Management Software AT-S86 User’s Guide For the AT-FS750/48 Fast Ethernet Smart Switch Version 1.0 613-000536 Rev.
Copyright © 2006 Allied Telesis, Inc. All rights reserved. No part of this publication may be reproduced without prior written permission from Allied Telesis, Inc. Allied Telesis is a trademark of Allied Telesis, Inc. Microsoft and Internet Explorer are registered trademarks of Microsoft Corporation. Netscape Navigator is a registered trademark of Netscape Communications Corporation.
Contents Preface ............................................................................................................................................................ 11 Where to Find Web-based Guides ................................................................................................................... 12 Contacting Allied Telesis .................................................................................................................................. 13 Online Support .........
Contents Modifying a Trunk ............................................................................................................................................. 54 Removing a Trunk............................................................................................................................................. 55 Chapter 6: Port Mirroring ..............................................................................................................................
AT-S86 Management Software User’s Guide RADIUS .......................................................................................................................................................... 119 RADIUS Implementation Guidelines ........................................................................................................ 119 Configuring RADIUS ................................................................................................................................
Contents 6
Figures Figure 1. Main Page ............................................................................................................................................................16 Figure 2. IP Setup Page ......................................................................................................................................................20 Figure 3. Save Configuration Page .................................................................................................................
Figures 8
Tables Table 1. Table 2. Table 3. Table 4. Table 5. Table 6. Table 7. Table 8. Default Mappings of IEEE 802.1p Priority Levels to Priority Queues ...................................................................81 Customized Mappings of IEEE 802.1p Priority Levels to Priority Queues ............................................................81 Example of Weighted Round Robin Priority .........................................................................................................
Tables 10
Preface This guide contains instructions on how to use the AT-S86 management software to manage and monitor the AT-FS750/48 Fast Ethernet Smart Switch. The AT-S86 management software has a web browser interface that you can access from any management workstation on your network that has a web browser application.
Preface Where to Find Web-based Guides The installation and user guides for all Allied Telesis products are available in portable document format (PDF) on our web site at www.alliedtelesis.com. You can view the documents online or download them onto a local workstation or server.
AT-S86 Management Software User’s Guide Contacting Allied Telesis This section provides Allied Telesis contact information for technical support as well as sales and corporate information. Online Support You can request technical support online by accessing the Allied Telesis Knowledge Base from the following website: www.alliedtelesis.com/ support. You can use the Knowledge Base to submit questions to our technical support staff and review answers to previously asked questions.
Preface 14
Chapter 1 Getting Started This chapter contains the following sections: “Starting a Management Session” on page 16 “Quitting a Management Session” on page 18 15
Chapter 1: Getting Started Starting a Management Session To start a management session on the switch, perform the following procedure: 1. In a web browser address box, enter the following IP address: 192.168.1.1 The main page for the AT-S86 management software is shown in Figure 1. Figure 1.
AT-S86 Management Software User’s Guide Subnet Mask, and Gateway Address” on page 20. Add an administrative user and password who can access the switch, as described in “Adding an Administrative User” on page 23.
Chapter 1: Getting Started Quitting a Management Session To quit a management session, close the web browser.
Chapter 2 Basic Switch Parameters This chapter contains the following sections: “Configuring the IP Address, Subnet Mask, and Gateway Address” on page 20 “Enabling or Disabling DHCP” on page 22 “Configuring System Administration Information” on page 23 “Configuring the System Management Information” on page 26 “Setting Up IP Address Access” on page 28 “Rebooting the Switch” on page 31 “Returning the AT-S86 Management Software to the Default Values” on page 32 19
Chapter 2: Basic Switch Parameters Configuring the IP Address, Subnet Mask, and Gateway Address Warning Be sure to record the switch’s IP address in a safe place. When you change the switch’s IP address you lose your connection. Because the AT-FS750/48 Fast Ethernet switch does not have a console port, your only means of managing the switch is through a web browser, which requires that you have the switch’s IP address. To configure the IP settings, perform the following procedure: 1.
AT-S86 Management Software User’s Guide 7. Log into the switch using its new IP address. 8. From the main menu, select Save Configuration. The Save Configuration page is shown in Figure 3. Figure 3. Save Configuration Page Note If you do not save your changes, they are discarded when you reboot the switch. 9. Click Save. For information about DHCP, see “Enabling or Disabling DHCP” on page 22. Warning Be sure to record the switch’s IP address in a safe place.
Chapter 2: Basic Switch Parameters Enabling or Disabling DHCP To enable or disable the DHCP client, perform the following procedure: 1. From the main menu, select System > IP Setup. The IP Setup Page is shown in Figure 2 on page 20. 2. From the DHCP Client list, choose Enabled or Disabled. The default setting is disabled. Note If you lose connectivity after enabling DHCP or to determine the switch’s new IP address in the future, use the SSM Utility.
AT-S86 Management Software User’s Guide Configuring System Administration Information You can allow multiple users to access and administer the system by adding their passwords to the system and/or set up password protection. Note When you start up the switch for the first time, you should add a user to the system, protected by a password, who will be managing the switch. Adding an Administrative User To add an administrative user to the system, perform the following procedure: 1.
Chapter 2: Basic Switch Parameters 6. To permanently save these settings in the configuration file, from the main menu, select Save Configuration. The Save Configuration page is shown in Figure 3 on page 21. 7. Click Save. Modifying an Administrative User To modify an administrative user on the system, perform the following procedure: 1. From the main menu, select System > Administration. The Administration page is shown in Figure 4 on page 23. 2.
AT-S86 Management Software User’s Guide Note Be careful not to delete all the users. You should have at least one user, with a password, to manage the switch. 4. Click OK. 5. To permanently save these settings in the configuration file, from the main menu, select Save Configuration. The Save Configuration page is shown in Figure 3 on page 21. 6. Click Save.
