuration messages after 20 seconds. This parameter can be from 6 to 40 seconds.
AT-S62 Management Software Web Browser Interface User’s Guide Table 8. Port Priority Value Increments Port Priority Increment Increment Port Priority 0 0 8 128 1 16 9 144 2 32 10 160 3 48 11 176 4 64 12 192 5 80 13 208 6 96 14 224 7 112 15 240 2 - Port Cost The spanning tree algorithm uses the cost parameter to decide which port provides the lowest cost path to the root bridge for that LAN. The range is 0 to 65,535.
Chapter 20: Spanning Tree, Rapid Spanning Tree, and Multiple Spanning Tree Protocols 7. To permanently save the change, use the Save Changes button in the General tab. For directions, refer to “Saving Your Parameter Changes” on page 28.
AT-S62 Management Software Web Browser Interface User’s Guide Configuring RSTP Caution The bridge provides default RSTP parameters that are adequate for most networks. Changing them without prior experience and an understanding of how RSTP works might have a negative effect on your network. You should consult the IEEE 802.1w standard before changing any of the RSTP parameters. This procedure assumes that you have already designated RSTP as the active spanning tree on the switch.
Chapter 20: Spanning Tree, Rapid Spanning Tree, and Multiple Spanning Tree Protocols Note The Defaults button returns all RSTP settings to the default settings. 2. Adjust the parameters are desired. The parameters are defined below. 1 - Force Version This selection determines whether the bridge will operate with RSTP or in an STP-compatible mode. If you select RSTP, the bridge operates all ports in RSTP, except for those ports that receive STP BPDU packets.
AT-S62 Management Software Web Browser Interface User’s Guide MaxAge must be less than (2 x (ForwardingDelay - 1)) 6 - Bridge Identifier The MAC address of the bridge. The bridge identifier is used as a tie breaker in the selection of the root bridge when two or more bridges have the same bridge priority value. This value cannot be changed. 3. When you are finished configuring the parameters, click Apply. 4. To adjust RSTP port settings, click on the port in the switch image and click Modify.
Chapter 20: Spanning Tree, Rapid Spanning Tree, and Multiple Spanning Tree Protocols Table 11. RSTP Auto-Detect Port Costs Port Speed Port Cost 100 Mbps 200,000 1000 Mbps 20,000 Table 12 lists the RSTP port costs with Auto-Detect when the port is part of a port trunk. Table 12. RSTP Auto-Detect Port Trunk Costs Port Speed Port Cost 10 Mbps 20,000 100 Mbps 20,000 1000 Mbps 2,000 3 - Point-to-Point This parameter defines whether the port is functioning as a point-topoint port.
AT-S62 Management Software Web Browser Interface User’s Guide Configuring MSTP This section is divided into the following procedures: “Configuring MSTP and CIST Parameters” on page 283 “Associating VLANs to MSTIs” on page 286 “Configuring MSTP Port Parameters” on page 289 This procedure assumes that you have already designated MSTP as the active spanning tree on the switch. For instructions, refer to “Enabling or Disabling Spanning Tree” on page 272.
Chapter 20: Spanning Tree, Rapid Spanning Tree, and Multiple Spanning Tree Protocols The MSTP Spanning Tree tab is shown in Figure 96. Figure 96. MSTP Spanning Tree Tab Note This procedure explains the Configure MSTP Parameters and Configure CIST Parameters sections of the web page. The CIST/ MSTI Table is explained in “Associating VLANs to MSTIs” on page 286. The graphic image of the switch is described in “Configuring MSTP Port Parameters” on page 289.
AT-S62 Management Software Web Browser Interface User’s Guide 5. Adjust the bridge MSTP settings as needed. The parameters are described below. Force Version This selection determines whether the bridge will operate with MSTP or in an STP-compatible mode. If you select MSTP, the bridge operates all ports in MSTP, except those ports that receive STP or RSTP BPDU packets. If you select Force STP Compatible, the bridge uses its MSTP parameter settings, but sends only STP BPDU packets from the ports.
Chapter 20: Spanning Tree, Rapid Spanning Tree, and Multiple Spanning Tree Protocols Bridge Max Hops MSTP regions use this parameter to discard BPDUs. The Max Hop counter in a BPDU is decremented every time the BPDU crosses an MSTP region boundary. Once the counter reaches zero, the BPDU is deleted. Revision Level The revision level of an MSTP region. This is an arbitrary number that you assign to a region. The revision level must be the same on all bridges in a region.
