Management Software AT-S63 ◆ Web Browser Interface User’s Guide AT-9400 Series Layer 2+ Gigabit Ethernet Switches Version 2.0.
Copyright © 2006 Allied Telesyn, Inc. All rights reserved. No part of this publication may be reproduced without prior written permission from Allied Telesyn, Inc. Microsoft and Internet Explorer are registered trademarks of Microsoft Corporation. Netscape Navigator is a registered trademark of Netscape Communications Corporation. All other product names, company names, logos or other designations mentioned herein are trademarks or registered trademarks of their respective owners. Allied Telesyn, Inc.
Contents Preface ............................................................................................................................................................ 17 How This Guide is Organized........................................................................................................................... 18 Document Conventions ....................................................................................................................................
Contents Deleting an SNMPv1 and SNMPv2c Community..............................................................................................76 Displaying the SNMPv1 and SNMPv2c Communities ...................................................................................... 77 Chapter 5: Port Parameters .......................................................................................................................... 79 Configuring Port Parameters ................................................
AT-S63 Management Software Web Browser Interface User’s Guide Chapter 13: Access Control Lists .............................................................................................................. 165 Configuring an Access Control List ................................................................................................................ 166 Modifying an Access Control List ...................................................................................................................
Contents Modifying an Access Table Entry .............................................................................................................244 Configuring the SNMPv3 SecurityToGroup Table ..........................................................................................247 Creating a SecurityToGroup Table Entry .................................................................................................247 Deleting a SecurityToGroup Table Entry........................................
AT-S63 Management Software Web Browser Interface User’s Guide Configuring MSTP Port Parameters ............................................................................................................... 322 Displaying the MSTP Configuration................................................................................................................ 326 Resetting MSTP to the Default Settings .........................................................................................................
Contents Displaying the TACACS+ Client Settings........................................................................................................410 Configuring the RADIUS Client Settings .........................................................................................................412 Displaying the RADIUS Client Settings...........................................................................................................414 Chapter 28: Management Access Control List .................
Figures Chapter 1: Starting a Web Browser Management Session ....................................................................... 29 Figure 1: Entering a Switch’s IP Address in the URL Field .............................................................................. 33 Figure 2: AT-S63 Login Page ........................................................................................................................... 33 Figure 3: Home page.............................................................
Figures Chapter 9: File System ................................................................................................................................123 Figure 34: File System Tab (Configuration) ....................................................................................................124 Figure 35: Viewing File Page ..........................................................................................................................126 Chapter 10: File Downloads and Uploads .......
AT-S63 Management Software Menus Interface User’s Guide Chapter 17: IGMP Snooping ....................................................................................................................... 211 Figure 76: IGMP Tab (Configuration) ............................................................................................................. 212 Figure 77: IGMP Tab (Monitoring)..................................................................................................................
Figures Chapter 20: Multiple Spanning Tree Protocol ...........................................................................................311 Figure 124: Spanning Tree Tab (Configuration) .............................................................................................312 Figure 125: Configure MSTP Parameters Tab (Configuration).......................................................................315 Figure 126: Add New MSTI Page ...........................................................
AT-S63 Management Software Menus Interface User’s Guide Chapter 28: Management Access Control List ......................................................................................... 417 Figure 168: Mgmt. ACL Tab (Configuration) .................................................................................................. 419 Figure 169: Mgmt. ACL Tab (Monitoring) .......................................................................................................
Figures 14
Tables Table 1: New Features in AT-S63 Version 2.0.0 .................................................................................................................22 Table 2: New Features in AT-S63 Version 1.3.0 .................................................................................................................23 Table 3: New Features in AT-S63 Version 1.2.0 .................................................................................................................
Tables 16
Preface This guide contains instructions on how to configure and maintain an AT-9400 Series Layer 2+ Gigabit Ethernet switch using the web browser interface in the AT-S63 management software. For instructions on how to manage the switch from the menus or command line interface, refer to the AT-S63 Management Software Menus Interface User’s Guide and the AT-S63 Management Software Command Line Interface User’s Guide. The guides are available from the Allied Telesyn web site.
Preface How This Guide is Organized This guide is organized into the following sections Section I: Basic Operations The chapters in this section explain how to start a management session and perform basic tasks including how to configure port parameters, set up SNMPv1 and SNMPv2c, access enhanced stacking, and create port trunks and a port mirror.
AT-S63 Management Software Web Browser Interface User’s Guide Document Conventions This document uses the following conventions: Note Notes provide additional information. Caution Cautions inform you that performing or omitting a specific action may result in equipment damage or loss of data. Warning Warnings inform you that performing or omitting a specific action may result in bodily injury.
Preface Where to Find Web-based Guides The installation and user guides for all Allied Telesyn products are available in portable document format (PDF) on our web site at www.alliedtelesyn.com. You can view the documents online or download them onto a local workstation or server.
AT-S63 Management Software Web Browser Interface User’s Guide Contacting Allied Telesyn This section provides Allied Telesyn contact information for technical support as well as sales and corporate information. Online Support You can request technical support online by accessing the Allied Telesyn Knowledge Base: http://kb.alliedtelesyn.com. You can use the Knowledge Base to submit questions to our technical support staff and review answers to previously asked questions.
Preface History of New Features The following subsections contain the history of the new features in the AT-S63 management software. Version 2.0.0 Table 1 lists the new feature in version 2.0.0 of the AT-S63 management software. Table 1. New Features in AT-S63 Version 2.0.0 Feature Internet Protocol version 4 (IPv4) packet routing with: Routing interfaces Static routes Router Information Protocol (RIP) versions 1 and 2 Quality of Service Change Chapter New feature.
AT-S63 Management Software Web Browser Interface User’s Guide Note When an AT-9400 Series switch with an IP address is upgraded from AT-S63 version 1.3.0 or earlier to the latest version, a routing interface is automatically created on the device to preserve its IP configuration. The interface is assigned to the same VLAN that functioned as the switch’s management VLAN. If the switch does not have an IP address, no routing interface is created.
Preface Version 1.2.0 Table 3 lists the new features in version 1.2.0 of the AT-S63 management software. The only new feature supported in the web browser interface is the Supplicant Mode parameter for 802.1x authenticator ports. The other new features are supported in the menus and command line interfaces. For background information on the new features, refer to the AT-S63 Management Software Menus Interface User’s Guide. Table 3. New Features in AT-S63 Version 1.2.
AT-S63 Management Software Web Browser Interface User’s Guide Table 3. New Features in AT-S63 Version 1.2.0 Feature Change Chapter and Procedure Quality of Service (continued) MLD Snooping New feature. This feature is not supported from the web browser interface. Use the menus interface or command line interface to configure this feature. MAC address-based VLANs New feature. This feature is not supported from the web browser interface.
Preface 26
Section I Basic Operations The chapters in this section provide information and procedures for basic switch setup using the AT-S63 management software.
Section I: Basic Operations
Chapter 1 Starting a Web Browser Management Session This chapter contains the procedure for starting, using, and quitting a web browser management session on an AT-9400 Series switch.
Chapter 1: Starting a Web Browser Management Session Planning for Remote Management There are a number of factors that need to be considered before you can begin to remotely manage an AT-9400 Series switch with the Telnet application protocol, the Secure Shell (SSH) protocol, or a web browser.
AT-S63 Management Software Web Browser Interface User’s Guide software to monitor the traffic on that subnet for the remote management packets. If the switch is an isolated unit or the master switch of an enhanced stack, you must create at least one interface on the device. You create the interface on the local subnet and VLAN through which your management workstation is reaching the device. Furthermore, you must designate the interface as the local interface.
Chapter 1: Starting a Web Browser Management Session 2. If you do create interfaces on a slave switch and designate a local interface, the local interface must be applied to the common VLAN that connects the slave switch to the enhanced stack. 3. To remotely manage a slave switch, start the session on the master switch by specifying the IP address of the local interface on the master switch and then transition to the slave switch using the enhanced stacking feature in the AT-S63 management software.
AT-S63 Management Software Web Browser Interface User’s Guide Starting a Web Browser Management Session To start a web browser management session on an isolated switch (i.e., not part of an enhanced stack) or on a master switch of an enhanced stack, perform the following procedure: 1. Start your web browser.
Chapter 1: Starting a Web Browser Management Session 3. Enter a user name and password. The AT-S63 management software comes with two standard accounts, manager and operator. The former allows you to change the switch’s parameter settings while the latter only allows you to view the settings. For manager access, enter “manager” as the user name. The default password is “friend.” For operator access, enter “operator” as the user name. The default password is “operator.
AT-S63 Management Software Web Browser Interface User’s Guide Note Only a master switch has the Enhanced Stacking selection. A web browser management session remains active even if you link to other sites. You can return to the management web pages anytime as long as you do not quit the browser. You should always log out from a web browser management session when you are finished managing a switch. (For instructions, see “Quitting a Web Browser Management Session” on page 38.
Chapter 1: Starting a Web Browser Management Session Web Browser Tools You can use the web browser tools to move around the management pages. Selecting Back on your browser’s toolbar returns you to the previous display. You can also use the browser’s bookmark feature to save the link to the switch.
AT-S63 Management Software Web Browser Interface User’s Guide Saving Your Parameter Changes A change to a switch parameter is, in most cases, immediately activated as soon as you click the Apply button on a web page. However, a change is initially saved only to temporary memory and will be lost the next time you reset or power cycle the unit. To permanently save a change, you must click the Save Config option in the main menu, as shown in Figure 4.
Chapter 1: Starting a Web Browser Management Session Quitting a Web Browser Management Session To exit a web browser management session, select the Logout option from the main menu.
AT-S63 Management Software Web Browser Interface User’s Guide Redundant Twisted Pair Ports Your AT-9400 Series switch may have two or four twisted pair ports that are paired with GBIC or SFP slots. The twisted pair ports are identified with the letter “R” for “Redundant” as part of their number on the front faceplate of the unit. The ports and slots are listed in Table 1.
Chapter 1: Starting a Web Browser Management Session Note These guidelines do not apply to the SFP slots on the AT-9408LC/SP switch and the XFP slots on the AT-9424Ts/XP and AT-9448Ts/XP switches.
AT-S63 Management Software Web Browser Interface User’s Guide Restrictions to the Web Browser Interface The following management tasks are not support from the web browser interface. They must be performed from the menus interface or the command line interface. Management tasks marked with an asterisk (*) are only supported from the command line interface.
Chapter 1: Starting a Web Browser Management Session 42 Section I: Basic Operations
Chapter 2 Basic Switch Parameters This chapter contains the following sections: Section I: Basic Operations “Configuring the Switch’s Name, Location, and Contact” on page 44 “Changing the Manager and Operator Passwords” on page 46 “Setting the System Date and Time” on page 48 “Rebooting a Switch” on page 51 “Pinging a Remote System” on page 52 “Returning the AT-S63 Management Software to the Factory Default Values” on page 53 “Displaying the IP Address of the Local Interface”
Chapter 2: Basic Switch Parameters Configuring the Switch’s Name, Location, and Contact This procedure assigns a name to the switch. The name appears at the top of the web browser windows. Names can help you identify your switches when you manage them and avoid performing a configuration procedure on the wrong switch. This procedure also assigns the name of the administrator responsible for maintaining the unit and the location of the switch.
AT-S63 Management Software Web Browser Interface User’s Guide Note This procedure describes the System Name, Administrator, and Comments parameters in the Administration section of the tab. The parameters in the IP Configuration section are described in “Displaying the IP Address of the Local Interface” on page 55. The Passwords section is described in “Changing the Manager and Operator Passwords” on page 46.
Chapter 2: Basic Switch Parameters Changing the Manager and Operator Passwords There are two levels of management access on an AT-9400 Series switch: manager and operator. When you log in as a manager, you can view and configure all of a switch’s operating parameters. When you log in as an operator, you can only view the operating parameters; you cannot change any values. You log in as a manager or an operator by entering the appropriate username and password when you start an AT-S63 management session.
AT-S63 Management Software Web Browser Interface User’s Guide Caution Do not use spaces or special characters, such as asterisks (*) and exclamation points (!), in a password if you are managing the switch from a web browser. Many web browsers cannot handle special characters in passwords. Note A change to a password is immediately activated on the switch. You must use the new password the next time you start a management session of the switch. 3. Click Apply to activate your change on the switch. 4.
Chapter 2: Basic Switch Parameters Setting the System Date and Time This procedure explains how to set the switch’s date and time. Setting the date and time is important if you plan to view the events in the switch’s event log or send the events to a syslog server. The correct date and time are also important if the management software will be sending traps to a management workstation or if you plan to create a self-signed SSL certificate.
AT-S63 Management Software Web Browser Interface User’s Guide The System Time tab is shown in Figure 6. Figure 6. System Time Tab 3. To set the system time manually, do the following: a. In the System Time section of the tab, enter the time and date in the following format. hh:mm:ss dd-mm-yyyy b. Click Apply. 4.
Chapter 2: Basic Switch Parameters Daylight Savings Time (DST) Enables or disables the system’s adjustment for daylight savings time. The default is enabled. Note The switch does not set DST automatically. If the switch is in a locale that uses DST, you must remember to enable this in April when DST begins and disable it in October when DST ends. If the switch is in a locale that does not use DST, this option should be set to disabled all the time. Status Enables or disables the SNTP client on the switch.
AT-S63 Management Software Web Browser Interface User’s Guide Rebooting a Switch Note All unsaved parameters changes are discarded when a system is reset. To save your parameter changes, refer to “Saving Your Parameter Changes” on page 37. To reboot a switch, perform the following procedure: 1. From the home page, select Configuration. The System page is displayed with the General tab selected by default, as shown in Figure 5 on page 44. 2. Click Reset at the bottom of the tab.
Chapter 2: Basic Switch Parameters Pinging a Remote System This procedure instructs the switch to ping a node on your network. This can be useful in determining whether an active path exists between the switch and another network device. Note the following before performing this procedure: Note The switch must have a routing interface on the local subnet from where it is pinging the end node. The switch uses the IP address of the interface as its source address when pinging the device.
AT-S63 Management Software Web Browser Interface User’s Guide Returning the AT-S63 Management Software to the Factory Default Values The procedure in this section returns all AT-S63 management software parameters to their default values. Note the following before performing this procedure: Returning the switch to its default parameter settings deletes all routing interfaces and port-based and tagged VLANs on the switch.
Chapter 2: Basic Switch Parameters 2. From the Configuration menu, select the Utilities option. The Utilities page is displayed with the System Utilities tab selected by default, as shown in Figure 8. Figure 8. System Utilities Tab (Configuration) 3. Click the Reboot Switch After Resetting to Defaults checkbox. 4. Click Apply. The web browser displays the following prompt: This page may no longer be available while the switch reboots. Do you want to continue? 5.
AT-S63 Management Software Web Browser Interface User’s Guide Displaying the IP Address of the Local Interface This procedure displays the IP address and subnet mask of the local interface on the switch. The local interface is used for enhanced stacking and remote management of the switch with a Telnet or SSH client, or a web browser. You cannot configure the local interface from the web browser interface. You must use the menus interface or command line interface.
Chapter 2: Basic Switch Parameters this address as the next hop to reaching a remote network device, such as a remote management workstation or a syslog server, when the switch’s local interface and the remote device are on different subnets. The default value is 0.0.0.0.
AT-S63 Management Software Web Browser Interface User’s Guide Displaying System Information To view basic information about the switch, perform the following procedure: 1. From the Home page, select Monitoring. The Monitoring System page is displayed with the General tab selected by default, as shown in Figure 9. Figure 9.
Chapter 2: Basic Switch Parameters The System Information section displays the following information: MAC Address The MAC address of the switch. Model Name The model name of the switch. Serial Number The serial number of the switch. System Name The name of the switch. To set the name, refer to “Configuring the Switch’s Name, Location, and Contact” on page 44. Administrator The name of the network administrator responsible for managing the switch.
AT-S63 Management Software Web Browser Interface User’s Guide System Up Time The length of time since the switch was last reset or power cycled. The Software Information section displays the following information: Application Software The version number and build date of the AT-S63 management software. Bootloader The version number and build date of the AT-S63 bootloader.
Chapter 2: Basic Switch Parameters 60 Section I: Basic Operations
Chapter 3 Enhanced Stacking This chapter contains the following procedures for setting up enhanced stacking: “Setting a Switch’s Enhanced Stacking Status” on page 62 “Selecting a Switch in an Enhanced Stack” on page 64 “Returning to the Master Switch” on page 66 “Displaying the Enhanced Stacking Status” on page 67 Note For background information, refer to Chapter 4, “Enhanced Stacking,” in the AT-S63 Management Software Menus Interface User’s Guide.
Chapter 3: Enhanced Stacking Setting a Switch’s Enhanced Stacking Status The enhanced stacking status of the switch can be master, slave, or unavailable. Each status is described below: Master - Starting a local or remote management session on a master switch of a stack allows you to easily transition to the other switches in the stack from the same management session. Slave - A slave switch can be remotely managed through a master switch or independently, such as through a local management session.
AT-S63 Management Software Web Browser Interface User’s Guide The Enhanced Stacking tab is shown in Figure 10. Figure 10. Enhanced Stacking Tab (Configuration) 4. Click the desired enhanced stacking status for the switch. The default is Slave. 5. Click Apply. The new setting for the enhanced stacking status is activated on the switch. 6. To permanently save your changes, select the Save Config option in the Configuration menu.
Chapter 3: Enhanced Stacking Selecting a Switch in an Enhanced Stack This procedure explains how to select a switch to manage in an enhanced stack. You can manage only one switch at a time. When you start a web browser management session on an enhanced stack, you are initially managing the master switch where you started the session. To select a switch in an enhanced stack to manage, perform the following procedure: 1. From the home page of the master switch, select Enhanced Stacking.
AT-S63 Management Software Web Browser Interface User’s Guide Note The list does not include the master switch where you started the management session, nor any switches with an enhanced stacking status of Unavailable. You can sort the switches in the list by switch name or MAC address by clicking on the column headers. By default, the list is sorted by MAC address. To refresh the list, click Refresh. 2.
Chapter 3: Enhanced Stacking Returning to the Master Switch When you are finished managing the switch and want to manage another switch in the stack, select Disconnect from the main menu. This returns you to the Enhanced Stacking page (Figure 11 on page 64) of the master switch where you started the management session. At this point, you can do one of the following: 66 Manage the master switch. Select another switch in the list to manage. Select Logout to end your management session.