Chapter 2: Basic Switch Parameters Configuring the System Management Information This section explains how to assign a name to the switch, as well as specify the location of the switch and the name of the switch’s administrator. Entering this information is optional. To set a switch’s management information, perform the following procedure: 1. From the main menu, select System > Management. The Management page is shown in Figure 5. Figure 5. Management Page 2.
AT-S86 Management Software User’s Guide Click Reload to clear the fields and start over. 6. To permanently save these settings in the configuration file, from the main menu, select Save Configuration. The Save Configuration page is shown in Figure 3 on page 21. 7. Click Save.
Chapter 2: Basic Switch Parameters Setting Up IP Address Access You can restrict remote management of the switch by creating an IP access list. The switch uses the list to filter the management packets it receives and accepts and processes only those packets that originate from an IP address in the list. In addition to creating the list, you can disable or enable the IP access list filtering.
AT-S86 Management Software User’s Guide 6. Click Save. Modifying an IP Address in the IP Access List To modify an IP address in the IP access list, perform the following procedure: 1. From the main menu, select System > IP Access List. The IP Access List page is shown in Figure 6 on page 28. 2. In the IP address list, highlight the IP address you want to modify. The address is displayed in the IP Address field. 3. In the IP Address field, modify the IP address. 4. Click Modify. 5.
Chapter 2: Basic Switch Parameters Enabling or Disabling IP Access To enable or disable IP access for the users, perform the following procedure: 1. From the main menu, select System > IP Access List. The IP Access List page is shown in Figure 6 on page 28. 2. From the IP Restriction is list, choose one of the following: Disabled - Disables IP restriction. This is the default. Note Before you enable IP access, remember to add your own IP address to the list.
AT-S86 Management Software User’s Guide Rebooting the Switch Note The reboot process stops network traffic and you lose your connection to the switch. This process also discards any configuration changes that you have not permanently saved. To permanently save any configuration changes, from the main menu, select Save Configuration, and click Save before proceeding. To reboot the switch, perform the following procedure: 1. From the main menu, select System > Reboot. The Reboot page is shown in Figure 7.
Chapter 2: Basic Switch Parameters Returning the AT-S86 Management Software to the Default Values To restore the management software to the factory default values, perform the following procedure: 1. From the main menu, select Save Configuration. The Save Configuration page is shown in Figure 8. Figure 8. Save Configuration Page Note After the system defaults are restored, the switch is automatically rebooted and you lose your connection to the switch.
Chapter 3 Port Configuration This chapter contains the following procedures: “Enabling or Disabling a Port” on page 34 “Setting a Port’s Speed and Duplex Mode” on page 35 “Enabling or Disabling Flow Control” on page 37 “Configuring Bandwidth Control” on page 38 33
Chapter 3: Port Configuration Enabling or Disabling a Port To enable or disable a port, perform the following procedure: 1. From the main menu, select Physical Interface. The Physical Interface page is shown in Figure 9. Figure 9. Physical Interface Page 2. In the Port List, select the port you want to configure, or scroll through the list below. The port is highlighted in the port list. 3. In the Admin list, select Enabled or Disabled. 4. Click Modify.
AT-S86 Management Software User’s Guide Setting a Port’s Speed and Duplex Mode To set the speed and duplex mode on the port, perform the following procedure: 1. From the main menu, select Physical Interface. The Physical Interface page is shown in Figure 9 on page 34. 2. In the Port List, select the port you want to configure, or scroll through the list below. The port is highlighted in the port list. 3.
Chapter 3: Port Configuration 6. To permanently save these settings in the configuration file, from the main menu, select Save Configuration. The Save Configuration page is shown in Figure 3 on page 21. 7. Click Save.
AT-S86 Management Software User’s Guide Enabling or Disabling Flow Control A switch port uses flow control to control the flow of ingress packets from its end node. Flow control applies only to ports operating in full-duplex mode. A port using flow control issues a special frame, referred to as a PAUSE frame, as specified in the IEEE 802.3x standard, to stop the transmission of data from an end node. When a port needs to stop an end node from transmitting data, it issues this frame.
Chapter 3: Port Configuration Configuring Bandwidth Control If the performance of your network is affected by heavy traffic, you can use bandwidth control to set the rate of various types of packets that a port receives. You can control ingress packet types, including broadcast, multicast, and Dlf packets or a combination of all three types, and limit their rates. For egress packets, you can only configure the rate.
AT-S86 Management Software User’s Guide b. In the Control list, select Enable to enable the control, or Disable to disable it. c. In the Mode list, select one of the following: All Affects broadcast, multicast, and Dlf packets. Bcast Controls only broadcast packets. Bcast, Mcast Limits broadcast and multicast packets. Bcast, Mcast, Dlf Limits broadcast, multicast, and Dlf packets. d. In the Limit rate field, enter a number for the rate limit. The range is 70 to 250,000 packets per second. e. Click Modify.
Chapter 3: Port Configuration 40
Chapter 4 SNMP This chapter contains the following topics: “SNMP Overview” on page 42 “Setting Up the SNMP Community Table” on page 44 “Setting Up the Host Table” on page 45 “Setting Up SNMP Trap Receivers” on page 47 41
Chapter 4: SNMP SNMP Overview The Simple Network Management Program (SNMP) is another way for you to manage the switch. This type of management involves viewing and changing the management information base (MIB) objects on the device using an SNMP application program. By default, SNMP is enabled on the switch. The procedures in this chapter show you how to create and manage SNMP community strings through which your SNMP application program at your management workstation can access the switch’s MIB objects.
AT-S86 Management Software User’s Guide Trap Receivers A trap is a signal sent to one or more management workstations by the switch to indicate the occurrence of a particular operating event on the device. There are numerous operating events that can trigger a trap. For instance, resetting the switch is an example of an occurrence that can cause a switch to send a trap to the management workstations. You can use traps to monitor activities on the switch.
