Management Software AT-S63 ◆ Menus User’s Guide For Stand-alone AT-9400 Switches Version 2.2.0 for AT-9400 Layer 2+ Switches Version 4.1.0 for AT-9400 Basic Layer 3 Switches 613-001025 Rev.
Copyright 2009 Allied Telesis, Inc. All rights reserved. No part of this publication may be reproduced without prior written permission from Allied Telesis, Inc. Allied Telesis and the Allied Telesis logo are trademarks of Allied Telesis, Incorporated. Microsoft and Internet Explorer are registered trademarks of Microsoft Corporation. All other product names, company names, logos or other designations mentioned herein are trademarks or registered trademarks of their respective owners. Allied Telesis, Inc.
Contents Preface ............................................................................................................................................................ 19 How This Guide is Organized........................................................................................................................... 20 Product Documentation .................................................................................................................................... 22 Where to Go First ....
Contents Chapter 3: Enhanced Stacking ..................................................................................................................... 81 Setting a Switch’s Enhanced Stacking Status .................................................................................................. 82 Selecting a Switch in an Enhanced Stack......................................................................................................... 84 Returning to the Master Switch ...........................
AT-S63 Management Software Menus User’s Guide Displaying Information about the Flash Memory...................................................................................... 158 Formatting the Flash Memory .................................................................................................................. 159 Working with the Compact Flash Card ...........................................................................................................
Contents Chapter 15: Quality of Service ....................................................................................................................247 Managing Flow Groups ...................................................................................................................................248 Creating a Flow Group .............................................................................................................................248 Modifying a Flow Group......................
AT-S63 Management Software Menus User’s Guide Deleting an SNMPv3 Access Table Entry................................................................................................ 340 Modifying an SNMPv3 Access Table Entry.............................................................................................. 342 Configuring the SNMPv3 SecurityToGroup Table.......................................................................................... 352 Creating an SNMPv3 SecurityToGroup Table Entry.....
Contents Creating an MSTI ID.................................................................................................................................447 Deleting an MSTI ID .................................................................................................................................448 Modifying an MSTI ID ...............................................................................................................................
AT-S63 Management Software Menus User’s Guide Section VII: Internet Protocol Routing ................................................................. 541 Chapter 29: Internet Protocol Version 4 Routing Interfaces ................................................................... 543 Creating a New Routing Interface .................................................................................................................. 544 Modifying a Routing Interface............................................
Contents Chapter 36: TACACS+ and RADIUS Protocols .........................................................................................635 Enabling or Disabling Server-based Management Authentication..................................................................636 Configuring the TACACS+ Client....................................................................................................................638 Displaying the TACACS+ Settings.........................................................
Figures Figure 1: Main Menu.............................................................................................................................................................30 Figure 2: System Administration Menu.................................................................................................................................31 Figure 3: System Configuration Menu ........................................................................................................................
Figures Figure 50: Display Flash Information Menu ........................................................................................................................158 Figure 51: Display Compact Flash Information Menu.........................................................................................................160 Figure 52: Set/Change Compact Flash Directory Menu .....................................................................................................
AT-S63 Management Software Menus User’s Guide Figure 110: PoE Global Configuration Menu ......................................................................................................................280 Figure 111: PoE Port Configuration Menu..........................................................................................................................282 Figure 112: PoE Status Menu .............................................................................................................
Figures Figure 171: Configure VLANs Menu ...................................................................................................................................471 Figure 172: Create VLAN Menu..........................................................................................................................................471 Figure 173: Modify VLAN Menu..........................................................................................................................................
AT-S63 Management Software Menus User’s Guide Figure 231: View Certificate Details Menu (page 1) ...........................................................................................................621 Figure 232: View Certificate Details Menu (page 2) ...........................................................................................................622 Figure 233: Generate Enrollment Request Menu .................................................................................................
Figures 16
Tables Table 1: AT-S63 Modules ..................................................................................................................................................197 Table 2: Event Severity Levels ..........................................................................................................................................199 Table 3: Applicable RFC 3164 Numerical Code and AT-S63 Module Mappings ..............................................................
Tables 18
Preface This guide contains instructions on how to configure the AT-9400 Layer 2+ and Basic Layer 3 Gigabit Ethernet Switches from the menus of the AT-S63 Management Software.
Preface How This Guide is Organized This guide contains the following sections and chapters: Section I: Basic Operations Chapter 1, “Basic Switch Parameters” on page 29 Chapter 2, “Port Parameters” on page 57 Chapter 3, “Enhanced Stacking” on page 81 Chapter 4, “SNMPv1 and SNMPv2c” on page 89 Chapter 5, “MAC Address Table” on page 101 Chapter 6, “Static Port Trunks” on page 111 Chapter 7, “LACP Port Trunks” on page 121 Chapter 8, “Port Mirroring” on page 133 Section II: Advanced Operations Chapter 9
AT-S63 Management Software Menus User’s Guide Section V: Spanning Tree Protocols Chapter 22, “Spanning Tree and Rapid Spanning Tree Protocols” on page 415 Chapter 23, “Multiple Spanning Tree Protocol” on page 437 Section VI: Virtual LANs Chapter 24, “Port-based and Tagged VLANs” on page 469 Chapter 25, “GARP VLAN Registration Protocol” on page 491 Chapter 26, “Multiple VLAN Modes” on page 511 Chapter 27, “Protected Ports VLANs” on page 517 Chapter 28, “MAC Address-based VLANs” on page 529 Sectio
Preface Product Documentation For overview information on the features of the AT-9400 Switches and the AT-S63 Management Software, refer to: AT-S63 Management Software Features Guide (PN 613-001022) For instructions on how to start a local or remote management session on stand-alone AT-9400 Switches or AT-9400Ts Stacks, refer to: Starting an AT-S63 Management Session Guide (PN 613-001023) For instructions on how to install or manage stand-alone AT-9400 Switches, refer to: AT-9400 Gigabit Etherne
AT-S63 Management Software Menus User’s Guide Where to Go First Allied Telesis recommends that you read Chapter 1, “Overview,” in the AT-S63 Management Software Features Guide before you begin to manage the switch for the first time. There you will find a variety of basic information about the unit and the management software, like the two levels of manager access levels and the different types of management sessions.
Preface Document Conventions This document uses the following conventions: Note Notes provide additional information. Caution Cautions inform you that performing or omitting a specific action may result in equipment damage or loss of data. Warning Warnings inform you that performing or omitting a specific action may result in bodily injury.
AT-S63 Management Software Menus User’s Guide Contacting Allied Telesis This section provides Allied Telesis contact information for technical support and for sales and corporate information. Online Support You can request technical support online by accessing the Allied Telesis Knowledge Base: www.alliedtelesis.com/support/kb.aspx. You can use the Knowledge Base to submit questions to our technical support staff and review answers to previously asked questions.
Preface 26
Section I Basic Operations The chapters in this section provide information and procedures for basic switch setup using the AT-S63 Management Software.
Section I: Basic Operations
Chapter 1 Basic Switch Parameters This chapter contains the following procedures: Section I: Basic Operations “Configuring the Switch’s Name, Location, and Contact” on page 30 “Changing the Manager and Operator Passwords” on page 33 “Setting the System Time” on page 36 “Rebooting the Switch” on page 41 “Configuring the Console Startup Mode” on page 43 “Configuring the Console Timer” on page 44 “Configuring the Telnet Server” on page 45 “Setting the Baud Rate of the Serial
Chapter 1: Basic Switch Parameters Configuring the Switch’s Name, Location, and Contact This procedure explains how to assign a name to the switch. The name appears at the top of the menus. Names can help you identify your switches when you manage them and help you avoid performing a configuration procedure on the wrong switch. This procedure also assigns the name of the administrator responsible for maintaining the unit and the location of the switch.
AT-S63 Management Software Menus User’s Guide The System Administration menu is shown in Figure 2. Allied Telesis AT-9424Ts - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 System Administration 1 2 3 4 5 6 7 8 9 - System Information System Configuration Console (Serial/Telnet) Configuration Web Server Configuration SNMP Configuration Authentication Configuration Management ACL Event Log System Utilities R - Return to Previous Menu Enter your selection? Figure 2. System Administration Menu 2.
Chapter 1: Basic Switch Parameters Note Selections 1 to 4 are described in “Displaying the IP Address of the Local Interface” on page 551. Selection 8, ARP Cache Timeout, is described in “Setting the ARP Cache Timeout” on page 554. Selection T, Configure System Time, is described in “Setting the System Time” on page 36. Selection I, Configure Interface, is explained in Chapter 29, ”Internet Protocol Version 4 Routing Interfaces” on page 543. 3. Adjust options 5 to 7 as necessary.
AT-S63 Management Software Menus User’s Guide Changing the Manager and Operator Passwords There are two levels of management access on the AT-9400 Switch: manager and operator. When you log in as manager, you can view and configure all of a switch’s operating parameters. When you log in as an operator, you can only view the operating parameters; you cannot change any values. You log in as a manager or an operator when you enter the appropriate username and password when you start a management session.
Chapter 1: Basic Switch Parameters 3. From the Authentication Configuration menu, type 5 to select Passwords Configuration. The Passwords Configuration menu is shown in Figure 5. Allied Telesis AT-9424Ts - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 Passwords Configuration 1 - Set Manager Password 2 - Set Operator Password R - Return to Previous Menu Enter your selection? Figure 5. Passwords Configuration Menu 4. From the Passwords Configuration menu, type 1 to select Set Manager Password.
AT-S63 Management Software Menus User’s Guide 9. After making changes, type R until you return to the Main Menu. Then type S to select Save Configuration Changes. Resetting the Manager Password This procedure can be used to bypass the login on the switch in the event you forget the manager password. This procedure must be performed from a local management session.
Chapter 1: Basic Switch Parameters Setting the System Time This procedure explains how to set the switch’s date and time. Setting the system time is important if you configured the switch to send traps to your management stations. Traps from a switch where the time has not been set do not contain the correct date and time. Therefore, it becomes difficult for you to determine when the events represented by the traps occurred.
AT-S63 Management Software Menus User’s Guide Setting the System Time Manually To set the system time manually, perform the following procedure: 1. From the Main Menu, type 5 to select System Administration. The System Administration menu is shown in Figure 2 on page 31. 2. From the System Administration menu, type 2 to select System Configuration. The System Configuration menu is shown in Figure 3 on page 31. 3. From the System Configuration menu, type T to select Configure System Time.
Chapter 1: Basic Switch Parameters Setting the System Time from an SNTP or NTP Server To configure the switch to obtain its date and time from an SNTP or NTP server on your network or the Internet, perform the following procedure: 1. From the Main Menu, type 5 to select System Administration. The System Administration menu is shown in Figure 2 on page 31. 2. From the System Administration menu, type 2 to select System Configuration. The System Configuration menu is shown in Figure 3 on page 31. 3.
AT-S63 Management Software Menus User’s Guide 8. Type 5 to select Daylight Savings Time (DST) to enable or disable the switch’s ability to adjust its system time to daylight savings time. The following prompt is displayed: Adjust for Daylight Savings Time (E - Enabled, D - Disabled) -> 9. Type E to enable daylight savings time and allow the switch to adjust system time to daylight savings time. This is the default value.
Chapter 1: Basic Switch Parameters The Last Delta option in the menu displays the last adjustment that was applied to system time due to a drift in the system clock between two successive queries to the SNTP server. This is a read only field. Option U, Update System Time, allows you to prompt the switch to poll the SNTP or NTP server for the current time and date. You can use this selection to update the time and date immediately rather than wait for the switch’s next polling period.
AT-S63 Management Software Menus User’s Guide Rebooting the Switch This procedure reboots the switch. Note Any configuration changes not saved are lost after the switch reboots. To save your configuration changes, return to the Main Menu and type S to select Save Configuration Changes. Caution The switch does not forward traffic while it initializes its operating software.
Chapter 1: Basic Switch Parameters Note Item 1 - File Operations, is described in Chapter 9, ”File System” on page 141. Item 2 - Downloads and Uploads is described in Chapter 10, ”File Downloads and Uploads” on page 163. Ping a Remote System, item 3, is described in “Pinging a Remote System” on page 47. Reset to Factory Defaults, item 4, is described in “Returning the AT-S63 Management Software to the Factory Default Values” on page 48. 3. From the System Utilities menu, type 5 to select Reboot the switch.
AT-S63 Management Software Menus User’s Guide Configuring the Console Startup Mode With this procedure you can control which management interface, menus or command line, is displayed at the start of your local and remote management sessions. The default is the command line interface. To change the console startup mode, perform the following procedure: 1. From the Main Menu, type 5 to select System Administration. The System Administration menu is shown in Figure 2 on page 31. 2.
Chapter 1: Basic Switch Parameters Configuring the Console Timer The AT-S63 Management Software uses the console timer, also referred to as the console disconnect interval, to automatically end inactive local and remote management sessions. The management software automatically ends a local or remote management session if a management session is inactive for the length of time specified by the console timer.
AT-S63 Management Software Menus User’s Guide Configuring the Telnet Server This procedure describes how to enable and disable the Telnet server on the switch. You might disable the server to prevent individuals from managing the switch with a Telnet application or if you intend to use the Secure Shell (SSH) protocol. This procedure also explains how to toggle the Telnet server on the switch so that is adds a NULL character after each CR.
Chapter 1: Basic Switch Parameters Setting the Baud Rate of the Serial Terminal Port The default baud rate of the RJ-45 type serial terminal port on the switch is 9600 bps. To change the baud rate, perform the following procedure: 1. From the Main Menu, type 5 to select System Administration. The System Administration menu is shown in Figure 2 on page 31. 2. From the System Administration menu, type 3 to select Console (Serial/Telnet) Configuration.
AT-S63 Management Software Menus User’s Guide Pinging a Remote System This procedure instructs the switch to ping a remote device on your network. This can be useful in determining whether a valid link exists between the switch and another network device. The local subnet on the switch where the device is a member must have a routing interface. The switch uses the IP address of the routing interface as its source address when sending the ping. Note Prior to version 2.0.
Chapter 1: Basic Switch Parameters Returning the AT-S63 Management Software to the Factory Default Values The procedure in this section returns all AT-S63 Management Software parameters to the default values. Please note the following before you perform this procedure: Returning all parameter settings to their default values also deletes all routing interfaces as well as all port-based and tagged VLANs on the switch. This procedure does not delete files from the AT-S63 file system.
AT-S63 Management Software Menus User’s Guide If you respond with yes, the following prompt is displayed: Do you want to reset the serial port baud rate to 9600 bps? [Yes/No] -> 5. To return the baud rate of the terminal port on the switch to 9600 bps, type Y for yes. To retain its current speed setting, type N for no. All of the operating parameters on the switch are automatically returned to their default settings as the unit reboots.
Chapter 1: Basic Switch Parameters Displaying Hardware and Software Information To display information about the switch hardware and software, perform the following procedure: 1. From the Main Menu, type 5 to select System Administration. The System Administration menu is shown in Figure 2 on page 31. 2. From the System Administration menu, type 1 to select System Information. The System Information menu is shown in Figure 9.
AT-S63 Management Software Menus User’s Guide Subnet Mask Subnet mask of the local interface. Gateway For AT-9400 Switches that support IPv4 routing, such as the AT-9424Ts and AT-9448Ts/XP switches, this field displays the IP address of the next hop of the switch’s default route. The switch uses the default route when it receives a network packet for routing, but cannot find a route for it in the routing table. This field will contain 0.0.0.0 if no default route is defined on the switch.
Chapter 1: Basic Switch Parameters information about selection U, Uplink Information, refer to “Displaying Uplink Port Information” on page 55.
AT-S63 Management Software Menus User’s Guide Displaying System Hardware Information You can view information about the system hardware, including details about the fans and temperature settings. To display the system hardware information, perform the following procedure: 1. From the Main Menu, type 5 to select System Administration. The System Administration menu is shown in Figure 2 on page 31. 2.
Chapter 1: Basic Switch Parameters The System Hardware Information menu provides the following information: System 1.25 V Power System 1.8V Power System 2.5 V Power System 3.3 V Power System 5 V Power System 12 V Power The current voltage of the six power supplies in the switch. System Temperature (Celsius) The overall system temperature. System Fan Speed The system fan speed. Main PSU RPS The status of the main power supply unit (PSU) and the redundant power supply (RPS). 4. Return to the Main Menu.
AT-S63 Management Software Menus User’s Guide Displaying Uplink Port Information To display information about the GBIC, SFP, and XFP transceivers installed in the uplink ports, perform the following procedure: 1. From the Main Menu, type 5 to select System Administration. The System Administration menu is shown in Figure 2 on page 31. 2. From the System Administration menu, type 1 to select System Information The System Information menu is shown in Figure 9 on page 50. 3.
Chapter 1: Basic Switch Parameters The GBIC/SFP Information menu (page 1) is displayed. Figure 12 shows some possible fields for an SFP transceiver. Allied Telesis AT-9424T/GB - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 GBIC/SFP 2 Information Transceiver Identifier ..................... Extended Transceiver Identifier ............ Connector Type ............................. Encoding Algorithm ......................... Nominal Bit Rate ...........................
Chapter 2 Port Parameters This chapter contains the procedures for viewing and changing the parameter settings for the individual ports on a switch, and contains the following procedures: Section I: Basic Operations “Displaying Port Status” on page 58 “Configuring Port Parameters” on page 61 “Configuring Head of Line Blocking” on page 65 “Configuring Flow Control and Back Pressure” on page 67 “Configuring Port Filtering” on page 69 “Setting Up Rate Limiting” on page 71 “Resett
Chapter 2: Port Parameters Displaying Port Status To display the current status of the ports on the switch, perform the following procedure: 1. From the Main Menu, type 1 to select Port Configuration. The Port Configuration menu is shown in Figure 14.
AT-S63 Management Software Menus User’s Guide Note The speed, duplex mode, and flow control settings are blank for a port that has not established a link to its end node. The Port Status menu displays a table that contains the following columns of information: Port The port number. Link The status of the link between the port and the end node connected to the port. The possible settings are: Up - Indicates that a valid link exists between the port and the end node.
Chapter 2: Port Parameters Port Type The port type.
AT-S63 Management Software Menus User’s Guide Configuring Port Parameters To configure the basic parameter settings for a port, such as speed and duplex mode, perform the following procedure: 1. From the Main Menu, type 1 to select Port Configuration. The Port Configuration menu is shown in Figure 14 on page 58. 2. From the Port Configuration menu, type 1 to select Port Configuration. The following prompt is displayed: Enter port-list -> 3. Enter the number of the port to be configured.
Chapter 2: Port Parameters 4. Adjust the following parameters as necessary. Note A change to a parameter is immediately activated on the port. 0 - Description You use this option to assign a description to a port, from 1 to 15 alphanumeric characters. Spaces are allowed, but you should not use special characters, such as asterisks or exclamation points. (You cannot set a port description if you are configuring more than one port.) 1 - Status You use this option to enable or disable a port.
AT-S63 Management Software Menus User’s Guide If you select Auto for Auto-Negotiation, which is the default setting, the switch sets speed, duplex mode, and MDI crossover for the port automatically. The switch determines the highest possible common speed between the port and its end node and sets the port to that speed. This helps to ensure that the port and the end node are operating at the highest possible common speed.
Chapter 2: Port Parameters 1000 Mbps (Applies only to 1000Base SFP and GBIC modules. This selection should not be used. An SFP or GBIC module should use Auto-Negotiation to set its speed and duplex mode.) 8 - Duplex This item is only available when Negotiation is set to Manual. The possible settings are full-duplex and half-duplex. 9 - MDI Crossover This item is only available when Negotiation is set to Manual. This selection sets the wiring configuration of a twisted pair port.
AT-S63 Management Software Menus User’s Guide Configuring Head of Line Blocking Head of line (HOL) blocking is a problem that occurs when a port on a switch becomes oversubscribed. An oversubscribed port is receiving more packets from other switch ports than it can transmit in a timely manner. An oversubscribed port can prevent other ports from forwarding packets to each other because ingress packets on a port are buffered in a First In, First Out (FIFO) manner.
Chapter 2: Port Parameters other ports to discard packets destined for port D. Port A drops the D packets, enabling it to once again forward packets to port C. The number that you enter for this value represents cells. A cell is 128 bytes. The range is 0 to 8191 cells. The default is 682. To set up head of line blocking, perform the following procedure: 1. From the Main Menu, type 1 to select Port Configuration. The Port Configuration menu is shown in Figure 14 on page 58. 2.
AT-S63 Management Software Menus User’s Guide Configuring Flow Control and Back Pressure A switch port uses flow control to control the flow of ingress packets from its end node when operating in full-duplex mode. A port using flow control issues a special frame, referred to as a PAUSE frame, as specified in the IEEE 802.3x standard, to stop the transmission of data from an end node. When a port needs to stop an end node from transmitting data, it issues this frame.
Chapter 2: Port Parameters 4. From the Port Configuration menu, type 3 to select Flow Control. The Flow Control menu is shown in Figure 18. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 Flow Control Configuring Port 11 1 - Flow Control (Full-Duplex) Status .... Disabled 2 - Flow Control Threshold ............... 7935 cells 3 - Back Pressure (Half-Duplex) Status ... Disabled 4 - Back Pressure Threshold ..............
AT-S63 Management Software Menus User’s Guide Configuring Port Filtering If the performance of your network is affected by heavy traffic, you can use these parameters to restrict ingress and egress broadcast packets as well as unknown unicast and multicast packets forwarded by a port. Activating this feature on a port causes the port to discard all packets of the type you specified.
Chapter 2: Port Parameters 5. From the Filtering menu, type 1 to toggle Unknown Unicast Ingress Filtering between Disabled and Enabled. 6. Type 2 to toggle Unknown Unicast Egress Filtering between Disabled and Enabled. 7. Type 3 to toggle Unknown Multicast Ingress Filtering between Disabled and Enabled. 8. Type 4 to toggle Unknown Multicast Egress Filtering between Disabled and Enabled. 9. Type 5 to toggle Broadcast Ingress Filtering between Disabled and Enabled. 10.
AT-S63 Management Software Menus User’s Guide Setting Up Rate Limiting The rate limiting feature allows you to set the maximum number of ingress packets the port accepts each second. Packets exceeding the threshold are discarded. You can enable rate limiting and set a rate independently for unknown unicast, multicast, and broadcast packets. To set rate limiting, perform the following procedure: 1. From the Main Menu, type 1 to select Port Configuration.
Chapter 2: Port Parameters b. If you enabled the feature, type 2 to select Unknown Unicast Rate. The following prompt is displayed: Enter the Rate Limit (packets/second):[0 to 262143]-> c. Enter a number for the rate limit. 6. To control multicast packets, do the following: a. Type 3 to toggle Multicast Rate Limiting Status between Enabled and Disabled. b. If you enabled the feature, type 4 to select Multicast Rate.
AT-S63 Management Software Menus User’s Guide Resetting a Port Resetting a port is useful in situations where a port is having problems establishing a valid connection to its end node. Resetting a port does not change any of its parameter settings. To reset a port, perform the following procedure: 1. From the Main Menu, type 1 to select Port Configuration. The Port Configuration menu is shown in Figure 14 on page 58. 2. From the Port Configuration menu, type 1 to select Port Configuration.
Chapter 2: Port Parameters Forcing Port Renegotiation Port renegotiation prompts a port operating in Auto-Negotiation to renegotiate its speed and duplex mode with its end node. This option is useful if you believe that a port and end node are not operating at the same speed and duplex mode. To force port renegotiation, perform the following procedure: 1. From the Main Menu, type 1 to select Port Configuration. The Port Configuration menu is shown in Figure 14 on page 58. 2.
AT-S63 Management Software Menus User’s Guide Resetting the Port Configuration to the Default Settings You can return the parameters settings of a port to the default values. To reset a port’s settings to the default settings, perform the following procedure: 1. From the Main Menu, type 1 to select Port Configuration. The Port Configuration menu is shown in Figure 14 on page 58. 2. From the Port Configuration menu, type 1 to select Port Configuration.
Chapter 2: Port Parameters Displaying Port Statistics To display Ethernet port statistics, perform the following procedure: 1. From the Main Menu, type 1 to select Port Configuration. The Port Configuration menu is shown in Figure 14 on page 58. 2. From the Port Configuration menu, type 3 to select Port Statistics. The Port Statistics menu is shown in Figure 21.
AT-S63 Management Software Menus User’s Guide The Display Port Statistics menu is shown in Figure 22. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 Display Port Statistics Port 6 Bytes Rx ......... Frames Rx ........ Bcast Frames Rx... Mcast Frames Rx .. Frames 64 ........ Frames 128-255 ... Frames 512-1023 .. CRC Error ........ No. of Rx Errors . UnderSize Frames . Fragments ........ Frames 1519-1522 .
Chapter 2: Port Parameters Frames 64 Frames 65-127 Frames 128-255 Frames 256-511 Frames 512-1023 Frames 1024-1518 Frames 1519-1522 Number of frames transmitted from the port, grouped by size. CRC Error Number of frames with a cyclic redundancy check (CRC) error but with the proper length (64-1518 bytes) received on the port. Jabber Number of occurrences of corrupted data or useless signals appearing on the port. No. of Rx Errors Number of receive errors. No. of Tx Errors Number of transmit errors.
AT-S63 Management Software Menus User’s Guide Clearing Port Statistics To clear the Ethernet port statistics and reset them to “0”, perform the following procedure: 1. From the Main Menu, type 1 to select Port Configuration. The Port Configuration menu is shown in Figure 14 on page 58. 2. From the Port Configuration menu, type 3 to select Port Statistics. The Port Statistics menu is shown in Figure 21 on page 76. 3. Type 2 to select Clear Statistics.
Chapter 2: Port Parameters 80 Section I: Basic Operations
Chapter 3 Enhanced Stacking This chapter explains the enhanced stacking feature.
Chapter 3: Enhanced Stacking Setting a Switch’s Enhanced Stacking Status The enhanced stacking status of the switch can be master, slave, or unavailable. Each status is described below: Master switch - The master switch is your entry point for managing the switches of a stack. Starting a local or remote management session on a master switch gives you management access to all the switches in the stack.
AT-S63 Management Software Menus User’s Guide Note Item 2, Stacking Services, is only displayed on master switches. 2. To change a switch’s stacking status, type 1 to select Switch State. The following prompt is displayed. Enter new setup (M/S/U) -> 3. Type M to change the switch to a master switch, S to make it a slave switch, or U to make the switch unavailable. Press Return. A change to the status is immediately activated on the switch. 4. After making changes, type R until you return to the Main Menu.
Chapter 3: Enhanced Stacking Selecting a Switch in an Enhanced Stack In order to manage a switch other than the master switch in an enhanced stack, you must instruct the master switch to poll the common VLAN for the other switches and then select the switch. You can manage only one switch at a time To select a switch in an enhanced stack, perform the following procedure: 1. From the Main Menu, type 8 to select Enhanced Stacking. The Enhanced Stacking menu is shown in Figure 23 on page 82. 2.
AT-S63 Management Software Menus User’s Guide The master switch polls the common subnet for the slave and master switches that are members of the enhanced stack and displays a list of the switches in the Stacking Services menu. An example is shown in Figure 25.
Chapter 3: Enhanced Stacking A prompt similar to the following is displayed: Enter the switch number -> [1 to 24] 5. Type the number of the switch in the list you want to manage. 6. Enter the appropriate username and password for the switch. The command line interface of the selected switch is displayed. You now can manage the switch. Any management tasks you perform affect only the selected switch.
AT-S63 Management Software Menus User’s Guide Returning to the Master Switch When you are finished managing a slave switch, return to the Main Menu of the switch and type Q for Quit. This returns you to the Stacking Services menu on the master switch where you started the management session. You can either select another switch from the list to manage or, to manage the master switch, type R twice to return to the master switch’s Main Menu.
Chapter 3: Enhanced Stacking Displaying the Enhanced Stacking Status To view the stacking status of a switch in a stack, perform the following procedure: 1. From the Main Menu, type 8 to select Enhanced Stacking. The Enhanced Stacking menu is shown in Figure 26. Allied Telesis AT-9424Ts - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 Enhanced Stacking 1 - Switch State-(M)aster/(S)lave/(U)navailable.... Slave R - Return to Previous Menu Enter your selection? Figure 26.
Chapter 4 SNMPv1 and SNMPv2c This chapter explains how to activate SNMP management on the switch and how to create, modify, and delete SNMPv1 and SNMPv2c community strings.
Chapter 4: SNMPv1 and SNMPv2c Enabling or Disabling SNMP Management To enable or disable SNMP management for the switch, perform the following procedure: 1. From the Main Menu, type 5 to select System Administration. The System Administration menu is shown in Figure 2 on page 31. 2. From the System Administration menu, type 5 to select SNMP Configuration. The SNMP Configuration menu is shown in Figure 27.