AT-S63 Management Software Web Browser Interface User’s Guide Displaying the Enhanced Stacking Status To display the enhanced stacking status of the switch, perform the following procedure: 1. From the Home page, select Monitoring. 2. From the Monitoring menu, select the Mgmt. Protocols option. 3. Select the Enhanced Stacking tab. The Enhanced Stacking tab is shown Figure 12. Figure 12.
Chapter 3: Enhanced Stacking 68 Section I: Basic Operations
Chapter 4 SNMPv1 and SNMPv2c This chapter explains how to activate SNMP management on the switch and how to create, modify, and delete SNMPv1 and SNMPv2c community strings.
Chapter 4: SNMPv1 and SNMPv2c Enabling or Disabling SNMP Management To enable or disable SNMP management on the switch, perform the following procedure: 1. From the Home page, select Configuration. 2. From the Configuration menu, select the Mgmt. Protocols option. 3. Select the SNMP tab. The SNMP tab is shown in Figure 13. Figure 13. SNMP Tab (Configuration) 4. Click the Enable SNMP Access checkbox to enable or disable SNMP management.
AT-S63 Management Software Web Browser Interface User’s Guide 5. If you want the switch to send authentication failure traps, click the Enable Authentication Failure Traps checkbox. A check in the box indicates the switch sends the trap. 6. Click Apply. A change to SNMP access is immediately activated on the switch. 7. To permanently save your changes, select the Save Config option in the Configuration menu.
Chapter 4: SNMPv1 and SNMPv2c Creating a New SNMPv1 and SNMPv2c Community To create a new SNMPv1 and SNMPv2c community, perform the following procedure: 1. From the Home page, select Configuration. 2. From the Configuration menu, select the Mgmt. Protocols option. 3. Select the SNMP tab. The SNMP tab is shown in Figure 13 on page 70. 4. In the SNMPv1 & SNMPv2c section, click Configure. The SNMPv1 & SNMPv2c Communities tab is shown in Figure 14. Figure 14.
AT-S63 Management Software Web Browser Interface User’s Guide Manager Stations The IP addresses of management workstations permitted to use a string with a closed access status. Trap Receivers The IP addresses of trap receivers to receive traps from the switch. Open Status The access status of a community string. Yes means the string has an open status and that any management workstation can use it.
Chapter 4: SNMPv1 and SNMPv2c 6. Configure the following parameters: Community Name Enter the new community string. The name can be up to 32 alphanumeric characters. No spaces or special characters (such as /, #, or &) are allowed. Status Enable or disable the community string. A disabled community string cannot be used to access the switch. The default is enabled. Access Mode Specify the access mode for the SNMP community string.
AT-S63 Management Software Web Browser Interface User’s Guide Modifying an SNMPv1 and SNMPv2c Community To modify an SNMPv1 and SNMPv2c community, perform the following procedure: 1. From the Home page, select Configuration. 2. From the Configuration menu, select the Mgmt. Protocols option. 3. Select the SNMP tab. The SNMP tab is shown in Figure 13 on page 70. 4. In the SNMPv1 & SNMPv2c section, click Configure. The SNMPv1 & SNMPv2c Communities tab is shown in Figure 14 on page 72. 5.
Chapter 4: SNMPv1 and SNMPv2c Deleting an SNMPv1 and SNMPv2c Community To delete an SNMPv1 and SNMPv2c community, perform the following procedure: 1. From the Home page, select Configuration. 2. From the Configuration menu, select the Mgmt. Protocols option. 3. Select the SNMP tab. The SNMP tab is shown in Figure 13 on page 70. 4. In the SNMPv1 & SNMPv2c section, click Configure. The SNMPv1 & SNMPv2c Communities tab is shown in Figure 14 on page 72. 5.
AT-S63 Management Software Web Browser Interface User’s Guide Displaying the SNMPv1 and SNMPv2c Communities To display the SNMPv1 and SNMPv2c communities, perform the following procedure: 1. From the Home page, select Monitoring. 2. From the Monitoring menu, select the Mgmt. Protocols option. 3. Select the SNMP tab. The SNMP tab is shown in Figure 16. Figure 16.
Chapter 4: SNMPv1 and SNMPv2c 4. In the SNMPv1 & SNMPv2c section, click View. The SNMPv1 & SNMPv2c Communities tab is shown in Figure 17. Figure 17. SNMPv1 & SNMPv2c Communities Tab (Monitoring) The columns in the table are defined here: Community Name The name of a community string. Access Mode The access mode of a community string. A string with a Read Only access mode permits the viewing of the MIB objects on the switch.
Chapter 5 Port Parameters This chapter explains how to view and change the parameter settings of the ports on the switch. Examples of the parameters include port speed, duplex mode, and packet filtering.
Chapter 5: Port Parameters Configuring Port Parameters To configure the parameter settings of a port on the switch, perform the following procedure: 1. From the Home page, select Configuration. 2. From the Configuration menu, select the Layer 1 option. The Layer 1 page is displayed with the Port Settings tab selected by default, as shown in Figure 18. Figure 18. Port Settings Tab (Configuration) The Port Settings tab displays an image of the front of the switch.
AT-S63 Management Software Web Browser Interface User’s Guide The Port Configuration page is shown Figure 19. Figure 19. Port Configuration Page Note The Port Configuration page in the figure above is from a 10/100/ 1000 Mbps twisted pair port. The page for a fiber optic port will contain a subset of the parameters. If you are configuring multiple ports and the ports have different settings, the Port Configuration page displays the settings of the lowest numbered port.
Chapter 5: Port Parameters Description (Name) Use this selection to assign a name to a port, from 1 to 15 alphanumeric characters. Spaces are allowed, but do not use special characters, such as asterisks or exclamation points. (You cannot assign a name when you are configuring more than one port.) Status Use this selection to enable or disable a port. When disabled, a port does not accept or forward frames. You might disable a port if a problem occurs with the end node or cable.
AT-S63 Management Software Web Browser Interface User’s Guide Possible settings are: Auto-Negotiate: The port autonegotiates both speed and duplex mode. This is the default. 10Mbps - Half Duplex 10Mbps - Full Duplex 100Mbps - Half Duplex 100Mbps - Full Duplex 1Gb - Full Duplex (Applies only to 1000Base SFP and GBIC modules. This selection should not be used. An SFP or GBIC module should use Auto-Negotiation to set its speed and duplex mode.
Chapter 5: Port Parameters Ingress Unknown Unicast Filter Use this parameter to configure a port to forward or discard unknown ingress unicast packets. The possible settings are: Enabled - The port discards unknown ingress unicast packets. Disabled - The port forwards unknown ingress unicast packets. This is the default setting. Egress Unknown Unicast Filter Use this parameter to configure a port to forward or discard unknown egress unicast packets.
AT-S63 Management Software Web Browser Interface User’s Guide Disabled - Backpressure is disabled. This is the default. Flow Control/Back Pressure Limit Use this parameter to specify the threshold for flow control or backpressure. The threshold is specified in cells. A cell equals 128 bytes. The range is 1 to 7935. The default is 7935 cells. HOL Blocking HOL blocking sets a threshold on the utilization of a port’s egress queue.
Chapter 5: Port Parameters Multicast Rate Use this parameter to set the multicast rate limit in packets per second. The range is 0 to 262143. The default is 262143. 6. After entering the desired changes, click Apply. The switch activates the parameter changes on the port. 7. To permanently save your changes, select the Save Config option in the Configuration menu.
AT-S63 Management Software Web Browser Interface User’s Guide Displaying Port Parameters To display the parameter settings of a port, perform the following procedure: 1. From the Home page, select Monitoring. 2. From the Monitoring menu, select the Layer 1 option. The Layer 1 page is displayed with the Port Settings tab selected by default, as shown in Figure 20. Figure 20. Port Settings Tab (Monitoring) The Port Settings tab displays an image of the front of the switch.
Chapter 5: Port Parameters The Port Status page is shown in Figure 21. Figure 21. Port Status Page For descriptions of the parameters, refer to “Configuring Port Parameters” on page 80 or Chapter 6, “Port Parameters,” in the AT-S63 Management Software Menus Interface User’s Guide.
AT-S63 Management Software Web Browser Interface User’s Guide Displaying Port Statistics To display the statistics of a port, perform the following procedure: 1. From the Home page, select Monitoring. 2. From the Monitoring menu, select the Layer 1 option. The Layer 1 page is displayed with the Port Settings tab selected by default, as shown in Figure 20 on page 87. The Port Setting tab displays a image of the front of the switch. Ports with a valid link to an end node are green. 3.
Chapter 5: Port Parameters Frames Sent Number of frames transmitted from the port. Broadcast Frames Received Number of broadcast frames received on the port. Broadcast Frames Sent Number of broadcast frames transmitted from the port. Multicast Frames Received Number of multicast frames received on the port. Multicast Frames Sent Number of multicast frames transmitted from the port.
AT-S63 Management Software Web Browser Interface User’s Guide 5. To clear all the counters for the port, click Clear. To clear the counters for all ports on the switch, click Clear All. (The Clear and Clear All buttons are only available when you log on as a manager. They are not available when you log on as an operator.
Chapter 5: Port Parameters Resetting a Port to the Default Settings To reset a port to the default settings, perform the following procedure: 1. From the Home page, select Configuration. 2. From the Configuration menu, select the Layer 1 option. The Layer 1 page is displayed with the Port Settings tab selected by default, as shown in Figure 18 on page 80. 3. In the switch image, click a port to be returned to the default settings. The selected port turns white. You can reset more than one port at a time.
Chapter 6 MAC Address Table This chapter contains instructions on how to view the MAC addresses in the MAC address table. It also explained how to add static addresses to the table.
Chapter 6: MAC Address Table Displaying the MAC Address Table To view the MAC address table, perform the following procedure: 1. From the Home page, select Monitoring or Configuration. 2. From the Monitoring or Configuration menu, select the Layer 2 option. The Layer 2 page is displayed with the MAC Address tab selected by default, as shown in Figure 23. Figure 23.
AT-S63 Management Software Web Browser Interface User’s Guide The View Unicast MAC Addresses section and the View Multicast MAC Addresses section display unicast and multicast addresses, respectively. The options function the same in both sections. You can select only one option at a time. View All Displays all dynamic and static unicast or multicast addresses in the MAC address table. View Static Displays just the static unicast or multicast addresses assigned to the ports.
Chapter 6: MAC Address Table Figure 24 shows an example of viewing all unicast MAC addresses. Figure 24. View MAC Addresses Page The View MAC Addresses page displays a table that contains the following columns of information: VLAN ID The ID number of the VLAN where the port is a member. MAC Address The static or dynamic MAC address. Port(s) The port where the address was learned or assigned. The MAC address with port “CPU” is the address of the switch. Type The type of the address: static or dynamic.
AT-S63 Management Software Web Browser Interface User’s Guide Adding Static Unicast and Multicast MAC Addresses This section contains the procedure for assigning a static unicast or multicast address to a port. A switch port can have up to 255 static MAC addresses. To add a static address to the MAC address table, perform the following procedure: 1. From the Home page, select Configuration. 2. From the Configuration menu, select the Layer 2 option.
Chapter 6: MAC Address Table multicast application is located results in the failure of the multicast packets to be properly forwarded to the host nodes. You can specify the ports individually (e.g., 1,4,5), as a range (e.g., 11-14) or both (e.g., 15-17,22,24). VLAN ID Specifies the VLAN ID where the port is a member. 5. Click Apply. 6. Repeat this procedure to add other static addresses to the switch. 7. To permanently save your changes, select the Save Config option in the Configuration menu.
AT-S63 Management Software Web Browser Interface User’s Guide Deleting Unicast and Multicast MAC Addresses To delete a static or dynamic unicast or multicast MAC address from the switch, perform the following procedure: 1. From the Home page, select Configuration. 2. From the Configuration menu, select the Layer 2 option. The Layer 2 page opens with the MAC Address tab selected by default, as shown in Figure 23 on page 94. 3. Display the MAC addresses on the switch by selecting one of the options.
Chapter 6: MAC Address Table Deleting All Dynamic MAC Addresses To delete all dynamic unicast and multicast MAC addresses from the MAC address table, perform the following procedure: 1. From the Home page, select Configuration. 2. From the Configuration menu, select the Layer 2 option. The Layer 2 page opens with the MAC Address tab selected by default, as shown in Figure 23 on page 94. 3. In the Delete All Dynamic MAC Addresses section, click Delete.
AT-S63 Management Software Web Browser Interface User’s Guide Changing the Aging Time This procedure changes the aging time of the MAC address table. The switch uses the aging time to delete inactive dynamic MAC addresses from the MAC address table. The switch deletes an address from the table if no packets are sent to or received from the address for the period of time specified in the timer. This prevents the table from becoming full of addresses of inactive nodes.
Chapter 6: MAC Address Table 102 Section I: Basic Operations
Chapter 7 Static Port Trunks This chapter contains the procedure for managing static port trunks. The sections in this chapter are: “Creating a Static Port Trunk” on page 104 “Modifying a Static Port Trunk” on page 108 “Deleting a Port Trunk” on page 110 “Displaying the Port Trunks” on page 111 Note For background information, refer to Chapter 8, “Static and LACP Port Trunks,” in the AT-S63 Management Software Menus Interface User’s Guide.
Chapter 7: Static Port Trunks Creating a Static Port Trunk Caution Do not connect the cables of a port trunk to the ports on the switch until after you have configured the ports on both the switch and the remote device. Connecting the cables prior to configuring the trunk can create a loop in your network topology. This can cause a broadcast storm and poor network performance.
AT-S63 Management Software Web Browser Interface User’s Guide The Port Trunking tab is shown in Figure 26. Figure 26. Port Trunking Tab (Configuration) The tab displays the current static trunks in a table with the following columns of information: ID The ID number of the trunk. Name The name of the trunk. Type The load distribution method.
Chapter 7: Static Port Trunks 4. To create a new static trunk, click Add. The Add New Trunk page is shown in Figure 27. Figure 27. Add New Trunk Page 5. Click the Trunk Name field and enter a name for the static trunk. The name can be up to 16 alphanumeric characters. No spaces or special characters, such as asterisks and exclamation points, are allowed. Each trunk must be given a unique name. 6. From the Trunk Method pull-down menu, select a load distribution method for the trunk.
AT-S63 Management Software Web Browser Interface User’s Guide Note Some AT-9400 Series switches feature twisted pair ports that are paired with SFP and GBIC slots. Allied Telesyn recommends not including these ports in a port trunk. The operation of a port trunk with one of these ports may be unpredictable if the port were to transition to the redundant uplink status. For further information, refer to “Redundant Twisted Pair Ports” on page 39. 8. Click Apply. The new port trunk is now active on the switch.
Chapter 7: Static Port Trunks Modifying a Static Port Trunk This section contains the procedure for modifying a static port trunk on the switch. You can change the name and ports of a trunk from the web browser interface, but not the load distribute method.
AT-S63 Management Software Web Browser Interface User’s Guide The Modify Trunk page is shown in Figure 28. Figure 28. Modify Trunk Page 5. To change the name of the trunk, click the Trunk Name field and enter the new name. The name can be up to 16 alphanumeric characters. No spaces or special characters, such as asterisks and exclamation points, are allowed. Each trunk must have a unique name. 6. To add or remove ports from a trunk, click the ports in the graphical image of the switch.
Chapter 7: Static Port Trunks Deleting a Port Trunk Caution Disconnect the cables from the port trunk on the switch before performing this procedure. Deleting the trunk without first disconnecting the cables can result in the formation of a loop in your network topology. This can cause a broadcast storm and poor network performance. To delete a port trunk from the switch, perform the following procedure: 1. From the home page, select Configuration. 2. From the Configuration menu, select the Layer 1 option.
AT-S63 Management Software Web Browser Interface User’s Guide Displaying the Port Trunks To display the port trunks, perform the following procedure: 1. From the home page, select Monitoring. 2. From the Monitoring menu, select the Layer 1 option. 3. Select the Port Trunking tab. The Port Trunking tab is shown in Figure 29. Figure 29. Port Trunking Tab (Monitoring) The Port Trunking tab displays a table with the following columns of information: ID The ID number of the trunk. Name The name of the trunk.
Chapter 7: Static Port Trunks SI/DI - Source IP address /destination IP address (Layer 3) Ports The ports of the trunk.
Chapter 8 Port Mirroring This chapter contains the procedures for managing the port mirroring feature. The sections in the chapter include: “Creating a Port Mirror” on page 114 “Modifying a Port Mirror” on page 117 “Disabling a Port Mirror” on page 118 “Deleting a Port Mirror” on page 119 “Displaying the Port Mirror” on page 120 Note For background information, refer to Chapter 9, “Port Mirroring,” in the AT-S63 Management Software Menus Interface User’s Guide.
Chapter 8: Port Mirroring Creating a Port Mirror To create a port mirror, perform the following procedure: 1. From the home page, select Configuration. 2. From the Configuration menu, select the Layer 1 option. 3. Select the Port Mirroring tab. The Port Mirroring tab is shown in Figure 30. Figure 30. Port Mirroring Tab (Configuration) The tab displays a table with the following columns: Mirror to Port Specifies the destination port of the mirrored traffic. There can be only one destination port.
AT-S63 Management Software Web Browser Interface User’s Guide 4. Click Modify. The Modify Mirror page is shown in Figure 31. Figure 31. Modify Mirror Page 5. Click the ports to be in the port mirror. Clicking a port toggles it through the following possible settings: The destination (mirror) port. There can be only one destination port. A source port. The port’s ingress traffic is mirrored to the destination port. A source port. The port’s egress traffic is mirrored to the destination port. A source port.
Chapter 8: Port Mirroring Figure 32 shows an example of the Modify Mirror page configured for a port mirror. The ingress and egress traffic on ports 1, 2, and 7 to 10 is being mirrored to the destination port 11. Figure 32. Example of a Modify Mirror Page 6. After selecting the destination and source ports, click the Enable Mirror check box. 7. Click Apply. The port mirror is now active on the switch. You can connect a data analyzer to the destination port to monitor the traffic on the source ports. 8.
AT-S63 Management Software Web Browser Interface User’s Guide Modifying a Port Mirror To modify a port mirror, perform the following procedure: 1. From the home page, select Configuration. 2. From the Configuration menu, select the Layer 1 option. 3. Select the Port Mirroring tab. The Port Mirroring tab is shown in Figure 30 on page 114. 4. Click Modify. The Modify Mirror page is shown in Figure 31 on page 115. 5. Change the ports of the port mirror, as needed.