Chapter 4: SNMP Setting Up the SNMP Community Table To define the SNMP community names and their settings, perform the following procedure: 1. From the main menu, select SNMP > Community Table. The Community Table page is shown in Figure 11. Figure 11. (SNMP) Community Table Page 2. To add a community name, enter it in one of the Community Name fields. 3. To allow read/write access for any community name, click the adjoining box in the Set column.
AT-S86 Management Software User’s Guide Setting Up the Host Table When you assign a host IP address to a community string, you identify which management workstations can access the string. A community string can have up to eight IP addresses of management workstations (hosts) assigned to it. To set up the host table, perform the following procedure: 1. From the main menu, select SNMP > Host Table. The Host Table page is shown in Figure 12. Figure 12. (SNMP) Host Table Page 2.
Chapter 4: SNMP 6. Click Save.
AT-S86 Management Software User’s Guide Setting Up SNMP Trap Receivers To set up the SNMP trap receivers, perform the following procedure: 1. From the main menu, select SNMP > Trap Setting. The Trap Setting page is shown in Figure 13. Figure 13. (SNMP) Trap Setting Page 2. In the Destination IP Address field, enter the IP address of the management workstation where you want the traps sent. 3. In the Community for Trap field, enter the name of the community that will receive the traps. 4.
Chapter 4: SNMP 48
Chapter 5 Port Trunking This chapter contains the following sections: “Port Trunking Overview” on page 50 “Creating a Port Trunk” on page 52 “Modifying a Trunk” on page 54 “Removing a Trunk” on page 55 49
Chapter 5: Port Trunking Port Trunking Overview A port trunk is an economical way for you to increase the bandwidth between the Ethernet switch and another networking device, such as a network server, router, workstation, or another Ethernet switch. A port trunk is a group of ports that have been grouped together to function as one logical path.
AT-S86 Management Software User’s Guide Also note that a static trunk does not provide for redundancy or link backup. If a port in a static trunk loses its link, the trunk’s total bandwidth is diminished. Though the traffic carried by the lost link is shifted to one of the remaining ports in the trunk, the bandwidth remains reduced until the lost link is reestablished or you reconfigure the trunk by adding another port to it.
Chapter 5: Port Trunking Creating a Port Trunk To create a port trunk, perform the following procedure: 1. From the main menu, select Bridge > Trunking. The Trunking page is shown in Figure 15. Figure 15. Trunking Page 2. In the Show Trunk list, select Add a New Trunk. 3. In the Name field, type a name for the trunk. 4. In the Trunk ID field, choose a number for the trunk ID, from 1 to 10. 5.
AT-S86 Management Software User’s Guide 6. Do one of the following: Click OK to save the trunk. Click Reload to clear the trunk name and port selections and start over. 7. To permanently save these settings in the configuration file, from the main menu, select Save Configuration. The Save Configuration page is shown in Figure 3 on page 21. 8. Click Save.
Chapter 5: Port Trunking Modifying a Trunk To modify a port trunk, perform the following procedure: 1. From the main menu, select Bridge > Trunking. The Trunking page is shown in Figure 15 on page 52. 2. In the Show Trunk list, select the trunk you want to modify. 3. Click OK. The display is refreshed to show the trunk name you selected. 4. Select or de-select the ports you want to include in the trunk by clicking the port icon in the graphic image of the switch front.
AT-S86 Management Software User’s Guide Removing a Trunk To remove a port trunk, perform the following procedure: 1. From the main menu, select Bridge > Trunking. The Trunking page is shown in Figure 15 on page 52. 2. In the Show Trunk list, select the trunk you want to remove. 3. Check the Remove Trunk box. 4. Click OK. 5. To permanently save these settings in the configuration file, from the main menu, select Save Configuration. The Save Configuration page is shown in Figure 3 on page 21. 6. Click Save.
Chapter 5: Port Trunking 56
Chapter 6 Port Mirroring This chapter describes port mirroring and contains the following topics: “Port Mirroring Overview” on page 58 “Configuring Port Mirroring” on page 59 “Modifying a Port Mirror” on page 62 57
Chapter 6: Port Mirroring Port Mirroring Overview The port mirroring feature allows you to unobtrusively monitor the traffic being received and transmitted on one or more ports on a switch by having the traffic copied to another switch port. You can connect a network analyzer to the port where the traffic is being copied and monitor the traffic on the other ports without impacting network performance or speed. The port(s) whose traffic you want to mirror is called the source port(s).
AT-S86 Management Software User’s Guide Configuring Port Mirroring To configure port mirroring, perform the following procedure: 1. From the main menu, select Bridge > Mirroring. The Mirroring page is shown in Figure 17. Figure 17. Mirroring Page 2. Select the ports whose ingress traffic you want to monitor by clicking the port icon in the graphic image of the switch front at the top of the page.
Chapter 6: Port Mirroring A check mark is placed for each port you select, as for example Figure 18. Figure 18. Ingress Ports Selected 3. Select the ports whose egress traffic you want to monitor by clicking the port icon in the graphic image of the switch front at the top of the page. A check mark is placed for each port you select, as for example Figure 19. Figure 19. Egress Ports Selected 4. In the Monitor Port list, select the port to which the traffic will be sent. 5.
AT-S86 Management Software User’s Guide 6. Do one of the following: Click OK to save the port mirror. Click Reload to clear the port mirror and start over. 7. To permanently save these settings in the configuration file, from the main menu, select Save Configuration. The Save Configuration page is shown in Figure 3 on page 21. 8. Click Save.
Chapter 6: Port Mirroring Modifying a Port Mirror To modify a port mirror, perform the following procedure. 1. From the main menu, select Bridge > Mirroring. The Mirroring page is shown in Figure 17 on page 59 2. Select or de-select the ports whose ingress traffic you want to monitor by clicking the port icon in the graphic image of the switch front at the top of the page. 3.