AT-S63 Management Software Menus User’s Guide Setting the Authentication Failure Trap As mentioned in the SNMP Overview section in this chapter, a trap is a message sent by the switch to a management workstation or server to signal an operating event, such as when the device is reset. An authentication failure trap is similar to other the traps. It too signals an operating event on the switch. But this trap is somewhat special because it relates to SNMP management.
Chapter 4: SNMPv1 and SNMPv2c Creating an SNMP Community String To create a new SNMP community string, perform the following procedure: 1. From the Main Menu, type 5 to select System Administration. The System Administration menu is shown in Figure 2 on page 31. 2. From the System Administration menu, type 5 to select SNMP Configuration. The SNMP Configuration menu is shown in Figure 27 on page 90. 3. From the SNMP Configuration menu, type 3 to select Configure SNMPv1 & SNMPv2c Community.
AT-S63 Management Software Menus User’s Guide Status The operating status of a community string. Enabled means the string is available for use and Disabled means it is unavailable. OpenAcc The access status of a community string. A string with a status of Yes has an open status and can be used by any management workstation. A string with a status of No has a closed status and can only be used by those workstations whose IP addresses are assigned to the string.
Chapter 4: SNMPv1 and SNMPv2c management workstations. But you can assign only one to it initially with this procedure. To add additional IP addresses, refer to “Modifying a Community String” on page 95. If you assigned the community string an access status of open, leave this field blank by pressing Return. The following prompt is displayed: Enter Trap Receiver IP Addr: 9. If you want the switch to send traps to a management workstation or server, enter the IP address of the node here.
AT-S63 Management Software Menus User’s Guide Modifying a Community String To modify a community string, perform the following procedure: 1. From the Main Menu, type 5 to select System Administration. The System Administration menu is shown in Figure 2 on page 31. 2. From the System Administration menu, type 5 to select SNMP Configuration. The SNMP Configuration menu is shown in Figure 27 on page 90. 3. From the SNMP Configuration menu, type 3 to select Configure SNMPv1 &SNMPv2c Community.
Chapter 4: SNMPv1 and SNMPv2c The menu options are described below: 1 - Add Attributes to Community If a community string has a closed access mode, you can use this selection to add new IP addresses of management workstations that can use the string. You can also use this option to add IP addresses of new trap receivers. To use this option, do the following: a. From the Modify SNMP Community menu, type 1 to select Add Attributes to Community.
AT-S63 Management Software Menus User’s Guide Enter SNMP Manager IP Addr: c. If you want to remove the IP address of a management workstation from the community string, enter the IP address at the prompt. Otherwise, just press Return. This prompt is displayed: Enter Trap Receiver IP Addr: d. If you want to remove the IP address of a trap receiver from the community string, enter the IP address at the prompt. Otherwise, just press Return. e. After making changes, type R until you return to the Main Menu.
Chapter 4: SNMPv1 and SNMPv2c Enter Community Status [E-Enable, D-Disable]: c. Type E to enable the community string or D to disable it. This confirmation prompt is displayed: Do you want to change Community Status? (Y/N): [Yes/No] -> d. Type Y to change the string’s status or N to cancel the change. e. After making changes, type R until you return to the Main Menu. Then type S to select Save Configuration Changes. 5 - Set Community Open Status Use this selection to change a string’s open status.
AT-S63 Management Software Menus User’s Guide Deleting a Community String To delete an SNMPv1 or SNMPv2c community string, perform the following procedure: 1. From the Main Menu, type 5 to select System Administration. The System Administration menu is shown in Figure 2 on page 31. 2. From the System Administration menu, type 5 to select SNMP Configuration. The SNMP Configuration menu is shown in Figure 27 on page 90. 3.
Chapter 4: SNMPv1 and SNMPv2c Displaying the SNMP Community Strings To display the attributes of all the SNMP community strings on the switch, use the following procedure: 1. From the Main Menu, type 5 to select System Administration. The System Administration menu is shown in Figure 2 on page 31. 2. From the System Administration menu, type 5 to select SNMP Configuration. The SNMP Configuration menu is shown in Figure 27 on page 90. 3.
Chapter 5 MAC Address Table This chapter contains the procedures for viewing the static and dynamic MAC address table. It also explains how to add static MAC addresses to the table.
Chapter 5: MAC Address Table Displaying the MAC Address Tables The AT-S63 Management Software has two menu selections for displaying the MAC addresses of a switch. One selection displays the static and dynamic unicast MAC addresses while the other displays the static and dynamic multicast addresses. To display the MAC address tables, perform the following procedure: 1. From the Main Menu, type 4 to select MAC Address Tables. The MAC Address Tables menu is shown in Figure 31.
AT-S63 Management Software Menus User’s Guide Choose one of the following display types. 1 - Display All This selection displays all dynamic addresses learned on the ports of the switch and all static addresses that have been assigned to the ports. An example of a unicast MAC address table is shown in Figure 33.
Chapter 5: MAC Address Table An example of a multicast MAC address table is shown in Figure 34. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 Display All Page 1 Total Number of MCAST MAC Addresses: 1 MAC Address VLANID Type Port Maps (U:Untagged T:Tagged) ---------------------------------------------------------------01:00:51:00:00:01 1 Static U:1-4 T: U - Update Display R - Return to Previous Menu Enter your selection? Figure 34.
AT-S63 Management Software Menus User’s Guide 5 - Display Specified MAC This selection displays the port number on which a MAC address was assigned or learned. If you want to know on which port a particular MAC address was learned, you can display the MAC address table and scroll through the list looking for the MAC address. But if the switch is part of a large network, finding the address could prove difficult.
Chapter 5: MAC Address Table Adding Static Unicast and Multicast MAC Addresses This section contains the procedure for adding static unicast and multicast MAC addresses to the switch. You can assign up to 255 static addresses per port on the AT-9400 Switch. To add a static MAC address, perform the following procedure: 1. From the Main Menu, type 4 to select MAC Address Tables. The MAC Address Tables menu is shown in Figure 31 on page 102. 2.
AT-S63 Management Software Menus User’s Guide 5. Enter the number of the port on the switch where you want to assign the static address. If you are adding a static unicast address, you can specify only one port. If you are entering a static multicast address, you must specify the port when the multicast application is located as well as the ports where the host nodes are connected.
Chapter 5: MAC Address Table Deleting Unicast and Multicast MAC Addresses To delete a dynamic or static unicast or multicast address from the MAC address table, perform the following procedure: 1. From the Main Menu, type 4 to select MAC Address Tables. The MAC Address Tables menu is shown in Figure 31 on page 102. 2. From the MAC Address Tables menu, type 2 to select MAC Addresses Configuration. The MAC Addresses Configuration menu is shown in Figure 35 on page 106. 3.
AT-S63 Management Software Menus User’s Guide Deleting All Dynamic MAC Addresses To delete all dynamic unicast and multicast MAC address from the MAC address table, perform the following procedure: 1. From the Main Menu, type 4 to select MAC Address Tables. The MAC Address Tables menu is shown in Figure 31 on page 102. 2. From the MAC Address Tables menu, type 2 to select MAC Addresses Configuration. The MAC Addresses Configuration menu is shown in Figure 35 on page 106. 3.
Chapter 5: MAC Address Table Changing the Aging Time The switch uses the aging time to delete inactive dynamic MAC addresses from the MAC address table. The switch deletes a MAC address from the table when no packets are sent to or received from the end node of the address for the period of time specified by the aging time. This prevents the table from filling with addresses of nodes that are no longer active. The default setting for the aging time is 300 seconds (5 minutes).
Chapter 6 Static Port Trunks This chapter contains the procedures for managing static port trunks.
Chapter 6: Static Port Trunks Creating a Static Port Trunk This section contains the procedure for creating a static port trunk on a switch. Caution Do not connect the cables to the trunk ports on the switches until after you have configured the trunk with the management software. Connecting the cables before configuring the software will create a loop in your network topology. Data loops can result in broadcast storms and poor network performance.
AT-S63 Management Software Menus User’s Guide 3. From the Port Trunking and LACP menu, type 1 to select Static Port Trunking. The Static Port Trunking menu is shown in Figure 37. Allied Telesis AT-9448T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 Static Port Trunking ID Name Ports Method Status ---------------------------------------------------C - Create Trunk D - Delete Trunk M - Modify Trunk R - Return to Previous Menu Enter your selection? Figure 37.
Chapter 6: Static Port Trunks The Create Trunk menu is shown in Figure 38. Allied Telesis AT-9448T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 Create Trunk 1 2 3 4 - Trunk Trunk Trunk Trunk ID ......... 1 Name ....... Method ..... SRC/DST MAC Ports ...... C - Create Trunk R - Return to Previous Menu Enter your selection? Figure 38. Create Trunk Menu 5. Configure the following parameters as necessary: 1 - Trunk ID Specifies the trunk ID, a value from 1 to 6.
AT-S63 Management Software Menus User’s Guide 6. Type C to select Create Trunk. The port trunk is now active on the switch. 7. To permanently save your change, return to the Main Menu and type S to select Save Configuration Changes. 8. Configure the ports on the remote switch for port trunking. 9. Connect the cables to the ports of the trunk on the switch. The port trunk is ready for network operations.
Chapter 6: Static Port Trunks Modifying a Static Port Trunk This section contains the procedure for modifying a static port trunk on the switch. Caution If you will be adding or removing ports from the trunk, you should disconnect all data cables from the ports of the trunk on the switch before performing the procedure.
AT-S63 Management Software Menus User’s Guide 5. Enter the ID number of the trunk you want to modify. The Modify Trunk menu is displayed. The menu displays the operating specifications of the selected trunk. An example is shown in Figure 39. Allied Telesis AT-9448T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 Modify Trunk 1 2 3 4 - Trunk Trunk Trunk Trunk ID ......... Name ....... Method ..... Ports ......
Chapter 6: Static Port Trunks 6. Type M to select Modify Trunk. The modifications to the port trunk are activated on the switch. 7. To permanently save your change, return to the Main Menu and type S to select Save Configuration Changes. 8. Reconnect the cables to the ports of the trunk on the switch. The modified port trunk is ready for network operations.
AT-S63 Management Software Menus User’s Guide Deleting a Static Port Trunk To delete a static port trunk from the switch, perform the following procedure: Caution Disconnect the cables from the port trunk on the switch before performing the following procedure. Deleting a port trunk without first disconnecting the cables can create loops in your network topology. Data loops can result in broadcast storms and poor network performance. 1. From the Main Menu, type 1 to select Port Configuration. 2.
Chapter 6: Static Port Trunks 120 Section I: Basic Operations
Chapter 7 LACP Port Trunks This chapter contains the procedures for managing LACP port trunks.
Chapter 7: LACP Port Trunks Enabling or Disabling LACP This procedure explains how to enable or disable LACP on the switch. When you enable LACP, the switch begins to transmit LACPDU packets from ports assigned to aggregators. If ports in an aggregator receive LACPDU packets from a remote device, the switch creates aggregate trunks. If no aggregators are defined, no LACPDU packets are transmitted.
AT-S63 Management Software Menus User’s Guide 4. Type 1 to toggle LACP Status between Disabled and Enabled. The default is disabled. 5. To permanently save your change, return to the Main Menu and type S to select Save Configuration Changes.
Chapter 7: LACP Port Trunks Setting the LACP System Priority This procedure explains how to set the LACP system priority value on a switch. The switch uses this parameter if a conflict occurs when establishing an aggregate trunk with the other device. The LACP settings on the device with the higher priority take precedence over the settings on the other device. The lower the value, the higher the priority. A switch can have only one LACP system priority.
AT-S63 Management Software Menus User’s Guide Creating an Aggregator To create an aggregator, perform the following procedure: Caution Do not connect the cables to the ports of the aggregator on the switch until after you have configured the aggregator with the management software and enabled LACP. Connecting the cables before configuring the software and activating the protocol will create a loop in your network topology. Data loops can result in broadcast storms and poor network performance.
Chapter 7: LACP Port Trunks The Create LACP (IEEE 8023ad) Aggregator menu is shown in Figure 41. Allied Telesis AT-9448T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 Create LACP (IEEE 802.3ad) Aggregator 1 2 3 4 C - Aggregator .................. Adminkey .................... 0x0000 Distribution Mode ........... SRC/DST MAC Port Range .................. Create Aggregator R - Return to Previous Menu Enter your selection? Figure 41. Create LACP (IEEE 8023ad) Aggregator Menu 5.
AT-S63 Management Software Menus User’s Guide 3 - Distribution Mode Sets the load distribution method. Possible settings are: SRC MAC - Source MAC address DST MAC - Destination MAC address SRC/DST MAC - Source address /destination MAC address SRC IP - Source IP address trunking DST IP - Destination IP address trunking SRC/DST IP - Source address /destination IP address The default is SRC/DST MAC. 4 - Port Range Specifies the aggregator ports.
Chapter 7: LACP Port Trunks Modifying an Aggregator This procedure explains how to modify an aggregator. You can use this procedure to change the load distribution method of an aggregator or to add or remove ports. To modify an aggregator, you need to know its name. To view the names of the existing aggregators, refer to “Displaying LACP Port and Aggregator Status” on page 131.
AT-S63 Management Software Menus User’s Guide 5. Type 1 to select Aggregator and, when prompted, enter the name of the aggregator to be modified. The name is case-sensitive. (To display the names of the aggregators on a switch, refer to “Displaying LACP Port and Aggregator Status” on page 131) After you enter the aggregator’s name, the specifications of the aggregator are displayed in the menu. 6. Configure the following parameters as necessary: Note You cannot modify the name or adminkey of an aggregator.
Chapter 7: LACP Port Trunks Deleting an Aggregator This procedure deletes an aggregator from the switch. The ports that are members of the aggregator stop transmitting LACPDU packets after the aggregator is deleted. Caution Disconnect the cables from the ports of the aggregator before performing the following procedure. Deleting an aggregator without first disconnecting the cables can create loops in your network topology. Data loops can result in broadcast storms and poor network performance.
AT-S63 Management Software Menus User’s Guide Displaying LACP Port and Aggregator Status To display LACP port and aggregator status, perform the following procedure: 1. From the Main Menu, type 1 to select Port Configuration. 2. From the Port Configuration menu, type 4 to select Port Trunking and LACP. The Port Trunking and LACP menu is shown in Figure 36 on page 112. 3. Type 2 to select LACP Configuration. The LACP (IEEE 8023ad) Configuration menu is shown in Figure 40 on page 122. 4.
Chapter 7: LACP Port Trunks Figure 44 is an example of the LACP (IEEE 802.3ad) Aggregator Status menu. The information is for viewing purposes only. Allied Telesis AT-9448T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 LACP (IEEE 802.3ad) Aggregator Status Aggregator #1 ................. Adminkey ...................... Oper Key....................... Speed ......................... Distribution Mode ............. Ports configured .............. Ports in LAGID ................ Aggregated Port .
Chapter 8 Port Mirroring This chapter contains the procedures for creating and deleting a port mirror.
Chapter 8: Port Mirroring Creating a Port Mirror To create a port mirror, perform the following procedure: 1. From the Main Menu, type 1 to select Port Configuration. 2. From the Port Configuration menu, type 6 to select Port Mirroring. The Port Mirroring menu is shown in Figure 45. Allied Telesis AT-9448T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 Port Mirroring 1 2 3 4 - Enable/Disable ...................... Mirror-To (Destination) Port ........ Ingress (Rx) Mirror (Source) Ports ..
AT-S63 Management Software Menus User’s Guide 4. To mirror the ingress (received) traffic on one or more ports, do the following: a. Type 3 to select Ingress (Rx) Mirror (Source Ports. The following prompt is displayed: Ingress Mirror Ports (1-24) (or None): b. Enter the ports. You can identify the ports individually (for example, 3,7,10), as a range (for example, 5-11), or both (for example, 2,4,11-14). Entering “none” removes all ingress source ports. 5.
Chapter 8: Port Mirroring Disabling a Port Mirror To delete a port mirror, perform the following procedure: 1. From the Main Menu, type 1 to select Port Configuration. 2. From the Port Configuration menu, type 6 to select Port Mirroring. The Port Mirroring menu is shown in Figure 45 on page 134. 3. From the Port Mirroring Menu, type 1 to select Enable/Disable. The following prompt is displayed. Enter Enable(E)/Disable(D): 4. Type D to disable the feature. Port mirroring on the switch is now disabled.
AT-S63 Management Software Menus User’s Guide Modifying a Port Mirror To modify the port mirror, perform the following procedure: 1. From the Main Menu, type 1 to select Port Configuration. 2. From the Port Configuration menu, type 6 to select Port Mirroring. The Port Mirroring menu is shown in Figure 45 on page 134. 3. Type 2 to select Mirror-To (Destination) Port. The following prompt is displayed: Mirror-To Port (01-24): 4. Enter the number of the port that will function as the destination port.
Chapter 8: Port Mirroring Displaying the Port Mirror To display the port mirror, perform the following procedure: 1. From the Main Menu, type 1 to select Port Configuration. 2. From the Port Configuration menu, type 6 to select Port Mirroring. The Port Mirroring menu is shown in Figure 45 on page 134. The fields in the menu are explained in “Creating a Port Mirror” on page 134.
Section II Advanced Operations The chapters in this section contain overview information on some of the advanced features of the AT-9400 Switch. The chapters also contain procedures for configuring these features using the AT-S63 Management Software.
Section II: Advanced Operations
Chapter 9 File System The chapter describes the AT-S63 file system, and how you can copy, rename, and delete system files from the file system or from a compact flash card. This chapter also explains how you can use the file system to select which boot configuration file you want the switch to use the next time the device is reset or power cycled.
Chapter 9: File System Working with Boot Configuration Files A boot configuration file contains the series of commands that recreate the current or a specific configuration of the switch when the unit is power cycled or reset. The commands in the file recreate all the VLANs, port settings, spanning tree settings, port trunks, port mirrors, and so forth. A switch can contain multiple boot configuration files, but only one can be active on a switch at a time.
AT-S63 Management Software Menus User’s Guide “Selecting the Active Boot Configuration File for the Switch” on page 145 Creating a Boot Configuration File To create a boot configuration file that contains the switch’s current configuration, perform the following procedure: 1. From the Main Menu, type 5 to select System Administration. 2. From the System Administration menu, type 9 to select System Utilities. 3. From the System Utilities menu, type 1 to select File Operations.
Chapter 9: File System 4. From the File Operations menu, type 3 to select Create Configuration File. The following prompt is displayed: Enter the file name: 5. Enter a file name for the new boot configuration file. When entering a file name, observe the following: Be sure to include the “.cfg” extension. The file name can be up to 16 alphanumeric characters. Spaces are allowed. To store the file on a flash memory card in the switch, precede the name with “cflash:”.
AT-S63 Management Software Menus User’s Guide Note Only the active boot configuration file is changed when you select the Save Configuration Changes option in the Main Menu. No other boot configuration files stored on the switch are altered. Selecting the Active Boot Configuration File for the Switch You have now created the boot configuration file, made the necessary changes to the switch’s parameter settings, and saved the changes.
Chapter 9: File System file system, but is instead used and updated directly from the card. If you remove the card and reset the switch, the management software uses its default settings. If the file is on a flash memory card, you must change to the directory where the file is stored before performing this command. The command does not accept a directory path. To change directories on a flash card, see “Changing the Current Flash Card Directory” on page 161.
AT-S63 Management Software Menus User’s Guide The name of the file should now appear following selection 1 in the File Operations menu. The file name should be followed by “Exist”, which means that the file exists in the switch’s file system. If the management software is unable to find the file, it displays: The specified file was not found on the system. Check to be sure you entered the name of the file correctly.
Chapter 9: File System The contents of the boot configuration file are displayed in the View File menu. An example is shown in Figure 47. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 View File Viewing file “mydefault.
AT-S63 Management Software Menus User’s Guide The following are several guidelines for editing a boot configuration file: Section II: Advanced Operations The text editor must be able to store the file as ASCII text. Do not use special formatting codes, such as boldface or italics. The boot configuration file must contain AT-S63 command line commands. You enter the commands you want the switch to perform when reset or power cycled.
Chapter 9: File System Copying a System File This procedure is used to create copies of files stored in a switch’s file system or on a flash memory card. For instance, you might perform this procedure to create a copy of a configuration file so that you have a backup copy. You can also use this procedure is to copy files between a switch’s file system and a flash memory card.
AT-S63 Management Software Menus User’s Guide 6. Enter the new file name. The file name can be up to 16 alphanumeric characters, followed by a 3 letter extension. You must keep the same extension as the original file. To store the file on a compact flash card, precede the filename with “cflash:” The following message is displayed: Please wait... Press any key ... 7. Press any key to return to the File Operations menu.
Chapter 9: File System Renaming a System File This procedure is used to rename files in a system’s file system or a compact flash card. Before renaming a file, note the following: To rename a file on a compact flash card, you must first change to the directory where the file is stored. This procedure does not allow you to specify a directory path. For instructions, refer to “Changing the Current Flash Card Directory” on page 161. Files with the extension UKF are encryption key pairs.
AT-S63 Management Software Menus User’s Guide You can enter a file name of up to 16 alphanumeric characters, followed by a 3 letter extension. You must keep the same extension. If the file is located on a compact flash card, precede the filename with “cflash:” The following message is displayed: Please wait... Press any key ... Press any key to return to the File Operations menu. Examples The following examples illustrate how to rename files in a switch’s flash memory and on a compact flash card.
Chapter 9: File System Deleting a System File This procedure is used to delete files from a system’s flash memory or a compact flash card. Before deleting a file, note the following: Deleting the active boot configuration file and then resetting the switch returns the unit to its default parameter settings, unless you save the current configuration or select another active boot configuration file.
AT-S63 Management Software Menus User’s Guide Displaying System Files Use this procedure to display a list of the system files currently stored either in the flash memory of the switch or on a compact flash card. Listing All the Files To display a list of the system files stored in flash memory as well as on a compact flash card (if the switch supports this and a compact flash card is inserted in the slot), perform the following procedure: 1. From the Main Menu, type 5 to select System Administration. 2.
Chapter 9: File System An example of this display is shown in Figure 48. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 List Files File Name Device Size (Bytes) Last Modified ------------------------------------------------------------default.cfg flash 805 01/10/2009 12:01:16 boot.cfg flash 1249 4/24/2009 16:50:40 newcfg.cg flash 1082 07/12/2008 16:59:06 serverkey150.key flash 768 11/30/2008 19:17:35 ProdSw.cer flash 1024 11/30/2008 20:38:20 ProdSw2.
AT-S63 Management Software Menus User’s Guide Listing the Files on a Compact Flash Card To view the files on a compact flash card, perform the following procedure: 1. From the Main Menu, type 5 to select System Administration. 2. From the System Administration menu, type 9 to select System Utilities. 3. From the System Utilities menu, type 1 to select File Operations. The File Operations menu is shown in Figure 46 on page 143. 4. From the File Operations Menu, type 8 to select List Files.
Chapter 9: File System Working with Flash Memory The flash memory in the AT-9400 Switch stores the file system and the permanent event log. Displaying Information about the Flash Memory To display information about the flash memory, perform the following procedure: 1. From the Main Menu, type 5 to select System Administration. 2. From the System Administration menu, type 9 to select System Utilities. 3. From the System Utilities menu, type 1 to select File Operations.
AT-S63 Management Software Menus User’s Guide Formatting the Flash Memory The procedure formats the flash memory in the switch. Caution Formatting the flash memory deletes ALL files on the switch, including the active configuration file, encryption keys, and certificates. Only the AT-S63 image file in the application block is retained. To remove selected files, refer to “Deleting a System File” on page 154. Caution This procedure causes a system reset.
Chapter 9: File System Working with the Compact Flash Card Some of the AT-9400 Switches have a slot for a compact flash card. Compact flash cards can be used for transferring files between switches, such as configuration files, and storing backup copies of files. Displaying Compact Flash Card Information To display information about the compact flash card, perform the following procedure: 1. From the Main Menu, type 5 to select System Administration. 2.
AT-S63 Management Software Menus User’s Guide The Display Compact Flash Information menu provides the following information: Current Directory The currently selected directory. To change the directory, see “Changing the Current Flash Card Directory” on page 161. Number of files The number of files in the current directory. Number of directories The number of directories on the compact flash card. Bytes used The number of bytes used in the current directory.
Chapter 9: File System The Set/Change Compact Flash Directory menu is shown in Figure 52. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 Set/Change Compact Flash Directory 1 - Current Directory: ...\ R - Return to Previous Menu Enter your selection? Figure 52. Set/Change Compact Flash Directory Menu 5. From the Set/Change Compact Flash Directory menu, type 1 to select Current Directory. The following prompt is displayed: Enter the directory name to change to: 6.
Chapter 10 File Downloads and Uploads This chapter contains the procedures for downloading a new AT-S63 image file onto the switch. This chapter also contains the procedures for uploading and downloading system files, such as a boot configuration file, from the file system in the switch.
Chapter 10: File Downloads and Uploads Downloading the AT-S63 Image File onto a Switch This section contains the following two procedures: “Downloading the AT-S63 Image from a Local Management Session” on page 166 “Downloading the AT-S63 Image from a Remote Management Session” on page 170 These procedures explain how to download a new version of the AT-S63 image file onto a switch from a local management session using either Xmodem or TFTP, or from a remote management session (i.
AT-S63 Management Software Menus User’s Guide interface is assigned the same address. If the unit obtained its IP configuration from a DHCP or BOOTP server, the interface is created with the DHCP or BOOTP client activated. The interface is given the interface number 0 and assigned to the preexisting management VLAN. Furthermore, the interface is designated as the local interface on the switch. For example, if the switch has the static IP address 149.44.44.
Chapter 10: File Downloads and Uploads Downloading the AT-S63 Image from a Local Management Session Review “Guidelines” on page 164 before performing the following download procedure. To download a new AT-S63 software image into the application block portion of the switch’s flash memory, making it the active image file on the switch, from a local management session using Xmodem or TFTP, perform the following procedure: 1.
AT-S63 Management Software Menus User’s Guide The following prompt is displayed: TFTP Server IP address: b. Enter the IP address of the TFTP server. The following prompt is displayed: Remote File Name: c. Enter the file name of the AT-S63 image file stored on the TFTP server. The following message is displayed: Getting the file from Remote TFTP Server - Please wait ... d. If you have not already done so, start the TFTP server software.
Chapter 10: File Downloads and Uploads Note The transfer protocol must be Xmodem or 1K Xmodem. 8. Type Y for Yes. The prompt “Downloading” is displayed. 9. Begin the file transfer. Steps 10 through 13 illustrate how you download a file using the Hilgraeve HyperTerminal program. 10. From the HyperTerminal main window, select Send File from the Transfer menu, as shown in Figure 54. Figure 54. HyperTerminal Window The Send File window is shown in Figure 55. Figure 55. Send File Window 11.
AT-S63 Management Software Menus User’s Guide 13. Click Send. The software immediately begins downloading onto the switch. The Xmodem File Send window in Figure 56 displays the current status of the software download. The download process takes several minutes to complete. Figure 56. XModem File Send Window After receiving the file, the switch compares the version number of the new image file that you just downloaded against the file already in the application block on the switch.
Chapter 10: File Downloads and Uploads Downloading the AT-S63 Image from a Remote Management Session Review “Guidelines” on page 164 before performing the following download procedure. To download a new AT-S62 image file into the application block portion of the switch’s flash memory, making it the active image file on the switch, from a remote management session (i.e, Telnet or SSH) using TFTP, perform the following procedure: 1.
AT-S63 Management Software Menus User’s Guide After the switch has downloaded the image file, the following message is displayed: File received successfully! After receiving the file, the switch compares the version number of the new image file that you just downloaded against the file already in the application block on the switch. If the new image file has an earlier or the same version number as the file in the switch’s application block, it cancels the update process.
Chapter 10: File Downloads and Uploads Uploading the AT-S63 Image File Switch to Switch The procedure in this section uploads the AT-S63 software image from a master AT-9400 Switch to another AT-9400 Switch in an enhanced switch. This procedure is useful in networks that contain a large number of AT-9400 Switches.
AT-S63 Management Software Menus User’s Guide For example, if the switch has the static IP address 149.44.44.44 and the management VLAN has a VID of 12, the upgrade process automatically creates a routing interface with the same IP address and names it VLAN12-0. It assigns the interface to the VLAN with the VID of 12 and designates it as the switch’s local interface.
Chapter 10: File Downloads and Uploads The following prompt is displayed: Do you want confirmation before downloading each switch > [Yes/No] 7. If you answer Yes to this prompt, the management software prompts you with a confirmation message before upgrading a switch. If you answer No, the management software does not display a confirmation prompt before uploading the image file. The management software begins the upload. The management software notifies you when the upload is complete.
AT-S63 Management Software Menus User’s Guide Uploading an AT-S63 Configuration File Switch to Switch This procedure explains how to upload a boot configuration file on a master AT-9400 Switch to another AT-9400 Switch in an enhanced stack. This procedure provides you with an easy way of distributing a configuration file to different switches that are to share a similar configuration. For an explanation of the boot configuration file, refer to “Working with Boot Configuration Files” on page 142.