Chapter 8: Port Mirroring Disabling a Port Mirror This procedure disables a port mirror. When disabled, a port mirror stops copying traffic from the source ports to the destination port. However, the destination port is still reserved for port mirroring. To delete the port mirror so that the destination port can be used for normal network operations, refer to “Deleting a Port Mirror” on page 119. To disable a port mirror, perform the following procedure: 1. From the home page, select Configuration. 2.
AT-S63 Management Software Web Browser Interface User’s Guide Deleting a Port Mirror To delete a port mirror so that you can use the destination port for normal network operations, perform the following procedure: 1. From the home page, select Configuration. 2. From the Configuration menu, select the Layer 1 option. 3. Select the Port Mirroring tab. The Port Mirroring tab is shown in Figure 30 on page 114. 4. Click Modify. The Modify Mirror page is shown in Figure 31 on page 115. 5.
Chapter 8: Port Mirroring Displaying the Port Mirror To display the port mirror, perform the following procedure: 1. From the Home page, select Monitoring. 2. From the Monitoring menu, select the Layer 1 option. 3. Select the Port Mirroring tab. The Port Mirroring tab is shown in Figure 33. Figure 33. Port Mirroring Tab (Monitoring) The tab displays a table with the following columns: Mirror to Port The destination port where the traffic is copied and where the network analyzer is located.
Section II Advanced Operations The chapters in this section contain the procedures for advanced switch setup using the AT-S63 management software.
Section II: Advanced Operations
Chapter 9 File System This chapter contains the procedures for working with the switch’s file system. The sections include: “Listing the Files in Flash Memory or on a Compact Flash Card” on page 124 “Selecting an Active Boot Configuration File” on page 127 Note For background information, refer to Chapter 10, “File System,” in the AT-S63 Management Software Menus Interface User’s Guide.
Chapter 9: File System Listing the Files in Flash Memory or on a Compact Flash Card This procedure displays the files stored in the switch’s flash memory or on a compact flash card. (Not all AT-9400 Series switches support a flash card slot.) Note You cannot copy, rename, or delete files from a web browser management session. Those tasks can be performed from the menus and command line interfaces.
AT-S63 Management Software Web Browser Interface User’s Guide The information in the tab is defined below: Current Drives Specifies the location of the files displayed in the Current Files section of the tab. The Flash option represents the switch’s flash memory. This is the default selection. The Flash Card option only appears for those AT-9400 Series switch that feature a flash card slot. Default Configuration File Specifies the filename of the active configuration file.
Chapter 9: File System 5. To view the contents of a file, such as a configuration file, click the file in the Current Files section of the tab and click View. You can view one file at a time. The contents of the configuration file are displayed in the Viewing File page. An example is shown in Figure 35. . Figure 35.
AT-S63 Management Software Web Browser Interface User’s Guide Selecting an Active Boot Configuration File This procedure changes the active boot configuration file on the switch. The switch uses the active boot configuration file to configure its operating parameters whenever it is reset or power cycled. The switch also updates the active boot file whenever you select the Save Config option.
Chapter 9: File System Be sure to include the “.cfg” extension. Precede the name with “cflash:” if the file is stored on a flash card in the switch. 5. Click Apply. The switch searches the file system or flash memory card for the file. If it finds the file, it displays the file name in the Default Configuration File field along with the word “Exists.” The file is now the active boot configuration file on the switch.
Chapter 10 File Downloads and Uploads This chapter explains how to upload and download files, such as a new AT-S63 image file, onto the switch.
Chapter 10: File Downloads and Uploads Downloading a File This procedure explains how to download a file from a TFTP server on your network to the switch using the web browser interface. You can download any of the following files: AT-S63 image file Boot configuration file CA certificate Here are the general guidelines to follow when performing this procedure: You must use TFTP to download a file from a web browser management session.
AT-S63 Management Software Web Browser Interface User’s Guide device’s IP configuration. If the switch has a static address, the interface is assigned the same address. If the unit obtained its IP configuration from a DHCP or BOOTP server, the interface is created with its DHCP or BOOTP client activated. The interface is given the interface number 0 and assigned to the preexisting management VLAN. Furthermore, the interface is designated as the local interface on the switch.
Chapter 10: File Downloads and Uploads To download a file, perform the following procedure: 1. From the home page, select Configuration. 2. From the Configuration menu, select the Utilities option. The Utilities page is displayed with the System Utilities tab selected by default, as shown in Figure 36. Figure 36. System Utilities Tab (Configuration) Note The top portion of the System Utilities tab returns the switch to its factory default settings.
AT-S63 Management Software Web Browser Interface User’s Guide 6. In the TFTP Local Filename field, enter a name for the file. This is the name the switch uses to store the file in its file system. To download a new AT-S63 image file into the switch’s application block, enter “APPBLOCK” as the filename. 7.
Chapter 10: File Downloads and Uploads Uploading a File This procedure explains how to upload a file from the switch’s file system to a TFTP server on your network using the web browser interface. You can upload any of the following files: Boot configuration file Public encryption key CA enrollment request Event log file Note the following before performing this procedure: You must use TFTP to upload a file from a web browser management session.
AT-S63 Management Software Web Browser Interface User’s Guide 4. For the TFTP Operation parameter, click Upload. 5. In the TFTP Remote Filename field, enter a name for the file when it is stored on the TFTP server. 6. In the TFTP Local Filename field, enter the name of the file in the switch’s file system to be uploaded to the TFTP server. 7. In TFTP File Type, select File.
Chapter 10: File Downloads and Uploads 136 Section II: Advanced Operations
Chapter 11 Event Logs and Syslog Servers This chapter describes how to view switch activity by displaying and saving the contents of the event logs. It also explains how to send events to syslog servers on your network by creating syslog output definitions.
Chapter 11: Event Logs and Syslog Servers Working with the Event Logs The event logs contain event messages generated by a switch. These events can provide vital information about the operation of the device and can help you identify and resolve network problems. The information includes the time and date when an event occurred, the event’s severity, the AT-S63 module that generated the event, and an event description. The AT-9400 Series switch has two event logs. Both logs store the same event messages.
AT-S63 Management Software Web Browser Interface User’s Guide The Event log tab is shown in Figure 37. Figure 37. Event Log Tab (Configuration) 4. In the Log Settings section, click Enabled for the Status to enable the event logs, or Disabled to disable the event logs and to stop the switch from sending events to syslog servers. The default setting is enabled. 5. Click Apply to activate the settings on the switch.
Chapter 11: Event Logs and Syslog Servers Displaying Events This procedure explains how to display the events in an event log. You can view all or just specific events of a log. To view the events in an event log, perform the following procedure: 1. From the home page, select either Monitoring or Configuration. 2. From the Configuration menu, select the System option. 3. Select the Event Log tab. The Event log tab is shown in Figure 37 on page 139. 4.
AT-S63 Management Software Web Browser Interface User’s Guide Display Order Controls the chronological order of the events in the display. Options are: Chronological - Lists the events starting with the oldest events. This is the default. Reverse Chronological - Lists the events starting with the most recent events. Mode Controls the format of the events in the display. Options are: Normal - Displays an event’s time of occurrence, module originator, severity, and description for each event.
Chapter 11: Event Logs and Syslog Servers Table 2. AT-S63 Software Modules (Continued) Name 142 Description IP IP configuration LACP Link Aggregation Control Protocol MAC MAC address table MGMTACL Management access control list MLDSNOOP MLD snooping PACCESS 802.
AT-S63 Management Software Web Browser Interface User’s Guide Figure 38 shows an example of an event log in Normal mode. Figure 38. Event Log Example Displayed in Normal Mode The columns in the table are defined here: Severity The event’s severity. The severity codes and their corresponding severity level and description are listed in Table 3. Table 3. Event Severity Levels Severity Code Severity Level E Error Switch operation is severely impaired.
Chapter 11: Event Logs and Syslog Servers An example of the Full mode is shown in Figure 39. Figure 39. Event Log Example Displayed in Full Mode The additional information displayed in Full mode is defined here: Event ID A unique, random number assigned to each event. Filename:Line The originator of the event displayed as the name of the AT-S63 software source file and the line number. Clearing an Event Log To clear a log of all events, do the following: 1. From the home page, select Configuration. 2.
AT-S63 Management Software Web Browser Interface User’s Guide Modifying the Event Log Full Action This procedure explains how to control what an event log does after it has stored its maximum number of events. You have two options. The first is to have the switch delete the oldest entries in the log as it adds new entries. The second is to have the switch stop adding entries, so as to preserve the existing log contents.
Chapter 11: Event Logs and Syslog Servers 7. Click Apply. 8. To permanently save the change, select the Save Config menu selection. Saving an Event Log to a File You can save the current contents of an event log as an ASCII file in the switch’s file system. You might save an event log to retain a history of the operation of the switch or to assist in resolving a network problem. The file can be viewed from the file system or uploaded to your management workstation using Xmodem or TFTP.
AT-S63 Management Software Web Browser Interface User’s Guide Working with Syslog Output Definitions You can configure the switch to send its events to a syslog server, which can store the events of many network devices simultaneously. This can make managing your network easier since you need only go to one site, the syslog server, to see all the events of your network devices. Here are the guidelines to observe when using this feature: You can define up to 19 syslog servers.
Chapter 11: Event Logs and Syslog Servers The Create Log Output page is shown in Figure 41. Figure 41. Create Event Log Output Page 5. Configure the following parameters as necessary: Output ID Specifies an identification number for the syslog output definition. Each definition must be given a unique number. The range is 2 to 20. The default is the next available number. Output Status Controls the status of the syslog output definition. The options are: Enabled - Enables the output definition.
AT-S63 Management Software Web Browser Interface User’s Guide Error - Sends only error event messages. Error messages indicate that the switch operation is severely impaired. Warning - Sends only warning event messages. These messages indicate that an issue may require manager attention. Information - Sends only informational event messages. Informational messages display useful information that you can ignore during normal operation. Debug - Sends debug event messages.
Chapter 11: Event Logs and Syslog Servers 7. To permanently save your changes, select the Save Config option in the Configuration menu. Viewing a Syslog Output Definition To view an existing syslog output definition, perform the following procedure: 1. From the home page, select either Monitoring or Configuration. 2. From the Configuration menu, select the System option. 3. Select the Event Log tab. The Event Log tab is shown in Figure 37 on page 139. 4.
AT-S63 Management Software Web Browser Interface User’s Guide 4. In the Configure Log Outputs section of the tab, select the log output file to be modified and click Modify. The Modify Event Log Output page is shown in Figure 43. Figure 43. Modify Event Log Output Page 5. Modify the following parameters as necessary. For definitions of the parameters, refer to “Configuring a Syslog Output Definition” on page 147. 6. Click Apply to apply the changes or Close to close the page without making changes. 7.
Chapter 11: Event Logs and Syslog Servers 152 Section II: Advanced Operations
Chapter 12 Classifiers A classifier defines a traffic flow. Classifiers are used with access control lists (ACLs) to filter ingress traffic on a port and with Quality of Service policies to regulate the traffic flows passing through a switch.
Chapter 12: Classifiers Configuring a Classifier To configure a classifier, perform the following procedure: 1. From the home page, select Configuration. 2. From the Configuration menu, select the Network Security or Services option. The Classifier tab is accessible from both menu selections. 3. Select the Classifier tab. The Classifier tab is shown in Figure 44. Figure 44. Classifier Tab (Configuration) The tab lists the current classifiers on the switch.
AT-S63 Management Software Web Browser Interface User’s Guide No. of Active Associations The number of active ACLs and QoS policies where the classifier is currently assigned. An active ACL or QoS policy is assigned to at least one port. 4. Click Create. The Create Classifier page is shown in Figure 45. Figure 45.
Chapter 12: Classifiers Some of the variables and settings display additional selections. For example, selecting IP as the Protocol displays the selections shown in Figure 46. Figure 46. Create Classifier Page - IP Protocol 5. Configure the following parameters as desired: ID Specifies an ID number for the classifier. Every classifier on the switch must have a unique ID number. The range is 1 to 9999. This parameter is required. Description Specifies a description for the classifier.
AT-S63 Management Software Web Browser Interface User’s Guide Ethernet Format Defines a traffic flow by the format of the Ethernet packets. Selections are: Untagged - Ethernet II untagged packets Tagged - Ethernet II tagged packets 802.2 untagged - Ethernet 802.2 untagged packets 802.2 tagged - Ethernet 802.2 tagged packets Priority Defines a traffic flow by the user priority level in tagged Ethernet frames. The range is 0 to 7.
Chapter 12: Classifiers IP Protocol Defines a traffic flow by the following Layer 3 protocols: User Specified TCP UDP ICMP IGMP User Specified IP Protocol Defines a traffic flow of an Layer 3 protocol by its protocol number. To set this parameter, the IP Protocol parameter must be set to User Specified. The number can be entered in either decimal or hexadecimal format. If the latter, precede the number with “0x”. The range is 0 (0x0) to 255 (0xFF).
AT-S63 Management Software Web Browser Interface User’s Guide TCP Flags Defines a traffic flow by TCP flag. To set this parameter, IP Protocol must be set to TCP. Options are URG - Urgent ACK - Acknowledgement RST - Reset PSH - Push SYN - Synchronization FIN - Finish UDP Source Port Defines a traffic flow by source UDP port. To set this parameter, IP Protocol must be set to UDP. UDP Destination Port Defines a traffic flow by a destination UDP port.
Chapter 12: Classifiers Modifying a Classifier This procedure explains how to modify a classifier. Note If the classifier to be modified is currently assigned to an ACL or QoS policy that has been assigned to a switch port, you must first remove the port assignments from the ACL or policy before modifying the classifier. After modifying the classifier, you can reassign the ports again to the ACL or QoS policy. To modify a classifier, perform the following procedure: 1.
AT-S63 Management Software Web Browser Interface User’s Guide 6. When you are finished modifying the parameters, click Apply. The modifications are immediately implemented in the classifier. 7. To permanently save your changes, select the Save Config option in the Configuration menu.
Chapter 12: Classifiers Deleting a Classifier To delete a classifier, perform the following procedure: Note A classifier must be removed from all access control lists and QoS policies before it can be deleted. 1. From the home page, select Configuration. 2. From the Configuration menu, select the Network Security or Services option. The Classifier tab is accessible from both menu selections. 3. Select the Classifier tab. The Classifier tab is shown in Figure 44 on page 154. 4.
AT-S63 Management Software Web Browser Interface User’s Guide Displaying the Classifiers To display the classifiers, perform the following procedure: 1. From the Home page, select Monitoring. 2. From the Configuration menu, select the Network Security or Services option. The Classifier tab is accessible from both menu selections. 3. Select the Classifiers tab. The Classifiers tab is shown in Figure 48. Figure 48.
Chapter 12: Classifiers No. of Active Associations The number of active ACLs and QoS policies to which the classifier is currently assigned. An active ACL or QoS policy is assigned to at least one switch. 4. To display detailed information about a classifier, select the classifier and click View. For descriptions of the variables, refer to “Configuring a Classifier” on page 154. 5. Click Close to close the page.
Chapter 13 Access Control Lists An access control list (ACL) is a tool for managing network traffic. This chapter contains the following sections: “Configuring an Access Control List” on page 166 “Modifying an Access Control List” on page 169 “Deleting an Access Control List” on page 170 “Displaying the Access Control Lists” on page 171 Note For background information, refer to Chapter 14, “Access Control Lists,” in the AT-S63 Management Software Menus Interface User’s Guide.
Chapter 13: Access Control Lists Configuring an Access Control List This procedure explains how to create an ACL. Before starting this procedure, jot down on paper the ID number(s) of the classifier(s) to be assigned to the ACL. Having this information handy will make it easier for you to perform the procedure. To view the classifier ID numbers and specifications, refer to “Displaying the Classifiers” on page 163. To configure an access control list, perform the following procedure: 1.
AT-S63 Management Software Web Browser Interface User’s Guide accepts the packets that meet the criteria of the classifiers assigned to the ACL. An action of Deny means the port discards the packets, unless the packets also match the criteria of a Permit ACL, in which case the packets are accepted by the port, because a Permit ACL overrides a Deny ACL. Active Whether or not the ACL is active. A status of Yes means that the ACL is assigned to at least one port on the switch.
Chapter 13: Access Control Lists Action Use this menu to specify the action of the ACL. An action of Permit means the port accepts the packets that meet the criteria of the classifiers assigned to the ACL. An action of Deny means the port discards the packets, unless the packets also match the criteria of a Permit ACL, in which case the packets are accepted by the port, because a Permit ACL overrides a Deny ACL. Description Use this field to enter a description for the ACL.
AT-S63 Management Software Web Browser Interface User’s Guide Modifying an Access Control List To modify an access control list, perform the following procedure: 1. From the home page, select Configuration. 2. From the Configuration menu, select the Network Security option. 3. Select the ACL tab. The ACL tab is shown in Figure 49 on page 166. 4. Select the ACL to be modified and click Modify. The Modify ACLs page is displayed, as shown in Figure 51. Figure 51. Modify ACLs Page 5.
Chapter 13: Access Control Lists Deleting an Access Control List To delete an access control list, perform the following procedure: 1. From the home page, select Configuration. 2. From the Configuration menu, select the Network Security option. 3. Select the ACL tab. The ACL tab is shown in Figure 49 on page 166. 4. Select the ACL to be deleted and click Delete. You can delete one access control list at a time. The ACL is immediately deleted from the switch. 5.
AT-S63 Management Software Web Browser Interface User’s Guide Displaying the Access Control Lists To display the current ACLs, perform the following procedure: 1. From the Home page, select Monitoring. 2. From the Monitoring menu, select Network Security. 3. Select the ACL tab. The ACL tab is shown in Figure 52. Figure 52. ACL Tab (Monitoring) The ACL tab displays a table of the currently configured ACLs with the following columns of information: ID The ID number for the ACL.
Chapter 13: Access Control Lists is assigned to at least one port on the switch. A status of No means the ACL is not assigned to any ports and therefore is inactive. Classifier List The classifiers assigned to the ACL. Port List The port assignments of the ACL. 4. To view the same information for each ACL, select the ACL and click View. The View ACLs page opens, as shown in Figure 53. Figure 53. View ACLs Page 5. Click Close.
Chapter 14 Class of Service This chapter contains instructions on how to configure Class of Service (CoS).