Chapter 7 VLANs This chapter about VLANs contains the following sections: “VLAN Overview” on page 64 “Port-based VLAN Overview” on page 66 “Tagged VLAN Overview” on page 67 “Creating a Port-Based VLAN” on page 69 “Creating a Tagged VLAN” on page 72 “Changing a Port’s VLAN Mode” on page 76 63
Chapter 7: VLANs VLAN Overview A VLAN is a group of ports on an Ethernet switch that form a logical Ethernet segment. The ports of a VLAN form an independent traffic domain where the traffic generated by the nodes of a VLAN remains within the VLAN. With VLANs, you can segment your network through the switch’s AT-S86 management software and so be able to group nodes with related functions into their own separate, logical LAN segments.
AT-S86 Management Software User’s Guide management software. You can change the VLAN memberships through the management software without moving the workstations physically, or changing group memberships by moving cables from one switch port to another. In addition, a virtual LAN can span more than one switch. This means that the end nodes of a VLAN do not need to be connected to the same switch and so are not restricted to being in the same physical location.
Chapter 7: VLANs Port-based VLAN Overview As explained in “VLAN Overview” on page 64, a VLAN consists of a group of ports on an Ethernet switch that form an independent traffic domain. Traffic generated by the end nodes of a VLAN remains within the VLAN and does not cross over to the end nodes of other VLANs unless there is an interconnection device, such as a router or Layer 3 switch. A port-based VLAN is a group of ports on a Gigabit Ethernet Switch that form a logical Ethernet segment.
AT-S86 Management Software User’s Guide Tagged VLAN Overview The second type of VLAN supported by the AT-S86 management software is the tagged VLAN. VLAN membership in a tagged VLAN is determined by information within the frames that are received on a port and the VLAN configuration of each port. The VLAN information within an Ethernet frame is referred to as a tag or tagged header.
Chapter 7: VLANs match one of the Group IDs assigned to the port, the packet is discarded. Port VLAN Identifier General Rules for Creating a Tagged VLAN 68 When an untagged packet is received on a port in a tagged VLAN, it is assigned to one of the VLANs of which that port is a member. The deciding factor in this process is the Port VLAN Identifier (PVID). Both tagged and untagged ports in a tagged VLAN must have a PVID assigned to them. The default value of the PVID for each port is 1.
AT-S86 Management Software User’s Guide Creating a Port-Based VLAN This section contains the following procedures: “Creating a Port-Based VLAN”, next “Modifying a Port-Based VLAN” on page 70 “Viewing a Port-Based VLAN” on page 71 The default setting on the switch is for all ports to be untagged members of the default VLAN (VLAN ID 1). Creating a PortBased VLAN To create a port-based VLAN, perform the following procedure: 1. From the main menu, select Bridge > VLAN > Port-Based VLAN.
Chapter 7: VLANs A check mark is placed for each port you select, as for example Figure 21. Figure 21. Port-based VLAN Ports Selected 5. Or, click Attach All to select all of the ports to include in the VLAN. 6. Do one of the following: Click OK to save the VLAN. Click Reload to clear the VLAN and start over. 7. To permanently save these settings in the configuration file, from the main menu, select Save Configuration. The Save Configuration page is shown in Figure 3 on page 21. 8. Click Save.
AT-S86 Management Software User’s Guide selectively click the ones you do not want included. 4. Do one of the following: Click OK to save the changes. Click Reload to clear the changes and start over. 5. To permanently save these settings in the configuration file, from the main menu, select Save Configuration. The Save Configuration page is shown in Figure 3 on page 21. 6. Click Save. Viewing a PortBased VLAN To view a port-based VLAN, perform the following procedure: 1.
Chapter 7: VLANs Creating a Tagged VLAN This section contains the following procedures: “Creating a Tagged VLAN”, next “Modifying a Tagged VLAN” on page 74 “Viewing a Tagged VLAN” on page 75 The switch’s default setting is for all ports to be untagged members of the default VLAN (VLAN ID 1). Creating a Tagged VLAN To create a tagged VLAN, perform the following procedure: 1. From the main menu, select Bridge > VLAN > Tagged VLAN. The Tagged VLAN page is shown in Figure 22.
AT-S86 Management Software User’s Guide The page is refreshed to show the ports without any designations and other parameters you need to define to create the tagged VLAN, as shown in Figure 23. Figure 23. Add Tagged VLAN Page 3. In the Name field, type a name for the new VLAN. 4. In the VLAN ID field, type a number for the ID you want to associate with this VLAN. The range is 1 to 4000. 5. In the Name field, type a name for this VLAN. 6.
Chapter 7: VLANs Figure 24 shows an example of a tagged VLAN with the ports selected. Figure 24. Tagged VLAN Ports Selected 7. To start over, click Detach All remove all the ports from the VLAN. 8. Do one of the following: Click OK to save the VLAN. Click Reload to reload any previous settings for the VLAN. 9. To permanently save these settings in the configuration file, from the main menu, select Save Configuration. The Save Configuration page is shown in Figure 3 on page 21. 10. Click Save.
AT-S86 Management Software User’s Guide Click twice to assign the port as an untagged member of the VLAN. A “U” is placed on that port Click Detach All to remove all the ports from the VLAN and start over. 4. Do one of the following: Click OK to save the changes. Click Reload to reload any previous settings for the VLAN. 5. To permanently save these settings in the configuration file, from the main menu, select Save Configuration. The Save Configuration page is shown in Figure 3 on page 21.