Chapter 10: File Downloads and Uploads Caution This procedure causes the switch to reset. Some network traffic may be lost. To upload a boot configuration file on the master switch to another switch in an enhanced stack, perform the following procedure: 1. From the Main Menu, type 8 to select Enhanced Stacking. The Enhanced Stacking menu is shown in Figure 23 on page 82. 2. From the Enhanced Stacking menu, type 2 to select Stacking Services.
AT-S63 Management Software Menus User’s Guide After you have entered a name, the following prompt is displayed: Enter the list of switches -> 7. Enter the number (Num column in the menu) of the AT-9400 Switch to receive the configuration file. You can specify more than one switch at a time (for example, 2,4,5). Note Do not upload a configuration file from the AT-9400 Switch onto any other type of switch.
Chapter 10: File Downloads and Uploads Downloading a System File This section contains the following two procedures: “Downloading a System File from a Local Management Session” on page 180 “Downloading a System File from a Remote Management Session” on page 183 Both procedures are used to download files into a switch’s file system. One procedure downloads files from a local management using either Xmodem or TFTP, and the other explains how to do it from a remote management session using TFTP.
AT-S63 Management Software Menus User’s Guide You must use TFTP to download files from a remote management session. If the switch supports a flash memory card, you can use these procedures to download a file to the card rather than the switch’s file system. To download a file to a flash memory card, you should first change to the directory where you want to store the file on the card. This procedure does not accept a directory path.
Chapter 10: File Downloads and Uploads Downloading a System File from a Local Management Session Review “Guidelines” on page 178 before performing this procedure. To download a system file onto a switch from a local management session using Xmodem or TFTP, perform the following procedure: 1. From the Main Menu, type 5 to select System Administration. The System Administration menu is shown in Figure 2 on page 31. 2. From the System Administration menu, type 9 to select System Utilities.
AT-S63 Management Software Menus User’s Guide d. Enter a name for the system file. This is the name that the switch will store the file as in its file system. To store the file on a flash memory card in the switch rather than the file system, precede the name with “cflash:”. The following message is displayed: Getting the file from Remote TFTP Server - Please wait ... e. If you have not already done so, start the TFTP server software.
Chapter 10: File Downloads and Uploads The prompt “Downloading” is displayed. 9. Begin the file transfer of the system file using the terminal emulator program. Steps 10 through 14 illustrate how to download a system file using the Hilgraeve HyperTerminal program. 10. From the HyperTerminal main window, select Send File from the Transfer menu, as shown in Figure 57. Figure 57. HyperTerminal Window The Send File window is shown in Figure 58. Figure 58. Send File Window 11.
AT-S63 Management Software Menus User’s Guide The file immediately begins downloading onto the switch. The Xmodem File Send window in Figure 59 displays the current status of the download. Figure 59. XModem File Send Window The download is complete when the Downloads and Uploads menu is redisplayed. 14. If you downloaded a configuration file and want to make it the active boot file on the switch, refer to “Setting the Active Boot Configuration File” on page 145.
Chapter 10: File Downloads and Uploads The System Utilities menu is shown in Figure 7 on page 41. 4. From the System Utilities menu, type 2 to select Downloads and Uploads. The Downloads and Uploads menu is shown in Figure 53 on page 166. 5. From the Downloads and Uploads menu, type 3 to select Download a File. The following prompt is displayed: Only TFTP downloads are available for a Telnet access TFTP Server IP address: 6. Enter the IP address of the TFTP server.
AT-S63 Management Software Menus User’s Guide This completes the procedure for downloading a file into the switch’s file system or flash memory card from a remote management session using TFTP.
Chapter 10: File Downloads and Uploads Uploading a System File This section contains the following two procedures: “Uploading a System File from a Local Management Session” on page 187 “Uploading a System File from a Remote Management Session” on page 190 These procedures explain how to upload files from a switch’s file system to your management workstation or a TFTP server. One procedure explains how to perform the upload from a local management using either Xmodem or TFTP.
AT-S63 Management Software Menus User’s Guide To upload a public key, you must first export it from the key database into the switch’s file system. For instructions, refer to “Exporting an Encryption Key” on page 598. Public keys have the file name extension “.key.” You cannot upload an encryption key pair. Key pairs have the file name extension “.ukf.” (The prohibition against uploading an encryption key pair is to prevent an unauthorized individual from obtaining the private key.
Chapter 10: File Downloads and Uploads 5. From the Downloads and Uploads menu, type 4 to select Upload a File. The following prompt is displayed: Upload Method/Protocol [X-Xmodem, T-TFTP]: 6. To upload a system file using Xmodem, go to Step 7. To upload a file using TFTP, do the following: a. Type T. The following prompt is displayed: TFTP Server IP address: b. Enter the IP address of the TFTP server. The following prompt is displayed: Remote File Name: c.
AT-S63 Management Software Menus User’s Guide 8. Enter the name of the system file on the switch that you want to upload to your computer. You can specify only one file. You cannot use wildcards in the file name. If the file is stored on a flash memory card, precede the name with “cflash:”. The following prompt is displayed: You are going to invoke the Xmodem download utility. Do you wish to continue? [Yes/No] Note: Please select 1K Xmodem protocol for faster download.
Chapter 10: File Downloads and Uploads The Receive File window is shown in Figure 61. Figure 61. Receive File Window 12. Click Browse and specify the location on your computer where you want the system file stored. 13. Click in the Protocol field and select as the transfer protocol either Xmodem or, for a faster download, 1K XModem. 14. Click Receive. 15. When prompted, enter a name for the file. This is the name given the file when it is stored on your workstation.
AT-S63 Management Software Menus User’s Guide 4. From the System Utilities menu, type 2 to select Downloads and Uploads. The Downloads and Uploads menu is shown in Figure 53 on page 166. 5. From the Downloads and Uploads menu, type 4 to select Upload a File. The following prompt is displayed: Only TFTP uploads are available for a Telnet access TFTP Server IP address: 6. Enter the IP address of the TFTP server. The following prompt is displayed: Remote File Name: 7.
Chapter 10: File Downloads and Uploads 192 Section II: Advanced Operations
Chapter 11 Event Logs and the Syslog Client This chapter describes how to monitor the activity of a switch by viewing the event messages in the event logs and sending the messages to a syslog server.
Chapter 11: Event Logs and the Syslog Client Working with the Event Logs This section contains the following procedures: Enabling or Disabling the Event Logs “Enabling or Disabling the Event Logs,” next “Displaying an Event Log” on page 195 “Modifying the Event Log Full Action” on page 201 “Clearing an Event Log” on page 202 “Saving an Event Log to a File” on page 202 This procedure explains how to enable or disable the event logs on the switch.
AT-S63 Management Software Menus User’s Guide 3. To enable or disable event logging, type 1 to toggle Event Logging between the two options: Enabled The switch immediately begins to add events to the logs and send events to any defined syslog servers. This is the default. Disabled The switch does not store events in the logs and does not send events to any syslog servers. Note You cannot individually disable or enable the temporary and permanent event logs.
Chapter 11: Event Logs and the Syslog Client 4. To select the order of the events in the event log, type 3 to select Display Order and toggle between these two options: Chronological Displays the events in the order from the oldest event to the most recent event. This is the default. Reverse Chronological Displays the events from the most recent event to the oldest event. 5.
AT-S63 Management Software Menus User’s Guide 7. To view the events of a particular AT-S63 software module, type 7 to select Event Module and enter the module. To specify more than one module, separate them by a comma—for example, “system, stp, ptrunk.” The default is ALL, which displays the events of all the modules. The AT-S63 Management Software consists of modules, each responsible for a different part of switch operation.
Chapter 11: Event Logs and the Syslog Client Table 1.
AT-S63 Management Software Menus User’s Guide 8. To display the event messages of the log and settings you have chosen, type V to select View Log. Figure 63 shows an example of an event log in Normal mode.
Chapter 11: Event Logs and the Syslog Client within the AT-S63 Management Software that generated the event. The second part is a description of the event. When you display the events in full mode, more information is included. Figure 64 shows the same portion of the event log in Figure 63 on page 199 but displayed in full mode.
AT-S63 Management Software Menus User’s Guide Modifying the Event Log Full Action This procedure explains how to control the action of the logs when they reach the maximum capacity of 4,000 events for the temporary log and 2,000 events for the permanent log. A log can either delete the oldest entries as it adds new entries or stop adding entries, so as to preserve the existing log contents. You can set the action independently for the two logs. The log full action does not apply to syslog servers.
Chapter 11: Event Logs and the Syslog Client Clearing an Event Log To clear all events from an event log, perform the following procedure: 1. From the Main Menu, type 5 to select System Administration. 2. From the System Administration menu, type 8 to select Event Log. The Event Log menu is shown in Figure 62 on page 194. 3. From the Event Log menu, type C to select Clear Log. The following prompt is displayed: Enter output to clear (T=Temporary, P=Permanent) -> 4.
AT-S63 Management Software Menus User’s Guide When the save process is complete, the word “Complete” is displayed, followed by another prompt: Press any key to continue. 7. Press any key. The log file is saved in the switch’s file system as an ASCII file. 8. To view the log file, type R to return to the System Administration menu. 9. From the System Administration menu, type 9 to select System Utilities. The System Utilities menu is displayed, as shown in Figure 7 on page 41. 10.
Chapter 11: Event Logs and the Syslog Client 13. To upload the file to your management station, refer to “Uploading a System File” on page 186.
AT-S63 Management Software Menus User’s Guide Configuring Log Outputs There are two methods for viewing the events generated by the switch. One approach is to display one of the switch’s event logs. The drawback to this method is that you must establish a management session with the switch before you can view the logs and you can view the log of only one switch at a time. The other way to view events is to configure the switch to send its event messages to a syslog server.
Chapter 11: Event Logs and the Syslog Client Creating a Log Output Definition To create a log output definition, perform the following procedure: 1. From the Main Menu, type 5 to select System Administration. 2. From the System Administration menu, type 8 to select Event Log. The Event Log menu is shown in Figure 62 on page 194. 3. From the Event Log menu, type L to select Configure Log Outputs.
AT-S63 Management Software Menus User’s Guide The Syslog Output Configuration menu is displayed, as shown in Figure 67. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 Syslog Output Configuration 1 2 3 4 5 6 7 - Output ID ................ Server IP Address ........ Output Status ............ Message Format ........... Facility Level ........... Event Severity ........... Event Module ............. 0.0.0.
Chapter 11: Event Logs and the Syslog Client 11. Type 4 to toggle Message Format between the following options: Normal Sends the severity, module, and description for each event. Extended Sends the same information as Normal along with the date, time, and switch’s IP address. This is the default. 12. Type 5 to select Facility Level.
AT-S63 Management Software Menus User’s Guide Table 3. Applicable RFC 3164 Numerical Code and AT-S63 Module Mappings (Continued) Numerical Code RFC 3164 Facility AT-S63 Module 9 Clock daemon Time- based modules: - TIME (system time and SNTP) - RTC 22 Local use 6 Physical interface and data link modules: - PCFG - PMIRR - PTRUNK - STP - VLAN 23 Local use 7 SYSTEM events related to major exceptions. 16 Local use 0 All other modules and events.
Chapter 11: Event Logs and the Syslog Client Table 4. Numerical Code and Facility Level Mappings (Continued) Numerical Code Facility Level Setting 20 LOCAL4 21 LOCAL5 22 LOCAL6 23 LOCAL7 For example, selecting LOCAL2 as the facility level assigns the numerical code of 18 to all events sent by the switch to the syslog server. 13. To include events of a selected severity, type 6 to select Event Severity.
AT-S63 Management Software Menus User’s Guide 15. Enter a list of modules separated by a comma—for example, “system, stp, ptrunk.” 16. Type C to create the log output. The switch adds the new syslog server definition to the Configure Log Outputs menu and begins to send events to the sever, if you enabled the definition when you created it. An example of the menu with a new syslog server definition is shown in Figure 68.
Chapter 11: Event Logs and the Syslog Client 5. Enter the number of the log output that you want to modify. The Syslog Output Configuration menu is displayed, as shown in Figure 67 on page 207. 6. Refer to “Creating a Log Output Definition” on page 206 for information about the menu selections. 7. When you complete the modifications, type M to select Modify Log Output. The Configure Log Outputs menu as shown in Figure 66 on page 206 is redisplayed. 8.
AT-S63 Management Software Menus User’s Guide Displaying the Log Output Definition Details To view the settings of a log output definition, perform the following procedure: 1. From the Main Menu, type 5 to select System Administration. 2. From the System Administration menu, type 8 to select Event Log. The Event Log menu is shown in Figure 62 on page 194. 3. From the Event Log menu, type L to select Configure Log Outputs. The Configure Log Outputs menu is shown in Figure 66 on page 206. 4.
Chapter 11: Event Logs and the Syslog Client 214 Section II: Advanced Operations
Chapter 12 Classifiers This chapter explains classifiers and how you can create classifiers to define traffic flows.
Chapter 12: Classifiers Creating a Classifier This section contains the procedure for creating a classifier. A classifier contains a series of variables that define a traffic flow. This same procedure is used whether the classifier is intended for an ACL or a QoS policy. To create a classifier, perform the following procedure 1. From the Main Menu, type 7 to select Security and Services. The Security and Services menu is shown in Figure 70.
AT-S63 Management Software Menus User’s Guide The Classifier Configuration menu is shown in Figure 71. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 Classifier Configuration 1 2 3 4 - Create Classifier Modify Classifier Destroy Classifier Show Classifiers P - Purge Classifiers R - Return to Previous Menu Enter your selection? Figure 71. Classifier Configuration Menu 3. From the Classifier Configuration menu, type 1 to select Create Classifier.
Chapter 12: Classifiers This is the first page of the classifier variables. To view the remaining variables, type N to select Next Page. The Create Classifier menu (page 2) is shown in Figure 73. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 Create Classifier 11 12 13 14 15 16 17 18 19 20 E C P U R - - IP Protocol: ... Src IP Addr: ... Src IP Mask: ... Dst IP Addr: ... Dst IP Mask: ... TCP Src Port: .. TCP Dst Port: .. UDP Src Port: .. UDP Dst Port: .. TCP Flags: ...
AT-S63 Management Software Menus User’s Guide 7. Repeat steps 5 and 6 to adjust any other variables necessary to define the traffic flow for this classifier. 8. After configuring the necessary variables, type C to select Create Classifier. The switch creates the classifier. If any of the settings are incompatible, the system displays an error message. 9. To create more classifiers, repeat this procedure starting with step 3. 10.
Chapter 12: Classifiers Modifying a Classifier In order to modify a classifier, you need to know its ID number. If you are unsure of the ID number of the classifier you want to modify, refer to “Displaying Classifiers” on page 224. You cannot modify a classifier if it belongs to an ACL or QoS policy that is assigned to a port. You must first remove the port assignments from the ACL or policy before you can modify the classifier. To modify a classifier, perform the following procedure: 1.
AT-S63 Management Software Menus User’s Guide 7. To modify other classifiers, repeat this process starting with step 3. 8. To permanently save your change, return to the Main Menu and type S to select Save Configuration Changes. 9. To add the modified classifier to an ACL, refer to “Creating an ACL” on page 228 or “Modifying an ACL” on page 231. To add it to a QoS policy, refer to “Managing Flow Groups” on page 248.
Chapter 12: Classifiers Deleting a Classifier This procedure deletes a classifier from the switch. To delete a classifier, you need to know its ID number. If you are unsure of the ID number of the classifier you want to delete, refer to “Displaying Classifiers” on page 224. Note You cannot delete a classifier if it belongs to an ACL or QoS policy.You must first remove the classifier from its ACL or policy assignments before you can delete it. To delete a classifier, perform the following procedure: 1.
AT-S63 Management Software Menus User’s Guide Deleting All Classifiers This procedure deletes all classifiers from the switch. To delete individual classifiers, refer to “Deleting a Classifier” on page 222. Note You cannot delete all classifiers if any of them belong to an ACL or QoS policy.You must first remove all classifiers from their ACL and policy assignments before performing this procedure. To delete all classifiers from the switch, perform the following procedure: 1.
Chapter 12: Classifiers Displaying Classifiers To display the classifiers on a switch, do the following: 1. From the Main Menu, type 7 to select Security and Services. The Security and Services menu is shown in Figure 70 on page 216. 2. From the Security and Services menu, type 1 to select Classifier Configuration. The Classifier Configuration menu is shown in Figure 71 on page 217. 3. From the Classifier Configuration menu, type 4 to select Show Classifiers.
AT-S63 Management Software Menus User’s Guide Number of References The number of active and inactive ACL and QoS policy assignments for the classifier. An active ACL or QoS policy has been assigned to a switch port while an inactive ACL or policy has not been assigned to a port. If this number is 0 (zero), the classifier has not been assigned to any ACLs or policies. Number of Active Associations The number of active ACLs and QoS policy assignments for the classifier.
Chapter 12: Classifiers The second page of the Display Classifier Details menu is shown in Figure 76. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 Display Classifier Details 11 12 13 14 15 16 17 18 19 20 - IP Protocol: ... Src IP Addr: ... Src IP Mask: ... Dst IP Addr: ... Dst IP Mask: ... TCP Src Port: .. TCP Dst Port: .. UDP Src Port: .. UDP Dst Port: .. TCP Flags: .....
Chapter 13 Access Control Lists This chapter explains how to manage access control lists (ACL).
Chapter 13: Access Control Lists Creating an ACL This procedure explains how to create an ACL. In order to perform this procedure, you need to know the ID numbers of the classifiers to be assigned to the ACL. To view classifier ID numbers, refer to “Displaying Classifiers” on page 224. To create an ACL, perform the following procedure: 1. From the Main Menu, type 7 to select Security and Services. 2. From the Security and Services menu, type 4 to select Access Control Lists.
AT-S63 Management Software Menus User’s Guide The Create ACL menu is shown in Figure 78. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 Create ACL 1 2 3 4 5 - ACL ID ........... 0 Description ....... Action ............ Deny Classifier List ... Port List ......... C - Create ACL R - Return to Previous Menu Enter your selection? Figure 78. Create ACL Menu 4. Type 1 to select ACL ID and, when prompted, enter an ID number for the ACL.
Chapter 13: Access Control Lists 9. Type 5 to select Port List and, when prompted, enter the ports where you want to assign the ACL. You can assign an ACL to just one port or to more than one port. When entering multiple ports, you can list the ports individually (e.g., 2,5,7), as a range (e.g., 8-12) or both (e.g., 14,6,8). 10. Type C to select Create ACL. The ACL is created on the switch and immediately activated on the specified ports. 11.
AT-S63 Management Software Menus User’s Guide Modifying an ACL This procedure explains how to modify an ACL. In order to perform this procedure, you need to know the ID number of the ACL. To display ACL ID numbers, refer to “Displaying ACLs” on page 236. If you plan to add classifiers to the ACL, you also need to know the ID numbers of the classifiers. To view classifier ID numbers, refer to “Displaying Classifiers” on page 224. To modify an ACL, perform the following procedure: 1.
Chapter 13: Access Control Lists 5. To change the description of the ACL, type 2 to select Description and enter a new description for the ACL. The description can be up to 31 alphanumeric characters. Spaces are allowed. This parameter is optional, though recommended. Assigning each ACL a name will make it easier for you to identify them. 6. To change the ACL’s action, type 3 to select Action. The following prompt is displayed: Enter Value [0-Deny, 1-Permit] : [0 to 1] -> 0 7.
AT-S63 Management Software Menus User’s Guide Deleting an ACL This procedure deletes an ACL from the switch. To perform this procedure, you need to know the ID number of the ACL. To display ACL ID numbers, refer to “Displaying ACLs” on page 236. To delete an ACL, perform the following procedure: 1. From the Main Menu, type 7 to select Security and Services. 2. From the Security and Services menu, type 4 to select Access Control Lists. The Access Control Lists (ACL) menu is shown in Figure 77 on page 228.
Chapter 13: Access Control Lists A deleted ACL is immediately removed from the switch. 6. To delete additional ACLs, repeat this procedure starting with step 3. 7. To permanently save your change, return to the Main Menu and type S to select Save Configuration Changes.
AT-S63 Management Software Menus User’s Guide Deleting All ACLs This procedure deletes all ACLs from the switch. To delete all ACLs, perform the following procedure: 1. From the Main Menu, type 7 to select Security and Services. 2. From the Security and Services menu, type 4 to select Access Control Lists. The Access Control Lists (ACL) menu is shown in Figure 77 on page 228. 3. From the Access Control Lists (ACL) menu, type P to selection Purge ACLs. Caution No confirmation prompt is displayed.
Chapter 13: Access Control Lists Displaying ACLs To display the ACLs on a switch, perform this procedure: 1. From the Main Menu, type 7 to select Security and Services. 2. From the Security and Services menu, type 4 to select Access Control Lists. The Access Control Lists (ACL) menu is shown in Figure 77 on page 228. 1. From the Access Control Lists (ACL) menu, type 4 to selection Show ACLs. An example of the Show ACLs window is illustrated in Figure 81.
AT-S63 Management Software Menus User’s Guide 2. To view the details of a ACL, type D to select Display Classifier Detail. The following prompt is displayed: Enter ACL ID : [0 to 255] -> 0 3. Enter the ID number of the ACL you want to display. The details of the selected ACL are displayed. An example of the Display ACL Details window is illustrated in Figure 82. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 Display ACL Details 1 2 3 4 5 - ACL ID ..............
Chapter 13: Access Control Lists 238 Section II: Advanced Operations
Chapter 14 Class of Service This chapter contains the procedures for configuring Class of Service (CoS).
Chapter 14: Class of Service Configuring CoS A packet received on a port is placed it into one of eight priority queues on the egress port according to the switch’s mapping of 802.1p priority levels to egress priority queues. You can override the mappings at the port level by assigning the packets a temporary priority level. Note that this assignment is made when a packet is received on the ingress port and before the frame is forwarded to the egress port.
AT-S63 Management Software Menus User’s Guide 3. From the Class of Service menu, type 1 to select Configure Port CoS Priorities. The following prompt is displayed: Enter port number -> [1 to 24] -> 4. Enter the number of the port on the switch where you want to configure CoS. You can specify only one port at a time. The Configure Port COS Priorities menu is shown in Figure 84. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 Configure Port CoS Priorities 1 - Port Number .
Chapter 14: Class of Service Note CoS does not change the tagged information in a frame. A tagged frame leaves a switch with the same priority level that it had when it entered. The default for this parameter is No, meaning that the priority level of tagged frames is determined by the priority level specified in the frames themselves. 8. Type C to select Configure Port COS Priorities. A change to a port CoS setting is immediately activated on the port. 9.
AT-S63 Management Software Menus User’s Guide Mapping CoS Priorities to Egress Queues This procedure explains how to change the default mappings of CoS priorities to egress priority queues. This is set at the switch level. You cannot set this at the per-port level. To change the mappings, perform the following procedure. 1. From the Main Menu, type 7 to select Security and Services. 2. From the Security and Services menu, type 5 to select Class of Service (CoS).
Chapter 14: Class of Service Configuring Egress Scheduling This procedure explains how to select and configure a scheduling method for Class of Service. Scheduling determines the order in which the ports handle packets in their egress queues. Scheduling is set at the switch level. You cannot set this on a per-port basis. 1. From the Main Menu, type 7 to select Security and Services. 2. From the Security and Services menu, type 5 to select Class of Service (CoS).
AT-S63 Management Software Menus User’s Guide The default value of 1 for each queue gives all egress queues the same weight. 6. To permanently save your change, return to the Main Menu and type S to select Save Configuration Changes.
Chapter 14: Class of Service Displaying Port CoS Priorities The following procedure displays a menu that lists the current CoS priority level for each port. 1. From the Main Menu, type 7 to select Security and Services. 2. From the Security and Services menu, type 5 to select Class of Service (CoS). The Class of Service (CoS) menu is shown in Figure 83 on page 240. 3. From the Class of Service (CoS) menu, type 4 to select Show Port CoS Priorities. The Show Port CoS Priorities menu is shown in Figure 87.
Chapter 15 Quality of Service This chapter describes Quality of Service (QoS).
Chapter 15: Quality of Service Managing Flow Groups This section contains the following procedures: Creating a Flow Group “Creating a Flow Group,” next “Modifying a Flow Group” on page 251 “Deleting a Flow Group” on page 252 “Displaying Flow Groups” on page 253 To create a flow group, perform the following procedure: 1. From the Main Menu, type 7 to select Security and Services. 2. From the Security and Services menu, type 6 to select Quality of Service.
AT-S63 Management Software Menus User’s Guide The Flow Group Configuration menu is shown in Figure 89. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 Flow Group Configuration 1 2 3 4 - Create Flow Group Modify Flow Group Destroy Flow Group Show Flow Groups R - Return to Previous Menu Enter your selection? Figure 89. Flow Group Configuration Menu 4. From the Flow Group Configuration menu, type 1 to select Create Flow Group.
Chapter 15: Quality of Service 2 - Description Specifies a description for the flow group. The description can be from 1 to 15 alphanumeric characters including spaces. This parameter is optional, but recommended. Names can help you identify the groups on the switch. 3 - DSCP value Specifies a replacement value to write into the DSCP (TOS) field of the packets. The range is 0 to 63. A new DSCP value can be set at all three levels: flow group, traffic class, and policy.
AT-S63 Management Software Menus User’s Guide 7. To create another flow group, repeat this procedure starting with step 4. To assign the flow group to a traffic class, go to “Managing Traffic Classes” on page 257. 8. To permanently save your change, return to the Main Menu and type S to select Save Configuration Changes. Modifying a Flow Group To modify a flow group, perform the following procedure: 1. From the Main Menu, type 7 to select Security and Services. 2.
Chapter 15: Quality of Service Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 Modify Flow Group 1 2 3 4 5 6 7 8 9 - Flow Group ID .............. Description ................ DSCP value ................. Priority ................... Remark Priority ............ ToS ........................ Move ToS to Priority ....... Move Priority to ToS ....... Classifier List ............ 2 Video1 0 6 No No No 11 M - Modify Flow Group R - Return to Previous Menu Figure 91.
AT-S63 Management Software Menus User’s Guide The Flow Group Configuration menu is shown in Figure 89 on page 249. 4. From the Flow Group Configuration menu, type 3 to select Destroy Flow Group. The following prompt is displayed: Available Flow Group(s): 0-10 Enter Flow Group ID : [0 to 1023] -> 0 5. Enter the ID number of the flow group you want to delete. You can delete only one flow group at a time. The selected flow group is displayed in the Destroy Flow Group menu.
Chapter 15: Quality of Service 2. From the Security and Services menu, type 6 to select Quality of Service. The Quality of Service (QoS) menu is shown in Figure 88 on page 248. 3. From the Quality of Service (QoS) menu, type 1 to select Flow Group Configuration. The Flow Group Configuration menu is shown in Figure 89 on page 249. 4. From the Flow Group Configuration menu, type 4 to select Show Flow Groups. The Show Flow Groups menu is shown in Figure 93.
AT-S63 Management Software Menus User’s Guide 5. To display the specifics of a flow group, type D to select Display Flow Group Detail. The following prompt is displayed: Available Flow Group(s): 0-10 Enter Flow Group ID : [0 to 1023] -> 0 6. Enter the ID number of the flow group you want to view. You can display only one flow group at a time. The specifications of the selected flow group are displayed in the Display Flow Group Details menu. An example is shown in Figure 94.
Chapter 15: Quality of Service ToS Specifies a replacement value to write into the Type of Service (ToS) field of IPv4 packets. The range is 1 to 7. Move ToS to Priority If set to Yes, replaces the value in the 802.1p priority field with the value in the ToS priority field on IPv4 packets. If set to No, which is the default, the packets retain their preexisting 802.1p priority level. Move Priority to ToS If set to Yes, replaces the value in the ToS priority field with the value in the 802.
AT-S63 Management Software Menus User’s Guide Managing Traffic Classes This section contains the following procedures: Creating a Traffic Class “Creating a Traffic Class,” next “Modifying a Traffic Class” on page 261 “Deleting a Traffic Class” on page 263 “Displaying Traffic Classes” on page 264 To create a traffic class, perform the following procedure: 1. From the Main Menu, type 7 to select Security and Services. 2.
Chapter 15: Quality of Service The Create Traffic Class menu is shown in Figure 96. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 Create Traffic Class 1 2 3 4 5 6 7 8 9 A B D E - Traffic Class ID .......... Description ............... Exceed Action ............. Exceed Remark Value ....... DSCP value ................ Max bandwidth ............. Burst Size ................ Priority .................. Remark Priority ........... ToS .......................
AT-S63 Management Software Menus User’s Guide 5 - DSCP value Specifies a replacement value to write into the DSCP (TOS) field of the packets. The range is 0 to 63. A new DSCP value can be set at all three levels: flow group, traffic class, and policy. A DSCP value specified in a flow group overrides a DSCP value specified at the traffic class or policy level. A DSCP value specified at the traffic class level is used only if no value has been specified at the flow group level.
