Management Software AT-S94 ◆ WEB User’s Guide For use with the AT-8000S Series Stackable Fast Ethernet Switches Version 3.0.0.
Copyright © 2010, Allied Telesis, Inc. All rights reserved. No part of this publication may be reproduced without prior written permission from Allied Telesis, Inc. Allied Telesis and the Allied Telesis logo are trademarks of Allied Telesis, Incorporated. All other product names, company names, logos or other designations mentioned herein are trademarks or registered trademarks of their respective owners. Allied Telesis, Inc.
Table of Contents Preface ................................................................................................................................... 8 Web Browser Interface User’s Guide Overview .............................................................................. 9 Intended Audience........................................................................................................................... 9 Document Conventions ...............................................................
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide Configuring TACACS+ ........................................................................................................................... 56 Configuring RADIUS ............................................................................................................................... 60 Configuring Local Users..................................................................................................................
Configuring Multiple Spanning Tree ............................................................................................143 Defining MSTP Properties .....................................................................................................................143 Defining MSTP Interfaces......................................................................................................................144 Defining MSTP Instance Mappings .........................................................
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide Chapter 17.Viewing Statistics.......................................................................................... 217 Viewing Device Statistics ............................................................................................................ 217 Viewing Interface Statistics ...................................................................................................................
Page 7
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide Preface This guide contains instructions on how to configure an AT-8000S Series Layer 2 Fast Ethernet Switch using the interface in the Embedded Management System (EWS). The Embedded Management System enables configuring, monitoring, and troubleshooting of network devices remotely via a web browser. The web pages are easy-to-use and easy-to-navigate.
Preface Web Browser Interface User’s Guide Overview Web Browser Interface User’s Guide Overview The Web Browser Interface User’s Guide provides the following sections: • Section 1,Section Title“Getting Started” — Provides information for using the Embedded Web Management System, including adding, editing, and deleting configurations. • Section 2, Section Title“Defining System Information” — Provides information for defining basic device information.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide Document Conventions This document uses the following conventions: Note Provides related information or information of special importance. Caution Indicates potential damage to hardware or software, or loss of data. Warning Indicates a risk of personal injury.
Preface Contacting Allied Telesis Contacting Allied Telesis This section provides Allied Telesis contact information for technical support as well as sales information. New Management Software Releases New releases of management software are on the Allied Telesis web site. In addition, the installation and user guides are available for all Allied Telesis products in portable document format (PDF) on our web site. Both the management software and the product documentation are available at www.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide Page 12
Getting Started Starting the Application Chapter 1. Getting Started This section provides an introduction to the Web Browser Interface, and includes the following topics: • • • • • Starting the Application User Interface Components Logging Out Resetting the Device Configurable Login Banner Starting the Application This section contains information for starting the application. The login information is configured with a default user name and password.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide 5. Click Sign In.
Getting Started Using the Web Browser Interface Figure 3: Port Settings Page The port status indicators vary with context, for example the general port status indicators are as in the figure above while port mirror indicators are different. Indicator legend descriptions are provided with each context of the specific Zoom View.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide User Interface Components The System General Page example shows the interface components. Figure 4: System General Page The following table lists the interface components with their corresponding numbers: Table 1: Interface Components Comp on en t Des cription 1 Menu The Menu provides easy navigation through the main management software features. In addition, the Menu provides general navigation options.
Getting Started Using the Web Browser Interface Using the Management Buttons Management buttons provide an easy method of configuring device information, and include the following: Table 2: Butto n Configuration Management Buttons Bu t to n Na me D escr ip tio n Add Opens a page which creates new configuration entries. Create Opens a page which creates new configuration entries. Modify Modifies the configuration settings.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide Table 2: Butto n Configuration Management Buttons Bu t to n Na me D escr ip tio n Test Performs a diagnostic test. Clear All Counters Removes all counters. The application menu includes the following general purpose buttons: Configuration Opens the default configuration page (System General). Login Signs the user into the WBI, starts the management session.
Getting Started Using the Web Browser Interface Adding, Modifying and Deleting Information The WBI contains and tables for configuring devices. User-defined information can be added, modified or deleted in specific WBI pages. To add information to tables or WBI pages: 1. Open a WBI page. 2. Click Add. An Add page opens, for example, the Add Community Page: Figure 5: 3. 4. Add Community Page Define the fields. Click Apply. The configuration information is saved, and the device is updated.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide Figure 6: Local User Settings Page 4. Define the fields. 5. Click Apply. The fields are modified, and the information is saved to the device. To delete information in tables or WBI pages: 1. 2. 3. Open the WBI page. Select a table row. Click Delete. The information is deleted, and the device is updated.
Getting Started Logging Out Logging Out The Logout option enables the user to log out of the device thereby terminating the running session. To log out: • In any page, click Logout on the menu. The current management session is ended and the Log Off Page opens: Figure 7: Log Off Page Resetting the Device The Reset option enables resetting the device from a remote location. Note Save all changes to the Running Configuration file before resetting the device.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide To compose a login banner: • Enter the CLI command login_banner "text string". The text string length is a maximum of 159 characters (surrounded by quotes). To remove the login banner: • Enter the CLI command login_banner "" with an empty string.
Defining System Information Chapter 2. Defining System Information The System General Page contains general device information, including system name and its IPv4 addressing, administrator and passwords information, Dynamic Host Configuration Protocol (DHCP) configuration and MAC Address Aging Time. To define the general system information: 1. Click System > General.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide The Administration section of theSystem General PageSystem General PageSystem General Page System General Page contains the following fields: • • • • • • System Name — Indicates the user-defined name of the device. This is a required field. The field range is 0-159 characters. Administrator — Indicates the name of the administrator responsible for managing the device. The field range is 0-159 characters.
Configuring IPv6 Chapter 3. Configuring IPv6 The device functions as an IPv6 compliant Host, as well as an IPv4 Host (also known as dual stack). This allows device operation in a pure IPv6 network as well as in a combined IPv4/IPv6 network. The primary change from IPv4 to IPv6 is the length of network addresses. IPv6 addresses are 128 bits long, whereas IPv4 addresses are 32 bits; allowing a much larger address space.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide Figure 9: IPv6 Interface Page The IPv6 Interface Page contains the following fields: • Interface — Indicates the interface on which the IPv6 interface is defined. The possible field values are: – – VLAN — Indicates the VLAN ID on which IPv6 is enabled. – – Selected — Removes the selected IPv6 address. – Link Local — Defines a Link Local address; non routable and can be used for communication on the same network only.
Configuring IPv6 – • • • Global — Defines a globally unique IPv6 address; visible and reachable from different subnets. IPv6 Address — Indicates the IPv6 address assigned to the interface. Prefix — Specifies the length of the IPv6 prefix. The length is a decimal value that indicates how many of the high-order contiguous bits of the address comprise the prefix (the network portion of the address). The range is 3 -128 (64 in the case EUI-64 parameter is used).
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide 2. 3. 4. 5. Select an Interface to map to the IP address. Select an IPv6 Address Type. Define the IPv6 address. Selecting a Global in the IPv6 Address Type requires defining the Prefix Length or selecting the EUI-64 check box. Click Apply. The IPv6 address is mapped to the Interface, and the device is updated.