Chapter 14: Class of Service Configuring CoS This procedure sets the Class of Service priority level for ingress untagged packets on a port. The priority level dictates which priority queue the packets are stored in on the egress port. In the default settings, ingress untagged packets on a port are assigned a priority level of 0 and are stored in egress queue Q1 on the egress port. This procedure also overrides the priority level in tagged ingress packets.
AT-S63 Management Software Web Browser Interface User’s Guide The CoS Setting for Port page is shown in Figure 55. Figure 55. CoS Setting for Port Page 4. Use the Priority list to select a new Class of Service priority level for the port. The default is level 0. The new priority level will apply to all ingress untagged packets. (If you perform Step 5 and override the priority level in tagged packets, the new priority level will also apply to all ingress tagged packets.) 5.
Chapter 14: Class of Service Mapping CoS Priorities to Egress Queues This procedure explains how to change the default mappings of CoS priorities to egress priority queues. To change the mappings, perform the following procedure: 1. From the home page, select Configuration. 2. From the Configuration menu, select the Services option. 3. Select the Queuing & Scheduling tab. The Queuing & Scheduling tab is shown in Figure 56. Figure 56.
AT-S63 Management Software Web Browser Interface User’s Guide The default values are listed in Table 5. Table 5. Default Mappings of IEEE 802.1p Priority Levels to Egress Priority Queues IEEE 802.1p Priority Level Egress Port Priority Queue 0 Q1 1 Q0 2 Q2 3 Q3 4 Q4 5 Q5 6 Q6 7 Q7 4. In the Configure CoS Queues to Egress Queues section of the tab, click the list for a CoS priority whose queue assignment is to be changed and select the new queue.
Chapter 14: Class of Service Configuring Egress Scheduling This procedure explains how to select and configure a scheduling method for Class of Service. Scheduling determines the order in which the ports handle packets in their egress queues. For an explanation of the two scheduling methods, refer to Chapter 15, “Class of Service,” in the AT-S63 Management Software Menus Interface User’s Guide. Scheduling is set at the switch level. You can not set this at the port level.
AT-S63 Management Software Web Browser Interface User’s Guide Displaying the CoS Settings To display the CoS settings, perform the following procedure: 1. From the Home page, select Monitoring. 2. From the Monitoring menu, select Services. The Services page is displayed with the CoS tab selected by default, as shown in Figure 57. Figure 57. CoS Tab (Monitoring) 3. Click the port whose settings are to be displayed. You can select more than one port. A selected port turns white.
Chapter 14: Class of Service The CoS Setting for Port page displays a table that contains the following columns of information: Port The port number. VLAN ID The VLAN where the port is an untagged member. Default Priority The default priority level assigned to ingress untagged packets on this port. Override Priority Whether the priority level in tagged packets should be overridden. 5. Click Close.
AT-S63 Management Software Web Browser Interface User’s Guide Displaying the QoS Schedule To display the QoS schedule, perform the following procedure: 1. From the Home page, select Monitoring. 2. From the Monitoring menu, select the Services option. 3. Select the Queuing and Scheduling tab. The Queuing and Scheduling tab is shown in Figure 59. Figure 59. QoS Scheduling Tab (Monitoring) The upper section displays the CoS priority to egress queue assignments.
Chapter 14: Class of Service 182 Section II: Advanced Operations
Chapter 15 Quality of Service This chapter contains instructions on how to configure Quality of Service (QoS). This chapter contains the following procedures: “Managing Flow Groups” on page 184 “Managing Traffic Classes” on page 190 “Managing Policies” on page 198 Note For background information, refer to Chapter 16, “Quality of Service,” in the AT-S63 Management Software Menus Interface User’s Guide.
Chapter 15: Quality of Service Managing Flow Groups This section contains the following procedures: Configuring a Flow Group “Configuring a Flow Group,” next “Modifying a Flow Group” on page 187 “Deleting a Flow Group” on page 188 “Displaying the Flow Groups” on page 188 To configure a flow group, perform the following procedure: 1. From the home page, select Configuration. 2. From the Configuration menu, select the Services option. 3. Select the Flow Group tab.
AT-S63 Management Software Web Browser Interface User’s Guide inactive if it is not a part of any policies or if the policies are not assigned to any ports. Parent Traffic Class ID The traffic class where the flow group is assigned. Classifier List The classifiers of the flow group. 4. Click Create. The Create Flow Group page opens, as shown in Figure 61. Figure 61. Create Flow Group Page 5. Configure the following parameters as necessary: ID Specifies the ID number for this flow group.
Chapter 15: Quality of Service specified in a flow group overrides a DSCP value specified at the traffic class or policy level. Priority (802.1p) Specifies a new user priority value for the packets. The range is 0 to 7. You can specify a new priority value at both the flow group and traffic class levels. If you specify a new user priority value at both levels, the value in the flow group here overrides the value in Traffic Class.
AT-S63 Management Software Web Browser Interface User’s Guide 7. To permanently save your changes, select the Save Config option in the Configuration menu. Modifying a Flow Group This procedure explains how to modify a flow group. If the flow group is already part of a QoS policy assigned to one or more switch ports, you must modify the policy by removing the port assignments before you can modify the flow group. You can reassign the ports back to the policy after modifying the flow group.
Chapter 15: Quality of Service The changes are applied to the flow group. 7. To permanently save your changes, select the Save Config menu selection. Deleting a Flow Group This procedure explains how to delete a flow group. If the flow group to be deleted is already part of a QoS policy assigned to one or more switch ports, you must modify the policy by removing the port assignments before you can delete the flow group. You can assign the ports back to the policy after you have deleted the flow group.
AT-S63 Management Software Web Browser Interface User’s Guide The Flow Group tab is shown in Figure 63. Figure 63. Flow Group Tab (Monitoring) The Flow Group tab displays the currently configured flow groups in a table that contains the following columns of information: ID The ID number of the flow group. Description The flow group description. Active The active status of the flow group. A flow group is deemed active if it is part of a policy assigned to a switch port.
Chapter 15: Quality of Service Managing Traffic Classes This section contains the following procedures: Configuring a Traffic Class “Configuring a Traffic Class,” next “Modifying a Traffic Class” on page 194 “Deleting a Traffic Class” on page 196 “Displaying the Traffic Classes” on page 196 To configure a traffic class, perform the following procedure: 1. From the home page, select Configuration. 2. From the Configuration menu, select the Services option. 3. Select the Traffic Class tab.
AT-S63 Management Software Web Browser Interface User’s Guide Parent Policy ID The QoS policies to which the traffic class is assigned. Flow Group List The flow groups assigned to this traffic class. 4. To create a new traffic class, click Create. The Create Traffic Class page is shown in Figure 65. Figure 65. Create Traffic Class Page 5. Configure the following parameters: ID Specifies an ID number for the traffic class. Each traffic class on the switch must be assigned a unique number.
Chapter 15: Quality of Service Exceed Action Specifies the action to be taken if the traffic of the traffic class exceeds the maximum bandwidth. There are two possible exceed actions, drop and remark. If drop is selected, traffic exceeding the bandwidth is discarded. If remark is selected, the packets are forwarded after replacing the DSCP value with the new value specified in Exceed Remark Value. The default is drop.
AT-S63 Management Software Web Browser Interface User’s Guide Burst Size Specifies the size of a token bucket for the traffic class. The range is 4 to 512 Kbps. The default is 512 Kbps. The token bucket is used in situations where you set a maximum bandwidth for a class, but where traffic activity may periodically exceed the maximum. A token bucket can provide a buffer for those periods where the maximum bandwidth is exceeded.
Chapter 15: Quality of Service Remark Priority Replaces the user priority value in the packets with the new value specified in the Priority parameter, if set to Yes. If set to No, which is the default, the packets retain their preexisting priority level when they leave the switch. ToS Specifies a replacement value to write into the Type of Service (ToS) field of IPv4 packets. The range is 0 to 7. A ToS value can be set at all three levels: flow group, traffic class, and policy.
AT-S63 Management Software Web Browser Interface User’s Guide To modify a traffic class, perform the following procedure: 1. From the home page, select Configuration. 2. From the Configuration menu, select the Services option. 3. Select the Traffic Class tab. The Traffic Class tab is shown in Figure 64 on page 190 4. Select the traffic class to be modified and click Modify. The Modify Traffic Class page is shown in Figure 66. Figure 66. Modify Traffic Class Page 5. Configure the parameters as necessary.
Chapter 15: Quality of Service Deleting a Traffic Class This procedure explains how to delete a traffic class. If the traffic class to be deleted is already part of a QoS policy assigned to one or more switch ports, you must first modify the policy by removing the port assignments before you can delete the traffic class. You can reassign the ports back to the policy after you have deleted the traffic class. To delete a traffic class, perform the following procedure: 1.
AT-S63 Management Software Web Browser Interface User’s Guide The Traffic Class tab displays the currently configured flow groups in a table that contains the following columns of information: ID The ID of the traffic class. Description A description of the traffic class. Active Whether the traffic class is active on the switch. An active traffic class is part of a policy assigned to one or more switch ports.
Chapter 15: Quality of Service Managing Policies This section contains the following procedures: Configuring a Policy “Configuring a Policy,” next “Modifying a Policy” on page 201 “Deleting a Policy” on page 202 “Deleting all Flow Groups, Traffic Classes, and Policies” on page 203 “Displaying Policies” on page 203 To configure a policy, perform the following procedure: 1. From the home page, select Configuration. 2. From the Configuration menu, select the Services option. 3.
AT-S63 Management Software Web Browser Interface User’s Guide Active Whether this policy is active on the switch. An active policy is assigned to one or more switch ports. An inactive policy is not assigned to any switch ports. Traffic Class List The traffic classes assigned to the policy. Ingress Port List The ingress ports to which the policy is assigned. 4. Click Create. The Create Policy page opens, as shown in Figure 69. Figure 69. Create Policy Page 5.
Chapter 15: Quality of Service Remark DSCP Specifies whether the ingress DSCP value is overwritten. Select one of the following options from the list: None - Disables this function. All - All packets are remarked. DSCP Value Specifies a replacement value to write into the DSCP (TOS) field of the packets. The range is 0 to 63. A new DSCP value can be set at all three levels: flow group, traffic class, and policy.
AT-S63 Management Software Web Browser Interface User’s Guide No Does not copy the traffic to a destination mirror port. This is the default. Traffic Class List Specifies the traffic class to be assigned to the policy. The traffic class must already exist. A policy can have more than one traffic class. To select more than one traffic class, hold down the Ctrl key when making your selections. Ingress Port List Specifies the ingress port to which the policy is to be assigned.
Chapter 15: Quality of Service The Modify Policy page is shown in Figure 70. Figure 70. Modify Policy Page 5. Modify the parameters as needed. For parameter definitions, refer to “Configuring a Policy” on page 198. 6. When you are finished configuring the parameters, click Apply. The changes are immediately implemented in the policy. 7. To permanently save your changes, select the Save Config option in the Configuration menu. Deleting a Policy To delete a policy, perform the following procedure: 1.
AT-S63 Management Software Web Browser Interface User’s Guide 5. To permanently save your changes, select the Save Config option in the Configuration menu. Deleting all Flow Groups, Traffic Classes, and Policies To delete all flow groups, traffic classes, and policies from the switch, perform the following procedure: 1. From the home page, select Configuration. 2. From the Configuration menu, select the Services option. 3. Select the Policies tab. The Policies tab is shown in Figure 68 on page 198. 4.
Chapter 15: Quality of Service ID The ID of the policy. Description A description of the policy. Active Whether this policy is active on the switch. An active policy is assigned to one or more switch ports. An inactive policy is not assigned to any switch ports. Traffic Class List The traffic classes of the policy. Ingress Port List The ingress ports of the policy. 4. To view the details of a specific policy, select the policy and click View.
Chapter 16 Denial of Service Defense This chapter contains instructions on how to configure the Denial of Service defense feature on the switch. The sections include: “Configuring Denial of Service Defense” on page 206 “Displaying the DoS Settings” on page 209 Note For background information, refer to Chapter 17, “Denial of Service Defense,” in the AT-S63 Management Software Menus Interface User’s Guide.
Chapter 16: Denial of Service Defense Configuring Denial of Service Defense To configure the ports on the switch for a Denial of Service attack defense, perform the following procedure: 1. From the home page, select Configuration. 2. From the Configuration menu, select the Network Security option. 3. Select the DoS tab. The DoS tab is shown in Figure 72. Figure 72. DoS Tab (Configuration) 4. If you are implementing the SMURF or Land defense, you must provide an IP address and mask for your LAN.
AT-S63 Management Software Web Browser Interface User’s Guide 149.11.11.50. The mask would be 0.0.0.63. c. If you are activating the Land defense, in the DoS Uplink Port field enter the number of the port connected to the device (e.g., DSL router) that leads outside your network. You can specify only one uplink port. 5. Click the ports in the switch image where a defense mechanism is to be enabled or disabled. 6.
Chapter 16: Denial of Service Defense 8. Configure the following parameters as necessary: Status Click Enable or Disable to enable or disable DoS on the selected ports. Mirror Port This option applies to the Land, Tear Drop, Ping of Death, and IP Options. Enabling this option mirrors the traffic examined by a defense mechanism to another port on the switch.
AT-S63 Management Software Web Browser Interface User’s Guide Displaying the DoS Settings To display the DoS settings, perform the following procedure: 1. From the Home page, select Monitoring. 2. From the Monitoring menu, select Network Security. 3. Select the DoS tab. The DoS tab is shown in Figure 74. Figure 74. DoS Tab (Monitoring) 4. Click the port whose DoS settings are to be displayed. You can select more than one port at a time. 5.
Chapter 16: Denial of Service Defense The DoS Monitor for Port page opens, as shown in Figure 75. Figure 75. DoS Monitor for Ports Page The page displays a table that contains the following columns of information: Port The port number. Status Whether DoS is enabled or disabled on the port. Type The type of DoS prevention. Mirror Port Whether the examined traffic is copied to a mirror port.
Chapter 17 IGMP Snooping This chapter describes how to configure the IGMP snooping feature on the switch. The sections in the chapter include: “Configuring IGMP Snooping” on page 212 “Displaying a List of Host Nodes” on page 215 “Displaying a List of Multicast Routers” on page 217 Note For background information, refer to Chapter 18, “IGMP Snooping,” in the AT-S63 Management Software Menus Interface User’s Guide.
Chapter 17: IGMP Snooping Configuring IGMP Snooping To configure IGMP snooping, perform the following procedure: 1. From the home page, select Configuration. 2. From the Configuration menu, select the Multicast option. The Multicast page is displayed with the IGMP tab selected by default, as shown in Figure 76. Figure 76. IGMP Tab (Configuration) 3. Configure the following parameters as necessary. Enable IGMP Snooping Status Enables and disables IGMP snooping on the switch.
AT-S63 Management Software Web Browser Interface User’s Guide The Multi-Host/Port (Intermediate) setting is appropriate if there is more than one host node connected to a switch port, such as when a port is connected to an Ethernet hub to which multiple host nodes are connected. With this setting selected the switch continues sending multicast packets out a port even after it receives a leave request from a host node on the port.
Chapter 17: IGMP Snooping Note The combined number of multicast address groups for IGMP and MLD snooping cannot exceed 255. 4. Click Apply. Changes to the IGMP snooping parameters are immediately implemented on the switch. 5. To permanently save your changes, select the Save Config option in the Configuration menu.
AT-S63 Management Software Web Browser Interface User’s Guide Displaying a List of Host Nodes You can use the AT-S63 management software to display a list of the multicast groups on a switch, as well as the host nodes. You can also view the multicast routers. A multicast router is a router that is receiving multicast packets from a multicast application and transmitting the packets to host nodes. To view host nodes, perform the following procedure: 1. From the Home page, select Monitoring. 2.
Chapter 17: IGMP Snooping VLAN ID The VID of the VLAN where the port is an untagged member. Member Port/Trunk ID The port on the switch where the host node is connected. If the host node is connected to the switch through a trunk, the trunk ID number, not the port number, is displayed. Host IP The IP address of the host node connected to the port. Version The version of IGMP used by the host. Exp.
AT-S63 Management Software Web Browser Interface User’s Guide Displaying a List of Multicast Routers To view multicast routers, perform the following procedure: 1. From the Home page, select Monitoring. 2. From the Monitoring menu, select the Multicast option. The Multicast page is displayed with the IGMP tab as shown in Figure 77 on page 215. 3. To view the multicast routers, click View Multicast Router List and then click View. The View Multicast Routers List is shown in Figure 78. Figure 78.
Chapter 17: IGMP Snooping 218 Section II: Advanced Operations
Section III SNMPv3 The chapter in this section contains the procedures for configuring SNMPv3.
Section III: SNMPv3
Chapter 18 SNMPv3 This chapter provides the following procedures for configuring SNMPv3 parameters using a web browser management session: “Configuring the SNMPv3 Protocol” on page 222 “Enabling or Disabling SNMP Management” on page 223 “Configuring the SNMPv3 User Table” on page 226 “Configuring the SNMPv3 View Table” on page 234 “Configuring the SNMPv3 Access Table” on page 240 “Configuring the SNMPv3 SecurityToGroup Table” on page 247 “Configuring the SNMPv3 Notify Table” on
Chapter 18: SNMPv3 Configuring the SNMPv3 Protocol To configure the SNMPv3 protocol, you need to first enable SNMP access on the switch. Then you configure the SNMPv3 tables.
AT-S63 Management Software Web Browser Interface User’s Guide Enabling or Disabling SNMP Management In order to allow an SNMP manager or host to access the switch you need to enable SNMP access. In addition, to allow the switch to send a trap when it receives a login attempt from an unauthenticated user, you need to enable authentication failure traps. This section provides a procedure to accomplish both of these tasks.
Chapter 18: SNMPv3 The SNMP tab is shown in Figure 79. Figure 79. SNMP Tab (Configuration) 4. Click the Enable SNMP Access checkbox to enable or disable SNMP management. A check in the box indicates that the feature is enabled, meaning that the switch can be managed from an SNMP management station. No check indicates that the feature is disabled. The default is disabled. Use this parameter to enable the switch to be remotely managed with an SNMP application program.
AT-S63 Management Software Web Browser Interface User’s Guide 7. To permanently save your changes, select the Save Config option in the Configuration menu.
Chapter 18: SNMPv3 Configuring the SNMPv3 User Table You can create, delete, and modify an SNMPv3 User Table entry. See the following procedures: “Creating a User Table Entry” on page 226 “Deleting a User Table Entry” on page 229 “Modifying a User Table Entry” on page 230 For reference information about the SNMPv3 User Table, see Chapter 21, “SNMPv3” in the AT-S63 Management Software Menus Interface User’s Guide.
