Management Software AT-S63 Web Browser Interface User’s Guide AT-9400 Series Layer 2+ Gigabit Ethernet Switches Version 1.2.
Copyright © 2005 Allied Telesyn, Inc. All rights reserved. No part of this publication may be reproduced without prior written permission from Allied Telesyn, Inc. Microsoft and Internet Explorer are registered trademarks of Microsoft Corporation. Netscape Navigator is a registered trademark of Netscape Communications Corporation. All other product names, company names, logos or other designations mentioned herein are trademarks or registered trademarks of their respective owners. Allied Telesyn, Inc.
Contents Preface ............................................................................................................................................................ 17 How This Guide is Organized........................................................................................................................... 18 Document Conventions ....................................................................................................................................
Contents Chapter 5: Port Parameters .......................................................................................................................... 77 Configuring Port Parameters ............................................................................................................................ 78 Displaying Port Status....................................................................................................................................... 85 Displaying Port Statistics .....
AT-S63 Management Software Web Browser Interface User’s Guide Chapter 13: Access Control Lists .............................................................................................................. 171 Configuring an Access Control List ................................................................................................................ 172 Modifying an Access Control List ...................................................................................................................
Contents Configuring the SNMPv3 SecurityToGroup Table ..........................................................................................257 Creating a SecurityToGroup Table Entry .................................................................................................257 Deleting a SecurityToGroup Table Entry..................................................................................................260 Modifying a SecurityToGroup Table Entry............................................
AT-S63 Management Software Web Browser Interface User’s Guide Displaying the MSTP Port Configuration ........................................................................................................ 337 Displaying the MSTP Port Status ................................................................................................................... 340 Resetting MSTP to the Default Settings .........................................................................................................
Contents Chapter 27: Secure Shell (SSH) ..................................................................................................................425 Configuring SSH .............................................................................................................................................426 Displaying the SSH Settings ...........................................................................................................................
Figures Chapter 1: Starting a Web Browser Management Session ....................................................................... 27 Figure 1: Entering a Switch’s IP Address in the URL Field .............................................................................. 28 Figure 2: AT-S63 Login Page ........................................................................................................................... 29 Figure 3: Home page.............................................................
Figures Figure 36: Port Mirroring Tab (Monitoring)......................................................................................................120 Chapter 9: File System ................................................................................................................................125 Figure 37: File System Tab (Configuration) ....................................................................................................127 Figure 38: List Files Page ..........................
AT-S63 Management Software Menus Interface User’s Guide Chapter 16: Denial of Service Defense ...................................................................................................... 213 Figure 80: DoS Tab (Configuration) ............................................................................................................... 214 Figure 81: DoS Configuration for Ports Page .................................................................................................
Figures Figure 130: STP Settings Page ......................................................................................................................310 Figure 131: Configure RSTP Parameters Tab (Configuration) .......................................................................313 Figure 132: RSTP Settings - Port(s) Page ......................................................................................................315 Figure 133: Monitor RSTP Parameters Tab (Monitoring) ..................
AT-S63 Management Software Menus Interface User’s Guide Chapter 27: Secure Shell (SSH) ................................................................................................................. 425 Figure 175: Secure Shell Tab (Configuration) ................................................................................................ 426 Figure 176: Secure Shell Tab (Monitoring).....................................................................................................
Figures 14
Tables Table 1: New Features in AT-S63 Version 1.2.0 .................................................................................................................22 Table 2: AT-S63 Software Modules ...................................................................................................................................147 Table 3: Event Severity Levels ..........................................................................................................................................
Tables 16
Preface This guide contains instructions on how to configure and maintain an AT-9400 Series Layer 2+ Gigabit Ethernet switch using the web browser interface in the AT-S63 management software. For instructions on how to manage the switch from the menus or command line interface, refer to the AT-S63 Management Software Menus Interface User’s Guide or the AT-S63 Management Software Command Line Interface User’s Guide. The guides are available from the Allied Telesyn web site.
Preface How This Guide is Organized This guide is organized into the following sections Section I: Basic Operations The chapters in this section explain how to start a management session and perform basic tasks including how to configure port parameters, set up SNMPv1 and SNMPv2c, access enhanced stacking, and create port trunks and a port mirror.
AT-S63 Management Software Web Browser Interface User’s Guide Document Conventions This document uses the following conventions: Note Notes provide additional information. Caution Cautions inform you that performing or omitting a specific action may result in equipment damage or loss of data. Warning Warnings inform you that performing or omitting a specific action may result in bodily injury.
Preface Where to Find Web-based Guides The installation and user guides for all Allied Telesyn products are available in portable document format (PDF) on our web site at www.alliedtelesyn.com. You can view the documents online or download them onto a local workstation or server.
AT-S63 Management Software Web Browser Interface User’s Guide Contacting Allied Telesyn This section provides Allied Telesyn contact information for technical support as well as sales and corporate information. Online Support You can request technical support online by accessing the Allied Telesyn Knowledge Base: http://kb.alliedtelesyn.com. You can use the Knowledge Base to submit questions to our technical support staff and review answers to previously asked questions.
Preface New Features in AT-S63 Version 1.2.0 Table 1 lists the new features in version 1.2.0 of the AT-S63 management software and includes pages references to the relevant procedures. (Only one of the new features in version 1.2.0, the Supplicant Mode parameter for 802.1x authenticator ports, is supported in the web browser interface.) Table 1. New Features in AT-S63 Version 1.2.
AT-S63 Management Software Web Browser Interface User’s Guide Table 1. New Features in AT-S63 Version 1.2.0 Change Chapter and Procedure Quality of Service - Policies Added the following new parameters to QoS policies: ToS, Move ToS to Priority, and Move Priority to ToS, as defined above. Send to Mirror Port parameter for copying traffic to a destination mirror port. (This parameter applies only to QoS policies.
Preface 24
Section I Basic Operations The chapters in this section provide information and procedures for basic switch setup using the AT-S63 management software.
Section I: Basic Operations
Chapter 1 Starting a Web Browser Management Session This chapter contains the procedure for starting, using, and quitting a web browser management session on an AT-9400 Series switch.
Chapter 1: Starting a Web Browser Management Session Establishing a Remote Connection to Use the Web Browser Interface To establish a web browser management session with an AT-9400 Series switch, the switch must be part of an enhanced stack or it must have an IP address and subnet mask. If the switch is part of an enhanced stack, such as a slave switch, start the web browser management session on the stack’s master switch.
AT-S63 Management Software Web Browser Interface User’s Guide The AT-S63 management software displays the login page, shown in Figure 2. Figure 2. AT-S63 Login Page 3. Enter a user name and password. For manager access, enter “manager” as the user name. The default password is “friend.” For operator access, enter “operator” as the user name. The default password is “operator.” Login names and passwords are casesensitive.
Chapter 1: Starting a Web Browser Management Session The main menu is on the left side of the home page. It consists of the following selections: Enhanced Stacking Configuration Monitoring Logout Note The Enhanced Stacking selection is included in the menu only if the switch you accessed is a master switch. A web browser management session remains active even if you link to other sites. You can return to the management web pages anytime as long as you do not quit the browser.
AT-S63 Management Software Web Browser Interface User’s Guide Web Browser Tools You can use the web browser tools to move around the management pages. Selecting Back on your browser’s toolbar returns you to the previous display. You can also use the browser’s bookmark feature to save the link to the switch.
Chapter 1: Starting a Web Browser Management Session Saving Your Parameter Changes When you make a change to a switch parameter, the change is, in most cases, immediately activated as soon as you click the Apply button on the web page. However, a change to a switch parameter is initially saved only to temporary memory. It is lost the next time you reset or power cycle the unit. To permanently save a change, you must click the Save Config option on the Configuration menu, shown in Figure 4.
AT-S63 Management Software Web Browser Interface User’s Guide Quitting a Web Browser Management Session To exit a web browser management session, select the Logout option from the main menu.
Chapter 1: Starting a Web Browser Management Session Ports 23R and 24R on the AT-9424T/GB, AT-9424T/SP, and AT-9424Ti/SP Series Switches This section applies to the twisted pair ports 23R and 24R and the SFP and GBIC slots on the AT-9424T/GB, AT-9424T/SP, and AT-9424Ti/SP Series switches. Note the following when configuring these ports: 34 Twisted pair ports 23R and 24R change to the redundant status mode when an SFP or GBIC module is installed and establishes a link with its end node.
AT-S63 Management Software Web Browser Interface User’s Guide Web Browser Interface Restrictions The following management tasks of the AT-S63 management software are not support in the web browser interface. These functions must be performed from the menus interface or the command line interface.
Chapter 1: Starting a Web Browser Management Session 36 Section I: Basic Operations
Chapter 2 Basic Switch Parameters This chapter contains the following sections: Section I: Basic Operations “Configuring an IP Address and Switch Name” on page 38 “Activating the BOOTP or DHCP Client Software” on page 41 “Displaying System Information” on page 42 “Configuring the Manager and Operator Passwords” on page 44 “Rebooting a Switch” on page 46 “Setting the System Date and Time” on page 47 “Pinging a Remote System” on page 50 “Returning the AT-S63 Management Softw
Chapter 2: Basic Switch Parameters Configuring an IP Address and Switch Name Note For guidelines about when to assign an IP address, subnet address, and gateway address to an AT-9400 Series switch, refer to “When Does a Switch Need an IP Address?” in Chapter 3, “Basic Switch Parameters,” in the AT-S63 Management Software Menus Interface User’s Guide. To set basic switch parameters for an AT-9400 Series switch, perform the following procedure: 1. From the home page, select Configuration.
AT-S63 Management Software Web Browser Interface User’s Guide Note This procedure describes the parameters in the Administration section of the tab. The Passwords section is described in “Configuring the Manager and Operator Passwords” on page 44. The BOOTP/DHCP parameters are described in “Activating the BOOTP or DHCP Client Software” on page 41. The MAC Address Aging Time parameter is described in “Changing the Aging Time” on page 101. Note The Reset button resets the switch.
Chapter 2: Basic Switch Parameters Note The following three parameters are used to manually assign the switch an IP address, subnet mask, and default gateway. An alternative method to configuring these parameters is with a DHCP or BOOTP server, which can assign values to these parameters automatically. See “Activating the BOOTP or DHCP Client Software” on page 41, and information in Chapter 3, “Basic Switch Parameters” in the AT-S63 Management Software Menus Interface User’s Guide.
AT-S63 Management Software Web Browser Interface User’s Guide Activating the BOOTP or DHCP Client Software For background information on BOOTP and DHCP, refer to Chapter 3, “Basic Switch Parameters,” in the AT-S63 Management Software Menus Interface User’s Guide. To activate or deactivate the BOOTP or DHCP client software on the switch from a web browser management session, perform the following procedure: 1. From the home page, select Configuration.
Chapter 2: Basic Switch Parameters Displaying System Information To view basic information about the switch, perform the following procedure: 1. From the Home page, select Monitoring. The Monitoring System page is displayed with the General tab selected by default, as shown in Figure 6. Figure 6. General Tab (Monitoring) The General section displays the following information: System Name The name of the switch. Administrator The name of the network administrator responsible for managing the switch.
AT-S63 Management Software Web Browser Interface User’s Guide Comments The location of the switch, (for example, 4th Floor - rm 402B). BOOTP/DHCP The status of the BOOTP and DHCP client software. If enabled, the switch is obtaining its IP information from a BOOTP or DHCP server on the network. MAC Address Aging Time The time interval an inactive dynamic MAC address can remain in the MAC address table before it is deleted. IP Address The switch’s IP address. Subnet Mask The switch’s subnet mask.
Chapter 2: Basic Switch Parameters Configuring the Manager and Operator Passwords There are two levels of management access on an AT-9400 Series switch: manager and operator. When you log in as a manager, you can view and configure all of a switch’s operating parameters. When you log in as an operator, you can only view the operating parameters; you cannot change any values. You log in as a manager or an operator by entering the appropriate username and password when you start an AT-S63 management session.
AT-S63 Management Software Web Browser Interface User’s Guide Operator Password Confirm Operator Password Use these parameters to change the operator’s login password for the switch. The password can be from 0 to 16 characters in length. The same password is used for both local and remote management sessions. To create a new password, enter the new password into both fields. The default password for operator is “operator.” The password is case sensitive.
Chapter 2: Basic Switch Parameters Rebooting a Switch Note Any parameters changes that have not been saved are discarded when a system is reset. To save parameter changes, refer to “Saving Your Parameter Changes” on page 32. To reboot a switch, perform the following procedure: 1. From the home page, select Configuration. The System page is displayed with the General tab selected by default, as shown in Figure 5 on page 38. 2. Click Reset at the bottom of the tab. A confirmation prompt is displayed. 3.
AT-S63 Management Software Web Browser Interface User’s Guide Setting the System Date and Time This procedure explains how to set the switch’s date and time. Setting the date and time is important if you plan to view the events in the switch’s event log or send the events to a syslog server. The correct date and time are also important if the management software will be sending traps to your management workstation or if you plan to create a self-signed SSL certificate.
Chapter 2: Basic Switch Parameters The System Time tab is shown in Figure 7. Figure 7. System Time Tab 3. To set the system time manually, do the following: a. In the System Time section of the tab, enter the time and date in the following format. hh:mm:ss dd-mm-yyyy b. Click Apply. 4. To configure the switch to obtain its date and time from an SNTP or NTP server on your network or the Internet, configure the following options: UTC Offset Specifies the difference between the UTC and local time.
AT-S63 Management Software Web Browser Interface User’s Guide Daylight Savings Time (DST) Enables or disables the system’s adjustment for daylight savings time. The default is enabled. Note The switch does not set DST automatically. If the switch is in a locale that uses DST, you must remember to enable this in April when DST begins and disable it in October when DST ends. If the switch is in a locale that does not use DST, this option should be set to disabled all the time.
Chapter 2: Basic Switch Parameters Pinging a Remote System You can instruct the switch to ping a node on your network. This procedure is useful in determining whether a valid link exists between the switch and another device. To ping a network device, perform the following procedure: 1. From the home page, select Monitoring. The Monitoring System page is displayed with the General tab selected by default, as shown in Figure 6 on page 42. 2. From the Monitoring menu, select the Utilities option.
AT-S63 Management Software Web Browser Interface User’s Guide The Ping Client tab is shown in Figure 9. Figure 9. Ping Client Tab (Monitoring) 4. Enter the IP address of the end node you want the switch to ping. 5. Click OK. The results of the ping are displayed in a popup window. 6. To stop the ping, click OK.
Chapter 2: Basic Switch Parameters Returning the AT-S63 Management Software to the Factory Default Values The procedure in this section returns all AT-S63 management software parameters to their default values. Please note the following before you perform this procedure: Returning all parameter settings to their default values also deletes any port-based or tagged VLANs you created on the switch. This procedure does not delete files from the AT-S63 file system.
AT-S63 Management Software Web Browser Interface User’s Guide Note The AT-S63 management software default values are listed in Appendix A, “AT-S63 Default Settings” in the AT-S63 Management Software Menus Interface User’s Guide. To return the AT-S63 management software to the default settings, perform the following procedure: 1. From the home page, select Configuration. The Configuring System page is displayed with the General tab selected by default, as shown in Figure 5 on page 38. 2.
Chapter 2: Basic Switch Parameters 5. Click OK to continue, or Cancel to cancel the procedure. If you select OK, the switch resets and returns all values to the default settings. After the reset is complete, you must reestablish your management session if you want to continue managing the unit. As mentioned at the start of this procedure, returning a switch to is default settings does not alter the contents of the active boot configuration file.
Chapter 3 Enhanced Stacking This chapter contains the following procedures for setting up enhanced stacking: “Setting a Switch’s Enhanced Stacking Status” on page 56 “Selecting a Switch in an Enhanced Stack” on page 58 “Returning to the Master Switch” on page 61 “Displaying the Enhanced Stacking Status” on page 62 Note For background information on enhanced stacking, refer to Chapter 4, “Enhanced Stacking,” in the AT-S63 Management Software Menus Interface User’s Guide.
Chapter 3: Enhanced Stacking Setting a Switch’s Enhanced Stacking Status The enhanced stacking status of the switch can be master, slave, or unavailable. Each status is described below: Master - A master switch of a stack can be used to manage other enhanced stacking switches in a subnet. After you have established a local or remote management session with the master switch, you can access and manage the other enhanced stacking switches in the subnet.
AT-S63 Management Software Web Browser Interface User’s Guide The System page is displayed with the General tab selected by default, as shown in Figure 5 on page 38. 2. From the Configuration menu, select the Mgmt. Protocols option. The Mgmt. Protocols page is displayed with the Server-based Authentication tab selected by default, as shown in Figure 177 on page 432. 3. Select the Enhanced Stacking tab. The Enhanced Stacking tab is shown in Figure 11. Figure 11. Enhanced Stacking Tab (Configuration) 4.
Chapter 3: Enhanced Stacking Selecting a Switch in an Enhanced Stack Before you perform any procedure on a switch in an enhanced stack, check to be sure that you are performing it on the correct switch. If you assigned system names to your switches, identifying your switches is easy. The AT-S63 management software displays the name of the switch being managed at the top of every management menu.
AT-S63 Management Software Web Browser Interface User’s Guide Figure 12. Stacking Switches Page Note The master switch on which you started the management session is not included in the list, nor are any switches with an enhanced stacking status of Unavailable. You can sort the switches in the list by switch name or MAC address by clicking on the column headers. By default, the list is sorted by MAC address. To refresh the list, click Refresh.
Chapter 3: Enhanced Stacking 4. Enter a user name and password for the switch when prompted. The home page of the selected switch is displayed. You can now manage the switch.
AT-S63 Management Software Web Browser Interface User’s Guide Returning to the Master Switch When you are finished managing a slave switch and want to manage another switch in the stack, return to the Home page of the switch and select Disconnect from the menu. This returns you to the Enhanced Stacking page in Figure 12 on page 59. When you see that page, you are again addressing the master switch from which you started the management session.
Chapter 3: Enhanced Stacking Displaying the Enhanced Stacking Status To display the enhanced stacking status of the switch, perform the following procedure: 1. From the Home page, select Monitoring. The Monitoring System page is displayed with the General tab selected by default, as shown in Figure 6 on page 42. 2. From the Monitoring menu, select the Mgmt. Protocols option. The Mgmt.
Chapter 4 SNMPv1 and SNMPv2c This chapter explains how to activate SNMP management on the switch and how to create, modify, and delete SNMPv1 and SNMPv2c community strings.
Chapter 4: SNMPv1 and SNMPv2c Enabling or Disabling SNMP Management To enable or disable SNMP management on the switch, perform the following procedure: 1. From the Home page, select Configuration. The System page is displayed with the General tab selected by default, as shown in Figure 5 on page 38. 2. From the Configuration menu, select the Mgmt. Protocols option. The Mgmt. Protocols page is displayed with the Server-based Authentication tab selected by default, as shown in Figure 177 on page 432. 3.
AT-S63 Management Software Web Browser Interface User’s Guide 4. Click the Enable SNMP Access checkbox to enable or disable SNMP management. A check in the box indicates that the feature is enabled, meaning that the switch can be managed from an SNMP management station. No check indicates that the feature is disabled. The default is disabled. 5. If you want the switch to send authentication failure traps, click the Enable Authentication Failure Traps checkbox.
Chapter 4: SNMPv1 and SNMPv2c Creating a New SNMPv1 and SNMPv2c Community To create a new SNMPv1 and SNMPv2c community, perform the following procedure: 1. From the Home page, select Configuration. The System page is displayed with the General tab selected by default, as shown in Figure 5 on page 38. 2. From the Configuration menu, select the Mgmt. Protocols option. The Mgmt. Protocols page is displayed with the Server-based Authentication tab selected by default, as shown in Figure 177 on page 432. 3.
