User Manual

ManualsBrandsAllied Telesis ManualsComputer HardwareAT-S63

PN 613-001028 Rev C

Management

Software

AT-S63

◆

Web Browser

User’s Guide

For AT-9400Ts Stacks

AT-S63 Version 4.1.0 for AT-9400 Basic Layer 3 Switches

Summary of content (244 pages)

PAGE 1
Management Software AT-S63 ◆ Web Browser User’s Guide For AT-9400Ts Stacks AT-S63 Version 4.1.
PAGE 2
Copyright  2009 Allied Telesis, Inc. All rights reserved. No part of this publication may be reproduced without prior written permission from Allied Telesis, Inc. Allied Telesis and the Allied Telesis logo are trademarks of Allied Telesis, Incorporated. Microsoft and Internet Explorer are registered trademarks of Microsoft Corporation. All other product names, company names, logos or other designations mentioned herein are trademarks or registered trademarks of their respective owners.
PAGE 3
Contents Preface ............................................................................................................................................................ 11 How This Guide is Organized........................................................................................................................... 12 Product Documentation .................................................................................................................................... 13 Where to Go First ....
PAGE 4
Contents Chapter 5: Static Port Trunks ....................................................................................................................... 71 Creating Static Port Trunks ............................................................................................................................... 72 Modifying Static Port Trunks ............................................................................................................................. 75 Deleting Static Port Trunks ....
PAGE 5
AT-S63 Management Software Web Browser User’s Guide Configuring the SNMPv3 SecurityToGroup Table.......................................................................................... 150 Creating a SecurityToGroup Table Entry ................................................................................................. 150 Deleting a SecurityToGroup Table Entry .................................................................................................
PAGE 6
Contents Section VI: Port Security ........................................................................................219 Chapter 14: 802.1x Port-based Network Access Control .........................................................................221 Setting the Port Roles .....................................................................................................................................222 Enabling or Disabling 802.1x Port-based Network Access Control ...............................
PAGE 7
Figures Figure 1: General Tab ...................................................................................................................................... 20 Figure 2: System Time Tab .............................................................................................................................. 24 Figure 3: Ping Client Tab..................................................................................................................................
PAGE 8
Figures Figure 47: SNMPv3 SecurityToGroup Table Tab ...........................................................................................150 Figure 48: Add New SNMPv3 SecurityToGroup Page....................................................................................151 Figure 49: Modify SNMPv3 SecurityToGroup Window ...................................................................................153 Figure 50: SNMPv3 Notify Table Tab ............................................................
PAGE 9
Tables Table 1: System Name, Administrator, and Comments Parameters ...................................................................................21 Table 2: Manager and Operator Passwords ........................................................................................................................22 Table 3: IP Configuration Section of the General Tab .........................................................................................................30 Table 4: General Tab ............
PAGE 10
Tables 10
PAGE 11
Preface This guide contains instructions on how to use the web browser windows in the AT-S63 Management Software to manage the AT-9424Ts, AT-9424Ts/XP, and AT-9448Ts/XP Switches in an AT-9400Ts Stack.
PAGE 12
Preface How This Guide is Organized This guide has the following sections and chapters:  Section I: Basic Operations Chapter 1, “Basic Switch Parameters” on page 19 Chapter 2, “Port Parameters” on page 35 Chapter 3, “SNMPv1 and SNMPv2c” on page 49 Chapter 4, “MAC Address Table” on page 61 Chapter 5, “Static Port Trunks” on page 71 Chapter 6, “Port Mirroring” on page 79  Section II: Advanced Operations Chapter 7, “File System” on page 93 Chapter 8, “File Downloads and Uploads” on page 99 Chapter 9, “Ev
PAGE 13
AT-S63 Management Software Web Browser User’s Guide Product Documentation For overview information on the features of the AT-9400 Switches and the AT-S63 Management Software, refer to:  AT-S63 Management Software Features Guide (PN 613-001022) For instructions on how to start a local or remote management session on stand-alone AT-9400 Switches or AT-9400Ts Stacks, refer to:  Starting an AT-S63 Management Session Guide (PN 613-001023) For instructions on how to install or manage stand-alone AT-9400 Sw
PAGE 14
Preface Where to Go First Allied Telesis recommends that you read Chapter 1, “Overview,” in the AT-S63 Management Software Features Guide before you begin to manage the switch for the first time. There you will find a variety of basic information about the unit and the management software, like the two levels of manager access levels and the different types of management sessions. The AT-S63 Management Software Features Guide is also your resource for background information on the features of the switch.
PAGE 15
AT-S63 Management Software Web Browser User’s Guide Document Conventions This document uses the following conventions: Note Notes provide additional information. Caution Cautions inform you that performing or omitting a specific action may result in equipment damage or loss of data. Warning Warnings inform you that performing or omitting a specific action may result in bodily injury.
PAGE 16
Preface Contacting Allied Telesis This section provides Allied Telesis contact information for technical support and for sales and corporate information. Online Support You can request technical support online by accessing the Allied Telesis Knowledge Base: www.alliedtelesis.com/support/kb.aspx. You can use the Knowledge Base to submit questions to our technical support staff and review answers to previously asked questions.
PAGE 17
Section I Basic Operations This section has the following chapters: Section I: Basic Operations  Chapter 1, “Basic Switch Parameters” on page 19  Chapter 2, “Port Parameters” on page 35  Chapter 3, “SNMPv1 and SNMPv2c” on page 49  Chapter 4, “MAC Address Table” on page 61  Chapter 5, “Static Port Trunks” on page 71  Chapter 6, “Port Mirroring” on page 79 17
PAGE 18
Section I: Basic Operations
PAGE 19
Chapter 1 Basic Switch Parameters This chapter contains the following sections: Section I: Basic Operations  “Configuring the Stack’s Name, Location, and Contact” on page 20  “Changing the Manager or Operator Password” on page 22  “Setting the System Date and Time” on page 24  “Resetting a Stack” on page 26  “Pinging a Remote System” on page 27  “Restoring the Factory Default Values” on page 28  “Displaying the IP Address of the Local Interface” on page 30  “Displaying System Info
PAGE 20
Chapter 1: Basic Switch Parameters Configuring the Stack’s Name, Location, and Contact This procedure assigns a name to the switch. The name appears at the top of the web browser windows. Names can help you identify your switches when you manage them and avoid performing a configuration procedure on the wrong switch. This procedure also assigns the name of the administrator responsible for maintaining the unit and the location of the switch. To assign a name, location, and contact to a switch: 1.
PAGE 21
AT-S63 Management Software Web Browser User’s Guide Note This procedure describes the System Name, Administrator, and Comments parameters in the Administration section of the tab. The parameters in the IP Configuration section are described in “Displaying the IP Address of the Local Interface” on page 30. The Passwords section is described in “Changing the Manager or Operator Password” on page 22.
PAGE 22
Chapter 1: Basic Switch Parameters Changing the Manager or Operator Password To change the manager or operator password: 1. From the Home page, click the Configuration button. 2. Click the System button in the Configuration menu. 3. Click the General tab shown in Figure 1. 4. In the Passwords section, enter the new values. The parameters are described in Table 2.
PAGE 23
AT-S63 Management Software Web Browser User’s Guide Note The stack immediately activates your change. You must use the new password the next time you start a management session on the stack. 6. To save your changes in the configuration file, click the Save Config button in the Configuration menu.
PAGE 24
Chapter 1: Basic Switch Parameters Setting the System Date and Time The master switch adds the date and time to the event messages that it stores in the event logs and sends to a syslog server. It also adds the date and time to SNMP traps. To set the date and time: 1. From the Home page, click the Configuration button. 2. Click the System button in the Configuration menu. 3. Select the System Time tab, shown in Figure 2. Figure 2.
PAGE 25
AT-S63 Management Software Web Browser User’s Guide 5. Click the Apply button. 6. To save your changes in the configuration file, click the Save Config button.
PAGE 26
Chapter 1: Basic Switch Parameters Resetting a Stack This procedure resets a stack. The switches run their internal diagnostics, load the AT-S63 Management Software, and perform the discovery process. The reset can take several minutes to complete. Note The switches of a stack do not forward traffic during the reset process. Some network traffic may be lost. Note All unsaved parameter changes are discarded when a stack is reset. To save your changes, click the Save Config button in the Configuration menu.
PAGE 27
AT-S63 Management Software Web Browser User’s Guide Pinging a Remote System This procedure instructs the stack to ping a node on your network. This can be useful in determining whether an active path exists between the stack and another network device. Note To ping a remote device, the stack must have a routing interface on the local subnet from where it will access the device. The stack uses the IP address of the interface as its source address in the ping packets.
PAGE 28
Chapter 1: Basic Switch Parameters Restoring the Factory Default Values The procedure in this section restores the factory default settings to all of the parameters on the switches in the stack. Review the following before performing this procedure:  This procedure deletes all of the routing interfaces and port-based and tagged VLANs in the stack.  This procedure does not delete any of the files in the master switch’s file system.
PAGE 29
AT-S63 Management Software Web Browser User’s Guide Figure 4. System Utilities Tab 3. Click the Reboot Switch After Resetting to Defaults check box. 4. Click the Apply button. 5. At the confirmation prompt, click the OK button to continue or the Cancel button to cancel the procedure. If you select OK, the stack resets and all of the parameters are returned to the default settings. After the reset is complete, you must establish a local management session if you want to continue managing the unit.
PAGE 30
Chapter 1: Basic Switch Parameters Displaying the IP Address of the Local Interface This procedure is used to display the IP address and subnet mask of the local interface, which is used for remote Telnet and web browser management. To configure the local interface, you have to use the command line commands. To view the IP address and subnet mask of the local interface of the stack: 1. From the Home page, click the Configuration button. 2. Click the System button in the Configuration menu. 3.
PAGE 31
AT-S63 Management Software Web Browser User’s Guide Table 3. IP Configuration Section of the General Tab Parameter Default Gateway Definition If the stack has more than one routing interface, this field displays the IP address of the next hop of the stack’s default route. The stack uses the default route when it receives a network packet for routing, but cannot find a route for it in the routing table. This field will contain 0.0.0.0 if no default route is defined on the stack.
PAGE 32
Chapter 1: Basic Switch Parameters Displaying System Information To view basic information about the master switch: 1. From the Home page, click the Monitoring button. 2. Click the System button. 3. Select the General tab, shown in Figure 5. Figure 5.
PAGE 33
AT-S63 Management Software Web Browser User’s Guide The information in the tab is described in Table 4. Table 4. General Tab Parameter Definition System Information Section Section I: Basic Operations MAC Address The MAC address of the master switch. Model Name The model name of the master switch. Serial Number The serial number of the master switch. System Name The name of the stack. To set the name, refer to “Configuring the Stack’s Name, Location, and Contact” on page 20.
PAGE 34
Chapter 1: Basic Switch Parameters Table 4. General Tab Parameter Default Gateway Definition If the stack has more than one routing interface, this field displays the IP address of the next hop of the stack’s default route. The stack uses the default route when it receives a network packet for routing, but cannot find a route for it in the routing table. This field will contain 0.0.0.0 if no default route is defined on the stack.