AT-S63 Management Software Web Browser Interface User’s Guide The SNMPv3 User Table tab is shown in Figure 80. Figure 80. SNMPv3 User Table Tab (Configuration) 4. Click Add. The Add New SNMPv3 User page is shown in Figure 81. Figure 81. Add New SNMPv3 User Page 5.
Chapter 18: SNMPv3 6. In the Authentication Protocol field, enter an authentication protocol. This is an optional parameter. Select one of the following: MD5 This value represents the MD5 authentication protocol. With this selection, users (SNMP entities) are authenticated with the MD5 authentication protocol after a message is received. This algorithm generates the message digest. The user is authenticated when the authentication protocol checks the message digest.
AT-S63 Management Software Web Browser Interface User’s Guide privacy protocol for this User Table entry. With this selection, messages transmitted between the host and the switch are encrypted with the DES protocol. None Select this value if you do not want a privacy protocol for this User Table entry. With this selection, messages transmitted between the host and the switch are not encrypted. 10. In the Privacy Password field, enter a privacy password of up to 32 alphanumeric characters. 11.
Chapter 18: SNMPv3 3. In the SNMPv3 section, click the button next to Configure User Table and then click Configure. The SNMPv3 User Table tab is shown in Figure 80 on page 227. 4. Click the button next to the User Table entry to be deleted and click Remove. A warning message is displayed. 5. Click OK. 6. From the Configuration menu, select the Save Config option to permanently save your changes. (This option is not displayed if there are no changes to save.
AT-S63 Management Software Web Browser Interface User’s Guide The Modify SNMPv3 User page is shown in Figure 82. Figure 82. Modify SNMPv3 User Page 5. In the Authentication Protocol field, enter an authentication protocol. This is an optional parameter. Select one of the following: MD5 This value represents the MD5 authentication protocol. With this selection, users (SNMP entities) are authenticated with the MD5 authentication protocol after a message is received.
Chapter 18: SNMPv3 Note You may want to assign NONE to a super user. 6. In the Authentication Password field, enter an authentication password of up to 32 alphanumeric characters. 7. In the Confirm Authentication Password field, re-enter the authentication password. Note If you have the nonencrypted version of the AT-S60 software, then the Privacy Protocol field is read-only. Note You can only configure the Privacy Protocol if you have configured the Authentication Protocol with the MD5 or SHA values. 8.
AT-S63 Management Software Web Browser Interface User’s Guide entry with a NonVolatile storage type, the Save Config option is displayed on the Configuration menu. Allied Telesyn recommends this storage type. Note The Row Status parameter is a read-only field in the web browser interface. The Active value indicates the SNMPv3 User Table entry takes effect immediately. 12. Click Apply to update the SNMPv3 User Table. 13.
Chapter 18: SNMPv3 Configuring the SNMPv3 View Table You can create, delete, and modify an SNMPv3 View Table entry. See the following procedures: “Creating a View Table Entry” on page 234 “Deleting a View Table Entry” on page 237 “Modifying a View Table Entry” on page 237 For reference information about the SNMPv3 View Table, see Chapter 21, “SNMPv3” in the AT-S63 Management Software Menus Interface User’s Guide.
AT-S63 Management Software Web Browser Interface User’s Guide The SNMPv3 View Table tab is shown in Figure 83. Figure 83. SNMPv3 View Table Tab (Configuration) 4. Click Add. The Add New SNMPv3 View page is shown in Figure 84. Figure 84. Add New SNMPv3 View Page 5. In the View Name field, enter a descriptive name for this view. Assign a name that reflects the subtree OID, for example, “internet.” Enter a unique name of up to 32 alphanumeric characters.
Chapter 18: SNMPv3 Note The “defaultViewAll” value is the default entry for the SNMPv1 and SNMPv2c configuration. You cannot use the default value for an SNMPv3 View Table entry. 6. In the Subtree OID field, enter a subtree that this view will or will not be permitted to display. You can enter either a numeric value in hex format or the equivalent text name. For example, the OID hex format for TCP/IP is: 1.3.6.1.2.1.6 The text format is for TCP/IP is: tcp 7.
AT-S63 Management Software Web Browser Interface User’s Guide NonVolatile Select this storage type if you want the ability to save an entry in the View Table. After making changes to a View Table entry with a NonVolatile storage type, the Save Config option is displayed on the Configuration menu. Allied Telesyn recommends this storage type. Note The Row Status parameter is a read-only field in the web browser interface. The Active value indicates the SNMPv3 View Table entry takes effect immediately. 10.
Chapter 18: SNMPv3 2. Select the SNMP tab. The SNMP tab is shown in Figure 79 on page 224. 3. In the SNMPv3 section, click the button next to Configure View Table and then click Configure at the bottom of the tab. The SNMPv3 View Table tab is shown in Figure 83 on page 235. 4. Click the button next to the SNMPv3 View Table entry to be changed and then click Modify. The Modify SNMPv3 View page is shown in Figure 85. Figure 85. Modify SNMPv3 View Page 5.
AT-S63 Management Software Web Browser Interface User’s Guide Included Enter this value to permit the View Name to see the subtree specified above. Excluded Enter this value to not permit the View Name to see the subtree specified above. 7. In the Storage Type field, enter a storage type for this table entry: Volatile Select this storage type if you do not want the ability to save an entry in the Target Parameters Table.
Chapter 18: SNMPv3 Configuring the SNMPv3 Access Table You can create, delete, and modify an SNMPv3 Access Table entry. See the following procedures: “Creating an Access Table” on page 240 “Deleting an Access Table Entry” on page 243 “Modifying an Access Table Entry” on page 244 For information about the SNMPv3 Access Table, see Chapter 21, “SNMPv3” in the AT-S63 Management Software Menus Interface User’s Guide.
AT-S63 Management Software Web Browser Interface User’s Guide 4. To create an SNMPv3 Access Table entry, click Add. The Add New SNMPv3 Access page is shown in Figure 87. Figure 87. Add New SNMPv3 Access Page 5. In the Group Name field, enter a descriptive name of the group. The Group Name can consist of up to 32 alphanumeric characters.
Chapter 18: SNMPv3 This parameter allows the users assigned to this Group Name to view the information specified by the View Table entry. This value does not need to be unique. 7. In the Write View Name field, enter a value that you configured with the View Name parameter in the SNMPv3 View Table. This parameter allows the users assigned to this Security Group to write, or modify, the information in the specified View Table. This value does not need to be unique. 8.
AT-S63 Management Software Web Browser Interface User’s Guide protocol. Select this security level if you want to authenticate SNMP users, but you do not want to encrypt messages using a privacy protocol.You can select this value if you configured the Security Model parameter with the SNMPv3 protocol. Privacy This option represents authentication and the privacy protocol. Select this security level to allow authentication and encryption. This level provides the greatest level of security.
Chapter 18: SNMPv3 2. Select the SNMP tab. The SNMP tab is shown in Figure 79 on page 224. 3. In the SNMPv3 section, click the button next to Configure Access Table and then click Configure at the bottom of the tab. The SNMPv3 Access Table tab is shown in Figure 86 on page 240. 4. Click Next or Previous to display the Access Table entry to be deleted. 5. Click Remove. A warning message is displayed. Click OK to remove the Access Table entry. 6.
AT-S63 Management Software Web Browser Interface User’s Guide Figure 88. Modify SNMPv3 Access Page Note The Context Prefix field is a read-only field. The Context Prefix field is always set to null. 6. In the Read View Name field, enter a value that you configured with the View Name parameter in the View Table. This parameter allows the users assigned to this Group Name to view the information specified by the View Table entry. This value does not need to be unique. 7.
Chapter 18: SNMPv3 Note The Context Match field is a read only field. The Context Match field is always set to Exact. 9. In the Storage Type field, select one of the following storage types for this table entry: Volatile Select this storage type if you do not want the ability to save an entry in the Access Table. After making changes to an Access Table entry with a Volatile storage type, the Save Config option is not displayed on the Configuration menu.
AT-S63 Management Software Web Browser Interface User’s Guide Configuring the SNMPv3 SecurityToGroup Table You can create, delete, and modify an SNMPv3 SecurityToGroup Table entry.
Chapter 18: SNMPv3 The SNMPv3 SecurityToGroup Table tab is shown in Figure 89. Figure 89. SNMPv3 SecurityToGroup Table Tab (Configuration) 4. To create an SNMPv3 SecurityToGroup Table entry, click Add. The Add New SNMPv3 SecurityToGroup page is shown in Figure 90. Figure 90. Add New SNMPv3 SecurityToGroup Page 5. In the Security Model field, select the SNMP protocol that was configured for this User Name.
AT-S63 Management Software Web Browser Interface User’s Guide v2c Select this value to associate the Group Name with the SNMPv2c protocol. v3 Select this value to associate the Group Name with the SNMPv3 protocol. 6. In the Security Name field, enter the User Name to be associated with a group. Enter a User Name that you configured in “Creating a User Table Entry” on page 226. 7. In the Group Name field, enter a Group Name that you configured in the Access Table. See “Creating an Access Table” on page 240.
Chapter 18: SNMPv3 10. To permanently save your changes, select the Save Config option in the Configuration menu. Deleting a SecurityToGroup Table Entry To delete an entry SNMPv3 SecurityToGroup Table, perform the following procedure: 1. From the home page, select Configuration. The Configuration System page is displayed with the General tab selected by default, as shown in Figure 5 on page 44. 2. Select the SNMP tab. The SNMP tab is shown in Figure 79 on page 224. 3.
AT-S63 Management Software Web Browser Interface User’s Guide 4. Click the button next to the SecurityToGroup Table entry to be changed, and then click Modify. The Modify SNMPv3 SecurityToGroup page is shown in Figure 91. Figure 91. Modify SNMPv3 SecurityToGroup Page 5. In the Group Name field, enter a Group Name that you configured in the SNMPv3 Access Table. See “Creating an Access Table” on page 240.
Chapter 18: SNMPv3 Note The Row Status parameter is a read-only field in the web browser interface. The Active value indicates the SNMPv3 SecurityToGroup Table entry takes effect immediately. 7. Click Apply to update the SNMPv3 SecurityToGroup Table. 8. To permanently save your changes, select the Save Config option in the Configuration menu.
AT-S63 Management Software Web Browser Interface User’s Guide Configuring the SNMPv3 Notify Table You can create, delete, and modify an SNMPv3 Notify Table entry. See the following procedures: “Creating a Notify Table Entry” on page 253 “Deleting a Notify Table Entry” on page 255 “Modifying a Notify Table Entry” on page 256 For reference information about the SNMPv3 Notify Table, see Chapter 21, “SNMPv3” in the AT-S63 Management Software Menus Interface User’s Guide.
Chapter 18: SNMPv3 The SNMPv3 Notify Table tab is shown in Figure 92. Figure 92. SNMPv3 Notify Table Tab (Configuration) 4. Click Add. The Add New SNMPv3 Notify page is shown in Figure 93. Figure 93. Add New SNMPv3 Notify Page 5. In the Notify Name field, enter the name associated with this trap message. Enter a descriptive name of up to 32 alphanumeric characters.
AT-S63 Management Software Web Browser Interface User’s Guide Enter a name of up to 32 alphanumeric characters. 7. In the Notify Type field, enter one of the following message types: Trap Indicates this notify table is used to send traps. With this message type, the switch does not expects a response from the host. Inform Indicates this notify table is used to send inform messages. With this message type, the switch expects a response from the host. 8.
Chapter 18: SNMPv3 4. Click the button next to the Notify Table entry to be deleted, and then click Remove. A warning message is displayed. 5. Click OK. 6. To permanently save your changes, select the Save Config option in the Configuration menu. Modifying a Notify Table Entry To modify an entry in the SNMPv3 Notify Table, perform the following procedure: 1. From the home page, select Configuration.
AT-S63 Management Software Web Browser Interface User’s Guide 6. In the Notify Type field, enter one of the following message types: Trap Indicates this notify table is used to send traps. With this message type, the switch does not expects a response from the host. Inform Indicates this notify table is used to send inform messages. With this message type, the switch expects a response from the host. 7.
Chapter 18: SNMPv3 Configuring the SNMPv3 Target Address Table You can create, delete, and modify an SNMPv3 Target Address Table entry. See the following procedures: “Creating a Target Address Table Entry” on page 258 “Deleting a Target Address Table Entry” on page 261 “Modifying Target Address Table Entry” on page 262 For reference information about the SNMPv3 Target Address Table, see Chapter 21, “SNMPv3” in the AT-S63 Management Software Menus Interface User’s Guide.
AT-S63 Management Software Web Browser Interface User’s Guide The SNMPv3 Target Address Table tab is shown in Figure 95. Figure 95. SNMPv3 Target Address Table Tab (Configuration) 4. Click Add. The Add New SNMPv3 Target Address page is shown in Figure 96. Figure 96. Add New SNMPv3 Target Address Page 5. In the Target Address Name field, enter the name of the SNMP manager, or host, that manages the SNMP activity on your switch.
Chapter 18: SNMPv3 You can enter a name of up to 32 alphanumeric characters. 6. In the IP Address field, enter the IP address of the host. Use the following format for an IP address: XXX.XXX.XXX.XXX 7. In the UDP Port Number field, enter a UDP port number. You can enter a UDP port in the range of 0 to 65,535. The default UDP port is 162. 8. In the Timeout field, enter a timeout value in milliseconds. When an Inform message is generated, it requires a response from the switch.
AT-S63 Management Software Web Browser Interface User’s Guide NonVolatile Select this storage type if you want the ability to save an entry in the Target Address Table. After making changes to a Target Address Table entry with a NonVolatile storage type, the Save Config option is displayed on the Configuration menu. Allied Telesyn recommends this storage type. Note The Row Status parameter is a read-only field in the web browser interface.
Chapter 18: SNMPv3 Modifying Target Address Table Entry To modify an entry in the SNMPv3 Target Address Table, perform the following procedure: 1. From the home page, select Configuration. The Configuration System page is displayed with the General tab selected by default, as shown in Figure 5 on page 44. 2. Select the SNMP tab. The SNMP tab is shown in Figure 79 on page 224. 3.
AT-S63 Management Software Web Browser Interface User’s Guide 7. In the UDP Port Number field, enter a UDP port number. You can enter a UDP port in the range of 0 to 65,535. The default UDP port is 162. 8. In the Timeout field, enter a timeout value in milliseconds. When an Inform message is generated, it requires a response from the switch. The timeout value determines how long the switch considers the Inform message an active message. This parameter applies to Inform messages only.
Chapter 18: SNMPv3 13. Click Apply to update the SNMPv3 Target Address Table. 14. To permanently save your changes, select the Save Config option in the Configuration menu.
AT-S63 Management Software Web Browser Interface User’s Guide Configuring the SNMPv3 Target Parameters Table You can create, delete, and modify an SNMPv3 Target Parameters Table entry.
Chapter 18: SNMPv3 4. Click Add. The Add New SNMPv3 Target Parameter page is shown in Figure 99. Figure 99. Add New SNMPv3 Target Parameters Page 5. In the Target Parameters Name field, enter a name of the SNMP manager or host. Enter a value of up to 32 alphanumeric characters. Note Enter a value for the Message Processing Model parameter only if you select SNMPv1 or SNMPv2c as the Security Model.
AT-S63 Management Software Web Browser Interface User’s Guide v1 Select this value to associate the Security Name, or User Name, with the SNMPv1 protocol. v2c Select this value to associate the Security Name, or User Name, with the SNMPv2c protocol. v3 Select this value to associate the Security Name, or User Name, with the SNMPv3 protocol. 8. In the Security Name field, enter a User Name that you previously configured with the SNMPv3 User Table. See “Creating a User Table Entry” on page 226. 9.
Chapter 18: SNMPv3 10. In the Storage Type parameter, select one of the following storage types for this table entry: Volatile Select this storage type if you do not want the ability to save an entry in the Target Parameters Table. After making changes to a Target Parameters Table entry with a Volatile storage type, the Save Config option is not displayed on the Configuration menu. NonVolatile Select this storage type if you want the ability to save an entry in the Target Parameters Table.
AT-S63 Management Software Web Browser Interface User’s Guide 6. To permanently save your changes, select the Save Config option in the Configuration menu. Modifying a Target Parameters Table Entry To modify an entry in the SNMPv3 Target Parameters Table, perform the following procedure: 1. From the home page, select Configuration. The Configuration System page is displayed with the General tab selected by default, as shown in Figure 5 on page 44. 2. Select the SNMP tab.
Chapter 18: SNMPv3 Note Enter a value for the Message Processing Model field only if you select SNMPv1 or SNMPv2c as the Security Model. If you select the SNMPv3 protocol as the Security Model, then the switch automatically assigns the Message Processing Model to SNMPv3. 5. In the Message Processing Model field, enter a Security Model that is used to process messages. Select one of the following SNMP protocols: v1 Select this value to process messages with the SNMPv1 protocol.
AT-S63 Management Software Web Browser Interface User’s Guide Select this security level if you do not want to authenticate SNMP entities and you do not want to encrypt messages using a privacy protocol. This security level provides the least security. Note If you have selected SNMPv1 or SNMPv2c as the Security Model, you must select No Authentication/Privacy as the Security Level. Authentication This option represents authentication, but no privacy protocol.
Chapter 18: SNMPv3 Configuring the SNMPv3 Community Table You can create, delete, and modify an SNMPv3 Community Table entry. See the following procedures: “Creating an SNMPv3 Community Table Entry” on page 272 “Deleting an SNMPv3 Community Table Entry” on page 275 “Modifying an SNMPv3 Community Table Entry” on page 275 For reference information about the SNMPv3 Community Table, see Chapter 21, “SNMPv3” in the AT-S63 Management Software Menus Interface User’s Guide.
AT-S63 Management Software Web Browser Interface User’s Guide The SNMPv3 Community Table tab is shown in Figure 101. Figure 101. SNMPv3 Community Table Tab (Configuration) 4. Click Add. The Add New SNMPv3 Community page is shown in Figure 102. Figure 102. Add New SNMPv3 Community Page 5. In the Community Index field, enter a numerical value for this Community. This parameter is used to index the other parameters in an SNMPv3 Community Table entry. Enter a value of up to 32- alphanumeric characters. 6.