AT-S63 Management Software Web Browser Interface User’s Guide The Add New SNMPv1 & SNMPv2c Community page is shown in Figure 16. Figure 16. Add New SNMPv1 & SNMPv2c Community Page 6. Configure the following parameters: Community Name Enter an SNMP community name that consists of up to 15 alphanumeric characters. Status Click Enable to enable the SNMP community. Click Disable to disable the SNMP community. Access Mode Click Read Only to allow read access to the SNMP community.
Chapter 4: SNMPv1 and SNMPv2c Manager IP Address 1 through Manager IP Address 8 Enter an IP Address of a switch that is permitted SNMP manager access to the current switch. You can enter up to eight Manager IP Addresses. Trap Receiver IP Address 1 through Trap Receiver IP Address 8 Use the above selections to specify the IP addresses of up to eight trap receivers on your network that can receive traps from the switch. 7. Click Apply. 8.
AT-S63 Management Software Web Browser Interface User’s Guide Modifying an SNMPv1 and SNMPv2c Community To modify an SNMPv1 and SNMPv2c community, perform the following procedure: 1. From the Home page, select Configuration. The System page is displayed with the General tab selected by default, as shown in Figure 5 on page 38. 2. From the Configuration menu, select the Mgmt. Protocols option. The Mgmt.
Chapter 4: SNMPv1 and SNMPv2c Figure 17. Modify SNMPv1 & SNMPv2c Community Page 6. Modify the following parameters: Community Name This field is not configurable from this page. It is the name of the SNMP community. Status Click Enable to enable the SNMP community. Click Disable to disable the SNMP community. Access Mode Click Read Only to allow read access to the SNMP community. Click Read-Write to allow read-write access to the SNMP community.
AT-S63 Management Software Web Browser Interface User’s Guide access to the current switch. You can enter up to 8 Manager IP Addresses. Trap Receiver IP Address 1 through Trap Receiver IP Address 8 Use the above selections to specify the IP addresses of up to 8 trap receivers on your network that can receive traps from the switch. 7. Click Apply. 8. From the Configuration menu, select the Save Config option to permanently save your changes. (This option is not displayed if there are no changes to save.
Chapter 4: SNMPv1 and SNMPv2c Deleting an SNMPv1 and SNMPv2c Community To delete an existing SNMPv1 and SNMPv2c community, perform the following procedure: 1. From the Home page, select Configuration. The System page is displayed with the General tab selected by default, as shown in Figure 5 on page 38. 2. From the Configuration menu, select the Mgmt. Protocols option. The Mgmt. Protocols page is displayed with the Server-based Authentication tab selected by default, as shown in Figure 177 on page 432. 3.
AT-S63 Management Software Web Browser Interface User’s Guide Displaying the SNMPv1 and SNMPv2c Communities To display the SNMPv1 and SNMPv2c communities, perform the following procedure: 1. From the Home page, select Monitoring. The Monitoring System page is displayed with the General tab selected by default, as shown in Figure 6 on page 42. 2. From the Monitoring menu, select the Mgmt. Protocols option. The Mgmt.
Chapter 4: SNMPv1 and SNMPv2c 4. In the SNMPv1 & SNMPv2c section, click View. The SNMPv1 & SNMPv2c Communities tab is shown in Figure 19. Figure 19. SNMPv1 & SNMPv2c Communities Tab (Monitoring) The SNMPv1 & SNMPv2c Communities tab displays a table that contains the following columns of information: Community Name The SNMP community name. Access Mode The access mode for access to that community. The possible settings are Read Only and Read/Write.
AT-S63 Management Software Web Browser Interface User’s Guide Status The community status, one of the following settings: Enabled - The community is enabled. Disabled - The community is disabled.
Chapter 4: SNMPv1 and SNMPv2c 76 Section I: Basic Operations
Chapter 5 Port Parameters This chapter explains how to view and change the parameter settings for the individual ports on a switch. Examples of the parameters that you can adjust include port speed and duplex mode.
Chapter 5: Port Parameters Configuring Port Parameters To configure the parameter settings of a port on the switch, perform the following procedure: 1. From the Home page, select Configuration. The System page is displayed with the General tab selected by default, as shown in Figure 5 on page 38. 2. From the Configuration menu, select the Layer 1 option. The Layer 1 page is displayed with the Port Settings tab selected by default, as shown in Figure 20. Figure 20. Port Settings Tab (Configuration) 3.
AT-S63 Management Software Web Browser Interface User’s Guide The Port Configuration page is shown Figure 21. Figure 21. Port Configuration Page 5. Configure the following parameters as necessary. Name Use this selection to assign a name to a port, from 1 to 15 alphanumeric characters. Spaces are allowed, but you should not use special characters, such as asterisks or exclamation points. (You cannot assign a name when you are configuring more than one port.
Chapter 5: Port Parameters Enabled - The port receives and forwards packets. This is the default setting. Disabled - The port does not receive or forward packets. Speed and Duplex You use this selection to configure a port for Auto-Negotiation or to manually set a port’s speed and duplex mode. If you select Auto-Negotiate for Auto-Negotiation, which is the default setting, the switch sets both speed and duplex mode for the port automatically.
AT-S63 Management Software Web Browser Interface User’s Guide Note A 10/100/1000Base-T twisted pair port can operate at 1000 Mbps only when set to Auto-Negotiation. You cannot manually configure a 10/100/1000Base-T twisted pair port to 1000 Mbps. MDI/MDIX Crossover The wiring configuration of a twisted pair port. This setting does not apply to fiber optic ports. The possible settings are: Auto - The port automatically configures itself as MDI or MDIX, depending upon the end node. This is the default.
Chapter 5: Port Parameters Enabled - The port discards egress unknown unicast packets. Disabled - The port forwards egress unknown unicast packets. This is the default setting. Ingress Unknown Multicast Filter Use this parameter to configure a port to forward or discard ingress unknown multicast packets. The possible settings are: Enabled - The port discards ingress unknown multicast packets. Disabled - The port forwards ingress unknown multicast packets. This is the default setting.
AT-S63 Management Software Web Browser Interface User’s Guide For further information about back pressure, refer to Chapter 6, “Port Parameters,” in the AT-S63 Management Software Menus Interface User’s Guide. Flow Control/Back Pressure Limit Use this parameter to specify the maximum number of ingress packets that a port receives within a one second period before initiating flow control or back pressure.A cell equals 128 bytes. The range is 1 to 7935. The default is 7935 cells.
Chapter 5: Port Parameters Multicast Rate Limiting Use this parameter to enable or disable ingress multicast packet limits. The possible settings are: Enabled - Multicast packet ingress rate limiting is enabled. Disabled - Multicast packet ingress rate limiting is disabled. This is the default. Multicast Rate Use this parameter to set the multicast rate limit in packets per second. The range is 0 to 262143. The default is 262143. 6. After you have made the desired changes, click Apply.
AT-S63 Management Software Web Browser Interface User’s Guide Displaying Port Status To display the status of a switch port, perform the following procedure: 1. From the Home page, select Monitoring. The Monitoring System page is displayed with the General tab selected by default, as shown in Figure 6 on page 42. 2. From the Monitoring menu, select the Layer 1 option. The Layer 1 page is displayed with the Port Settings tab selected by default, as shown in Figure 22. Figure 22.
Chapter 5: Port Parameters The Port Status page is shown in Figure 23. Figure 23. Port Status Page The Port Status page displays the following information: Name The name of the port. Status The status of the port, enabled or disabled. VLAN ID The VLAN identifier (VID) of the VLAN in which the port is an untagged member. Link Status The status of the link between the port and the end node connected to the port, up or down. Speed and Duplex The speed and duplex mode.
AT-S63 Management Software Web Browser Interface User’s Guide Ingress Unknown Unicast Filter Status of the filter on ingress unknown unicast packets. Ingress Unknown Multicast Filter Status of the filter on ingress unknown multicast packets. Flow Control Status of flow control, enabled or disabled. Flow Control/Back Pressure Limit The flow control/back pressure limit. Broadcast Rate Limiting The status of rate limiting on broadcast packets.
Chapter 5: Port Parameters Multicast Rate Limiting The status of multicast rate limiting, enabled or disabled. Multicast Rate The rate on multicast packets.
AT-S63 Management Software Web Browser Interface User’s Guide Displaying Port Statistics To display the statistics of a switch port, perform the following procedure: 1. From the Home page, select Monitoring. The Monitoring System page is displayed with the General tab selected by default, as shown in Figure 6 on page 42. 2. From the Monitoring menu, select the Layer 1 option.
Chapter 5: Port Parameters Bytes Sent Number of bytes transmitted from the port. Frames Received Number of frames received on the port. Frames Sent Number of frames transmitted from the port. Broadcast Frames Received Number of broadcast frames received on the port. Broadcast Frames Sent Number of broadcast frames transmitted from the port. Multicast Frames Received Number of multicast frames received on the port. Multicast Frames Sent Number of multicast frames transmitted from the port.
AT-S63 Management Software Web Browser Interface User’s Guide TXCollisions Number of transmit collisions. 5. To clear all the counters for the selected port, click Clear. To clear the counters for all ports on the switch, click Clear All.
Chapter 5: Port Parameters Resetting a Port to the Default Settings To reset a port to the default settings, perform the following procedure: 1. From the Home page, select Configuration. The System page is displayed with the General tab selected by default, as shown in Figure 5 on page 38. 2. From the Configuration menu, select the Layer 1 option. The Layer 1 page is displayed with the Port Settings tab selected by default, as shown in Figure 20 on page 78. 3.
Chapter 6 MAC Address Table This chapter contains instructions on how to add and view the dynamic and static addresses in the MAC address table of the switch.
Chapter 6: MAC Address Table Adding Static Unicast and Multicast MAC Addresses This section contains the procedure for assigning a static unicast or multicast address to a port on the switch. You can assign up to 255 static MAC addresses per port. To add a static address to the MAC address table, perform the following procedure: 1. From the Home page, select Configuration. The System page is displayed with the General tab selected by default, as shown in Figure 5 on page 38. 2.
AT-S63 Management Software Web Browser Interface User’s Guide 3. To add a static unicast address, in the View/Add Unicast MAC Addresses section, click Add. To add a static multicast address, in the View/Add Multicast MAC Addresses section, click Add. The Add MAC Address page is shown in Figure 26. Figure 26. Add MAC Address Page 4. Configure the following parameters as necessary. MAC Address The new static unicast or multicast MAC address.
Chapter 6: MAC Address Table Deleting Unicast and Multicast MAC Addresses To delete a static or dynamic unicast or multicast MAC address from the switch, perform the following procedure: 1. From the Home page, select Configuration. The System page is displayed with the General tab selected by default, as shown in Figure 5 on page 38. 2. From the Configuration menu, select the Layer 2 option. The Layer 2 page opens with the MAC Address tab selected by default, as shown in Figure 25 on page 94. 3.
AT-S63 Management Software Web Browser Interface User’s Guide Deleting All Dynamic MAC Addresses To delete all the dynamic MAC addresses, unicast or multicast, perform the following procedure: 1. From the Home page, select Configuration. The System page is displayed with the General tab selected by default, as shown in Figure 5 on page 38. 2. From the Configuration menu, select the Layer 2 option. The Layer 2 page opens with the MAC Address tab selected by default, as shown in Figure 25 on page 94. 3.
Chapter 6: MAC Address Table Displaying the MAC Address Tables To view the MAC address table, perform the following procedure: 1. From the Home page, select Monitoring. The Monitoring System page is displayed with the General tab selected by default, as shown in Figure 6 on page 42. 2. From the Monitoring menu, select the Layer 2 option. The Layer 2 page is displayed with the MAC Address tab displayed by default, as shown in Figure 27. Figure 27. MAC Address Tab (Monitoring) The tab contains two sections.
AT-S63 Management Software Web Browser Interface User’s Guide View All Displays all dynamic addresses learned on the ports of the switch and all static addresses that have been assigned to the ports. View Static Displays just the static addresses assigned to the ports on the switch. View Dynamic Displays only the dynamic addresses learned on the ports on the switch. View MAC Addresses on Port Displays the dynamic and static MAC addresses of a particular port. You can specify more than one port at a time.
Chapter 6: MAC Address Table Figure 28 shows an example of viewing all unicast MAC addresses. Figure 28. View MAC Addresses Page The View MAC Addresses page displays a table that contains the following columns of information: VLAN ID The ID number of the VLAN where the port is a member. MAC Address The static or dynamic unicast MAC address. Port(s) The port on which the address was learned or assigned. The MAC address with port “CPU” is the address of the switch.
AT-S63 Management Software Web Browser Interface User’s Guide Changing the Aging Time The switch uses the aging time to delete inactive dynamic MAC addresses from the MAC address table. When the switch detects that no packets have been sent to or received from a particular MAC address in the table after the period specified by the aging time, the switch deletes the address. This prevents the table from becoming full of addresses of nodes that are no longer active.
Chapter 6: MAC Address Table 102 Section I: Basic Operations
Chapter 7 Static Port Trunks This chapter contains the procedure for creating, modifying, or deleting a static port trunk. The sections in this chapter are: “Creating a Static Port Trunk” on page 104 “Modifying a Static Port Trunk” on page 107 “Deleting a Port Trunk” on page 109 “Displaying the Port Trunks” on page 110 Note For background information on static port trunking, refer to Chapter 8, “Static and LACP Port Trunks,” in the AT-S63 Management Software Menus Interface User’s Guide.
Chapter 7: Static Port Trunks Creating a Static Port Trunk Caution Do not connect the cables of a port trunk to the ports on the switch until after you have configured the ports on both the switch and the end node. Connecting the cables prior to configuring the ports can create loops in your network topology. Loops can result in broadcast storms, which can adversely effect the operation of your network.
AT-S63 Management Software Web Browser Interface User’s Guide The Port Trunking tab is shown in Figure 29 and displays any existing trunks in a table. Figure 29. Port Trunking Tab (Configuration) 4. Click Add. The Add New Trunk page is shown in Figure 30. Figure 30. Add New Trunk Page 5. Configure the following parameters as necessary. Trunk Name The name for the port trunk. The name can be up to 16 alphanumeric characters.
Chapter 7: Static Port Trunks exclamation points, are allowed. Each trunk must be given a unique name. Trunk Method Select a load distribution method. The possible settings are: SA - Source MAC address (Layer 2) DA - Destination MAC address (Layer 2) SA/DA - Source MAC address /destination MAC address (Layer 2) SI - Source IP address (Layer 3) DI - Destination IP address (Layer 3) SI/DI - Source IP address /destination IP address (Layer 3) 6. Click the ports that are to make up the static port trunk.
AT-S63 Management Software Web Browser Interface User’s Guide Modifying a Static Port Trunk This section contains the procedure for modifying a static port trunk on the switch. You can change the name of a trunk and the ports that constitute the trunk. You cannot change the load distribute method.
Chapter 7: Static Port Trunks 3. Select the Port Trunking tab. The Port Trunking tab is shown in Figure 29 on page 105. 4. Click the button next to the port trunk you want to modify and click Modify. The Modify Trunk page is shown in Figure 31. Figure 31. Modify Trunk Page Note You cannot change the Trunk ID number or the load distribution method of a static port trunk from the web browser interface. 5. Configure the following parameter as necessary.
AT-S63 Management Software Web Browser Interface User’s Guide Deleting a Port Trunk Caution Disconnect the cables from the port trunk on the switch before performing the following procedure. Deleting a port trunk without first disconnecting the cables can create loops in your network topology. Data loops can result in broadcast storms and poor network performance. To delete a port trunk from the switch, perform the following procedure: 1. From the home page, select Configuration.
Chapter 7: Static Port Trunks Displaying the Port Trunks To display the port trunks, perform the following procedure: 1. From the Home page, select Monitoring. The Monitoring System page is displayed with the General tab selected by default, as shown in Figure 6 on page 42. 2. From the Monitoring menu, select the Layer 1 option. The Layer 1 page is displayed with the Port Settings tab selected by default, as shown in Figure 22 on page 85. 3. Select the Port Trunking tab.
AT-S63 Management Software Web Browser Interface User’s Guide DA - Destination MAC address (Layer 2) SA/DA - Source MAC address /destination MAC address (Layer 2) SI - Source IP address (Layer 3) DI - Destination IP address (Layer 3) SI/DI - Source IP address /destination IP address (Layer 3) Ports The ports of the trunk.
Chapter 7: Static Port Trunks 112 Section I: Basic Operations
Chapter 8 Port Mirroring This chapter contains the procedures for creating or deleting a port mirror. The sections in the chapter include: “Creating a Port Mirror” on page 114 “Modifying a Port Mirror” on page 117 “Disabling a Port Mirror” on page 118 “Deleting a Port Mirror” on page 119 “Displaying the Port Mirror” on page 120 Note For background information on port mirroring, refer to Chapter 9, “Port Mirroring,” in the AT-S63 Management Software Menus Interface User’s Guide.
Chapter 8: Port Mirroring Creating a Port Mirror To create a port mirror, perform the following procedure: 1. From the home page, select Configuration. The System page is displayed with the General tab selected by default, as shown in Figure 5 on page 38. 2. From the Configuration menu, select the Layer 1 option. The Layer 1 page opens with the Port Settings tab displayed by default, as shown in Figure 20 on page 78. 3. Select the Port Mirroring tab.
AT-S63 Management Software Web Browser Interface User’s Guide The Modify Mirror page is shown in Figure 34. Figure 34. Modify Mirror Page 5. Click the ports of the port mirror. Clicking a port toggles it through the possible settings, which are as follows: The destination (mirror) port. There can be only one destination port. A source port. The port’s ingress traffic is mirrored to the destination port. A source port. The port’s egress traffic is mirrored to the destination port. A source port.
Chapter 8: Port Mirroring Figure 35 shows an example of the Modify Mirror page configured for a port mirror. The egress traffic on ports 11 and 12 is being mirrored to the destination port 5. Figure 35. Example of a Modify Mirror Page 6. After selecting the destination and source ports, click the Enable Mirror check box. 7. Click Apply. The port mirror is now active on the switch. You can connect a data analyzer to the destination port to monitor the traffic on the source ports. 8.
AT-S63 Management Software Web Browser Interface User’s Guide Modifying a Port Mirror To modify a port mirror, perform the following procedure: 1. From the home page, select Configuration. The System page is displayed with the General tab selected by default, as shown in Figure 5 on page 38. 2. From the Configuration menu, select the Layer 1 option. The Layer 1 page opens with the Port Settings tab displayed by default, as shown in Figure 20 on page 78. 3. Select the Port Mirroring tab.
Chapter 8: Port Mirroring Disabling a Port Mirror To disable a port mirror, perform the following procedure: 1. From the home page, select Configuration. The System page is displayed with the General tab selected by default, as shown in Figure 5 on page 38. 2. From the Configuration menu, select the Layer 1 option. The Layer 1 page opens with the Port Settings tab displayed by default, as shown in Figure 20 on page 78. 3. Select the Port Mirroring tab.
AT-S63 Management Software Web Browser Interface User’s Guide Deleting a Port Mirror To delete a port mirror, perform the following procedure: 1. From the home page, select Configuration. The System page is displayed with the General tab selected by default, as shown in Figure 5 on page 38. 2. From the Configuration menu, select the Layer 1 option. The Layer 1 page opens with the Port Settings tab displayed by default, as shown in Figure 20 on page 78. 3. Select the Port Mirroring tab.