Chapter 15: Quality of Service matches the number being used by the traffic. However, no unused tokens will accumulate in the bucket. If the traffic increases, the excess traffic will be discarded since no tokens are available for handling the increase. If the traffic is below the maximum bandwidth, unused tokens will accumulate in the bucket since the actual bandwidth falls below the specified maximum.
AT-S63 Management Software Menus User’s Guide value in the ToS priority field for IPv4 packet. If set to No, which is the default, the packets retain their preexisting 802.1p priority level. D - Move Priority to ToS If set to yes, replaces the value in the ToS priority field with the value in the 802.1p priority field on IPv4 packets. If set to No, which is the default, the packets retain their preexisting ToS priority level. E- Flow Group List Specifies the flow groups to be assigned to the traffic class.
Chapter 15: Quality of Service The selected traffic class is displayed in the Modify Traffic Class menu. An example is shown in Figure 97. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 Modify Traffic Class 1 2 3 4 5 6 7 8 9 A B D E - Traffic Class ID .......... Description ............... Exceed Action ............. Exceed Remark Value ....... DSCP value ................ Max bandwidth ............. Burst Size ................ Priority ..................
AT-S63 Management Software Menus User’s Guide Deleting a Traffic Class To delete a traffic class, perform the following procedure: 1. From the Main Menu, type 7 to select Security and Services. 2. From the Security and Services menu, type 6 to select Quality of Service. The Quality of Service (QoS) menu is shown in Figure 88 on page 248. 3. From the Quality of Service (QoS) menu, type 2 to select Traffic Class Configuration. The Traffic Class Configuration menu is shown in Figure 95 on page 257. 4.
Chapter 15: Quality of Service The traffic class is deleted from the switch. The class is removed from any policies to which it is assigned. 7. To delete another traffic class, repeat this procedure starting with step 4. 8. To permanently save your change, return to the Main Menu and type S to select Save Configuration Changes. Displaying Traffic Classes To display the traffic classes, perform the following procedure: 1. From the Main Menu, type 7 to select Security and Services. 2.
AT-S63 Management Software Menus User’s Guide The Show Traffic Classes menu provides the following information: ID The traffic class’ ID number. Description A description of the traffic class. Parent Policy ID The ID number of the policy where the traffic class is assigned. A traffic class can belong to only one policy at a time. Active The status of the traffic class. If the traffic class is part of a QoS policy that is assigned to one or more ports, the traffic class is deemed active.
Chapter 15: Quality of Service The Display Traffic Class Details menu provides the following information: Traffic Class ID The traffic class ID number. Description The description of the traffic class. Exceed Action The action taken if the traffic of the traffic class exceeds the maximum bandwidth. Exceed Remark Value The DSCP replacement value for traffic that exceeds the maximum bandwidth. DSCP value The replacement value to write into the DSCP (TOS) field of the packets.
AT-S63 Management Software Menus User’s Guide Managing Policies This section contains the following procedures: Creating a Policy “Creating a Policy,” next “Modifying a Policy” on page 270 “Deleting a Policy” on page 271 “Displaying Policies” on page 272 To create a policy, perform the following procedure: 1. From the Main Menu, type 7 to select Security and Services. 2. From the Security and Services menu, type 6 to select Quality of Service.
Chapter 15: Quality of Service The Create Policy menu is shown in Figure 102. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 Create Policy 1 2 3 4 5 6 7 8 9 A B D - Policy ID ................ Description .............. Remark DSCP .............. DSCP value ............... ToS ...................... Move ToS to Priority ..... Move Priority to ToS ..... Send to Mirror Port ...... Traffic Class List ....... Redirect Port ............ Ingress Port List ........
AT-S63 Management Software Menus User’s Guide 5 - ToS Specifies a replacement value to write into the Type of Service (ToS) field of IPv4 packets. The range is 0 to 7. A ToS value specified at the policy level is used only if no value has been specified at the flow group and traffic class levels. 6 - Move ToS to Priority If set to yes, replaces the value in the 802.1p priority field with the value in the ToS priority field on IPv4 packets.
Chapter 15: Quality of Service 8. To permanently save your change, return to the Main Menu and type S to select Save Configuration Changes. Modifying a Policy To modify a policy, perform the following procedure: 1. From the Main Menu, type 7 to select Security and Services. 2. From the Security and Services menu, type 6 to select Quality of Service. The Quality of Service (QoS) menu is shown in Figure 88 on page 248. 3. From the Quality of Service (QoS) menu, type 3 to select Policy Configuration.
AT-S63 Management Software Menus User’s Guide When you modify a policy, note the following: You cannot change the traffic class ID number. To delete a value from a variable so as to leave it blank, select the variable and then use the backspace key to delete its default value. Specifying an invalid value for a parameter that already has a value causes the parameter to revert to its default value. 7. Type M to select Modify Policy.
Chapter 15: Quality of Service Displaying Policies To display policies, perform the following procedure: 1. From the Main Menu, type 7 to select Security and Services. 2. From the Security and Services menu, type 6 to select Quality of Service. The Quality of Service (QoS) menu is shown in Figure 88 on page 248. 3. From the Quality of Service (QoS) menu, type 3 to select Policy Configuration. The Policy Configuration menu is shown in Figure 101 on page 267. 4.
AT-S63 Management Software Menus User’s Guide 5. To display the specifics of a policy, type D to select Display Policy Detail. The following prompt is displayed: Available Policy(ies): 0-4 Enter Policy ID : [0 to 255] -> 0 6. Enter the ID number of the policy you want to view. You can display only one policy at a time. The Display Policy Details menu is shown in Figure 105.
Chapter 15: Quality of Service ToS Specifies a replacement value to write into the Type of Service (ToS) field of IPv4 packets. The range is 1 to 7. A ToS value specified at the policy level is used only if no value has been specified at the flow group and traffic class levels. Move ToS to Priority If set to yes, replaces the value in the 802.1p priority field with the value in the ToS priority field on IPv4 packets. If set to No, which is the default, the packets retain their preexisting 802.
Chapter 16 Denial of Service Defenses This chapter contains the procedure for configuring the switch’s defense mechanisms against denial of service (DoS) attacks: Section II: Advanced Operations “Configuring Denial of Service Defense” on page 276 275
Chapter 16: Denial of Service Defenses Configuring Denial of Service Defense To configure DoS defense, perform the following procedure: 1. From the Main Menu, type 7 to select Security and Services. 2. From the Security Configuration menu, type 3 to select Denial of Service (DoS). The Denial of Service (DoS) menu is shown in Figure 106.
AT-S63 Management Software Menus User’s Guide b. Type 1 to select IP Address. The following prompt is displayed: Enter the IP Address for the LAN: Enter the IP address of one of the devices connected to the switch, preferably the lowest IP address. c. Type 2 to select Subnet Mask. The following prompt is displayed: Enter the Subnet Mask for the LAN: Enter the subnet mask for your network. For example, the subnet mask for a network with the IP address range 149.11.11.1 to 149.11.11.50 is 255.255.255.192.
Chapter 16: Denial of Service Defenses A menu is displayed containing either one or two options, depending on the DoS defense you selected. An example of the menu is shown in Figure 108. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 SYN Flood Configuration Configuring DoS for Port 2 1 - Attack Detection ................. Disabled R - Return to Previous Menu Enter your selection? Figure 108. SYN Flood Configuration Menu 6. Adjust the following parameters as necessary.
Chapter 17 Power Over Ethernet This chapter contains the procedures for configuring Power over Ethernet (PoE) on the AT-924T/POE Switch. Sections in the chapter include: “Setting the PoE Threshold” on page 280 “Configuring PoE Port Settings” on page 282 “Displaying PoE Status and Settings” on page 284 Note This chapter applies only to the AT-924T/POE Switch.
Chapter 17: Power Over Ethernet Setting the PoE Threshold This procedure lets you specify a power threshold for the powered devices that are connected to the switch. If the total power requirements of the devices exceed the threshold, the switch enters an event in the event log and sends an SNMP trap to your management workstation. The threshold is entered as a percentage of the total amount of power on the switch for the powered devices.
AT-S62 Management Software Menus User’s Guide Options 2, Maximum Available Power, displays the maximum amount of PoE supplied by the switch. For the AT-924T/POE switch, this value is 380W. This value cannot be changed. 4. From the PoE Global Configuration menu, type 1 to select Power Threshold. The following prompt is displayed: Enter percentage of power limit threshold : [1 to 100] > 95 Enter the new threshold as a percentage of the total available PoE power on the switch.
Chapter 17: Power Over Ethernet Configuring PoE Port Settings This procedure enables and disables PoE on a port. This procedure also sets a port’s priority level and its maximum power usage. To configure PoE port settings, do the following: 1. From the Main Menu, type 6 to select Advanced Configuration. 2. From the Advanced Configuration menu, type 4 to select Power Over Ethernet (PoE) Configuration menu. The Power Over Ethernet Configuration menu is shown in Figure 109 on page 280. 3.
AT-S62 Management Software Menus User’s Guide 6. To change the port’s priority, type 2 to select Power Priority and, when prompted, type C for Critical, H for High, or L for Low. A port can belong to only one priority level at a time. The default is Low. 7. To change the maximum amount of power the port can supply to the device, type 3 to select Power Limit and enter a new value in milliwatts. The default value is 15,400 mW. A change to a parameter value is immediately activated on the switch. 8.
Chapter 17: Power Over Ethernet Displaying PoE Status and Settings Use this procedure to display PoE status and settings at the switch or port level. To display PoE information, do the following: 1. From the Main Menu, type 6 to select Advanced Configuration. 2. From the Advanced Configuration menu, type 4 to select Power Over Ethernet (PoE) Configuration menu. The Power Over Ethernet Configuration menu is shown in Figure 109 on page 280. 3.
AT-S62 Management Software Menus User’s Guide 1 - PoE Global Status Menu This selection displays the following window: Allied Telesis Ethernet Switch AT-924T/POE - AT-S63 Production Switch User: Manager 11:20:02 02-Jan-2009 PoE Global Status Max Available Power ...... Consumed Power ........... Available Power .......... Power Usage .............. Min Shutdown Voltage ..... Max Shutdown Voltage ..... 380 W 25 W 375W 6.25 percent 44.0 V 57.
Chapter 17: Power Over Ethernet 2 - Summary All Ports Status Menu This selection display an abbreviated status report of PoE on the individual switch ports. For more detailed information, refer to selection 3.
AT-S62 Management Software Menus User’s Guide 3 - Detailed Ports Status Menu When you select this option, you are prompted to enter the port(s) you want to view. You can specify more than one port at a time. Once you have specified the port, the selection displays the following window: Allied Telesis AT-924T/POE - AT-S63 Production Switch User: Manager 11:20:02 02-Jan-2009 PoE Detailed Port Status Port: 4 PoE Function ........... Power Status ........... Power Consumed ......... Power Limit ............
Chapter 17: Power Over Ethernet Power Priority The port priority. This can be Critical, High, or Low. To adjust this value, refer to “Configuring PoE Port Settings” on page 282. Power Class The IEEE 802.3af class of the device. This parameter cannot be changed. Voltage The voltage being delivered to the powered device Current The current drawn by the powered device. 4 - PoE Device Information This selection displays the hardware and firmware version numbers of the PoE chipset used in the switch.
Section III Snooping Protocols The chapters in this section contain overview information on IGMP snooping, MLD snooping, and RRP snooping. The chapters also explain how to configure these features from the menus interface of the AT-S63 Management Software.
Section III: Snooping Protocols
Chapter 18 IGMP Snooping This chapter explains how to activate and configure the Internet Group Management Protocol (IGMP) snooping feature on the switch.
Chapter 18: IGMP Snooping Configuring IGMP Snooping To configure IGMP snooping on the switch, perform the following procedure: 1. From the Main Menu, type 6 to select Advanced Configuration. The Advanced Configuration menu is shown in Figure 117.
AT-S63 Management Software Menus User’s Guide The IGMP Snooping Configuration menu is shown in Figure 118. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 IGMP Snooping Configuration 1 2 3 4 5 6 7 - IGMP Snooping Status ........... Host Topology .................. Host/Router Timeout Interval ... Maximum IGMP Multicast Groups .. Router Port(s) .................
Chapter 18: IGMP Snooping If a switch has a mixture of host nodes, that is, some connected directly to the switch and others through an Ethernet hub, you should select the Multi-Host Port (Intermediate) selection. 3 - Host/Router Timeout Interval Specifies the time period in seconds at which the switch determines that a host node is inactive. An inactive host node is a node that has not sent an IGMP report during the specified time interval. The range is from 0 second to 86,400 seconds (24 hours).
AT-S63 Management Software Menus User’s Guide Note Selection 6, View IGMP Multicast Hosts List, is described in “Displaying a List of Host Nodes” on page 297. Selection 7, View IGMP Multicast Routers List, is described in “Displaying a List of Multicast Routers” on page 299. 4. To permanently save your change, return to the Main Menu and type S to select Save Configuration Changes.
Chapter 18: IGMP Snooping Enabling or Disabling IGMP Snooping To activate or deactivate IGMP snooping on the switch, perform the following procedure: 1. From the Main Menu, type 6 to select Advanced Configuration. The Advanced Configuration menu is shown in Figure 117 on page 292. 2. From the Advanced Configuration menu, type 2 to select IGMP Snooping Configuration. The IGMP Snooping Configuration menu is shown in Figure 118 on page 293. 3.
AT-S63 Management Software Menus User’s Guide Displaying a List of Host Nodes You can use the AT-S63 Management Software to display a list of the multicast groups on a switch, as well as the host nodes. To display the list, perform the following procedure: 1. From the Main Menu, type 6 to select Advanced Configuration. The Advanced Configuration menu is shown in Figure 117 on page 292 2. From the Advanced Configuration menu, type 2 to select IGMP Snooping Configuration.
Chapter 18: IGMP Snooping VLAN The VID of the VLAN where the port is an untagged member. Port/Trunk The port on the switch where the host node is connected. If the host node is connected to the switch through a trunk, the trunk ID number, not the port number, is displayed. HostIP The IP address of the host node connected to the port. IGMP Ver. The version of IGMP used by the host. Exp. Time The number of seconds remaining before the host is timed out if no further IGMP reports are received from it.
AT-S63 Management Software Menus User’s Guide Displaying a List of Multicast Routers A multicast router is a router that is receiving multicast packets from a multicast application and transmitting the packets to host nodes. You can use the AT-S63 Management Software to display a list of the multicast routers that are connected to the switch. To display a list of the multicast routers, perform the following procedure: 1. From the Main Menu, type 6 to select Advanced Configuration.
Chapter 18: IGMP Snooping switch learned the router on a port trunk, the trunk ID number, not the port number, is displayed. Router IP The IP address of the multicast router. ExpTime The number of seconds remaining before the multicast router is timed out if no further IGMP queries are received from it.
Chapter 19 MLD Snooping This chapter explains how to activate and configure Multicast Listener Discovery (MLD) snooping on the switch.
Chapter 19: MLD Snooping Configuring MLD Snooping To configure MLD snooping on the switch, perform the following procedure: 1. From the Main Menu, type 6 to select Advanced Configuration. The Advanced Configuration menu is shown in Figure 117 on page 292. 2. From the Advanced Configuration menu, type 3 to select MLD Snooping Configuration. The MLD Snooping Configuration menu is shown in Figure 121.
AT-S63 Management Software Menus User’s Guide additional multicast packets out the port where the host node is connected. Multiple Host/Ports (Intermediate) The Multi-Host setting is appropriate if there is more than one host node connected to a switch port, such as when a port is connected to an Ethernet hub to which multiple host nodes are connected. With this setting selected the switch continues sending multicast packets out a port even after it receives a leave request from a host node on the port.
Chapter 19: MLD Snooping Note A change to any parameter in this menu is immediately activated on the switch. Note Selection 6, View MLD Multicast Hosts List, is described in “Displaying a List of Host Nodes” on page 306. Selection 7, View MLD Multicast Routers List, is described in “Displaying a List of Multicast Routers” on page 308. 4. After making changes, type R until you return to the Main Menu. Then type S to select Save Configuration Changes. Your changes are activated immediately on the switch.
AT-S63 Management Software Menus User’s Guide Enabling or Disabling MLD Snooping To activate or deactivate MLD snooping on the switch, perform the following procedure: 1. From the Main Menu, type 6 to select Advanced Configuration. The Advanced Configuration menu is shown in Figure 117 on page 292. 2. From the Advanced Configuration menu, type 3 to select MLD Snooping Configuration. The MLD Snooping Configuration menu is shown in Figure 121 on page 302. 3.
Chapter 19: MLD Snooping Displaying a List of Host Nodes You can use the AT-S63 Management Software to display a list of the multicast groups on a switch, as well as the host nodes. To display the list, perform the following procedure: 1. From the Main Menu, type 6 to select Advanced Configuration. The Advanced Configuration menu is shown in Figure 117 on page 292 2. From the Advanced Configuration menu, type 3 to select MLD Snooping Configuration.
AT-S63 Management Software Menus User’s Guide node is connected to the switch through a trunk, the trunk ID number, not the port number, is displayed. HostIP The IP address of the host node connected to the port. Exp. Time The number of seconds remaining before the host is timed out if no further MLD reports are received from it.
Chapter 19: MLD Snooping Displaying a List of Multicast Routers A multicast router is a router that is receiving multicast packets from a multicast application and transmitting the packets to host nodes. You can use the AT-S63 Management Software to display a list of the multicast routers that are connected to the switch. To display a list of the multicast routers, perform the following procedure: 1. From the Main Menu, type 6 to select Advanced Configuration.
AT-S63 Management Software Menus User’s Guide Port/Trunk ID The port on the switch where the multicast router is connected. If the switch learned the router on a port trunk, the trunk ID number, not the port number, is displayed. Router IP The IP address of the multicast router. Exp Time The number of seconds remaining before the multicast router is timed out if no further queries are received from it.
Chapter 19: MLD Snooping 310 Section III: Snooping Protocols
Chapter 20 RRP Snooping The section in this chapter explains how to configure RRP snooping: Section III: Snooping Protocols “Enabling or Disabling RRP Snooping” on page 312 311
Chapter 20: RRP Snooping Enabling or Disabling RRP Snooping To enable or disable RRP snooping on a switch, perform the following procedure: 1. From the Main Menu, type 6 to select Advanced Configuration. 2. From the Advanced Configuration menu, type 1 to select RRP Snooping Configuration. The RRP Snooping Configuration menu is shown in Figure 124. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 RRP Snooping Configuration 1 - RRP Snooping Status ............
Section IV SNMPv3 The chapter in this section contains overview information on SNMPv3. The chapter also explains how to configure this feature from the menus interface of the AT-S63 Management Software.
Section IV: SNMPv3
Chapter 21 SNMPv3 This chapter provides a description of the AT-S63 implementation of the SNMPv3 protocol. In addition, the chapter contains procedures that allow you to create and modify SNMPv3 entities.
Chapter 21: SNMPv3 Configuring SNMPv3 Entities This section describes how to configure SNMPv3 entities using the SNMPv3 Tables. To successfully configure this protocol, you must perform the procedures in the order given.
AT-S63 Management Software Menus User’s Guide Configuring the SNMPv3 User Table This section contains a description of the SNMPv3 User Table and how to create, delete, and modify table entries. Configure the SNMPv3 User Table first. Creating this table, allows you to create an entry in an SNMPv3 User Table for a User Name.
Chapter 21: SNMPv3 The Configure SNMPv3 Table menu is shown in Figure 125. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 Configure SNMPv3 Table 1 2 3 4 5 6 7 8 9 - SNMP Engine...............
AT-S63 Management Software Menus User’s Guide 5. To create a new user table, type 1 to select Create SNMPv3 Table Entry. The following prompt is displayed: Enter User (Security) Name: 6. Enter a descriptive name of the user. You can enter a name that consists of up to 32 alphanumeric characters. The following prompt is displayed: Enter Authentication Protocol [M-MD5, S-SHA, N-None]: 7. Enter one of the following: M-MD5 This value represents the MD5 authentication protocol.
Chapter 21: SNMPv3 You are prompted to re-enter the password. The following prompt is displayed: Enter Privacy Protocol [D-DES, N-None]: Note You can only configure the Privacy Protocol if you have configured the Authentication Protocol with the MD5 or SHA values. 9. Select one of the following options: D -DES Select this value to make the DES privacy (or encryption) protocol the privacy protocol for this User Table entry.
AT-S63 Management Software Menus User’s Guide allowing you to save your changes. Allied Telesis recommends this storage type. Note The Row Status parameter is a read-only field. The Active value indicates the SNMPv3 User Table entry takes effect immediately. 12. After making changes, type R until you return to the Main Menu. Then type S to select Save Configuration Changes. Deleting an SNMPv3 User Table Entry You may want to delete an entry from the SNMPv3 User Table.
Chapter 21: SNMPv3 Modifying an SNMPv3 User Table Entry This section describes how to modify parameters in an SNMPv3 Notify Table entry. See the following procedures: “Modifying the Authentication Protocol and Password” on page 322 “Modifying the Privacy Protocol and Password” on page 324 “Modifying the Storage Type” on page 325 Modifying the Authentication Protocol and Password To modify the Authentication Protocol and Password in an SNMPv3 User Table entry, perform the following procedure.
AT-S63 Management Software Menus User’s Guide 4. To change the authentication protocol and password, type 1 to select Set Authentication Protocol & Password. The following prompt is displayed: Enter User Name: 5. Enter the User Name of the User Table you want to modify. The following prompt is displayed: Enter Authentication Protocol [M-MD5, S-SHA, N-None]: 6. Enter one of the following: M-MD5 This value represents the MD5 authentication protocol.
Chapter 21: SNMPv3 The following prompt is displayed: Please enter privacy password to regenerate privacy key. 9. Enter the Privacy Password for this User Name. The following prompt is displayed: Re-enter Privacy password: 10. Re-enter the password. 11. After making changes, type R until you return to the Main Menu. Then type S to select Save Configuration Changes.
AT-S63 Management Software Menus User’s Guide 6. Choose one of the following Privacy Protocols: D -DES Select this value to make the DES privacy (or encryption) protocol the privacy protocol for this User Table entry. With this selection, messages transmitted between the host and the switch are encrypted with the DES protocol. N -None Select this value if you do not want a privacy protocol for this User Table entry.
Chapter 21: SNMPv3 The following prompt is displayed: Enter User (Security) Name: 5. Enter the User Name. The following prompt is displayed: Enter Storage Type [V-Volatile, N-NonVolatile]: 6. Select one of the following storage types for this table entry: V - Volatile Select this storage type if you do not want the ability to save an entry in the SNMPv3 User Table to nonvolatile memory.
AT-S63 Management Software Menus User’s Guide Configuring the SNMPv3 View Table This section contains a description of the SNMPv3 View Table and how to create, delete, and modify table entries. Creating this table, allows you to specify a view using the following parameters: Subtree OID Subtree Mask MIB OID Table View To configure the SNMPv3 View Table, you need to be very familiar with the OID table.
Chapter 21: SNMPv3 The Configure SNMPv3 View Table menu is shown in Figure 128. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 Configure SNMPv3 View Table View Name ................. Subtree OID ............... Subtree Mask .............. View Type ................. Storage Type .............. Row Status ................ internet 1.3.6.
AT-S63 Management Software Menus User’s Guide tcp The following prompt is displayed: Enter Subtree Mask (Hex format): 6. Enter a subtree mask in hexadecimal format. This is an optional parameter that is used to further refine the value in the View Subtree parameter. This parameter is in binary format. The relationship between a subtree mask and a subtree is similar to the relationship between an IP address and a subnet mask. The subnet mask further refines the IP address.
Chapter 21: SNMPv3 N-NonVolatile Select this storage type if you want the ability to save an entry in the SNMPv3 View Table to the configuration file. After making changes to an SNMPv3 View Table entry with a NonVolatile storage type, the S Save Configuration Changes option appears on the Main Menu, allowing you to save your changes. Allied Telesis recommends this storage type. Note The Row Status parameter is a read-only field.
AT-S63 Management Software Menus User’s Guide 6. Enter Y to delete the view or N to save the view. 7. After making changes, type R until you return to the Main Menu. Then type S to select Save Configuration Changes. Modifying an SNMPv3 View Table Entry This section describes how to modify parameters in an SNMPv3 Notify Table entry.
Chapter 21: SNMPv3 The Modify SNMPv3 View Table menu is shown in Figure 129. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 Modify SNMPv3 View Table View Name ................. Subtree OID ............... Subtree Mask .............. View Type ................. Storage Type .............. Row Status ................ tcp 1.3.6.1.2.1.
AT-S63 Management Software Menus User’s Guide This is an optional parameter that is used to further refine the value in the View Subtree parameter. This parameter is in binary format. A subtree mask and a subtree have a similar relationship as an IP address and a subnet mask. The subnet mask further refines the IP address. In the same way, the OID table entry defines a MIB View and the subtree mask further restricts a user’s view to a specific the column and row of the MIB View.
Chapter 21: SNMPv3 The following prompt is displayed: Enter View Subtree (OID format/Text Name): 6. Enter the View Subtree value for this View Name. You can enter either a numeric value in hex format or the equivalent text name. For example, the OID hex format for TCP/IP is: 1.3.6.1.2.1.6 The text format is for TCP/IP is: tcp The following prompt is displayed: Enter View Type [I-Included, E-Excluded]: 7.
AT-S63 Management Software Menus User’s Guide The Modify SNMPv3 Table menu is shown in Figure 129 on page 332. 4. To modify the storage type, type 3 to select Set Storage Type. The following prompt is displayed: Enter View Name: 5. Enter the View Name you want to modify. The following prompt is displayed: Enter View Subtree (OID format/Text Name): 6. Enter the View Subtree for this View Name. The following prompt is displayed: Enter Storage Type [V-Volatile, N-Nonvolatile]: 7.
Chapter 21: SNMPv3 Configuring the SNMPv3 Access Table This section contains a description of the SNMPv3 Access Table and how to create, delete, and modify table entries. The SNMPv3 Access Table allows you to configure a security group. Each user must belong to a security group. After you have configured a security group, use the SecurityToGroup Table to assign users to security groups. See “Creating an SNMPv3 SecurityToGroup Table Entry” on page 352.
AT-S63 Management Software Menus User’s Guide The Configure SNMPv3 Access Table menu is shown in Figure 130. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 Configure SNMPv3 Access Table Group Name .... Context Prefix. Read View...... Write View .... Notify View ... softwareengineering internet tcp tcp Security Model . Security Level . Context Match .. Storage Type ... Row Status .....
Chapter 21: SNMPv3 Note The Context Prefix and the Context Match fields are a read only fields. The Context Prefix field is always set to null. The Context Match field is always set to exact. The following prompt is displayed: Enter Security Model [1-v1, 2-v2c, 3-v3]: 5. Select one of the following SNMP protocols as the Security Model for this Group Name. 1-v1 Select this value to associate the Group Name with the SNMPv1 protocol.
AT-S63 Management Software Menus User’s Guide P-AuthPriv This option represents authentication and the privacy protocol. Select this security level to encrypt messages using a privacy protocol and authenticate SNMP entities. This level provides the greatest level of security. You can select this value if you configured the Security Model parameter with the SNMPv3 protocol. The following prompt is displayed: Enter Read View Name: 7.
Chapter 21: SNMPv3 N-NonVolatile Select this storage type if you want the ability to save an entry in the SNMPv3 Access Table to the configuration file. After making changes to an SNMPv3 Access Table entry with a NonVolatile storage type, the S - Save Configuration Changes option appears on the Main Menu, allowing you to save your changes. Allied Telesis recommends this storage type. Note The Row Status parameter is a read-only field.
AT-S63 Management Software Menus User’s Guide The following prompt is displayed: Enter Security Model [1-v1, 2-v2c, 3-v3]: 5. Enter the Security Model of this Group Name. Select one of the following security levels: 1-v1 Select this value to associate the Group Name with the SNMPv1 protocol. 2-v2c Select this value to associate the Group Name with the SNMPv2c protocol. 3-v3 Select this value to associate the Group Name with the SNMPv3 protocol.
Chapter 21: SNMPv3 Do you want to delete this table entry?(Y/N):[Yes/No]-> 7. Enter Y to delete the view or N to save the view. The following prompt is displayed: 8. After making changes, type R until you return to the Main Menu. Then type S to select Save Configuration Changes. Modifying an SNMPv3 Access Table Entry This section describes how to modify parameters in an SNMPv3 Access Table entry.
AT-S63 Management Software Menus User’s Guide 3. From the Configure SNMPv3 Access Table, type 3 to select Modify SNMPv3 Table Entry. The Modify SNMPv3 Access Table is shown in Figure 131. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 Modify SNMPv3 Access Table Group Name .... Context Prefix. Read View...... Write View .... Notify View ... 1 2 3 4 - Set Set Set Set sales systemmanagers salespeople salespeople Security Model . Security Level . Context Match ..