PAGE 35
Chapter 2 Port Parameters This chapter explains how to view and change the port parameters, such as port speed, duplex mode, and packet filtering, of the switches in the stack.
PAGE 36
Chapter 2: Port Parameters Configuring the Port Parameters To configure the parameter settings of the ports in the stack: 1. From the Home page, click the Configuration button. 2. From the Configuration menu, click the Layer 1 button. 3. Select the Port Settings tab to display the tab in Figure 6. Figure 6. Port Settings Tab The Port Settings tab consists of an image of the front of one of the switches in the stack. The Stack ID pull-down menu in the upper left corner of the image identifies the switch.
PAGE 37
AT-S63 Management Software Web Browser User’s Guide . Figure 7. Port Configuration Window Note The Port Configuration window in the figure above is from a 10/100/ 1000 Mbps twisted pair port. The window for a fiber optic port will contain a subset of the parameters. If you are configuring multiple ports and the ports have different settings, the Port Configuration page displays the settings of the lowest numbered port you selected.
PAGE 38
Chapter 2: Port Parameters 7. Configure the parameters as needed. The parameters are described in in Table 5. Table 5. Port Configuration Window Parameter Definition Description (Name) Assigns a name to a port. A name can have up to 15 alphanumeric characters. Spaces are allowed, but not special characters, such as asterisks or exclamation points. (You cannot assign a name when configuring more than one port.) Status Enable or disables a port. A disabled port does not accept or forward frames.
PAGE 39
AT-S63 Management Software Web Browser User’s Guide Table 5. Port Configuration Window Parameter Speed and Duplex (Continued) Definition The 1Gb - Full Duplex setting applies only to 1000Base SFP and GBIC modules and should not be used because an SFP or GBIC module should use AutoNegotiation to set its speed and duplex mode.) A 10/100/1000Base-T twisted pair port operates at 1000 Mbps only when set to Auto-Negotiation. You cannot manually configure a 10/100/1000Base-T twisted pair port to 1000 Mbps.
PAGE 40
Chapter 2: Port Parameters Table 5. Port Configuration Window Parameter MDI/MDIX Crossover Definition Sets the wiring configuration of a twisted pair port. The possible settings are: Auto - Sets the MDI or MDIX setting automatically. This is the default value. This setting is only available when a port is set to Auto-Negotiation. MDI - Sets a port to MDI. This setting is only available when a port’s speed and duplex mode are set manually. MDIX - Sets a port to MDIX.
PAGE 41
AT-S63 Management Software Web Browser User’s Guide Table 5. Port Configuration Window Parameter Egress Unknown Unicast Filter Definition Use this parameter to configure a port to forward or discard unknown egress unicast packets. The possible settings are: Enabled - The port discards unknown egress unicast packets. Disabled - The port forwards unknown egress unicast packets. This is the default setting.
PAGE 42
Chapter 2: Port Parameters Table 5. Port Configuration Window Parameter Back Pressure Definition Use this parameter to set backpressure on a port. This option only appears for ports operating in half-duplex mode. A port uses backpressure to control the flow of ingress packets. Possible settings are: Enabled - Backpressure is enabled. Disabled - Backpressure is disabled. This is the default. Flow Control/Back Pressure Limit Use this parameter to specify the threshold for flow control or backpressure.
PAGE 43
AT-S63 Management Software Web Browser User’s Guide Table 5. Port Configuration Window Parameter Unknown Unicast Rate Limiting Definition Use this parameter to enable or disable unknown ingress unicast packet limits. Possible settings are: Enabled - Unknown unicast packet ingress rate limiting is enabled. To set the rate limit, use the Unknown Unicast Rate parameter. Disabled - Unknown unicast packet ingress rate limiting is disabled. This is the default.
PAGE 44
Chapter 2: Port Parameters Displaying the Port Parameters and Statistics To view the parameter settings or the statistics of the ports: 1. From the Home page, click the Monitoring button. 2. From the Monitoring menu, click the Layer 1 button. 3. Click the Port Settings tab, shown in Figure 8. Figure 8. Port Settings Tab (Monitoring) The Port Settings tab consists of an image of the front of one of the switches in the stack.
PAGE 45
AT-S63 Management Software Web Browser User’s Guide Figure 9. Port Status Page If you selected more than one port, use the Next and Previous buttons to toggle through the ports. The parameters are described in Table 5 on page 38. 7. To display the port statistics, click the Statistics button to display the window in Figure 10.
PAGE 46
Chapter 2: Port Parameters Figure 10. Port Statistics Page If you selected more than one port, use the Next and Previous buttons to toggle through the ports. The statistics are described in Table 6. Table 6. Port Statistics Statistic 46 Definition Bytes Received Number of bytes received on the port. Bytes Sent Number of bytes transmitted from the port. Frames Received Number of frames received on the port. Frames Sent Number of frames transmitted from the port.
PAGE 47
AT-S63 Management Software Web Browser User’s Guide Table 6. Port Statistics Statistic Definition Frames 64 Bytes Frames 65 - 127 Bytes Frames 128 - 255 Bytes Frames 256 - 511 Bytes Frames 512 - 1023 Bytes Frames 1024 - 1518 Bytes Frames 1519 - 1522 Number of frames transmitted from the port, grouped by size. CRC Error Number of frames with a cyclic redundancy check (CRC) error but with the proper length (64-1518 bytes) received on the port.
PAGE 48
Chapter 2: Port Parameters Restoring the Default Settings on the Ports To restore the default parameter settings to the ports on a switch: 1. From the Home page, click the Configuration button. 2. From the Configuration menu, click the Layer 1 button. 3. Click the Port Settings tab, shown in Figure 6 on page 36. 4. Use the stack ID pull-down menu to select the ID number of a switch with ports that you want to return to their default values and click the Apply button.
PAGE 49
Chapter 3 SNMPv1 and SNMPv2c This chapter explains how to activate SNMP management on the switch and how to create, modify, and delete SNMPv1 and SNMPv2c community strings.
PAGE 50
Chapter 3: SNMPv1 and SNMPv2c Enabling or Disabling SNMP Management To enable or disable SNMP management on the switch: 1. From the Home page, click the Configuration button. 2. From the Configuration menu, click the Mgmt. Protocols button to display the SNMP tab shown in Figure 11. Figure 11. SNMP Tab 3. Click the Enable SNMP Access check box to enable or disable SNMP management. When the box has a check, the feature is enabled so that you can manage the stack with an SNMP management program.
PAGE 51
AT-S63 Management Software Web Browser User’s Guide 6. To save your changes in the master configuration file, click the Save Config button in the Configuration menu.
PAGE 52
Chapter 3: SNMPv1 and SNMPv2c Creating New SNMPv1 and SNMPv2c Community Strings To create an SNMPv1 and SNMPv2c community string: 1. From the Home page, click the Configuration button. 2. From the Configuration menu, click the Mgmt. Protocols button to display the SNMP tab, shown in Figure 11 on page 50. 3. In the SNMPv1 & SNMPv2c section, click the Configure button to display the SNMPv1 & SNMPv2c Communities tab, shown in Figure 12. Figure 12.
PAGE 53
AT-S63 Management Software Web Browser User’s Guide Table 7. SNMPv1 & SNMPv2c Communities Tab Column Definition Manager Stations The IP addresses of the management workstations that are permitted to use a string with a closed access status. Trap Receivers The IP addresses of trap receivers to receive traps from the stack. Open Status The access status of a community string. A string that has an open status of Yes can be used by any management workstation.
PAGE 54
Chapter 3: SNMPv1 and SNMPv2c Figure 13. Add New SNMPv1 & SNMPv2c Community Page 5. Configure the parameters, described in Table 8, as needed. Table 8. SNMPv1 and SNMPv2c Community Parameters Parameter 54 Definition Community Name Specifies the community string. The name can be up to 32 alphanumeric characters. Spaces and special characters (such as /, #, or &) are not permitted. Status Enables or disables the community string. A disabled community string cannot be used to manage a stack.
PAGE 55
AT-S63 Management Software Web Browser User’s Guide Table 8. SNMPv1 and SNMPv2c Community Parameters Parameter Definition Access Mode Specifies the access mode for a SNMP community string. A string with a Read Only access mode can only be used to view the MIB objects on the switch. A string with a Read/Write access mode can be used to both view and change the SNMP MIB objects. Allow Any Station Sets the community string as opened or closed.
PAGE 56
Chapter 3: SNMPv1 and SNMPv2c Modifying SNMPv1 and SNMPv2c Communities To modify an SNMPv1 and SNMPv2c community string: 1. From the Home page, click the Configuration button. 2. From the Configuration menu, click the Mgmt. Protocols button. 3. Select the SNMP tab, shown in Figure 11 on page 50. 4. In the SNMPv1 & SNMPv2c section, click the Configure button to display the SNMPv1 & SNMPv2c Communities tab, shown in Figure 12 on page 52. 5.
PAGE 57
AT-S63 Management Software Web Browser User’s Guide Deleting SNMPv1 and SNMPv2c Community Strings To delete an SNMPv1 and SNMPv2c community string: 1. From the Home page, click the Configuration button. 2. From the Configuration menu, click the Mgmt. Protocols button. 3. Select the SNMP tab, shown in Figure 11 on page 50. 4. In the SNMPv1 & SNMPv2c section, click the Configure button to display the SNMPv1 & SNMPv2c Communities tab, shown in Figure 12 on page 52. 5.
PAGE 58
Chapter 3: SNMPv1 and SNMPv2c Displaying the SNMPv1 and SNMPv2c Community Strings To display the SNMPv1 and SNMPv2c community strings from an operator management session: 1. From the Home page, click the Monitoring button. 2. From the Monitoring menu, click the Mgmt. Protocols button. 3. Select the SNMP tab to display the SNMP tab shown in Figure 14. Figure 14.
PAGE 59
AT-S63 Management Software Web Browser User’s Guide 4. In the SNMPv1 & SNMPv2c section, click the View button to display the SNMPv1 & SNMPv2c Communities tab, shown in Figure 15. Figure 15. SNMPv1 & SNMPv2c Communities Tab (Monitoring) The columns in the table are described in Table 7 on page 52.
PAGE 60
Chapter 3: SNMPv1 and SNMPv2c 60 Section I: Basic Operations
PAGE 61
Chapter 4 MAC Address Table This chapter contains instructions on how to view the MAC addresses in the MAC address table. It also explained how to add static addresses to the table.
PAGE 62
Chapter 4: MAC Address Table Displaying the MAC Address Table To view the MAC address table on the master switch: 1. From the Home page, select Monitoring or Configuration. 2. From the Monitoring or Configuration menu, select the Layer 2 option. 3. Select the MAC Address tab, shown in Figure 16. Figure 16.