Chapter 18: SNMPv3 The value of the Community Name parameter acts as a password for the SNMPv3 Community Table entry. This parameter is case sensitive. Note Allied Telesyn recommends that you select SNMP Community Names carefully to ensure these names are known only to authorized personnel. 7. In the Security Name field, enter a name of an SNMPv1 and SNMPv2c user. This name must be unique. Enter a value of up to 32 alphanumeric characters.
AT-S63 Management Software Web Browser Interface User’s Guide Note The Row Status parameter is a read-only field in the web browser interface. The Active value indicates the SNMPv3 Community Table entry takes effect immediately. 10. Click Apply. 11. To permanently save your changes, select the Save Config option in the Configuration menu. Deleting an SNMPv3 Community Table Entry To delete an entry in the SNMPv3 Community Table, perform the following procedure: 1. From the home page, select Configuration.
Chapter 18: SNMPv3 3. In the SNMPv3 section, click the button next to Configure Community Table, and then click Configure at the bottom of the tab. The SNMPv3 Community Table tab is shown in Figure 101 on page 273. 4. Click the button next to the SNMPv3 Community Table entry to be changed and then click Modify. The Modify SNMPv3 Community page is shown in Figure 103. Figure 103. Modify SNMPv3 Community Page 5. In the Community Name field, enter a Community Name of up to 64alphanumeric characters.
AT-S63 Management Software Web Browser Interface User’s Guide Note Do not use a value configured with the User Name parameter in the SNMPv3 User Table. 7. In the Transport Tag field, enter a name of up to 32 alphanumeric characters. The Transport Tag parameter links an SNMPv3 Community Table entry with an SNMPv3 Target Address Table entry. Add the value you configure for the Transport Tag parameter to the Tag List parameter in the Target Address Table as desired.
Chapter 18: SNMPv3 Displaying SNMPv3 Tables This section contains procedures to display the SNMPv3 Tables.
AT-S63 Management Software Web Browser Interface User’s Guide The SNMP tab is shown in Figure 104. Figure 104. SNMP Tab (Monitoring) 4. In the SNMPv3 section, click the button next to View User Table and then click View at the bottom of the tab.
Chapter 18: SNMPv3 The SNMPv3 User Table tab is shown in Figure 105. Figure 105. SNMPv3 User Table Tab (Monitoring) Displaying View Table Entries To display entries in the SNMPv3 View Table, perform the following procedure: 1. From the Home page, select Monitoring. The Monitoring System page is displayed with the General tab selected by default, as shown in Figure 9 on page 57. 2. Select the SNMP tab. The SNMP tab is shown in Figure 104 on page 279. 3.
AT-S63 Management Software Web Browser Interface User’s Guide The SNMPv3 View Table tab is shown in Figure 106. Figure 106. SNMPv3 View Table Tab (Monitoring) Displaying Access Table Entries To display entries in the SNMPv3 Access Table, perform the following procedure: 1. From the Home page, select Monitoring. The Monitoring System page is displayed with the General tab selected by default, as shown in Figure 9 on page 57. 2. Select the SNMP tab. The SNMP tab is shown in Figure 104 on page 279. 3.
Chapter 18: SNMPv3 The SNMPv3 Access Table tab is shown in Figure 107. Figure 107. SNMPv3 Access Table Tab (Monitoring) Displaying SecurityToGroup Table Entries To display entries in the SNMPv3 SecurityToGroup Table, perform the following procedure: 1. From the Home page, select Monitoring. The Monitoring System page is displayed with the General tab selected by default, as shown in Figure 9 on page 57. 2. Select the SNMP tab. The SNMP tab is shown in Figure 104 on page 279. 3.
AT-S63 Management Software Web Browser Interface User’s Guide The SNMPv3 SecurityToGroup Table tab is shown in Figure 108. Figure 108. SNMPv3 SecurityToGroup Table Tab (Monitoring) Displaying Notify Table Entries To display entries in the SNMPv3 Notify Table, perform the following procedure: 1. From the Home page, select Monitoring. The Monitoring System page is displayed with the General tab selected by default, as shown in Figure 9 on page 57. 2. Select the SNMP tab.
Chapter 18: SNMPv3 The SNMPv3 Notify Table tab is shown in Figure 109. Figure 109. SNMPv3 Notify Table Tab (Monitoring) Displaying Target Address Table Entries To display entries in the SNMPv3 Target Address Table, perform the following procedure: 1. From the Home page, select Monitoring. The Monitoring System page is displayed with the General tab selected by default, as shown in Figure 9 on page 57. 2. Select the SNMP Tab. The SNMP tab is shown in Figure 104 on page 279. 3.
AT-S63 Management Software Web Browser Interface User’s Guide The SNMPv3 Target Address Table tab is shown in Figure 110. Figure 110. SNMPv3 Target Address Table Tab (Monitoring) Displaying Target Parameters Table Entries To display entries in the SNMPv3 Target Parameters Table, perform the following procedure: 1. From the Home page, select Monitoring. The Monitoring System page is displayed with the General tab selected by default, as shown in Figure 9 on page 57. 2. Select the SNMP tab.
Chapter 18: SNMPv3 The SNMPv3 Target Parameters Table tab is shown in Figure 111. Figure 111. SNMPv3 Target Parameters Table Tab (Monitoring) Displaying SNMPv3 Community Table Entries To display entries in the SNMPv3 Community Table, perform the following procedure: 1. From the Home page, select Monitoring. The Monitoring System page is displayed with the General tab selected by default, as shown in Figure 9 on page 57. 2. Select the SNMP tab. The SNMP tab is shown in Figure 104 on page 279. 3.
AT-S63 Management Software Web Browser Interface User’s Guide The SNMPv3 Community Table tab is shown in Figure 112. Figure 112.
Chapter 18: SNMPv3 288 Section III: SNMPv3
Section IV Spanning Tree Protocols The chapters in this section contain the procedures for configuring the spanning tree protocols.
Section IV: Spanning Tree Protocols
Chapter 19 Spanning Tree and Rapid Spanning Tree Protocols This chapter explains how to configure the STP and RSTP parameters on an AT-9400 Series switch. The sections in the chapter include: “Enabling or Disabling a Spanning Tree Protocol” on page 292 “Configuring STP” on page 294 “Configuring RSTP” on page 302 Note For background information, refer to Chapter 22, “Spanning Tree and Rapid Spanning Tree Protocols,” in the AT-S63 Management Software Menus Interface User’s Guide.
Chapter 19: Spanning Tree and Rapid Spanning Tree Protocols Enabling or Disabling a Spanning Tree Protocol To enable or disable spanning tree on the switch or to select the active spanning tree protocol, perform the following procedure: 1. From the Home page, select Configuration. 2. From the Configuration menu, select the Layer 2 option. 3. Select the Spanning Tree tab. The Spanning Tree tab is shown in Figure 113. Figure 113. Spanning Tree Tab (Configuration) 4.
AT-S63 Management Software Web Browser Interface User’s Guide 7. To permanently save your changes, select the Save Config option in the Configuration menu. 8. If you activated STP, go to “Configuring STP” on page 294. If you activated RSTP go to Step “Configuring RSTP” on page 302. If you activated MSTP, go to Chapter 20, ”Multiple Spanning Tree Protocol” on page 311.
Chapter 19: Spanning Tree and Rapid Spanning Tree Protocols Configuring STP This section contains the following procedures: ”Configuring STP Bridge Settings”, next “Configuring STP Port Settings” on page 297 “Displaying the STP Settings” on page 298 “Resetting STP to the Default Settings” on page 300 Caution The bridge provides default STP parameters that are adequate for most networks.
AT-S63 Management Software Web Browser Interface User’s Guide The Configure STP Parameters tab is shown in Figure 114. Figure 114. Configure STP Parameters Tab (Configuration) Note The Defaults button returns all STP settings to the default settings. 5. Configure the following parameters as necessary. Bridge Priority The priority number for the bridge. This number is used in determining the root bridge for STP. The bridge with the lowest priority number is selected as the root bridge.
Chapter 19: Spanning Tree and Rapid Spanning Tree Protocols Table 6. Bridge Priority Value Increments Bridge Priority Increment Bridge Priority Increment 0 0 8 32768 1 4096 9 36864 2 8192 10 40960 3 12288 11 45056 4 16384 12 49152 5 20480 13 53248 6 24576 14 57344 7 28672 15 61440 Bridge Hello Time The time interval between generating and sending configuration messages by the bridge. This parameter can be from 1 to 10 seconds. The default is 2 seconds.
AT-S63 Management Software Web Browser Interface User’s Guide Bridge Identifier The MAC address of the bridge. The bridge identifier is used as a tie breaker in the selection of the root bridge when two or more bridges have the same bridge priority value. This value cannot be changed. Root Bridge The MAC address of the root bridge of the spanning tree domain. This value cannot be changed and is only displayed when STP is activated on the switch.
Chapter 19: Spanning Tree and Rapid Spanning Tree Protocols Table 7. Port Priority Value Increments Bridge Priority Increment Increment Bridge Priority 0 0 8 128 1 16 9 144 2 32 10 160 3 48 11 176 4 64 12 192 5 80 13 208 6 96 14 224 7 112 15 240 Port Cost The spanning tree algorithm uses the cost parameter to decide which port provides the lowest cost path to the root bridge for that LAN. The range is 0 to 65,535.
AT-S63 Management Software Web Browser Interface User’s Guide The Spanning Tree tabs is shown in Figure 116. Figure 116. Spanning Tree Tab (Monitoring) 4. Click View. The Monitor STP Parameters tab is shown in Figure 117. Figure 117.
Chapter 19: Spanning Tree and Rapid Spanning Tree Protocols 5. To view port settings, click a port in the switch and click Status or Settings. The STP Settings page is shown in Figure 118. Figure 118. STP Settings Page The STP Settings page displays a table that contains the following columns of information: Port The port number. State Current state of a port. The possible states are Listening, Learning, Forwarding, or Blocking when spanning tree is enabled on the switch.
AT-S63 Management Software Web Browser Interface User’s Guide 5. Click Configure. The Configure STP Parameters tab is shown in Figure 114 on page 295. 6. Click Defaults. The STP settings are returned to their default values. 7. To permanently save your changes, select the Save Config option in the Configuration menu.
Chapter 19: Spanning Tree and Rapid Spanning Tree Protocols Configuring RSTP This section contains the following procedures: ”Configuring RSTP Bridge Settings”, next “Configuring RSTP Port Settings” on page 305 “Displaying RSTP Settings” on page 306 “Resetting RSTP to the Default Settings” on page 309 Caution The bridge provides default RSTP parameters that are adequate for most networks.
AT-S63 Management Software Web Browser Interface User’s Guide The Configure RSTP Bridge Parameters tab is shown in Figure 119. Figure 119. Configure RSTP Parameters Tab (Configuration) 5. Configure the following parameters as necessary. Force Version This selection determines whether the bridge operates with RSTP or in an STP-compatible mode. If you select RSTP, the bridge operates all ports in RSTP, except for those ports that receive STP BPDU packets.
Chapter 19: Spanning Tree and Rapid Spanning Tree Protocols Bridge Hello Time The time interval between generating and sending configuration messages by the bridge. This parameter can be from 1 to 10 seconds. The default is 2 seconds. Bridge Forwarding The waiting period before a bridge changes to a new state, for example, becomes the new root bridge after the topology changes. If the bridge transitions too soon, not all links may have yet adapted to the change, possibly resulting in a network loop.
AT-S63 Management Software Web Browser Interface User’s Guide Configuring RSTP Port Settings To configure RSTP port parameters, perform the following procedure: 1. Perform steps 1 to 4 in “Configuring RSTP Bridge Settings” on page 302 to display the Spanning Tree tab. 2. To configure RSTP port settings, click on the port in the switch image and click Modify. You can select more than one port at a time. The RSTP Settings - Port(s) page is shown in Figure 120. Figure 120. RSTP Settings - Port(s) Page 3.
Chapter 19: Spanning Tree and Rapid Spanning Tree Protocols Point-to-Point This parameter defines whether the port is functioning as a point-topoint port. The possible settings are Yes, No, and Auto-Detect. For an explanation of this parameter, refer to “Point-to-Point and Edge Ports” in Chapter 22, “Spanning Tree and Rapid Spanning Tree Protocols” in the AT-S63 Management Software Menus Interface User’s Guide. Edge Port This parameter defines whether the port is functioning as an edge port.
AT-S63 Management Software Web Browser Interface User’s Guide The Monitor RSTP Parameters tab is shown in Figure 121. Figure 121. Monitor RSTP Parameters Tab (Monitoring) 5. To view port settings, click a port in the switch image and click Status or Settings. You can select more than one port. An example of the RSTP Status page is shown in Figure 123. Figure 122. RSTP Port Status Page The RSTP Port Status page displays a table that contains the following columns of information: Port The port number.
Chapter 19: Spanning Tree and Rapid Spanning Tree Protocols The possible states for a port connected to a device running STP are Listening, Learning, Forwarding, and Blocking. The possible states for a port not being used or where spanning tree is not activated is Disabled. Role The RSTP role of the port. Possible roles are: Root - The port that is connected to the root switch, directly or through other switches, with the least path cost.
AT-S63 Management Software Web Browser Interface User’s Guide Edge-Port Whether or not the port is operating as an edge port. The possible settings are Yes and No. Point-to-Point Whether or not the port is functioning as a point-to-point port. The possible settings are Yes, No, and Auto Detect. Cost Port cost of the port. The default is Auto Update. Priority The number used as a tie-breaker when two or more ports have equal costs to the root bridge. 6. Click OK to close the page.
Chapter 19: Spanning Tree and Rapid Spanning Tree Protocols 310 Section IV: Spanning Tree Protocols
Chapter 20 Multiple Spanning Tree Protocol This chapter explains how to configure multiple spanning tree protocol (MSTP) parameters on an AT-9400 Series switch using a web browser management session.
Chapter 20: Multiple Spanning Tree Protocol Enabling MSTP The AT-9400 Series switch can support the three spanning tree protocols STP, RSTP, and MSTP. However, only one spanning tree protocol can be active on the switch at a time. So before you can enable a spanning tree protocol, you must first select it as the active spanning tree protocol. After you select it, you can then enable or disable it.
AT-S63 Management Software Web Browser Interface User’s Guide 4. To change the active spanning tree protocol on the switch, click STP, RSTP, or MSTP in the Active Protocol Version section of the tab. The default is RSTP. Note Only one spanning tree protocol can be active on the switch at a time. 5. To enable or disable the active spanning tree protocol on the switch, click the Enable Spanning Tree check box.
Chapter 20: Multiple Spanning Tree Protocol Configuring MSTP This section contains the following procedures: “Configuring MSTP Parameters,” next “Configuring the CIST Priority” on page 317 “Managing MSTIs” on page 318 “Configuring MSTP Port Parameters” on page 322 Note MSTP must be selected as the active spanning tree protocol on the switch before you can configure it. For instructions on selecting the active spanning tree, refer to “Enabling MSTP” on page 312.
AT-S63 Management Software Web Browser Interface User’s Guide Figure 125. Configure MSTP Parameters Tab (Configuration) Note This procedure explains the Configure MSTP Parameters section of the page. The CIST/MSTI Table is explained in “Creating an MSTI” on page 318, “Modifying an MSTI” on page 319, and “Deleting an MSTI” on page 320. The graphic image of the switch is described in “Configuring MSTP Port Parameters” on page 322.
Chapter 20: Multiple Spanning Tree Protocol Configure the following parameters as necessary. Force Version This selection determines whether the bridge operates with MSTP or in an STP-compatible mode. If you select MSTP, the bridge operates all ports in MSTP, except those ports that receive STP or RSTP BPDU packets. If you select Force STP Compatible, the bridge uses its MSTP parameter settings, but sends only STP BPDU packets from the ports. The default is MSTP.
AT-S63 Management Software Web Browser Interface User’s Guide Bridge Max Hops MSTP regions use this parameter to discard BPDUs. The Max Hop counter in a BPDU is decremented every time the BPDU crosses an MSTP region boundary. After the counter reaches zero, the BPDU is deleted. Revision Level The revision level of an MSTP region. This is an arbitrary number that you assign to a region. The revision level must be the same on all bridges in a region.
Chapter 20: Multiple Spanning Tree Protocol Managing MSTIs This section contains the following procedures: Creating an MSTI “Creating an MSTI” on page 318 “Modifying an MSTI” on page 319 “Deleting an MSTI” on page 320 To create an MSTI, perform the following procedure: 1. From the home page, select Configuration. 2. From the Configuration menu, select the Layer 2 option. 3. Select the Spanning Tree tab. The Spanning Tree tab is shown in Figure 113 on page 292. 4. Click Configure.
AT-S63 Management Software Web Browser Interface User’s Guide 7. In the Priority field, enter an MSTI Priority value. This parameter is used in selecting a regional root for the MSTI. The range is 0 (zero) to 61,440 in increments of 4,096, with 0 being the highest priority. This parameter is used in selecting a regional root for the MSTI. For a list of the increments, refer to Table 6, “Bridge Priority Value Increments” on page 296. The default is 0. 8.
Chapter 20: Multiple Spanning Tree Protocol The Modify MSTI page is shown in Figure 127. Figure 127. Modify MSTI Page 7. To change the MSTI’s priority value, enter a value in the Priority field. This parameter is used in selecting a regional root for the MSTI. The range is 0 (zero) to 61,440 in increments of 4,096, with 0 being the highest priority. For a list of the increments, refer toTable 6, “Bridge Priority Value Increments” on page 296. The default is 0. 8.
AT-S63 Management Software Web Browser Interface User’s Guide 7. A confirmation prompt is displayed. 8. Click OK to delete the MSTI or Cancel to cancel the procedure. If you select OK, the MSTI is deleted and VLANs associated with it are returned to CIST, which has an ID of 0. 9. Repeat steps 5 to 8 to delete additional MSTIs. 10. To permanently save your changes, select the Save Config option in the Configuration menu.
Chapter 20: Multiple Spanning Tree Protocol Configuring MSTP Port Parameters To configure MSTP port parameters, perform the following procedure: 1. From the home page, select Configuration. 2. From the Configuration menu, select the Layer 2 option. 3. Select the Spanning Tree tab. The Spanning Tree tab is shown in Figure 124 on page 312. 4. Click Configure. The expanded MSTP Spanning Tree tab is shown in Figure 125 on page 315. 5.
AT-S63 Management Software Web Browser Interface User’s Guide Point-to-point port Edge port An MSTI-specific parameter can be set on a per MSTI basis. This means that you can assign a different value to a MSTI-specific parameter for each spanning tree instance where a port is a member. These parameters are: Internal path cost Port priority When setting an MSTI-specific parameter, use the MSTI List in the window to select the intended MSTI.