Chapter 21: SNMPv3 3-v3 Select this value to associate the Group Name with the SNMPv3 protocol. The following prompt is displayed: Enter Security Level [N-NoAuthNoPriv, A-AuthNoPriv, P-AuthPriv]: 7. Select one of the following security levels: N-NoAuthNoPriv This option represents no authentication and no privacy protocol. Select this security level if you do not want to authenticate SNMP entities and you do not want to encrypt messages using a privacy protocol.
AT-S63 Management Software Menus User’s Guide Modifying the Write View Name To modify the Write View Name parameter in an SNMPv3 Access Table entry, perform the following procedure. 1. Display the Configure SNMPv3 Table menu by performing steps 1 through 3 in “Configuring the SNMPv3 User Table” on page 317. Or, from the Main Menu type 5->5->5. The Configure SNMPv3 Table menu is shown in Figure 125 on page 318. 2. From the Configure SNMPv3 Table menu, type 4 to select Configure SNMPv3 Access Table.
Chapter 21: SNMPv3 The following prompt is displayed: Enter Security Level [N-NoAuthNoPriv, A-AuthNoPriv, P-AuthPriv]: 7. Enter the Security Level configured for this Group Name. You cannot change the value of the Security Level parameter. Select one of the following security levels: N-NoAuthNoPriv This option represents no authentication and no privacy protocol. Select this security level if you do not want to authenticate SNMP entities and you do not want to encrypt messages using a privacy protocol.
AT-S63 Management Software Menus User’s Guide Modifying the Notify View Name To modify the Notify View Name parameter in an SNMPv3 Access Table entry, perform the following procedure. 1. Display the Configure SNMPv3 Table menu by performing steps 1 through 3 in “Configuring the SNMPv3 User Table” on page 317. Or, from the Main Menu type 5->5->5. The Configure SNMPv3 Table menu is shown in Figure 125 on page 318. 2. From the Configure SNMPv3 Table menu, type 4 to select Configure SNMPv3 Access Table.
Chapter 21: SNMPv3 The following prompt is displayed: Enter Security Level [N-NoAuthNoPriv, A-AuthNoPriv, P-AuthPriv]: 7. Enter the Security Level configured for this Group Name. You cannot change the value of the Security Level parameter. Select one of the following security levels: N-NoAuthNoPriv This option represents no authentication and no privacy protocol. Select this security level if you do not want to authenticate SNMP entities and you do not want to encrypt messages using a privacy protocol.
AT-S63 Management Software Menus User’s Guide Modifying the Storage Type To modify the Storage Type parameter in an SNMPv3 Access Table entry, perform the following procedure. 1. Display the Configure SNMPv3 Table menu by performing steps 1 through 3 in “Configuring the SNMPv3 User Table” on page 317. Or, from the Main Menu type 5->5->5. The Configure SNMPv3 Table menu is shown in Figure 125 on page 318. 2. From the Configure SNMPv3 Table menu, type 4 to select Configure SNMPv3 Access Table.
Chapter 21: SNMPv3 The following prompt is displayed: Enter Security Level [N-NoAuthNoPriv, A-AuthNoPriv, P-AuthPriv]: 7. Enter the Security Level configured for this Group Name. You cannot change the value of the Security Level parameter. Select one of the following security levels: N-NoAuthNoPriv This option represents no authentication and no privacy protocol. Select this security level if you do not want to authenticate SNMP entities and you do not want to encrypt messages using a privacy protocol.
AT-S63 Management Software Menus User’s Guide allowing you to save your changes. Allied Telesis recommends this storage type. 9. After making changes, type R until you return to the Main Menu. Then type S to select Save Configuration Changes.
Chapter 21: SNMPv3 Configuring the SNMPv3 SecurityToGroup Table This section contains a description of the SNMPv3 SecurityToGroup Table and how to create, delete, and modify table entries. The SNMPv3 SecurityToGroup Table allows you to associate a User Name with a Group Name. The User Name is configured in the Configure SNMPv3 User Table menu while the Group Name is configured in the Configure SNMPv3 Access Table menu.
AT-S63 Management Software Menus User’s Guide The Configure SNMPv3 SecurityToGroup Table menu is shown in Figure 132. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 Configure SNMPv3 SecurityToGroup Table Security Model................. Security Name ................. Group Name .................... Storage Type .................. Row Status ....................
Chapter 21: SNMPv3 3-v3 Select this value to associate the Group Name with the SNMPv3 protocol. The following prompt is displayed: Enter Group Name: 6. Enter a Group Name that you configured in the SNMPv3 Access Table. See “Creating an SNMPv3 Access Table Entry” on page 336. There are four default values for this field: defaultV1GroupReadOnly defaultV1GroupReadWrite defaultV2cGroupReadOnly defaultV2cGroupReadWrite These values are reserved for SNMPv1 and SNMPv2c implementations.
AT-S63 Management Software Menus User’s Guide Deleting an SNMPv3 SecurityToGroup Table Entry You may want to delete an entry from the SNMPv3 SecurityToGroup Table. When you delete an SNMPv3 SecurityToGroup Table entry, there is no way to undelete, or recover, the entry. To delete an entry in the SNMPv3 SecurityToGroup Table, perform the following procedure: 1. Display the Configure SNMPv3 Table menu by performing steps 1 through 3 in “Configuring the SNMPv3 User Table” on page 317.
Chapter 21: SNMPv3 3-v3 Select this value to associate the Group Name with the SNMPv3 protocol. The following prompt is displayed: Do you want to delete this table entry? (Y/N):[Yes/No]-> 6. Enter Y to delete this SecurityToGroup entry or N to save the entry. 7. After making changes, type R until you return to the Main Menu. Then type S to select Save Configuration Changes.
AT-S63 Management Software Menus User’s Guide The Modify SecurityToGroup Table is displayed as shown Figure 132. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Oct-2004 Modify SNMPv3 SecurityToGroup Table Security Model................. Security Name ................. Group Name .................... Storage Type .................. Row Status ....................
Chapter 21: SNMPv3 3-v3 Select this value to associate the User Name with the SNMPv3 protocol. The following prompt is displayed: Enter Group Name: 7. Enter the new Group Name. This value must match a value configured in the Group Name parameter in the Configure SNMPv3 Access Table. See “Creating an SNMPv3 Access Table Entry” on page 336. 8. After making changes, type R until you return to the Main Menu. Then type S to select Save Configuration Changes.
AT-S63 Management Software Menus User’s Guide 6. Enter the Security Model configured for this User Name. You cannot change the value of the Security Model parameter. Select one of the following SNMP protocols: 1-v1 Select this value if this User Name is configured with the SNMPv1 protocol. 2-v2c Select this value if this User Name is configured with the SNMPv2c protocol. 3-v3 Select this value if this User Name is configured with the SNMPv3 protocol.
Chapter 21: SNMPv3 Configuring the SNMPv3 Notify Table This section contains a description of the SNMPv3 Notify Table menu and how to create, delete, and modify table entries. The Configure SNMPv3 Notify Table menu allows you to define a name for sending traps. For each Notify Name, you define if a trap or inform message ia sent. The two message types, trap and inform, have different packet formats.
AT-S63 Management Software Menus User’s Guide The Configure SNMPv3 Notify Table menu is shown in Figure 134. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 Configure SNMPv3 Notify Table Notify Name ...................... Notify Tag ....................... Notify Type ...................... Storage Type ..................... Row Status .......................
Chapter 21: SNMPv3 I-Inform Indicates this notify table is used to send inform messages. With this message type, the switch expects a response from the host. The following prompt is displayed: Enter Storage Type [V-Volatile, N-NonVolatile]: 7. Select one of the following storage types for this table entry: V - Volatile Select this storage type if you do not want the ability to save an entry in the SNMPv3 Notify Table to the configuration file.
AT-S63 Management Software Menus User’s Guide The Configure SNMPv3 Notify Table menu is shown in Figure 134 on page 361. Note To display a Group Name and its associated parameters from the Configure SNMPv3 SecurityToGroup Table menu, type N to display the Next Page and P to display the previous page. 3. To delete an SNMPv3 Notify Table entry, type 2 to select Delete SNMPv3 Table Entry. The following prompt is displayed: Enter Notify Name: 4. Enter a Notify Name.
Chapter 21: SNMPv3 3. From the Configure SNMPv3 Notify Table menu, type 3 to select Modify SNMPv3 Table Entry. The Modify SNMPv3 Notify Table menu is shown in Figure 135. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 Modify SNMPv3 Notify Table Notify Name ................... Notify Tag..................... Notify Type.................... Storage Type .................. Row Status ....................
AT-S63 Management Software Menus User’s Guide Modifying a Notify Type To modify the Notify Type parameter in an SNMPv3 Notify Table entry, perform the following procedure. 1. Display the Configure SNMPv3 Table menu by performing steps 1 through 3 in “Configuring the SNMPv3 User Table” on page 317. Or, from the Main Menu type 5->5->5. The Configure SNMPv3 Table menu is shown in Figure 125 on page 318. 2. From the Configure SNMPv3 Table menu, type 6 to select Configure SNMPv3 Notify Table.
Chapter 21: SNMPv3 Modifying a Storage Type To modify the Storage Type parameter in an SNMPv3 Notify Table entry, perform the following procedure. 1. Display the Configure SNMPv3 Table menu by performing steps 1 through 3 in “Configuring the SNMPv3 User Table” on page 317. Or, from the Main Menu type 5->5->5. The Configure SNMPv3 Table menu is shown in Figure 125 on page 318. 2. From the Configure SNMPv3 Table menu, type 6 to select Configure SNMPv3 Notify Table.
AT-S63 Management Software Menus User’s Guide 7. After making changes, type R until you return to the Main Menu. Then type S to select Save Configuration Changes.
Chapter 21: SNMPv3 Configuring the SNMPv3 Target Address Table This section contains a description of the SNMPv3 Target Address Table menu and how to create, delete, and modify table entries. You use the SNMPv3 Target Address Table menu to assign the IP address of a host that is used for generating notifications. The Configure SNMPv3 Target Address Table menu is linked internally to the Configure SNMPv3 Notify Table through the Tag List parameter.
AT-S63 Management Software Menus User’s Guide The Configure SNMPv3 Target Address Table menu is shown in Figure 136. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 Configure SNMPv3 Target Address Table Target Addr Name ... Target Parameters .. IP Address ......... Storage Type ....... Tag List ........... host451 Timeout ..... 1500 SNMPmanagerPC Retries ..... 3 198.35.11.1 UDP Port# ... 162 NonVolatile Row Status ..
Chapter 21: SNMPv3 The following prompt is displayed: Enter Timeout (10mS): [0 to 2147483647]-> 1500 7. Enter a timeout value in milliseconds. When an Inform message is generated, a response from the switch is required. The timeout value determines how long the switch considers the Inform message an active message. This parameter applies to Inform messages only. The range is from 0 to 2,147,483,647 milliseconds. The default value is 1500 milliseconds.
AT-S63 Management Software Menus User’s Guide V - Volatile Select this storage type if you do not want the ability to save an entry in the SNMPv3 Target Address Table to the configuration file. After making changes to an SNMPv3 Target Address Table entry with a Volatile storage type, the S - Save Configuration Changes option does not appear on the Main Menu. N-NonVolatile Select this storage type if you want the ability to save an entry in the SNMPv3 Target Address Table to the configuration file.
Chapter 21: SNMPv3 3. To delete an SNMPv3 Target Address Table entry, type 2 to select Delete SNMPv3 Table Entry. The following prompt is displayed: Enter Target Address Name: 4. Enter a Target Address Name. The following prompt is displayed: Do you want to delete this table entry?(Y/N):[Yes/No]-> 5. Enter Y to delete the SNMPv3 Target Address Table entry or N to save the entry. 6. After making changes, type R until you return to the Main Menu. Then type S to select Save Configuration Changes.
AT-S63 Management Software Menus User’s Guide The Configure SNMPv3 Target Address Table menu is shown in Figure 136 on page 369. 3. From the Configure SNMPv3 Target Address Table menu, type 3 to select Modify SNMPv3 Table Entry. The Modify SNMPv3 Target Address Table menu is shown in Figure 137. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 Modify SNMPv3 Target Address Table Target Addr Name ... Target Parameters .. IP Address ......... Storage Type ....... Tag List ...
Chapter 21: SNMPv3 Use the following format for an IP address: XXX.XXX.XXX.XXX 7. After making changes, type R until you return to the Main Menu. Then type S to select Save Configuration Changes. Modifying the Target Address UDP Port To modify the Target Address UDP Port parameter in an SNMPv3 Target Address Table entry, perform the following procedure: 1. Display the Configure SNMPv3 Table menu by performing steps 1 through 3 in “Configuring the SNMPv3 User Table” on page 317.
AT-S63 Management Software Menus User’s Guide 7. After making changes, type R until you return to the Main Menu. Then type S to select Save Configuration Changes. Modifying the Target Address Timeout The Target Address Timeout parameter only applies when the message type is an Inform message. To modify the Target Address Timeout parameter in an SNMPv3 Target Address Table entry, perform the following procedure. 1.
Chapter 21: SNMPv3 Inform messages only. The range is from 0 to 2,147,483,647 milliseconds. The default value is 1500 milliseconds. 7. After making changes, type R until you return to the Main Menu. Then type S to select Save Configuration Changes. Modifying the Target Address Retries The Target Address Retries parameter only applies when the message type is an Inform message. To modify the Target Address Retries parameter in an SNMPv3 Target Address Table entry, perform the following procedure. 1.
AT-S63 Management Software Menus User’s Guide The range is 0 to 255 retries. The default is 3 retries. 7. After making changes, type R until you return to the Main Menu. Then type S to select Save Configuration Changes. Modifying the Target Address Tag List To modify the Target Address Tag List parameter in an SNMPv3 Target Address Table entry, perform the following procedure. 1. Display the Configure SNMPv3 Table menu by performing steps 1 through 3 in “Configuring the SNMPv3 User Table” on page 317.
Chapter 21: SNMPv3 6. After making changes, type R until you return to the Main Menu. Then type S to select Save Configuration Changes. Modifying the Target Parameters Field To modify the Target Parameters field in an SNMPv3 Target Address Table entry, perform the following procedure. 1. Display the Configure SNMPv3 Table menu by performing steps 1 through 3 in “Configuring the SNMPv3 User Table” on page 317. Or, from the Main Menu type 5->5->5.
AT-S63 Management Software Menus User’s Guide 7. After making changes, type R until you return to the Main Menu. Then type S to select Save Configuration Changes. Modifying the Storage Type To modify the Storage Type parameter in an SNMPv3 Target Address Table entry, perform the following procedure. 1. Display the Configure SNMPv3 Table menu by performing steps 1 through 3 in “Configuring the SNMPv3 User Table” on page 317. Or, from the Main Menu type 5->5->5.
Chapter 21: SNMPv3 N-NonVolatile Select this storage type if you want the ability to save an entry in the SNMPv3 Target Address Table to the configuration file. After making changes to an SNMPv3 Target Address entry with a NonVolatile storage type, the S - Save Configuration Changes option appears on the Main Menu, allowing you to save your changes. Allied Telesis recommends this storage type. 7. After making changes, type R until you return to the Main Menu.
AT-S63 Management Software Menus User’s Guide Configuring the SNMPv3 Target Parameters Table This section contains a description of the SNMPv3 Target Parameters Table and how to create, delete, and modify table entries. The SNMPv3 Target Parameters Table links the user security information with the message notification information configured in the Configure SNMPv3 Notify Table menu and Configure SNMPv3 Target Address Table menu.
Chapter 21: SNMPv3 Creating an SNMPv3 Target Parameters Table Entry “Deleting an SNMPv3 Target Parameters Table Entry” on page 385 “Modifying an SNMPv3 Target Parameters Table Entry” on page 386 To create an entry in the Configure SNMPv3 Target Parameters Table, perform the following procedure. 1. Display the Configure SNMPv3 Table menu by performing steps 1 through 3 in “Configuring the SNMPv3 User Table” on page 317. Or, from the Main Menu type 5->5->5.
AT-S63 Management Software Menus User’s Guide Note You are prompted to enter a value for the Message Processing Model parameter only if you select SNMPv1 or SNMPv2c as the Security Model. If you select the SNMPv3 protocol as the Security Model, then the Message Processing Model is automatically assigned to SNMPv3. The following prompt is displayed: Enter User (Security) Name: 5. Enter a User Name. The value of this parameter is previously configured with the Configure SNMPv3 User Table.
Chapter 21: SNMPv3 N-NoAuthNoPriv This option represents no authentication and no privacy protocol. Select this security level if you do not want to authenticate SNMP entities and you do not want to encrypt messages using a privacy protocol. This security level provides the least security. Note If you have selected SNMPv1 or SNMPv2c, N-NoAuthNoPriv is the only security level you can select. A-AuthNoPriv This option represents authentication, but no privacy protocol.
AT-S63 Management Software Menus User’s Guide 9. After making changes, type R until you return to the Main Menu. Then type S to select Save Configuration Changes. Deleting an SNMPv3 Target Parameters Table Entry You may want to delete an entry from the SNMPv3 Target Parameters Table. When you delete an SNMPv3 Target Parameters Table entry, there is no way to undelete, or recover, the entry. To delete an entry in the SNMPv3 Target Parameters Table, perform the following procedure: 1.
Chapter 21: SNMPv3 Modifying an SNMPv3 Target Parameters Table Entry This section provides procedures for modifying parameters in an SNMPv3 Target Parameters Table entry. The parameter values configured in the Target Parameters Table must match those configured in the other tables. For a more detailed explanation, see “Creating an SNMPv3 Target Parameters Table Entry” on page 382.
AT-S63 Management Software Menus User’s Guide When you modify the Security Name parameter, you must use a value that you configured with the User Name parameter in the Configure SNMPv3 User Table menu. If you do not use a value configured with the User Name parameter, messages are not sent on behalf of this User Name. See “Creating an SNMPv3 User Table Entry” on page 317. To modify the Security Name parameter in an SNMPv3 Target Parameter Table entry, perform the following procedure. 1.
Chapter 21: SNMPv3 4. To change the Security Name parameter, type 1 to select Set Security Name. The following prompt is displayed: Enter Target Parameters Name: 5. Enter a previously configured Target Parameters Name. Enter a value of up to 32 alphanumeric characters. The following prompt is displayed: Enter User (Security) Name: 6. Enter a User Name. Enter a value that you previously configured with the Configure SNMPv3 User Table menu. You can enter a value of up to 32 alphanumeric characters. 7.
AT-S63 Management Software Menus User’s Guide The Configure SNMPv3 Target Parameters Table menu is shown in Figure 138. 3. From the Configure SNMPv3 Target Parameters Table menu, type 3 to select Modify SNMPv3 Table Entry. The Modify SNMPv3 Target Parameters Table menu is shown in Figure 139 on page 387. 4. To change the Security Model, type 2 to select Security Model. The following prompt is displayed: Enter Target Parameters Name: 5. Enter a previously configured Target Parameters Name.
Chapter 21: SNMPv3 from the Main Menu type 5->5->5. The Configure SNMPv3 Table menu is shown in Figure 125 on page 318. 2. From the Configure SNMPv3 Table menu, type 8 to select Configure SNMPv3 Target Address Table. The Configure SNMPv3 Target Parameters Table menu is shown in Figure 138. 3. From the Configure SNMPv3 Target Parameters Table menu, type 3 to select Modify SNMPv3 Table Entry. The Modify SNMPv3 Target Parameters Table menu is shown in Figure 139 on page 387. 4.
AT-S63 Management Software Menus User’s Guide A-AuthNoPriv This option represents authentication, but no privacy protocol. Select this security level if you want to authenticate SNMP users, but you do not want to encrypt messages using a privacy protocol.You can select this value if you configured the Security Model parameter with the SNMPv3 protocol. P-AuthPriv This option represents authentication and the privacy protocol.
Chapter 21: SNMPv3 5. Enter a previously configured Target Parameters Name. Enter a value of up to 32 alphanumeric characters. The following prompt is displayed: Enter Message Processing Model[1-v1,2-v2c,3-v3]: 6. Select one of the following SNMP protocols that is used to process, or send messages: 1-v1 Select this value to process messages with the SNMPv1 protocol. 2-v2c Select this value to process messages with the Security Name, or User Name, with the SNMPv2c protocol.
AT-S63 Management Software Menus User’s Guide 5. Enter a previously configured Target Parameters Name. Enter a value of up to 32 alphanumeric characters. The following prompt is displayed: Enter Storage Type [V-Volatile, N-NonVolatile]: 6. Select one of the following storage types for this table entry: V - Volatile Select this storage type if you do not want the ability to save an entry in the SNMPv3 Target Parameters Table to the configuration file.
Chapter 21: SNMPv3 Configuring the SNMPv3 Community Table This section contains a description of the SNMPv3 Community Table and how to create, delete, and modify table entries. The SNMPv3 Community Table allows you to create SNMPv1 and SNMPv2c Communities using the SNMPv3 Tables. Allied Telesis does not recommend that you use the menu described in this section to configure SNMPv1 and SNMPv2c communities. Instead, use the procedures described in “Enabling or Disabling SNMP Management” on page 90.
AT-S63 Management Software Menus User’s Guide Security Name Transport Tag Storage Type In addition, you can display the entries configured with the Configure SNMPv1 & SNMPv2c Community menu in the Configure SNMPv3 Community Table menu. However, you cannot modify an SNMPv1 & SNMPv2c Community Table entry with the Configure SNMPv3 Community Table menu. There are three functions you can perform with the Configure SNMPv3 Target Parameters Table menu.
Chapter 21: SNMPv3 The Configure SNMPv3 Community Table menu is shown in Figure 140. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 Configure SNMPv3 Community Table Community Index ............... Community Name ................ Security Name ................. Transport Tag ................. Storage Type .................. Row Status ....................
AT-S63 Management Software Menus User’s Guide The following prompt is displayed: Enter Security Name: 6. Enter the name of an SNMPv1 and SNMPv2c user. This name must be unique. Enter a value of up to 32 alphanumeric characters. Note Do not use a value configured with the User Name parameter in the SNMPv3 User Table. The following prompt is displayed: Enter Transport Tag: 7. Enter a name of up to 32 alphanumeric characters for the Transport Tag.
Chapter 21: SNMPv3 Note The Row Status parameter is a read-only field. The Active value indicates the SNMPv3 Community Table entry takes effect immediately. 9. After making changes, type R until you return to the Main Menu. Then type S to select Save Configuration Changes. Deleting an SNMPv3 Community Table Entry You may want to delete an entry from the SNMPv3 Community Table. When you delete an entry in the SNMPv3 Community Table, there is no way to undelete or recover the entry.
AT-S63 Management Software Menus User’s Guide Modifying an SNMPv3 Community Table Entry For each entry in the SNMPv3 Community Table, you can modify the following parameters: Community Name Security Name Transport Tag Storage Type However, you cannot modify the Community Index parameter.
Chapter 21: SNMPv3 The Modify SNMPv3 Community Table menu is shown in Figure 141. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 Modify SNMPv3 Community Table Community Index ............... Community Name ................ Security Name ................. Transport Tag ................. Storage Type .................. Row Status ....................
AT-S63 Management Software Menus User’s Guide Modifying the Security Name To modify the Security Name parameter in an SNMPv3 Community Table entry, perform the following procedure: 1. Display the Configure SNMPv3 Table menu by performing steps 1 through 3 in “Configuring the SNMPv3 User Table” on page 317. Or, from the Main Menu type 5->5->5. The Configure SNMPv3 Table menu is displayed as shown in Figure 125 on page 318. 2.
Chapter 21: SNMPv3 The Configure SNMPv3 Table menu is displayed as shown in Figure 125 on page 318. 2. From the Configure SNMPv3 Table menu, type 9 to select Configure SNMPv3 Community Table. The Configure SNMPv3 Community Table menu is shown in Figure 140 on page 396. 3. From the Configure SNMPv3 Community Table, type 3 to select Modify SNMPv3 Table Entry. The Modify SNMPv3 Community Table menu is shown in Figure 141 on page 400. 4. To change the Transport Tag, type 3 to select Set Transport Tag.
AT-S63 Management Software Menus User’s Guide 3. From the Configure SNMPv3 Community Table, type 3 to select Modify SNMPv3 Table Entry. The Modify SNMPv3 Community Table Menu is shown in Figure 141 on page 400. 4. To change the Storage Type, type 4 to select Set Storage Type. The following prompt is displayed: Enter Community Index: 5. Enter the Community Index of the Storage Type you want to change. The following prompt is displayed: Enter Storage type [V-volatile, N-NonVolatile]: 6.
Chapter 21: SNMPv3 Displaying SNMPv3 Table Menus The procedures in this section describe how to display the SNMPv3 Tables.
AT-S63 Management Software Menus User’s Guide The Display SNMPv3 Table menu is shown in Figure 142.
Chapter 21: SNMPv3 Displaying the Display SNMPv3 View Table Menu This section describes how to display the Display SNMPv3 View Table menu. For information about the SNMPv3 View Table parameters, see “Creating an SNMPv3 View Table Entry” on page 327. To display the Display SNMPv3 View Table menu, perform the following procedure. 1. Display the Display SNMPv3 Table menu by performing steps 1 through 3 in “Displaying the Display SNMPv3 User Table Menu” on page 404. Or, from the Main menu type 5->5->6. 2.
AT-S63 Management Software Menus User’s Guide Displaying the Display SNMPv3 Access Table Menu This section describes how to display the Display SNMPv3 Access Table menu. For information about the SNMPv3 Access Table parameters, see “Creating an SNMPv3 Access Table Entry” on page 336. To display the Display SNMPv3 Access Table menu, perform the following procedure. 1. Display the Display SNMPv3 Table menu by performing steps 1 through 3 in “Displaying the Display SNMPv3 User Table Menu” on page 404.
Chapter 21: SNMPv3 The Display SNMPv3 SecurityToGroup Table menu is shown in Figure 146. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 Display SNMPv3 SecurityToGroup Table Security Model................. Security Name ................. Group Name .................... Storage Type .................. Row Status ....................
AT-S63 Management Software Menus User’s Guide Displaying the Display SNMPv3 Target Address Table Menu This section describes how to display the Display SNMPv3 Target Address Table menu. For information about the SNMPv3 Target Address Table parameters, see “Creating an SNMPv3 Target Address Table Entry” on page 368. To display the Display SNMPv3 Target Address Table menu, perform the following procedure. 1.
Chapter 21: SNMPv3 The Display SNMPv3 Target Parameters Table menu is shown in Figure 146. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 Display SNMPv3 Target Parameters Table Target Parameters Name ... Message Processing Model . Security Model ........... Security Name ............ Security Level ........... Storage Type ............. Row Status ...............
AT-S63 Management Software Menus User’s Guide The Display SNMPv3 Community Table menu is shown in Figure 146. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 Display SNMPv3 Community Table Community Index ........ Community Name ......... Security Name .......... Transport Tag........... Storage Type ........... Row Status .............
Chapter 21: SNMPv3 412 Section IV: SNMPv3
Section V Spanning Tree Protocols The chapters in this section contain overview information on the different spanning tree protocols supported on the AT-9400 Switch. The chapters also explain how to configure the spanning tree protocols from the menu interface of the AT-S63 Management Software.
Section V: Spanning Tree Protocols
Chapter 22 Spanning Tree and Rapid Spanning Tree Protocols This chapter provides background information on the Spanning Tree Protocol (STP) and Rapid Spanning Tree Protocol (RSTP). The chapter also contains procedures on how to adjust the STP and RSTP bridge and port parameters.
Chapter 22: Spanning Tree and Rapid Spanning Tree Protocols Enabling or Disabling a Spanning Tree Protocol The AT-S63 Management Software supports STP, RSTP, and MSTP. However, only one spanning tree protocol can be active on the switch at a time. Before you can enable a spanning tree protocol, you must first select it as the active spanning tree protocol on the switch. After you have selected it as the active protocol, you can then configure it and enable or disable it.
AT-S63 Management Software Menus User’s Guide 4. If you selected STP as the active spanning tree protocol, go to “Configuring STP” on page 418 for further instructions. If you selected RSTP, go to “Configuring RSTP” on page 426. Multiple Spanning Tree Protocol (MSTP) is described in Chapter 23, “Multiple Spanning Tree Protocol” on page 437. Note After you have configured the spanning tree parameters, perform steps 5 through 7 to enable spanning tree. 5.
Chapter 22: Spanning Tree and Rapid Spanning Tree Protocols Configuring STP This section contains the following procedures: Configuring STP Bridge Settings ”Configuring STP Bridge Settings”, next “Configuring STP Port Settings” on page 421 “Displaying STP Port Settings” on page 424 “Resetting STP to the Default Settings” on page 425 This section contains the procedure for configuring a bridge’s STP settings. Caution The default STP parameters are adequate for most networks.