PAGE 63
AT-S63 Management Software Web Browser User’s Guide The View Unicast MAC Addresses section and the View Multicast MAC Addresses section display unicast and multicast addresses, respectively. The options function the same in both sections. You can select only one option at a time. Table 9. View MAC Addresses Window Selection Section I: Basic Operations Definition View All Displays all dynamic and static unicast or multicast addresses in the MAC address table.
PAGE 64
Chapter 4: MAC Address Table 4. After selecting an option, click the View button. Figure 17 shows an example of unicast MAC addresses. Figure 17. View MAC Addresses Window The columns in the table are described in Table 10. Table 10. View MAC Addresses Window Column 64 Definition VLAN ID Displays the ID numbers of the VLANs of the ports. MAC Address Displays the static and dynamic MAC addresses. Port(s) Displays the ports where the addresses were learned or assigned.
PAGE 65
AT-S63 Management Software Web Browser User’s Guide Adding Static Unicast or Multicast MAC Addresses This section contains the procedure for assigning a static unicast or multicast address to a port. A switch port can have up to 255 static MAC addresses. To add a static address to the MAC address table: 1. From the Home page, click the Configuration button. 2. From the Configuration menu, click the Layer 2 button. 3. If the MAC Address tab is not selected, click it.
PAGE 66
Chapter 4: MAC Address Table 7. Click the VLAN ID field and enter the ID number of the VLAN where the port is a member. 8. Click the Apply button. 9. Repeat this procedure to add other static addresses to the switch. 10. To save your changes in the master configuration file, click the Save Config button in the Configuration menu.
PAGE 67
AT-S63 Management Software Web Browser User’s Guide Deleting Unicast or Multicast MAC Addresses To delete a static or dynamic unicast or multicast MAC address from the stack: 1. From the Home page, click the Configuration button. 2. From the Configuration menu, click the Layer 2 button. 3. If the MAC Address tab is not selected, click it. The tab is shown in Figure 16 on page 62. 4. Display the MAC addresses on the master switch, as explained in “Displaying the MAC Address Table” on page 62. 5.
PAGE 68
Chapter 4: MAC Address Table Deleting All Dynamic MAC Addresses To delete all dynamic unicast and multicast MAC addresses from the MAC address table: 1. From the Home page, select the Configuration button. 2. From the Configuration menu, click the Layer 2 button. 3. If the MAC Address tab is not selected, click it. The tab is shown in Figure 16 on page 62. 4.
PAGE 69
AT-S63 Management Software Web Browser User’s Guide Changing the Aging Time This procedure changes the aging time of the MAC address table. The switch uses the aging time to delete inactive dynamic MAC addresses from the MAC address table. The switch deletes an address from the table if no packets are sent to or received from the address for the period of time specified in the timer. This prevents the table from becoming full of addresses of inactive nodes.
PAGE 70
Chapter 4: MAC Address Table 70 Section I: Basic Operations
PAGE 71
Chapter 5 Static Port Trunks This chapter contains the procedures for managing static port trunks. The sections in this chapter are:  “Creating Static Port Trunks” on page 72  “Modifying Static Port Trunks” on page 75  “Deleting Static Port Trunks” on page 77  “Displaying Static Port Trunks” on page 78 Note The web browser windows do not support LACP trunks. LACP trunks have to be managed with the command line commands.
PAGE 72
Chapter 5: Static Port Trunks Creating Static Port Trunks Caution To prevent the formation of loops in your network and the occurrence of broadcast storms, do not connect the cables to the ports of a static trunk until after you have configured the ports on both the stack and the remote device. Note Before creating a static port trunk, examine the speed, duplex mode, and flow control settings of the lowest numbered port to be in the trunk. Verify that its settings are appropriate for the remote device.
PAGE 73
AT-S63 Management Software Web Browser User’s Guide The table lists the current static ports trunks in the stack. Table 11 describes the columns in the table. Table 11. Port Trunking Tab Column Definition ID Displays the ID numbers of the trunks. Name Displays the names of the trunks. Type Displays the load distribution methods.
PAGE 74
Chapter 5: Static Port Trunks Note Although a static port trunk can consist of ports from different switches in a stack, you can only choose ports from one switch during the initial configuration. Afterwards, you can add more ports to it from other switches in the stack. 5. Use the pull-down Stack ID menu in the upper left corner of the switch image to select one of the switches in the stack with ports that you want to be members of the port trunk and click the Apply button.
PAGE 75
AT-S63 Management Software Web Browser User’s Guide Modifying Static Port Trunks This section contains the procedure for modifying static port trunks. Here are the guidelines:  All of the ports of a static port trunk have to be untagged members of the same VLAN.  If you add a new port that becomes the lowest numbered port in the trunk, its parameter settings overwrite the settings of the existing ports in the trunk.
PAGE 76
Chapter 5: Static Port Trunks Figure 21. Modify Trunk Window 5. To add or remove ports from the trunk, use the Stack ID pull-down menu in the switch image to select the ID number of one of the switches in the stack and click the Apply button. You can add or remove ports from a trunk from just one switch at a time. 6. In the switch image click the ports that you want to add or remove from the trunk. A trunk member is white. 7.
PAGE 77
AT-S63 Management Software Web Browser User’s Guide Deleting Static Port Trunks Caution To prevent the formation of loops and broadcast storms in your network, disconnect the cables from the ports of a trunk before deleting it. To delete a port trunk from the stack: 1. From the Home page, click the Configuration button. 2. From the Configuration menu, click the Layer 1 button. 3. Click the Port Trunking tab, shown in Figure 19 on page 72. 4.
PAGE 78
Chapter 5: Static Port Trunks Displaying Static Port Trunks To display the port trunks in the stack: 1. From the Home page, click the Monitoring button. 2. From the Monitoring menu, click the Layer 1 button. 3. Click the Port Trunking tab, shown in Figure 22. Figure 22. Port Trunking Tab (Monitoring) The table is described in Table 11 on page 73.
PAGE 79
Chapter 6 Port Mirroring This chapter contains the procedures for managing the port mirroring feature.
PAGE 80
Chapter 6: Port Mirroring Overview The port mirror feature allows you to unobtrusively monitor the ingress or egress traffic on one or more ports on a stack by copying the traffic to another stack port. By connecting a network analyzer to the port where the traffic is being copied to, you can monitor the traffic on the other ports without impacting network performance or speed. The port(s) whose traffic you want to mirror is called the source port(s).
PAGE 81
AT-S63 Management Software Web Browser User’s Guide Creating the Port Mirror To configure the port mirror: 1. From the home page, click the Configuration button. 2. From the Configuration menu, click the Layer 1 button. 3. Click the Port Mirroring tab, shown in Figure 23. Figure 23. Port Mirroring Tab Table 12 describes the columns in the Port Mirroring table. Table 12. Port Mirroring Tab Column Section I: Basic Features Definition Mirror to Port Displays the destination port of the mirrored traffic.
PAGE 82
Chapter 6: Port Mirroring Table 12. Port Mirroring Tab Column Definition Status Displays the status of port mirroring on the stack. The possible states are: Enabled - The port mirror is active. Disabled - The port mirror is disabled. When the port mirror is disabled, no traffic is copied to the destination port. 4. This step explains how to specify the source ports of the port mirror. The source ports should be designated before the destination port.
PAGE 83
AT-S63 Management Software Web Browser User’s Guide c. In the switch image, click the source ports for the port mirror. Clicking a port toggles it through the settings in Table 13. Table 13. Port Mirror Settings Icon Definition The port’s ingress traffic is copied to the destination port. The port’s egress traffic is mirrored to the destination port. The port’s ingress and egress traffic is copied to the destination port. This is the destination (mirror) port. A stack can have only one destination port.
PAGE 84
Chapter 6: Port Mirroring Figure 25. Example of the Port Mirroring Tab 6. To save your changes in the master configuration file, click the Save Config button in the Configuration menu.
PAGE 85
AT-S63 Management Software Web Browser User’s Guide Modifying the Port Mirror To modify the port mirror: 1. From the home page, click the Configuration button. 2. From the Configuration menu, click the Layer 1 button. 3. Click the Port Mirroring tab, shown in Figure 23 on page 81. 4. Click the Modify button to display the Modify Mirror popup window in Figure 24 on page 82. 5. Click the Enable Mirror checkbox to remove the check and click the Apply button.
PAGE 86
Chapter 6: Port Mirroring d. Using the stack ID pull-down menu in the upper left corner of the switch image, select the ID number of the switch that has the port that you want to make the new destination port. If the switch is already displayed, you can skip this step. e. Click the port until it turns solid white, as shown in Table 13 on page 83. f. Click Apply to close the Modify Mirror popup window. 8. To activate the port mirror again: a. Click the Modify button. b.
PAGE 87
AT-S63 Management Software Web Browser User’s Guide Disabling the Port Mirror This procedure is used to disable port mirroring so that the stack stops copying traffic from the source ports to the destination port. The destination port, however, is still reserved for port mirroring. To resume normal network operations on the destination port, refer to “Deleting the Port Mirror” on page 88. To disable the port mirror: 1. From the Home page, click the Configuration button. 2.
PAGE 88
Chapter 6: Port Mirroring Deleting the Port Mirror To return the destination port to normal network operations: 1. From the Home page, click the Configuration button. 2. From the Configuration menu, click the Layer 1 button. 3. Select the Port Mirroring tab, shown in Figure 23 on page 81. 4. Click the Modify button to display the popup window in Figure 24 on page 82. 5. If the port mirror is not already disabled, click the Enable Mirror checkbox to remove the check and click the Apply button. 6.
PAGE 89
AT-S63 Management Software Web Browser User’s Guide Displaying the Port Mirror To display the port mirror settings from the operator account: 1. From the Home page, click the Monitoring button. 2. From the Monitoring menu, click the Layer 1 button. 3. Select the Port Mirroring tab, shown in Figure 26. Figure 26. Port Mirroring Tab (Monitoring) The columns in the Port Mirroring are described in Table 12 on page 81.
PAGE 90
Chapter 6: Port Mirroring 90 Section I: Basic Features
PAGE 91
Section II Advanced Operations This section has the following chapters: Section II: Advanced Operations  Chapter 7, “File System” on page 93  Chapter 8, “File Downloads and Uploads” on page 99  Chapter 9, “Event Logs and the Syslog Client” on page 105  Chapter 10, “IGMP Snooping” on page 123 91
PAGE 92
Section II: Advanced Operations
PAGE 93
Chapter 7 File System This chapter contains the procedures for working with the switch’s file system. The sections include:  “Listing the Files in Flash Memory or on a Compact Flash Card” on page 94  “Selecting the Active Boot Configuration File” on page 97 Note You cannot copy, rename, or delete files from a web browser management session. To perform those functions, use the command line commands.
PAGE 94
Chapter 7: File System Listing the Files in Flash Memory or on a Compact Flash Card To display a list of the system files that are stored in the master switch’s flash memory or on a compact flash card: 1. From the Home page, click the Configuration button. 2. From the Configuration menu, click the Utilities button. 3. Select the File System tab. to display the FIle System tab in Figure 27. Figure 27.