Chapter 8: Port Mirroring Displaying the Port Mirror To display the port mirror, perform the following procedure: 1. From the Home page, select Monitoring. The Monitoring System page is displayed with the General tab selected by default, as shown in Figure 6 on page 42. 2. From the Monitoring menu, select the Layer 1 option. The Layer 1 page is displayed with the Port Settings tab selected by default, as shown in Figure 22 on page 85. 3. Select the Port Mirroring tab.
AT-S63 Management Software Web Browser Interface User’s Guide Egress Port(s) The source ports whose egress traffic is mirrored to the destination port. Status The status of the mirroring feature. The possible settings are: Enabled - Traffic is being copied to the destination port. Disabled - No traffic is being mirrored.
Chapter 8: Port Mirroring 122 Section I: Basic Features
Section II Advanced Operations The chapters in this section contain the procedures for advanced switch setup using the AT-S63 management software.
Section II: Advanced Operations
Chapter 9 File System This chapter contains procedures for working with the file system and contains the following sections: “Listing the Files in Flash Memory or on a Compact Flash Card” on page 126 “Selecting an Active Boot Configuration File” on page 130 Note For background information on the file system, refer to Chapter 11, “File System,” in the AT-S63 Management Software Menus Interface User’s Guide.
Chapter 9: File System Listing the Files in Flash Memory or on a Compact Flash Card This procedure displays the files stored in flash memory as well as on a compact flash card for those AT-9400 Series switches that feature a flash card slot. Note You cannot copy, rename, or delete files from a web browser management session. Those tasks must be performed from a local, Telnet, or SSH session.
AT-S63 Management Software Web Browser Interface User’s Guide The FIle System tab for an AT-9400 Series switch with a flash memory card drive is shown in Figure 37. Figure 37. File System Tab (Configuration) The information in the tab is defined below: Current Drives Specifies the location of the file system. An AT-9400 Series switch that does not feature a flash card slot has just one selection, Flash, which represents the flash memory in the switch.
Chapter 9: File System Device The device type, either “flash” for flash memory or “cflash” for compact flash card. Size Size of the file, in bytes. Modified The time the file was created or last modified, in the following date and time format: month/day/year hours:minutes:seconds. Attributes The file type, one of the following: Normal Read Only Hidden System Volume Directory Archive Invalid 4.
AT-S63 Management Software Web Browser Interface User’s Guide The Viewing File page for a portion of a configuration file is shown in Figure 38. . Figure 38.
Chapter 9: File System Selecting an Active Boot Configuration File This procedure changes the active boot configuration file on the switch. The switch uses the active boot configuration file to configure its operating parameters whenever it is reset or power cycled. The switch also updates the active boot file whenever you select the Save Config option. Note the following before performing this procedure: You cannot create a new configuration file from a web browser management session.
AT-S63 Management Software Web Browser Interface User’s Guide 3. Select the File System tab. The File System tab for an AT-9400 series switch with a compact flash card is shown in Figure 37 on page 127. 4. In the Default Configuration File field, enter the name of the file. When entering the file name, not the following: Be sure to include the “.cfg” extension. If the file is stored on a flash card in the switch, precede the name with “cflash:”. 5. Click Apply.
Chapter 9: File System 132 Section II: Advanced Operations
Chapter 10 File Downloads and Uploads This chapter contains the procedure for downloading a new AT-S63 image file onto the switch. This chapter also contains procedures for uploading and downloading system files, such as a boot configuration file, from the file system in the switch.
Chapter 10: File Downloads and Uploads Downloading a File This procedure explains how to download a file from a TFTP server on your network to the switch using the web browser interface. You can download any of the following files: AT-S63 image file Boot configuration file CA certificate Note The CA certificate is supported only on the version of AT-S63 management software that features SSL, PKI, and SSH security.
AT-S63 Management Software Web Browser Interface User’s Guide Installing a new AT-S63 software image does not change the current configuration of a switch (for instance, IP address, subnet mask, and virtual LANs). If you want to return a switch to its default configuration values, refer to “Returning the AT-S63 Management Software to the Factory Default Values” on page 52. This procedure gives you the option of downloading the image file into the switch’s application block or the file system.
Chapter 10: File Downloads and Uploads Caution Downloading a configuration file as the switch’s new active boot configuration file will cause a switch reset. Some network traffic may be lost. To download a file, perform the following procedure: 1. From the home page, select Configuration. The System page is displayed with the General tab selected by default, as shown in Figure 5 on page 38. 2. From the Configuration menu, select the Utilities option.
AT-S63 Management Software Web Browser Interface User’s Guide 3. In the TFTP File Uploads and Downloads section, use the TFTP Server IP Address field to enter the IP address of the network node that contains the TFTP server software. 4. For TFTP Operation parameter, click Download. 5. In the TFTP Remote Filename field, enter the filename of the file on the TFTP server to be downloaded to the switch. 6. In the TFTP Local Filename field, enter a name for the file.
Chapter 10: File Downloads and Uploads Note If you downloaded a configuration file using the Config selection, the switch automatically designates it as its active configuration file and resets. At the completion of the reset, the switch operates with the parameter settings in the downloaded configuration file. The reset ends your web browser management session. To continue managing the switch, you must reestablish the management session.
AT-S63 Management Software Web Browser Interface User’s Guide Uploading a File This procedure explains how to upload a file from the switch’s file system to a TFTP server on your network using the web browser interface.
Chapter 10: File Downloads and Uploads Note The top portion of the tab is used to return the switch to its factory default settings. For instructions, refer to “Returning the AT-S63 Management Software to the Factory Default Values” on page 52. 3. In the TFTP File Uploads and Downloads section, in the TFTP Server IP Address field, enter the IP address of the network node that contains the TFTP server software. 4. For the TFTP Operation parameter, click Upload. 5.
Chapter 11 Event Logs and Syslog Servers This chapter describes how to view or save the contents of the event logs and how to create a log output to send events to a syslog server. The event logs allow you to view information about switch activity.
Chapter 11: Event Logs and Syslog Servers Working with the Event Logs The event logs contain event messages that are generated by a switch. These events can provide vital information about network activity on an AT-9400 Series switch that can help you identify and solve network problems. The information includes the time and date when an event occurred, the event’s severity, the AT-S63 module that generated the event, and an event description. The AT-9400 Series switch has two event logs.
AT-S63 Management Software Web Browser Interface User’s Guide The Event log tab is shown in Figure 40. Figure 40. Event Log Tab (Configuration) 3. In the Log Settings section, for the Status, click Enabled to enable the event logs, or Disabled to disable the event logs. The event log feature is enabled by default. 4. Click Apply to activate the settings on the switch. If you enabled the logs, the switch immediately begins to add events to the logs and send events to defined syslog servers. 5.
Chapter 11: Event Logs and Syslog Servers 6. From the Configuration menu, select the Save Config option to permanently save your changes. (This option is not displayed if there are no changes to save.) Displaying Events Each time that you want to view the event log, you must choose how and what you want displayed. The settings for viewing an event log are not saved. To specify the type of events in an event log you want to display, perform the following procedure: 1.
AT-S63 Management Software Web Browser Interface User’s Guide The Event log tab is shown in Figure 41. Figure 41. Event Log Tab (Monitoring) 3. In the Display Filter Settings section, for Log Location, click one of the following: Temporary (Memory) Displays the events stored in temporary memory. This selection stores approximately 4,000 events. If the switch has been running for some time without a reset or power cycle, select Temporary. This is the default.
Chapter 11: Event Logs and Syslog Servers 4. To display events of a selected severity, in the Severity Selections list, select one or more of the following severity types: D - Debug Debug messages provide detailed high-volume information that is intended only for technical support personnel. E - Error Only error messages are displayed. Error messages indicate that the switch operation is severely impaired. W - Warning Only warning messages are displayed.
AT-S63 Management Software Web Browser Interface User’s Guide 7. To display events of a particular AT-S63 software module, from the Module Selections list, select one or more of the modules listed in Table 1. To select more than one module, use click. Table 1.
Chapter 11: Event Logs and Syslog Servers Table 1. AT-S63 Software Modules (Continued) Name Description RPS Redundant power supply RRP RRP Snooping SNMP Simple Network Management Protocol SSH Secure Shell protocol SSL Secure Sockets Layer protocol STP Spanning Tree, Rapid Spanning Tree, and Multiple Spanning Tree protocols SYSTEM Hardware status; Manager and Operator log in and log off events.
AT-S63 Management Software Web Browser Interface User’s Guide The events are displayed in a table. The columns in the table shown in normal display mode are described below: S (Severity) The event’s severity. The severity codes and their corresponding severity level and description are shown in Table 2. Table 2. Event Severity Levels Severity Code Severity Level E Error Switch operation is severely impaired. W Warning An issue that may require network manager attention.
Chapter 11: Event Logs and Syslog Servers In addition to the information displayed in Normal mode, the Full mode also displays additional columns in the table, as described below: Event ID A unique, random number assigned to each event. Filename:Line The AT-S63 software source file name and the line number in that source file that produced the event. 9.
AT-S63 Management Software Web Browser Interface User’s Guide The System page is displayed with the General tab selected by default, as shown in Figure 5 on page 38. 2. Select the Event Log tab. The Event log tab is shown in Figure 40 on page 143. 3. In the Display Filter Settings section, select the log and the type of events you want to save to the file. For instructions, refer to steps 3 to 7 in “Displaying Events” on page 144. 4. In the Save Filename field, enter a name for the file.
Chapter 11: Event Logs and Syslog Servers Working with Log Outputs Instead of checking the log files on each individual switch, you can create an output definition that defines the events that are sent to a syslog server. From this central point, you can monitor all the AT-9400 Series switches in your network. This is called a log output file. For more information about log output files, refer to Chapter 13, “Event Logs and Syslog Servers,” in the AT-S63 Management Software Menus Interface User’s Guide.
AT-S63 Management Software Web Browser Interface User’s Guide 4. Configure the following parameters as necessary: Output ID An ID number for the log output. Output Status Specifies whether or not the output is sent to the syslog server. The options are: Enabled - Enables the log output. Event messages are sent to the defined syslog server. Disabled - Disables the log output. Event messages are not sent to the defined syslog server.
Chapter 11: Event Logs and Syslog Servers Facility Level The numerical code to be added to the entries sent to the syslog server to group the entries according to the module or switch that produced them. The facility levels are described in Table 3. Table 3. Default Syslog Facilities Facility Mapped Event Log Modules and Events Default This facility number applies the functional groupings defined in the RFC 3164 standard.
AT-S63 Management Software Web Browser Interface User’s Guide The View Log Output page is shown in Figure 45. Figure 45. View Event Log Output Page This page displays the following information: Output ID An ID number for the log output. Output Status Whether or not the output is sent to the syslog server, either enabled or disabled. Message Format The format of the messages sent to the syslog server. Severity Selections The severity of events sent to the syslog server.
Chapter 11: Event Logs and Syslog Servers Modifying a Log Output Definition To modify a log output definition, perform the following procedure: 1. From the home page, select Configuration. The System page is displayed with the General tab selected by default, as shown in Figure 5 on page 38. 2. Select the Event Log tab. The Event log tab is shown in Figure 40 on page 143. 3. In the Configure Log Outputs section, Select the log output file that you want to modify and click Modify.
AT-S63 Management Software Web Browser Interface User’s Guide Output Status Specifies whether or not the output is sent to the syslog server. The options are: Enabled - Sends the output to the syslog server. Disabled - The output is not sent to the syslog server even if an IP address is defined. Message Format Specifies the format of the messages sent to the syslog server. The options are: Extended - Displays the time, module, severity, description, file name, line number, and event ID.
Chapter 11: Event Logs and Syslog Servers Module Selections Specifies the AT-S63 management software module(s) whose events you want to send to the syslog server. To select more than one, use +click. For a list of modules, refer to Table 1 on page 147. 5. Click Apply to apply the changes or Close to close the page without making changes. 6. From the Configuration menu, select the Save Config option to permanently save your changes. (This option is not displayed if there are no changes to save.
Chapter 12 Classifiers A classifier defines a traffic flow. You use classifiers with access control lists to filter ingress traffic on a port and with Quality of Service policies to regulate different traffic flows that pass through a switch.
Chapter 12: Classifiers Configuring a Classifier This procedure explains how to create an ACL. It is a good idea before performing this procedure to jot down on paper the ID number(s) of the classifier(s) you want to assign to the ACL and the action of the ACL, which is either Permit or Deny. An action of Permit instructs the port to accept packets from the defined traffic flow of the classifier, while an action of Deny discards the packets.
AT-S63 Management Software Web Browser Interface User’s Guide The Classifier tab is shown in Figure 48. Figure 48. Classifier Tab (Configuration) The tab lists the current classifiers on the switch. The columns are defined here: ID The ID number of the classifier. Description A description of the classifier. No. of References The number of active and inactive ACLs and QoS policies to which the classifier is currently assigned.
Chapter 12: Classifiers The Create Classifier page is shown in Figure 49. Figure 49. Create Classifier Page Some of the variables and settings display additional selections. For example, selecting IP as the Protocol displays the selections shown in Figure 50. Figure 50.
AT-S63 Management Software Web Browser Interface User’s Guide 5. Configure the following parameters as desired: ID Specifies an ID number for the classifier. Every classifier on the switch must have a unique ID number. The range is 1 to 9999. This parameter is required. Description Specifies a description for the classifier. A description can be up to fifteen alphanumeric characters. Spaces are allowed. Destination MAC Defines a traffic flow by its destination MAC address.
Chapter 12: Classifiers TOS/DSCP Defines a traffic flow by its Type of Service or DSCP value. To set this parameter, the Protocol parameter must be set to IP. Options are: TOS (Type of Service) DSCP TOS Defines a traffic flow by its Type of Service value. The range is 0 to 7. To set this value, the TOS/DSCP parameter must be set to TOS. DSCP Defines a traffic flow by its DSCP value. The range is 0 to 63. To set this value, the TOS/DSCP parameter must be set to DSCP.
AT-S63 Management Software Web Browser Interface User’s Guide the corresponding bit of the IP address, while a “0” indicates that it should not. For example, the Class C subnet address 149.11.11.0 would have the mask “255.255.255.0”. TCP Source Port Defines a traffic flow by source TCP port. To set this parameter, IP Protocol must be set to TCP. TCP Destination Port Defines a traffic flow by destination TCP port. To set this parameter, IP Protocol must be set to TCP.
Chapter 12: Classifiers Modifying a Classifier This procedure explains how to modify a classifier. If the classifier you want to modify is currently assigned to an active ACL or QoS policy, you must first remove the port assignments from the ACL or policy before you can modify the classifier. Once you have finished modifying the classifier, you can reassign the ports again to the ACL or QoS policy. To modify a classifier, perform the following procedure: 1. From the home page, select Configuration.
AT-S63 Management Software Web Browser Interface User’s Guide 5. Modify the parameters as necessary: For descriptions of the parameters, refer to “Configuring a Classifier” on page 160. 6. Click Apply. 7. From the Configuration menu, select the Save Config option to permanently save your changes. (This option is not displayed if there are no changes to save.
Chapter 12: Classifiers Deleting a Classifier To delete a classifier, perform the following procedure: Note You cannot delete a classifier if it belongs to an ACL or QoS policy. You must first remove it from the ACL or policy before you can delete it. 1. From the home page, select Configuration. The System page is displayed with the General tab selected by default, as shown in Figure 5 on page 38.
AT-S63 Management Software Web Browser Interface User’s Guide Displaying the Classifiers To display the classifiers, perform the following procedure: 1. From the Home page, select Monitoring. The Monitoring System page is displayed with the General tab selected by default, as shown in Figure 6 on page 42. Note You can access the Classifiers tab either through the Network Security menu option or through the Services menu option. This procedure uses the path through the Services menu option. 2.
Chapter 12: Classifiers Description A description of the classifier. No. of References The number of active and inactive ACLs and QoS policies to which the classifier is currently assigned. An active ACL or QoS is assigned to at least one switch port, while an inactive ACL or QoS policy is currently not assigned to any port. If this column is 0 (zero), the classifier is not assigned to any ACLs or policies, active or inactive. No.
Chapter 13 Access Control Lists An access control list (ACL) is a tool for managing network traffic.
Chapter 13: Access Control Lists Configuring an Access Control List This procedure explains how to create an ACL. Before starting this procedure, jot down on paper the ID number(s) of the classifier(s) you want to assign to the ACL and the action of the ACL, which is either Permit or Deny. An action of Permit instructs the port to accept packets from the defined traffic flow of the classifier, while an action of Deny discards the packets.
AT-S63 Management Software Web Browser Interface User’s Guide 4. Click Create. The Create ACLs page is displayed, as shown in Figure 55. Figure 55. Create ACLs Page 5. Configure the following parameters: ID Use this field to enter an ID number for the ACL. Every ACL on the switch must have a unique ID number. The range is 0 to 255. Classifier List Use this list to select the classifier you want to assign to this ACL. You can assign more than one classifier to an ACL.
Chapter 13: Access Control Lists 6. Click Apply. The new ACL is immediately activated on the specified ports. If you did not specify any ports for the ACL, the ACL is created but remains inactive until you assign it to a port. 7. From the Configuration menu, select the Save Config option to permanently save your changes. (This option is not displayed if there are no changes to save.
AT-S63 Management Software Web Browser Interface User’s Guide Modifying an Access Control List To modify an access control list, perform the following procedure: 1. From the home page, select Configuration. The System page is displayed with the General tab selected by default, as shown in Figure 5 on page 38. 2. From the Configuration menu, select the Network Security option. The Network Security page is displayed with the Port Security tab selected by default, as shown in Figure 158 on page 392. 3.
Chapter 13: Access Control Lists Action Use this menu to specify the action of the ACL. Deny, which is the default, discards ingress packets that match the defined traffic flow of the classifier. Permit accepts the packets. The default is Deny. Description Use this field to enter a description for the ACL. A description can be up to 15 alphanumeric characters, including spaces. Entering a description is optional. Port List Use this list to specify the port where you want to assign the ACL.
AT-S63 Management Software Web Browser Interface User’s Guide Deleting an Access Control List To delete an access control list, perform the following procedure: 1. From the home page, select Configuration. The System page is displayed with the General tab selected by default, as shown in Figure 5 on page 38. 2. From the Configuration menu, select the Network Security option. The Network Security page is displayed with the Port Security tab selected by default, as shown in Figure 158 on page 392. 3.
Chapter 13: Access Control Lists Displaying the Access Control Lists To display the current ACLs, perform the following procedure: 1. From the Home page, select Monitoring. The Monitoring System page is displayed with the General tab selected by default, as shown in Figure 6 on page 42. 2. From the Monitoring menu, select Network Security. The Network Security page is displayed with the Port Security tab selected by default, as shown in Figure 160 on page 395. 3. Select the ACL tab.
AT-S63 Management Software Web Browser Interface User’s Guide case the packets are accepted by the port, because a Permit ACL overrides a Deny ACL. Active Whether or not the ACL is active. A status of Yes means that the ACL is assigned to at least one port on the switch. A status of No means the ACL is not assigned to any ports and therefore is inactive. Classifier List The classifiers assigned to the ACL. Port List The port assignments of the ACL. 4.
Chapter 13: Access Control Lists 180 Section II: Advanced Operations
Chapter 14 Class of Service This chapter contains instructions on how to configure Class of Service (CoS).
Chapter 14: Class of Service Configuring CoS This procedure sets the Class of Service priority level for ingress untagged packets on a port. The priority level dictates which priority queue the packets are stored in on the egress port. In the default settings, ingress untagged packets on a port are assigned a priority level of 0 and are stored in egress queue Q1 on the egress port. This procedure also overrides the priority level in tagged ingress packets.