AT-S63 Management Software Menus User’s Guide 2. From the Spanning Tree Configuration menu, type 3 to select Configure Active Protocol. The STP menu is shown in Figure 152. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 STP Menu 1 2 3 4 5 6 7 8 - Bridge Priority ..... Bridge Hello Time ... Bridge Forwarding ... Bridge Max Age ...... Bridge Identifier ... Root Bridge ......... Root Priority ....... Root Path Cost ......
Chapter 22: Spanning Tree and Rapid Spanning Tree Protocols Table 5. Bridge Priority Value Increments Bridge Priority Increment Increment Bridge Priority 0 0 8 32768 1 4096 9 36864 2 8192 10 40960 3 12288 11 45056 4 16384 12 49152 5 20480 13 53248 6 24576 14 57344 7 28672 15 61440 2 - Bridge Hello Time The time interval between generating and sending configuration messages by the bridge. This parameter can be from 1 to 10 seconds. The default is 2 seconds.
AT-S63 Management Software Menus User’s Guide 5 - Bridge Identifier The bridge identifier of the switch. The identifier consists of the switch’s bridge priority value and MAC address, separated by a slash (/). To change the switch’s priority value, use option 1, Bridge Priority. The MAC address of the switch cannot be changed. 6 - Root Bridge The MAC address of the root bridge of the spanning tree domain. This value cannot be changed and is only displayed when spanning tree is activated on the switch.
Chapter 22: Spanning Tree and Rapid Spanning Tree Protocols The STP Port Parameters menu is shown in Figure 153. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 STP Port Parameters 1 - Configure STP Port Settings 2 - Display STP Port Configuration R - Return to Previous Menu Enter your selection? Figure 153. STP Port Parameters Menu 4. Type 1 to select Configure STP Port Settings. The following prompt is displayed: Start Port to Configure [1 to 26] -> 5.
AT-S63 Management Software Menus User’s Guide 1 - Port Priority This parameter is used as a tie breaker when two or more ports have equal costs to the root bridge. The range is 0 to 240 in increments of 16. The default value is 8 (priority value 128). Table 6 lists the increments. Table 6.
Chapter 22: Spanning Tree and Rapid Spanning Tree Protocols Table 8. STP Auto-Detect Port Trunk Costs Port Speed 1000 Mbps Port Cost 2 8. After making changes, type R until you return to the Main Menu. Then type S to select Save Configuration Changes. Displaying STP Port Settings To display STP port settings, perform the following procedure: 1. From the Main Menu, type 3 to select Spanning Tree Configuration. The Spanning Tree Configuration menu is shown in Figure 151 on page 416. 2.
AT-S63 Management Software Menus User’s Guide The Display STP Port Configuration menu displays a table that contains the following columns of information: Port The port number. State Current state of a port. The possible states are Listening, Learning, Forwarding, or Blocking when spanning tree is enabled on the switch. When spanning tree is not enabled on the switch or if a port is not being used, its state will be disabled. Cost Port cost of the port. Priority The port’s priority value.
Chapter 22: Spanning Tree and Rapid Spanning Tree Protocols Configuring RSTP This section contains the following procedures: Configuring RSTP Bridge Settings ”Configuring RSTP Bridge Settings”, next “Configuring RSTP Port Settings” on page 429 “Displaying the RSTP Port Configuration” on page 432 “Displaying the RSTP Port State” on page 434 “Resetting RSTP to the Default Settings” on page 435 This section contains the procedure for configuring a bridge’s RSTP settings.
AT-S63 Management Software Menus User’s Guide 2. From the Spanning Tree Configuration menu, type 3 to select Configure Active Protocol. The RSTP menu is shown in Figure 156. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 RSTP Menu 1 2 3 4 5 6 7 8 9 - Force Version .......... Bridge Priority ........ Bridge Hello Time ...... Bridge Forwarding ...... Bridge Max Age ......... Bridge Identifier ...... Root Bridge ............ Root Priority .......... Root Path Cost .......
Chapter 22: Spanning Tree and Rapid Spanning Tree Protocols 4096, with 0 being the highest priority. For a list of the increments, refer to Table 5 on page 420. 3 - Bridge Hello Time The time interval between generating and sending configuration messages by the bridge. This parameter can be from 1 to 10 seconds. The default is 2 seconds. 4 - Bridge Forwarding The waiting period before a bridge changes to a new state, for example, becomes the new root bridge after the topology changes.
AT-S63 Management Software Menus User’s Guide 9 - Root Path Cost The cost of the path from the current switch to the root switch of the spanning tree domain. If the current switch is the root switch, root path cost will be “0”. This value cannot be changed and is only displayed when RSTP is activated on the switch. 4. After making changes, type R until you return to the Main Menu. Then type S to select Save Configuration Changes.
Chapter 22: Spanning Tree and Rapid Spanning Tree Protocols The following prompt is displayed: Ending Port to Configure [1 to 24] -> 7. To configure just one port, enter the same port number here as you entered in the previous step. To configure a range of ports, enter the last port of the range. The Configure RSTP Port Settings menu is shown in Figure 158.
AT-S63 Management Software Menus User’s Guide Table 10 lists the RSTP port costs with Auto-Detect when a port is part of a port trunk. Table 10. RSTP Auto-Detect Port Trunk Costs Port Speed Port Cost 10 Mbps 20,000 100 Mbps 20,000 1000 Mbps 2,000 3 - Point-to-Point This parameter defines whether the port is functioning as a point-topoint port. The possible settings are Yes, No, and Auto Detect. 4 - Edge Port This parameter defines whether the port is functioning as an edge port.
Chapter 22: Spanning Tree and Rapid Spanning Tree Protocols 2. From the Spanning Tree Configuration menu, type 4 to select BPDU Guard. The following prompt is displayed: Enter new value (E-Enable, D-Disable): 3. Type E to enable BPDU guard on all the edge ports or D to disable it. Note An edge port disabled by the BPDU guard feature remains disabled until you enable it with the management software.
AT-S63 Management Software Menus User’s Guide The Display RSTP Port Configuration menu is shown in Figure 159.
Chapter 22: Spanning Tree and Rapid Spanning Tree Protocols Displaying the RSTP Port State To display the RSTP port state, perform the following procedure: 1. From the Main Menu, type 3 to select Spanning Tree Configuration. The Spanning Tree Configuration menu is shown in Figure 151 on page 416. 2. From the Spanning Tree Configuration menu, type 3 to select Configure Active Protocol. The RSTP menu is shown in Figure 152 on page 419. 3. From the RSTP menu, type P to select RSTP Port Parameters.
AT-S63 Management Software Menus User’s Guide The possible states for a port connected to a device running STP are Listening, Learning, Forwarding, and Blocking. The possible states for a port not being used or where spanning tree is not activated is Disabled. Role The RSTP role of the port. Possible roles are: Root - The port that is connected to the root switch, directly or through other switches, with the least path cost. Alternate - The port offers an alternate path in the direction of the root switch.
Chapter 22: Spanning Tree and Rapid Spanning Tree Protocols The following prompt is displayed: Do you want to reset RSTP configuration to default [Yes/ No] -> 4. Type Y for Yes or N for No and press Return. The RSTP configuration is reset to the defaults.
Chapter 23 Multiple Spanning Tree Protocol This chapter contains the procedures for configuring the Multiple Spanning Tree Protocol (MSTP).
Chapter 23: Multiple Spanning Tree Protocol Selecting MSTP as the Active Spanning Tree Protocol To select and activate MSTP as the active spanning tree protocol on the switch, or to disable spanning tree, perform the following procedure: 1. From the Main Menu, type 3 to select Spanning Tree Configuration. The Spanning Tree Configuration menu is shown in Figure 151 on page 416. 2. To change the active version of spanning tree on the switch, type 2 to select Active Protocol Version.
AT-S63 Management Software Menus User’s Guide Configuring MSTP Bridge Settings To configure a bridge’s MSTP settings, perform the following procedure: 1. From the Main Menu, type 3 to select Spanning Tree Configuration. The Spanning Tree Configuration menu is shown in Figure 151 on page 416. 2. From the Spanning Tree menu, type 3 to select Configure Active Protocol. The MSTP menu is shown in Figure 161.
Chapter 23: Multiple Spanning Tree Protocol 3. Configure the following parameters as necessary. 1 - Force Version This selection determines whether the bridge operates with MSTP or in an STP-compatible mode. If you select MSTP, the bridge operates all ports in MSTP, except for those ports that receive STP or RSTP BPDU packets. If you select Force STP Compatible, the bridge uses its MSTP parameter settings, but sends only STP BPDU packets from the ports.
AT-S63 Management Software Menus User’s Guide bridge within a MSTP region. After the counter reaches zero, the BPDU is deleted. The counter is reset to its original value if a BPDU crosses a MSTP regional boundary. 6 - Configuration Name The name of the MSTP region. The range is 0 (zero) to 32 alphanumeric characters in length. The name, which is case sensitive, must be the same on all bridges in a region. Examples include Sales Region and Production Region.
Chapter 23: Multiple Spanning Tree Protocol 4. After making changes, type R until you return to the Main Menu. Then type S to select Save Configuration Changes.
AT-S63 Management Software Menus User’s Guide Configuring the CIST Priority This procedure explains how to adjust the bridge’s CIST priority. To change the CIST priority, perform the following procedure: 1. From the Main Menu, type 3 to select Spanning Tree Configuration. The Spanning Tree Configuration menu is shown in Figure 151 on page 416. 2. From the Spanning Tree Configuration menu, type 3 to select Configure Active Protocol. The MSTP menu is shown in Figure 161 on page 439. 3.
Chapter 23: Multiple Spanning Tree Protocol The following prompt is displayed: Enter new priority [the value will be multiplied by 4096]: [0 to 15] -> 5. Enter the increment that represents the new CIST priority value. The range is 0 (zero) to 61,440 in increments of 4,096, with 0 being the highest priority. For a list of the increments, refer to Table 6, “Port Priority Value Increments” on page 423. 6. After making changes, type R until you return to the Main Menu.
AT-S63 Management Software Menus User’s Guide Displaying the CIST Priority To display the CIST priority, perform the following procedure: 1. From the Main Menu, type 3 to select Spanning Tree Configuration. The Spanning Tree Configuration menu is shown in Figure 151 on page 416. 2. From the Spanning Tree Configuration menu, type 3 to select Configure Active Protocol. The MSTP menu is shown in Figure 161 on page 439. 3. From the MSTP menu, type M to select MSTI Configuration.
Chapter 23: Multiple Spanning Tree Protocol Path Cost Specifies the path cost from the bridge to the regional root. If the bridge is the regional root, the value is 0. Associated VLANs Specifies the VIDs of the VLANs that have been associated with the MSTI ID. The table does not include the CIST. The table is empty if no MSTI IDs have been created.
AT-S63 Management Software Menus User’s Guide Creating, Deleting, and Modifying MSTI IDs The following sections contain procedures for working with MSTI IDs: Creating an MSTI ID ”Creating an MSTI ID” next “Deleting an MSTI ID” on page 448 “Modifying an MSTI ID” on page 448 To create an MSTI ID, perform the following procedure: 1. From the Main Menu, type 3 to select Spanning Tree Configuration. The Spanning Tree Configuration menu is shown in Figure 151 on page 416. 2.
Chapter 23: Multiple Spanning Tree Protocol 8. After making changes, type R until you return to the Main Menu. Then type S to select Save Configuration Changes. Deleting an MSTI ID To delete an MSTI ID, perform the following procedure: 1. From the Main Menu, type 3 to select Spanning Tree Configuration. The Spanning Tree Configuration menu is shown in Figure 151 on page 416. 2. From the Spanning Tree Configuration menu, type 3 to select Configure Active Protocol.
AT-S63 Management Software Menus User’s Guide The following prompt is displayed: Enter the MSTI ID to be modified: [1 to 15] -> 5. Enter the MSTP IDs that you want to modify. The range is 1 to 15. You can specify only one MSTI ID at a time. The following prompt is displayed: Enter new priority [the value will be multiplied by 4096] [0 to 15] -> 8 6. Enter a new MSTI priority number for this MSTI on the bridge. This parameter is used in selecting a regional root for the MSTI.
Chapter 23: Multiple Spanning Tree Protocol Adding, Removing, and Modifying VLAN Associations to MSTI IDs When you create a new MSTI ID, you are given the opportunity of associating VLANs to it. But after an MSTI ID is created, you may want to add more VLANs to it, or perhaps remove VLANs. This procedure explains how to associate VLANs on the switch to an existing MSTI ID and also how to remove VLANs.
AT-S63 Management Software Menus User’s Guide The VLAN-MSTI Association menu is shown in Figure 164. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 VLAN-MSTI Association MSTI/CIST Associated VLANs ------------------------------------------------------0 4 5 7 1 2 3 4 1,2 6 7,22 - Add VLANs to MSTI Delete VLANs from MSTI Set VLAN to MSTI Association Clear VLAN to MSTI Association U - Update Display R - Return to Previous Menu Enter your selection? Figure 164.
Chapter 23: Multiple Spanning Tree Protocol 4. From the VLAN-MSTI Association menu, type 1 to select Add VLANs to MSTI. The following prompt is displayed: Enter the MSTI ID [0 to 15] -> 5. Enter the MSTI ID to which you want to associate a VLAN. A prompt similar to the following is displayed: Enter the list of VLANs: 6. Enter the VLAN ID of the virtual LAN you want to associate with the MSTI ID. You can enter more than one VLAN at a time (for example, 2,4,7).
AT-S63 Management Software Menus User’s Guide 6. Enter the VLAN ID of the virtual LAN that you want to remove from the MSTI ID. You can enter more than one VLAN at a time (for example, 2,4,7) To view VIDs, refer to “Displaying VLANs” on page 481. A removed VLAN is returned to CIST. 7. After making changes, type R until you return to the Main Menu. Then type S to select Save Configuration Changes.
Chapter 23: Multiple Spanning Tree Protocol Clearing VLAN to MSTI Associations To clear VLAN to MSTI associations, perform the following procedure: 1. From the Main Menu, type 3 to select Spanning Tree Configuration. The Spanning Tree Configuration menu is shown in Figure 151 on page 416. 2. From the Spanning Tree Configuration menu, type 3 to select Configure Active Protocol. 3. From the MSTI Configuration menu, type V to select VLAN-MSTI Association menu.
AT-S63 Management Software Menus User’s Guide Configuring MSTP Port Settings The MSTP port settings are divided into two groups. The parameters in the first group are set just once on a port, regardless of the number of MSTIs in which a port is a member. These settings are: External path cost Point-to-point designation Edge port designation The procedure for setting these parameters is in “Configuring Generic MSTP Port Settings,” next.
Chapter 23: Multiple Spanning Tree Protocol The MSTP Port Parameters menu is shown in Figure 165. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 MSTP Port Parameters 1 2 3 4 - Configure Generic Port Settings Configure Per Spanning Tree Port Settings Display MSTP Port Configuration Display MSTP Port State R - Return to Previous Menu Enter your selection? Figure 165. MSTP Port Parameters Menu 4.
AT-S63 Management Software Menus User’s Guide 7. Adjust the following parameters as necessary: 1- Port External Path Cost The port cost of the port if the port is connected to a bridge which is a member of another MSTP region or is running STP or RSTP. The range is 0 to 200,000,000. The default setting is Auto, which sets port cost depending on the speed of the port. Table 11 lists the MSTP port costs with the Auto setting when the port is not a member of a trunk.
Chapter 23: Multiple Spanning Tree Protocol Configuring MSTI-specific Port Parameters This procedure explains how to set a port’s priority and internal path cost. These parameters can be set independently on a port for each MSTI in which a port is a member. To configure the parameters, perform the following procedure: 1. From the Main Menu, type 3 to select Spanning Tree Configuration. The Spanning Tree Configuration menu is shown in Figure 151 on page 416. 2.
AT-S63 Management Software Menus User’s Guide Configure Per Spanning Tree Port Settings Menu is shown in Figure 167. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 Configure Per Spanning Tree Port Settings Spanning Tree List: 4 Configuring Ports: 7-7 1 - Port Priority ............... 128 2 - Port Internal Path Cost ..... Auto Update R - Return to Previous Menu Enter your selection? Figure 167.
Chapter 23: Multiple Spanning Tree Protocol Table 14 lists the RSTP port costs with Auto-Detect when the port is part of a port trunk. Table 14. RSTP Auto-Detect Port Trunk Costs Port Speed Port Cost 10 Mbps 20,000 100 Mbps 20,000 1000 Mbps 2,000 9. After making changes, type R until you return to the Main Menu. Then type S to select Save Configuration Changes.
AT-S63 Management Software Menus User’s Guide Displaying the MSTP Port Configuration To display the MSTP port configuration, perform the following procedure: 1. From the Main Menu, type 3 to select Spanning Tree Configuration. The Spanning Tree Configuration menu is shown in Figure 151 on page 416. 2. From the Spanning Tree Configuration menu, type 3 to select Configure Active Protocol. The MSTP Configuration menu is shown in Figure 161 on page 439. 3.
Chapter 23: Multiple Spanning Tree Protocol The Display MSTP Port Configuration menu displays a table that contains the following columns of information: Port The port number. Edge-Port Whether or not the port is functioning as an edge port. The possible settings are Yes and No. Point-to-Point Whether or not the port is functioning as a point-to-point port. The possible settings are Yes, No, and Auto-Detect.
AT-S63 Management Software Menus User’s Guide Displaying the MSTP Port State To display the MSTP port state, perform the following procedure: 1. From the Main Menu, type 3 to select Spanning Tree Configuration. The Spanning Tree Configuration menu is shown in Figure 151 on page 416. 2. From the Spanning Tree Configuration menu, type 3 to select Configure Active Protocol. The MSTP Configuration menu is shown in Figure 161 on page 439. 3.
Chapter 23: Multiple Spanning Tree Protocol The Display MSTP Port State menu is shown in Figure 169.
AT-S63 Management Software Menus User’s Guide Backup - The port on a designated switch that provides a backup for the path provided by the designated port. Designated - The port on the designated switch for a LAN that has the least cost path to the root switch. This port connects the LAN to the root switch. Master - Similar to the root port. When the port is a boundary port, the MSTI port roles follow the CIST port roles. The MSTI port role is called “master” when the CIST role is “root.
Chapter 23: Multiple Spanning Tree Protocol Resetting MSTP to the Defaults To reset MSTP to the defaults, perform the following procedure: Note You must disable spanning tree to perform this procedure. 1. From the Main Menu, type 3 to select Spanning Tree Configuration. The Spanning Tree Configuration menu is shown in Figure 151 on page 416. 2. From the Spanning Tree Configuration menu, type 3 to select Configure Active Protocol. The MSTP Configuration menu is shown in Figure 161 on page 439. 3.
Section VI Virtual LANs The chapters in this section contain overview information on the different types of virtual LANs supported by the AT-9400 Switch. The chapters also explain how to configure these features from the menu interface of the AT-S63 Management Software.
Section VI: Virtual LANs
Chapter 24 Port-based and Tagged VLANs This chapter contains basic information about virtual LANs (VLANs) and procedures for creating, modifying, and deleting VLANs from a local or Telnet management session.
Chapter 24: Port-based and Tagged VLANs Creating a Port-based or Tagged VLAN To create a port-based or tagged VLAN, perform the following procedure: 1. From the Main Menu, type 2 to select VLAN Configuration. The VLAN Configuration menu is shown in Figure 170. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 VLAN Configuration 1 2 3 4 5 6 - Ingress Filtering Status ........ Disabled VLANs Mode ......................
AT-S63 Management Software Menus User’s Guide The Configure VLANs menu is shown in Figure 171. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 Configure VLANs 1 2 3 4 - Create VLAN Modify VLAN Delete VLAN Reset to Default VLAN R - Return to Previous Menu Enter your selection? Figure 171. Configure VLANs Menu 3. From the Configure VLANs menu, type 1 to select Create VLAN. The Create VLAN menu is shown in Figure 172.
Chapter 24: Port-based and Tagged VLANs contain spaces or special characters, such as asterisks (*) or exclamation points (!). If the VLAN will be unique in your network, then the name should be unique as well. If the VLAN will be part of a larger VLAN that spans multiple switches, then the name for the VLAN should be the same on each switch where nodes of the VLAN are connected. Note A VLAN must be assigned a name. 6. Type 2 to select VLAN ID (VID.
AT-S63 Management Software Menus User’s Guide Note The MAC Based setting for option 3 is used to create MAC addressbased VLANs. For instructions, refer to Chapter 28, “MAC Addressbased VLANs” on page 529. 9. If the VLAN will contain tagged ports, type 4 to select Tagged Ports and specify the ports. If this VLAN will not contain any tagged ports, leave this field empty. You can specify the ports individually (e.g., 2,3,5), as a range (e.g., 79), or both (e.g., 2,5,7-9). 10.
Chapter 24: Port-based and Tagged VLANs Note Untagged ports of a new VLAN are automatically removed from their current untagged VLAN assignment. For example, if you are creating a new VLAN on a switch that contains only the Default_VLAN, the untagged ports of the new VLAN are automatically removed from the Default_VLAN. Note Tagged ports are not removed from any current VLAN assignments because tagged ports can belong to more than one VLAN at a time.
AT-S63 Management Software Menus User’s Guide Example of Creating a Port-based VLAN This procedure is an example of how to create an untagged VLAN. The specifications of the VLAN are: Name: Sales VID: 2 Untagged ports, 1, 3 to 5 To create this VLAN, perform the following procedure: 1. From the Main Menu, type 2 to select VLAN Configuration. The VLAN Configuration menu is shown in Figure 170 on page 470. 2. From the VLAN Configuration menu, type 3 to select Configure VLANs.
Chapter 24: Port-based and Tagged VLANs Example of Creating a Tagged VLAN This procedure is an example of how to create a tagged VLAN. The specifications of the example VLAN are: Name: Engineering VID: 3 Tagged ports: 2, 10 Untagged ports, 9, 11 to 13 To create the Engineering VLAN, perform the following procedure: 1. From the Main Menu, type 2 to select VLAN Configuration. The VLAN Configuration menu is shown in Figure 170 on page 470. 2.
AT-S63 Management Software Menus User’s Guide Modifying a Port-based or Tagged VLAN Note To modify a VLAN, you need to know its VID. To view VLAN VIDs, refer to “Displaying VLANs” on page 481. To modify a VLAN, perform the following procedure: 1. From the Main Menu, type 2 to select VLAN Configuration. The VLAN Configuration menu is shown in Figure 170 on page 470. 2. From the VLAN Configuration menu, type 3 to select Configure VLANs. The Configure VLANs menu is shown in Figure 171 on page 471. 3.
Chapter 24: Port-based and Tagged VLANs 5. Enter the VID of the port-based or tagged VLAN you want to modify. The Modify VLAN menu expands to contain all relevant information about the VLAN, as shown in Figure 174. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 Modify VLAN 1 2 3 4 5 6 - VLAN Name .............. VLAN ID (VID) .......... VLAN Type .............. Tagged Ports ........... Untagged Ports ......... Protected Ports ........
AT-S63 Management Software Menus User’s Guide 4 - Tagged Ports Use this selection to add or remove tagged ports from the VLAN. You can specify the ports individually (e.g., 2,3,5), as a range (e.g., 7-9), or both (e.g., 2,5,7-9). When you add or remove tagged ports, observe the following guidelines: The new list of tagged ports will replace the existing tagged ports. If the VLAN contains tagged ports and you want to remove them all, enter 0 (zero) for this value.
Chapter 24: Port-based and Tagged VLANs If you added or removed from the VLAN a port with one or more static MAC addresses assigned to it, you must update the static addresses by deleting their entries from the MAC address table and reentering them again using the VID of the VLAN to which the port has been moved to. For information on how to add static MAC addresses, refer to “Adding Static Unicast and Multicast MAC Addresses” on page 106.
AT-S63 Management Software Menus User’s Guide Displaying VLANs To view the name, VID number, and member ports of all the VLANs on a switch, perform the following procedure: 1. From the Main Menu, type 2 to select VLAN Configuration. The VLAN Configuration menu is shown in Figure 170 on page 470. 2. From the VLAN Configuration menu, type 4 to select Show VLANs. The Show VLANs menu is shown in Figure 175.
Chapter 24: Port-based and Tagged VLANs VLAN Name Name of the VLAN. VLAN Type The VLAN type. The possible settings are: Port Based - The VLAN is a port-based or tagged VLAN. MAC Based - The VLAN is a MAC address-based VLAN. Protected - The VLAN is a protected ports VLAN. GARP - The VLAN was automatically created by GARP. Protocol The protocol associated with this VLAN. The possible settings are: Blank - The VLAN is a port-based, tagged, or MAC address-based VLAN.
AT-S63 Management Software Menus User’s Guide Deleting a Port-based or Tagged VLAN This procedure deletes port-based and tagged VLANs from the switch. Note the following before performing this procedure: You cannot delete the Default_VLAN. You cannot delete a VLAN if it has a routing interface. The interface must be deleted first. For instructions, refer to “Deleting a Routing Interface” on page 550. All untagged ports in a deleted VLAN are returned to the Default_VLAN as untagged ports.
Chapter 24: Port-based and Tagged VLANs 4. From the Delete VLAN menu, type 1 to select VLAN ID (VID). The following prompt is displayed: Enter new value -> [2 to 4094] -> 5. Enter the VID of the VLAN you want to delete. You can specify only one VID at a time. Note You cannot delete the Default_VLAN, which has a VID of 1. The Delete VLAN menu expands to contain all relevant information about the VLAN, as shown in Figure 177. You can use this menu to confirm that you are deleting the correct VLAN.
AT-S63 Management Software Menus User’s Guide 8. Press any key. 9. Repeat this procedure starting with Step 4 to delete other VLANs. 10. To permanently save your changes, return to the Main Menu and type S to select Save Configuration Changes.
Chapter 24: Port-based and Tagged VLANs Deleting All VLANs The following procedure deletes all port-based, tagged, protected ports, and MAC address-based VLANs on a switch. To delete selected VLANs, perform the procedure in “Deleting a Port-based or Tagged VLAN” on page 483. Note the following before performing this procedure: You cannot delete the Default_VLAN. You cannot delete a VLAN if it has a routing interface. The interface must be deleted first.
AT-S63 Management Software Menus User’s Guide Any static addresses assigned to the ports of the VLANs are now obsolete, except for the Default_VLAN, because the VLANs have been deleted. Those addresses should be deleted from the MAC address table. For instructions on how to delete addresses, refer to “Deleting All Dynamic MAC Addresses” on page 109. 5. Press any key. 6. To permanently save your changes, return to the Main Menu and type S to select Save Configuration Changes.
Chapter 24: Port-based and Tagged VLANs Displaying PVIDs The following procedure displays a menu that lists the PVIDs for all the ports on the switch. To display the PVID settings on the switch, perform the following procedure: 1. From the Main Menu, type 2 to select VLAN Configuration. The VLAN Configuration menu is shown in Figure 170 on page 470. 2. From the VLAN Configuration menu, type 5 to select Show PVIDs. The Show PVIDs menu is shown in Figure 178.
AT-S63 Management Software Menus User’s Guide Enabling or Disabling Ingress Filtering There are rules a switch follows when it receives and forwards an Ethernet frame. There are rules for frames as they enter a port (called ingress rules) and rules for when a frame is transmitted out a port (called egress rules). A switch does not accept and forward a frame unless the frame passes the ingress and egress rules. There are many ingress and egress rules for Gigabit Ethernet switches.
Chapter 24: Port-based and Tagged VLANs In most cases, you will probably want to leave ingress filtering activated on the switch, which is the default. You can enable or disable ingress filtering on a per switch basis. You cannot set this per port. To enable or disable ingress filtering, perform the following procedure: 1. From the Main Menu, type 2 to select VLAN Configuration. The VLAN Configuration menu is shown in Figure 170 on page 470. 2.
Chapter 25 GARP VLAN Registration Protocol This chapter describes the GARP VLAN Registration Protocol (GVRP) and contains the following sections: Section VI: Virtual LANs “Configuring GVRP” on page 492 “Enabling or Disabling GVRP on a Port” on page 494 “Converting a Dynamic GVRP VLAN” on page 496 “Displaying the GVRP Port Configuration” on page 497 “Displaying GVRP Counters” on page 498 “Displaying the GVRP Database” on page 503 “Displaying the GIP Connected Ports Ring” on pag
Chapter 25: GARP VLAN Registration Protocol Configuring GVRP To configure GVRP, perform the following procedure: Note The timers in the following menus are in increments of centi seconds which is one hundredth of a second. To configure GVRP, perform the following procedure: 1. From the Main Menu, type 2 to select VLAN Configuration. The VLAN Configuration menu is shown in Figure 170 on page 470. 2. From the VLAN Configuration menu, type 6 to select Configure GARPGVRP.
AT-S63 Management Software Menus User’s Guide 4. Type E to enable GVRP or D to disable GVRP. The default setting is disabled. 5. Type 2 to select GVRP GIP Status. The following prompt is displayed: Enter your new value (E-Enabled, D-Disabled): 6. Type E to enable GIP or D to disable GIP. Note Do not disable GIP if you intend to use GVRP. GIP is required to propagate VLAN information among the ports of the switch. Caution The following steps change the three GVRP timers.