AT-S62 Management Software Web Browser Interface User’s Guide The Add New MSTI window is shown in Figure 97. Figure 97. Add New MSTI Window b. In the MSTI ID field, enter a new MSTI ID. The range is 1 to 15. c. In the Priority field, enter a MSTI Priority value. This parameter is used in selecting a regional root for the MSTI. The range is 0 (zero) to 61,440 in increments of 4,096, with 0 being the highest priority. The default is 0. There are sixteen increments.
Chapter 20: Spanning Tree, Rapid Spanning Tree, and Multiple Spanning Tree Protocols The Modify MSTI window is shown in Figure 98. Figure 98. Modify MSTI Window c. In the Priority field, enter a new MSTI Priority value. This parameter is used in selecting a regional root for the MSTI. The range is 0 (zero) to 61,440 in increments of 4,096, with 0 being the highest priority. The default is 0.There are sixteen increments. You specify the increment representing the desired bridge priority value.
AT-S62 Management Software Web Browser Interface User’s Guide Configuring MSTP Port Parameters To configure MSTP port parameters, perform the following procedure: 1. Perform Steps 1 through 4 in the procedure “Configuring MSTP and CIST Parameters” on page 283 to display the Spanning Tree Expanded Web Page for MSTP. 2. In the diagram of the switch at the bottom of the MSTP Spanning Tree Expanded Web Page, click the port you want to configure. You can select more than one port at a time.
Chapter 20: Spanning Tree, Rapid Spanning Tree, and Multiple Spanning Tree Protocols Internal path cost Port priority When setting an MSTI-specific parameter, use the MSTI List in the window to select the intended MSTI. It should be noted that the MSTI List shows all of the spanning tree instances on the switch, and not just those where the selected port is currently a member.
AT-S62 Management Software Web Browser Interface User’s Guide Table 14. MSTP Auto Update Port Trunk Internal Path Costs Port Speed 1000 Mbps Port Cost 2,000 This is also an MSTI-specific parameter. Like the priority parameter, you can, using the MSTI List, assign a different internal path cost for each MSTI where the port is a member. MSTI List The MSTIs defined on the switch.
Chapter 20: Spanning Tree, Rapid Spanning Tree, and Multiple Spanning Tree Protocols Table 16 lists the MSTP port costs with the Auto setting when the port is part of a port trunk. Table 16. MSTP Auto External Path Trunk Costs Port Speed Port Cost 10 Mbps 20,000 100 Mbps 20,000 1000 Mbps 2,000 Edge Port This parameter defines whether the port is functioning as an edge port. For an explanation of this parameter, refer to the AT-S62 Menus Interface User’s Guide. 5.
AT-S62 Management Software Web Browser Interface User’s Guide Displaying Spanning Tree Settings To display the parameter settings for the active spanning tree, perform the following procedure: 1. From the Home page, select Monitoring. 2. From the Monitoring menu, select Layer 2. 3. Select the Spanning Tree tab. The Spanning Tree tab is shown in Figure 100. Figure 100.
Chapter 20: Spanning Tree, Rapid Spanning Tree, and Multiple Spanning Tree Protocols 294 Section IV: Spanning Tree Protocols
Section V Virtual LANs The chapters in this section explain virtual LANs (VLANs).
Section V: Virtual VLANs
Chapter 21 Port-based and Tagged Virtual LANs This chapter explains how to create, modify, and delete port-based and tagged VLANs from a web browser management session. This chapter also explains how to select a multiple VLAN mode.
Chapter 21: Port-based and Tagged Virtual LANs Creating a New Port-based or Tagged VLAN To create a new port-based or tagged VLAN, perform the procedure below: 1. From the Home Page, select Configuration. 2. Select the Layer 2 menu selection. 3. Select the VLAN tab. The VLAN tab is shown in Figure 101. Figure 101. VLAN Tab (Configuration) Note The Modify and Remove buttons are not included in the tab if the only VLAN on the switch is the Default_VLAN.