Configuring IPv6 Defining the IPv6 Default Gateway The IPv6 Default Gateway Page enables you to configure the IPv6 address of the next hop that can be used to reach the network. Two IPv6 Link-Local address formats are used: standard and one with a specified IPv6 interface identifier. For IPv6, the configuration of the default gateway is not mandatory, as hosts can automatically learn of the existence of a router on the local network via the router advertisement procedure.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide – • 2. 3. Dynamic — Indicates the default gateway is dynamically configured. State — Displays the default gateway status. The following states are available: Incomplete, Reachable, Stale, Delay, Probe and Unreachable. Select an Interface. Click Add. The Add Static Default Gateway Page opens. Figure 12: Add Static Default Gateway Page 4. 5. Define the Default Gateway IPv6 Address field for the IP Interface.
Configuring IPv6 Configuring Tunnels The Tunneling Page defines the tunneling process on the device, which encapsulates IPv6 packets in IPv4 packets for delivery across an IPv4 network. The Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) address assignment and automatic tunneling mechanism is used for Unicast communication between IPv6/IPv4 nodes in an IPv4 intranet. To define Tunneling: 1. Click System > Tunneling. The Tunneling Page opens.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide – • • • • 2. None — Indicates that the tunnel local address is not set. ISATAP’s Router Domain Name — Specifies a global string that represents a specific automatic tunnel router domain name. The default value is ISATAP. Domain Name Query Interval (10-3600) — Specifies the interval between DNS Queries (before the IP address of the ISATAP router is known) for the automatic tunnel router domain name.
Configuring IPv6 The IPv6 Neighbors Page contains the following fields: View IPv6 Neighbors • View Static — Displays the static IPv6 address entries from the IPv6 Neighbor Table. • View Dynamic — Displays the dynamic IPv6 address entries from the IPv6 Neighbor Table. • View IPv6 Address — Displays the currently configured neighbor IPv6 address entries from the IPv6 • Neighbor Table. The address must be a valid IPv6 address, specified in hexadecimal using 16-bit values between colons.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide 3. Click Add. The Add IPv6 Neighbor Page opens. Figure 15: Add IPv6 Neighbor Page 4. 5. Define the static IPv6 Address and MAC Address fields. Click Apply. The IPv6 Neighbors entry is defined, and the device is updated. To modify IPv6 Neighbor entries: 1. Click System > IPv6 Neighbors. The IPv6 Neighbors Page opens. 2. Select the IPv6 Address field to be edited. 3. Click Modify. The IPv6 Neighbor Configuration Page opens.
Configuring IPv6 To view IPv6 Neighbor entries: 1. Click System > IPv6 Neighbors. The IPv6 Neighbors Page opens. 2. Select an interface. 3. Click View. The View IPv6 Neighbors Page opens. Figure 16: View IPv6 Neighbors Page The View IPv6 Neighbors Page contains the following fields: • Interface — Displays the interface (VLAN) on which the IPv6 interface is configured. • IPv6 Address — Defines the currently configured neighbor IPv6 address.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide Page 36
Configuring System Time Chapter 4. Configuring System Time The System Time Page provides information for configuring system time parameters, including: • • • Setting the System Clock Configuring SNTP Configuring Daylight Saving Time Setting the System Clock The System Time Page contains fields for defining system time parameters for both the local hardware clock and the external SNTP clock.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide – • • • SNTP — Indicates that the system time is set via an SNTP server. System Time — Sets the local clock time. The field format is HH:MM:SS. For example: 21:15:03. System Date — Sets the system date. The field format is Day/Month/Year. For example: 04/May/2050 (May 4, 2050). Time Zone Offset — The difference between Greenwich Mean Time (GMT) and local time.
Configuring System Time To define SNTP global parameters: 1. Click System > System Time. The System Time Page opens. The Simple Network Time Protocol (SNTP) section of the System Time Page contains the following fields: • Status — Indicates if SNTP is enabled on the device. The possible field values are: – – Disabled — Indicates that SNTP is disabled. Enabled — Indicates that SNTP is enabled.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide – • • Time Set Offset — Used for non-USA and European countries to set the amount of time for DST (in minutes). The default time is 60 minutes. The range is 1-1440 minutes. From — Indicates the time that DST begins in countries other than the USA and Europe, in the format Day/ Month/Year in one field and HH:MM in another. For example, if DST begins on October 25, 2007 at 5:00 am, the two fields should be set to 25/Oct.
Configuring System Time Daylight Savings Time by Country The following is a list of Daylight Savings Time start and end dates by country: • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • Albania — From the last weekend of March until the last weekend of October. Australia — From the end of October until the end of March. Australia - Tasmania — From the beginning of October until the end of March. Armenia — From the last weekend of March until the last weekend of October.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide • • • • • • • • • • • • • • • • • • New Zealand — From the first Sunday in October until the first Sunday on or after March 15. Norway — From the last weekend of March until the last weekend of October. Paraguay — From April 6 until September 7. Poland — From the last weekend of March until the last weekend of October. Portugal — From the last weekend of March until the last weekend of October.
Configuring Device Security Configuring Management Security Chapter 5. Configuring Device Security This section describes setting security parameters for ports, device management methods, users, and servers.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide To define access profiles: 1. Click Mgmt. Security > Access Profile. The Access Profile Page opens: Figure 18: Access Profile Page The Access Profile Page contains a table listing the currently defined profiles and their active status: • • Access Profile Name — The name of the profile. The access profile name can contain up to 32 characters. Current Active Access Profile — Indicates if the profile is currently active.
Configuring Device Security Configuring Management Security 2. Click Add. The Add Access Profile Page opens: Figure 19: Add Access Profile Page In addition to the Access Profile Page, the Add Access Profile Page contains the following fields: • • • Access Profile Name — Defines the name of a new access profile. Rule Priority — Defines the rule priority. When the packet is matched to a rule, user groups are either granted permission or denied device management access.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide – • • VLAN — Specifies the VLAN on which the access profile is defined. Supported IP Format — Indicates the supported Internet Protocol on the device. Only IPv6 Global is supported IPv6 Address Type — Defines the type of configurable static IPv6 IP address for an interface. The possible field values are: – – • Link Local — Specifies that link local addressing is supported by the interface.
Configuring Device Security Configuring Management Security Defining Profile Rules Access profiles can contain up to 128 rules that determine which users can manage the device module, and by which methods. Users can also be blocked from accessing the device. Rules are composed of filters including: • • • • • • Rule Priority Interface Management Method IP Address Prefix Length Forwarding Action To define profile rules: 1. Click Mgmt.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide • Management Method — Defines the management method for which the rule is defined. Users with this access profile can access the device using the management method selected. The possible field values are: – – • • • Telnet — Assigns Telnet access to the rule. If selected, users accessing the device using Telnet meeting access profile criteria are permitted or denied access to the device.
Configuring Device Security Configuring Management Security – • • 3. 4. 5. IPv6 — Indicates that IPv6 is supported. IPv6 Address Type — Defines the type of configurable static IPv6 IP address for an interface. The possible field values are: – – Link Local — Specifies that link local addressing is supported by the interface. – – VLAN 1 — Specifies the VLAN ID on which the IPv6 Interface is configured. Global — Specifies that global Unicast addressing is supported by the interface.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide To modify an access rule: 1. Click Mgmt. Security > Profile Rules: The Profile Rules Page opens. 2. Click Modify. The Profiles Rules Configuration Page opens: Figure 22: Profiles Rules Configuration Page 3. 4. Define the fields. Click Apply. The profile rule is saved, and the device is updated.