AT-S63 Management Software Web Browser Interface User’s Guide The CoS Setting for Port page is shown in Figure 60. Figure 60. CoS Setting for Port Page 4. Use the Priority list to select a new Class of Service priority level for the port. The default is level 0. The new priority level will apply to all ingress untagged packets. (If you perform Step 5 and override the priority level in tagged packets, the new priority level will also apply to all ingress tagged packets.) 5.
Chapter 14: Class of Service Mapping CoS Priorities to Egress Queues This procedure explains how to change the default mappings of CoS priorities to egress priority queues. To change the mappings, perform the following procedure: 1. From the home page, select Configuration. The System page is displayed with the General tab selected by default, as shown in Figure 5 on page 38. 2. From the Configuration menu, select the Services option.
AT-S63 Management Software Web Browser Interface User’s Guide Note The Configure Egress Weights section in the tab is explained in the next procedure, “Configuring Egress Scheduling” on page 186. The default values are listed in Table 4. Table 4. Default Mappings of IEEE 802.1p Priority Levels to Egress Priority Queues IEEE 802.1p Priority Level Egress Port Priority Queue 0 Q1 1 Q0 2 Q2 3 Q3 4 Q4 5 Q5 6 Q6 7 Q7 4.
Chapter 14: Class of Service Configuring Egress Scheduling This procedure explains how to select and configure a scheduling method for Class of Service. Scheduling determines the order in which the ports handle packets in their egress queues. For an explanation of the two scheduling methods, refer to Chapter 16, “Class of Service,” in the AT-S63 Management Software Menus Interface User’s Guide. Scheduling is set at the switch level. You cannot set this at the port level.
AT-S63 Management Software Web Browser Interface User’s Guide Table 5. Example of Weighted Round Robin Priority (Continued) Port Egress Queue Maximum Number of Packets Q2 1 Q3 5 Q4 5 Q5 5 Q6 15 Q7 15 Leaving the default value of 1 for each queue results in all egress queues being given the same priority. 6. Click Apply. 7. From the Configuration menu, select the Save Config option to permanently save your changes. (This option is not displayed if there are no changes to save.
Chapter 14: Class of Service Displaying the CoS Settings To display the CoS settings, perform the following procedure: 1. From the Home page, select Monitoring. The Monitoring System page is displayed with the General tab selected by default, as shown in Figure 6 on page 42. 2. From the Monitoring menu, select Services. The Services page is displayed with the CoS tab selected by default, as shown in Figure 62. Figure 62. CoS Tab (Monitoring) 3. Click the port where you want to view the settings.
AT-S63 Management Software Web Browser Interface User’s Guide The CoS Setting for Port page is shown in Figure 63. Figure 63. CoS Setting for Port Page The CoS Setting for Port page displays a table that contains the following columns of information: Port The port number. VLAN ID The VLAN of which the port is a member. Default Priority The default priority level for this port. Override Priority Whether or not the priority level in tagged ports should be overridden. 5. Click Close.
Chapter 14: Class of Service Displaying the QoS Schedule To display the QoS schedule, perform the following procedure: 1. From the Home page, select Monitoring. The Monitoring System page is displayed with the General tab selected by default, as shown in Figure 6 on page 42. 2. From the Monitoring menu, select the Services option. The Services page is displayed with the CoS tab selected by default, as shown in Figure 62 on page 188. 3. Select the Queuing and Scheduling tab.
Chapter 15 Quality of Service This chapter contains instructions on how to configure Quality of Service (QoS). This chapter contains the following procedures: “Managing Flow Groups” on page 192 “Managing Traffic Classes” on page 198 “Managing Policies” on page 206 Note For background information on QoS, refer to Chapter 17, “Quality of Service,” in the AT-S63 Management Software Menus Interface User’s Guide.
Chapter 15: Quality of Service Managing Flow Groups Flow groups are groups of classifiers that group together similar traffic flows. This section contains the following procedures: Configuring Flow Groups “Configuring Flow Groups,” next “Modifying a Flow Group” on page 194 “Deleting a Flow Group” on page 195 “Displaying Flow Groups” on page 195 To configure a flow group, perform the following procedure: 1. From the home page, select Configuration.
AT-S63 Management Software Web Browser Interface User’s Guide 4. Click Create. The Create Flow Group page opens, as shown in Figure 66. Figure 66. Create Flow Group Page 5. Configure the following parameters as necessary: ID Specifies the ID number for this flow group. The range is 0 to 1023. DSCP Specifies a replacement value to write into the DSCP (TOS) field of the packets. The range is 0 to 63.
Chapter 15: Quality of Service Modifying a Flow Group To modify a flow group, perform the following procedure: 1. From the home page, select Configuration. The System page is displayed with the General tab selected by default, as shown in Figure 5 on page 38. 2. From the Configuration menu, select the Services option. The Services page is displayed with the CoS tab selected by default, as shown in Figure 59 on page 182. 3. Select the flow group you want to modify and click Modify.
AT-S63 Management Software Web Browser Interface User’s Guide Classifier List The classifiers to be assigned to the policy. The specified classifiers must already exist. To select more than one classifier, use click. 5. Click Apply. 6. From the Configuration menu, select the Save Config option to permanently save your changes. (This option is not displayed if there are no changes to save.) Deleting a Flow Group To delete a flow group, perform the following procedure: 1.
Chapter 15: Quality of Service The Flow Group tab is shown in Figure 68. Figure 68. Flow Group Tab (Monitoring) The Flow Group tab displays the currently configured flow groups in a table that contains the following columns of information: ID The ID number for this flow group. Description The flow group description. Active Whether or not the flow group is active. Parent Traffic Class ID The traffic class associated with this flow group. This information is for display only.
AT-S63 Management Software Web Browser Interface User’s Guide The View Flow Group page is shown in Figure 69. Figure 69. View Flow Group Page The View Flow Group page displays the following information: ID The ID number for this flow group. Description The flow group description. DSCP The replacement value to write into the DSCP (TOS) field of the packets. Priority The new user priority value for the packets.
Chapter 15: Quality of Service Managing Traffic Classes Traffic classes consist of a set of QoS parameters and a group of QoS flow groups. This section contains the following procedures: Configuring Traffic Classes “Configuring Traffic Classes,” next “Modifying a Traffic Class” on page 200 “Deleting a Traffic Class” on page 202 “Displaying the Traffic Classes” on page 202 To configure a traffic class, perform the following procedure: 1. From the home page, select Configuration.
AT-S63 Management Software Web Browser Interface User’s Guide 4. Click Create. The Create Traffic Class page is shown in Figure 71. Figure 71. Create Traffic Class Page 5. Configure the following parameters: ID Specifies the ID number for this traffic class. The range is 0 to 1023. Exceed Action Specifies the action to be taken if the traffic of the traffic class exceeds the maximum bandwidth specified by the Max Bandwidth parameter. The possible options are drop and remark.
Chapter 15: Quality of Service Exceed Remark Value Specifies the DSCP replacement value for traffic that exceeds the maximum bandwidth. This value takes precedence over the DSCP value. The default is 0. Max Bandwidth Specifies the maximum bandwidth available for the traffic class. The range is 0 to 1016 Mbps. If you set this parameter to 0 (zero), all traffic that matches that traffic class is dropped. Priority Specifies the priority value in the IEEE 802.
AT-S63 Management Software Web Browser Interface User’s Guide The Modify Traffic Class page is shown in Figure 72. Figure 72. Modify Traffic Class Page 5. Configure the following parameters as necessary: ID Specifies the ID number for this traffic class. The range is 0 to 1023. Exceed Action Specifies the action to be taken if the traffic of the traffic class exceeds the maximum bandwidth specified by the Max Bandwidth parameter. The possible options are drop and remark.
Chapter 15: Quality of Service Max Bandwidth Specifies the maximum bandwidth available for the traffic class. The range is 0 to 1016 Mbps. If you set this parameter to 0 (zero), all traffic that matches that traffic class is dropped. Priority Specifies the priority value in the IEEE 802.1p tag control field that traffic belonging to this traffic class is assigned. The range is 0 to 7 with 0 (zero) as the lowest priority. Flow Group List The flow groups assigned to this traffic class.
AT-S63 Management Software Web Browser Interface User’s Guide 3. Select the Traffic Class tab. The Traffic Class tab is shown in Figure 73. Figure 73. Traffic Class Tab (Monitoring) The Traffic Class tab displays the currently configured flow groups in a table that contains the following columns of information: ID The ID of the traffic class. Description A description of the traffic class. Active Whether or not this traffic class is active on the switch.
Chapter 15: Quality of Service The View Traffic Class page is shown in Figure 74. Figure 74. View Traffic Class Page The View Traffic Class page displays the following information: ID The ID of the traffic class. Exceed Action The action to be taken if the traffic of the traffic class exceeds the maximum bandwidth specified by the Max Bandwidth parameter. DSCP Value The replacement value to write into the DSCP (TOS) field of the packets. Burst Size The size of a token bucket for the traffic class.
AT-S63 Management Software Web Browser Interface User’s Guide Flow Group List The flow groups assigned to this traffic class. 5. Click Close.
Chapter 15: Quality of Service Managing Policies QoS policies consist of a collection of user-defined traffic classes. This section contains the following procedures: Configuring a Policy “Configuring a Policy,” next “Modifying a Policy” on page 208 “Deleting a Policy” on page 210 “Displaying Policies” on page 210 To configure a policy, perform the following procedure: 1. From the home page, select Configuration.
AT-S63 Management Software Web Browser Interface User’s Guide The Policies tab displays the existing policies in a table that contains the following columns of information: ID The ID of the policy. Description A description of the policy. Active Whether or not this policy is active on the switch. Traffic Class List The traffic classes assigned to the policy. Ingress Port List The ingress ports to which the policy is assigned. 4. Click Create. The Create Policy page opens, as shown in Figure 76. Figure 76.
Chapter 15: Quality of Service None - Disables this function. All - All packets are remarked. DSCP Value Specifies a replacement value to write into the DSCP (TOS) field of the packets. The range is 0 to 63. Traffic Class List Specifies the traffic classes to be assigned to the policy. The traffic classes must already exist. Select the classes from the list. To select more than one, use click. Ingress Port List Specifies the ingress ports to which the policy is to be assigned.
AT-S63 Management Software Web Browser Interface User’s Guide The Modify Policy page is shown in Figure 77. Figure 77. Modify Policy Page 5. Modify the following parameters as necessary: ID Specifies the ID number for this policy. The range is 0 to 255. Description Specifies the policy description. A description can be up to 15 alphanumeric characters, including spaces. Remark DSCP Specifies the conditions under which the ingress DSCP value is overwritten.
Chapter 15: Quality of Service Egress Port Specifies the egress port to which the policy is to be assigned. A port can be an egress port of only one policy at a time. Redirect Port Specifies the port to which the classified traffic from the ingress ports is redirected. 6. Click Apply. 7. From the Configuration menu, select the Save Config option to permanently save your changes. (This option is not displayed if there are no changes to save.
AT-S63 Management Software Web Browser Interface User’s Guide The Policies tab is shown in Figure 78. Figure 78. Policies Tab (Monitoring) The Policies tab displays the existing policies in a table that contains the following columns of information: ID The ID of the policy. Description A description of the policy. Active Whether or not this policy is active on the switch. Traffic Class List The traffic classes assigned to the policy. Ingress Port List The ingress ports to which the policy is assigned. 4.
Chapter 15: Quality of Service The View Policy page is shown in Figure 79. Figure 79. View Policy Page The View Policy page contains the following information: ID The ID of the policy. Description A description of the policy. Remark DSCP The conditions under which the ingress DSCP value is overwritten. DSCP Value A replacement value to write into the DSCP (TOS) field of the packets. Traffic Class List The traffic classes to be assigned to the policy.
Chapter 16 Denial of Service Defense This chapter contains instructions on how to configure the Denial of Service defense feature on the switch. The sections include: “Configuring Denial of Service Defense” on page 214 “Displaying the DoS Settings” on page 217 Note For background information on denial of service defense, refer to Chapter 18, “Denial of Service Defense,” in the AT-S63 Management Software Menus Interface User’s Guide.
Chapter 16: Denial of Service Defense Configuring Denial of Service Defense To configure the ports on the switch for Denial of Service attack defense, perform the following procedure: 1. From the home page, select Configuration. The System page is displayed with the General tab selected by default, as shown in Figure 5 on page 38. 2. From the Configuration menu, select the Network Security option. The Network Security page is displayed with the 802.
AT-S63 Management Software Web Browser Interface User’s Guide b. In the DoS Subnet Mask field, enter the LAN’s mask. enter the mask. A binary “1” indicates the switch should filter on the corresponding bit of the IP address, while a “0” indicates that it should not. As an example, assume that the devices connected to a switch are using the IP address range 149.11.11.1 to 149.11.11.50. The mask would be 0.0.0.63. c.
Chapter 16: Denial of Service Defense Status Click Enable or Disable to enable or disable DoS on the selected ports. Action The action a port takes when an intruder packet is received. Although five possible selections are shown in the Action list box, they all do the same thing: block the packet, record the event, and drop the packet. This option applies only to the IP Options defense. Mirror Port This option applies to the Land, Tear Drop, Ping of Death, and IP Options.
AT-S63 Management Software Web Browser Interface User’s Guide Displaying the DoS Settings To display the DoS settings, perform the following procedure: 1. From the Home page, select Monitoring. The Monitoring System page is displayed with the General tab selected by default, as shown in Figure 6 on page 42. 2. From the Monitoring menu, select Network Security. The Network Security page is displayed with the Port Security tab selected by default, as shown in Figure 160 on page 395. 3. Select the DoS tab.
Chapter 16: Denial of Service Defense The DoS Monitor for Port page opens, as shown in Figure 83. Figure 83. DoS Monitor for Ports Page The page displays a table that contains the following columns of information: Port The port number. Status Whether DoS is enabled or disabled on the port. Type The type of DoS prevention. Action The action a port takes when an intruder packet is received.
Chapter 17 IGMP Snooping This chapter describes how to configure the IGMP snooping feature on the switch. The sections in the chapter include: “Configuring IGMP Snooping” on page 220 “Displaying a List of Host Nodes” on page 223 “Displaying a List of Multicast Routers” on page 226 Note For background information, refer to Chapter 19, “IGMP Snooping,” in the AT-S63 Management Software Menus Interface User’s Guide.
Chapter 17: IGMP Snooping Configuring IGMP Snooping To configure IGMP snooping, perform the following procedure: 1. From the home page, select Configuration. The System page is displayed with the General tab selected by default, as shown in Figure 5 on page 38. 2. From the Configuration menu, select the Multicast option. The Multicast page is displayed with the IGMP tab selected by default, as shown in Figure 84. Figure 84. IGMP Tab (Configuration) 3. Configure the following parameters as necessary.
AT-S63 Management Software Web Browser Interface User’s Guide reports and times out. The switch forwards the leave request to the router and simultaneously ceases transmission of any further multicast packets out the port where the host node is connected. The Intermediate (Multi-Host) setting is appropriate if there is more than one host node connected to a switch port, such as when a port is connected to an Ethernet hub to which multiple host nodes are connected.
Chapter 17: IGMP Snooping 5. From the Configuration menu, select the Save Config option to permanently save your changes. (This option is not displayed if there are no changes to save.
AT-S63 Management Software Web Browser Interface User’s Guide Displaying a List of Host Nodes You can use the AT-S63 management software to display a list of the multicast groups on a switch, as well as the host nodes. You can also view the multicast routers. A multicast router is a router that is receiving multicast packets from a multicast application and transmitting the packets to host nodes. To view host nodes, perform the following procedure: 1. From the Home page, select Monitoring.
Chapter 17: IGMP Snooping Multicast Router Ports Mode How the router ports are determined. The possible settings are: Auto-Detect - The switch determines the ports automatically. Port number - The selected router ports. Host/Router Timeout Interval The time period in seconds after which the switch determines that a host node has become inactive. Maximum Multicast Groups The maximum number of multicast groups the switch learns. 3.
AT-S63 Management Software Web Browser Interface User’s Guide Status Indicates IGMP group status of the port. The possible settings are: Active - The port is active in the IGMP group. Left Group - The port is not active in the IGMP group.
Chapter 17: IGMP Snooping Displaying a List of Multicast Routers To view multicast routers, perform the following procedure: 1. From the Home page, select Monitoring. The Monitoring System page is displayed with the General tab selected by default, as shown in Figure 6 on page 42. 2. Select the IGMP tab. The IGMP tab is shown in Figure 85 on page 223. 3. To view the multicast routers, click View Multicast Router List and then click View. The View Multicast Routers List is shown in Figure 87. Figure 87.
AT-S63 Management Software Web Browser Interface User’s Guide Figure 88.
Chapter 17: IGMP Snooping 228 Section II: Advanced Operations
Section III SNMPv3 The chapter in this section contains the procedures for configuring SNMPv3.
Section III: SNMPv3
Chapter 18 SNMPv3 This chapter provides the following procedures for configuring SNMPv3 parameters using a web browser management session: “Configuring the SNMPv3 Protocol” on page 232 “Enabling or Disabling SNMP Management” on page 233 “Configuring the SNMPv3 User Table” on page 236 “Configuring the SNMPv3 View Table” on page 244 “Configuring the SNMPv3 Access Table” on page 250 “Configuring the SNMPv3 SecurityToGroup Table” on page 257 “Configuring the SNMPv3 Notify Table” on
Chapter 18: SNMPv3 Configuring the SNMPv3 Protocol To configure the SNMPv3 protocol, you need to first enable SNMP access on the switch. Then you configure the SNMPv3 tables.
AT-S63 Management Software Web Browser Interface User’s Guide Enabling or Disabling SNMP Management In order to allow an SNMP manager or host to access the switch you need to enable SNMP access. In addition, to allow the switch to send a trap when it receives a login attempt from an unauthenticated user, you need to enable authentication failure traps. This section provides a procedure to accomplish both of these tasks.
Chapter 18: SNMPv3 The SNMP tab is shown in Figure 89. Figure 89. SNMP Tab (Configuration) 4. Click the Enable SNMP Access checkbox to enable or disable SNMP management. A check in the box indicates that the feature is enabled, meaning that the switch can be managed from an SNMP management station. No check indicates that the feature is disabled. The default is disabled. Use this parameter to enable the switch to be remotely managed with an SNMP application program.
AT-S63 Management Software Web Browser Interface User’s Guide 7. From the Configuration menu, select the Save Config option to permanently save your changes. (This option is not displayed if there are no changes to save.
Chapter 18: SNMPv3 Configuring the SNMPv3 User Table You can create, delete, and modify an SNMPv3 User Table entry. See the following procedures: “Creating a User Table Entry” on page 236 “Deleting a User Table Entry” on page 239 “Modifying a User Table Entry” on page 240 For reference information about the SNMPv3 User Table, see Chapter 22, “SNMPv3” in the AT-S63 Management Software Menus Interface User’s Guide.
AT-S63 Management Software Web Browser Interface User’s Guide The SNMPv3 User Table tab is shown in Figure 90. Figure 90. SNMPv3 User Table Tab (Configuration) 4. Click Add. The Add New SNMPv3 User page is shown in Figure 91. Figure 91. Add New SNMPv3 User Page 5.
Chapter 18: SNMPv3 6. In the Authentication Protocol field, enter an authentication protocol. This is an optional parameter. Select one of the following: MD5 This value represents the MD5 authentication protocol. With this selection, users (SNMP entities) are authenticated with the MD5 authentication protocol after a message is received. This algorithm generates the message digest. The user is authenticated when the authentication protocol checks the message digest.
AT-S63 Management Software Web Browser Interface User’s Guide privacy protocol for this User Table entry. With this selection, messages transmitted between the host and the switch are encrypted with the DES protocol. None Select this value if you do not want a privacy protocol for this User Table entry. With this selection, messages transmitted between the host and the switch are not encrypted. 10. In the Privacy Password field, enter a privacy password of up to 32 alphanumeric characters. 11.