AT-S62 Management Software Web Browser Interface User’s Guide This tab lists the VLANs on the switch in a table with the following columns of information: VID ID The VLAN ID. (Client) Name Name of the VLAN. Type The VLAN type. The possible settings are: Port Based - The VLAN is a port-based or tagged VLAN. Protected - The VLAN is a protected ports VLAN. GARP - The VLAN was created by GARP. Protocol The protocol associated with a VLAN.
Chapter 21: Port-based and Tagged Virtual LANs The Add New VLAN page is shown in Figure 102. Figure 102. Add New VLAN Page 5. Select the VID field and enter a VID value for the new VLAN. The range of the VID value is 2 to 4096. The default is the next available VID number on the switch. If this VLAN will be unique in your network, then its VID should also be unique. If this VLAN will be part of a larger VLAN that spans multiple switches, than the VID value for the VLAN should be the same on each switch.
AT-S62 Management Software Web Browser Interface User’s Guide contain spaces or special characters, such as asterisks (*) or exclamation points (!). Note A VLAN must be assigned a name. 7. Select Port Based as the Type. This is the default setting. This is the correct setting when creating a port-based or tagged VLAN. Note The Type selection of Protected is used to create a protected ports VLAN, as explained in Chapter 21, “Protected Ports VLANs” on page 317. 8.
Chapter 21: Port-based and Tagged Virtual LANs Modifying a Port-based or Tagged VLAN This procedure explains how to add or remove ports from a port-based or tagged VLAN. When modifying a VLAN, note the following: You cannot change the VID of a VLAN. You cannot change the name of a VLAN from a web browser management session, but you can from a local, Telnet, or SSH session. You cannot modify VLANs when the switch is operating in one of the multiple VLAN modes.
AT-S62 Management Software Web Browser Interface User’s Guide A untagged port set to the 802.1x authenticator or supplicant role must be changed to the 802.1x none role before you can change its untagged VLAN assignment. After the VLAN assignment is made, you can return the port’s role to authenticator or supplicant, if desired. 7. After making the necessary changes, click Apply. The modified VLAN is now ready for network operations. 8.
Chapter 21: Port-based and Tagged Virtual LANs Deleting a Port-based or Tagged VLAN To delete a port-based or tagged VLAN from the switch, perform the following procedure: 1. From the Home Page, select Configuration. 2. Select the Layer 2 menu selection. 3. Select the VLAN tab. The VLAN tab is shown in Figure 101 on page 298. 4. Click the button next to the name of the VLAN to be deleted. You cannot delete the Default_VLAN. 5. Click Remove. A confirmation prompt is displayed. 6.
AT-S62 Management Software Web Browser Interface User’s Guide Displaying VLANs To display the current VLANs on a switch, perform the following procedure: 1. From the Home page, select Monitoring. 2. Select the Layer 2 menu selection. 3. Select the VLAN tab. The VLAN tab is displayed. The upper part of the tab contains the following information: Mode The VLAN mode. The possible settings are: User Configured - This mode supports port-based and tagged VLANs. Multiple 802.1Q - The IEEE 802.
Chapter 21: Port-based and Tagged Virtual LANs Protected - The VLAN is a protected ports VLAN. GARP - The VLAN was automatically created by GARP. Protocol The protocol associated with this VLAN. The possible settings are: Blank - The VLAN is a port-based, tagged, or MAC address-based VLAN. GARP - The VLAN is a dynamic GVRP VLAN or the port is a dynamic GVRP port of a static VLAN. Member Ports The untagged and tagged ports of a VLAN. The untagged ports of a VLAN are listed as follows.
AT-S62 Management Software Web Browser Interface User’s Guide Selecting a VLAN Mode The AT-S62 management software features three VLAN modes: Port-based and tagged VLAN Mode (default mode) IEEE 802.1Q-compliant Multiple VLAN Mode Non-IEEE 802.1Q compliant Multiple VLAN Mode For background information on port-based and tagged VLANs and the multiple VLAN modes, refer to the AT-S62 Menus Interface User’s Guide.
Chapter 21: Port-based and Tagged Virtual LANs Specifying a Management VLAN The management VLAN is the VLAN through which an AT-8500 Series switch expects to receive management packets. This VLAN is important if you will be managing a switch remotely or using the enhanced stacking feature of the switch. Management packets are packets generated by a management workstation when you remotely manage a switch using Telnet, SSH, or a web browser.