Chapter 20: Multiple Spanning Tree Protocol Table 9. MSTP Auto Update Port Trunk Internal Path Costs Port Speed 1000 Mbps Port Cost 2,000 MSTI List The MSTIs defined on the switch. You can use this list when setting the port priority and port internal path cost parameters to assign different values to a port for each MSTI when the port is a member. Before setting priority or internal path cost, select the appropriate MSTI where you want the new setting to be applied on the port.
AT-S63 Management Software Web Browser Interface User’s Guide Table 11 lists the MSTP port costs with the Auto setting when the port is part of a port trunk. Table 11. MSTP Auto External Path Trunk Costs Port Speed Port Cost 10 Mbps 20,000 100 Mbps 20,000 1000 Mbps 2,000 Edge Port This parameter defines whether the port is functioning as an edge port. The possible settings are Yes and No.
Chapter 20: Multiple Spanning Tree Protocol Displaying the MSTP Configuration To display the MSTP configuration, perform the following procedure: 1. From the Home page, select Monitoring. 2. From the Monitoring menu, select the Layer 2 option. 3. Select the Spanning Tree tab. The Spanning Tree tab is shown in Figure 113 on page 292. This tab displays information on whether spanning tree is enable or disabled and which protocol version, STP, RSTP, or MSTP is active. 4. Click View.
AT-S63 Management Software Web Browser Interface User’s Guide The MSTP Parameters tab is shown in Figure 129. Figure 129. Monitor MSTP Parameters Tab (Monitoring) The Monitor MSTP Parameters section displays the current MSTP parameter settings and the settings for the same parameters from the root bridge of the spanning tree domain. For definitions of the parameters, refer to “Configuring MSTP Parameters” on page 314. 5. To view MSTP port settings or status, click a port.
Chapter 20: Multiple Spanning Tree Protocol 6. In the CIST/MSTI field, specify the MSTI where the port is a member through its VLAN assignment. You can specify only one value. The default is 0 for CIST. 7. Click Settings or Status. The MSTP Settings - Port (s) page is shown in Figure 130. Figure 130. MSTP Settings - Port(s) Page The MSTP Settings page displays a table that contains the following columns of information: Port The port number. Edge-Port Whether the port is functioning as an edge port.
AT-S63 Management Software Web Browser Interface User’s Guide The MSTP Port Status - Port(s) page is shown in Figure 131. Figure 131. MSTP Port Status - Port(s) Page The MSTP Port Status page displays a table with the following columns of information: Port The port number. State The MSTP state of the port. The possible states are: Discarding - The port is discarding received packets and is not submitting forwarded packets for transmission.
Chapter 20: Multiple Spanning Tree Protocol P2P Whether or not the port is functioning as a point-to-point port. The possible settings are Yes, No, and Auto-Detect. Version Whether the port is operating in MSTP mode or STP-compatible mode. Internal Port Cost The port cost when the port is connected to a bridge in the same MSTP region. 8. Click OK to close the page.
AT-S63 Management Software Web Browser Interface User’s Guide Resetting MSTP to the Default Settings To reset MSTP to the factory default settings, perform the following procedure: 1. From the home page, select Configuration. 2. From the Configuration menu, select the Layer 2 option. 3. Select the Spanning Tree tab. The Spanning Tree tab is shown in Figure 124 on page 312. 4. Click Configure. The expanded MSTP Spanning Tree tab is shown in Figure 125 on page 315. 5. Click Defaults.
Chapter 20: Multiple Spanning Tree Protocol 332 Section IV: Spanning Tree Protocols
Section V Virtual LANs The chapters in this section provide information and procedures for basic switch setup using the AT-S63 management software.
Section V: VLANs
Chapter 21 Port-based and Tagged VLANs This chapter explains how to create, modify, and delete port-based and tagged VLANs. This chapter also explains how to select a multiple VLAN mode.
Chapter 21: Port-based and Tagged VLANs Creating a New Port-Based or Tagged VLAN To create a new port-based or tagged VLAN, perform the following procedure: 1. From the Home page, select Configuration. 2. From the Configuration menu, select the Layer 2 option. 3. Select the VLAN tab. The VLAN tab is shown in Figure 132. Figure 132. VLAN Tab (Configuration) Note The Modify and Remove buttons are not shown in the tab if the only VLAN on the switch is the Default_VLAN.
AT-S63 Management Software Web Browser Interface User’s Guide The VLAN List section displays the current VLANs on the switch and contains the following columns of information: VID ID The VLAN ID. (Client) Name The name of the VLAN. Uplink Port This column contains “NA,” meaning Not Applicable, for tagged, portbased, and MAC address-based VLANs. For a protected ports VLAN, this column contains the uplink port(s) for a port group. Tagged uplink ports are designated with “T” and untagged uplink ports with “U.
Chapter 21: Port-based and Tagged VLANs untagged ports of the VLAN. For example, if a particular port is listed as a Configured member of a VLAN, but not as an Actual member, that would mean either the port is currently a part of a Guest VLAN or the supplicant who logged on the port was associated with a VLAN assignment on the authentication server. 4. To add a new VLAN, click Add. The Add New VLAN page is shown in Figure 133. Figure 133. Add New VLAN Page 5.
AT-S63 Management Software Web Browser Interface User’s Guide use VIDs 2 through 24, the default VID value for the first VLAN created on the switch is still VID 2, even though that number is already being used. To prevent inadvertently using the same VID for two different VLANs, you should keep a list of all your network VLANs and their VID values. Name Specify a name for the new VLAN. The name can be from one to fifteen alphanumeric characters in length.
Chapter 21: Port-based and Tagged VLANs 8. To permanently save your changes, select the Save Config option in the Configuration menu.
AT-S63 Management Software Web Browser Interface User’s Guide Modifying a VLAN This procedure explains how to add or remove ports from a tagged or untagged VLAN. When modifying a VLAN, note the following: You cannot change the VID of a VLAN. You cannot change the name of a VLAN using the web browser interface, but you can from the menus or command line interface. You cannot modify VLANs when the switch is operating in one of the multiple VLAN modes.
Chapter 21: Port-based and Tagged VLANs Note Untagged ports added to a VLAN are automatically removed from their current untagged VLAN assignment. Untagged ports removed from a VLAN are returned to the Default_VLAN. Removing an untagged port from the Default_VLAN without assigning it to another VLAN leaves the port as an untagged member of no VLAN. The modified VLAN is now ready for network operations. 8. To permanently save your changes, select the Save Config option in the Configuration menu.
AT-S63 Management Software Web Browser Interface User’s Guide Deleting a VLAN This procedure deletes port-based and tagged VLANs from the switch. Note the following before performing this procedure: You cannot delete the Default_VLAN. You cannot delete a VLAN if it has a routing interface. You must delete the routing interface first. Deleting an interface is not supported from the web browser interface. That management function must be performed from the menus or command line interface.
Chapter 21: Port-based and Tagged VLANs Selecting a VLAN Mode The AT-S63 management software features three VLAN modes: Port-based and tagged VLAN Mode (default mode) IEEE 802.1Q-compliant Multiple VLAN Mode Non-IEEE 802.1Q compliant Multiple VLAN Mode For background information on port-based and tagged VLANs, refer to Chapter 24, “Port-based and Tagged VLANs,” in the AT-S63 Management Software Menus Interface User’s Guide.
AT-S63 Management Software Web Browser Interface User’s Guide Displaying VLANs To display the current VLANs on a switch, perform the following procedure: 1. From the Home page, select Monitoring. 2. From the Monitoring menu, select the Layer 2 option. 3. Select the VLAN tab. The VLAN tab is shown in Figure 134. Figure 134. VLAN Tab (Monitoring) The upper part of the tab displays the following information: VLAN Mode The VLAN mode of the switch.
Chapter 21: Port-based and Tagged VLANs Uplink Port This item only applies when the switch is operating in the IEEE 802.1Q-compliant multiple VLAN mode or the non-IEEE 802.1Qcompliant multiple VLAN modes. It displays the uplink port for the VLANs. The lower part of the tab displays a table that contains the following columns of information: VLAN ID The VID number of the VLAN. (Client) Name The name of the VLAN.
AT-S63 Management Software Web Browser Interface User’s Guide Actual: The current untagged ports of the VLAN. If you are not using 802.1x Port-based Network Access Control, both the Configured and Actual untagged ports of a VLAN will always be the same. If you are using 802.1x and you assigned a Guest VLAN to an authenticator port or you associated an 802.
Chapter 21: Port-based and Tagged VLANs Untagged Ports The untagged ports members of the VLAN. Uplink Ports The uplink port(s) for this group of ports. Name The VLAN name. Protocol Not used. Tagged Ports The tagged ports members of the VLAN. The Protected VLAN Groups section displays the following information: Group Number The number assigned to the group. Port List The ports of the group.
Chapter 22 GARP VLAN Registration Protocol This chapter contains instructions on how to configure GARP VLAN Registration Protocol (GVRP).
Chapter 22: GARP VLAN Registration Protocol Configuring GVRP To configure GVRP, perform the following procedure: 1. From the Home page, select Configuration. 2. From the Configuration menu, select the Layer 2 option. 3. Select the GVRP tab. The GVRP tab is shown in Figure 136. Figure 136. GVRP Tab (Configuration) 4. In the GVRP Parameters section, configure the following parameters as necessary. Note The settings for the three timers must be the same on all GVRPactive network devices.
AT-S63 Management Software Web Browser Interface User’s Guide Leave Time Use this parameter to specify the leave time. The range is 30 to 80 centiseconds and the default is 60 centiseconds. Join Time Use this parameter to specify the join time. The range is 10 to 60 centiseconds and the default is 20 centiseconds.
Chapter 22: GARP VLAN Registration Protocol Enabling or Disabling GVRP on a Port To enable or disable GVRP on a port, perform the following procedure: 1. From the home page, select Configuration. 2. From the Configuration menu, select the Layer 2 option. 3. Select the GVRP tab. The GVRP tab is shown in Figure 136 on page 350. 4. In the GVRP Port Configuration section, click the ports to be to configured. 5. Click Modify. The GVRP Port Configuration page is shown in Figure 137. Figure 137.
AT-S63 Management Software Web Browser Interface User’s Guide Displaying the GVRP Configuration To display the GVRP configuration, perform the following procedure: 1. From the Home page, select Monitoring. 2. From the Monitoring menu, select the Layer 2 option. 3. Select the GVRP tab. The GVRP tab is shown in Figure 138. Figure 138. GVRP Tab (Monitoring) The GVRP Parameters section provides the following information: GVRP The GVRP status, Enabled or Disabled.
Chapter 22: GARP VLAN Registration Protocol Displaying the GVRP Port Configuration To display the GVRP port configuration, perform the following procedure: 1. From the Home page, select Monitoring. 2. From the Monitoring menu, select the Layer 2 option. 3. Select the GVRP tab. The GVRP tab is shown in Figure 138 on page 353. 4. In the View GVRP Parameters section, click View Port Configuration. 5. Click View. The GVRP Port Configuration page is shown in Figure 139. Figure 139.
AT-S63 Management Software Web Browser Interface User’s Guide Displaying the GVRP Database To display the GVRP database, perform the following procedure: 1. From the Home page, select Monitoring. 2. From the Monitoring menu, select the Layer 2 option. 3. Select the GVRP tab. The GVRP tab is shown in Figure 138 on page 353. 4. In the View GVRP Parameters section, click View GVRP Database. 5. Click View. The GVRP Database page is shown in Figure 140. Figure 140.
Chapter 22: GARP VLAN Registration Protocol Displaying the GVRP State Machine To display the GVRP state machine, perform the following procedure: 1. From the Home page, select Monitoring. 2. From the Monitoring menu, select the Layer 2 option. 3. Select the GVRP tab. The GVRP tab is shown in Figure 138 on page 353. 4. In the View GVRP Parameters section, click View GVRP State Machine for VLAN and enter the VLAN number in the box. 5. Click View. The GVRP State Machine for VLAN page is shown in Figure 141.
AT-S63 Management Software Web Browser Interface User’s Guide Table 12. GVRP State Machine Parameters (Continued) Parameter App Meaning Applicant state machine for the GID index on that particular port.
Chapter 22: GARP VLAN Registration Protocol Table 12. GVRP State Machine Parameters (Continued) Parameter Reg Meaning Registrar state machine for the GID index on that particular port. One of: “Mt” Empty “Lv3” Leaving substate 3 (final Leaving substate) “Lv2” Leaving substate 2 “Lv1” Leaving substate 1 “Lv” Leaving substate (initial Leaving substate) “In” In “Fix” Registration Fixed “For” Registration Forbidden The initialized state for the Registrar is Mt.
AT-S63 Management Software Web Browser Interface User’s Guide Displaying the GVRP Counters To display the GVRP counters, perform the following procedure: 1. From the Home page, select Monitoring. 2. From the Monitoring menu, select the Layer 2 option. 3. Select the GVRP tab. The GVRP tab is shown in Figure 138 on page 353. 4. In the View GVRP Parameters section, click View GVRP Counters. 5. Click View. The GVRP Counters page is shown in Figure 142. Figure 142.
Chapter 22: GARP VLAN Registration Protocol Table 13. GVRP Counters (Continued) Parameter Meaning Transmit: Total GARP Packets Total number of GARP PDUs transmitted by this GARP application. Receive: Invalid GARP Number of invalid GARP PDUs received by this Packets GARP application. 360 Receive Discarded: GARP Disabled Number of received GARP PDUs discarded because the GARP application was disabled.
AT-S63 Management Software Web Browser Interface User’s Guide Table 13. GVRP Counters (Continued) Parameter Section V: Virtual LANs Meaning Transmit GARP Messages: JoinEmpty Total number of GARP JoinEmpty messages transmitted for all attributes in the GARP application. Receive GARP Messages: JoinIn Total number of GARP JoinIn messages received for all attributes in the GARP application.
Chapter 22: GARP VLAN Registration Protocol Displaying the GIP Connected Ports Ring To display the GIP connected ports ring, perform the following procedure: 1. From the Home page, select Monitoring. 2. From the Monitoring menu, select the Layer 2 option. 3. Select the GVRP tab. The GVRP tab is shown in Figure 138 on page 353. 4. In the View GVRP Parameters section, click View GIP Connected Ports Ring. 5. Click View. The GIP Connected Ports Ring page is shown in Figure 143. Figure 143.
Section VI Port Security The chapters in this section provide the procedures for configuring port security. The chapters include: Section VI: Port Security Chapter 23, “MAC Address-based Port Security” on page 365 Chapter 24, “802.
Section VI: Port Security
Chapter 23 MAC Address-based Port Security This chapter explains how to configure and display the MAC addressbased security levels on the ports on the switch. It contains the following sections: “Configuring Port Security” on page 366 “Displaying Port Security Levels” on page 369 Note For background information, refer to Chapter 30, “MAC Addressbased Port Security,” in the AT-S63 Management Software Menus Interface User’s Guide.
Chapter 23: MAC Address-based Port Security Configuring Port Security To configure security for the ports, perform the following procedure: 1. From the home page, select Configuration. 2. From the Configuration menu, select the Network Security option. The Network Security page opens with the Port Security tab selected by default, as shown in Figure 144. Figure 144. Port Security Tab (Configuration) 3. In the image of the switch, click the port to be configured and click Modify.
AT-S63 Management Software Web Browser Interface User’s Guide 4. From the Security Mode pull-down menu, select the desired port security level for the port. Options are: Automatic Disables MAC address-based port security on a port. This is the default setting. Limited Allows you to specify a maximum number of dynamic source MAC addresses a port can learn. After learning its maximum number of addresses, a port discards all ingress frames with source MAC addresses not already learned.
Chapter 23: MAC Address-based Port Security You can continue to add new static MAC addresses to a port operating under this security level. 5. If you select the Limited security level, additional options are displayed in the window for you to configure. They are defined here: Intrusion Action Specifies what the switch should do if a port receives an invalid frame. Options are Discard - Discards the invalid frame. Trap - Discards the invalid frame and sends an SNMP trap.
AT-S63 Management Software Web Browser Interface User’s Guide Displaying Port Security Levels To display the MAC address-based security level of a port, perform the following procedure: 1. From the Home page, select Monitoring. 2. From the Monitoring menu, select Network Security. The Network Security page is displayed with the Port Security tab selected by default, as shown in Figure 146. Figure 146. Port Security Tab (Monitoring) 3. Click the port whose port security level is to be displayed.
Chapter 23: MAC Address-based Port Security The Security for Ports page displays a table that contains the following columns of information: Port The number of the port. Security Mode The active security mode on the port. The possible settings are Automatic, Limited, Secured, and Locked. Intruder Action The column specifies the action taken by the switch if a port receives an invalid packet. The possible settings are: Discard - The port discards invalid packets. This is the default.
Chapter 24 802.1x Port-based Network Access Control This chapter contains instructions on how to configure the 802.1x Portbased Network Access Control feature on the switch. The chapter contains the following sections: “Setting Port Roles” on page 372 “Enabling or Disabling 802.
Chapter 24: 802.1x Port-based Network Access Control Setting Port Roles To set port roles for port-based network access control, perform the following procedure: 1. From the home page, select Configuration. 2. From the Configuration menu, select the Network Security option. 3. Select the 802.1x Port Access tab. The 802.1x Port Access tab is shown in Figure 148. Figure 148. 802.1x Port Access Tab (Configuration) The image of the switch displays the roles of the ports.
AT-S63 Management Software Web Browser Interface User’s Guide 5. Click Port Role. The Port Role Configuration page is shown in Figure 149. Figure 149. Port Role Configuration Page 6. Select the desired role for the port. A port can have only one port role at a time. The possible settings are: None The port does not participate in 802.1x port-based access control. This is the default setting. Authenticator The port functions as an authenticator.
Chapter 24: 802.1x Port-based Network Access Control Enabling or Disabling 802.1x Port-based Network Access Control To enable or disable 802.1x Port-based Network Access Control, perform the following procedure: 1. From the home page, select Configuration. 2. From the Configuration menu, select the Network Security option. 3. Select the 802.1x Port Access tab. The 802.1x Port Access tab is shown in Figure 148 on page 372. 4. Click the Enable Port Access check box.