Chapter 25: GARP VLAN Registration Protocol Enabling or Disabling GVRP on a Port This procedure enables and disables GVRP on a switch port. The default setting for GVRP on a port is enabled. Only those ports where GVRP is enabled transmit PDUs. Note Allied Telesis recommends disabling GVRP on unused ports and those ports connected to GVRP-inactive devices for protection against unauthorized access to restricted areas of your network. To enable or disable GVRP on a port, perform the following procedure: 1.
AT-S63 Management Software Menus User’s Guide The following prompt is displayed: Enter port-list: 5. Enter a port or a list of ports. The Configure GVRP Port Settings menu is shown in Figure 181. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 Configure GVRP Port Settings Configuring Port 1-8 1 - Port Mode ............. Normal R - Return to Previous Menu Enter your selection? Figure 181. Configure GVRP Port Settings Menu 6. Type 1 to select Port Mode.
Chapter 25: GARP VLAN Registration Protocol Converting a Dynamic GVRP VLAN This procedure converts a dynamic GVRP VLAN into a static VLAN. You can perform this procedure to permanently retain the VLANs the switch learned through GVRP. Note This procedure cannot convert a dynamic GVRP port in a static VLAN into a static port. For that you must manually modify the static VLAN by specifying the dynamic port as either a tagged or untagged member of the VLAN.
AT-S63 Management Software Menus User’s Guide Displaying the GVRP Port Configuration To display the GVRP port configuration, perform the following procedure: 1. From the Main Menu, type 2 to select VLAN Configuration. The VLAN Configuration menu is shown in Figure 170 on page 470. 2. From the VLAN Configuration menu, type 6 to select Configure GARPGVRP. The GARP-GVRP menu is shown in Figure 179 on page 492. 3. From the GVRP Port Parameters menu, type 2 to select Display GVRP Port Configuration.
Chapter 25: GARP VLAN Registration Protocol Displaying GVRP Counters To display GVRP counters, perform the following procedure: 1. From the Main Menu, type 2 to select VLAN Configuration. The VLAN Configuration menu is shown in Figure 170 on page 470. 2. From the VLAN Configuration menu, type 6 to select Configure GARPGVRP. The GARP-GVRP menu is shown in Figure 179 on page 492. 3. From the GARP-GVRP menu, type O to select Other GVRP Parameters. The Other GVRP Parameters menu is shown in Figure 183.
AT-S63 Management Software Menus User’s Guide The GVRP Counters menu (page 1) is shown in Figure 184.
Chapter 25: GARP VLAN Registration Protocol Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 GVRP Counters Receive: -------GARP Messages: --------------LeaveAll JoinEmpty JoinIn LeaveEmpty LeaveIn Empty Bad Message Bad Attribute Transmit: --------7 0 68 0 0 5 0 0 LeaveAll JoinEmpty JoinIn LeaveEmpty LeaveIn Empty 77 58 285 1 0 21 P - Previous Page U - Update Display R - Return to Previous Menu Enter your selection? Figure 185.
AT-S63 Management Software Menus User’s Guide Table 15. GVRP Counters (Continued) Parameter Section VI: Virtual LANs Meaning Receive Discarded: Port Not Listening Number of GARP PDUs discarded because the port that received the PDUs was not listening, that is, MODE=NONE was set on the port. Transmit Discarded: Port Not Sending Number of GARP PDUs discarded because the port that the PDUs were to be transmitted on was not sending, that is, MODE=NONE was set on the port.
Chapter 25: GARP VLAN Registration Protocol Table 15. GVRP Counters (Continued) Parameter 502 Meaning Transmit GARP Messages: LeaveEmpty Total number of GARP LeaveEmpty messages transmitted for all attributes in the GARP application. Receive GARP Messages: LeaveIn Total number of GARP LeaveIn messages received for all attributes in the GARP application. Transmit GARP Messages: LeaveIn Total number of GARP LeaveIn messages transmitted for all attributes in the GARP application.
AT-S63 Management Software Menus User’s Guide Displaying the GVRP Database To display GVRP database, perform the following procedure: 1. From the Main Menu, type 2 to select VLAN Configuration. The VLAN Configuration menu is shown in Figure 170 on page 470. 2. From the VLAN Configuration menu, type 6 to select Configure GARPGVRP. The GARP-GVRP menu is shown in Figure 179 on page 492. 3. From the GARP-GVRP menu, type O to select Other GVRP Parameters menu.
Chapter 25: GARP VLAN Registration Protocol begin at 0. If the GARP application has no attributes presently registered, “No attributes have been registered” is displayed. VLAN ID The VLAN ID. Used Indicates whether the GID index is currently being used by any port in the GARP application. The definition of “used” is whether the Applicant and Registrar state machine for the GID index are in a non-initialized state, that is, not in {Vo, Mt} state. The value of this parameter is either “Yes” or “No”.
AT-S63 Management Software Menus User’s Guide Displaying the GIP Connected Ports Ring To display the GIP connected ports ring, perform the following procedure: 1. From the Main Menu, type 2 to select VLAN Configuration. The VLAN Configuration menu is shown in Figure 170 on page 470. 2. From the VLAN Configuration menu, type 6 to select Configure GARPGVRP. The GARP-GVRP menu is shown in Figure 179 on page 492. 3. From the GARP-GVRP menu, type O to select Other GVRP Parameters menu.
Chapter 25: GARP VLAN Registration Protocol STP ID Present if the GARP application is GVRP; identifies the spanning tree instance associated with the GIP context. Connected Ring The ring of connected ports. Only ports presently in the spanning tree Forwarding state are eligible for membership in the GIP connected ring. If no ports exist in the GIP connected ring, “No ports are connected” is displayed. If the GARP application has no ports, “No ports have been assigned” is displayed.
AT-S63 Management Software Menus User’s Guide Displaying the GVRP State Machine To display the GVRP state machine, perform the following procedure: 1. From the Main Menu, type 2 to select VLAN Configuration. The VLAN Configuration menu is shown in Figure 170 on page 470. 2. From the VLAN Configuration menu, type 6 to select Configure GARPGVRP. The GARP-GVRP menu is shown in Figure 179 on page 492. 3. From the GARP-GVRP menu, type O to select Other GVRP Parameters menu.
Chapter 25: GARP VLAN Registration Protocol The GVRP State Machine menu (page 2) is displayed, as shown in Figure 189.
AT-S63 Management Software Menus User’s Guide Table 16. GVRP State Machine Parameters (Continued) Parameter App Meaning Applicant state machine for the GID index on that particular port.
Chapter 25: GARP VLAN Registration Protocol Table 16. GVRP State Machine Parameters (Continued) Parameter Reg Meaning Registrar state machine for the GID index on that particular port. One of: “Mt” Empty “Lv3” Leaving substate 3 (final Leaving substate) “Lv2” Leaving substate 2 “Lv1” Leaving substate 1 “Lv” Leaving substate (initial Leaving substate) “In” In “Fix” Registration Fixed “For” Registration Forbidden The initialized state for the Registrar is Mt.
Chapter 26 Multiple VLAN Modes This chapter contains the following sections: Section VI: Virtual LANs “Selecting a VLAN Mode” on page 512 “Displaying VLAN Information” on page 514 511
Chapter 26: Multiple VLAN Modes Selecting a VLAN Mode The following procedure explains how to select a VLAN mode. Available modes are: User-configured VLAN mode (port-based, tagged, MAC addressbased, and protected ports VLANs) IEEE 802.1Q Compliant Multiple VLAN mode Non-IEEE 802.1Q Compliant Multiple VLAN mode Note If you want to change the switch’s VLAN mode to one of the multiple VLAN modes, you need to provide an uplink port, as explained in the procedure.
AT-S63 Management Software Menus User’s Guide If you enter Q or M, the following prompt is displayed: Enter Uplink VLAN Port number -> [1 to 24] -> 4. Enter the port number on the switch that will function as the uplink port for the other ports. You can specify only one port. The following prompt is displayed: SUCCESS Press any key to continue ... The new VLAN mode is now active on the switch.
Chapter 26: Multiple VLAN Modes Displaying VLAN Information To view the VLANs on the switch while the unit is operating in a multiple VLAN mode, perform the following procedure: 1. From the Main Menu, type 2 to select VLAN Configuration. The VLAN Configuration menu (multiple VLAN mode) is shown in Figure 190. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 VLAN Configuration 1 2 3 4 5 6 - Ingress Filtering Status ........ Enabled VLANs Mode ......................
AT-S63 Management Software Menus User’s Guide The Show Multiple VLANs menu is shown in Figure 191.
Chapter 26: Multiple VLAN Modes 516 Section VI: Virtual LANs
Chapter 27 Protected Ports VLANs This chapter explains protected ports VLANs.
Chapter 27: Protected Ports VLANs Creating a Protected Ports VLAN To create a new protected ports VLAN, perform the following procedure: 1. From the Main Menu, type 2 to select VLAN Configuration. 2. From the VLAN Configuration menu, type 3 to select Configure VLANs. 3. From the Configure VLANs menu, type 1 to select Create VLAN. The Create VLAN menu is shown in Figure 192. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 Create VLAN 1 2 3 4 5 6 - VLAN Name ............
AT-S63 Management Software Menus User’s Guide Note A VLAN must be assigned a name. 6. Type 2 to select VLAN ID (VID. The following prompt is displayed: Enter new value -> [2 to 4094] -> 7. Type a VID value for the new VLAN. The range for the VID value is 1 to 4094. The AT-S63 Management Software uses the next available VID number on the switch as the default value.
Chapter 27: Protected Ports VLANs The prompt displays the ports of the VLAN. 13. Enter the port in the VLAN to function as the uplink port for the groups in the VLAN. You can specify more than one uplink port. The following prompt is displayed: Enter Group Ports (4 - 11) -> The prompt includes the ports in the VLAN, minus the uplink port specified in the previous step. 14. Specify the ports of one of the groups of the protected ports VLAN.
AT-S63 Management Software Menus User’s Guide Modifying a Protected Ports VLAN Note the following before performing this procedure: To modify a protected ports VLAN, you have to recreate it. You must reselect the uplink port(s) and reassign the ports to the groups. To make the process easier, Allied Telesis recommends displaying the details of the VLAN before performing this procedure, and writing down on paper the current configuration (i.e., uplink port and port to group assignments).
Chapter 27: Protected Ports VLANs The Modify VLAN menu expands to contain all relevant information about the VLAN, as shown in Figure 193. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 Modify VLAN 1 2 3 4 5 6 - VLAN Name .............. VLAN ID (VID) .......... VLAN Type .............. Tagged Ports ........... Untagged Ports ......... Protected Ports ........
AT-S63 Management Software Menus User’s Guide 6 - Protected Ports This identifies the VLAN as a protected ports VLAN. This option can not be changed. To convert a protected ports VLAN into a tagged or port-based VLAN, you must delete it and recreate it as a tagged or port-based VLAN. 7. After making the desired changes, type M to select Modify VLAN. The following prompt is displayed: Enter Uplink Ports (4 - 12) -> This prompt lists the ports of the VLAN. 8.
Chapter 27: Protected Ports VLANs Displaying a Protected Ports VLAN To view the name, VID number, and member ports of all the VLANs on a switch, perform the following procedure: 1. From the Main Menu, type 2 to select VLAN Configuration. The VLAN Configuration menu is shown in Figure 170 on page 470. 2. From the VLAN Configuration menu, type 4 to select Show VLANs. The Show VLANs menu is shown in Figure 194.
AT-S63 Management Software Menus User’s Guide An example of the Show VLANs window is shown in Figure 195.
Chapter 27: Protected Ports VLANs Deleting a Protected Ports VLAN To delete a protected ports VLAN, perform the following procedure: 1. From the Main Menu, type 2 to select VLAN Configuration. 2. From the VLAN Configuration menu, type 3 to select Configure VLANs. The Configure VLANs menu is shown in Figure 171 on page 471. 3. From the Configure VLANs menu, type 3 to select Delete VLAN. The Delete VLAN menu is shown in Figure 196.
AT-S63 Management Software Menus User’s Guide The Delete VLAN menu expands to contain the relevant information about the VLAN. You can use the information to confirm that you are deleting the correct VLAN. An example is shown in Figure 197. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 Delete VLAN 1 2 3 4 5 6 - VLAN Name .............. VLAN ID (VID) .......... VLAN Type .............. Tagged Ports ........... Untagged Ports ......... Protected Ports ........
Chapter 27: Protected Ports VLANs 528 Section VI: Virtual LANs
Chapter 28 MAC Address-based VLANs This chapter contains the procedures for creating MAC address-based VLANs.
Chapter 28: MAC Address-based VLANs Creating a MAC Address-based VLAN This is the first stage to creating a MAC address-based VLAN. This procedure assigns the VLAN a name and a VID and sets the VLAN type. After completing this procedure you can add the source MAC addresses to the VLAN, as explained in “Adding and Deleting MAC Addresses” on page 532 and, finally, the egress ports, as explained in “Adding and Deleting Egress Ports” on page 534.
AT-S63 Management Software Menus User’s Guide The following prompt is displayed: Enter new value -> [2 to 4094] -> 7. Type a VID value for the new VLAN. The range for the VID value is 1 to 4094. The AT-S63 Management Software uses the next available VID number on the switch as the default value. If this VLAN is unique in your network, then its VID should also be unique. If this VLAN is part of a larger VLAN that spans multiple switches, than the VID value for the VLAN should be the same on each switch.
Chapter 28: MAC Address-based VLANs Adding and Deleting MAC Addresses This procedure explains how to add and delete MAC addresses from a MAC address-based VLAN. If you are creating a new VLAN, you perform this procedure after you initially create the VLAN by giving it a name and a VID and setting the VLAN type, as explained in “Creating a MAC Addressbased VLAN” on page 530.
AT-S63 Management Software Menus User’s Guide 5. To add a MAC address to a MAC address-based VLAN, type 1 to select Add MAC Address. To delete an address, type 2 to select Delete MAC Address. The following prompt is displayed: Please enter VLAN ID -> [1 to 4094] -> 2 6. Enter the VID of the MAC address-based VLAN where you want to add or delete a MAC address. You can enter only one VID. To display the VIDs, refer to “Displaying MAC Address-based VLANs” on page 538.
Chapter 28: MAC Address-based VLANs Adding and Deleting Egress Ports This procedure explains how to add and delete egress ports from the MAC addresses in a MAC address-based VLAN. Before adding egress ports to a MAC address, review the following: The egress ports of a MAC address-based VLAN are considered as a community. Assigning a port to one address makes it an egress port for all the addresses in the same VLAN. A MAC address must have at least one egress port.
AT-S63 Management Software Menus User’s Guide The following prompt is displayed: Please enter MAC address -> 7. Enter the MAC address where you want to add or delete an egress port. You can specify only one address and the address must already exist in the VLAN. For instructions on how to add an address to a VLAN, refer to “Adding and Deleting MAC Addresses” on page 532.
Chapter 28: MAC Address-based VLANs Deleting a MAC Address-based VLAN Note To delete a VLAN, you need to know its VID. To view VLAN VIDs, refer to “Displaying MAC Address-based VLANs” on page 538. To delete a VLAN, perform the following procedure: 1. From the Main Menu, type 2 to select VLAN Configuration. The VLAN Configuration menu is shown in Figure 170 on page 470. 2. From the VLAN Configuration menu, type 3 to select Configure VLANs. The Configure VLANs menu is shown in Figure 171 on page 471. 3.
AT-S63 Management Software Menus User’s Guide The Delete VLAN menu expands to contain all relevant information about the VLAN, as shown in Figure 200. You can use this menu to confirm that you are deleting the correct VLAN. Allied Telesis AT-9448T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 Delete VLAN 1 2 3 4 5 6 - VLAN Name .............. VLAN ID (VID) .......... VLAN Type .............. Tagged Ports ........... Untagged Ports ......... Protected Ports ........
Chapter 28: MAC Address-based VLANs Displaying MAC Address-based VLANs To view the details of a MAC address-based VLAN, perform the following procedure: 1. From the Main Menu, type 2 to select VLAN Configuration. The VLAN Configuration menu is shown in Figure 170 on page 470. 2. From the VLAN Configuration menu, type 4 to select Show VLANs. The Show VLANs menu is shown in Figure 201.
AT-S63 Management Software Menus User’s Guide MAC Based - The VLAN is a MAC address-based VLAN. GARP - The VLAN was automatically created by GARP. Protocol The protocol associated with this VLAN. The possible settings are: Blank - The VLAN is a port-based, tagged, or MAC address-based VLAN. GARP - The VLAN is a dynamic GVRP VLAN or the port is a dynamic GVRP port of a static VLAN. Member Port(s) The untagged and tagged ports of a VLAN. These are empty for a MAC address-based VLAN. 3.
Chapter 28: MAC Address-based VLANs The lower portion of the display lists the MAC addresses of the VLAN and the egress ports.
Section VII Internet Protocol Routing The chapter in this section contains the procedures for managing routing interfaces of the Internet Protocol version 4 (IPv4) packet routing feature.
Section VII: Internet Protocol Routing
Chapter 29 Internet Protocol Version 4 Routing Interfaces This chapter contains the following procedures for managing Internet Protocol Version 4 (IPv4) routing interfaces: “Creating a New Routing Interface” on page 544 “Modifying a Routing Interface” on page 547 “Deleting a Routing Interface” on page 550 “Displaying the IP Address of the Local Interface” on page 551 “Setting the Default Route or Default Gateway” on page 552 “Setting the Local Interface” on page 553 “Setting the
Chapter 29: Internet Protocol Version 4 Routing Interfaces Creating a New Routing Interface A routing interface is a logical connection to a local network or subnet for routing IPv4 packets. Interfaces route packets between the local networks and subnets directly connected to the switch and also function as anchor points for static routes and RIP. To create a new routing interface, perform the following procedure: 1. From the Main Menu, type 5 to select System Administration. 2.
AT-S63 Management Software Menus User’s Guide If a routing interface has been designated as the local interface of a switch, its name is followed by “eth0”. The local interface is used for enhanced stacking and remote Telnet, SSH, and web browser management. IPAddress The IP address of the interface. NetMask The subnet mask of the interface. Status The status of the interface. The status “UP” means the VLAN of the interface has at least one active port. The status “DOWN” means the VLAN has no active ports.
Chapter 29: Internet Protocol Version 4 Routing Interfaces The following prompt is displayed: Enter IP Address [STATIC IP|DHCP|BOOTP]: 8. Enter a static IP address for the new interface or enter “DHCP” or “BOOTP” to activate the DHCP or BOOTP client. Note Skip steps 9 and 10 if you selected DHCP or BOOTP in step 8. 9. To change the default subnet mask for a static IP address, type 3 to select Subnet Mask. The following prompt is displayed: Enter Subnet Mask: 10.
AT-S63 Management Software Menus User’s Guide Modifying a Routing Interface This procedure modifies the IP address and subnet mask of a routing interface. Note the following before performing this procedure: Modifying the IP address of a routing interface deletes all static routes assigned to the interface. Modifying the IP address of a routing interface that has RIP removes the routing protocol from the interface and deletes all RIP routes learned on the interface from the routing table.
Chapter 29: Internet Protocol Version 4 Routing Interfaces The specifications of the interface are displayed in the Modify Interface menu. An example is shown in Figure 204. Allied Telesis AT-9424Ts - AT-S63 Marketing User: Manager 11:20:02 02-Jun-2006 Modify Interface 1 - Interface Name .................. VLAN2-0 2 - IP Address ...................... 149.55.22.21 3 - Subnet Mask ..................... 255.255.255.0 M - Modify Interface R - Return to Previous Menu Enter your selection? Figure 205.
AT-S63 Management Software Menus User’s Guide 10. Type M to select Modify Interface. The following prompt is displayed: Interface Modified Successfully? Press any key to continue... 11. Press any key. The modifications are immediately implemented on the routing interface. 12. To modify another routing interface, repeat this procedure starting with step 4. 13. To permanently save your change, return to the Main Menu and type S to select Save Configuration Changes.
Chapter 29: Internet Protocol Version 4 Routing Interfaces Deleting a Routing Interface This procedure deletes a routing interface from the switch. Note the following before performing this command: All IPv4 packet routing to and from the local network or subnet of a deleted interface ceases. All static routes assigned to the interface are deleted from the routing table. If RIP was assigned to the interface, all dynamic routes learned by the interface are deleted from the routing table.
AT-S63 Management Software Menus User’s Guide Displaying the IP Address of the Local Interface This procedure displays the IP address and subnet mask of the local interface on the switch. The local interface is used for remote Telnet, SSH, and web browser management of the switch. On the master switch of an enhanced stack, the local interface also designates the common VLAN of the switches. To view the IP address and subnet mask of the local interface, perform the following procedure: 1.
Chapter 29: Internet Protocol Version 4 Routing Interfaces Setting the Default Route or Default Gateway If you are configuring an AT-9400 Switch that supports IPv4 packet routing, such as the AT-9424Ts and AT-9448Ts/XP switches, you can configure the default route from the menus interface. The default route is used by the switch when it receives a network packet for routing, but cannot find a route for it.
AT-S63 Management Software Menus User’s Guide Setting the Local Interface This procedure designates the local interface of a switch. The local interface is used for remote Telnet, SSH, and web browser management of the switch. On the master switch of an enhanced stack, the local interface also designates the common VLAN of the switches. A switch can have only one local interface. The current local interface is indication in the Create Interface menu with “eth0” following its name.
Chapter 29: Internet Protocol Version 4 Routing Interfaces Setting the ARP Cache Timeout The ARP cache contains mappings of IP addresses to physical addresses for hosts where the switch has recently routed packets. To have an entry in the ARP cache, a host must have attempted to access another host, and it must have found the physical address by using the ARP protocol. (You must use the command line interface to view the ARP cache.) This procedure sets the ARP cache timeout value.
Section VIII Port Security The chapters in this section contain overview information on the port security features of the AT-9400 Switch. The chapters also explain how to configure these features from the menu interface of the AT-S63 Management Software. The chapters include: Section VIII: Port Security Chapter 30, “MAC Address-based Port Security” on page 557 Chapter 31, “802.
Section VIII: Port Security
Chapter 30 MAC Address-based Port Security This chapter explains how you can use the dynamic and static MAC addresses learned or manually added to the switch’s MAC address table to control which end nodes can forward packets through the device. The sections in this chapter include: “Configuring MAC Address Port Security” on page 558 “Displaying Port Security Levels” on page 562 Note This type of port security does not apply to ports located on optional GBIC, SFP, or XFP modules.
Chapter 30: MAC Address-based Port Security Configuring MAC Address Port Security To set the port security level on a port, perform the following procedure: 1. From the Main Menu, type 1 to select Port Configuration. 2. From the Port Configuration menu, type 5 to select Port Security. The Port Security menu is shown in Figure 206.
AT-S63 Management Software Menus User’s Guide The menu displays the current security level on the selected port. If you are configuring a range of ports and the ports have different security levels, the menu displays the security level of the lowest number port. Note Option D, Select Default Port Security, sets the security mode for the port to the default value of Automatic. 5. From the Configure Port Security menu, type 1 to select Security Mode.
Chapter 30: MAC Address-based Port Security If you selected Limited, several new menu options are added to the Configure Port Security menu, as shown in Figure 208. Continue with Step 8 for instructions on configuring a port operating under the Limited security level. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 Configure Port Security Configuring Port Security 4 1 2 3 4 - Security Mode ..................... Intruder Action ...................
AT-S63 Management Software Menus User’s Guide 10. If you selected the trap or disable intrusion action, type 4 to toggle the Port Participating option to Yes. Option 3, Port Participating, only applies when the intrusion action is set to trap or disable. This option does not apply when intrusion action is set to discard. If this option is set to No when intrusion action is set to trap or disable, the port discards invalid packets, but it does not send an SNMP trap or disable the port.
Chapter 30: MAC Address-based Port Security Displaying Port Security Levels To view the current security levels and intrusion actions for the ports on the switch, perform the following procedure: 1. From the Main Menu, type 1 to select Port Configuration. 2. From the Port Configuration menu, type 5 to select Port Security. The Port Security menu is shown in Figure 206 on page 558. 3. From the Port Security menu, type 2 to select Display Port Security. The Display Port Security menu is shown in Figure 209.
AT-S63 Management Software Menus User’s Guide Intruder Action The action taken by a port if it receives an invalid frame while operating in the Limited security mode. The possible settings are: Discard - The port discards invalid frames. This is the default. Trap - The port discards invalid frames and sends a trap. Trap/Disable - The port discards invalid frames, sends a trap, and disables the port.
Chapter 30: MAC Address-based Port Security 564 Section VIII: Port Security
Chapter 31 802.1x Port-based Network Access Control This chapter explains 802.1x Port-based Network Access Control and how this feature can increase network security by restricting access to the network ports on the switch. Sections are as follows: Section VIII: Port Security “Setting Port Roles” on page 566 “Enabling or Disabling 802.
Chapter 31: 802.1x Port-based Network Access Control Setting Port Roles This procedure sets the role of a port to authenticator or supplicant. You must set the role of a port before you can configure its settings. To set port roles, perform the following procedure: 1. From the Main Menu, type 7 to select Security and Services. The Security and Services menu is shown in Figure 70 on page 216. 2. From the Security and Services menu, type 2 to select Port Access Control (802.1X). The Port Access Control (802.
AT-S63 Management Software Menus User’s Guide The Configure Port Access Role menu is shown in Figure 211. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 Configure Port Access Role Configuring Port 3 1 - Port Role ......... None R - Return to Previous Menu Enter your selection? Figure 211. Configure Port Access Role Menu 5. Type 1 to select Port Role. The following prompt is displayed: Enter new Port Role [N-None, A-Authenticator, S-Supplicant] -> 6.
Chapter 31: 802.1x Port-based Network Access Control Enabling or Disabling 802.1x Port-based Network Access Control This procedure explains how to enable and disable port-based access control on the switch. If you have not assigned port roles and configured the parameter settings, you should skip this procedure and go first to “Setting Port Roles” on page 566.
AT-S63 Management Software Menus User’s Guide Configuring Authenticator Port Parameters Note A port must already be set to the authenticator role before you can configure its settings. For instructions on how to change the role of a port, refer to “Setting Port Roles” on page 566. To configure the parameters of an authenticator port, perform the following procedure: 1. From the Main Menu, type 7 to select Security and Services. The Security and Services menu is shown in Figure 70 on page 216. 2.
Chapter 31: 802.1x Port-based Network Access Control The Configure Authenticator Port Access Parameters menu is shown in Figure 213. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 Configure Authenticator Port Access Parameters Configuring Port 3 0 1 2 3 4 5 6 7 8 9 A B C D E - Authentication Mode ...... Supplicant Mode .......... Port Control ............. Quiet Period ............. TX Period ................ Reauth Enabled ........... Reauth Period ............
AT-S63 Management Software Menus User’s Guide 1 - Supplicant Mode This parameter can take the following values on an authenticator port: Single: Configures the authenticator port to accept only one authentication. This supplicant mode should be used together with the piggy-back mode. When an authenticator port is set to the Single mode and the piggy-back mode is disabled, only the one client who is authenticated can use the port. Packets from or to other clients on the port are discarded.
Chapter 31: 802.1x Port-based Network Access Control disabled, the supplicant is not require to reauthenticate after the initial authentication. 6 - Reauth Period Specifies the time period in seconds between reauthentications of the client when the Reauth. Enabled option is set to Enabled. The default value is 3600 seconds. The range is 1 to 65,535 seconds. 7 - Supplicant Timeout This parameter sets the switch-to-client retransmission time for the EAP-request frame.
AT-S63 Management Software Menus User’s Guide specified in the initial authentication, regardless of the VLAN assignments of subsequent authentications. C - Control Direction This parameter specifies how the port handles ingress and egress broadcast and multicast packets when in the unauthorized state. When a port is set to the authenticator role, it remains in the unauthorized state until a client logs on by providing a username and password combination.
Chapter 31: 802.1x Port-based Network Access Control 8. After making changes, type R until you return to the Main Menu. Then type S to select Save Configuration Changes.
AT-S63 Management Software Menus User’s Guide Configuring Supplicant Port Parameters Note A port must already be set to the supplicant role before you can configure its settings. For instructions on how to change the role of a port, refer to “Setting Port Roles” on page 566. To configure supplicant port parameters, perform the following procedure: 1. From the Main Menu, type 7 to select Security and Services. The Security and Services menu is shown in Figure 70 on page 216. 2.
Chapter 31: 802.1x Port-based Network Access Control The Configure Supplicant Port Access Parameters menu is shown in Figure 213. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 Configure Supplicant Port Access Parameters Configuring Port 5-8 1 2 3 4 5 6 - Auth Period........... Held Period........... Max Start ........... Start Period.......... User Name: ........... User Password: .......