AT-S62 Management Software Web Browser Interface User’s Guide and your remote management of the switches. For this, you would need to create the NMS VLAN on each AT-8500 Series switch in the enhanced stack, being sure to assign each NMS VLAN the VID of 24. Next, you would need to check that the switches in the enhanced stack are connected together with tagged or untagged ports of the NMS VLAN. You would also need to specify the NMS VLAN as the management VLAN on each switch using the management software.
Chapter 21: Port-based and Tagged Virtual LANs 310 Secton V: Virtual LANs
Chapter 22 GARP VLAN Registration Protocol This chapter explains how to configure GVRP on the switch. The procedures include: “Configuring GVRP” on page 312 “Enabling or Disabling GVRP on a Port” on page 314 “Displaying the GVRP Settings” on page 316 Note For background information, refer to Chapter 25, “GARP VLAN Registration Protocol” in the AT-S62 Management Software Menus Interface User’s Guide.
Chapter 22: GARP VLAN Registration Protocol Configuring GVRP To configure the GVRP parameters, perform the following procedure: 1. From the Home Page, select Configuration. 2. Select the Layer 2 menu selection. 3. Select the GVRP tab. The GVRP tab is shown in Figure 103. Figure 103. GVRP Tab (Configuring) The GVRP tab is not shown if MSTP is enabled on the switch. The Default button returns all GVRP parameter settings to their default values. 4.
AT-S62 Management Software Web Browser Interface User’s Guide Join Time Sets the duration of the Join Period timer. The range is from 10 to 60 centiseconds and the default is 20. If you change this timer, it must in relation to the GVRP Leave Timer according to the following equation: Join Timer <= 2 x (GVRP Leave Timer) Enable GIP Enables the operation of GIP. If enabled, attribute registrations and deregistrations processed on a port are propagated to other ports in the GIP-connected ring.
Chapter 22: GARP VLAN Registration Protocol Enabling or Disabling GVRP on a Port This procedure enables and disables GVRP on a switch port. The default setting for GVRP on a port is enabled. Only those ports where GVRP is enabled transmit PDUs. Note Allied Telesyn recommends disabling GVRP on unused ports and those ports that are connected to GVRP-inactive devices. This will protect against unauthorized access to restricted areas of your network. 1. From the Home Page, select Configuration. 2.
AT-S62 Management Software Web Browser Interface User’s Guide 8. To permanently save the change, select the Save Config menu selection.
Chapter 22: GARP VLAN Registration Protocol Displaying the GVRP Settings To view the GVRP settings, perform the following procedure: 1. From the Home page, select Monitoring. 2. Select the Layer 2 option. 3. Select the GVRP tab. For definitions of the GVRP parameters, refer to “Configuring GVRP” on page 312. 4. To view GVRP switch and port configuration information, select one of the following and click View: View Port Configuration Displays the status of GVRP on each port.
Chapter 23 Protected Ports VLANs This chapter explains how to display and delete protected ports VLANs using a web browser management session. This chapter contains the following sections: “Deleting a Protected Ports VLAN” on page 318 “Displaying a Protected Ports VLAN” on page 319 Note For background information, refer to Chapter 27, “Protected Ports VLANs” in the AT-S62 Management Software Menus Interface User’s Guide.
Chapter 23: Protected Ports VLANs Deleting a Protected Ports VLAN To delete a protected ports VLAN from the switch, perform the following procedure: 1. From the Home Page, select Configuration. 2. Select the Layer 2 menu selection. 3. Select the VLAN tab. 4. Click the button next to the name of the protected ports VLAN you want to delete. You cannot delete the Default_VLAN. 5. Click Remove. A confirmation prompt is displayed. 6. Click OK to delete the VLAN or Cancel to cancel the procedure.
AT-S62 Management Software Web Browser Interface User’s Guide Displaying a Protected Ports VLAN To display the details of a protected port VLAN, perform the following procedure: 1. From the Home page, select Monitoring. 2. Select the Layer 2 menu selection. 3. Select the VLAN tab. 4. Click the circle next to the protected ports VLAN you want to view and click View. The specifications of the selected VLAN are displayed. VID The VLAN ID. Type The VLAN type which is always Protected.