Chapter 7: VLANs Changing a Port’s VLAN Mode The switch can operate in only one VLAN mode at a time: tagged VLAN mode (802.1Q), or port-based VLAN mode. To change the VLAN mode of a port on the switch, perform the following procedure: 1. From the main menu, select Bridge > VLAN > VLAN Mode. The VLAN Mode page is shown in Figure 25. Figure 25. VLAN Mode Page 2. In the Port List, select the port you want to configure, or scroll through the list below. The port is highlighted in the port list. 3.
AT-S86 Management Software User’s Guide 7. To permanently save these settings in the configuration file, from the main menu, select Save Configuration. The Save Configuration page is shown in Figure 3 on page 21. 8. Click Save.
Chapter 7: VLANs 78
Chapter 8 Class of Service (CoS) This chapter contains the following topics: “CoS Overview” on page 80 “Configuring CoS” on page 84 “Mapping CoS Priorities to Egress Queues” on page 86 “Specifying the Scheduling Algorithm” on page 87 79
Chapter 8: Class of Service (CoS) CoS Overview When a port on an Ethernet switch becomes oversubscribed—its egress queues contain more packets than the port can handle in a timely manner—the port may be forced to delay the transmission of some packets, resulting in the delay of packets reaching their destinations.
AT-S86 Management Software User’s Guide and the four egress queues of a switch port. Table 1. Default Mappings of IEEE 802.1p Priority Levels to Priority Queues IEEE 802.1p Priority Level Port Priority Queue 0 Q2 1 Q1 2 Q1 3 Q2 4 Q3 5 Q3 6 Q4 7 Q4 For example, if a tagged packet with a priority level of 3 entered a port on the switch, the switch would store the packet in Q2 queue on the egress port.
Chapter 8: Class of Service (CoS) Table 2. Customized Mappings of IEEE 802.1p Priority Levels to Priority Queues (Continued) IEEE 802.1p Priority Level Port Priority Queue 5 Q3 6 Q4 7 Q4 The procedure for changing the default mappings is found in “Mapping CoS Priorities to Egress Queues” on page 86. Note that because all ports must use the same priority-to-egress queue mappings, these mappings are applied at the switch level. They cannot be set on a per-port basis.
AT-S86 Management Software User’s Guide With this type of scheduling, a port transmits all packets out of higher priority queues before transmitting any from the lower priority queues. For instance, as long as there are packets in Q3 it does not handle any packets in Q2. The value to this type of scheduling is that high priority packets are always handled before low priority packets.
Chapter 8: Class of Service (CoS) Configuring CoS To configure CoS, perform the following procedure: 1. From the main menu, select Bridge > Default Port VLAN & COS. The Default Port VLAN & CoS page is shown in Figure 26. Figure 26. Default Port VLAN & CoS Page 2. In the Port List, select the port you want to configure, or scroll through the list below. The port is highlighted in the port list. 3. Select the PVID of the VLAN that the port is associated with.
AT-S86 Management Software User’s Guide 8. Click Save.
Chapter 8: Class of Service (CoS) Mapping CoS Priorities to Egress Queues This procedure explains how to change the default mappings of CoS priorities to egress priority queues, shown in Table 3 on page 83. This is set at the switch level. You cannot set this at the per-port level. To change the CoS priority mappings, perform the following procedure. 1. From the main menu, select Bridge > CoS. The CoS page is shown in Figure 27. Figure 27. CoS Page 2.
AT-S86 Management Software User’s Guide Specifying the Scheduling Algorithm To change the scheduling algorithm, perform the following procedure. 1. From the main menu, select Bridge > COS. The CoS page is shown in Figure 27 on page 86. 2. In the Scheduling Algorithm list, select the algorithm, one of the following: Strict The port transmits all packets out of higher priority queues before transmitting any from the lower priority queues.
Chapter 8: Class of Service (CoS) 88
Chapter 9 IGMP This chapter contains the following topics: “IGMP Snooping Overview” on page 90 “Enabling or Disabling IGMP Snooping” on page 92 89
Chapter 9: IGMP IGMP Snooping Overview The IGMP protocol enables routers to create lists of nodes that are members of multicast groups. (A multicast group is a group of end nodes that want to receive multicast packets from a multicast application.) The router creates a multicast membership list by periodically sending out queries to the local area networks connected to its ports. A node wanting to become a member of a multicast group responds to a query by sending a report.
AT-S86 Management Software User’s Guide switch ports connected to host nodes. Without IGMP snooping a switch would have to flood multicast packets out all of its ports, except the port on which it received the packet. Such flooding of packets can negatively impact switch and network performance. By default, IGMP snooping is disabled on the switch.
Chapter 9: IGMP Enabling or Disabling IGMP Snooping To enable or disable IGMP Snooping, perform the following procedure: 1. From the main menu, select Bridge > IGMP Snooping. The IGMP Snooping page is shown in Figure 28. Figure 28. IGMP Snooping Page 2. In the IGMP is: list, select Enabled or Disabled. The default is Disabled. 3. To permanently save this change in the configuration file, from the main menu, select Save Configuration. The Save Configuration page is shown in Figure 3 on page 21. 4.
Chapter 10 STP and RSTP This chapter provides background information on the Spanning Tree Protocol (STP) and Rapid Spanning Tree Protocol (RSTP). The chapter also contains procedures on how to adjust the STP and RSTP bridge and port parameters.
Chapter 10: STP and RSTP STP Overview The performance of a Ethernet network can be negatively impacted by the formation of a data loop in the network topology. A data loop exists when two or more nodes on a network can transmit data to each other over more than one data path. The problem that data loops pose is that data packets can become caught in repeating cycles, referred to as broadcast storms, that needlessly consume network bandwidth and can significantly reduce network performance.
AT-S86 Management Software User’s Guide You can change the bridge priority number in the AT-S86 management software. You can designate which switch on your network you want as the root bridge by giving it the lowest bridge priority number. You might also consider which bridge should function as the backup root bridge in the event you need to take the primary root bridge offline, and assign that bridge the second lowest bridge identifier number. The bridge priority has a range 0 to 61440.