Chapter 18: SNMPv3 The SNMP tab is shown in Figure 89 on page 234. 3. In the SNMPv3 section, click the button next to Configure User Table and then click Configure. The SNMPv3 User Table tab is shown in Figure 90 on page 237. 4. Click the button next to the User Table entry that you want to delete and then click Remove. A warning message is displayed. 5. Click OK. 6. From the Configuration menu, select the Save Config option to permanently save your changes.
AT-S63 Management Software Web Browser Interface User’s Guide The Modify SNMPv3 User page is shown in Figure 92. Figure 92. Modify SNMPv3 User Page 5. In the Authentication Protocol field, enter an authentication protocol. This is an optional parameter. Select one of the following: MD5 This value represents the MD5 authentication protocol. With this selection, users (SNMP entities) are authenticated with the MD5 authentication protocol after a message is received.
Chapter 18: SNMPv3 Note You may want to assign NONE to a super user. 6. In the Authentication Password field, enter an authentication password of up to 32 alphanumeric characters. 7. In the Confirm Authentication Password field, re-enter the authentication password. Note If you have the nonencrypted version of the AT-S60 software, then the Privacy Protocol field is read-only. Note You can only configure the Privacy Protocol if you have configured the Authentication Protocol with the MD5 or SHA values. 8.
AT-S63 Management Software Web Browser Interface User’s Guide entry with a NonVolatile storage type, the Save Config option is displayed on the Configuration menu. Allied Telesyn recommends this storage type. Note The Row Status parameter is a read-only field in the web browser interface. The Active value indicates the SNMPv3 User Table entry takes effect immediately. 12. Click Apply to update the SNMPv3 User Table. 13.
Chapter 18: SNMPv3 Configuring the SNMPv3 View Table You can create, delete, and modify an SNMPv3 View Table entry. See the following procedures: “Creating a View Table Entry” on page 244 “Deleting a View Table Entry” on page 247 “Modifying a View Table Entry” on page 247 For reference information about the SNMPv3 View Table, see Chapter 22, “SNMPv3” in the AT-S63 Management Software Menus Interface User’s Guide.
AT-S63 Management Software Web Browser Interface User’s Guide The SNMPv3 View Table tab is shown in Figure 93. Figure 93. SNMPv3 View Table Tab (Configuration) 4. Click Add. The Add New SNMPv3 View page is shown in Figure 94. Figure 94. Add New SNMPv3 View Page 5. In the View Name field, enter a descriptive name for this view. Assign a name that reflects the subtree OID, for example, “internet.” Enter a unique name of up to 32 alphanumeric characters.
Chapter 18: SNMPv3 Note The “defaultViewAll” value is the default entry for the SNMPv1 and SNMPv2c configuration. You cannot use the default value for an SNMPv3 View Table entry. 6. In the Subtree OID field, enter a subtree that this view will or will not be permitted to display. You can enter either a numeric value in hex format or the equivalent text name. For example, the OID hex format for TCP/IP is: 1.3.6.1.2.1.6 The text format is for TCP/IP is: tcp 7.
AT-S63 Management Software Web Browser Interface User’s Guide NonVolatile Select this storage type if you want the ability to save an entry in the View Table. After making changes to a View Table entry with a NonVolatile storage type, the Save Config option is displayed on the Configuration menu. Allied Telesyn recommends this storage type. Note The Row Status parameter is a read-only field in the web browser interface. The Active value indicates the SNMPv3 View Table entry takes effect immediately. 10.
Chapter 18: SNMPv3 The Configuration System page is displayed with the General tab selected by default, as shown in Figure 5 on page 38. 2. Select the SNMP tab. The SNMP tab is shown in Figure 89 on page 234. 3. In the SNMPv3 section, click the button next to Configure View Table and then click Configure at the bottom of the tab. The SNMPv3 View Table tab is shown in Figure 93 on page 245. 4. Click the button next to the SNMPv3 View Table entry that you want to change and then click Modify.
AT-S63 Management Software Web Browser Interface User’s Guide 6. In the View Type field, enter one of the following view types: Included Enter this value to permit the View Name to see the subtree specified above. Excluded Enter this value to not permit the View Name to see the subtree specified above. 7. In the Storage Type field, enter a storage type for this table entry: Volatile Select this storage type if you do not want the ability to save an entry in the Target Parameters Table.
Chapter 18: SNMPv3 Configuring the SNMPv3 Access Table You can create, delete, and modify an SNMPv3 Access Table entry. See the following procedures: “Creating an Access Table” on page 250 “Deleting an Access Table Entry” on page 253 “Modifying an Access Table Entry” on page 254 For information about the SNMPv3 Access Table, see Chapter 22, “SNMPv3” in the AT-S63 Management Software Menus Interface User’s Guide.
AT-S63 Management Software Web Browser Interface User’s Guide 4. To create an SNMPv3 Access Table entry, click Add. The Add New SNMPv3 Access page is shown in Figure 97. Figure 97. Add New SNMPv3 Access Page 5. In the Group Name field, enter a descriptive name of the group. The Group Name can consist of up to 32 alphanumeric characters.
Chapter 18: SNMPv3 This parameter allows the users assigned to this Group Name to view the information specified by the View Table entry. This value does not need to be unique. 7. In the Write View Name field, enter a value that you configured with the View Name parameter in the SNMPv3 View Table. This parameter allows the users assigned to this Security Group to write, or modify, the information in the specified View Table. This value does not need to be unique. 8.
AT-S63 Management Software Web Browser Interface User’s Guide protocol. Select this security level if you want to authenticate SNMP users, but you do not want to encrypt messages using a privacy protocol.You can select this value if you configured the Security Model parameter with the SNMPv3 protocol. Privacy This option represents authentication and the privacy protocol. Select this security level to allow authentication and encryption. This level provides the greatest level of security.
Chapter 18: SNMPv3 2. Select the SNMP tab. The SNMP tab is shown in Figure 89 on page 234. 3. In the SNMPv3 section, click the button next to Configure Access Table and then click Configure at the bottom of the tab. The SNMPv3 Access Table tab is shown in Figure 96 on page 250. 4. Click Next or Previous to display the Access Table entry that you want to delete. 5. Click Remove. A warning message is displayed. Click OK to remove the Access Table entry. 6.
AT-S63 Management Software Web Browser Interface User’s Guide Figure 98. Modify SNMPv3 Access Page Note The Context Prefix field is a read-only field. The Context Prefix field is always set to null. 6. In the Read View Name field, enter a value that you configured with the View Name parameter in the View Table. This parameter allows the users assigned to this Group Name to view the information specified by the View Table entry. This value does not need to be unique. 7.
Chapter 18: SNMPv3 Note The Context Match field is a read only field. The Context Match field is always set to Exact. 9. In the Storage Type field, select one of the following storage types for this table entry: Volatile Select this storage type if you do not want the ability to save an entry in the Access Table. After making changes to an Access Table entry with a Volatile storage type, the Save Config option is not displayed on the Configuration menu.
AT-S63 Management Software Web Browser Interface User’s Guide Configuring the SNMPv3 SecurityToGroup Table You can create, delete, and modify an SNMPv3 SecurityToGroup Table entry.
Chapter 18: SNMPv3 The SNMPv3 SecurityToGroup Table tab is shown in Figure 99. Figure 99. SNMPv3 SecurityToGroup Table Tab (Configuration) 4. To create an SNMPv3 SecurityToGroup Table entry, click Add. The Add New SNMPv3 SecurityToGroup page is shown in Figure 100. Figure 100. Add New SNMPv3 SecurityToGroup Page 5. In the Security Model field, select the SNMP protocol that was configured for this User Name.
AT-S63 Management Software Web Browser Interface User’s Guide v2c Select this value to associate the Group Name with the SNMPv2c protocol. v3 Select this value to associate the Group Name with the SNMPv3 protocol. 6. In the Security Name field, enter the User Name that you want to associate with a group. Enter a User Name that you configured in “Creating a User Table Entry” on page 236. 7. In the Group Name field, enter a Group Name that you configured in the Access Table.
Chapter 18: SNMPv3 10. From the Configuration menu, select the Save Config option to permanently save your changes. (This option is not displayed if there are no changes to save.) Deleting a SecurityToGroup Table Entry To delete an entry SNMPv3 SecurityToGroup Table, perform the following procedure: 1. From the home page, select Configuration. The Configuration System page is displayed with the General tab selected by default, as shown in Figure 5 on page 38. 2. Select the SNMP tab.
AT-S63 Management Software Web Browser Interface User’s Guide 4. Click the button next to the SecurityToGroup Table entry that you want to change, and then click Modify. The Modify SNMPv3 SecurityToGroup page is shown in Figure 101. Figure 101. Modify SNMPv3 SecurityToGroup Page 5. In the Group Name field, enter a Group Name that you configured in the SNMPv3 Access Table. See “Creating an Access Table” on page 250.
Chapter 18: SNMPv3 Note The Row Status parameter is a read-only field in the web browser interface. The Active value indicates the SNMPv3 SecurityToGroup Table entry takes effect immediately. 7. Click Apply to update the SNMPv3 SecurityToGroup Table. 8. From the Configuration menu, select the Save Config option to permanently save your changes. (This option is not displayed if there are no changes to save.
AT-S63 Management Software Web Browser Interface User’s Guide Configuring the SNMPv3 Notify Table You can create, delete, and modify an SNMPv3 Notify Table entry. See the following procedures: “Creating a Notify Table Entry” on page 263 “Deleting a Notify Table Entry” on page 265 “Modifying a Notify Table Entry” on page 266 For reference information about the SNMPv3 Notify Table, see Chapter 22, “SNMPv3” in the AT-S63 Management Software Menus Interface User’s Guide.
Chapter 18: SNMPv3 The SNMPv3 Notify Table tab is shown in Figure 102. Figure 102. SNMPv3 Notify Table Tab (Configuration) 4. Click Add. The Add New SNMPv3 Notify page is shown in Figure 103. Figure 103. Add New SNMPv3 Notify Page 5. In the Notify Name field, enter the name associated with this trap message. Enter a descriptive name of up to 32 alphanumeric characters.
AT-S63 Management Software Web Browser Interface User’s Guide Enter a name of up to 32 alphanumeric characters. 7. In the Notify Type field, enter one of the following message types: Trap Indicates this notify table is used to send traps. With this message type, the switch does not expects a response from the host. Inform Indicates this notify table is used to send inform messages. With this message type, the switch expects a response from the host. 8.
Chapter 18: SNMPv3 The SNMPv3 Notify Table tab is shown in Figure 102 on page 264. 4. Click the button next to the Notify Table entry that you want to delete, and then click Remove. A warning message is displayed. 5. Click OK. 6. From the Configuration menu, select the Save Config option to permanently save your changes. (This option is not displayed if there are no changes to save.) Modifying a Notify Table Entry To modify an entry in the SNMPv3 Notify Table, perform the following procedure: 1.
AT-S63 Management Software Web Browser Interface User’s Guide Enter a name of up to 32 alphanumeric characters. 6. In the Notify Type field, enter one of the following message types: Trap Indicates this notify table is used to send traps. With this message type, the switch does not expects a response from the host. Inform Indicates this notify table is used to send inform messages. With this message type, the switch expects a response from the host. 7.
Chapter 18: SNMPv3 Configuring the SNMPv3 Target Address Table You can create, delete, and modify an SNMPv3 Target Address Table entry. See the following procedures: “Creating a Target Address Table Entry” on page 268 “Deleting a Target Address Table Entry” on page 271 “Modifying Target Address Table Entry” on page 272 For reference information about the SNMPv3 Target Address Table, see Chapter 22, “SNMPv3” in the AT-S63 Management Software Menus Interface User’s Guide.
AT-S63 Management Software Web Browser Interface User’s Guide The SNMPv3 Target Address Table tab is shown in Figure 105. Figure 105. SNMPv3 Target Address Table Tab (Configuration) 4. Click Add. The Add New SNMPv3 Target Address page is shown in Figure 106. Figure 106. Add New SNMPv3 Target Address Page 5. In the Target Address Name field, enter the name of the SNMP manager, or host, that manages the SNMP activity on your switch.
Chapter 18: SNMPv3 You can enter a name of up to 32 alphanumeric characters. 6. In the IP Address field, enter the IP address of the host. Use the following format for an IP address: XXX.XXX.XXX.XXX 7. In the UDP Port Number field, enter a UDP port number. You can enter a UDP port in the range of 0 to 65,535. The default UDP port is 162. 8. In the Timeout field, enter a timeout value in milliseconds. When an Inform message is generated, it requires a response from the switch.
AT-S63 Management Software Web Browser Interface User’s Guide NonVolatile Select this storage type if you want the ability to save an entry in the Target Address Table. After making changes to a Target Address Table entry with a NonVolatile storage type, the Save Config option is displayed on the Configuration menu. Allied Telesyn recommends this storage type. Note The Row Status parameter is a read-only field in the web browser interface.
Chapter 18: SNMPv3 Modifying Target Address Table Entry To modify an entry in the SNMPv3 Target Address Table, perform the following procedure: 1. From the home page, select Configuration. The Configuration System page is displayed with the General tab selected by default, as shown in Figure 5 on page 38. 2. Select the SNMP tab. The SNMP tab is shown in Figure 89 on page 234. 3.
AT-S63 Management Software Web Browser Interface User’s Guide 7. In the UDP Port Number field, enter a UDP port number. You can enter a UDP port in the range of 0 to 65,535. The default UDP port is 162. 8. In the Timeout field, enter a timeout value in milliseconds. When an Inform message is generated, it requires a response from the switch. The timeout value determines how long the switch considers the Inform message an active message. This parameter applies to Inform messages only.
Chapter 18: SNMPv3 13. Click Apply to update the SNMPv3 Target Address Table. 14. From the Configuration menu, select the Save Config option to permanently save your changes. (This option is not displayed if there are no changes to save.
AT-S63 Management Software Web Browser Interface User’s Guide Configuring the SNMPv3 Target Parameters Table You can create, delete, and modify an SNMPv3 Target Parameters Table entry.
Chapter 18: SNMPv3 4. Click Add. The Add New SNMPv3 Target Parameter page is shown in Figure 109. Figure 109. Add New SNMPv3 Target Parameters Page 5. In the Target Parameters Name field, enter a name of the SNMP manager or host. Enter a value of up to 32 alphanumeric characters. Note Enter a value for the Message Processing Model parameter only if you select SNMPv1 or SNMPv2c as the Security Model.
AT-S63 Management Software Web Browser Interface User’s Guide v1 Select this value to associate the Security Name, or User Name, with the SNMPv1 protocol. v2c Select this value to associate the Security Name, or User Name, with the SNMPv2c protocol. v3 Select this value to associate the Security Name, or User Name, with the SNMPv3 protocol. 8. In the Security Name field, enter a User Name that you previously configured with the SNMPv3 User Table. See “Creating a User Table Entry” on page 236. 9.
Chapter 18: SNMPv3 10. In the Storage Type parameter, select one of the following storage types for this table entry: Volatile Select this storage type if you do not want the ability to save an entry in the Target Parameters Table. After making changes to a Target Parameters Table entry with a Volatile storage type, the Save Config option is not displayed on the Configuration menu. NonVolatile Select this storage type if you want the ability to save an entry in the Target Parameters Table.
AT-S63 Management Software Web Browser Interface User’s Guide 5. Click OK. 6. From the Configuration menu, select the Save Config option to permanently save your changes. (This option is not displayed if there are no changes to save.) Modifying a Target Parameters Table Entry To modify an entry in the SNMPv3 Target Parameters Table, perform the following procedure: 1. From the home page, select Configuration.
Chapter 18: SNMPv3 Note Enter a value for the Message Processing Model field only if you select SNMPv1 or SNMPv2c as the Security Model. If you select the SNMPv3 protocol as the Security Model, then the switch automatically assigns the Message Processing Model to SNMPv3. 5. In the Message Processing Model field, enter a Security Model that is used to process messages. Select one of the following SNMP protocols: v1 Select this value to process messages with the SNMPv1 protocol.
AT-S63 Management Software Web Browser Interface User’s Guide Select this security level if you do not want to authenticate SNMP entities and you do not want to encrypt messages using a privacy protocol. This security level provides the least security. Note If you have selected SNMPv1 or SNMPv2c as the Security Model, you must select No Authentication/Privacy as the Security Level. Authentication This option represents authentication, but no privacy protocol.
Chapter 18: SNMPv3 Configuring the SNMPv3 Community Table You can create, delete, and modify an SNMPv3 Community Table entry. See the following procedures: “Creating an SNMPv3 Community Table Entry” on page 282 “Deleting an SNMPv3 Community Table Entry” on page 285 “Modifying an SNMPv3 Community Table Entry” on page 285 For reference information about the SNMPv3 Community Table, see Chapter 22, “SNMPv3” in the AT-S63 Management Software Menus Interface User’s Guide.
AT-S63 Management Software Web Browser Interface User’s Guide The SNMPv3 Community Table tab is shown in Figure 111. Figure 111. SNMPv3 Community Table Tab (Configuration) 4. Click Add. The Add New SNMPv3 Community page is shown in Figure 112. Figure 112. Add New SNMPv3 Community Page 5. In the Community Index field, enter a numerical value for this Community. This parameter is used to index the other parameters in an SNMPv3 Community Table entry. Enter a value of up to 32- alphanumeric characters. 6.
Chapter 18: SNMPv3 The value of the Community Name parameter acts as a password for the SNMPv3 Community Table entry. This parameter is case sensitive. Note Allied Telesyn recommends that you select SNMP Community Names carefully to ensure these names are known only to authorized personnel. 7. In the Security Name field, enter a name of an SNMPv1 and SNMPv2c user. This name must be unique. Enter a value of up to 32 alphanumeric characters.
AT-S63 Management Software Web Browser Interface User’s Guide Note The Row Status parameter is a read-only field in the web browser interface. The Active value indicates the SNMPv3 Community Table entry takes effect immediately. 10. Click Apply. 11. From the Configuration menu, select the Save Config option to permanently save your changes. (This option is not displayed if there are no changes to save.
Chapter 18: SNMPv3 The SNMP tab is shown in Figure 89 on page 234. 3. In the SNMPv3 section, click the button next to Configure Community Table, and then click Configure at the bottom of the tab. The SNMPv3 Community Table tab is shown in Figure 111 on page 283. 4. Click the button next to the SNMPv3 Community Table entry that you want to change and then click Modify. The Modify SNMPv3 Community page is shown in Figure 113. Figure 113. Modify SNMPv3 Community Page 5.
AT-S63 Management Software Web Browser Interface User’s Guide Note Do not use a value configured with the User Name parameter in the SNMPv3 User Table. 7. In the Transport Tag field, enter a name of up to 32 alphanumeric characters. The Transport Tag parameter links an SNMPv3 Community Table entry with an SNMPv3 Target Address Table entry. Add the value you configure for the Transport Tag parameter to the Tag List parameter in the Target Address Table as desired.
Chapter 18: SNMPv3 Displaying SNMPv3 Tables This section contains procedures to display the SNMPv3 Tables.
AT-S63 Management Software Web Browser Interface User’s Guide The SNMP tab is shown in Figure 114. Figure 114. SNMP Tab (Monitoring) 4. In the SNMPv3 section, click the button next to View User Table and then click View at the bottom of the tab.