Chapter 23: Protected Ports VLANs 320 Section V: Virtual LANs
Section VI Port Security The chapters in this section explain the port security features of the AT-8524M switch The chapters include: Section VI: Port Security Chapter 24: “MAC Address-based Port Security” on page 323 Chapter 25: “802.
Section VI: Port Security
Chapter 24 MAC Address-based Port Security This chapter explains how to display and configure the MAC addressbased security feature on the ports on the switch. It contains the following section: “Configuring MAC Address-based Port Security” on page 324 “Displaying MAC Address-based Port Security” on page 327 Note For background information, refer to Chapter 28, “MAC Addressbased Port Security” in the AT-S62 Management Software Menus Interface User’s Guide.
Chapter 24: MAC Address-based Port Security Configuring MAC Address-based Port Security MAC address-based port security allows you to control access to a port on the switch using the MAC addresses of the end nodes. To configure this security feature, perform the following procedure: 1. From the Home page, select Configuration. 2. Select the Network Security menu selection. 3. Select the Port Security tab. The Port Security tab is shown in Figure 105. Figure 105. Port Security Tab 4.
AT-S62 Management Software Web Browser Interface User’s Guide The Security for Port(s) window is shown in Figure 106. Figure 106. Security for Port(s) Window The top portion of the window displays the current security settings of the selected ports. 6. From the Security Mode pull-down menu, select the desired port security level for the port. Options are: Automatic Disables port security on a port. This is the default setting.
Chapter 24: MAC Address-based Port Security that the port has already learned and any static MAC addresses assigned to the port. Dynamic MAC addresses learned by the port prior to the activation of this security level never time out from the MAC address table, even when the corresponding end nodes are inactive. However, the port will not learn any new dynamic addresses. You can continue to add new static MAC addresses to a port operating under this security level. 7.
AT-S62 Management Software Web Browser Interface User’s Guide Displaying MAC Address-based Port Security To display the MAC address-based port security level of a port, perform the following procedure: 1. From the Home page, select Monitoring. 2. Select Network Security. 3. Select the Port Security tab. 4. Click the port whose port security level you want to view. A selected port turns white. You can select more than one port at a time. 5. Click View.
Chapter 24: MAC Address-based Port Security Participating This column applies only when the intrusion action on a port is set to trap or disable. It does not apply when intrusion action is set to discard. If this column contains No when intrusion action is set to trap or disable, the port discards invalid packets, but it does not send the SNMP trap or disable the port. When this column contains Yes, the port sends a trap and/or is disabled after receiving an invalid frame.
Chapter 25 802.1x Port-based Network Access Control This chapter contains instructions on how to configure the 802.1x portbased network access control feature on the switch.
Chapter 25: 802.1x Port-based Network Access Control Enabling and Disabling Port-based Access Control This procedure explains how to enable and disable port-based access control on the switch. If you have not assigned port roles and configured the parameter settings, you should skip this procedure and go first to “Setting Port Roles” on page 333. This procedure also explains how to configure RADIUS accounting.
AT-S62 Management Software Web Browser Interface User’s Guide Note The Authentication Method field cannot be changed. 4. To enable or disable the 802.1x port-based access control feature, do the following: a. Click the Enable Port Access check box. A check in the box means that the feature is activated on the switch. No check means that the feature is disabled. The default is disabled. b. Click Apply. 5.
Chapter 25: 802.1x Port-based Network Access Control 6. Click Apply. The change is immediately implemented on the switch. 7. To permanently save the changes, select the Save Config menu selection.
AT-S62 Management Software Web Browser Interface User’s Guide Setting Port Roles To set port roles for port-based access control, perform the following procedure: 1. From the Home Page, select Configuration. 2. Select Security. 3. Select the 802.1x Port Access tab. The Security page is as shown in Figure 108 on page 330. The graphic image of the switch shows the assigned roles of the ports. Ports with an “A” are authenticators and ports with an “S” are supplicants.
Chapter 25: 802.1x Port-based Network Access Control 8. To permanently save the change, select the Save Config menu selection. 9. To configure authenticator port settings, go to “Configuring Authenticator Port Parameters” on page 335. To configure supplicant port settings, go to “Configuring Supplicant Port Parameters” on page 340.