Chapter 10: STP and RSTP port on a bridge is typically based on port speed. The faster the port, the lower the port cost. The exceptions to this are: The ports on the root bridge, where all ports have a port cost of 0. When a port is a member of a trunk, the port cost of each trunk member is the auto port cost divided by the number of trunk members. Path cost is simply the sum of the port costs between a bridge and the root bridge. Port cost also has an Auto feature.
AT-S86 Management Software User’s Guide Port Priority If two paths have the same port cost, the bridges must select a preferred path. In some instances this can involve the use of the port priority parameter. This parameter is used as a tie breaker when two paths have the same cost. The range for port priority is 0 to 240. As with bridge priority, this range is broken into increments, in this case multiples of 16. Table 8 lists the values and increments. The default value is 128. Table 8.
Chapter 10: STP and RSTP software. The appropriate value for this parameter depends on a number of variables; the size of your network is a primary factor. For large networks, you should specify a value large enough to allow the root bridge sufficient time to propagate a topology change throughout the entire network. For small networks, you should not specify a value so large that a topology change is unnecessarily delayed, which could result in the delay or loss of some data packets.
AT-S86 Management Software User’s Guide Point-to-Point and Edge Ports Note This section applies only to RSTP. Part of the task of configuring RSTP is defining the port types on the bridge. This relates to the device(s) connected to the port. With the port types defined, RSTP can reconfigure a network much quicker than STP when a change in network topology is detected.
Chapter 10: STP and RSTP 1025 Edge Port Figure 30. Edge Port A port can be both a point-to-point and an edge port at the same time. It operates in full-duplex and has no STP or RSTP devices connected to it. Figure 31 illustrates a port functioning as both a point-to-point and edge port. 1025 Point-to-Point and Edge Port Workstation (Full-duplex Mode) Figure 31. Point-to-Point and Edge Port Determining whether a bridge port is point-to-point, edge, or both, can be a bit confusing.
AT-S86 Management Software User’s Guide not to activate RSTP on an AT-FS750/48 Fast Ethernet Smart Switch even when all other switches are running STP. The switch can combine its RSTP with the STP of the other switches. The switch monitors the traffic on each port for BPDU packets. Ports that receive RSTP BPDU packets operates in RSTP mode while ports receiving STP BPDU packets operate in STP mode.
Chapter 10: STP and RSTP Enabling or Disabling Spanning Tree The AT-S86 management software supports STP and RSTP. However, only one spanning tree protocol can be active on the switch at a time. To select and activate a spanning tree protocol, or to disable spanning tree, perform the following procedure: 1. From the main menu, select Bridge > Spanning Tree. The Spanning Tree page is shown in Figure 33. Figure 33.
AT-S86 Management Software User’s Guide Root MAC Address The MAC address of the root bridge. Switch MAC Address The MAC address of the switch. This value cannot be changed. Bridge Hello Time The time interval between generating and sending configuration messages by the bridge. This parameter can be from 1 to 10 seconds. The default is 2 seconds. Bridge Max Age The length of time after which stored bridge protocol data units (BPDUs) are deleted by the bridge.
Chapter 10: STP and RSTP STP Enabled STP is enabled. RSTP Enabled RSTP is enabled. 3. Do one of the following: Click OK to save the changes. Click Reload to restore the previous settings. 4. To permanently save these settings in the configuration file, from the main menu, select Save Configuration. The Save Configuration page is shown in Figure 3 on page 21. 5. Click Save.
AT-S86 Management Software User’s Guide Configuring the STP Bridge Settings This section contains the procedure for configuring a bridge’s STP settings. Caution The default STP parameters are adequate for most networks. Changing them without prior experience and an understanding of how STP works might have a negative effect on your network. You should consult the IEEE 802.1d standard before changing any of the STP parameters. To configure the bridge settings, perform the following procedure: 1.
Chapter 10: STP and RSTP 5. In the Bridge Priority field, enter a number for the priority number for the bridge. This number is used to determine the root bridge for RSTP. The bridge with the lowest priority number is selected as the root bridge. If two or more bridges have the same priority value, the bridge with the numerically lowest MAC address becomes the root bridge. When a root bridge goes offline, the bridge with the next priority number automatically takes over as the root bridge.
AT-S86 Management Software User’s Guide Configuring the Spanning Tree Port Settings To configure the spanning tree port settings, perform the following procedure: 1. From the main menu, select Bridge > Spanning Tree. The Spanning Tree page is shown in Figure 33 on page 102. 2. In the Port List, select the port you want to configure, or scroll through the list below. The port is highlighted in the port list. The current settings for the port are shown in the list and also in the fields above the list. 3.
Chapter 10: STP and RSTP Auto The switch automatically detects if the port is functioning as a point-topoint port. Yes Sets the port to always function as a point-to-point port. No Sets the port to never function as a point-to-point port. 7. Click Modify. 8. Do one of the following: Click OK to save the changes. Click Reload to restore the previous settings. 9. To permanently save these settings in the configuration file, from the main menu, select Save Configuration.
Chapter 11 Security This chapter provides information on the AT-S86 security features as described in the following sections: “Port-based Network Access Control” on page 110 “Setting Up a Dial-In User” on page 116 “RADIUS” on page 119 109
Chapter 11: Security Port-based Network Access Control Port-based Network Access Control (IEEE 802.1x) uses the RADIUS protocol to control who can send traffic through and receive traffic from a switch port. With this feature, the switch does not allow an end node to send or receive traffic through a port until the user of the node has logged on by entering a username and password that the RADIUS server has validated. The benefit of this type of network security is obvious.