PAGE 95
AT-S63 Management Software Web Browser User’s Guide The Current Files table lists the files in the flash memory or the compact flash card in the master switch. The information in the tab is defined in this table. Table 14. File System Tab Field or Column Definition File Name Name of the system file. Device The location of the file. This can be either “flash” for flash memory or “cflash” for a compact flash card. Size Size of the file, in bytes.
PAGE 96
Chapter 7: File System Figure 28.
PAGE 97
AT-S63 Management Software Web Browser User’s Guide Selecting the Active Boot Configuration File This procedure changes the active boot configuration file on the master switch. The master switch uses the active boot configuration file to store the configuration settings of the stack and to configure the operating parameters of the stack whenever it is reset or power cycled.
PAGE 98
Chapter 7: File System 5. Click the Apply button. The master switch searches the file system or flash memory card for the file. If it finds the file, it displays the file name in the Default Configuration File field along with the word “Exists.” The file is now the active boot configuration file on the switch. If the switch can not locate the file, it displays the name of the previous boot configuration file. Repeat steps 4 and 5, being sure to enter the name correctly. 6.
PAGE 99
Chapter 8 File Downloads and Uploads This chapter explains how to upload and download files, such as configuration files, to the master switch of a stack. This chapter contains the following sections:  “General Guidelines” on page 100  “Downloading a Master Configuration File” on page 101  “Uploading a Configuration File or an Event Log File” on page 104 Note For instructions on how to upgrade the AT-S63 Management Software on the switches of a stack, refer to the AT-S63 Software Release Notes.
PAGE 100
Chapter 8: File Downloads and Uploads General Guidelines Here are the general guidelines to uploading or downloading files to the master switch of a stack for the web browser windows: 100  You have to use TFTP.  There has to be a node on your network with the TFTP server software.  You should start the TFTP server before you begin the upload or download procedure.  The stack must have a routing interface on the local subnet from where it reaches the TFTP server.
PAGE 101
AT-S63 Management Software Web Browser User’s Guide Downloading a Master Configuration File This procedure explains how to download a new master configuration file from a TFTP server to the master switch of a stack. You might perform this procedure to return the switches of a stack to an earlier configuration or to assign a stack the same settings as another stack. Caution This procedure is disruptive to the network operations of a stack. A stack resets after receiving a new configuration file.
PAGE 102
Chapter 8: File Downloads and Uploads Figure 29. System Utilities Tab 3. In the TFTP Server IP Address field, enter the IP address of the network node that has the TFTP server software. 4. For the TFTP Operation parameter, click the Download button. 5. Select the TFTP Remote Filename field and enter the name of the configuration file that is stored on the TFTP server. The filename extension has to be “.cfg”. 6. Select the TFTP Local Filename field and enter a name for the file.
PAGE 103
AT-S63 Management Software Web Browser User’s Guide 8. Click the Apply button. If you selected the Config option in step 6, the master switch, after receiving the new file from the TFTP server, stores it in its file system and marks it as its new active configuration file. It then displays a message on your screen when it is ready to reset the stack. When you see the prompt, click OK to initiate the reset and the discovery process.
PAGE 104
Chapter 8: File Downloads and Uploads Uploading a Configuration File or an Event Log File This procedure explains how to upload a boot configuration file or an event log file from the file system of the master switch to a TFTP server. You might upload a configuration file in order to transfer it to another stack on your network or to maintain a history of the settings of a stack.
PAGE 105
Chapter 9 Event Logs and the Syslog Client This chapter describes how to view switch activity by displaying and saving the contents of the event logs. It also explains how to send events to syslog servers on your network by creating syslog output definitions.
PAGE 106
Chapter 9: Event Logs and the Syslog Client Enabling or Disabling the Event Logs To enable or disable the event logs: 1. From the Home page, click either the Configuration button. 1. From the Configuration menu, click the System button. 2. Click the Event Log tab, shown in Figure 30. Figure 30.
PAGE 107
AT-S63 Management Software Web Browser User’s Guide 3. In the Log Settings section, click Enabled for the Status to enable the event logs, or Disabled to disable the event logs and to stop the master switch from storing events in the event log. The default setting is enabled. 4. Click Apply to activate the settings on the switch. If you enabled the logs, the switch immediately begins to add events to the logs. 5.
PAGE 108
Chapter 9: Event Logs and the Syslog Client Displaying the Event Messages To view the events messages in the event logs: 1. From the Home page, click either the Monitoring or the Configuration button. 2. Click the System button. 3. Select the Event Log tab, shown in Figure 30 on page 106. 4. Configure the parameters in the Display Filter Settings section to define the types of events you want to view. The parameters are described in Table 15. 5. After configuring the parameters, click the View button.
PAGE 109
AT-S63 Management Software Web Browser User’s Guide Table 15. Display Filter Settings Parameters Parameter Severity Selections (continued) Definition E - Error - Only error messages are displayed. Error messages indicate that the switch operation is severely impaired. W - Warning - Only warning messages are displayed. These messages indicate that an issue may require manager attention. I - Information - Only informational messages are displayed.
PAGE 110
Chapter 9: Event Logs and the Syslog Client Table 16.
PAGE 111
AT-S63 Management Software Web Browser User’s Guide Table 16. AT-S63 Software Modules Name Description RTC Real time clock SNMP Simple Network Management Protocol SSH Secure Shell protocol SSL Secure Sockets Layer protocol STP Spanning Tree, Rapid Spanning Tree, and Multiple Spanning Tree protocols SYSTEM Hardware status; Manager and Operator log in and log off events.
PAGE 112
Chapter 9: Event Logs and the Syslog Client An example of the Full mode is shown in Figure 32. Figure 32. Event Log Example Displayed in Full Mode The columns in the tables are described in Table 17: Table 17. Event Log Column Severity Definition Displays the event’s severity, which can be one of the following: E - Error - Switch operation is severely impaired. W - Warning - An issue that may require network manager attention. I - Informational - Information that can be ignored during normal operation.
PAGE 113
AT-S63 Management Software Web Browser User’s Guide Table 17. Event Log Column Filename:Line (full mode only) Section II: Advanced Operations Definition The originator of the event displayed as the name of the AT-S63 software source file and the line number.
PAGE 114
Chapter 9: Event Logs and the Syslog Client Clearing an Event Log To delete all of the event messages in a log: 1. From the Home page, click the Configuration button. 2. From the Configuration menu, click the System button. 3. Select the Event Log tab, shown in Figure 30 on page 106. 4. In the Log Settings section, click the radio button of the event log you want to clear. 5. Click the Clear Log check box. 6. Click the Apply button to delete the events in the log.
PAGE 115
AT-S63 Management Software Web Browser User’s Guide Modifying an Event Log’s Full Action This procedure is used to control the behavior of an event log when it reaches its maximum capacity of messages. This is referred to as an event log’s full action. An event log can either delete the oldest entries as it adds new entries or stop adding new entries to preserve the log contents. Note Event messages are sent to syslog servers even when the logs are full. To configure the full action of an event log: 1.
PAGE 116
Chapter 9: Event Logs and the Syslog Client Saving an Event Log to a File To save an event log as a file in the master switch’s file system: 1. From the Configuration menu, click the System button. 2. Click the Event Log tab, shown in Figure 30 on page 106. 3. Configure the parameters in the Display Filter Settings section of the tab to define the log events you want to save in the file. For instructions, refer to Table 15 on page 108. 4. Select the Save Filename field and enter a name for the file.
PAGE 117
AT-S63 Management Software Web Browser User’s Guide Configuring Syslog Output Definitions To create a syslog output definition for sending the event messages to a syslog server on your network: 1. From the Home page, click the Configuration button. 2. From the Configuration menu, click the System button. 3. Select the Event Log tab, shown in Figure 30 on page 106. 4. In the Configure Log Outputs section of the tab, click the Create button to display the Create Log Output page in Figure 34. Figure 34.
PAGE 118
Chapter 9: Event Logs and the Syslog Client Table 18. Syslog Output Definition Parameters Parameter Output Status Definition Sets the status of the syslog output definition. The options are: Enabled - The master switch uses the definition to send the event messages to the defined syslog server. Disabled - The master switch does not use the definition to send event messages. Message Format Controls the format of the event messages.
PAGE 119
AT-S63 Management Software Web Browser User’s Guide Table 18. Syslog Output Definition Parameters Parameter Definition Type Sets the output definition’s type. The only option is Syslog. Syslog Server IP Address Specifies the IP address of the syslog server. Facility Level Sets the numerical code the master switch adds to the entries when it sends them to the syslog server. The options are: Default - This setting uses the functional groupings defined in the RFC 3164 standard.
PAGE 120
Chapter 9: Event Logs and the Syslog Client Modifying Syslog Output Definitions To modify a syslog output definition: 1. From the Home page, click the Configuration button. 2. From the Configuration menu, click the System button. 3. Select the Event Log tab, shown in Figure 30 on page 106. 4. In the Configure Log Outputs section of the tab, click the radio button of the log output file you want to modify and click the Modify button to display the Modify Event Log Output window.
PAGE 121
AT-S63 Management Software Web Browser User’s Guide Deleting Syslog Output Definitions To delete a syslog output definition: 1. From the Home page, click the Configuration button. 2. From the Configuration menu, click the System button. 3. Select the Event Log tab, shown in Figure 30 on page 106. 4. In the Configure Log Outputs section of the tab, click the radio button of the syslog output definition you want to delete and click the Delete button. You can delete only one definition at a time.
PAGE 122
Chapter 9: Event Logs and the Syslog Client 122 Section II: Advanced Operations
PAGE 123
Chapter 10 IGMP Snooping This chapter describes how to configure the IGMP snooping feature.
PAGE 124
Chapter 10: IGMP Snooping Configuring IGMP Snooping To configure IGMP snooping: 1. From the Home page, click the Configuration button. 2. From the Configuration menu, click the Multicast button to display the IGMP tab, shown in Figure 36. Figure 36. IGMP Tab 3. Configure the parameters, described in Table 19, as needed. Table 19. IGMP Tab Parameter 124 Definition Enable IGMP Snooping Status Enables and disables IGMP snooping on the stack. A check in the box indicates that IGMP snooping is enabled.
PAGE 125
AT-S63 Management Software Web Browser User’s Guide Table 19. IGMP Tab Parameter Multicast Host Topology (continued) Definition The Single-Host/Port (Edge) setting is appropriate when there is only one host node connected to each port on the stack. At this setting the stack immediately stops sending multicast packets out a port when a host node sends a leave request to leave a multicast group or when the host node stops sending reports and times out.
PAGE 126
Chapter 10: IGMP Snooping Table 19. IGMP Tab Parameter Host/Router Timeout Interval Definition Specifies the time period in seconds for determining inactive host nodes. An inactive host node is a node that has not sent an IGMP report during the specified time interval. The range is from 0 second to 86,400 seconds (24 hours). The default is 260 seconds. If you set the timeout to zero (0), the timeout interval is disabled and inactive host nodes are never timed out.