AT-S62 Management Software Web Browser Interface User’s Guide Configuring Authenticator Port Parameters To configure authenticator port parameters, perform the following procedure: 1. From the 802.1x Port Access tab shown in Figure 108 on page 330, click the authenticator port to be configured. You can select more that one authenticator port at a time. The selected port turns white. Note A port must be assigned the authenticator role before you can configure its settings.
Chapter 25: 802.1x Port-based Network Access Control 3. Adjust the parameters as needed. The parameters are described below: Authenticator Mode This parameter can take the following values on an authenticator port: 802.1x: Specifies 802.1x username and password authentication. With this authentication method the supplicant must provide, either manually or automatically, a username and password to the authenticator port. Supplicant nodes must have 802.1x client software for this authentication method.
AT-S62 Management Software Web Browser Interface User’s Guide Note A supplicant must have 802.1x client software if the authenticator port has a port control setting of force-authorized and an authenticator mode of 802.1x. Though the supplicant is not authenticated, the switch port still checks for the presence of the 802.1x client on the supplicant and will not forward traffic from the supplicant if it does not detect it.
Chapter 25: 802.1x Port-based Network Access Control Server Timeout Sets the timer used by the switch to determine authentication server timeout conditions. The default value for this parameter is 10 seconds. The range is 1 to 60 seconds. Control Direction Specifies how the port handles ingress and egress broadcast and multicast packets when in the unauthorized state.
AT-S62 Management Software Web Browser Interface User’s Guide server. This parameter only applies when the port is operating in the Multiple operating mode. Possible settings are: On: Specifies that only those supplicants with the same VLAN assignment as the initial supplicant are authenticated. Supplicants with a different or no VLAN assignment are denied entry to the port. This is the default setting. Off: Specifies that all supplicants, regardless of their assigned VLANs, are authenticated.
Chapter 25: 802.1x Port-based Network Access Control Configuring Supplicant Port Parameters To configure supplicant port parameters, perform the following procedure: 1. From the 802.1x Port Access tab shown in Figure 108 on page 330, click the supplicant port that you want to configure. You can select more that one supplicant port at a time. The selected port turns white. Note A port must already be designated as a supplicant before you can configure its settings.
AT-S62 Management Software Web Browser Interface User’s Guide Held Period Specifies the amount of time in seconds the supplicant is to refrain from retrying to re-contact the authenticator in the event the end user provides an invalid username and/or password. Once the time period has expired, the supplicant can attempt to log on again. The range is 0 to 65,535 seconds. The default value is 60 seconds.
Chapter 25: 802.1x Port-based Network Access Control Displaying the Port-based Access Control Settings To display port-based access control settings, do the following: 1. From the Home page, select Monitoring. 2. Select the Network Security menu selection. 3. Select the 802.1x Port Access tab. For definitions of the parameters in the tab, refer to “Enabling and Disabling Port-based Access Control” on page 330. 4. To view the status of a port, click the port and click Status.
Section VII Management Security The chapters in this section explain how to configure the management security features of the AT-S62 software.
Section VII: Management Security
Chapter 26 Encryption Keys, PKI, and SSL This chapter explains how to view the encryption keys, PKI certificates, and SSL settings. It includes the following sections: “Displaying Encryption Keys” on page 346 “Displaying PKI Settings and Certificates” on page 347 “Displaying the SSL Settings” on page 350 Note For background information, refer to Chapter 31, “Encryption Keys” and Chapter 32, “PKI Certificates and SSL” in the AT-S62 Menus Interface User’s Guide.
Chapter 26: Encryption Keys, PKI, and SSL Displaying Encryption Keys To display the SSL and SSH encryption key pairs, do the following: 1. From the Home page, select Monitoring. 2. Select the Mgmt. Security menu selection. 3. Select the Keys tab. The Keys tab is shown in Figure 112. Figure 112. Keys Tab (Monitoring) This tab lists the key pairs existing on the switch. The fields in the menu are described below: ID The identification number of the key.
AT-S62 Management Software Web Browser Interface User’s Guide Displaying PKI Settings and Certificates To display the self-signed and CA certificates stored in the certificate database and the PKI settings, do the following: 1. From the Home page, select Monitoring. 2. Select the Mgmt. Security menu selection. 3. Select the PKI tab. The PKI tab is shown in Figure 112. Figure 113. PKI Tab (Monitoring) The upper section states the maximum number of certificates that can be configured on the switch.