AT-S86 Management Software User’s Guide The Port Access Control page is shown in Figure 34. Figure 34. Port Access Control Page 2. In the Reauthentication list, choose one of the following: Enable Enables reauthentication on the switch. Disable Disables reauthentication. The default is Disable. 3. In the Authentication Method list, choose one of the following: Local Stores the authentication database on the switch. RADIUS Uses a remote RADIUS server for authentication.
Chapter 11: Security 6. In the Quiet Period field, enter a number for the number of seconds that the port remains in the quiet state following a failed authentication exchange with the client. The default value is 60 seconds and the range is 1to 65,535 seconds. 7. In the Max Reauthentication Attempts field, enter a number for the maximum number of times that the switch retransmits an EAP Request packet to the client before it times out the authentication session.
AT-S86 Management Software User’s Guide Force-authorized Disables IEEE 802.1X port-based authentication and causes the port to transition to the authorized state without any authentication exchange required. The port transmits and receives normal traffic without 802.1x-based authentication of the client. This is the default setting. Force-unauthorized Causes the port to remain in the unauthorized state, ignoring all attempts by the client to authenticate.
Chapter 11: Security 9. Click Save. Viewing the Port Access Control Status To view the port access control status, perform the following procedure: 1. From the main menu, select Security > Port Access Control Status. The Port Access Control Status page is shown Figure 35. Figure 35.
AT-S86 Management Software User’s Guide To initialize a port, perform the following procedure: 1. From the main menu, select Security > Port Access Control Status. The Port Access Control Status page is shown Figure 35 on page 114. 2. Select the port you want to initialize from the list. 3. Do one of the following: Click OK to save the changes. Click Reload to clear the changes and start over. 4.
Chapter 11: Security Setting Up a Dial-In User You should set up a dial-in user account for each person who needs to access the switch for management purposes. Adding a Dial-in User To set up a user’s dial-in access, perform the following procedure: 1. From the main menu, select Security > Dial-in User. The Dial-in User page is shown in Figure 36. Figure 36. Dial-In User Page 2. In the User Name field, type a name for the user. 3.
AT-S86 Management Software User’s Guide The Save Configuration page is shown in Figure 3 on page 21. 8. Click Save. Modifying a Dialin User To modify the settings for a dial-in user, perform the following procedure: 1. From the main menu, select Security > Dial-in User. The Dial-in User page is shown in Figure 36 on page 116 2. In the list of dial-in users, highlight the user you want to modify. The user’s information is displayed in fields above. 3.
Chapter 11: Security The Save Configuration page is shown in Figure 3 on page 21. 6. Click Save.
AT-S86 Management Software User’s Guide RADIUS RADIUS is an acronym for Remote Authentication Dial In User Services, an authentication protocol. You can use RADIUS to transfer the task of validating management access from a switch to an authentication protocol server. With the protocols you can create a series of username and password combinations that define who can manage an AT-FS750/48 Fast Ethernet Smart Switch.
Chapter 11: Security subnets, be sure to specify a default gateway in the IP Setup page (Figure 2 on page 20) so that the switch and server can communicate with each other. You need to configure the RADIUS software on the authentication server. This involves the following: – Specifying the username and password combinations. The maximum length for a username is 38 alphanumeric characters and spaces, and the maximum length for a password is 16 alphanumeric characters and spaces.
AT-S86 Management Software User’s Guide The RADIUS page is shown in Figure 37. Figure 37. RADIUS Page 2. In the Authentication Server IP field, specify the IP addresses of the network server containing the RADIUS server software 3. In the Authentication Server Port field, specify the UDP port of the RADIUS protocol. 4. In the Authentication Server Key field, specify the encryption key for the RADIUS server. 5. In the Confirm Authentication Key field, retype the encryption key for the RADIUS server. 6.
Chapter 11: Security 122
Chapter 12 Statistics This chapter contains the following sections: “Statistics Overview” on page 124 “Viewing the Traffic Comparison Statistic” on page 125 “Viewing the Error Groups” on page 129 “Viewing the Historical Status” on page 131 123
Chapter 12: Statistics Statistics Overview Statistics provide important information for troubleshooting switch problems at the port level. The AT-S86 management software provides a versatile set of statistics charts that you can customize for your needs, including (depending upon the chart) the ports whose statistics you want to view and the color to use in drawing the statistics in the chart. The three types of statistics charts are: 124 Traffic Comparison.
AT-S86 Management Software User’s Guide Viewing the Traffic Comparison Statistic To compare a specific type of traffic between all ports on the switch, perform the following procedure: 1. From the main menu, select Statistics Chart > Traffic Comparison. The Traffic Comparison Chart page is shown in Figure 38. Figure 38. Traffic Comparison Chart Page 2.
Chapter 12: Statistics Inbound Non-unicast Packet Rate The number of good packets received per unit of time (specified by the Auto Refresh parameter) that were directed to the broadcast address or multicast address. Inbound Discard Rate The number of bad Ethernet frames received per unit of time (specified by the Auto Refresh parameter). Inbound Error Rate The number of bad Ethernet frames received per unit of time (specified by the Auto Refresh parameter).
AT-S86 Management Software User’s Guide Inbound Non-unicast Packets The total number of good packets received that were directed to the broadcast or multicast address. Inbound Discards The number of inbound packets discarded because they do not conform to the forwarding rules of the switch. Inbound Errors The number of inbound malformed packets not forwarded to the switch. Outbound Octets The sum of lengths of all good Ethernet frames sent from this MAC.
Chapter 12: Statistics A chart, such as the one in Figure 39, is displayed. Figure 39.
AT-S86 Management Software User’s Guide Viewing the Error Groups The error groups chart allows you to view a pre-defined group of errors for the ports you choose. To view the error groups, perform the following procedure: 1. From the main menu, select Statistics Chart > Error Group. The Error Groups Chart page is shown in Figure 40. Figure 40. Error Group Chart Page 2. In the Port list, select a port whose statistics you want to view. 3.