PAGE 127
AT-S63 Management Software Web Browser User’s Guide Displaying the Host Nodes and the Multicast Routers To view the host nodes and the multicast routers connected to the ports on the stack: 1. From the Home page, click the Monitoring button. 2. From the Monitoring menu, click the Multicast button to display the IGMP tab shown in Figure 37. Figure 37. IGMP Tab (Monitoring) The parameters in the tab are defined in Table 19 on page 124. 3.
PAGE 128
Chapter 10: IGMP Snooping Table 20. View Multicast Hosts List Window Column Definition Member Port/Trunk ID Displays the port on the stack where the host node is connected. If the host node is connected to the stack through a trunk, the trunk ID number, not the port number, is displayed. Host IP Displays the IP address of the host node connected to the port. Version Displays the version of IGMP used by the host. Exp.
PAGE 129
Section III SNMPv3 This section has the following chapter:  Section III: SNMPv3 Chapter 11, “SNMPv3” on page 131 129
PAGE 130
Section III: SNMPv3
PAGE 131
Chapter 11 SNMPv3 This chapter provides the following procedures for configuring SNMPv3 parameters using a web browser management session: Section III: SNMPv3  “Configuring the SNMPv3 Protocol” on page 132  “Enabling or Disabling SNMP Management” on page 133  “Configuring the SNMPv3 User Table” on page 134  “Configuring the SNMPv3 View Table” on page 139  “Configuring the SNMPv3 Access Table” on page 144  “Configuring the SNMPv3 SecurityToGroup Table” on page 150  “Configuring the SN
PAGE 132
Chapter 11: SNMPv3 Configuring the SNMPv3 Protocol To configure the SNMPv3 protocol, you need to first enable SNMP access on the stack. Then you configure the SNMPv3 tables.
PAGE 133
AT-S63 Management Software Web Browser User’s Guide Enabling or Disabling SNMP Management Before you can manage a stack with SNMP, you have to enable SNMP access on the stack, as explained in this section. Furthermore, if you want the stack to send authentication failure traps when there is an unsuccessful login attempt, you also have to enable authentication failure traps. To enable or disable SNMP access and authentication failure traps: 1. From the Home page, click the Configuration button. 2.
PAGE 134
Chapter 11: SNMPv3 Configuring the SNMPv3 User Table To create, delete, or modify SNMPv3 User Table entries, refer to the following procedures: Creating a User Table Entry  “Creating a User Table Entry” on page 134  “Deleting a User Table Entry” on page 137  “Modifying a User Table Entry” on page 137 To create an entry in the SNMPv3 User Table: 1. From the Home page, click the Configuration button. 2. From the Configuration menu, click the Mgmt.
PAGE 135
AT-S63 Management Software Web Browser User’s Guide Figure 39. Add New SNMPv3 User Page 5. Configure the parameters, described in Table 22, for the new entry and click the Apply button. Table 22. SNMPv3 User Entry Parameters Parameter Description User Name A descriptive name of up to 32 alphanumeric characters for the user. Authentication Protocol The user’s authentication protocol. The possible values are: M-MD5 This value represents the MD5 authentication protocol.
PAGE 136
Chapter 11: SNMPv3 Table 22. SNMPv3 User Entry Parameters Parameter Description Authentication Protocol (continued) N-None - This value represents no authentication protocol. When messages are received, users are not authenticated. This selection does not support a Privacy Protocol. Note You may want to assign NONE to a super user. Authentication Password Confirm Authentication Password An authentication password of 8 to 32 alphanumeric characters. Applies only to MD5 and SHA authentication protocols.
PAGE 137
AT-S63 Management Software Web Browser User’s Guide Deleting a User Table Entry To delete an entry from the SNMPv3 User Table: 1. From the Home page, click the Configuration button. 2. From the Configuration menu, click the Mgmt. Protocols button to display the SNMP tab, shown in Figure 11 on page 50. 3. In the SNMPv3 section, click the radio button next to Configure User Table and then click Configure to display the SNMPv3 User Table tab in Figure 38 on page 134. 4.
PAGE 138
Chapter 11: SNMPv3 Figure 40. Modify SNMPv3 User Page 5. Modify the parameters as needed. The parameters are described in Table 22 on page 135. 6. After modifying the entry, click the Apply button. 7. At the confirmation prompt, click the OK button. 8. To save your changes in the master configuration file, click the Save Config button in the Configuration menu.
PAGE 139
AT-S63 Management Software Web Browser User’s Guide Configuring the SNMPv3 View Table To create, delete, or modify SNMPv3 View Table entries, refer to the following procedures: Creating a View Table Entry  “Creating a View Table Entry” on page 139  “Deleting a View Table Entry” on page 142  “Modifying a View Table Entry” on page 142 To create an entry in the SNMPv3 View Table: 1. From the Home page, click the Configuration button. 2. From the Configuration menu, click the Mgmt.
PAGE 140
Chapter 11: SNMPv3 Figure 42. Add New SNMPv3 View Page 5. Configure the parameters, described in Table 23, for the new entry and click the Apply button. Table 23. SNMPv3 View Table Parameters Parameter View Name Description A descriptive name for this view of up to 32 alphanumeric characters. Note The “defaultViewAll” value is the default entry for the SNMPv1 and SNMPv2c configuration. You cannot use this default value for an SNMPv3 View Table entry.
PAGE 141
AT-S63 Management Software Web Browser User’s Guide Table 23. SNMPv3 View Table Parameters Parameter Subtree Mask Description A subtree mask in hexadecimal format. This is an optional parameter used to further refine the value in the View Subtree parameter. This parameter is in binary format. The relationship between a subtree mask and a subtree is similar to the relationship between an IP address and a subnet mask. The subnet mask further refines the IP address.
PAGE 142
Chapter 11: SNMPv3 Deleting a View Table Entry To delete an entry from the SNMPv3 View Table: 1. From the Home page, click the Configuration button. 2. From the Configuration menu, click the Mgmt. Protocols button to display the SNMP tab, shown in Figure 11 on page 50. 3. In the SNMPv3 section, click the radio button for the Configure View Table and then the Configure button to display the SNMPv3 View Table tab in Figure 41 on page 139. 4.
PAGE 143
AT-S63 Management Software Web Browser User’s Guide 5. Modify the parameters as needed. The parameters are described in Table 23 on page 140. 6. After modifying the entry, click the Apply button. 7. At the confirmation prompt, click the OK button. 8. To save your changes in the master configuration file, click the Save Config button in the Configuration menu.
PAGE 144
Chapter 11: SNMPv3 Configuring the SNMPv3 Access Table To create, delete, or modify SNMPv3 Access Table entries, refer to the following procedures: Creating an Access Table  “Creating an Access Table” on page 144  “Deleting an Access Table Entry” on page 148  “Modifying an Access Table Entry” on page 148 To create an entry in the SNMPv3 Access Table: 1. From the Home page, click the Configuration button. 2. From the Configuration menu, click the Mgmt.
PAGE 145
AT-S63 Management Software Web Browser User’s Guide Figure 45. Add New SNMPv3 Access Window 5. Configure the parameters, described in Table 24, for the new entry and click the Apply button. Table 24. SNMPv3 Access Table Parameters Parameter Group Name Description A descriptive name for the group of up to 32 alphanumeric characters. You are not required to enter a unique value here because the SNMPv3 Access Table entry is indexed with the Group Name, Security Model, and Security Level parameter values.
PAGE 146
Chapter 11: SNMPv3 Table 24. SNMPv3 Access Table Parameters Parameter Description Read View Name The value that you configured with the View Name parameter in the SNMPv3 View Table. A Read View Name allows the users assigned to this Group Name to view the information specified by the View Table entry. This value does not need to be unique. Write View Name The value that you configured with the View Name parameter in the SNMPv3 View Table.
PAGE 147
AT-S63 Management Software Web Browser User’s Guide Table 24. SNMPv3 Access Table Parameters Parameter Description Security Level (continued) Authentication - This option represents authentication, but no privacy protocol. Select this security level if you want to authenticate SNMP users, but you do not want to encrypt messages using a privacy protocol.You can select this value if you configured the Security Model parameter with the SNMPv3 protocol.
PAGE 148
Chapter 11: SNMPv3 Deleting an Access Table Entry To delete an entry from the SNMPv3 Access Table: 1. From the Home page, click the Configuration button. 2. From the Configuration menu, click the Mgmt. Protocols button to display the SNMP tab, shown in Figure 11 on page 50. 3. In the SNMPv3 section, click the radio button for the Configure Access Table and then the Configure button to display the SNMPv3 Access Table tab in Figure 44 on page 144. 4.
PAGE 149
AT-S63 Management Software Web Browser User’s Guide Figure 46. Modify SNMPv3 Access Window 6. Modify the parameters as needed. The parameters are described in Table 24 on page 145. 7. After modifying the entry, click the Apply button. 8. At the confirmation prompt, click the OK button. 9. To save your changes in the master configuration file, click the Save Config button in the Configuration menu.
PAGE 150
Chapter 11: SNMPv3 Configuring the SNMPv3 SecurityToGroup Table To create, delete, or modify SNMPv3 SecurityToGroup Table entries, refer to the following procedures: Creating a SecurityToGroup Table Entry  “Creating a SecurityToGroup Table Entry” on page 150  “Deleting a SecurityToGroup Table Entry” on page 152  “Modifying a SecurityToGroup Table Entry” on page 153 To create an entry in the SNMPv3 SecurityToGroup Table: 1. From the Home page, click the Configuration button. 2.
PAGE 151
AT-S63 Management Software Web Browser User’s Guide Figure 48. Add New SNMPv3 SecurityToGroup Page 5. Configure the parameters, described in Table 25, for the new entry and click the Apply button. Table 25. SNMPv3 Security to Group Table Parameters Parameter Security Model Description The corresponding SNMP protocol of the User Name. The possible values are: 1-v1 - Select this value to associate the Group Name with the SNMPv1 protocol.
PAGE 152
Chapter 11: SNMPv3 Table 25. SNMPv3 Security to Group Table Parameters Parameter Group Name Description A Group Name that you configured in the SNMPv3 Access Table. Refer to “Configuring the SNMPv3 Access Table” on page 144. There are four default values for this field:  defaultV1GroupReadOnly  defaultV1GroupReadWrite  defaultV2cGroupReadOnly  defaultV2cGroupReadWrite These values are reserved for SNMPv1 and SNMPv2c implementations. Storage Type The storage method of the entry.
PAGE 153
AT-S63 Management Software Web Browser User’s Guide 6. To save your changes in the master configuration file, click the Save Config button. Modifying a SecurityToGroup Table Entry To modify an entry in the SNMPv3 SecurityToGroup Table: 1. From the Home page, click the Configuration button. 2. From the Configuration menu, click the Mgmt. Protocols button to display the SNMP tab, shown in Figure 11 on page 50. 3.