Configuring Device Security Configuring Management Security Defining Authentication Profiles Authentication profiles allow network administrators to assign authentication methods for user authentication. User authentication can be performed either locally or on an external server. User authentication occurs in the order the methods are selected. If the first authentication method is not available, the next selected method is used.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide 2. – RADIUS — Authenticates the user at the RADIUS server. For more information, see Defining RADIUS Server Settings. – TACACS+ — Authenticates the user at the TACACS+ server. For more information, see Defining TACACS+ Host Settings. – Local, RADIUS — Indicates that authentication first occurs locally. If authentication cannot be verified locally, the RADIUS server authenticates the management method.
Configuring Device Security Configuring Management Security Figure 24: Add Authentication Profile Page 3. 4. 5. 6. Select the type of function to configure for the profile: Method or Login. Enter the Profile Name. Using the arrows, move the method(s) from the Optional Method list to the Selected Method list. Click Apply. The authentication profile is defined. The profile is added to the profiles table and the device is updated. To modify the authentication profile settings: 1. Click Mgmt.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide Figure 25: Authentication Profile Configuration Page 3. 4. 5. Select the Profile Name from the list. Using the arrows, move the method(s) from the Optional Method list to the Selected Method list. Click Apply. The profile settings are saved and the device is updated.
Configuring Device Security Configuring Management Security Mapping Authentication Profiles After authentication profiles are defined, they can be applied to management access methods. For example, console users can be authenticated by Authentication Profile List 1, while Telnet users are authenticated by Authentication Profile List 2. Authentication methods are selected using arrows. The order in which the methods are selected is the order by which the authentication methods are used.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide • Secure HTTP — Indicates that authentication methods are used for secure HTTP access. The possible methods are: – – – – • Local — Authentication occurs locally. RADIUS — Authenticates the user at the RADIUS server. TACACS+ — Authenticates the user at the TACACS+ server. None — Indicates that no authentication method is used for access. HTTP — Indicates that authentication methods are used for HTTP access.
Configuring Device Security Configuring Server Based Authentication Figure 27: TACACS+ Page The TACACS+ Page contains the following fields: • Supported IP Format — Indicates that IPv4 is supported. • Timeout for Reply — Defines the time interval, in seconds, that passes before the connection between the device and the TACACS+ server times out. The field range is 1-30 seconds and the default is 5 seconds. • Key String — Defines the default key string. • Server # — Displays the server number.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide Figure 28: Add TACACS+ Page 3. 4. Define the fields. Click Apply. The TACACS+ profile is saved, and the device is updated.
Configuring Device Security Configuring Server Based Authentication To modify TACACS+ server settings: 1. Click Mgmt. Protocols > TACACS+. The TACACS+ Page opens. 2. Click Modify. The TACACS+ Configuration Page opens: Figure 29: TACACS+ Configuration Page 3. 4. Define the relevant fields. Click Apply. The TACACS+ settings are modified, and the device is updated.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide Configuring RADIUS Remote Authorization Dial-In User Service (RADIUS) servers provide additional security for networks. RADIUS servers provide a centralized authentication method for web access. In addition, RADIUS servers, when activated, record device management sessions on Telnet, serial and WEB and/or 802.1x authentication sessions.
Configuring Device Security Configuring Server Based Authentication – Both — Indicates the RADIUS recording session is used for 802.1X authentication and management accounting from login to logout. • Default Retries — Defines the default number of transmitted requests sent to the RADIUS server before a failure occurs. Possible field values are 1-10. The default number of retries is 3.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide 2. Click Add. The Add RADIUS Page opens. Figure 31: Add RADIUS Page 3. 4. Define the fields. Click Apply. The RADIUS profile is saved, and the device is updated.
Configuring Device Security Configuring Server Based Authentication To modify RADIUS server settings: 1. Click Mgmt. Protocols > RADIUS. The RADIUS Page opens: 2. Click Modify. The RADIUS Configuration Page opens: Figure 32: RADIUS Configuration Page 3. 4. Define the relevant fields. Click Apply. The RADIUS server settings are modified, and the device is updated.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide Configuring Local Users Network administrators can define users, passwords, and access levels for users using the Local Users Page. To configure local users and passwords: 1. Click Mgmt. Security > Local Users. The Local Users Page opens: Figure 33: Local Users Page The Local Users Page displays the list of currently defined local users and contains the following fields: • User Name — Displays the user’s name.
Configuring Device Security Configuring Server Based Authentication 2. Click Create. The Add Local User Page opens: Figure 34: Add Local User Page In addition to the fields in the Local Users Page, the Add Local User Page contains the following fields: • Password — Defines the local user password. Local user passwords can contain up to 159 characters. • Confirm Password — Verifies the password. 3. 4. Define the fields. Click Apply. The user is added to the Local Users table and the device is updated.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide Defining Line Passwords Network administrators can define line passwords in the Line Password Page. The administrator enters the new password in the Password column and then confirms it in the Confirm Password column. After the line password is defined, a management method is assigned to the password. The device can be accessed using the following methods: • • • Console Telnet Secure Telnet To define line passwords: 1.
Configuring Device Security Configuring Network Security Port-based authentication provides traditional 802.1x support, as well as, Guest VLANs. Guest VLANs limited network access to authorized ports. If a port is denied network access via port-based authorization, but the Guest VLAN is enabled, the port receives limited network access. For example, a network administrator can use Guest VLANs to deny network access via port-based authentication, but grant Internet access to unauthorized users.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide To configure secure ports: 1. Click Network Security > Port Security. The Port Security Page opens: Figure 37: Port Security Page The Port Security Page displays the Zoom View of the selected stacking member’s (defined in the Unit No. field) ports. The possible port indicators are: Port is active — Indicates that the port is linked. Port is inactive — Indicates that the port is not linked.
Configuring Device Security Configuring Network Security 4. Click Modify. The Port Security Configuration Page opens: Figure 38: Port Security Configuration Page The Port Security Configuration Page contains the following fields: • Interface — Displays the port name. • Action On Violation — Indicates the intruder action defined for the port. Indicates the action to be applied to packets arriving on a locked port.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide 6. 7. Click Apply. The port security settings are saved and the device is updated. Click Save Config on the menu to save the changes permanently. Defining 802.1x Port Access The 802.1x Port Access Page allows enabling port access globally, defining the authentication method, and configuration of port roles and settings. To configure 802.1x port access parameters: 1. Click Network Security > 802.1x Port Access. The 802.
Configuring Device Security Configuring Network Security – – • • Enable — Enables Guest VLAN. Disable — Disables Guest VLAN. Guest VLAN ID — Specifies the VLAN ID assigned to the Guest VLAN. Guest VLAN — Sets Guest VLAN timers for the device. The possible field values are: – – Join Timer — Enables the join timer. Enter the time period for reauthentication. Immediate — Reauthenticates the port immediately. The 802.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide To modify port based authentication settings: 1. Click Modify.