Chapter 18: SNMPv3 The SNMPv3 User Table tab is shown in Figure 115. Figure 115. SNMPv3 User Table Tab (Monitoring) Displaying View Table Entries To display entries in the SNMPv3 View Table, perform the following procedure: 1. From the Home page, select Monitoring. The Monitoring System page is displayed with the General tab selected by default, as shown in Figure 6 on page 42. 2. Select the SNMP tab. The SNMP tab is shown in Figure 114 on page 289. 3.
AT-S63 Management Software Web Browser Interface User’s Guide The SNMPv3 View Table tab is shown in Figure 116. Figure 116. SNMPv3 View Table Tab (Monitoring) Displaying Access Table Entries To display entries in the SNMPv3 Access Table, perform the following procedure: 1. From the Home page, select Monitoring. The Monitoring System page is displayed with the General tab selected by default, as shown in Figure 6 on page 42. 2. Select the SNMP tab. The SNMP tab is shown in Figure 114 on page 289. 3.
Chapter 18: SNMPv3 The SNMPv3 Access Table tab is shown in Figure 117. Figure 117. SNMPv3 Access Table Tab (Monitoring) Displaying SecurityToGroup Table Entries To display entries in the SNMPv3 SecurityToGroup Table, perform the following procedure: 1. From the Home page, select Monitoring. The Monitoring System page is displayed with the General tab selected by default, as shown in Figure 6 on page 42. 2. Select the SNMP tab. The SNMP tab is shown in Figure 114 on page 289. 3.
AT-S63 Management Software Web Browser Interface User’s Guide The SNMPv3 SecurityToGroup Table tab is shown in Figure 118. Figure 118. SNMPv3 SecurityToGroup Table Tab (Monitoring) Displaying Notify Table Entries To display entries in the SNMPv3 Notify Table, perform the following procedure: 1. From the Home page, select Monitoring. The Monitoring System page is displayed with the General tab selected by default, as shown in Figure 6 on page 42. 2. Select the SNMP tab.
Chapter 18: SNMPv3 The SNMPv3 Notify Table tab is shown in Figure 119. Figure 119. SNMPv3 Notify Table Tab (Monitoring) Displaying Target Address Table Entries To display entries in the SNMPv3 Target Address Table, perform the following procedure: 1. From the Home page, select Monitoring. The Monitoring System page is displayed with the General tab selected by default, as shown in Figure 6 on page 42. 2. Select the SNMP Tab. The SNMP tab is shown in Figure 114 on page 289. 3.
AT-S63 Management Software Web Browser Interface User’s Guide The SNMPv3 Target Address Table tab is shown in Figure 120. Figure 120. SNMPv3 Target Address Table Tab (Monitoring) Displaying Target Parameters Table Entries To display entries in the SNMPv3 Target Parameters Table, perform the following procedure: 1. From the Home page, select Monitoring. The Monitoring System page is displayed with the General tab selected by default, as shown in Figure 6 on page 42. 2. Select the SNMP tab.
Chapter 18: SNMPv3 The SNMPv3 Target Parameters Table tab is shown in Figure 121. Figure 121. SNMPv3 Target Parameters Table Tab (Monitoring) Displaying SNMPv3 Community Table Entries To display entries in the SNMPv3 Community Table, perform the following procedure: 1. From the Home page, select Monitoring. The Monitoring System page is displayed with the General tab selected by default, as shown in Figure 6 on page 42. 2. Select the SNMP tab. The SNMP tab is shown in Figure 114 on page 289. 3.
AT-S63 Management Software Web Browser Interface User’s Guide The SNMPv3 Community Table tab is shown in Figure 122. Figure 122.
Chapter 18: SNMPv3 298 Section III: SNMPv3
Section IV Spanning Tree Protocols The chapters in this section contain the procedures for configuring the spanning tree protocols.
Section IV: Spanning Tree Protocols
Chapter 19 Spanning Tree and Rapid Spanning Tree Protocols This chapter explains how to configure the STP and RSTP parameters on an AT-9400 Series switch. The sections in the chapter include: “Enabling or Disabling a Spanning Tree Protocol” on page 302 “Configuring STP” on page 304 “Configuring RSTP” on page 312 Note For background information on spanning tree, refer to Chapter 23, “Spanning Tree and Rapid Spanning Tree Protocols,” in the AT-S63 Management Software Menus Interface User’s Guide.
Chapter 19: Spanning Tree and Rapid Spanning Tree Protocols Enabling or Disabling a Spanning Tree Protocol To enable or disable spanning tree on the switch, perform the following procedure: 1. From the Home page, select Configuration. The System page is displayed with the General tab selected by default, as shown in Figure 5 on page 38. 2. From the Configuration menu, select the Layer 2 option. The Layer 2 page is displayed with the MAC Address tab selected by default, as shown in Figure 123. Figure 123.
AT-S63 Management Software Web Browser Interface User’s Guide The Spanning Tree tab is shown in Figure 124. Figure 124. Spanning Tree Tab (Configuration) 4. To enable or disable spanning tree, click the Enable Spanning Tree check box. A check indicates that the feature is enabled while no check indicates that the feature is disabled. The default is disabled. 5. To select a spanning tree version, for the Active Protocol Version parameter click STP, RSTP, or MSTP. The default is RSTP.
Chapter 19: Spanning Tree and Rapid Spanning Tree Protocols Configuring STP Caution The bridge provides default STP parameters that are adequate for most networks. Changing them without prior experience and an understanding of how STP works might have a negative effect on your network. You should consult the IEEE 802.1d standard before changing any of the STP parameters. To configure STP, perform the following procedure: 1. From the Home page, select Configuration.
AT-S63 Management Software Web Browser Interface User’s Guide The Configure STP Parameters tab is shown in Figure 125. Figure 125. Configure STP Parameters Tab (Configuration) Note The Defaults button returns all STP settings to the default settings. 5. Configure the following parameters as necessary. Bridge Priority The priority number for the bridge. This number is used in determining the root bridge for RSTP. The bridge with the lowest priority number is selected as the root bridge.
Chapter 19: Spanning Tree and Rapid Spanning Tree Protocols 4096, with 0 being the highest priority. For a list of the increments, refer to Table 6. Table 6. Bridge Priority Value Increments Bridge Priority Increment Bridge Priority Increment 0 0 8 32768 1 4096 9 36864 2 8192 10 40960 3 12288 11 45056 4 16384 12 49152 5 20480 13 53248 6 24576 14 57344 7 28672 15 61440 Bridge Hello Time The time interval between generating and sending configuration messages by the bridge.
AT-S63 Management Software Web Browser Interface User’s Guide Note The aging time for BPDUs is different from the aging time used by the MAC address table. Bridge Identifier The MAC address of the bridge. The bridge identifier is used as a tie breaker in the selection of the root bridge when two or more bridges have the same bridge priority value. This value cannot be changed. 6. After you have made the desired changes, click Apply. 7.
Chapter 19: Spanning Tree and Rapid Spanning Tree Protocols Table 7. Port Priority Value Increments (Continued) Increment Bridge Priority Increment Bridge Priority 6 96 14 224 7 112 15 240 Port Cost The spanning tree algorithm uses the cost parameter to decide which port provides the lowest cost path to the root bridge for that LAN. The range is 0 to 65,535. The default setting is Auto-detect, which sets port cost depending on the speed of the port.
AT-S63 Management Software Web Browser Interface User’s Guide The Layer 2 page is displayed with the MAC Address tab displayed by default, as shown in Figure 127. Figure 127. MAC Address Tab (Monitoring) 3. Select the Spanning Tree tab. The Spanning Tree tabs is shown in Figure 128. Figure 128.
Chapter 19: Spanning Tree and Rapid Spanning Tree Protocols 4. Click View. The Monitor STP Parameters tab is shown in Figure 129. Figure 129. Monitor STP Parameters Tab (Monitoring) 5. To view port settings, click a port in the switch and click Status or Settings. The STP Settings page is shown in Figure 130. Figure 130. STP Settings Page The STP Settings page displays a table that contains the following columns of information: Port Port number.
AT-S63 Management Software Web Browser Interface User’s Guide State Current state of the port. The possible states are Enabled or Disabled. Cost Port cost of the port. The default is Auto-Update. Priority The number used as a tie-breaker when two or more ports have equal costs to the root bridge. 6. Click OK to close the page. Resetting STP to the Default Settings To reset STP to the factory default settings, perform the following procedure: 1. From the Home page, select Configuration.
Chapter 19: Spanning Tree and Rapid Spanning Tree Protocols Configuring RSTP Caution The bridge provides default RSTP parameters that are adequate for most networks. Changing them without prior experience and an understanding of how RSTP works might have a negative effect on your network. You should consult the IEEE 802.1w standard before changing any of the RSTP parameters. To configure RSTP, perform the following procedure: 1. From the Home page, select Configuration.
AT-S63 Management Software Web Browser Interface User’s Guide The Configure RSTP Bridge Parameters tab is shown in Figure 131. Figure 131. Configure RSTP Parameters Tab (Configuration) 5. Configure the following parameters as necessary. Force Version This selection determines whether the bridge operates with RSTP or in an STP-compatible mode. If you select RSTP, the bridge operates all ports in RSTP, except for those ports that receive STP BPDU packets.
Chapter 19: Spanning Tree and Rapid Spanning Tree Protocols Bridge Hello Time The time interval between generating and sending configuration messages by the bridge. This parameter can be from 1 to 10 seconds. The default is 2 seconds. Bridge Forwarding The waiting period before a bridge changes to a new state, for example, becomes the new root bridge after the topology changes. If the bridge transitions too soon, not all links may have yet adapted to the change, possibly resulting in a network loop.
AT-S63 Management Software Web Browser Interface User’s Guide The RSTP Settings - Port(s) page is shown in Figure 132. Figure 132. RSTP Settings - Port(s) Page 8. Configure the following parameters as necessary. Port Priority This parameter is used as a tie breaker when two or more ports are determined to have equal costs to the root bridge. The range is 0 to 240 in increments of 16. The default value is 8 (priority value 128). For a list of the increments, refer to Table 7 on page 307.
Chapter 19: Spanning Tree and Rapid Spanning Tree Protocols 10. From the Configuration menu, select the Save Config option to permanently save your changes. (This option is not displayed if there are no changes to save.) Note All changes to a port’s RSTP settings, with the exception of port cost, are activated immediately. A change to the port cost value requires you to reset the switch. A new port cost value is not implemented until the unit is reset.
AT-S63 Management Software Web Browser Interface User’s Guide 4. Select the Spanning Tree tab. The Spanning Tree tabs is shown in Figure 128 on page 309. This tab displays information on whether spanning tree is enable or disabled and which protocol version, STP or RSTP, is active. 5. Click View. The Monitor RSTP Parameters tab is shown in Figure 133. Figure 133. Monitor RSTP Parameters Tab (Monitoring) 6. To view port settings, click a port in the switch and click Status or Settings.
Chapter 19: Spanning Tree and Rapid Spanning Tree Protocols The RSTP Settings page displays a table that contains the following columns of information: Port The port number. Edge-Port Whether or not the port is operating as an edge port. The possible settings are Yes and No. Point-to-Point Whether or not the port is functioning as a point-to-point port. The possible settings are Yes, No, and Auto Detect. Cost Port cost of the port. The default is Auto Update.
Chapter 20 Multiple Spanning Tree Protocol This chapter explains how to configure multiple spanning tree protocol (MSTP) parameters on an AT-9400 Series switch using a web browser management session.
Chapter 20: Multiple Spanning Tree Protocol Enabling MSTP The AT-9400 Series switch can support the three spanning tree protocols STP, RSTP, and MSTP. However, only one spanning tree protocol can be active on the switch at a time. So before you can enable a spanning tree protocol, you must first select it as the active spanning tree protocol. After you select it, you can then enable or disable it.
AT-S63 Management Software Web Browser Interface User’s Guide Note If you do not want to change the active spanning tree protocol and just want to enable or disable it, go to Step 5. 4. To change the active spanning tree protocol on the switch, click STP, RSTP, or MSTP in the Active Protocol Version section of the tab. The default is RSTP. Note Only one spanning tree protocol can be active on the switch at a time. 5.
Chapter 20: Multiple Spanning Tree Protocol Configuring MSTP This section contains the following procedures: “Configuring MSTP Parameters,” next “Configuring the CIST Priority” on page 325 “Creating, Deleting, or Modifying MSTI IDs” on page 326 “Adding, Removing, or Modifying VLAN Associations to MSTIs” on page 330 “Configuring MSTP Port Parameters” on page 333 Note MSTP must be selected as the active spanning tree protocol on the switch before you can configure it.
AT-S63 Management Software Web Browser Interface User’s Guide Figure 136. Configure MSTP Parameters Tab (Configuration) Note This procedure explains the Configure MSTP Parameters section of the page. The CIST/MSTI Table is explained in “Adding, Removing, or Modifying VLAN Associations to MSTIs” on page 330. The graphic image of the switch is described in “Configuring MSTP Port Parameters” on page 333. Configure the following parameters as necessary.
Chapter 20: Multiple Spanning Tree Protocol Force Version This selection determines whether the bridge operates with MSTP or in an STP-compatible mode. If you select MSTP, the bridge operates all ports in MSTP, except those ports that receive STP or RSTP BPDU packets. If you select Force STP Compatible, the bridge uses its MSTP parameter settings, but sends only STP BPDU packets from the ports. The default is MSTP.
AT-S63 Management Software Web Browser Interface User’s Guide Revision Level The revision level of an MSTP region. This is an arbitrary number that you assign to a region. The revision level must be the same on all bridges in a region. Different regions can have the same revision level without conflict. The range is 0 (zero) to 255. 5. Click Apply. 6. From the Configuration menu, select the Save Config option to permanently save your changes. (This option is not displayed if there are no changes to save.
Chapter 20: Multiple Spanning Tree Protocol Creating, Deleting, or Modifying MSTI IDs To create, delete, or modify MSTI IDs, perform one of the following procedures. Creating an MSTI ID To create an MSTI ID, perform the following procedure: 1. From the home page, select Configuration. The Configuration System page is displayed with the General tab selected by default, as shown in Figure 5 on page 38. 2. From the Configuration menu, select the Layer 2 option.
AT-S63 Management Software Web Browser Interface User’s Guide 7. In the Priority field, enter an MSTI Priority value. This parameter is used in selecting a regional root for the MSTI. The range is 0 (zero) to 61,440 in increments of 4,096, with 0 being the highest priority. This parameter is used in selecting a regional root for the MSTI. For a list of the increments, refer to Table 6, “Bridge Priority Value Increments” on page 306. The default is 0. 8. Click Apply. 9.
Chapter 20: Multiple Spanning Tree Protocol Modifying an MSTI ID To modify an MSTI ID, perform the following procedure: 1. From the home page, select Configuration. The Configuration System page is displayed with the General tab selected by default, as shown in Figure 5 on page 38. 2. From the Configuration menu, select the Layer 2 option. The Layer 2 page is displayed with the MAC Address tab selected by default, as shown in Figure 25 on page 94. 3. Select the Spanning Tree tab.
AT-S63 Management Software Web Browser Interface User’s Guide 9. From the Configuration menu, select the Save Config option to permanently save your changes. (This option is not displayed if there are no changes to save.) 10. Repeat this procedure to modify more MSTI IDs.
Chapter 20: Multiple Spanning Tree Protocol Adding, Removing, or Modifying VLAN Associations to MSTIs This section explains how to add or remove VLANs associated to MSTI IDs. Adding a VLAN Association To add a VLAN association, perform the following procedure: 1. From the home page, select Configuration. The Configuration System page is displayed with the General tab selected by default, as shown in Figure 5 on page 38. 2. From the Configuration menu, select the Layer 2 option.
AT-S63 Management Software Web Browser Interface User’s Guide 3. Select the Spanning Tree tab. The Spanning Tree tab is shown in Figure 124 on page 303. 4. Click Configure. The expanded MSTP Spanning Tree tab is shown in Figure 136 on page 323. 5. In the CIST/MSTI Table section of the tab, the VLAN Associations field, remove the VIDs of the VLANS that you no longer want to be associated with this MSTI. You can specify more than one VID at a time (for example, 2,4,7). 6. Click Apply. 7.
Chapter 20: Multiple Spanning Tree Protocol 7. From the Configuration menu, select the Save Config option to permanently save your changes. (This option is not displayed if there are no changes to save.
AT-S63 Management Software Web Browser Interface User’s Guide Configuring MSTP Port Parameters To configure MSTP port parameters, perform the following procedure: 1. From the home page, select Configuration. The Configuration System page is displayed with the General tab selected by default, as shown in Figure 5 on page 38. 2. From the Configuration menu, select the Layer 2 option. The Layer 2 page is displayed with the MAC Address tab selected by default, as shown in Figure 25 on page 94. 3.
Chapter 20: Multiple Spanning Tree Protocol 7. Configure the following parameters as necessary. The port parameters can be divided into two groups: generic parameters and MSTI-specific parameters. A generic port parameter is set just once on a port and applies to all of a port’s MSTIs assignments. Generic parameters are: External path cost Point-to-point port Edge port An MSTI-specific parameter can be set on a per MSTI basis.
AT-S63 Management Software Web Browser Interface User’s Guide Table 9 lists the MSTP port costs with Auto Update when the port is part of a port trunk. Table 9. MSTP Auto Update Port Trunk Internal Path Costs Port Speed Port Cost 10 Mbps 20,000 100 Mbps 20,000 1000 Mbps 2,000 MSTI List The MSTIs defined on the switch. You can use this list when setting the port priority and port internal path cost parameters to assign different values to a port for each MSTI when the port is a member.
Chapter 20: Multiple Spanning Tree Protocol Table 11 lists the MSTP port costs with the Auto setting when the port is part of a port trunk. Table 11. MSTP Auto External Path Trunk Costs Port Speed Port Cost 10 Mbps 20,000 100 Mbps 20,000 1000 Mbps 2,000 Edge Port This parameter defines whether the port is functioning as an edge port. The possible settings are Yes and No.
AT-S63 Management Software Web Browser Interface User’s Guide Displaying the MSTP Port Configuration To display the MSTP port configuration, perform the following procedure: 1. From the Home page, select Monitoring. The Monitoring System page is displayed with the General tab selected by default, as shown in Figure 6 on page 42. 2. From the Monitoring menu, select the Layer 2 option. The Layer 2 page is displayed with the MAC Address tab displayed by default, as shown in Figure 123 on page 302. 3.
Chapter 20: Multiple Spanning Tree Protocol The MSTP Parameters tab is shown in Figure 140. Figure 140. Monitor MSTP Parameters Tab (Monitoring) 5. Click a port in the switch and click Settings. You can select more than one port. The MSTP Settings - Port (s) page is shown in Figure 141. Figure 141.
AT-S63 Management Software Web Browser Interface User’s Guide The MSTP Settings page displays a table that contains the following columns of information: Port The port number. Edge-Port Whether or not the port is functioning as an edge port. The possible settings are Yes and No. Point-to-Point Whether or not the port is functioning as a point-to-point port. The possible settings are Yes, No, and Auto-Detect.
Chapter 20: Multiple Spanning Tree Protocol Displaying the MSTP Port Status To display MSTP port status, perform the following procedure: 1. From the Home page, select Monitoring. The Monitoring System page is displayed with the General tab selected by default, as shown in Figure 6 on page 42. 2. From the Monitoring menu, select the Layer 2 option. The Monitoring Layer 2 page is displayed with the MAC Address tab selected by default, as shown in Figure 27 on page 98. 3. Select the Spanning Tree tab.
AT-S63 Management Software Web Browser Interface User’s Guide Disabled - The port has not established a link with its end node. Role The MSTP role of the port. The possible roles are: Root - The port that is connected to the root switch, directly or through other switches, with the least path cost. Alternate - The port offers an alternate path in the direction of the root switch. Backup - The port on a designated switch that provides a backup for the path provided by the designated port.