PAGE 154
Chapter 11: SNMPv3 Configuring the SNMPv3 Notify Table Here are the procedures for managing the SNMPv3 Notify Table: Creating a Notify Table Entry  “Creating a Notify Table Entry” on page 154  “Deleting a Notify Table Entry” on page 156  “Modifying a Notify Table Entry” on page 156 To create an entry in the SNMPv3 Notify Table: 1. From the Home page, click the Configuration button. 2. From the Configuration menu, click the Mgmt.
PAGE 155
AT-S63 Management Software Web Browser User’s Guide Figure 51. Add New SNMPv3 Notify Page 5. Configure the parameters, described in Table 26, for the new entry and click the Apply button. Table 26. SNMPv3 Notify Table Parameters Parameter Description Notify Name The name to be associated with this trap message. The name can be up to 32 alphanumeric characters. For example, you might define a trap message for hardware engineering and enter a value of “hardwareengineeringtrap” for the Notify Name.
PAGE 156
Chapter 11: SNMPv3 Table 26. SNMPv3 Notify Table Parameters Parameter Description Storage Type (continued) N-NonVolatile - This setting allows the stack to save the entry in the master configuration file when the save command is issued. Allied Telesis recommends this storage type. Row Status The status of the entry. All entries have a status of Active. 6. To save your changes in the master configuration file, click the Save Config button in the Configuration menu.
PAGE 157
AT-S63 Management Software Web Browser User’s Guide Figure 52. Modify SNMPv3 Notify Page 5. Modify the parameters as needed. The parameters are described in Table 26 on page 155. 6. After modifying the entry, click the Apply button. 7. At the confirmation prompt, click the OK button. 8. To save your changes in the master configuration file, click the Save Config button in the Configuration menu.
PAGE 158
Chapter 11: SNMPv3 Configuring the SNMPv3 Target Address Table Here are the procedures for managing the SNMPv3 Target Address Table: Creating a Target Address Table Entry  “Creating a Target Address Table Entry” on page 158  “Deleting a Target Address Table Entry” on page 160  “Modifying a Target Address Table Entry” on page 161 To create an entry in the SNMPv3 Target Address Table: 1. From the Home page, click the Configuration button. 2. From the Configuration menu, click the Mgmt.
PAGE 159
AT-S63 Management Software Web Browser User’s Guide Figure 54. Add New SNMPv3 Target Address Window 5. Configure the parameters, described in Table 27, for the new entry and click the Apply button. Table 27. SNMPv3 Target Address Table Parameters Parameter Description Target Address Name The name of the SNMP manager, or host, that manages the SNMP activity on the stack. The name can be up to 32 alphanumeric characters. IP Address The IP address of the host.
PAGE 160
Chapter 11: SNMPv3 Table 27. SNMPv3 Target Address Table Parameters Parameter Description Retries The number of times the stack retrIes, or resends, an Inform message. When an Inform message is generated, a response from the stack is required. This parameter determines how many times the stack resends an Inform message. The Retries parameter applies to Inform messages only. The range is 0 to 255 retries. The default is 3 retries.
PAGE 161
AT-S63 Management Software Web Browser User’s Guide 5. Click the Remove button. 6. At the confirmation prompt, click the OK button. 7. To save your changes in the master configuration file, click the Save Config button in the Configuration menu. Modifying a Target Address Table Entry To modify an entry in the SNMPv3 Target Address Table: 1. From the Home page, click the Configuration button. 2. From the Configuration menu, click the Mgmt.
PAGE 162
Chapter 11: SNMPv3 9. To save your changes in the master configuration file, click the Save Config button in the Configuration menu.
PAGE 163
AT-S63 Management Software Web Browser User’s Guide Configuring the SNMPv3 Target Parameters Table Here are the procedures for managing the SNMPv3 Target Parameters Table: Creating a Target Parameters Table Entry  “Creating a Target Address Table Entry” on page 158  “Deleting a Target Address Table Entry” on page 160  “Modifying a Target Address Table Entry” on page 161 To create an entry in the SNMPv3 Target Parameters Table: 1. From the Home page, click the Configuration button. 2.
PAGE 164
Chapter 11: SNMPv3 4. Click the Add button to display the Add New SNMPv3 Target Parameter page, shown in Figure 57. Figure 57. Add New SNMPv3 Target Parameters Page 5. Configure the parameters, described in Table 28, for the new entry and click the Apply button. Table 28. SNMPv3 Target Parameters Table Parameters Parameter Description Target Parameters Name A name for the entry of up to 32 alphanumeric characters.
PAGE 165
AT-S63 Management Software Web Browser User’s Guide Table 28. SNMPv3 Target Parameters Table Parameters Parameter Description Security Name The user name of the appropriate entry in the SNMPv3 User Table. Security Level The possible values are: Note This value must match the security level of the corresponding user name in the SNMPv3 User Table. No Authentication/Privacy - This option provides no authentication and no privacy protocol.
PAGE 166
Chapter 11: SNMPv3 Deleting a Target Parameters Table Entry To delete an entry from the SNMPv3 Target Parameters Table: 1. From the Home page, click the Configuration button. 2. From the Configuration menu, click the Mgmt. Protocols button to display the SNMP tab, shown in Figure 11 on page 50. 3. In the SNMPv3 section, click the radio button for Configure Target Parameters Table and then the Configure button to display the SNMPv3 Target Parameters Table tab in Figure 56 on page 163. 4.
PAGE 167
AT-S63 Management Software Web Browser User’s Guide 5. Modify the parameters as needed. The parameters are described in Table 28 on page 164. 6. After modifying the entry, click the Apply button. 7. At the confirmation prompt, click the OK button. 8. To save your changes in the master configuration file, click the Save Config button in the Configuration menu.
PAGE 168
Chapter 11: SNMPv3 Configuring the SNMPv3 Community Table To create, delete, or modify SNMPv3 Community Table entries, refer to the following procedures:  “Creating an SNMPv3 Community Table Entry” on page 168  “Deleting an SNMPv3 Community Table Entry” on page 170  “Modifying an SNMPv3 Community Table Entry” on page 170 Note The SNMPv3 Community Table is used to configure the protocol for use with SNMPv1 or SNMPv2c. Allied Telesis does not recommend this configuration.
PAGE 169
AT-S63 Management Software Web Browser User’s Guide Figure 60. Add New SNMPv3 Community Page 5. Configure the parameters, described in Table 28, for the new entry and click the Apply button. Table 29. SNMPv3 Community Table Parameters Parameter Description Community Index An index value of up to 32- alphanumeric characters. Community Name A community name of up to 64-alphanumeric characters. The community name acts as a password for the SNMPv3 Community Table entry. This parameter is case sensitive.
PAGE 170
Chapter 11: SNMPv3 6. To save your changes in the master configuration file, click the Save Config button in the Configuration menu. Deleting an SNMPv3 Community Table Entry To delete an entry from the SNMPv3 Community Table: 1. From the Home page, click the Configuration button. 2. From the Configuration menu, click the Mgmt. Protocols button to display the SNMP tab, shown in Figure 11 on page 50. 3.
PAGE 171
AT-S63 Management Software Web Browser User’s Guide Figure 61. Modify SNMPv3 Community Page 5. Modify the parameters as needed. The parameters are described in Table 28 on page 164. 6. After modifying the entry, click the Apply button. 7. At the confirmation prompt, click the OK button. 8. To save your changes in the master configuration file, click the Save Config button in the Configuration menu.
PAGE 172
Chapter 11: SNMPv3 Displaying the SNMPv3 Tables This section contains procedures to display the SNMPv3 Tables.
PAGE 173
AT-S63 Management Software Web Browser User’s Guide Displaying the View Table Entries To display the entries in the SNMPv3 View Table: 1. From the Home page, select Monitoring. 2. From the Monitoring menu, click the Mgmt. Protocols button to display the SNMP tab, shown in Figure 11 on page 50. 3. In the SNMPv3 section, click the radio button for View View Table and the View button to display the SNMPv3 View Table tab in Figure 63.
PAGE 174
Chapter 11: SNMPv3 Displaying the Access Table Entries To display the entries in the SNMPv3 Access Table: 1. From the Home page, click the Monitoring button. 2. From the Monitoring menu, click the Mgmt. Protocols button to display the SNMP tab, shown in Figure 11 on page 50. 3. In the SNMPv3 section, click the radio button for View Access Table and the View button to display the SNMPv3 Access Table tab in Figure 64. The parameters that define the access table entries are described in Table 24 on page 145.
PAGE 175
AT-S63 Management Software Web Browser User’s Guide Displaying the SecurityToGroup Table Entries To display the entries in the SNMPv3 SecurityToGroup Table: 1. From the Home page, click the Monitoring button. 2. From the Monitoring menu, click the Mgmt. Protocols button to display the SNMP tab, shown in Figure 11 on page 50. 3. In the SNMPv3 section, click the radio button for View SecurityToGroup Table and the View button to display the SNMPv3 SecurityToGroup Table tab in Figure 65.
PAGE 176
Chapter 11: SNMPv3 Displaying the Notify Table Entries To display the entries in the SNMPv3 Notify Table: 1. From the Home page, click the Monitoring button. 2. From the Monitoring menu, click the Mgmt. Protocols button to display the SNMP tab, shown in Figure 11 on page 50. 3. In the SNMPv3 section, click the radio button for View Notify Table and the View button to display the SNMPv3 Notify Table tab in Figure 66. The parameters that define notify table entries are described in Table 26 on page 155.
PAGE 177
AT-S63 Management Software Web Browser User’s Guide Displaying the Target Address Table Entries To display the entries in the SNMPv3 Target Address Table: 1. From the Home page, click the Monitoring button. 2. From the Monitoring menu, click the Mgmt. Protocols button to display the SNMP tab, shown in Figure 11 on page 50. 3. In the SNMPv3 section, click the radio button for View Target Address Table and the View button to display the SNMPv3 Target Address Table tab in Figure 67.
PAGE 178
Chapter 11: SNMPv3 Displaying the Target Parameters Table Entries To display the entries in the SNMPv3 Target Parameters Table: 1. From the Home page, click the Monitoring button. 2. From the Monitoring menu, click the Mgmt. Protocols button to display the SNMP tab, shown in Figure 11 on page 50. 3. In the SNMPv3 section, click the radio button for View Target Parameters Table and the View button to display the SNMPv3 Target Parameters Table tab in Figure 68.
PAGE 179
AT-S63 Management Software Web Browser User’s Guide Displaying the SNMPv3 Community Table Entries To display the entries in the SNMPv3 Community Table: 1. From the Home page, click the Monitoring button. 2. From the Monitoring menu, click the Mgmt. Protocols button to display the SNMP tab, shown in Figure 11 on page 50. 3. In the SNMPv3 section, click the radio button for View Community Table and the View button to display the SNMPv3 Community Table tab in Figure 69.
PAGE 180
Chapter 11: SNMPv3 180 Section III: SNMPv3
PAGE 181
Section IV Spanning Tree Protocols This section has the following chapter:  Section IV: Spanning Tree Protocols Chapter 12, “Spanning Tree and Rapid Spanning Tree Protocols” on page 183 181
PAGE 182
Section IV: Spanning Tree Protocols
PAGE 183
Chapter 12 Spanning Tree and Rapid Spanning Tree Protocols This chapter explains how to configure STP and RSTP.