Configuring Device Security Configuring Network Security The Port Authentication Settings Page contains the following port authentication parameters: • • • • Port — Displays a list of interfaces on which port-based authentication is enabled. User Name — Displays the supplicant user name. Admin Port Control — Indicates the port state. The possible field values are: Admin Port Control — Indicates the port state. The possible field values are: – • Auto —Enables port-based authentication on the device.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide The possible field values are: – – • Enable — Enables dynamic VLAN assignment. Disable — Disables dynamic VLAN assignment. This is the default value. Enable Periodic Reauthentication — Permits port reauthentication. The possible field values are: – – Enable — Enables port reauthentication. This is the default value. • Disable — Disables port reauthentication.
Configuring Device Security Configuring Network Security Enabling Storm Control Storm control limits the amount Multicast and Broadcast frames accepted and forwarded by the device. When Layer 2 frames are forwarded, Broadcast, and Multicast frames are flooded to all ports on the relevant VLAN. This occupies bandwidth, and loads all nodes on all ports. A Broadcast Storm is a result of an excessive amount of Broadcast messages simultaneously transmitted across a network by a single port.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide The Storm Control Page displays the Zoom View of the selected stacking member’s (defined in the Unit No. field) ports. The possible port indicators are: Port is active — Indicates that the port is linked. Port is inactive — Indicates that the port is not linked. Port is disabled — Indicates that the port is disabled. Port is selected — Indicates that the port is selected for modification. Select a port to configure.
Configuring Device Security Defining Access Control Defining Access Control Access Control Lists (ACL) allow network managers to define classification actions and rules for specific ingress ports. Your switch supports up to 256 ACLs. Packets entering an ingress port, with an active ACL, are either admitted or denied entry. If they are denied entry, the user can disable the port. ACLs are composed of access control entries (ACEs) that are made of the filters that determine traffic classifications.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide The MAC Based ACL Page contains the following fields: • • • • • • • • • • • • • ACL Name — Displays the specific MAC based ACLs. Remove ACL — Deletes the specified ACL. The possible field values are: – – Checked — Deletes the ACL when user clicks the Apply button. – – – Permit — Forwards packets which meet the ACL criteria. Unchecked — Maintains the ACL.
Configuring Device Security Defining Access Control 2. Click the Add ACL button. The Add MAC Based ACL Page opens: Figure 44: Add MAC Based ACL Page 3. 4. 5. 6. In the ACL Name field, type a name for the ACL. Enable Rule Priority and define the ACL’s relevant fields. Click Apply. The MAC Based ACL configuration is defined and the device is updated. Click Save Config on the menu to save the changes permanently.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide Adding ACE Rules 1. 2. Click Network Security > MAC Based ACL. The MAC Based ACL Page opens. Click the Add ACE button. The Add MAC Based ACE Page opens. Figure 45: Add MAC Based ACE Page 3. 4. 5. Define the fields. Click Apply. The MAC Based ACE rule is defined and the device is updated. Click Save Config on the menu to save the changes permanently.
Configuring Device Security Defining Access Control To modify the MAC Based ACL configuration: 1. Click Network Security > MAC Based ACL. The MAC Based ACL Page opens. 2. Click Modify. The MAC Based ACE Configuration Page opens: Figure 46: MAC Based ACE Configuration Page 3. 4. 5. Define the fields. Click Apply. The MAC Based ACL configuration is defined, and the device is updated. Click Save Config on the menu to save the changes permanently.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide Figure 47: IPv4 Based ACL Page The IPv4 Based ACL Page contains the following fields: • • • • ACL Name — Displays the specific IP based ACLs. Remove ACL — Deletes the specified ACL. The possible field values are: – – Checked — Deletes the ACL when user clicks the Apply button. – ICMP — Internet Control Message Protocol (ICMP). The ICMP allows the gateway or destination host to communicate with the source host.
Configuring Device Security Defining Access Control – HMP — Host Mapping Protocol (HMP). Collects network information from various networks hosts. HMP monitors hosts spread over the internet as well as hosts in a single network. – RDP — Remote Desktop Protocol (RDP). Allows clients to communicate with the Terminal Server over the network. – – – – – IDPR — Matches the packet to the Inter-Domain Policy Routing (IDPR) protocol. IDRP— Matches the packet to the Inter-Domain Routing Protocol (IDRP).
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide • Destination – – • IPv4 Address — Matches the destination port IPv4 address to which packets are addressed to the ACE. Mask — Defines the destination IP address wildcard mask. Wildcard masks specify which bits are used and which bits are ignored. A wild card mask of 255.255.255.255 indicates that no bit is important. A wildcard of 0.0.0.0 indicates that all the bits are important.
Configuring Device Security Defining Access Control 2. Click the Add ACL Button. The Add IPv4 Based ACL Page opens: Figure 48: Add IPv4 Based ACL Page In addition to the IPv4 Based ACL Page, the Add IPv4 Based ACL Page contains the following fields: • Match QoS — Enables or disables the ACL classification to identify flows based on QoS values, such as DSCP or IP Precedence. The possible field values are: – Checked — Enables identification of flows based on QoS values.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide Adding ACE Rules 1. 2. Click Network Security > IPv4 Based ACL. The IPv4 Based ACL Page opens. Click the Add ACE button. The Add IPv4 Based ACE Page opens. Figure 49: Add IPv4 Based ACE Page 3. 4. 5. Define the fields. Click Apply. The IPv4-based ACE rule is defined and the device is updated. Click Save Config on the menu to save the changes permanently. To modify the IPv4-based ACL configuration: 1.
Configuring Device Security Defining Access Control Defining IPv6 Based ACL The IPv6 Based ACL Page contains information for defining IPv6-based ACLs, including defining the ACEs defined for IPv6-based ACLs. 1. Click Network Security > IPv6 Based ACL. The IPv6 Based ACL Page opens. Figure 50: IPv6 Based ACL Page The IPv6 Based ACL Page contains the following fields: • • • • ACL Name — Displays the specific IPv6-based ACLs. Remove ACL — Deletes the specified ACL.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide – • • • • • UDP — User Datagram Protocol (UDP). Communication protocol that transmits packets but does not guarantee their delivery. Source Port — Defines the TCP/UDP source port to which the ACE is matched. This field is active only if 800/6-TCP or 800/17-UDP are selected in the Select from List drop-down menu. The possible field range is 0 - 65535. Destination Port — Defines the TCP/UDP destination port.
Configuring Device Security Defining Access Control 2. Click the Add ACL Button. The Add IPv6 Based ACL Page opens: Figure 51: Add IPv6 Based ACL Page In addition to the IPv6 Based ACL Page, the Add IPv6 Based ACL Page contains the following fields: • Match QoS — Enables or disables the ACL classification to identify flows based on QoS values, such as DSCP or IP Precedence. The possible field values are: – Checked — Enables identification of flows based on QoS values.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide Adding ACE Rules 1. 2. 3. 4. 5. Click Network Security > IPv6 Based ACL. The IPv6 Based ACL Page opens. Click the Add ACE button. The Add IPv6 Based ACE Page opens. Define the fields. Click Apply. The IPv6-based ACE rule is defined and the device is updated. Click Save Config on the menu to save the changes permanently. To modify the IPv6-based ACL configuration: 1. Click Network Security > IPv6 Based ACL.