Chapter 20: Multiple Spanning Tree Protocol Resetting MSTP to the Default Settings To reset MSTP to the factory default settings, perform the following procedure: 1. From the home page, select Configuration. The Configuration System page is displayed with the General tab selected by default, as shown in Figure 5 on page 38. 2. From the Configuration menu, select the Layer 2 option. The Layer 2 page is displayed with the MAC Address tab selected by default, as shown in Figure 25 on page 94. 3.
Section V Virtual LANs The chapters in this section provide information and procedures for basic switch setup using the AT-S63 management software.
Section V: VLANs
Chapter 21 Port-based and Tagged VLANs This chapter explains how to create, modify, and delete port-based and tagged VLANs. This chapter also explains how to select a multiple VLAN mode.
Chapter 21: Port-based and Tagged VLANs Creating a New Port-Based or Tagged VLAN To create a new port-based or tagged VLAN, perform the following procedure: 1. From the Home page, select Configuration. The System page is displayed with the General tab selected by default, as shown in Figure 5 on page 38. 2. From the Configuration menu, select the Layer 2 option. The Layer 2 page is displayed with the MAC Address tab selected by default, as shown in Figure 123 on page 302. 3. Select the VLAN tab.
AT-S63 Management Software Web Browser Interface User’s Guide The VLAN Mode and Uplink Port options are explained in “Selecting a VLAN Mode” on page 353. The Mgmt. VLAN ID option is explained in “Specifying a Management VLAN” on page 357. The tab displays an existing VLANs on the switch. 4. To add a new VLAN, click Add. The Add New VLAN page is shown in Figure 144. Figure 144. Add New VLAN Page 5. Configure the following parameters as necessary. VID Enter a VID value for the new VLAN.
Chapter 21: Port-based and Tagged VLANs default value when you create the first VLAN on the new switch, even though that VID number is already being used by another VLAN on the network. To prevent inadvertently using the same VID for two different VLANs, you should keep a list of all your network VLANs and their VID values. Name Specify a name for the new VLAN. The name can be from one to fifteen alphanumeric characters in length.
AT-S63 Management Software Web Browser Interface User’s Guide 7. Click Apply. Note Any untagged ports that you assign to the new VLAN are automatically removed from their current untagged VLAN assignment. The new user-configured VLAN is now ready for network operations. 8. From the Configuration menu, select the Save Config option to permanently save your changes. (This option is not displayed if there are no changes to save.
Chapter 21: Port-based and Tagged VLANs Modifying a VLAN This procedure explains how to add or remove ports from a VLAN. When modifying a VLAN, note the following: You cannot change the VID of a VLAN. You cannot change the name of a VLAN from a web browser management session, but you can from a local or Telnet session. You cannot modify VLANs when the switch is operating in one of the multiple VLAN modes. To modify a VLAN, perform the following procedure: 1.
AT-S63 Management Software Web Browser Interface User’s Guide Note Untagged ports that are added to a VLAN are automatically removed from their current untagged VLAN assignment. Untagged ports that are removed from a VLAN are returned to the Default_VLAN. Removing an untagged port from the Default_VLAN without assigning it to another VLAN leaves the port as an untagged member of no VLAN. The modified VLAN is now ready for network operations. 8.
Chapter 21: Port-based and Tagged VLANs Deleting a VLAN To delete a port-based or tagged VLAN from the switch, perform the following procedure: 1. From the home page, select Configuration. The System page is displayed with the General tab selected by default, as shown in Figure 5 on page 38. 2. From the Configuration menu, select the Layer 2 option. The Layer 2 page is displayed with the MAC Address tab selected by default, as shown in Figure 25 on page 94. 3. Select the VLAN tab.
AT-S63 Management Software Web Browser Interface User’s Guide Selecting a VLAN Mode The AT-S63 management software features three VLAN modes: Port-based and tagged VLAN Mode (default mode) IEEE 802.1Q-compliant Multiple VLAN Mode Non-IEEE 802.1Q compliant Multiple VLAN Mode For background information on port-based and tagged VLANs, refer to Chapter 25, “Port-based and Tagged VLANs,” in the AT-S63 Management Software Menus Interface User’s Guide.
Chapter 21: Port-based and Tagged VLANs 5. If you select one of the multiple VLAN modes, specify an uplink port in the Uplink Port field. This port functions as the uplink port for the VLANs. The default is port 1. 6. Click Apply. The new mode is automatically activated on the switch. 7. From the Configuration menu, select the Save Config option to permanently save your changes. (This option is not displayed if there are no changes to save.
AT-S63 Management Software Web Browser Interface User’s Guide Displaying VLANs To display the current VLANs on a switch, perform the following procedure: 1. From the Home page, select Monitoring. The Monitoring System page is displayed with the General tab selected by default, as shown in Figure 6 on page 42. 2. From the Monitoring menu, select the Layer 2 option. 3. The Layer 2 page is displayed with the MAC Address tab displayed by default, as shown in Figure 123 on page 302. 4. Select the VLAN tab.
Chapter 21: Port-based and Tagged VLANs Multiple - The non-IEEE 802.1Q-compliant multiple VLAN mode. Management VLAN ID VLAN ID of the management VLAN. The lower part of the tab displays a table that contains the following columns of information: VLAN ID The VID number assigned to the VLAN. (Client) Name The name of the VLAN.
AT-S63 Management Software Web Browser Interface User’s Guide Specifying a Management VLAN The management VLAN is the VLAN through which an AT-9400 Series switch expects to receive management packets. This VLAN is important if you are managing a switch remotely or using the enhanced stacking feature of the switch. For more details about specifying a management VLAN, see Chapter 25, “Port-based and Tagged VLANs,” in the AT-S63 Management Software Menus Interface User’s Guide.
Chapter 21: Port-based and Tagged VLANs 358 Secton V: Virtual LANs
Chapter 22 GARP VLAN Registration Protocol This chapter contains instructions on how to configure GARP VLAN Registration Protocol (GVRP).
Chapter 22: GARP VLAN Registration Protocol Configuring GVRP To configure GVRP, perform the following procedure: 1. From the Home page, select Configuration. The System page is displayed with the General tab selected by default, as shown in Figure 5 on page 38. 2. From the Configuration menu, select the Layer 2 option. The Layer 2 page is displayed with the MAC Address tab shown by default, as shown in Figure 123 on page 302. 3. Select the GVRP tab. The GVRP tab is shown in Figure 146. Figure 146.
AT-S63 Management Software Web Browser Interface User’s Guide Leave Time Use this parameter to specify the leave time. The range is 30 to 80 centiseconds and the default is 60 centiseconds. Join Time Use this parameter to specify the join time. The range is 10 to 60 centiseconds and the default is 20 centiseconds. Enable GIP Click to enable GIP, which is required to propagate VLAN information among the ports of the switch.
Chapter 22: GARP VLAN Registration Protocol Enabling or Disabling GVRP on a Port To enable or disable GVRP on a port, perform the following procedure: 1. From the home page, select Configuration. The System page is displayed with the General tab selected by default, as shown in Figure 5 on page 38. 2. From the Configuration menu, select the Layer 2 option. The Layer 2 page is displayed with the MAC Address tab displayed by default, as shown in Figure 25 on page 94. 3. Select the GVRP tab.
AT-S63 Management Software Web Browser Interface User’s Guide Displaying the GVRP Configuration To display the GVRP configuration, perform the following procedure: 1. From the Home page, select Monitoring. The Monitoring System page is displayed with the General tab selected by default, as shown in Figure 6 on page 42. 2. From the Monitoring menu, select the Layer 2 option. The Layer 2 page is displayed with the MAC Address tab displayed by default, as shown in Figure 123 on page 302. 3.
Chapter 22: GARP VLAN Registration Protocol GIP The GIP status, Enabled or Disabled. Leave All Time The range is 500 to 300 centiseconds and the default is 1000 centiseconds.
AT-S63 Management Software Web Browser Interface User’s Guide Displaying the GVRP Port Configuration To display the GVRP port configuration, perform the following procedure: 1. From the Home page, select Monitoring. The Monitoring System page is displayed with the General tab selected by default, as shown in Figure 6 on page 42. 2. From the Monitoring menu, select the Layer 2 option. The Layer 2 page is displayed with the MAC Address tab displayed by default, as shown in Figure 123 on page 302. 3.
Chapter 22: GARP VLAN Registration Protocol Displaying the GVRP Database To display the GVRP database, perform the following procedure: 1. From the Home page, select Monitoring. The Monitoring System page is displayed with the General tab selected by default, as shown in Figure 6 on page 42. 2. From the Monitoring menu, select the Layer 2 option. The Layer 2 page is displayed with the MAC Address tab displayed by default, as shown in Figure 123 on page 302. 3. Select the GVRP tab.
AT-S63 Management Software Web Browser Interface User’s Guide Displaying the GVRP State Machine To display the GVRP state machine, perform the following procedure: 1. From the Home page, select Monitoring. The Monitoring System page is displayed with the General tab selected by default, as shown in Figure 6 on page 42. 2. From the Monitoring menu, select the Layer 2 option. The Layer 2 page is displayed with the MAC Address tab displayed by default, as shown in Figure 123 on page 302. 3.
Chapter 22: GARP VLAN Registration Protocol Table 12. GVRP State Machine Parameters (Continued) Parameter App Meaning Applicant state machine for the GID index on that particular port.
AT-S63 Management Software Web Browser Interface User’s Guide Table 12. GVRP State Machine Parameters (Continued) Parameter Reg Meaning Registrar state machine for the GID index on that particular port. One of: “Mt” Empty “Lv3” Leaving substate 3 (final Leaving substate) “Lv2” Leaving substate 2 “Lv1” Leaving substate 1 “Lv” Leaving substate (initial Leaving substate) “In” In “Fix” Registration Fixed “For” Registration Forbidden The initialized state for the Registrar is Mt.
Chapter 22: GARP VLAN Registration Protocol Displaying the GVRP Counters To display the GVRP counters, perform the following procedure: 1. From the Home page, select Monitoring. The Monitoring System page is displayed with the General tab selected by default, as shown in Figure 6 on page 42. 2. From the Monitoring menu, select the Layer 2 option. The Layer 2 page is displayed with the MAC Address tab displayed by default, as shown in Figure 123 on page 302. 3. Select the GVRP tab.
AT-S63 Management Software Web Browser Interface User’s Guide The GVRP Counters page provides the information shown in Table 13. Table 13. GVRP Counters Parameter Meaning Receive: Total GARP Packets Total number of GARP PDUs received by this GARP application. Transmit: Total GARP Packets Total number of GARP PDUs transmitted by this GARP application. Receive: Invalid GARP Number of invalid GARP PDUs received by this Packets GARP application.
Chapter 22: GARP VLAN Registration Protocol Table 13. GVRP Counters (Continued) Parameter 372 Meaning Receive GARP Messages: JoinEmpty Total number of GARP JoinEmpty messages received for all attributes in the GARP application. Transmit GARP Messages: JoinEmpty Total number of GARP JoinEmpty messages transmitted for all attributes in the GARP application. Receive GARP Messages: JoinIn Total number of GARP JoinIn messages received for all attributes in the GARP application.
AT-S63 Management Software Web Browser Interface User’s Guide Displaying the GIP Connected Ports Ring To display the GIP connected ports ring, perform the following procedure: 1. From the Home page, select Monitoring. The Monitoring System page is displayed with the General tab selected by default, as shown in Figure 6 on page 42. 2. From the Monitoring menu, select the Layer 2 option. The Layer 2 page is displayed with the MAC Address tab displayed by default, as shown in Figure 123 on page 302. 3.
Chapter 22: GARP VLAN Registration Protocol ring. If no ports exist in the GIP connected ring, “No ports are connected” is displayed. If the GARP application has no ports, “No ports have been assigned” is displayed.
Chapter 23 Protected Ports VLANs This chapter explains how to create, modify, and delete protected ports VLANs and contains the following sections: “Creating a New Protected Ports VLAN” on page 376 “Modifying a Protected Ports VLAN” on page 381 “Deleting a Protected Ports VLAN” on page 385 “Displaying a Protected Ports VLAN” on page 386 Note For background information on protected ports VLANs, refer to Chapter 28, “Protected Ports VLANs” in the AT-S63 Management Software Menus Interface Use
Chapter 23: Protected Ports VLANs Creating a New Protected Ports VLAN To create a new protected ports VLAN, perform the procedure below: 1. From the Home page, select Configuration. The System page is displayed with the General tab selected by default, as shown in Figure 5 on page 38. 2. From the Configuration menu, select the Layer 2 option. The Layer 2 page is displayed with the MAC Address tab selected by default, as shown in Figure 123 on page 302. 3. Select the VLAN tab.
AT-S63 Management Software Web Browser Interface User’s Guide The Add New VLAN page is shown in Figure 154. Figure 154. Add New VLAN Page 5. Select the VID field and enter a VID value for the new VLAN. The range of the VID value is 2 to 4096. The default is the next available VID number on the switch. The switch is only aware of the VIDs of the VLANs that exist on the device, and not those that might already be in use in the network.
Chapter 23: Protected Ports VLANs 7. Select Protected as the Type. 8. Select the ports for the protected ports VLAN by clicking the ports in the switch image. (Designating group membership of the ports is performed later in the procedure.) Clicking repeatedly on a port toggles the port through the following possible settings: Untagged port Tagged port Port is not a member of the VLAN 9. Click Apply.
AT-S63 Management Software Web Browser Interface User’s Guide The Add New Protected VLAN page is shown in Figure 155. Figure 155. Add New Protected VLAN Page 10. Use the Uplinks Port menu to select an uplink port for the groups of this protected ports VLAN. The menu lists all of the ports you selected as members of this VLAN. You can select more than one uplink port. To select multiple ports, hold down the Ctrl key when selecting the ports. 11. Click Apply. 12.
Chapter 23: Protected Ports VLANs The switch creates the group and adds it to the VLAN Groups section of the window. 15. Repeat steps 12 to 14 to create the other groups for the VLAN. 16. After you have assigned all of the ports in the VLAN to a group, click the Apply button at the bottom of the window. The management software will not allow you to create the VLAN until all of the ports have been assigned to a group. The new protected ports VLAN is now ready for network operations. 17.
AT-S63 Management Software Web Browser Interface User’s Guide Modifying a Protected Ports VLAN This procedure explains how to change the uplink port of a protected ports VLAN and how to add or remove ports from a VLAN. When modifying a protected ports VLAN, note the following: You cannot change the VID of a protected port VLAN. You cannot change the name of a VLAN from a web browser management session; but you can from a local or Telnet session.
Chapter 23: Protected Ports VLANs Clicking repeatedly on a port toggles the port through the following possible settings: Untagged port Tagged port Port is not a member of the VLAN 7. After making the necessary changes, click Apply. Note Untagged ports that are added to a VLAN are automatically removed from their current untagged VLAN assignment. Untagged ports that are removed from a VLAN are returned to the Default_VLAN.
AT-S63 Management Software Web Browser Interface User’s Guide The Modify Protected VLAN page is shown in Figure 156. Figure 156. Modify Protected VLAN Page 8. To change the uplink port, do the following: Note Changing the uplink port will delete all the groups. a. Use the Uplinks Port menu to select a new uplink port for the groups of this protected ports VLAN. The menu lists all of the ports you selected as members of this VLAN. You can select more than one uplink port.
Chapter 23: Protected Ports VLANs d. Recreate the groups. 9. To delete a group, do the following: a. Click the circle next to the group number and click Remove. The ports of the deleted group are now listed in the Available Untagged Ports and Available Untagged Ports lists. b. Assign the ports to another group or use the ports to create a new group. All the ports in a protected ports VLAN must belong to a group. 10.
AT-S63 Management Software Web Browser Interface User’s Guide Deleting a Protected Ports VLAN To delete a protected ports VLAN from the switch, perform the following procedure: 1. From the Home page, select Configuration. The System page is displayed with the General tab selected by default, as shown in Figure 5 on page 38. 2. From the Configuration menu, select the Layer 2 option. The Layer 2 page is displayed with the MAC Address tab selected by default, as shown in Figure 123 on page 302. 3.
Chapter 23: Protected Ports VLANs Displaying a Protected Ports VLAN To display the details of a protected port VLAN, perform the following procedure: 1. From the Home page, select Monitoring. The Monitoring System page is displayed with the General tab selected by default, as shown in Figure 6 on page 42. 2. From the Monitoring menu, select the Layer 2 option. 3. The Layer 2 page is displayed with the MAC Address tab displayed by default, as shown in Figure 123 on page 302. 4. Select the VLAN tab.
AT-S63 Management Software Web Browser Interface User’s Guide Untagged Ports The untagged ports that are members of the VLAN. Uplink Ports The uplink port(s) for this group of ports. Name The VLAN name. Protocol Not use. Tagged Ports The tagged ports that are members of the VLAN. The Protected VLAN Groups section displays the following information: Group Number The number assigned to the group. Port List The ports that are members of this group. 6. Click Clear to close the page.
Chapter 23: Protected Ports VLANs 388 Section V: Virtual LANs
Section VI Port Security The chapters in this section provide the procedures for configuring port security. The chapters include: Section VI: Port Security Chapter 24, “MAC Address-based Port Security” on page 391 Chapter 25, “802.
Section VI: Port Security
Chapter 24 MAC Address-based Port Security This chapter explains how to configure and display the MAC address security levels on the ports on the switch. It contains the following sections: “Configuring Port Security” on page 392 “Displaying the Port Security Level” on page 395 Note For background information on port security, refer to Chapter 30, “MAC Address-based Port Security,” in the AT-S63 Management Software Menus Interface User’s Guide.
Chapter 24: MAC Address-based Port Security Configuring Port Security To configure security for the ports, perform the following procedure: 1. From the home page, select Configuration. The System page is displayed with the General tab selected by default, as shown in Figure 5 on page 38. 2. From the Configuration menu, select the Network Security option. The Network Security page opens with the Port Security tab selected by default, as shown in Figure 158. Figure 158. Port Security Tab (Configuration) 3.
AT-S63 Management Software Web Browser Interface User’s Guide 4. From the Security Mode pull-down menu, select the desired port security level for the port. Options are: Automatic Disables port security on a port. This is the default setting. Limited Allows you to specify a maximum number of dynamic source MAC addresses a port can learn. Once a port has learned its maximum number, it will not learn any new addresses and will only accept frames from the source nodes of the learned addresses.
Chapter 24: MAC Address-based Port Security Threshold Specifies the maximum number of dynamic MAC addresses you want the port to be able to learn. The range is 1 to 256. The default is 100. Port Participating Applies only when the intrusion action is set to trap or disable. This option does not apply when intrusion action is set to discard. If this option is set to No when intrusion action is set to trap or disable, the port discards invalid packets, but it does not send the SNMP trap or disable the port.
AT-S63 Management Software Web Browser Interface User’s Guide Displaying the Port Security Level To display the MAC address security level of a port, perform the following procedure: 1. From the Home page, select Monitoring. The Monitoring System page is displayed with the General tab selected by default, as shown in Figure 6 on page 42. 2. From the Monitoring menu, select Network Security. The Network Security page is displayed with the Port Security tab selected by default, as shown in Figure 160.
Chapter 24: MAC Address-based Port Security The Security for Port(s) page is shown in Figure 161. Figure 161. Security for Port(s) Page The Security for Ports page displays a table that contains the following columns of information: Port The number of the port. Security Mode The active security mode on the port. The possible settings are Automatic, Limited, Secured, and Locked. Intruder Action The column specifies the action taken by the switch if a port receives an invalid packet.