Chapter 12: Statistics A chart, such as the one in is shown Figure 41, is displayed. . Figure 41.
AT-S86 Management Software User’s Guide Viewing the Historical Status To view the statistics from one or more ports over a period of time, perform the following procedure: 1. From the main menu, select Statistics Chart > Historical Status. The Historical Status Chart page is shown in Figure 42. Figure 42. Historical Status Chart 2.
Chapter 12: Statistics Inbound Unicast Packets The total number of good packets received that were not directed to the broadcast or multicast address. Inbound Non-unicast Packets The total number of good packets received that were directed to the broadcast or multicast address. Inbound Discards The number of inbound packets discarded because they do not conform to the forwarding rules of the switch. Inbound Errors The number of inbound malformed packets not forwarded to the switch.
AT-S86 Management Software User’s Guide An example of a historical status chart is shown in Figure 43 Figure 43.
Chapter 12: Statistics 134
Chapter 13 MAC Addresses This chapter contains the following sections: “MAC Address Overview” on page 136 “Working with Dynamic MAC Addresses” on page 138 “Working with Static MAC Addresses” on page 142 135
Chapter 13: MAC Addresses MAC Address Overview Each hardware device that you connect to your Ethernet network has a unique MAC address assigned to it by the device’s manufacturer. For example, every network interface card (NIC) that you use to connect your computers to your network has a MAC address assigned to it by the adapter’s manufacturer. The AT-FS750/48 Fast Ethernet switch contains a MAC address table with a storage capacity of 8K.
AT-S86 Management Software User’s Guide Dynamic MAC addresses are not stored indefinitely in the MAC address table. The switch deletes a dynamic MAC address from the table if it does not receive any frames from the node after a specified period of time. The switch assumes that the node with that MAC address is no longer active and that its MAC address can be purged from the table. This prevents the MAC address table from becoming filled with addresses of nodes that are no longer active.
Chapter 13: MAC Addresses Working with Dynamic MAC Addresses This section contains the following procedures: Displaying the Dynamic MAC Addresses “Displaying the Dynamic MAC Addresses,” next “Changing the Aging Time” on page 140 To display the dynamic MAC address table, perform the following procedure: 1. From the main menu, select Bridge > Dynamic Addresses. The Dynamic Addresses page is shown in Figure 44. Figure 44. Dynamic Addresses Page 2.
AT-S86 Management Software User’s Guide The page is redisplayed to contain a list similar to the one in Figure 45. Figure 45. Dynamic MAC Addresses Associated with a Port 3. To view the dynamic MAC addresses learned on the tagged and untagged ports of a specific VLAN, in the Query by section, click VLAN ID, enter the VLAN ID, and click Query. The page is redisplayed to contain a list similar to the one in Figure 46 Figure 46.
Chapter 13: MAC Addresses 4. To view the port number on which a MAC address was assigned or learned, click MAC Address, enter the MAC address, and click Query. The page is redisplayed to contain a list similar to the one in Figure 47. Figure 47. Dynamic MAC Addresses Associated with a MAC Address Changing the Aging Time The switch uses the aging time to delete inactive dynamic MAC addresses from the MAC address table.
AT-S86 Management Software User’s Guide Click Reload to clear the changes and start over. 4. To permanently save these settings in the configuration file, from the main menu, select Save Configuration. The Save Configuration page is shown in Figure 3 on page 21. 5. Click Save.
Chapter 13: MAC Addresses Working with Static MAC Addresses This section contains the following procedures: Adding a Static MAC Address “Adding a Static MAC Address” on page 142 “Modifying a Static MAC Address” on page 143 “Removing a Static MAC Address” on page 143 To add a static MAC address, perform the following procedure: 1. From the main menu, select Bridge > Static Addresses. The Static Addresses page is shown in Figure 48. Figure 48.
AT-S86 Management Software User’s Guide None - No packet filtering takes place for this MAC address. Destination - Packets are filtered when this MAC address appears in the packets as the destination address. 7. Click Add. 8. Do one of the following: Click OK to save the changes. Click Reload to clear the changes and start over. 9. To permanently save these settings in the configuration file, from the main menu, select Save Configuration. The Save Configuration page is shown in Figure 3 on page 21.
Chapter 13: MAC Addresses 2. Click First, Previous, Next, or Last to move through the list of MAC addresses to highlight the one you want to remove. 3. Click Remove. 4. Do one of the following: Click OK to save the changes. Click Reload to clear the changes and start over. 5. To permanently save these settings in the configuration file, from the main menu, select Save Configuration. The Save Configuration page is shown in Figure 3 on page 21. 6. Click Save.
Chapter 14 Downloading New Management Software The procedure in this chapter is: “Downloading New Management Software” on page 146 145
Chapter 14: Downloading New Management Software Downloading New Management Software To download a new version of the AT-S86 management software, perform the following procedure: 1. From the main menu, select System > Firmware Upgrade. The Firmware Upgrade page is shown in Figure 49. Figure 49. Firmware Upgrade Page The page shows the hardware (switch) version, and the boot ROM and firmware versions currently running on the switch. 2.
Index A IEEE 802.1p standard 80 aging time changing 140 defined 137 M B BPDU.
Index name 42 open access status 42 source port 58 Spanning Tree Protocol (STP) and VLANs 101 bridge forwarding delay 103, 105 bridge hello time 103 bridge identifier 103 bridge max age 103 bridge parameters, configuring 105 bridge priority 103 defined 94 forwarding delay 103 static unicast MAC address, defined 137 strict priority scheduling 83 T tagged VLAN defined 67 overview 67 rules 68 trap receivers 43 V virtual LAN (VLAN) defined 64 overview 64 port-based, defined 66 tagged, defined 67 VLAN ID, des