Configuring Device Security Defining Access Control Defining ACL Binding When an ACL is bound to an interface, all the ACE rules that have been defined are applied to the selected interface. Whenever an ACL is assigned on an interface, flows from that ingress interface that do not match the ACL are matched to the default rule, which is Drop unmatched packets. 1. Click Network Security > ACL Binding.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide 2. Click the Modify button. The ACL Binding Configuration opens: Figure 53: ACL Binding Configuration The ACL Binding Configuration contains the following fields: • Interface — Choose the interface to which the ACL is bound. The possible values are: – – • 3. 4. 5. Port — Port associated with the ACL. Trunk — Trunk associated with the ACL.
Configuring DHCP Snooping Chapter 6. Configuring DHCP Snooping DHCP Snooping expands network security by providing an extra layer of security between untrusted interfaces and DHCP servers. By enabling DHCP Snooping network administrators can identify between trusted interfaces connected to end-users or DHCP Servers, and untrusted interface located beyond the network firewall. DHCP Snooping filters untrusted messages.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide Defining DHCP Snooping General Properties The DHCP Snooping General Page contains parameters for enabling DHCP Snooping on the device. To define DHCP Snooping on the device: 1. Click DHCP Snooping > General.
Configuring DHCP Snooping – • • • 2. 3. 4. Disable — Disables verifying that an untrusted port source MAC address matches the client’s MAC address. Backup Database — Indicates if the DHCP Snooping Database is enabled. The possible field values are: – – Enable — Enables storing allotted IP addresses in the DHCP Snooping Database. – – Enable — Enables DHCP Option 82 Insertion on the device. Disable — Disables storing allotted IP addresses in the DHCP Snooping Database. This is the default value.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide To define DHCP Snooping on VLANs: 1. Click DHCP Snooping > VLAN Settings. The VLAN Settings Page opens: Figure 55: VLAN Settings Page The VLAN Settings Page contains the following fields: • • 2. 3. VLAN ID — Indicates the VLAN to be added to the Enabled VLAN list. Enabled VLANs — Contains a list of VLANs for which DHCP Snooping is enabled. Select the VLAN name from the VLAN ID list and click Add.
Configuring DHCP Snooping To define trusted interfaces: 1. Click DHCP Snooping > Trusted Interfaces. The Trusted Interfaces Page opens: Figure 56: Trusted Interfaces Page The Trusted Interfaces Page contains the following fields: • Select the interfaces displayed in the table. – – • • 2. 3. Ports of Unit — Displays the stacking member whose trusted interface configuration is displayed. Trunk — Displays the trunks whose trusted interface configuration is displayed.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide 4. • Edit the following field: Trusted Status — Indicates whether the interface is a Trusted Interface. – – 5. 6. Enable — Interface is a trusted interface. Disable — Interface is an untrusted interface. Click Apply. The Trusted Interfaces configuration is defined and the device is updated. Click Save Config on the menu to save the changes permanently.
Configuring DHCP Snooping Binding Addresses to the DHCP Snooping Database The Binding Database Page contains parameters for querying and adding IP addresses to the DHCP Snooping Database. To bind addresses to the DHCP Snooping database: 1. Click DHCP Snooping > Binding Database. The Binding Database Page opens: Figure 58: Binding Database Page 2. Define any of the following fields as a query filter: Query Parameters • MAC Address — Indicates the MAC addresses recorded in the DHCP Database.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide Query Results The Query Results table contains the following fields: • • • • • MAC Address — Indicates the MAC address found during the query. VLAN ID — Displays the VLAN ID to which the IP address is attached in the DHCP Snooping Database. IPv4 Address — Indicates the IPv4 address found during the query. Interface — Indicates the specific interface connected to the address found during the query.
Configuring Ports Setting Ports Configurations Chapter 7. Configuring Ports Port Configuration includes the following procedures for configuring ports and trunks on the device. • • Setting Ports Configurations Aggregating Ports Setting Ports Configurations This section contains the following topics: • • Defining Port Settings Configuring Port Mirroring Defining Port Settings The Port Settings Page contains fields for defining port parameters. To define port general settings: 1.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide 2. The Port Settings Page contains the Zoom View of the device ports. The possible port settings are::Select the Port is active — Indicates that the port is linked. Port is inactive — Indicates that the port is not linked. Port is disabled — Indicates that the port is disabled. Port is selected — Indicates that the port is selected for modification. 3. port(s). Clicking a port toggles it through the possible settings.
Configuring Ports Setting Ports Configurations – Down — Indicates that the port is currently not operating. Note Admin settings, such as Admin Status, Admin Speed and so on, are settings made by an administrator and applied on the device. Current settings, such as Current Port Status, Current Port Speed and so on, are current operational settings received from the device and are read-only. • Current Port Status — Indicates whether the port is currently operational or non-operational.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide • Admin Advertisement — Defines the auto negotiation setting the port advertises. The possible field values are: – – – – – – • • • 100 Half — Indicates that the port advertises for a 100 Mbps speed port and half duplex mode setting. 100 Full — Indicates that the port advertises for a 100 Mbps speed port and full duplex mode setting.
Configuring Ports Setting Ports Configurations Configuring Port Mirroring Port mirroring monitors and mirrors network traffic by forwarding copies of incoming and outgoing packets from one port to a monitoring port. Port mirroring can be used as a diagnostic tool as well as a debugging feature. Port mirroring also enables device performance monitoring.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide • Status — Indicates if the port is currently monitored. The possible field values are: – – 2. Active — Indicates the port is currently monitored. notReady — Indicates the port is not currently monitored. Click Add. The Add Port Mirroring Page opens: Figure 63: Add Port Mirroring Page The Add Port Mirroring Page contains the following fields: • Unit Number— Displays the stacking member for which the port is defined.
Configuring Ports Aggregating Ports 3. 4. 5. Define the Type field. Click Apply. The Port mirroring is modified, and the device is updated. Click Save Config on the menu to permanently save the change. Aggregating Ports Link Aggregation optimizes port usage by linking a group of ports together to form a single trunk. Aggregating ports multiplies the bandwidth between the devices, increases port flexibility, and provides link redundancy.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide Defining Trunk Settings The Trunk Settings Page contains parameters for defining Trunks. To define a port trunk: 1. Click Layer 1 > Trunk Settings. The Trunk Settings Page opens: Figure 65: Trunk Settings Page The Trunk Settings Page displays information about the currently defined trunks and contains the following fields: • Trunk — Displays the trunk name.
Configuring Ports Aggregating Ports • • Flow Control — Displays the flow control status of the trunk. LACP — Indicates if LACP is enabled on the trunk. The possible values are: – – • 2. Enable — LACP is enabled on the trunk. Disable — LACP is disabled on the trunk. PVE — Enables a port to be a Private VLAN Edge (PVE) port. When a port is defined as PVE, it bypasses the Forwarding Database (FDB), and forwards all Unicast, Multicast and Broadcast traffic to an uplink (except MAC-to-me packets).