PAGE 184
Chapter 12: Spanning Tree and Rapid Spanning Tree Protocols Enabling or Disabling a Spanning Tree Protocol To enable or disable a spanning tree protocol on the switch or to select the active spanning tree protocol: 1. From the Home page, click the Configuration button. 2. From the Configuration menu, click the Layer 2 button. 3. Select the Spanning Tree tab, shown in Figure 70. Figure 70. Spanning Tree Tab 4.
PAGE 185
AT-S63 Management Software Web Browser User’s Guide 6. Click the Apply button. Your changes are immediately implemented on the stack. 7. To save your changes in the master configuration file, click the Save Config button in the Configuration menu. 8. If you activated STP, go to “Configuring STP” on page 186. If you activated RSTP go to Step “Configuring RSTP” on page 196.
PAGE 186
Chapter 12: Spanning Tree and Rapid Spanning Tree Protocols Configuring STP This section contains the following procedures:  ”Configuring the STP Bridge Settings”, next  “Configuring the STP Port Settings” on page 190  “Displaying the STP Settings” on page 192  “Restoring the STP Default Settings” on page 194 Caution The default settings for the STP parameters are adequate for most networks.
PAGE 187
AT-S63 Management Software Web Browser User’s Guide 4. Click the Configure button to display the Configure STP Parameters tab shown in Figure 71. Figure 71. Configure STP Parameters Tab Note The Defaults button restores the default values to all of the STP settings in the stack.
PAGE 188
Chapter 12: Spanning Tree and Rapid Spanning Tree Protocols 5. Configure the STP parameters, described in Table 30, as needed. Table 30. STP Parameters Parameter 188 Definition Bridge Priority Specifies the priority number for the bridge. This number is used in determining the root bridge for STP. The bridge with the lowest priority number is selected as the root bridge. If two or more bridges have the same priority value, the bridge with the numerically lowest MAC address becomes the root bridge.
PAGE 189
AT-S63 Management Software Web Browser User’s Guide Table 30. STP Parameters Parameter Bridge Max Age (continued) Definition In selecting a value for maximum age, the following rules must be observed: MaxAge must be greater than (2 x (HelloTime + 1)) MaxAge must be less than (2 x (ForwardingDelay - 1)) Note The aging time for BPDUs is different from the aging time used by the MAC address table. Section IV: Spanning Tree Protocols Bridge Identifier Specifies the MAC address of the bridge.
PAGE 190
Chapter 12: Spanning Tree and Rapid Spanning Tree Protocols Table 31. Bridge Priority Value Increments Bridge Priority Increment Bridge Priority Increment 0 0 8 32768 1 4096 9 36864 2 8192 10 40960 3 12288 11 45056 4 16384 12 49152 5 20480 13 53248 6 24576 14 57344 7 28672 15 61440 6. After you have changed the parameters, click the Apply button. 7. To save your changes in the master configuration file, click the Save Config button in the Configuration menu.
PAGE 191
AT-S63 Management Software Web Browser User’s Guide 5. Configure the STP port parameters, described in Table 32, as needed. Table 32. STP Port Settings Parameter Definition Port Priority Specifies the port priority. This parameter is used as a tie breaker when two or more ports have equal costs to the root bridge. The range is 0 to 240 in increments of 16. The default value is 8 (priority value 128). For a list of the increments, refer to Table 33. Port Cost Specifies the port cost.
PAGE 192
Chapter 12: Spanning Tree and Rapid Spanning Tree Protocols Displaying the STP Settings To display the STP settings: 1. From the Home page, click the Monitoring button. 2. From the Monitoring menu, click the Layer 2 button. 3. Click the Spanning Tree tab to display the Spanning Tree tab in Figure 73. Figure 73.
PAGE 193
AT-S63 Management Software Web Browser User’s Guide 4. Click View button to display the Monitor STP Parameters tab in Figure 74. Figure 74. STP Parameters Tab (Monitoring) 5. To view the port settings, use the Stack ID pull-down menu in the switch image to select the ID number of switch you want to view and click the Apply button. You can view only one switch at a time. 6. In the switch image click the port you want to view. A selected port turns white. To deselect a port, click it again.
PAGE 194
Chapter 12: Spanning Tree and Rapid Spanning Tree Protocols Figure 75. STP Settings Window The columns in the STP Settings window are described in this table: Table 34. STP Port Settings Column Definition Port Displays the port number. State Displays the current state of a port. The possible states are Listening, Learning, Forwarding, or Blocking when spanning tree is enabled on the switch. When spanning tree is not enabled on the switch or if a port is not being used, its state will be disabled.
PAGE 195
AT-S63 Management Software Web Browser User’s Guide 6. Click the Defaults button to restore the default values to the STP settings in the stack. 7. To save your changes in the master configuration file, click the Save Config button in the Configuration menu.
PAGE 196
Chapter 12: Spanning Tree and Rapid Spanning Tree Protocols Configuring RSTP This section contains the following procedures:  ”Configuring the RSTP Bridge Settings”, next  “Configuring the RSTP Port Settings” on page 200  “Displaying RSTP Settings” on page 202  “Restoring the RSTP Default Settings” on page 204 Caution The bridge provides default RSTP parameters that are adequate for most networks.
PAGE 197
AT-S63 Management Software Web Browser User’s Guide 4. Click the Configure button to display the Configure RSTP Bridge Parameters tab shown in Figure 76. Figure 76. Configure RSTP Parameters Tab 5. Configure the parameters, described in Table 35, as needed. Table 35. RSTP Parameters Parameter Force Version Section IV: Spanning Tree Protocols Definition Specifies whether the bridge operates with RSTP or in an STP-compatible mode.
PAGE 198
Chapter 12: Spanning Tree and Rapid Spanning Tree Protocols Table 35. RSTP Parameters Parameter 198 Definition Bridge Priority Specifies the priority number for the bridge. This number is used in determining the root bridge for RSTP. The bridge with the lowest priority number is selected as the root bridge. If two or more bridges have the same priority value, the bridge with the numerically lowest MAC address becomes the root bridge.
PAGE 199
AT-S63 Management Software Web Browser User’s Guide Table 35. RSTP Parameters Parameter Bridge Max Age (continued) Definition When selecting a value for maximum age, observe the following rules: MaxAge must be greater than (2 x (HelloTime + 1)). MaxAge must be less than (2 x (ForwardingDelay - 1)) Bridge Identifier Specifies the MAC address of the bridge. The bridge identifier is used as a tie breaker in the selection of the root bridge when two or more bridges have the same bridge priority value.
PAGE 200
Chapter 12: Spanning Tree and Rapid Spanning Tree Protocols Configuring the RSTP Port Settings To configure the RSTP port parameters: 1. Perform steps 1 to 4 in “Configuring the RSTP Bridge Settings” on page 196 to display the Spanning Tree tab. 2. Use the Stack ID pull-down menu in the switch image to select the ID number of the switch you want to configure and click the Apply button. You can configure only one switch at a time. 3. In the switch image click the port you want to configure.
PAGE 201
AT-S63 Management Software Web Browser User’s Guide Table 36. RSTP Port Parameters Parameter Definition Port Cost Specifies the port cost. The spanning tree algorithm uses the cost parameter to decide which port provides the lowest cost path to the root bridge for that LAN. The range is 0 to 20,000,000. The default setting is Automatic detect, which sets port cost depending on the speed of the port.
PAGE 202
Chapter 12: Spanning Tree and Rapid Spanning Tree Protocols Displaying RSTP Settings To display the RSTP parameter settings: 1. From the Home page, click the Monitoring button. 2. From the Monitoring menu, click the Layer 2 button. 3. Select the Spanning Tree tab, shown in Figure 73 on page 192. 4. Click the View button to display the Monitor RSTP Parameters tab in Figure 78. Figure 78. Monitor RSTP Parameters Tab 5.
PAGE 203
AT-S63 Management Software Web Browser User’s Guide Figure 79. RSTP Port Status Window The columns in the RSTP Port Status window are described here. Table 37. RSTP Port Status Window Column Definition Port Displays the port number. State Displays the RSTP state of the port. The possible states for a port connected to another device running RSTP are Discarding and Forwarding. The possible states for a port connected to a device running STP are Listening, Learning, Forwarding, and Blocking.
PAGE 204
Chapter 12: Spanning Tree and Rapid Spanning Tree Protocols Table 37. RSTP Port Status Window Column Definition Edge-Port Displays whether or not the port is operating as an edge port. The possible settings are Yes and No. P2P Displays whether or not the port is functioning as a point-to-point port. The possible settings are Yes and No. Version Displays whether the port is operating in the RSTP mode or the STP-compatible mode. Port Cost Displays the port cost of the port.
PAGE 205
AT-S63 Management Software Web Browser User’s Guide 7. To save your changes in the master configuration file, click the Save Config button in the Configuration menu.
PAGE 206
Chapter 12: Spanning Tree and Rapid Spanning Tree Protocols 206 Section IV: Spanning Tree Protocols
PAGE 207
Section V Virtual LANs This section has the following chapter:  Section V: VLANs Chapter 13, “Port-based and Tagged VLANs” on page 209 207
PAGE 208
Section V: VLANs
PAGE 209
Chapter 13 Port-based and Tagged VLANs The procedures in this chapter are used to create, modify, and delete portbased and tagged VLANs.
PAGE 210
Chapter 13: Port-based and Tagged VLANs Creating New Port-Based or Tagged VLANs To create a new port-based or tagged VLAN: 1. From the Home page, click the Configuration button. 2. From the Configuration menu, click the Layer 2 button. 3. Click the VLAN tab, shown in Figure 81. Figure 81.
PAGE 211
AT-S63 Management Software Web Browser User’s Guide Note Do not change the VLAN Mode parameter from User Configured. Although the AT-9400 Switches can support a variety of VLAN modes when they are used as stand-alone units, when assembled into a stack they only support just that mode. Furthermore, do not enter a value for the Uplink Port parameter because it is not used in the User Configured mode. The VLAN List section of the tab lists the VLANs in the stack: Table 38.
PAGE 212
Chapter 13: Port-based and Tagged VLANs Table 38. VLAN Tab Column Definition Member Ports (Continued) If you are using 802.1x and assigned a Guest VLAN to an authenticator port or associated a VLAN to an 802.1x supplicant on the authentication server, an untagged port can be in different VLAN than the virtual LAN where it was originally assigned.
PAGE 213
AT-S63 Management Software Web Browser User’s Guide Note Stacks do not use the Type or Protocol parameter. 5. Click the VID field and enter an ID number for the VLAN. The range is 2 to 4096. The default is the next available VID number in the stack. 6. Click the Name field and enter a name of up to fifteen alphanumeric characters for the new VLAN. To make the VLAN easy to identify, select a name that reflects the function of the user’s of the VLAN (for example, Sales or Accounting).
