Owner manual
Table Of Contents
- Contents
- Figures
- Tables
- Preface
- Section I
- Basic Operations
- Chapter 1
- Overview
- Chapter 2
- Enhanced Stacking
- Chapter 3
- SNMPv1 and SNMPv2c
- Chapter 4
- MAC Address Table
- Chapter 5
- Static Port Trunks
- Chapter 6
- LACP Port Trunks
- Chapter 7
- Port Mirror
- Section II
- Advanced Operations
- Chapter 8
- File System
- Chapter 9
- Event Logs and the Syslog Client
- Chapter 10
- Classifiers
- Chapter 11
- Access Control Lists
- Chapter 12
- Class of Service
- Chapter 13
- Quality of Service
- Chapter 14
- Denial of Service Defenses
- Chapter 15
- Power Over Ethernet
- Section III
- Snooping Protocols
- Chapter 16
- IGMP Snooping
- Chapter 17
- MLD Snooping
- Chapter 18
- RRP Snooping
- Chapter 19
- Ethernet Protection Switching Ring Snooping
- Section IV
- SNMPv3
- Chapter 20
- SNMPv3
- Section V
- Spanning Tree Protocols
- Chapter 21
- Spanning Tree and Rapid Spanning Tree Protocols
- Chapter 22
- Multiple Spanning Tree Protocol
- Section VI
- Virtual LANs
- Chapter 23
- Port-based and Tagged VLANs
- Chapter 24
- GARP VLAN Registration Protocol
- Chapter 25
- Multiple VLAN Modes
- Chapter 26
- Protected Ports VLANs
- Chapter 27
- MAC Address-based VLANs
- Section VII
- Routing
- Chapter 28
- Internet Protocol Version 4 Packet Routing
- Supported Platforms
- Overview
- Routing Interfaces
- Interface Names
- Static Routes
- Routing Information Protocol (RIP)
- Default Routes
- Equal-cost Multi-path (ECMP) Routing
- Routing Table
- Address Resolution Protocol (ARP) Table
- Internet Control Message Protocol (ICMP)
- Routing Interfaces and Management Features
- Local Interface
- AT-9408LC/SP AT-9424T/GB, and AT-9424T/SP Switches
- Routing Command Example
- Non-routing Command Example
- Upgrading from AT-S63 Version 1.3.0 or Earlier
- Chapter 29
- BOOTP Relay Agent
- Chapter 30
- Virtual Router Redundancy Protocol
- Section VIII
- Port Security
- Chapter 31
- MAC Address-based Port Security
- Chapter 32
- 802.1x Port-based Network Access Control
- Section IX
- Management Security
- Chapter 33
- Web Server
- Chapter 34
- Encryption Keys
- Chapter 35
- PKI Certificates and SSL
- Chapter 36
- Secure Shell (SSH)
- Chapter 37
- TACACS+ and RADIUS Protocols
- Chapter 38
- Management Access Control List
- Appendix A
- AT-S63 Management Software Default Settings
- Address Resolution Protocol Cache
- Boot Configuration File
- BOOTP Relay Agent
- Class of Service
- Denial of Service Defenses
- 802.1x Port-Based Network Access Control
- Enhanced Stacking
- Ethernet Protection Switching Ring (EPSR) Snooping
- Event Logs
- GVRP
- IGMP Snooping
- Internet Protocol Version 4 Packet Routing
- MAC Address-based Port Security
- MAC Address Table
- Management Access Control List
- Manager and Operator Account
- Multicast Listener Discovery Snooping
- Public Key Infrastructure
- Port Settings
- RJ-45 Serial Terminal Port
- Router Redundancy Protocol Snooping
- Server-based Authentication (RADIUS and TACACS+)
- Simple Network Management Protocol
- Simple Network Time Protocol
- Spanning Tree Protocols (STP, RSTP, and MSTP)
- Secure Shell Server
- Secure Sockets Layer
- System Name, Administrator, and Comments Settings
- Telnet Server
- Virtual Router Redundancy Protocol
- VLANs
- Web Server
- Appendix B
- SNMPv3 Configuration Examples
- Appendix C
- Features and Standards
- 10/100/1000Base-T Twisted Pair Ports
- Denial of Service Defenses
- Ethernet Protection Switching Ring Snooping
- Fiber Optic Ports (AT-9408LC/SP Switch)
- File System
- DHCP and BOOTP Clients
- Internet Protocol Multicasting
- Internet Protocol Version 4 Routing
- MAC Address Table
- Management Access and Security
- Management Access Methods
- Management Interfaces
- Management MIBs
- Port Security
- Port Trunking and Mirroring
- Spanning Tree Protocols
- System Monitoring
- Traffic Control
- Virtual LANs
- Virtual Router Redundancy Protocol
- Appendix D
- MIB Objects
- Index
AT-S63 Management Software Features Guide
Section VII: Routing 325
As an example, assume you decided not to implement the IPv4 routing
feature on a switch that had four local subnets, but you wanted the switch
to send its events to a syslog server and have access to a RADIUS
authentication server. Assume also that you wanted to use a TFTP server
to upload and download files to the device. This would require that you
plan your network so that the switch could reach the syslog, RADIUS, and
TFTP servers from the same local subnet on the unit. You would also need
to assign an interface to the subnet. The switch, having only one interface,
would not route IPv4 packets among its local subnets and directly
connected networks, but would use the interface’s IP address to
communicate with the servers.
Enhanced
Stacking
The enhanced stacking feature simplifies the task of managing the Allied
Telesis switches in your network by allowing you to easily transition among
the switches in a stack during a management session.
The switches of an enhanced stack must be interconnected by a common
VLAN and the VLAN must be assigned a routing interface on each of the
switches. Furthermore, the routing interface in the common VLAN on the
master switch must be designated as the local interface, as described in
“Local Interface” on page 327.
There is an important difference between the need for interfaces with
enhanced stacking versus network servers, as explained in the previous
subsection. Network servers can be reached by the switch through
different interfaces in different subnets, simultaneously. In contrast, the
switches of an enhanced stack must share a common VLAN and subnet.
For background information and guidelines on the enhanced stacking
feature, refer to Chapter 2, “Enhanced Stacking” on page 59.
Remote Telnet,
SSH, and Web
Browser
Management
Sessions
Remote Telnet or SSH management sessions of a switch must be
transacted through a subnet that has been assigned a routing interface on
the unit. Furthermore, the interface must be designated as the switch’s
local interface. Only a workstation that can reach the switch through the
subnet of the local interface can manage the unit. This rule applies to
isolated devices (that is, switches that are not a part of an enhanced stack)
and a master switch of an enhanced stack. This does not apply to a slave
switches of an enhanced stack.
For background information and guidelines on remote management, refer
to the Starting an AT-S63 Management Session Guide.