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide • Current Status — Indicates whether the trunk is currently operational or non-operational. The possible field values are: – – • • • • • • • • • • • • 3. 4. Down — Indicates the trunk is currently not operating. Reactivate Suspended — Reactivates suspended trunks. The possible field values are: – – Checked — Reactivates the selected suspended trunk.
Configuring Ports Aggregating Ports Defining Port Trunking The Port Trunking Page contains information about all port trunks currently defined on the device. To modify Port Trunking settings: 1. Click Layer 1 > Port Trunking. The Port Trunking Page opens: Figure 67: Port Trunking Page The following information is displayed: • • • • Trunk — Displays the ID number of the trunk. Name — Displays the name of the trunk. The name can be up to sixteen alphanumeric characters.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide 3. Click Modify. The Port Trunking Configuration Page opens: Figure 68: Port Trunking Configuration Page In addition to the fields in the The Port Trunking Page, the Port Trunking Configuration Page contains the following additional field: • • Unit Number — Displays the stacking member for which the port trunking parameters are defined. LACP — Indicates if LACP is enabled on the trunk.
Configuring Ports Aggregating Ports Configuring LACP Trunk ports can contain different media types if the ports are operating at the same speed. Aggregated links can be set up manually or automatically established by enabling Link Aggregation Control Protocol (LACP) on the relevant links. Aggregate ports can be linked into link-aggregation port-groups. Each group is comprised of ports with the same speed. The LACP Page contains fields for configuring LACP trunks. To configure LACP for trunks: 1.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide 2. Click Modify. the LACP Configuration Page opens: Figure 70: LACP Configuration Page 3. 4. Define the fields. Click Apply. The LACP settings are saved and the device is updated.
Configuring Interfaces Chapter 8. Configuring Interfaces This section contains information on configuring the interfaces of the device. This section describes the following topics: • • • Defining MAC Addresses Configuring VLANs Defining MAC Based Groups Defining MAC Addresses The MAC Address Page contains parameters for querying information in the Static MAC Address Table and the Dynamic MAC Address Table, in addition to viewing and configuring Unicast addresses.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide The MAC Address Page contains the following fields: • View Static — Displays the static addresses assigned to the ports on the device. • View Dynamic — Displays the dynamic addresses learned on the ports on the device. • View MAC Addresses on Interface — Displays the port’s or trunk’s dynamic or static MAC addresses.
Configuring Interfaces Note When viewed, the information also includes the Type of the address: static or dynamic. 4. Click Apply. The new MAC address is added to the addresses table and the device information is updated. To delete all MAC addresses: 1. Click Layer 2 > MAC Address. The MAC Address Page opens. 2. Click Delete in the Delete All MAC Addresses section of the MAC Address Page.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide Configuring VLANs This section describes how to create and configure Virtual LANs (VLANs). VLANs are logical subgroups within a Local Area Network (LAN) which combine user stations and network devices into a single unit, regardless of the physical LAN segment to which they are attached. VLANs allow network traffic to flow more efficiently within subgroups.
Configuring Interfaces Configuring VLANs Defining VLAN Properties The VLAN Page provides information and global parameters for configuring and working with VLANs. To configure a VLAN: 1. Click Layer 2 > VLAN. The VLAN Page opens: Figure 74: VLAN Page The VLAN Page is divided into two sections. The first section contains the following fields: • VLAN ID — Defines the VLAN ID. Possible VLAN IDs are 1-4095, in which “1” is reserved for the default VLAN, and “4095” is reserved as the “discard” VLAN.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide The second section contains a table that maps VLAN parameters to ports. • • 2. Select the interfaces displayed in the table. – – Ports of Unit — Specifies the port and stacking member for which the VLAN mapping is displayed. – Tagged — Indicates the interface is a tagged member of a VLAN. All packets forwarded by the interface are tagged. The packets contain VLAN information.
Configuring Interfaces Configuring VLANs 3. Click Modify. The VLAN Configuration opens. Figure 76: VLAN Configuration 4. 5. 6. Change the Interface Status setting. Click Apply. The VLAN configuration is modified, and the device is updated. Click Save Config on the menu to permanently save the change.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide Defining VLAN Interface Settings The VLAN Interface Page contains fields for managing ports that are part of a VLAN. To define a VLAN interface: 1. Click Layer 2 > VLAN Interface. The VLAN Interface Page opens: Figure 77: VLAN Interface Page The VLAN Interface Page displays the VLAN interface information for a selected Port/Unit or Trunk: • • • Select the interfaces displayed in the table.
Configuring Interfaces Configuring VLANs – • • Trunk — Indicates the port belongs to VLANs in which all VLANs are tagged, except for one VLAN that is untagged. PVID — Port Default VLAN ID. Assigns a VLAN ID to untagged packets. The possible values are 1-4094. VLAN 4095 is defined as per standard and industry practice as the Discard VLAN. Packets classified to the Discard VLAN are dropped. Frame Type — Specifies the packet type accepted on the port. The possible field values are: – – • • 2. 3.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide Defining GVRP The GVRP Page enables users to configure GARP VLAN Registration Protocol (GVRP) on the device. GVRP is specifically provided for automatic distribution of VLAN membership information among VLAN-aware bridges. GVRP allows VLAN-aware bridges to automatically learn VLANs to bridge ports mapping, without having to individually configure each bridge and register VLAN membership.
Configuring Interfaces Configuring VLANs – • • Trunk — Specifies the trunk for which the GVRP settings are displayed. Interface — Displays the port or trunk name on which GVRP is enabled. GVRP State — Indicates if GVRP is enabled on the port. The possible field values are: – – • Enable — Enables Dynamic VLAN creation on the interface. Disable — Disables Dynamic VLAN creation on the interface. GVRP Registration — Indicates if VLAN registration through GVRP is enabled on the interface.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide Defining MAC Based Groups The MAC Based Groups Page allows network managers to group VLANs based on the VLAN MAC address, and to map groups to VLANs. For these purposes, the page contains two tables: • • MAC-Based Groups table Mapping Groups table To define MAC Based Groups: 1. Click Layer 2 > MAC Based Groups.
Configuring Interfaces Defining MAC Based Groups – • • 2. Trunk —Indicates the specific trunk added to the VLAN group. Group ID — Defines the MAC group ID to which the interface is added. VLAN ID — Attaches the interface to a user-defined VLAN ID. VLAN group ports can be attached to a VLAN ID. The possible field range is 1-4093, and 4095 (4094 is not available for configuration). Below the MAC-Based Groups table, click the Add button.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide To add a mapped group: 1. 2. Click Layer 2 > MAC Based Groups. The MAC Based Groups Page opens: Below the Mapping Group table, click the Add button.
Configuring System Logs Chapter 9. Configuring System Logs This section provides information for managing system logs. System logs enable viewing device events in real time and recording the events for later usage. System Logs record and manage events, and report errors and informational messages.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide The Configure Log Outputs table displays the following log information: • Type — Indicates the log type included in the output. The possible values are: – – – • • • Console — Indicates that the output is of a console log. Temporary — Indicates that the output is of the temporary memory log. Temporary logs are not available after reset. Flash — Indicates that the output is of a Flash memory log.