Chapter 26: Encryption Keys, PKI, and SSL MTrust (Manually Trusted) The certificate has been manually verified that it is from a trusted or untrusted authority. Type The certificate type, one of the following: EE - The certificate was issued by a CA. CA - The certificate belongs to a CA. Self - A self-signed certificate. Source The certificate was created on the switch. 4. To view the details about a certificate, click the certificate and click View.
AT-S62 Management Software Web Browser Interface User’s Guide Subject The Subject distinguished name. Issuer The certificate issuer’s distinguished name. MD5 Fingerprint The MD5 algorithm. This value provides a unique sequence for each certificate consisting of 16 bytes. SHA1 Fingerprint The Secure Hash Algorithm. This value provides a unique sequence for each certificate consisting of 20 bytes. 5. Click Close to close the page.
Chapter 26: Encryption Keys, PKI, and SSL Displaying the SSL Settings To display the SSL settings, perform the following procedure: 1. From the Home page, select Monitoring. 2. Select the Mgmt. Protocols menu selection. 3. Select the SSL tab. The SSL tab is shown in Figure 114. Figure 114. SSL Tab (Monitoring) The SSL tab provides the following information: Maximum Number of Sessions The maximum number of SSL sessions allowed at one time.
Chapter 27 Secure Shell Protocol This chapter contains the procedure for configuring the SSH protocol settings. Sections in this chapter include: “Configuring the SSH Server” on page 352 “Displaying SSH Information” on page 354 Note For background information, refer to Chapter 33, “Secure Shell (SSH) Protocol” in the AT-S62 Management Software Menus Interface User’s Guide.
Chapter 27: Secure Shell Protocol Configuring the SSH Server This section describes how to configure the SSH server software on the switch. For an overview of all the steps to configuring the SSH server, refer to the AT-S62 Menus Interface User’s Guide. This procedure assumes that you have already created the two key pairs needed for SSH management of the switch. You cannot create encryption keys from a web browser management session, but you can from the menus and command line interfaces.
AT-S62 Management Software Web Browser Interface User’s Guide 4. Configure the parameters as needed. The parameters are described below: Status Enables or disables the feature. Choose from one of the following: Disabled - Disables the SSH server. You must set this field to Disabled when configuring SSH. This is the default. Enabled - Enables the SSH server. Select this value after you have finished configuring SSH. Note You cannot disable the SSH server when there is an active SSH connection.
Chapter 27: Secure Shell Protocol Displaying SSH Information To display SSH information, do the following: 1. From the Home page, select Monitoring. 2. Select the Mgmt. Protocols menu selection. 3. Select the Secure Shell tab. The tab contains the following information: 354 Versions Supported: Indicates the versions of SSH supported by the AT-S62 software. Status: Indicates whether or not the SSH server is enabled or disabled. Server Port: Indicates the well-known port for SSH.
Chapter 28 TACACS+ and RADIUS Authentication Protocols This chapter contains instructions on how to configure the authentication protocols. This chapter contains the following procedures: “Configuring RADIUS and TACACS+” on page 356 “Displaying the RADIUS or TACSACS+ Settings” on page 360 Note For background information, refer to Chapter 34, “TACACS+ and RADIUS Authentication Protocols” in the AT-S62 Management Software Menus Interface User’s Guide.
Chapter 28: TACACS+ and RADIUS Authentication Protocols Configuring RADIUS and TACACS+ To configure the authentication protocols, perform the following procedure: 1. From the Home Page, select Configuration. 2. Select the Mgmt. Protocols menu selection. 3. Select the Server-based Authentication tab. The Server-based Authentication tab is shown in Figure 116. Figure 116.
AT-S62 Management Software Web Browser Interface User’s Guide Note To configure TACACS+, go to Step 6. To configure RADIUS, go to Step 7. 6. To configure TACACS+, do the following: a. In lower section of the Server-based Authentication tab, click TACACS+ Configuration and click Configure. The TACACS+ Client Configuration page is shown in Figure 117. Figure 117. TACACS+ Configuration Page b. Configure the parameters as needed. They are described below.
Chapter 28: TACACS+ and RADIUS Authentication Protocols IP Address and Server Secret Use these fields to specify the IP addresses and encryption secrets of up to three network servers containing TACACS+ server software. You can leave an encryption field blank if you entered the server’s secret in the Global Secret field. c. When you are finished configuring the parameters, click Apply. d. To enable the authentication feature on the switch, click the Enable Server-based Authentication check box.