AT-S63 Management Software Menus User’s Guide characters, such as asterisks or exclamation points. The username is case sensitive. 6 - User Password This parameter specifies the password for the switch port. The port sends the password to the authentication server for verification when the port logs on to the network. The password can be from 1 to 16 alphanumeric characters (A to Z, a to z, 1 to 9). Do not use spaces or special characters, such as asterisks or exclamation points.
Chapter 31: 802.1x Port-based Network Access Control Displaying the Port Access Parameters To display the port access parameters for the ports on the switch, perform the following procedure: 1. From the Main Menu, type 7 to select Security and Services. The Security and Services menu is shown in Figure 70 on page 216. 2. From the Security and Services menu, type 2 to select Port Access Control (802.1X). The Port Access Control (802.1X) menu is shown in Figure 210 on page 566. 3.
AT-S63 Management Software Menus User’s Guide Port Role Port access role configured for the port. The possible settings are None, Authenticator, or Supplicant. AuthMode The port’s authentication mode: 802.1x or MAC Based. State State of the port. The state field is dependent on whether a port is configured as an authenticator or a supplicant.
Chapter 31: 802.1x Port-based Network Access Control Configuring RADIUS Accounting The AT-S63 Management Software supports RADIUS accounting for ports operating in the Authenticator role. The accounting information sent by the switch to a RADIUS server includes the date and time when clients log on and log off, as well as the number of packets sent and received by a switch port during a client session. The default setting for this feature on the switch is disabled.
AT-S63 Management Software Menus User’s Guide 4. Adjust the following parameters as necessary. 1 - Status This parameter activates or deactivates RADIUS accounting on the switch. Select Enabled to activate the feature or Disabled to deactivate it. The default is Disabled. 2 - Port This parameter specifies the UDP port for RADIUS accounting. The default is port 1813. 3 - Type This parameter specifies the type of RADIUS accounting. The default is Network. This value cannot be changed.
Chapter 31: 802.
Section IX Management Security The chapters in this section contain overview information on the management security features of the AT-9400 Switch. The chapters also explain how to configure these features from the menu interface of the AT-S63 Management Software.
Section IX: Management Security
Chapter 32 Web Server The chapter provides an overview of the web server feature and procedures for configuring the server.
Chapter 32: Web Server Configuring the Web Server This procedure explains how to enable and disable the web server and how to configure the HTTP and HTTPS settings from a local or Telnet management session. The default setting for the web server is enabled, with the non-secure HTTP mode as the active web server mode. Before you configure the web server, note the following: You cannot make any changes to the HTTP or HTTPS settings while the web server is enabled.
AT-S63 Management Software Menus User’s Guide 3. Type 1 to select Status to enable or disable the web server. To configure the web server, you must first disable it. Possible settings are: Enabled - Enables the web server. This is the default setting. Disabled - Disables the web server. (To change any of the web server settings, you must first disable it.) 4. Type 2 to select Mode to set the mode of the web server.
Chapter 32: Web Server The default port number for HTTP is 80. The default port number for HTTPS is 443. 1. After making changes, type R until you return to the Main Menu. Then type S to select Save Configuration Changes.
AT-S63 Management Software Menus User’s Guide General Steps for Configuring the Web Server for Encryption There are several procedures you need to perform in order to implement HTTPS and web browser encryption on the switch. This section is here to provide you with the general steps you need to do and the procedures for performing them. There is a section for configuring the web server with a self-signed certificate and another for a public or private CA certificate.
Chapter 32: Web Server 6. After you have received the appropriate certificates from the CA, download them into the switch’s file system from your management station or a TFTP server, as explained in “Downloading a System File” on page 178. 7. Add the certificates to the certificate database, as explained in “Adding a Certificate to the Database” on page 612. 8. Configure the web server on the switch by activating HTTPS and specifying the key pair used to create the enrollment request as the active key.
Chapter 33 Encryption Keys This chapter describes encryption keys and how you can use keys to improve the security of your switches. Because of the complexity of the feature, this chapter contains two overview sections. The Basic Overview section offers a general review of the purpose of this feature along with relevant guidelines. For additional information, refer to the Technical Overview section.
Chapter 33: Encryption Keys Creating an Encryption Key This section contains the procedure for creating an encryption key pair. Caution Key generation is a CPU-intensive process. Because this process may affect switch behavior, Allied Telesis recommends creating keys when the switch is not connected to a network or during periods of low network activity. To create an encryption key, perform the following procedure: 1. From the Main Menu, type 7 to select Security and Services.
AT-S63 Management Software Menus User’s Guide The Key Management menu is shown in Figure 221.
Chapter 33: Encryption Keys 6. Enter an identification number for the key. This number can be from 0 to 65,535. This number is used only for identification purposes and not in generating the actual encryption key. The ID for each key on the switch must be unique. Note You cannot change the value for option 2, Key Type. This value is always RSA - Private. 7. Type 3 to select Key Length. The following prompt is displayed: Enter Key Length ->[512 to 1536] -> 512 8. Enter a key length.
AT-S63 Management Software Menus User’s Guide The new key is added to the list of keys in the Key Management menu. Returning to the Main Menu to save your changes is not necessary with this procedure. This type of change is automatically saved by the management software. To create a self-signed certificate using the new encryption key, go to “Creating a Self-signed Certificate” on page 608. To create an enrollment request, go to “Generating an Enrollment Request” on page 623.
Chapter 33: Encryption Keys Deleting an Encryption Key This section contains the procedure for deleting an encryption key pair from the switch. Note the following before performing this procedure. Deleting a key pair from the key management database also deletes the key’s corresponding “.ukf” file from the AT-S63 file system. You cannot delete a key pair if it is being used by SSL or SSH. You must either disable the SSL or SSH server software or reconfigure the software by specifying another key.
AT-S63 Management Software Menus User’s Guide Modifying an Encryption Key The Key Management menu has a selection for modifying the description of an encryption key. This is the only item of a key that you can modify. You cannot change a key’s ID, type, or length. To change the description of a key, perform the following procedure: 1. From the Main Menu, type 7 to select Security and Services. The Security and Services menu is shown in Figure 70 on page 216. 2.
Chapter 33: Encryption Keys Exporting an Encryption Key The following procedure exports the public key of a key pair into the AT-S63 file system. (The management software does not allow you to export a private key.) Before performing this procedure, please note the following: The only circumstance in which you are likely to perform this procedure is if you are using an SSH client that does not download the key automatically when you start an SSH management session.
AT-S63 Management Software Menus User’s Guide The Export Key to File menu is shown in Figure 223. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 Export Key to File 1 2 3 4 5 - Key ID ............ 0 Key Type .......... RSA-Public Key File Format ... HEX Key File Name Export Key to File R - Return to Previous Menu Enter your selection? Figure 223. Export Key to File Menu 5. From the Export Key to File menu, type 1 to select Key ID.
Chapter 33: Encryption Keys The following message is displayed: Key Export in Progress. Please wait...Done 11. Press any key to return to the Key Management menu. To view the public key in the switch’s file system, refer to “Displaying System Files” on page 155. Returning to the Main Menu to save your changes is not necessary with this procedure. This type of change is automatically saved by the management software.
AT-S63 Management Software Menus User’s Guide Importing an Encryption Key Use the following procedure to import a public key from the AT-S63 file system into the key management database. If a file contains both public and private keys, only the public key is imported. The private key is ignored. Note It is unlikely that you will ever need to perform this procedure. A switch can only use those public keys that it has generated itself. This procedure starts from the Key Management menu.
Chapter 33: Encryption Keys The Import Key from File menu is shown in Figure 224. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 Import Key from File 1 2 3 4 5 - Key ID ............ 0 Key Type .......... RSA-Public Key File Format ... HEX Key File Name ..... Import Key from File R - Return to Previous Menu Enter your selection? Figure 224. Import Key from File Menu 5. From the Import Key from File menu, type 1 to select Key ID.
AT-S63 Management Software Menus User’s Guide The key file name must include the “.key” extension. If you are unsure of the file name, display the files in the switch’s file system by referring to “Displaying System Files” on page 155. 10. Type 5 to select Import Key From File to import a key to the switch from an external file. The following message is displayed: Key Import in Progress. Please wait...Done After you receive this message, the key is added to the Key Management database.
Chapter 33: Encryption Keys Displaying the Encryption Keys To display the encryption keys, perform the following procedure: 1. From the Main Menu, type 7 to select Security and Services. The Security and Services menu is shown in Figure 70 on page 216. 2. From the Security and Services menu, type 7 to select Keys/Certificate Configuration. The Keys/Certificate Configuration menu is shown in Figure 220 on page 592. 3. From the Keys/Certificates Configuration menu, type 2 to select Key Management.
AT-S63 Management Software Menus User’s Guide Length The length of the key in bits. Digest The CRC32 value of the MD5 digest of the public key. Description The key’s description.
Chapter 33: Encryption Keys 606 Section IX: Management Security
Chapter 34 PKI Certificates and SSL This chapter contains the procedures for creating public key infrastructure (PKI) certificates for web server security. Because of the complexity of this feature, two overview sections are provided. The Basic Overview section offers a general review of the purpose of certificates along with relevant guidelines. For additional information refer to the Technical Overview section.
Chapter 34: PKI Certificates and SSL Creating a Self-signed Certificate This section contains the procedure for creating a self-signed certificate. Please review the following before you perform the procedure: For a general review of all the steps to configuring the switch for a selfsigned certificate, refer to “General Steps for a Self-signed Certificate” on page 589.) The switch’s time and date must be set before you create a certificate.
AT-S63 Management Software Menus User’s Guide The Public Key Infrastructure (PKI) Configuration menu is shown in Figure 226. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 Public Key Infrastructure (PKI) Configuration 1 - Maximum Number of Certificates....... 256 2 - X509 Certificate Management 3 - Generate Enrollment Request R - Return to Previous Menu Enter your selection? Figure 226. Public Key Infrastructure (PKI) Configuration Menu 4.
Chapter 34: PKI Certificates and SSL Note In the X509 Certificate Management menu, MTrust means manually trusted. This field indicates that you verified the certificate. The Source field indicates the certificate was generated on the switch. Both MTrust and Source are read-only fields. 5. Type 1 to select Create Self-Signed Certificate. The Create Self-Signed Certificate menu is shown in Figure 228.
AT-S63 Management Software Menus User’s Guide 9. Enter the ID number of the encryption key that you want to use to create this certificate. The encryption key must already exist on the switch. (If you have forgotten the key ID number, return to the Key Management menu to view the keys on the switch.) The value can be from 0 to 65,535. 10. Type 3 to select Format to choose the encoding format for the certificate. The possible options are: DER - Indicates the certificate contents are in a binary format.
Chapter 34: PKI Certificates and SSL Adding a Certificate to the Database After creating a certificate or receiving a certificate from a public or private CA, you need to add it to the certificate database. This makes it available to the switch’s web server. A certificate in the certificate database appears in the X509 Certificate Management menu. To add a certificate to the certificate database, perform the following procedure: 1. From the Main Menu, type 7 to select Security and Services. 2.
AT-S63 Management Software Menus User’s Guide The following prompt is displayed: Enter file name (*.key) -> 7. Enter a name for the certificate. This is the name for the certificate as it will appear in the certificate database list. You can enter up to 24 alphanumeric characters. Spaces are allowed. No extension is needed. You might want the name to include the filename of the certificate in the file system.
Chapter 34: PKI Certificates and SSL 10. Type 4 to select File Name. The following prompt is displayed: Enter file name (*.key) -> 11. Specify the filename of the certificate. This is the filename of the certificate in the AT-S63 file system. The filename has a “.cer” extension. For example, if you created a selfsigned certificate and gave it the name “webserver127”, the filename of the certificate would be “webserver127.cer”.
AT-S63 Management Software Menus User’s Guide Modifying a Certificate The procedure in this section modifies a certificate in the certificate database. Here are the certificate items you can modify: State - trusted or untrusted Type - EE, CA, or Self Note These parameters have no affect on the operation of a certificate. They are included only for informational purposes when the certificate is displayed in the certificate database. To modify a certificate, perform the following procedure: 1.
Chapter 34: PKI Certificates and SSL The Modify Certificate menu is shown in Figure 230. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 Modify Certificate 1 2 3 4 - Certificate Name................. Switch12 State ........................... Trusted Type ............................ Self Modify Certificate R - Return to Previous Menu Enter your selection? Figure 230. Modify Certificate Menu Note You cannot change selection 1, Certificate Name. 7.
AT-S63 Management Software Menus User’s Guide 10. To permanently save your change, return to the Main Menu and type S to select Save Configuration Changes.
Chapter 34: PKI Certificates and SSL Deleting a Certificate The procedure in this section deletes a certificate from the certificate database. Please note the following before performing this procedure: Deleting a certificate from the database does not delete it from the switch. It continues to reside in the AT-S63 file system. To completely remove a certificate from the switch, you must also delete it from the file system. For instructions, refer to “Deleting a System File” on page 154.
AT-S63 Management Software Menus User’s Guide 7. To permanently save your change, return to the Main Menu and type S to select Save Configuration Changes.
Chapter 34: PKI Certificates and SSL Viewing a Certificate This procedure displays information about a certificate, such as its distinguished name and serial number. To view the details of a certificate, perform the following procedure: 1. From the Main Menu, type 7 to select Security and Services. 2. From the Security and Services menu, type 7 to select Keys/ Certificates Configuration. 3. From the Keys/Certificate menu, type 3 to select Public Key Infrastructure (PKI) Configuration.
AT-S63 Management Software Menus User’s Guide The View Certificate Details menu (page 1) is shown in Figure 231. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 View Certificate Details Certificate Details: Name ............... State .............. Manually Trusted ... Type ............... Source ............. Version ............ Serial Number ...... Signature Alg ...... Public Key Alg ..... Not Valid Before ... Not Valid After ....
Chapter 34: PKI Certificates and SSL Public Key Alg The public key algorithm. Not Valid Before The date the certificate became active. Not Valid After The date the certificate expires. Self-signed certificates are valid for two years. 7. Type N to see the second page of certificate details. The View Certificate Details menu (page 2) is shown in Figure 232. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 View Certificate Details Subject ......... CN=149.44.44.44 Issuer ..
AT-S63 Management Software Menus User’s Guide Generating an Enrollment Request To request a certificate from a CA, you must generate an enrollment request. The request contains the public key for the certificate, a distinguished name, and other information. The request is stored as a file with a “.csr” extension in the AT-S63 file system and must be uploaded onto your management station or TFTP server for submission to the CA.
Chapter 34: PKI Certificates and SSL The Generate Enrollment Request menu is shown in Figure 233. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 Generate Enrollment Request 1 2 3 4 5 - Request Name.................... KeyPair ID ..................... 0 Format ......................... PEM Type ........................... PKCS10 Generate Enrollment Request R - Return to Previous Menu Enter your selection? Figure 233. Generate Enrollment Request Menu 7.
AT-S63 Management Software Menus User’s Guide 12. Type 5 to select Generate Enrollment Request. After the switch has finished generating the request, a message similar to the following is displayed: Enrollment request is being generated. Please wait ...Done. Enrollment Request available in file [Switch 12.csr]. Press any key to continue ... The enrollment request is now stored in the AT-S63 file system. To see the file, refer to “Displaying System Files” on page 155. 13.
Chapter 34: PKI Certificates and SSL Installing CA Certificates onto a Switch This section lists the procedures to perform for a certificate from a public or private CA. It should be noted that a CA generated certificate will consist of several certificates, with a minimum of two. All the certificates from the CA must be installed on the switch and loaded into the certificate database.
AT-S63 Management Software Menus User’s Guide Viewing and Configuring the Maximum Number of Certificates You can specify the maximum number of certificates the certificate database can store. The range is a maximum of 12 to 256. The default value is 256. You should never need to adjust this value. To view or change the maximum number of certificates the certificate database can store, perform the following procedure: 1. From the Main Menu, type 7 to select Security and Services. 2.
Chapter 34: PKI Certificates and SSL Configuring SSL To configure the SSL protocol, perform the following procedure: 1. From the Main Menu, type 7 to select Security and Services. 2. From the Security and Services menu, type 9 to select Secure Socket Layer (SSL). The Secure Socket Layer (SSL) menu is shown in Figure 234. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2009 Secure Socket Layer (SSL) 1 - Maximum Number of Sessions......... 50 2 - Session Cache Timeout...........
Chapter 35 Secure Shell (SSH) The chapter contains overview information about the Secure Shell (SSH) protocol as well a procedure for configuring this protocol on a switch using a local or Telnet management session.
Chapter 35: Secure Shell (SSH) Configuring SSH This section describes how to configure the switch as an SSH server. Before you begin this procedure, you need to configure a host and server keys for SSH. See Chapter 33, “Encryption Keys” on page 591. The minimum bit size of the server key is 512 bits. The recommended bit size for a server key is 768 bits. The recommended size for the host key is 1024 bits. In addition, the bit size of the host and server keys must differ by 128 bits.
AT-S63 Management Software Menus User’s Guide 3. Type 2 to select Host Key ID. The following prompt is displayed: Enter Host Key ID [0 to 65535] -> 0 Enter the ID number of the encryption key that will function as the host key. The default is Not Defined. For instructions on creating encryption keys, see Chapter 33, “Encryption Keys” on page 591. 4. Type 3 to select Server Key ID.
Chapter 35: Secure Shell (SSH) Type E to enable the SSH server. Select this value after you have finished configuring SSH and want to log on to the server. Or, type D to disable SSH while you are configuring the protocol. SSH must be disabled while you are configuring the protocol. This is the default. Note When there are active SSH connections, you cannot disable the SSH server. If you attempt to disable the SSH server when it is in this state, you receive a warning message.
AT-S63 Management Software Menus User’s Guide Displaying SSH Information To display SSH server information, perform the following procedure: 1. From the Main Menu, type 7 to select Security and Services. The Security and Services menu is shown in Figure 70 on page 216. 2. From the Security and Services menu, type 8 to select Secure Shell (SSH). The Secure Shell (SSH) menu is shown in Figure 235 on page 630. 3. From the Secure Shell (SSH) menu, type 6 to select Show Server Information.
Chapter 35: Secure Shell (SSH) Host Key ID The host key ID defined for SSH. Host Key Bits Number of bits in the host key. Server Key ID Server key ID defined for SSH. Server Key Expiry Length of time, in hours, until the server key is regenerated. The default is 0 hours which means the server key is not regenerated. Login Timeout Time, in seconds, until a SSH server is released from an incomplete connection with a SSH client. Authentication Available Authentication method available.
Chapter 36 TACACS+ and RADIUS Protocols This chapter describes how to configure the parameter settings for the two authentication protocols TACACS+ and RADIUS.
Chapter 36: TACACS+ and RADIUS Protocols Enabling or Disabling Server-based Management Authentication This procedure explains how to enable or disable server-based management authentication on the switch. When the feature is enabled, the switch seek its valid manager accounts from an authentication server. When disabled, the switch uses its standard Manager and Operator accounts. Note the following before performing this procedure: You should create the manager accounts (i.e.
AT-S63 Management Software Menus User’s Guide Note Selection 5, Passwords Configuration, is described in “Changing the Manager and Operator Passwords” on page 33. 3. To select the active authentication protocol, type 2 to select Authentication Method. The following prompt is displayed: Enter T-TACACS+, R-RADIUS -> 4. Type T to select TACACS+ or R for RADIUS. The default is TACACS+. Only one protocol can be active on the switch at a time. 5.
Chapter 36: TACACS+ and RADIUS Protocols Configuring the TACACS+ Client To configure the TACACS+ client on the switch, perform the following procedure: 1. From the Main Menu, type 5 to select System Administration. The System Administration menu is shown in Figure 2 on page 31. 2. From the System Administration menu, type 6 to select Authentication Configuration. The Authentication Configuration menu is shown in Figure 237 on page 636. 3.
AT-S63 Management Software Menus User’s Guide If you will be specifying more than one TACACS+ server and if all of the servers use the same encryption secret, you can answer No to this prompt and enter the encryption secret using the TAC Global Secret parameter. However, if you are specifying only one TACACS+ server or if the servers have difference encryption secrets, then respond with Yes to this prompt.
Chapter 36: TACACS+ and RADIUS Protocols Displaying the TACACS+ Settings To display the TACACS+ settings, perform the following procedure: 1. From the Main Menu, type 5 to select System Administration. The System Administration menu is shown in Figure 2 on page 31. 2. From the System Administration menu, type 6 to select Authentication Configuration. The Authentication Configuration menu is shown in Figure 237 on page 636. 3. Type 3 to select TACACS+ Configuration.
AT-S63 Management Software Menus User’s Guide Configuring the RADIUS Client To configure the RADIUS client, perform the following procedure: 1. From the Main Menu, type 5 to select System Administration. The System Administration menu is shown in Figure 2 on page 31. 2. From the System Administration menu, type 6 to select Authentication Configuration. The Authentication Configuration menu is shown in Figure 237 on page 636. 3. Type 4 to select RADIUS Configuration.
Chapter 36: TACACS+ and RADIUS Protocols Manager and Operator accounts. The default is 10 seconds. The range is 1 to 60 seconds. 3 - RADIUS Server 1 Configuration 4 - RADIUS Server 1 Configuration 5 - RADIUS Server 1 Configuration Use these parameters to specify the IP addresses of up to three network servers containing the RADIUS server software. Selecting one of the options displays the RADIUS Server Configuration menu, shown in Figure 241.
AT-S63 Management Software Menus User’s Guide 6. To activate the feature, perform the procedure “Enabling or Disabling Server-based Management Authentication” on page 636.
Chapter 36: TACACS+ and RADIUS Protocols Displaying RADIUS Status and Settings To display the RADIUS status and settings, perform the following procedure: 1. From the Main Menu, type 5 to select System Administration. The System Administration menu is shown in Figure 2 on page 31. 2. From the System Administration menu, type 6 to select Authentication Configuration. The Authentication Configuration menu is shown in Figure 237 on page 636. 3.
AT-S63 Management Software Menus User’s Guide The Show Status menu displays a table that contains the following columns of information: Server IP Address IP address of the RADIUS server. Auth Port UDP port of the RADIUS protocol. Encryption Key Encryption key for the RADIUS server. Auth Req Number of authentication requests the switch has made to the RADIUS server. Auth Resp Number of responses that the switch has received back from the server.
Chapter 36: TACACS+ and RADIUS Protocols 646 Section IX: Management Security
Chapter 37 Management Access Control List Sections in this chapter include: Section IX: Management Security “Enabling or Disabling the Management ACL” on page 648 “Creating an ACE” on page 650 “Deleting an ACE” on page 654 “Displaying the ACEs” on page 655 647
Chapter 37: Management Access Control List Enabling or Disabling the Management ACL This procedure enables and disables the management ACL. When enabled, only those management stations specified in the ACL are allowed to manage the switch remotely using the Telnet application protocol or a web browser. When the feature is disabled, the management software on the switch can be accessed remotely from any management workstation.
AT-S63 Management Software Menus User’s Guide A change to the status of the management ACL is immediately activated on the switch. Note If you activate the feature while managing the switch from a Telnet management session, your management session will end and you will not be able to reestablish it if the management ACL does not contain an ACE that specifies your management workstation. 4. After making changes, type R until you return to the Main Menu. Then type S to select Save Configuration Changes.
Chapter 37: Management Access Control List Creating an ACE To create a new ACE in the management ACL, perform the following procedure: 1. From the Main Menu, type 5 to select System Administration. The System Administration menu is shown in Figure 2 on page 31. 2. From the System Administration menu, type 7 to select Management ACL. The Management ACL Configuration menu is shown in Figure 243 on page 648. 3. From the Management ACL Configuration menu, type 2 to select Create Management ACL Entry.
AT-S63 Management Software Menus User’s Guide 7. Specify the applications that the management station can use to manage the switch. The options are: Telnet - Permits Telnet management. Web - Permits web browser management. Ping - Permits the management workstation to ping the switch. All - Permits all of the above. You can specify more than one by separating the selections with a comma (for example, “Telnet,Ping”). The new ACE is added to the ACL. 8.
Chapter 37: Management Access Control List Modifying an ACE To modify an ACE, you need to know its identification number. To view the identification numbers of the ACEs, refer to “Displaying the ACEs” on page 655. To modify an ACE, perform the following procedure: 1. From the Main Menu, type 5 to select System Administration. The System Administration menu is shown in Figure 2 on page 31. 2. From the System Administration menu, type 7 to select Management ACL.
AT-S63 Management Software Menus User’s Guide 5. Make the desired changes to the entry by selecting the corresponding option and entering a new value. You cannot change an entry’s ID number. For information on an entry’s IP address, network mask, and applications, refer to steps 5, 6, and 7 in the procedure “Creating an ACE” on page 650. 6. After entering your changes, type M to select Modify Management ACL Entry. Your changes are immediately implemented on the switch. 7.
Chapter 37: Management Access Control List Deleting an ACE To delete an ACE, you need to know its identification number. To view the identification numbers of the ACEs, refer to “Displaying the ACEs” on page 655. Note If you are managing the switch from a Telnet management session and the management ACL is active, your management session will end and you will be unable to reestablish it if you delete the ACE that specifies your management workstation. To delete an ACE, perform the following procedure: 1.
AT-S63 Management Software Menus User’s Guide Displaying the ACEs To display the ACEs in the management ACL, perform the following procedure: 1. From the Main Menu, type 5 to select System Administration. The System Administration menu is shown in Figure 2 on page 31. 2. From the System Administration menu, type 7 to select Management ACL. The Management ACL Configuration menu is shown in Figure 243 on page 648. 3.
Chapter 37: Management Access Control List 656 Section IX: Management Security
Index Numerics B 802.1Q-compliant VLAN mode displaying 514 selecting 512 802.1x Port-based Network Access Control access role, configuring 566 authenticator port 569 configuring 566 disabling 568 enabling 568 port parameters, displaying 578 port role, configuring 566 supplicant port 575 back pressure 67 baud rate, terminal port 46 boot configuration file.
Index installing CA 626 maximum number in database, configuring 627 modifying 615 type, configuring 613 ciphers available parameter 634 CIST priority parameter 443 Class of Service (CoS) configuring 240 displaying port priorities 246 mapping priorities to egress queues 243 scheduling configuring 244 classifier creating 216 deleting 222, 223 displaying 224 modifying 220 Common and Internal Spanning Tree (CIST) configuring 443 priority, displaying 445 compact flash card changing directory on 161 configuratio
AT-S63 Management Software Menus User’s Guide displaying counters 498 database 503 GIP connected ports ring 505 GVRP state machine 507 port configuration 497 dynamic VLAN, converting 496 enabling 492 enabling on a port 494 port mode, configuring 495 GBIC transceiver, displaying information about 55 GID index parameter 503 global encryption key 641 global secret configuring 639 displaying 640 global server timeout 641 GVRP database 503 GVRP join timer 493 GVRP leave all timer 493 GVRP leave timer 493 H har
Index deleting an access control entry 654 disabling 648 displaying access control entries 655 enabling 648 management access levels 33 manager access 33 manager password 33 master switch assigning 82 defined 82 returning to 87 max age Multiple Spanning Tree Protocol (MSTP) 440 Rapid Spanning Tree Protocol (RSTP) 428 Spanning Tree Protocol (STP) 420 max hops, Multiple Spanning Tree Protocol (MSTP) 440 maximum multicast groups IGMP snooping 294 MLD snooping 303 maximum number of sessions configuring 628 MCH
AT-S63 Management Software Menus User’s Guide MDI/MDI-X 64 resetting 73 resetting to default settings 75 speed 62, 63 port cost Rapid Spanning Tree Protocol (RSTP) 430 Spanning Tree Protocol (STP) 423 port external path cost parameter, Multiple Spanning Tree Protocol (MSTP) 457 port internal path cost, Multiple Spanning Tree Protocol (MSTP) 459 port mirror creating 134 deleting 136 displaying 138 modifying 137 port parameters, configuring Multiple Spanning Tree Protocol (MSTP) 455 Rapid Spanning Tree Proto
Index SMURF attack 276 SNMP community string creating 92 disabling 90 displaying 100 enabling 90 modifying 95 SNMP management disabling 90 enabling 90 SNMPv3 Access Table entry creating 336 deleting 340 displaying 407 modifying notify view 347 read view 342 storage type 349 write view name 345 SNMPv3 community 394 SNMPv3 Community Table entry creating 395 deleting 398 displaying 410 modifying community name 399 security name 401 storage type 402 transport tag 401 SNMPv3 Notify Table entry creating 360 dele
AT-S63 Management Software Menus User’s Guide display on compact flash card 157 displaying 155 downloading to switch 178 renaming 152 uploading from switch 186 system hardware information, displaying 53 system information 50 system name 32 system temperature 54 system time 36 web server mode 587 T TACACS+ configuring 638 displaying settings 640 enabling 636 server IP address 638 server timeout configuring 639 displaying 640 tagged ports adding to VLAN 473, 479 deleting from VLAN 479 tagged VLAN creating
Index 664