Configuring System Logs The Add Syslog Page contains the following fields: • Supported IP Format — Indicates the supported Internet Protocol on the device. The possible field values are: – – • IPv4 — Indicates that IPv4 is supported. IPv6 — Indicates that IPv6 is supported. IPv6 Address Type — Defines the type of configurable static IPv6 IP address for an interface.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide Modifying Log Servers Clicking Modify opens the Event Log Configuration Page, in which administrators can modify Server Log entries. To modify a Server Log entry: 1. Select the entry in the Log Table and click Modify. The Event Log Configuration Page opens. Figure 88: Event Log Configuration Page The Event Log Configuration Page contains the following fields: • Enable Logging — Enables logging or disables event logging.
Configuring System Logs 3. Click View. The selected log page opens: Figure 89: View Flash Log Page The View Flash Log Page and View Temporary Log Page list the following information: • Log Index —The log index number. • Log Time — The date and time that the log was entered. • Severity — The severity of the event for which the log entry was created. • Description — The event details. To clear memory logs: 1. Click Clear Logs. Logs are removed from the table. 2. Click Close.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide Page 134
Configuring Spanning Tree Configuring Classic Spanning Tree Chapter 10.Configuring Spanning Tree Spanning Tree Protocol (STP) provides tree topography for any arrangement of bridges. STP also provides a single path between end stations on a network, eliminating loops. Loops occur when alternate routes exist between hosts. Loops in an extended network can cause bridges to forward traffic indefinitely, resulting in increased traffic and reducing network efficiency.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide Defining STP Properties The Spanning Tree Page contains parameters for enabling and configuring STP on the device. To enable STP on the device: 1. Click Layer 2 > Spanning Tree. The Spanning Tree Page opens: Figure 90: Spanning Tree Page The STP General section of the Spanning Tree Page contains the following fields: • Spanning Tree State — Indicates whether STP is enabled on the device.
Configuring Spanning Tree Configuring Classic Spanning Tree • Path Cost Default Values — Specifies the method used to assign default path cost to STP ports. The possible field values are: – – Short — Specifies 1 through 65,535 range for port path cost. This is the default value. Long — Specifies 1 through 200,000,000 range for port path cost. The Bridge Settings section of the Spanning Tree Page contains the following fields: • Priority — Specifies the bridge priority value.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide Defining STP Interfaces Network administrators can assign STP settings to a specific interface (port or trunk) using the STP Interface Configuration Page. The Global trunks section displays the STP information for Link Aggregated Groups. To assign STP settings to an interface (port or trunk): 1. Click Layer 2 > Spanning Tree. The Spanning Tree Page opens. 2. Click Configure.
Configuring Spanning Tree Configuring Classic Spanning Tree • • • • Port Fast — Indicates if Fast Link is enabled on the port. If Fast Link mode is enabled for a port, the Port State is automatically placed in the Forwarding state when the port link is up. Fast Link optimizes the STP protocol convergence. STP convergence can take 30-60 seconds in large networks. The possible field values are: – – – Enable — Enables Port Fast. – – Enable — Enables Root Guard. – – Enable — Enables BPDU Guard.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide • • Forward Transitions — Indicates the number of times the port has changed from Forwarding state to Blocking state. Trunk — Indicates the trunk to which the port belongs. 3. 4. Select the Unit, in the STP Interface Configuration section. Click Modify.
Configuring Spanning Tree Configuring Rapid Spanning Tree To define RSTP on the device: 1. Click Layer 2 > RSTP. The RSTP Page opens: Figure 93: RSTP Page The RSTP Page contains the following fields: • • • Select the interfaces displayed in the table. – – Ports of Unit — Specifies the port and stacking member for which the RSTP settings are displayed. – – – – Root — Provides the lowest cost path to forward packets to the root switch.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide • • • • • Mode — Displays the current STP mode. The STP mode is selected in the Spanning Tree Page. The possible field values are: – – STP — Classic STP is enabled on the device. – – Enable — Enables the device to establish point-to-point links. – Auto — Device automatically determines the state. Rapid STP — Rapid STP is enabled on the device.
Configuring Spanning Tree Configuring Multiple Spanning Tree – Learning — Indicates the port is currently in the learning mode. The interface cannot forward traffic however it can learn new MAC addresses – 3. 4. 5. Disabled — Indicates that STP is currently disabled on the port. The port forwards traffic while learning MAC addresses. Define the Interface, Point to Point Admin Status, and Activate Protocol Migration Test fields. Click Apply.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide Figure 95: MSTP Page The MSTP Page contains the following fields: • Region Name — User-defined STP region name. • Revision — An unsigned 16-bit number that identifies the revision of the current MSTP configuration. The revision number is required as part of the MSTP configuration. The possible field range is 0-65535. • Max Hops — Specifies the total number of hops that occur in a specific region before the BPDU is discarded.
Configuring Spanning Tree Configuring Multiple Spanning Tree Figure 96: MSTP Interface Settings Page Page 145
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide The MSTP Interface Settings Page contains the following fields: • Instance ID — Lists the MSTP instances configured on the device. The possible field range is 1-7. • Interface — Displays the specific interface for this page’s MSTP setting. The possible field values are: • • • • – – Port of Unit — Specifies the port for which the MSTP settings are displayed. – – Enabled — Indicates that STP is enabled on the port.
Configuring Spanning Tree Configuring Multiple Spanning Tree 3. 4. 5. 6. Define the fields. Click Apply. MSTP is defined for the selected interface. Click Save Config on the menu, to save changes permanently. To view the MSTP configurations of all interfaces, click Interface Table. The MSTP Interface Table is displayed. In the MSTP Interface Table, administrators can modify the Interface Priority and Path Cost of any interface.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide Defining MSTP Instance Mappings Network administrators can assign MSTP mapping to a specific instance (port or trunk) using the MSTP Instance Mapping Page. To define MSTP interface mapping: 1. Click Layer 2 > MSTP. The MSTP Page opens. 2. Click Configure next to the Configure Instance Mapping option.
Configuring Spanning Tree Configuring Multiple Spanning Tree Defining MSTP Instance Settings MSTP maps VLANs into STP instances. Packets assigned to various VLANs are transmitted along different paths within Multiple Spanning Tree Regions (MST Regions). Regions are one or more Multiple Spanning Tree bridges by which frames can be transmitted. In configuring MSTP, the MST region to which the device belongs is defined. A configuration consists of the name, revision, and VLANs that belong to an instance.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide 3. 4. 5. Define the fields. Click Apply. MSTP is defined for the selected instance, and the device is updated. The MSTP Page is displayed. Click Save Config on the menu, to save changes permanently.
Configuring Multicast Forwarding Chapter 11.Configuring Multicast Forwarding Multicast forwarding allows a single packet to be forwarded to multiple destinations. Layer 2 Multicast service is based on a Layer 2 switch receiving a single packet addressed to a specific Multicast address. Multicast forwarding creates copies of the packet, and transmits the packets to the relevant ports.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide Configuring IGMP Snooping When IGMP Snooping is enabled globally, all IGMP packets are forwarded to the CPU. The CPU analyzes the incoming packets and determines: • • • Which ports want to join which Multicast groups. Which ports have Multicast routers generating IGMP queries. Which routing protocols are forwarding packets and Multicast traffic.