AT-S63 Management Software Web Browser Interface User’s Guide Configuring Authenticator Port Parameters To configure authenticator port parameters, perform the following procedure: Note The role of a port must be set to authenticator before the parameters can be configured. For instructions, refer to “Setting Port Roles” on page 372. 1. From the home page, select Configuration. 2. From the Configuration menu, select the Network Security option. 3. Select the 802.1x Port Access tab. The 802.
Chapter 24: 802.1x Port-based Network Access Control The Authenticator Parameters page is shown in Figure 150. Figure 150. Authenticator Parameters Page 6. Configure the following parameters as needed: Authenticator Mode Sets the authenticator mode of an authenticator port. This parameter can take the following values: 376 802.1x: Specifies 802.1x username and password authentication.
AT-S63 Management Software Web Browser Interface User’s Guide Supplicant Mode Sets the supplicant mode of an authenticator port. The possible settings are: Single: Configures the authenticator port to accept only one authentication. This mode should be used together with the piggyback mode. When an authenticator port is set to the Single mode and the piggy-back mode is disabled, only the one client who is authenticated can use the port. Packets from or to other clients on the port are discarded.
Chapter 24: 802.1x Port-based Network Access Control TX Period Sets the number of seconds that the switch waits for a response to an EAP-request/identity frame from the client before retransmitting the request. The default value is 30 seconds. The range is 1 to 65,535 seconds. Quiet Period Sets the number of seconds that the port remains in the quiet state following a failed authentication exchange with the client. The default value is 60 seconds. The range is 0 to 65,535 seconds.
AT-S63 Management Software Web Browser Interface User’s Guide client logs in. This is the default. Piggyback Mode Controls who can use the switch port in cases where there are multiple clients (e.g., the port is connected to an Ethernet hub). If set to enabled, the port allows all clients on the port to piggy-back onto the initial client’s authentication. The port forwards all packets, regardless of the client, after one client has been authenticated.
Chapter 24: 802.1x Port-based Network Access Control Changes to the authenticator settings are immediately implemented on a port. 8. To permanently save your changes, select the Save Config option in the Configuration menu.
AT-S63 Management Software Web Browser Interface User’s Guide Configuring Supplicant Port Parameters To configure supplicant port parameters, perform the following procedure: Note The role of a port must be set to supplicant before the parameters can be configured. For instructions, refer to “Setting Port Roles” on page 372. 1. From the home page, select Configuration. 2. From the Configuration menu, select the Network Security option. 3. Select the 802.1x Port Access tab. The 802.
Chapter 24: 802.1x Port-based Network Access Control Held Period Specifies the amount of time in seconds the supplicant is to refrain from retrying to re-contact the authenticator in the event the end user provides an invalid username and/or password. After the time period has expired, the supplicant can attempt to log on again. The range is 0 to 65,535 seconds. The default value is 60 seconds.
AT-S63 Management Software Web Browser Interface User’s Guide Displaying the Port-based Network Access Control Parameters You can display information about the port-based network access control status and settings of the ports on the switch. This section contains the following procedures: Displaying the Port Status ”Displaying the Port Status” (next) “Displaying the Port Settings” on page 385 To display the port-based network access control port status, perform the following procedure: 1.
Chapter 24: 802.1x Port-based Network Access Control 4. To see the status of the port, click the port and click Status. You can display the status of more than one port at a time. The Port Access Port Status page is shown in Figure 153. Figure 153. Port Access Port Status Page The Port Access Port Status page displays a table that contains the following columns of information: Port Port number. Port Role Port access role configured for the port.
AT-S63 Management Software Web Browser Interface User’s Guide Additional Info This field displays the MAC address of an authenticated node for authenticator ports with a status of Authenticated. Displaying the Port Settings To display the port settings for port-based network access control, perform the following procedure: 1. From the Home page, select Monitoring. 2. From the Monitoring menu, select Network Security. 3. Select the 802.1x Port Access tab. The 802.
Chapter 24: 802.1x Port-based Network Access Control If you selected more than one authenticator port, the page includes a Next button. Use the button to scroll the page to view the settings of the other ports. For definitions of the authenticator port settings, refer to “Configuring Authenticator Port Parameters” on page 375. The Supplicant Port Parameters Page is displayed for supplicant ports, as shown in Figure 155. Figure 155.
AT-S63 Management Software Web Browser Interface User’s Guide RADIUS Accounting The AT-S63 management software supports RADIUS accounting for ports operating in the Authenticator role. The accounting information sent by the switch to a RADIUS server includes the date and time when clients log on and log off, as well as the number of packets sent and received by a switch port during a client session. For background information on this feature, refer to Chapter 31, “802.
Chapter 24: 802.1x Port-based Network Access Control Update Interval Specifies the intervals at which the switch sends interim accounting updates to the RADIUS server. The range is 30 to 300 seconds. The default is 60 seconds. 5. Click Apply. Changes to the accounting settings are immediately implemented on the switch. 6. To permanently save your changes, select the Save Config option in the Configuration menu.
Section VII Management Security The chapters in this section contain the procedure for implementing management security on the switch to prevent unauthorized changes to a switch’s parameter settings.
Section VII: Management Security
Chapter 25 Encryption Keys, PKI, and SSL This chapter explains how to view the encryption keys, PKI-based certificates, and SSL settings and includes the following sections: “Displaying the Encryption Keys” on page 392 “Displaying the PKI Settings and Certificates” on page 394 “Displaying the SSL Settings” on page 397 Note To configure encryption keys, PKI, or SSL, you must use the menus or command line interface.
Chapter 25: Encryption Keys, PKI, and SSL Displaying the Encryption Keys To configure the encryption keys, you must use the AT-S63 menus or command line interface. For more information about encryption keys, refer to the AT-S63 Management Software Menus Interface User’s Guide. To display the encryption keys, perform the following procedure: 1. From the Home page, select Monitoring. 2. From the Monitoring menu, select the Mgmt. Security option. 3. Select the Keys tab. The Keys tab is shown in Figure 156.
AT-S63 Management Software Web Browser Interface User’s Guide Description The key’s description. You use these keys when you configure Secure Sockets Layer (SSL) or Secure Shell (SSH). To configure SSL you must use the AT-S63 menus or CLI interface. To configure SSH, refer to Chapter 26, ”Secure Shell (SSH)” on page 399.
Chapter 25: Encryption Keys, PKI, and SSL Displaying the PKI Settings and Certificates You can view the current PKI settings and certificates on the switch. To configure the PKI settings and certificates, you must use the AT-S63 menus or command line interface. For more information about PKI, refer to the AT-S63 Management Software Menus Interface User’s Guide. To display the PKI settings and certificates, perform the following procedure: 1. From the Home page, select Monitoring. 2.
AT-S63 Management Software Web Browser Interface User’s Guide Trusted - The certificate is from a trusted CA. Untrusted - The certificate is from an untrusted CA. MTrust (Manually Trusted) The certificate has been manually verified that it is from a trusted or untrusted authority. Type The certificate type, one of the following: EE - The certificate was issued by a CA. CA - The certificate belongs to a CA. Self - A self-signed certificate. Source The certificate was created on the switch. 4.
Chapter 25: Encryption Keys, PKI, and SSL Manually Trusted Whether the certificate was manually trusted. Type The type of the certificate. The options are EE, SELF, and CA. Source The source of the certificate. The source for a self-signed certificate created by the switch is COMMAND. Version The version of X.509 that the certificate complies with. Serial Number The certificate’s serial number. Signature Algorithm The algorithm used to sign the certificate.
AT-S63 Management Software Web Browser Interface User’s Guide Displaying the SSL Settings To configure the SSL settings, you must use the AT-S63 menus or command line interface. For information, refer to the AT-S63 Management Software Menus Interface User’s Guide and the AT-S63 Management Software Command Line Interface User’s Guide. To display the SSL settings, perform the following procedure: 1. From the Home page, select Monitoring. 2. From the Monitoring menu, select the Mgmt. Protocols option. 3.
Chapter 25: Encryption Keys, PKI, and SSL 398 Section VII: Management Security
Chapter 26 Secure Shell (SSH) This chapter explains how to configure the Secure Shell (SSH) protocol and contains the following sections: “Configuring SSH” on page 400 “Displaying the SSH Settings” on page 402 Note For background information, refer to Chapter 35, “Secure Shell (SSH),” in the AT-S63 Management Software Menus Interface User’s Guide.
Chapter 26: Secure Shell (SSH) Configuring SSH To configure SSH, perform the following procedure: 1. From the Home page, select Configuration. 2. From the Configuration menu, select the Mgmt. Protocols option. 3. Select the Secure Shell tab. The Secure Shell tab is shown in Figure 160. Figure 160. Secure Shell Tab (Configuration) 4. Configure the following parameters as necessary: Status Enables and disables the SSH server. The default is Disabled.
AT-S63 Management Software Web Browser Interface User’s Guide Note You cannot create encryption keys from the web browser interface, but you can from the menus and command line interfaces. Server Key ID Specifies the ID number of the encryption key for the SSH server. The key must already exist on the switch. The default is Not Defined. Server Expiry Time Sets the time, in hours, for a server key to expire. This timer determines how often a server key is regenerated for security purposes.
Chapter 26: Secure Shell (SSH) Displaying the SSH Settings To view the Secure Shell settings, perform the following procedure: 1. From the Home page, select Monitoring. 2. From the Configuration menu, select the Mgmt. Protocols option. 3. Select the Secure Shell tab. The Secure Shell tab is shown in Figure 161. Figure 161. Secure Shell Tab (Monitoring) The Secure Shell tab provides the following information: SSH Versions Supported The versions of SSH supported by the AT-S63 management software.
AT-S63 Management Software Web Browser Interface User’s Guide Server Key ID The encryption key ID of the server key. Server Key Expiry Time Length of time, in hours, until the server key is regenerated. The default is 0 hours which means the server key is not regenerated. Login Timeout Time, in seconds, until a SSH server is released from an incomplete connection with a SSH client. Authentication Available Authentication method available. Currently, password authentication is the only supported method.
Chapter 26: Secure Shell (SSH) 404 Section VII: Management Security
Chapter 27 TACACS+ and RADIUS Protocols This chapter contains instructions on how to configure the authentication protocols.
Chapter 27: TACACS+ and RADIUS Protocols Enabling or Disabling TACACS+ or RADIUS To enable or disable server-based authentication or to select a different authentication protocol, perform the following procedure: 1. From the Home page, select Configuration. 2. From the Configuration menu, select the Mgmt. Protocols option. The Mgmt. Protocols page is displayed with the Server-based Authentication tab selected by default, as shown in Figure 162. Figure 162.
AT-S63 Management Software Web Browser Interface User’s Guide Note The Enable Server-based Authentication check box only applies to new TACACS+ or RADIUS manager accounts. If you are only using RADIUS for 802.1x port-based access control and not manager accounts, leave the check box empty. The switch can still access the RADIUS configuration information for 802.1x port-based access control. 5. Click Apply. 6. To permanently save your changes, select the Save Config option in the Configuration menu.
Chapter 27: TACACS+ and RADIUS Protocols Configuring the TACACS+ Client Settings To configure the TACACS+ client, perform the following procedure: 1. From the home page, select Configuration. 2. Select the Mgmt. Protocols option. The Mgmt. Protocols tab is displayed with the Server-based Authentication tab selected by default, as shown in Figure 162 on page 406. 3. In lower section of the Server-based Authentication tab, click TACACS+ Configuration and click Configure.
AT-S63 Management Software Web Browser Interface User’s Guide there are no more servers, the switch defaults to the standard Manager and Operator accounts. The default is 30 seconds. The range is 1 to 30 seconds. IP Address and Encryption Key Specify the IP addresses and encryption secrets of up to three TACACS+ servers. You can leave an encryption field blank if you entered the server’s secret in the Global Secret field. The maximum length is 39 characters. 5. Click Apply. 6.
Chapter 27: TACACS+ and RADIUS Protocols Displaying the TACACS+ Client Settings To display the TACACS+ client settings on the switch, perform the following procedure: 1. From the Home page, select Monitoring. 2. Select the Mgmt. Protocols option. The Mgmt. Protocols tab is displayed with the Server-based Authentication tab selected by default, as shown in Figure 164. Figure 164.
AT-S63 Management Software Web Browser Interface User’s Guide The TACACS+ client configuration page is shown in Figure 165. Figure 165. TACACS+ Client Configuration Page The upper portion of the page provides the following information: Global Secret The TACACS+ server encryption secret. Global Server Timeout The maximum amount of time the switch waits for a response from a TACACS+ server.
Chapter 27: TACACS+ and RADIUS Protocols Configuring the RADIUS Client Settings To configure the RADIUS client, perform the following procedure: 1. From the home page, select Configuration. 2. Select the Mgmt. Protocols option. The Mgmt. Protocols tab is displayed with the Server-based Authentication tab selected by default, as shown in Figure 162 on page 406. 3. In lower section of the Server-based Authentication tab, click RADIUS Configuration and click Configure.
AT-S63 Management Software Web Browser Interface User’s Guide there are no more servers, the switch defaults to the standard Manager and Operator accounts. The default is 30 seconds. The range is 1 to 30 seconds. IP Address, Port #, and Encryption Key Specify the IP address, UDP port number, and encryption key of each RADIUS server. You can specify up to three servers. You can leave the encryption field blank for a server if you entered the server’s key in the Global Encryption Key field.
Chapter 27: TACACS+ and RADIUS Protocols Displaying the RADIUS Client Settings To display the RADIUS client settings on the switch, perform the following procedure: 1. From the Home page, select Monitoring. 2. Select the Mgmt. Protocols option. The Mgmt. Protocols tab is displayed with the Server-based Authentication tab selected by default, as shown in Figure 164 on page 410. The upper part of the page shows whether server-based authentication is enabled or disabled and the authentication method.
AT-S63 Management Software Web Browser Interface User’s Guide Global Server Timeout Specifies the maximum amount of time the switch waits for a response from a RADIUS server. The lower portion of the page displays a table that contains the following columns of information: Server # Specifies the server number, one of three. IP Address Specifies the IP address of the RADIUS server. Port Specifies the port of the RADIUS server. Encryption Key Specifies the encryption key for that server.
Chapter 27: TACACS+ and RADIUS Protocols 416 Section VII: Management Security
Chapter 28 Management Access Control List A management access control list (ACL) allows you to restrict Telnet and web browser management access to the switch.
Chapter 28: Management Access Control List Enabling or Disabling the Management ACL This procedure enables and disables the management ACL. When enabled, only those management stations specified by the access control entries in the ACL are allowed to manage the switch remotely using the Telnet application protocol or a web browser. When the feature is disabled, any remote management workstation can access the switch.
AT-S63 Management Software Web Browser Interface User’s Guide The tab is shown in Figure 168. Figure 168. Mgmt. ACL Tab (Configuration) The table in Management ACL List lists the existing ACEs on the switch. The bottom portion is used to add entries, as explained in “Creating an ACE” on page 420. 4. Click either Enable MGMT. ACL or Disable MGMT. ACL. The default setting is disabled. 5. Click Apply. A change to the status of the management ACL is immediately activated on the switch.
Chapter 28: Management Access Control List Creating an ACE To add a new ACE to the management ACL, perform the following procedure: 1. From the home page, select Configuration. 2. From the Configuration menu, select the Mgmt. Security option. 3. Select the Mgmt. ACL tab. The tab is shown in Figure 168 on page 419. 4. To add a new ACE, configure the following parameters in the Mgmt. ACT tab: MACL ID Specifies an identification number for the access control entry. Every ACE must have a unique number.
AT-S63 Management Software Web Browser Interface User’s Guide 5. Click Add. The new ACE is added to the table in the middle section of the tab. 6. If desired, repeat Steps 3 and 4 to add more ACEs to the Management ACL. 7. To permanently save your changes, select the Save Config option in the Configuration menu.
Chapter 28: Management Access Control List Deleting an ACE To delete an ACE from the Management ACL, perform the following procedure: 1. From the home page, select Configuration. 2. From the Configuration menu, select the Mgmt. Security option. 3. Select the Mgmt. ACL tab. The tab is shown in Figure 168 on page 419. 4. Select the ACE to be deleted from the Management ACL List section in the tab and click Delete. The ACE is deleted from the switch. 5.
AT-S63 Management Software Web Browser Interface User’s Guide Displaying the Management Access Control List To display the management access control list and its access control entries, perform the following procedure: 1. From the home page, select Monitoring. 2. From the Monitoring menu, select the Mgmt. Security option. 3. Select the Mgmt ACL tab. The Mgmt. ACL tab is shown in Figure 169. Figure 169. Mgmt.
Chapter 28: Management Access Control List 424 Section VII: Management Security
Index Numerics 802.
Index F L factory defaults resetting switch 53 flash memory, displaying files in 124 flow control configuring 84 flow group configuring 184 deleting 188 displaying 188 modifying 187 force version Multiple Spanning Tree Protocol (MSTP) 316 Rapid Spanning Tree Protocol (RSTP) 303 limited port security level 367 local interface displaying IP address 55 locked port security level 367 login timeout parameter 401 G GARP VLAN Registration Protocol (GVRP) configuration, displaying 353 configuring 350 counters,
AT-S63 Management Software Web Browser Interface User’s Guide bridge settings, configuring 314 configuration name 316 configuring 314 disabling 312 edge port 325 enabling 312 force version 316 max hops 317 parameters, configuring 314 point-to-point port 324 port external path cost 324 port internal path cost 323 port parameters configuring 322 displaying 326 port priority 323 port status, displaying 326 resetting to defaults 331 O operator access 46 operator password configuring 46 P password changing 46
Index Rapid Spanning Tree Protocol (RSTP) bridge forwarding delay 304 bridge hello time 304 bridge identifier 304 bridge max age 304 bridge priority 303 bridge settings, configuring 302 disabling 292, 312 edge port, configuring 306 enabling 292, 312 force version 303 MCHECK 305, 324 point-to-point port, configuring 306 port cost 305 port priority 305 port settings, displaying 306 resetting to defaults 309 reauth period, configuring 378 redundant ports 39 reg (registrar state machine) parameter 358 RSTP.
AT-S63 Management Software Web Browser Interface User’s Guide switch hardware information 57 software information 57 switch name, configuring 44 switch, rebooting 51 system date setting 48 system file downloading 130 uploading 134 system name configuring 45 system time setting 48 W web browser management session quitting 38 starting 33 T TACACS+ configuring 408 disabling 406 displaying settings 410 enabling 406 server timeout configuring 412 tagged VLAN creating 336 deleting 343 displaying 345 modifying
Index 430