Chapter 25 802.1x Port-based Network Access Control This chapter contains instructions on how to configure the 802.1x Portbased Network Access Control feature on the switch. The chapter contains the following sections: “Setting Port Roles” on page 398 “Enabling or Disabling 802.
Chapter 25: 802.1x Port-based Network Access Control Setting Port Roles To set port roles for port-based network access control, perform the following procedure: 1. From the home page, select Configuration. The System page is displayed with the General tab selected by default, as shown in Figure 5 on page 38. 2. From the Configuration menu, select the Network Security option. The Network Security page opens with the Port Security tab selected by default, as shown in Figure 158 on page 392. 3.
AT-S63 Management Software Web Browser Interface User’s Guide The graphical image of the switch shows which ports have already been assigned port roles. An “A” indicates that a port is functioning as an authenticator while an “S” indicates the port is functioning as a supplicant. A black port has not been assigned a port role and is not participating in port-based access control. This is the default setting for a port. 4. To set a port’s role, click on the port. The selected port turns white.
Chapter 25: 802.1x Port-based Network Access Control Enabling or Disabling 802.1x Port-based Network Access Control To enable or disable 802.1x Port-based Network Access Control, perform the following procedure: 1. From the home page, select Configuration. The System page is displayed with the General tab selected by default, as shown in Figure 5 on page 38. 2. From the Configuration menu, select the Network Security option.
AT-S63 Management Software Web Browser Interface User’s Guide Configuring Authenticator Port Parameters To configure authenticator port parameters, perform the following procedure: 1. From the home page, select Configuration. The System page is displayed with the General tab selected by default, as shown in Figure 5 on page 38. 2. From the Configuration menu, select the Network Security option.
Chapter 25: 802.1x Port-based Network Access Control The Authenticator Parameters page is shown in Figure 164. Figure 164. Authenticator Parameters Page 6. Configure the following parameters as necessary: Supplicant Mode This parameter sets the supplicant mode of an authenticator port and can take the following values: Single: Configures the port to accept only one authentication. This authenticator mode should be used together with the piggy-back mode.
AT-S63 Management Software Web Browser Interface User’s Guide and the authentication server. Each client that attempts to access the network is uniquely identified by the switch using the client's MAC address. This is the default setting. Force-authorized - Disables IEEE 802.1X port-based authentication and causes the port to transition to the authorized state without any authentication exchange required. The port transmits and receives normal traffic without 802.1x-based authentication of the client.
Chapter 25: 802.1x Port-based Network Access Control Server Timeout Sets the timer used by the switch to determine authentication server timeout conditions. The default value for this parameter is 10 seconds. The range is 1 to 60 seconds. Control Direction Specifies how the port handles ingress and egress broadcast and multicast packets when in the unauthorized state.
AT-S63 Management Software Web Browser Interface User’s Guide Configuring Supplicant Port Parameters To configure supplicant port parameters, perform the following procedure: 1. From the home page, select Configuration. The System page is displayed with the General tab selected by default, as shown in Figure 5 on page 38. 2. From the Configuration menu, select the Network Security option. The Network Security page opens with the Port Security tab selected by default, as shown in Figure 158 on page 392. 3.
Chapter 25: 802.1x Port-based Network Access Control 6. Configure the following parameters as needed: Auth Period Specifies the period of time in seconds that the supplicant waits for a reply from the authenticator after sending an EAP-Response frame. The range is 1 to 60 seconds. The default is 30 seconds. Held Period Specifies the amount of time in seconds the supplicant is to refrain from retrying to re-contact the authenticator in the event the end user provides an invalid username and/or password.
AT-S63 Management Software Web Browser Interface User’s Guide Displaying the Port-based Network Access Control Parameters You can display information about the port-based network access control status and settings of the ports on the switch. This section contains the following procedures: Displaying the Port Status ”Displaying the Port Status” (next) “Displaying the Port Settings” on page 408 To display the port-based network access control port status, perform the following procedure: 1.
Chapter 25: 802.1x Port-based Network Access Control 4. To see the status of the port, click the port and click Status. You can select more than one port at a time. The Port Access Port Status page is shown in Figure 167. Figure 167. Port Access Port Status Page The Port Access Port Status page displays a table that contains the following columns of information: Port The port number. Port Role The port role: None, Authenticator, or Supplicant.
AT-S63 Management Software Web Browser Interface User’s Guide 5. To see the port settings, click the port and click Settings. You can select more than one port at a time. Note To view the settings of multiple ports, you must select ports that have the same port role (authenticator or supplicant). For authenticator port(s), the Authenticator Port Parameters page is displayed, as shown in Figure 168. Figure 168.
Chapter 25: 802.1x Port-based Network Access Control SuppTO The switch-to-client retransmission time for the EAP Request packet. MaxReq The maximum number of times that the switch retransmits an EAP Request packet to the client before it times out the authentication session. For supplicant port(s), the Supplicant Port Parameters Page is displayed, as shown in Figure 169. Figure 169.
AT-S63 Management Software Web Browser Interface User’s Guide RADIUS Accounting The AT-S63 management software supports RADIUS accounting for ports operating in the Authenticator role. The accounting information sent by the switch to a RADIUS server includes the date and time when clients log on and log off, as well as the number of packets sent and received by a switch port during a client session. For background information on this feature, refer to Chapter 31, “802.
Chapter 25: 802.1x Port-based Network Access Control Type This parameter specifies the type of RADIUS accounting. The default is Network. You cannot change this value. Enable Update This parameter controls whether the switch is to send interim accounting updates to the RADIUS server. A check in the box indicates that updating is enabled. No check in the box means that updating is disabled. Update Interval Specifies the intervals at which the switch sends interim accounting updates to the RADIUS server.
AT-S63 Management Software Web Browser Interface User’s Guide The 802.1x Port Access tab is shown in Figure 170. Figure 170. 802.1x Port Access Tab (Monitoring) The RADIUS Accounting section provides the following information: Accounting The status of RADIUS accounting, either Enabled or Disabled. Trigger Type The action that causes the switch to send accounting information to the RADIUS server.
Chapter 25: 802.1x Port-based Network Access Control Update Interval The intervals, in seconds, at which the switch sends interim accounting updates to the RADIUS server. The graphical image of the switch and the Status and Settings buttons refer to the 802.1x Port-based Network Access Control settings, described in “Displaying the Port-based Network Access Control Parameters” on page 407.
Section VII Management Security The chapters in this section contain the procedure for implementing management security on the switch to prevent unauthorized changes to a switch’s parameter settings.
Section VII: Management Security
Chapter 26 Encryption Keys, PKI, and SSL This chapter explains how to view the encryption keys, PKI-based certificates, and SSL settings and includes the following sections: “Displaying the Encryption Keys” on page 418 “Displaying the PKI Settings and Certificates” on page 420 “Displaying the SSL Settings” on page 423 Note To configure encryption keys, PKI, or SSL, you must use the AT-S63 menus or CLI interface.
Chapter 26: Encryption Keys, PKI, and SSL Displaying the Encryption Keys To configure the encryption keys, you must use the AT-S63 menus or command line interface. For more information about encryption keys, refer to the AT-S63 Management Software Menus Interface User’s Guide. To display the encryption keys, perform the following procedure: 1. From the Home page, select Monitoring. The System page is displayed with the General tab selected by default, as shown in Figure 6 on page 42. 2.
AT-S63 Management Software Web Browser Interface User’s Guide Length The length of the key in bits. Digest The CRC32 value of the MD5 digest of the public key. Description The key’s description. You use these keys when you configure Secure Sockets Layer (SSL) or Secure Shell (SSH). To configure SSL you must use the AT-S63 menus or CLI interface. To configure SSH, refer to Chapter 27, ”Secure Shell (SSH)” on page 425.
Chapter 26: Encryption Keys, PKI, and SSL Displaying the PKI Settings and Certificates You can view the current PKI settings and certificates on the switch. To configure the PKI settings and certificates, you must use the AT-S63 menus or command line interface. For more information about PKI, refer to the AT-S63 Management Software Menus Interface User’s Guide. To display the PKI settings and certificates, perform the following procedure: 1. From the Home page, select Monitoring.
AT-S63 Management Software Web Browser Interface User’s Guide Name The certificate name. State The state of the certificate, one of the following: Trusted - The certificate is from a trusted CA. Untrusted - The certificate is from an untrusted CA. MTrust (Manually Trusted) The certificate has been manually verified that it is from a trusted or untrusted authority. Type The certificate type, one of the following: EE - The certificate was issued by a CA. CA - The certificate belongs to a CA.
Chapter 26: Encryption Keys, PKI, and SSL Name The name of the certificate. State Whether the certificate is Trusted or Untrusted. Manually Trusted You verified the certificate is from a trusted or untrusted authority. Type The type of the certificate. The options are EE, SELF, and CA. Source The certificate was created on the switch. Version The version number of the AT-S63 management software. Serial Number The certificate’s serial number. Signature Algorithm The signature algorithm of the certificate.
AT-S63 Management Software Web Browser Interface User’s Guide Displaying the SSL Settings To configure the SSL settings, you must use the AT-S63 menus or command line interface. For information, refer to the AT-S63 Management Software Menus Interface User’s Guide and the AT-S63 Management Software Command Line Interface User’s Guide. To display the SSL settings, perform the following procedure: 1. From the Home page, select Monitoring.
Chapter 26: Encryption Keys, PKI, and SSL 424 Section VII: Management Security
Chapter 27 Secure Shell (SSH) This chapter explains how to configure the Secure Shell (SSH) protocol and contains the following sections: “Configuring SSH” on page 426 “Displaying the SSH Settings” on page 428 Note For background information on SSH, refer to Chapter 35, “Secure Shell (SSH),” in the AT-S63 Management Software Menus Interface User’s Guide.
Chapter 27: Secure Shell (SSH) Configuring SSH To configure SSH, perform the following procedure: 1. From the Home page, select Configuration. The System page is displayed with the General tab selected by default, as shown in Figure 5 on page 38. 2. From the Configuration menu, select the Mgmt. Protocols option. The Mgmt. Protocols page is displayed with the Server-based Authentication tab selected by default, as shown in Figure 177 on page 432. 3. Select the Secure Shell tab.
AT-S63 Management Software Web Browser Interface User’s Guide Note You cannot disable the SSH server when there is an active SSH connection. Host Key ID Enter the ID number of the encryption key for the SSH host. The key must already exist on the switch. To view key ID numbers, refer to “Displaying the Encryption Keys” on page 418. The default is Not Defined. Note You cannot create encryption keys from the web browser interface, but you can from the menus and command line interfaces.
Chapter 27: Secure Shell (SSH) Displaying the SSH Settings To view the Secure Shell settings, perform the following procedure: 1. From the Home page, select Monitoring. The System page is displayed with the General tab selected by default, as shown in Figure 6 on page 42. 2. From the Configuration menu, select the Mgmt. Protocols option. The Mgmt. Protocols page is displayed with the Server-based Authentication tab selected by default, as shown in Figure 179 on page 436. 3. Select the Secure Shell tab.
AT-S63 Management Software Web Browser Interface User’s Guide Status Whether or not the SSH server is enabled or disabled. Server Port The well-known port for SSH. The default is port 22. Host Key ID The host key ID defined for SSH. Server Key ID Server key ID defined for SSH. Server Key Expiry Time Length of time, in hours, until the server key is regenerated. The default is 0 hours which means the server key is not regenerated.
Chapter 27: Secure Shell (SSH) 430 Section VII: Management Security
Chapter 28 TACACS+ and RADIUS Protocols This chapter contains instructions on how to configure the authentication protocols.
Chapter 28: TACACS+ and RADIUS Protocols Enabling or Disabling TACACS+ or RADIUS To enable or disable server-based authentication, perform the following procedure: 1. From the Home page, select Configuration. The System page is displayed with the General tab selected by default, as shown in Figure 5 on page 38. 2. From the Configuration menu, select the Mgmt. Protocols option. The Mgmt. Protocols page is displayed with the Server-based Authentication tab selected by default, as shown in Figure 177.
AT-S63 Management Software Web Browser Interface User’s Guide Note The Enable Server-based Authentication check box applies only when you are using the TACACS+ or RADIUS client software to support new manager accounts. If you will be using RADIUS for 802.1x port-based access control only and not for new manager accounts, you should leave the check box empty. The switch will still be able to access the RADIUS configuration information for 802.1x port-based access control. 5. Click Apply. 6.
Chapter 28: TACACS+ and RADIUS Protocols Configuring TACACS+ To configure TACACS+, perform the following procedure: 1. From the home page, select Configuration. The System page is displayed with the General tab selected by default, as shown in Figure 5 on page 38 2. Select the Server-based Authentication tab. The Server-based Authentication tab is shown in Figure 177 on page 432. 3. In lower section of the Server-based Authentication tab, click TACACS+ Configuration and click Configure.
AT-S63 Management Software Web Browser Interface User’s Guide cannot respond. If the timeout expires and the server has not responded, the switch queries the next TACACS+ server in the list. If there are no more servers, the switch defaults to the standard Manager and Operator accounts. The default is 30 seconds. The range is 1 to 30 seconds. IP Address and Encryption Key Use these fields to specify the IP addresses and encryption secrets of up to three network servers containing TACACS+ server software.
Chapter 28: TACACS+ and RADIUS Protocols Displaying the TACACS+ Settings To display the TACACS+ settings on the switch, perform the following procedure: 1. From the Home page, select Monitoring. The Monitoring System page is displayed with the General tab selected by default, as shown in Figure 6 on page 42. 2. Select the Mgmt. Protocols option. The Mgmt. Protocols tab is displayed with the Server-based Authentication tab selected by default, as shown in Figure 179. Figure 179.
AT-S63 Management Software Web Browser Interface User’s Guide The TACACS+ client configuration page is shown in Figure 180. Figure 180. TACACS+ Client Configuration Page The upper portion of the page provides the following information: Global Secret The TACACS+ server encryption secret. Global Server Timeout The maximum amount of time the switch waits for a response from a TACACS+ server before assuming the server cannot respond.
Chapter 28: TACACS+ and RADIUS Protocols Configuring RADIUS To configure RADIUS, perform the following procedure: 1. From the home page, select Configuration. The System page is displayed with the General tab selected by default, as shown in Figure 5 on page 38 2. Select the Server-based Authentication tab. The Server-based Authentication tab is shown in Figure 177 on page 432. 3. In lower section of the Server-based Authentication tab, click RADIUS Configuration and click Configure.
AT-S63 Management Software Web Browser Interface User’s Guide cannot respond. If the timeout expires and the server has not responded, the switch queries the next TACACS+ server in the list. If there no more servers, the switch defaults to the standard Manager and Operator accounts. The default is 30 seconds. The range is 1 to 30 seconds. IP Address, Port #, and Encryption Key Use these fields to specify the IP address, UDP port number, and encryption key of each RADIUS server.
Chapter 28: TACACS+ and RADIUS Protocols Displaying the RADIUS Settings To display the RADIUS settings on the switch, perform the following procedure: 1. From the Home page, select Monitoring. The Monitoring System page is displayed with the General tab selected by default, as shown in Figure 179 on page 436. 2. Select the Mgmt. Protocols option. The Mgmt. Protocols tab is displayed with the Server-based Authentication tab selected by default, as shown in Figure 179 on page 436.
AT-S63 Management Software Web Browser Interface User’s Guide Global Encryption Key The global encryption secret. Global Server Timeout The maximum amount of time the switch waits for a response from a RADIUS server before assuming the server cannot respond. The lower portion of the page displays a table that contains the following columns of information: Server # The server number, one of three. IP Address IP address of the RADIUS server. Port Port of the RADIUS server.
Chapter 28: TACACS+ and RADIUS Protocols 442 Section VII: Management Security
Chapter 29 Management Access Control List A management access control list (ACL) allows you to restrict Telnet and web browser management access to the switch.
Chapter 29: Management Access Control List Enabling or Disabling the Management ACL This procedure enables and disables the management ACL. When enabled, only those management stations specified by the access control entries in the ACL are allowed to manage the switch remotely using the Telnet application protocol or a web browser. When the feature is disabled, any remote management workstation can access the switch.
AT-S63 Management Software Web Browser Interface User’s Guide The middle section of the tab lists the existing ACEs on the switch. The bottom portion is used to add and delete entries. For instructions, refer to “Creating an ACE” on page 446 and “Deleting an ACE” on page 448, 3. Click either Enable MGMT. ACL or Disable MGMT. ACL. The default setting is disabled. 4. Click Apply. A change to the status of the management ACL is immediately activated on the switch.
Chapter 29: Management Access Control List Creating an ACE To add a new ACE to the management ACL, perform the following procedure: 1. From the home page, select Configuration. The System page is displayed with the General tab selected by default, as shown in Figure 5 on page 38. 2. From the Configuration menu, select the Mgmt. Security option. The Mgmt. Security page is displayed with the Mgmt. ACL tab selected by default, as shown in Figure 183 on page 444.
AT-S63 Management Software Web Browser Interface User’s Guide All - Allows both Telnet and web browser management packets. 4. Click Add. The management ACL is added to the table displayed in the middle section of the tab. 5. If desired, repeat Steps 3 and 4 to add more ACEs to the Management ACL. 6. From the Configuration menu, select the Save Config option to permanently save your changes. (This option is not displayed if there are no changes to save.
Chapter 29: Management Access Control List Deleting an ACE To delete an ACE from the management ACL, perform the following procedure: 1. From the home page, select Configuration. The System page is displayed with the General tab selected by default, as shown in Figure 5 on page 38. 2. From the Configuration menu, select the Mgmt. Security option. The Mgmt. Security page is displayed with the Mgmt. ACL tab selected by default, as shown in Figure 183 on page 444. 3.
AT-S63 Management Software Web Browser Interface User’s Guide Displaying the Management Access Control List To display the management access control list and its access control entries, perform the following procedure: 1. From the home page, select Monitoring. The Monitoring System page is displayed with the General tab selected by default, as shown in Figure 6 on page 42. 2. From the Monitoring menu, select the Mgmt. Security option. The Mgmt. Security page is displayed with the Mgmt.
Chapter 29: Management Access Control List Interface The interface the management station uses when managing the switch.
Index Numerics 802.
Index enabling 142 saving to a file 150 severity codes 149 software module list 147 F factory defaults resetting switch 52 flash memory, displaying files in 126 flow control configuring 82 flow group configuring 192 deleting 195 displaying 195 modifying 194 force version Multiple Spanning Tree Protocol (MSTP) 324 Rapid Spanning Tree Protocol (RSTP) 313 G GARP VLAN Registration Protocol (GVRP) configuration, displaying 363 configuring 360 counters, displaying 370 database, displaying 366 disabling 362 ena
AT-S63 Management Software Web Browser Interface User’s Guide displaying 224 multicast host topology configuring 220 displaying 223 multicast MAC address adding 94 deleting 96 displaying 98 multicast router ports configuring 221, 224 multicast routers, displaying 226 Multiple Spanning Tree Instance (MSTI) associating to VLANs 330 disassociating from VLANs 330 modifying association to VLANs 331 MSTI ID creating 326 deleting 327 modifying 328 removing a VLAN association 330 Multiple Spanning Tree Protocol (M
Index port-based access control. See 802.1x Port-based Network Access Control port-based VLAN creating 346 deleting 352, 385 displaying 355, 386 modifying 350 protected ports VLAN creating 376 deleting 385 displaying 386 modifying 381 Public Key Infrastructure (PKI) settings, displaying 420 Q QoS.
AT-S63 Management Software Web Browser Interface User’s Guide SNMPv3 User Table entry creating 236 deleting 239 displaying 288 modifying 240 SNMPv3 View Table entry creating 244 deleting 247 displaying 290 modifying 247 SNTP.
Index 456