AT-S62 Management Software Web Browser Interface User’s Guide Global Server Timeout This parameter specifies the maximum amount of time the switch waits for a response from a RADIUS server before assuming the server will not respond. If the timeout expires and the server has not responded, the switch queries the next RADIUS server in the list. If there aren’t any more servers, than the switch will default to the standard Manager and Operator accounts. The default is 30 seconds.
Chapter 28: TACACS+ and RADIUS Authentication Protocols Displaying the RADIUS or TACSACS+ Settings To display the RADIUS or TACACS+ settings on a switch, do the following: 1. From the Home page, select Monitoring. 2. Select the Mgmt. Protocols menu selection, 3. Select the Server-based Authentication tab. The upper part of the page displays whether server-based authentication is enabled or disabled and the authentication method.
Chapter 29 Management Access Control List This chapter explains how to restrict Telnet and web browser management access to the switch with the Management Access Control List (ACL).
Chapter 29: Management Access Control List Enabling or Disabling the Management ACL This procedure enables and disables the Management ACL. When enabled, only those management stations specified in the ACL are allowed to manage the switch remotely using the Telnet application protocol or a web browser. When the feature is disabled, the management software on the switch can be accessed remotely from any management workstation.
AT-S62 Management Software Web Browser Interface User’s Guide This menu option has only one tab, Mgmt ACL, shown in Figure 119. Figure 119. Mgmt. ACL Tab (Configuration) The middle section of the tab lists the existing ACEs on the switch and is used to delete ACEs. The bottom portion is used to add entries. For instructions, refer to “Creating an ACE” on page 364 and “Deleting an ACE” on page 366. 3. Click either Enable Mgmt. ACL or Disable Mgmt. ACL. The default setting is disabled. 4. Click Apply.
Chapter 29: Management Access Control List Creating an ACE To create a new ACE, perform the following procedure: 1. From the Home Page, select Configuration. 2. Select the Mgmt Security menu option. The Mgmt ACL tab is shown in Figure 119. ACEs already existing in the Management ACL are listed in the middle section of the tab. 3. To add a new ACE, configure the following parameters in the Mgmt. ACT tab: MACL ID Enter an identification number for the access control entry.
AT-S62 Management Software Web Browser Interface User’s Guide The new ACE is added to the Management ACL. 5. If desired, repeat Steps 3 and 4 to add more ACEs to the Management ACL. 6. To permanently save your changes, select the Save Config menu selection.
Chapter 29: Management Access Control List Deleting an ACE To delete an ACE, perform the following procedure: 1. From the Home Page, select Configuration. 2. Select the Mgmt Security menu option. The Mgmt ACL tab is shown in Figure 119 on page 363. 3. Click the circle next to the ACE you want to delete. You can delete only one ACE at a time. 4. Click Delete. The ACE is deleted from the Management ACL.
AT-S62 Management Software Web Browser Interface User’s Guide Displaying the Management ACL To display the ACEs in the Management ACL, do the following: 1. From the Home page, select Monitoring. 2. Click Mgmt. Security. 3. Select the Mgmt ACL tab. The Mgmt. ACL tab is shown in Figure 120. Figure 120. Mgmt. ACL Tab (Monitoring) The top section of the tab displays the status of the Management ACL as enabled or disabled.
Chapter 29: Management Access Control List 368 Section VII: Management Security
Index Numerics 802.
Index event log clearing 128 disabling 122 displaying 124 enabling 122 modifying full action 127 saving 128 F flow control 75 flow groups creating 156 deleting 160 displaying 160 modifying 158 force version MSTP 285 RSTP 280 G GARP VLAN Registration Protocol (GVRP) configuring parameters 312 disabling on a port 314 displaying parameters 316 enabling on a port 314 gateway address 36 GVRP GIP status parameter 313 GVRP join timer parameter 313 GVRP leave all timer parameter 313 GVRP leave timer parameter 31
AT-S62 Management Software Web Browser Interface User’s Guide port control 802.
Index SNMPv3 View Table entry creating 215 deleting 218 displaying 261 modifying 219 SNMPv3, enabling 206 SNTP.