PAGE 214
Chapter 13: Port-based and Tagged VLANs Adding or Removing VLAN Ports This procedure is used to add or remove ports from tagged or untagged VLANs. Here are a few guidelines:  You cannot change the VID of a VLAN. If you need to change a VLAN’s ID number, you have to delete and recreate the VLAN.  To change the name of a VLAN, you have to use the command line commands.  A port that is set to the supplicant or authenticator role in 802.
PAGE 215
AT-S63 Management Software Web Browser User’s Guide 6. Use the stack ID pull-down menu in the switch image to select the ID number of a switch that has ports you want to add or remove from the VLAN, and click the Apply button. (If the switch is already displayed, skip this step.) 7. In the switch image click the ports you want to add or remove from the VLAN. Clicking a port toggles it through the settings in Table 39. Table 39.
PAGE 216
Chapter 13: Port-based and Tagged VLANs Deleting VLANs This procedure is used to delete port-based and tagged VLANs from a stack. Here are a few guidelines:  You cannot delete the Default_VLAN.  To delete a VLAN that has one or more routing interfaces, you have to delete the routing interfaces first. Deleting a routing interface has to be performed from the command line commands.  All of the untagged ports in a deleted VLAN are returned to the Default_VLAN as untagged ports.
PAGE 217
AT-S63 Management Software Web Browser User’s Guide Displaying VLANs To display the VLANs from an operator session: 1. From the Home page, click the Monitoring button. 2. From the Monitoring menu, click the Layer 2 button. 3. Click the VLAN tab shown in Figure 84. Figure 84. VLAN Tab (Monitoring) Refer to Table 38 on page 211 for information about this tab.
PAGE 218
Chapter 13: Port-based and Tagged VLANs 218 Secton V: Virtual LANs
PAGE 219
Section VI Port Security This section has this chapter:  Section VI: Port Security Chapter 14, “802.
PAGE 220
Section VI: Port Security
PAGE 221
Chapter 14 802.1x Port-based Network Access Control This chapter contains instructions on how to configure the 802.1x Portbased Network Access Control feature on the stack. The chapter contains the following sections:  “Setting the Port Roles” on page 222  “Enabling or Disabling 802.
PAGE 222
Chapter 14: 802.1x Port-based Network Access Control Setting the Port Roles To set the authenticator or supplicant roles on the ports in the stack: 1. From the Home page, click the Configuration button. 2. From the Configuration menu, click the Network Security button to display the 802.1x Port Access tab shown in Figure 85. Figure 85. 802.1x Port Access Tab The roles of the ports are displayed in the image of the switch. An “A” indicates an authenticator port and an “S” a supplicant port.
PAGE 223
AT-S63 Management Software Web Browser User’s Guide 4. Click the port that you want to configure. A selected port turns white. You can configure more than one port at a time. 5. Click the Port Role button to display the popup window in Figure 86. Figure 86. Port Role Configuration Window 6. Select the new role for the port. A port can have only one port role at a time. The port role are described in this table. Table 40. 802.1 Port Roles Port Role Definition None The port does not participate in 802.
PAGE 224
Chapter 14: 802.1x Port-based Network Access Control Enabling or Disabling 802.1x Port-based Network Access Control To enable or disable 802.1x Port-based Network Access Control: 1. From the Home page, click the Configuration button. 2. From the Configuration menu, click the Network Security button to display the 802.1x Port Access tab shown in Figure 85 on page 222. 3. Click the Enable Port Access check box.
PAGE 225
AT-S63 Management Software Web Browser User’s Guide Configuring the Authenticator Port Parameters Note A port must be set to the authenticator role before you can configure its parameters. For instructions, refer to “Setting the Port Roles” on page 222. To configure the 802.1x parameters on authenticator ports: 1. From the Home page, click the Configuration button. 2. From the Configuration menu, click the Network Security button to display the 802.1x Port Access tab in Figure 85 on page 222. 3.
PAGE 226
Chapter 14: 802.1x Port-based Network Access Control 6. Configure the parameters and click the Apply button. The parameters are described in this table. Table 41. 802.1 Authenticator Port Parameters Parameter Authenticator Mode Definition Sets the authenticator mode of an authenticator port. This parameter has the following values: 802.1x - Specifies 802.1x username and password authentication.
PAGE 227
AT-S63 Management Software Web Browser User’s Guide Table 41. 802.1 Authenticator Port Parameters Parameter Definition Supplicant Mode (continued) Multiple - Configures the port to accept up to 20 authentications. Every client using an authenticator port in this mode must have a username and password. Port Control The possible settings are: Auto - Activates 802.
PAGE 228
Chapter 14: 802.1x Port-based Network Access Control Table 41. 802.1 Authenticator Port Parameters Parameter 228 Definition Max Requests Specifies the maximum number of times that the switch retransmits an EAP Request packet to the client before it times out the authentication session. The default value for this parameter is 2 retransmissions. The range is 1 to 10 retransmissions.
PAGE 229
AT-S63 Management Software Web Browser User’s Guide Table 41. 802.1 Authenticator Port Parameters Parameter Definition Server Timeout Sets the timer used by the switch to determine authentication server timeout conditions. The default value for this parameter is 30 seconds. The range is 1 to 600 seconds. Control Direction Specifies how the port handles ingress and egress broadcast and multicast packets when in the unauthorized state.
PAGE 230
Chapter 14: 802.1x Port-based Network Access Control Table 41. 802.1 Authenticator Port Parameters Parameter VLAN Assignment Definition Controls whether an authenticator port uses the VLAN assignments returned by a RADIUS server. Options are: Enabled - Specifies that the authenticator port is to use the VLAN assignment returned by the RADIUS server when a supplicant logs on. This is the default setting. The port automatically moves to the designated VLAN after the supplicant successfully logs on.
PAGE 231
AT-S63 Management Software Web Browser User’s Guide Table 41. 802.1 Authenticator Port Parameters Parameter Guest VLAN Definition Specifies the VID of a Guest VLAN. The authenticator port is a member of a Guest VLAN when no supplicant is logged on. Clients do not log on to access a Guest VLAN. You can specify a Guest VLAN by either its name or VID. To remove a Guest VLAN without assigning a new one, delete the name or VID of the assigned VLAN. 7.
PAGE 232
Chapter 14: 802.1x Port-based Network Access Control Configuring the Supplicant Port Parameters Note A port must be set to the supplicant role before you can configure its parameters. For instructions, refer to “Setting the Port Roles” on page 222. To configure the 802.1x parameters on supplicant ports: 1. From the Home page, click the Configuration button. 2. From the Configuration menu, click the Network Security button to display the 802.1x Port Access tab in Figure 85 on page 222. 3.
PAGE 233
AT-S63 Management Software Web Browser User’s Guide 6. Configure the parameters and click the Apply button: The parameters are described in this table Table 42. Supplicant Port Parameters Parameter Section VI: Port Security Definition Auth Period Specifies the period of time in seconds that the supplicant waits for a reply from the authenticator after sending an EAPResponse frame. The range is 1 to 300 seconds. The default is 30 seconds.
PAGE 234
Chapter 14: 802.1x Port-based Network Access Control Table 42. Supplicant Port Parameters Parameter User Password Definition Specifies the password for the switch port. The port sends the password to the authentication server for verification when the port logs on to the network. The password can be from 1 to 16 alphanumeric characters (A to Z, a to z, 1 to 9). Do not use spaces or special characters, such as asterisks or exclamation points. The password is case sensitive. 7.
PAGE 235
AT-S63 Management Software Web Browser User’s Guide Displaying the Port Parameters and Port Status To display the parameters or the status of authenticator and supplicant ports: 1. From the Home page, select the Monitoring button. 2. From the Configuration menu, click the Network Security button to display the 802.1x Port Access tab shown in Figure 89. Figure 89. 802.1x Port Access Tab (Monitoring) The port roles are display in the switch image.
PAGE 236
Chapter 14: 802.1x Port-based Network Access Control 4. To view the parameter settings of an authenticator or supplicant port, click the port and click the Settings button. You can view more than one port at a time. The authenticator parameters are described in Table 41 on page 226 and the supplicant parameters in Table 42 on page 233. 5. To view the status of an authenticator or supplicant port, click the port and the Status button. You can display the status of more than one port at a time.
PAGE 237
AT-S63 Management Software Web Browser User’s Guide Table 43. 802.1x Port Status Window Column Status (continued) Definition The possible states of supplicant ports are listed here: Acquired Authenticated Authenticating Connecting Disconnected Held Logoff Additional Info Section VI: Port Security This field displays the MAC address of an authenticated node after the node has been authenticated by the RADIUS server.
PAGE 238
Chapter 14: 802.1x Port-based Network Access Control Configuring RADIUS Accounting To configure RADIUS accounting: 1. From the Home page, click the Configuration button. 2. From the Configuration menu, click the Network Security button to display the 802.1x Port Access tab shown in Figure 85 on page 222. 3. Configure the parameters in the Configure RADIUS Accounting section of the tab and click the Apply button. The parameters are described in this table. Table 44.
PAGE 239
AT-S63 Management Software Web Browser User’s Guide Table 44. Configure RADIUS Accounting Section Parameter Update Interval Definition Specifies the intervals at which the switch sends interim accounting updates to the RADIUS server. The range is 30 to 300 seconds. The default is 60 seconds. 4. To save your changes in the master configuration file, click the Save Config button in the Configuration menu.
PAGE 240
Chapter 14: 802.1x Port-based Network Access Control Displaying the RADIUS Accounting Settings To display the RADIUS accounting settings: 1. From the Home page, click the Monitoring button. 2. From the Configuration menu, click the Network Security button to display the 802.1x Port Access tab shown in Figure 85 on page 222. The information in the RADIUS Accounting section of the tab is described in this table. Table 45. 802.
PAGE 241
Index Numerics E 802.
PAGE 242
Index M MAC address aging time changing 69 MAC address table, displaying 62 MAC addresses adding 65 deleting dynamic 68 deleting multicast 67 displaying 62 max age Rapid Spanning Tree Protocol (RSTP) 198 Spanning Tree Protocol (STP) 188, 189 max requests 228 max start 233 maximum multicast groups configuring 126 MCHECK 201 MDI/MDIX mode 40, 45 multicast groups, maximum configuring 126 multicast host topology configuring 124 multicast MAC address adding 65 deleting 67 displaying 62 multicast rate limiting 4
PAGE 243
AT-S63 Management Software Web Browser User’s Guide modifying 56 SNMPv3 Access Table entry creating 144 deleting 148 displaying 174 modifying 148 SNMPv3 Community Table entry creating 168 deleting 170 displaying 179 modifying 170 SNMPv3 Notify Table entry creating 154 deleting 156 displaying 176 modifying 156 SNMPv3 SecurityToGroup Table entry creating 150 deleting 152 displaying 175 modifying 153 SNMPv3 Target Address Table entry creating 158 deleting 160 displaying 177 modifying 161 SNMPv3 Target Paramet
PAGE 244
Index 244