Configuring Multicast Forwarding • • • • • • • • 2. IGMP Querier Status — Indicates if the specific VLAN can operate as an IGMP Querier. The possible field values are: – – Enable — Enables IGMP Querying on the VLAN. – – IGMPv2 — Indicates that IGMP version 2 is enabled on the device. – – Enable — Enables auto learn Disable — Disables IGMP Querying on the VLAN. IGMP Querier Version — Displays the IGMP Snooping version enabled on the device which functions as an IGMP Snooper of the selected VLAN.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide To modify the IGMP Snooping configuration: 1. Click Multicast > IGMP. The IGMP Page opens. 2. Click Modify. The IGMP Configuration Page opens: Figure 101:IGMP Configuration Page In addition to the IGMP Page, the IGMP Configuration Page contains the following fields: • • Supported IP Format — Indicates that IPv4 is supported.
Configuring Multicast Forwarding To define Multicast Groups: 1. Click Multicast > Multicast Group. The Multicast Group Page opens: Figure 102:Multicast Group Page The Multicast Group Page contains the following fields: • Enable Bridge Multicast Filtering — Indicates if bridge Multicast filtering is enabled on the device. The possible field values are: – – • • • Checked — Enables Multicast filtering on the device. Unchecked — Disables Multicast filtering on the device.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide 3. Click Add. The Add Multicast Group Page opens: Figure 103:Add Multicast Group Page 4. 5. 6. Select the VLAN ID. Enter the Bridge Multicast MAC Address and the Bridge Multicast IPv4 Address. Click Apply. The new Multicast group is saved and the device is updated. To modify a Multicast group: 1. Click Modify. The Multicast Group Configuration Page opens: Figure 104:Multicast Group Configuration Page 2. 3.
Configuring Multicast Forwarding Defining Multicast Forward All Settings Multicast forwarding enables transmitting packets from either a specific Multicast group to a source, or from a nonspecific source to a Multicast group. The Bridge Multicast Forward All Page contains fields for attaching ports or trunks to a device that is attached to a neighboring Multicast router/switch. Once IGMP Snooping is enabled, Multicast packets are forwarded to the appropriate port or VLAN.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide 3. Click Modify. The Multicast Forward All Configuration Page opens: Figure 106:Multicast Forward All Configuration Page 4. 5. Define the Interface Status field. Click Apply. The Multicast Forward All settings are saved and the device is updated.
Configuring Multicast Forwarding Defining Unregistered Multicast Settings Multicast frames are generally forwarded to all ports in the VLAN. If IGMP Snooping is enabled, the device learns about the existence of Multicast groups and monitors which ports have joined what Multicast group. Multicast groups can also be statically enabled. This enables the device to forward the Multicast frames (from a registered Multicast group) only to ports that are registered to that Multicast group.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide 2. Click Modify. The Unregistered Multicast Configuration Page opens: Figure 108:Unregistered Multicast Configuration Page 3. 4. Define the Unregistered Multicast field. The. Click Apply. The Multicast Forward All settings are saved and the device is updated.
Configuring SNMP Chapter 12.Configuring SNMP Simple Network Management Protocol (SNMP) provides a method for managing network devices. Equipment commonly managed with SNMP includes switches, routers and host computers. SNMP is typically used to configure these devices for proper operation in a network environment, as well as to monitor them to evaluate performance or detect potential problems. Managed devices supporting SNMP contain software, which runs locally on the device and is referred to as an agent.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide Enabling SNMP The SNMP Global Page provides fields for globally enabling and configuring SNMP on the device. To enable SNMP: 1. Click SNMP > Global. The SNMP Global Page opens: Figure 109:SNMP Global Page The SNMP Global Page contains the following fields: • Local Engine ID (9-64 Hex Characters) — Displays the engine number. • Use Default — Restores default SNMP settings, using the Local Engine ID.
Configuring SNMP Defining SNMP Communities Access rights are managed by defining communities in the SNMP Community Page. When the community names are changed, access rights are also changed. SNMP communities are defined only for SNMPv1 and SNMPv2c. Note The device switch is delivered with no community strings configured. To define SNMP communities: 1. Click SNMP > Community. The SNMP Global Page opens.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide • • Access Mode — Defines the access rights of the community. The possible field values are: – Read Only — Management access is restricted to read-only, and changes cannot be made to the community. – Read Write — Management access is read-write and changes can be made to the device configuration, but not to the community.
Configuring SNMP The Add SNMP Community Page contains the following fields: • Supported IP Format — Indicates the supported Internet Protocol on the device. The possible field values are: – – • IPv4 — Indicates that IPv4 is supported. IPv6 — Indicates that IPv6 is supported. IPv6 Address Type — Defines the type of configurable static IPv6 IP address for an interface.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide To modify SNMP community settings: 1. Select an SNMP community entry in the Basic table or in the Advanced Table. 2. Click Modify. The Community Configuration Page opens: Figure 112: Community Configuration Page 3. 4. Define the Basic or Advanced configuration of the community. Click Apply. The SNMP community settings are modified, and the device is updated.
Configuring SNMP Defining SNMP Groups The SNMP Group Page provides information for creating SNMP groups, and assigning SNMP access control privileges to SNMP groups. Groups allow network managers to assign access rights to specific device features, or feature aspects. To define an SNMP group: 1. Click SNMP > Groups.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide • • 2. Security Level — Defines the security level attached to the group. Security levels apply to SNMPv3 only. The possible field values are: – No Authentication — Indicates that neither the Authentication nor the Privacy security levels are assigned to the group. – Authentication — Authenticates SNMP messages, and ensures that the SNMP message’s origin is authenticated. – Privacy — Encrypts SNMP messages.
Configuring SNMP To modify an SNMP group: 1. Click SNMP > Groups. The SNMP Group Page opens. 2. Click Modify. The Group Configuration Page opens: Figure 115: Group Configuration Page 3. 4. Define the Group Name, Security Level, Security Model, and Operation fields. Click Apply. The SNMP group profile is saved.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide Defining SNMP Users The SNMP Users Page enables assigning system users to SNMP groups, as well as defining the user authentication method. To define SNMP group membership: 1. Click SNMP > Users. The SNMP Users Page opens: Figure 116: SNMP Users Page The SNMP Users Page contains the following fields: • • • User Name — Contains a list of user-defined user names. The field range is up to 30 alphanumeric characters.
Configuring SNMP • Authentication — Displays the method used to authenticate users. The possible field values are: – – – 2. MD5 Key — Users are authenticated using the HMAC-MD5 algorithm. SHA Key — Users are authenticated using the HMAC-SHA-96 authentication level. MD5 Password — The HMAC-MD5-96 password is used for authentication. The user should enter a password. – SHA Password — Users are authenticated using the HMAC-SHA-96 authentication level. The user should enter a password.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide • Authentication Key — Defines the HMAC-MD5-96 or HMAC-SHA-96 authentication level. The authentication and privacy keys are entered to define the authentication key. If only authentication is required, 16 bytes are defined. If both privacy and authentication are required, 32 bytes are defined. Each byte in hexadecimal character strings is two hexadecimal digits. Each byte can be separated by a period or a colon.
Configuring SNMP Defining SNMP Views The SNMP views provide or block access to device features or portions of features. Feature access is granted via the MIB name or MIB Object ID. To define SNMP views: 1. Click SNMP > Views. The SNMP Views Page opens: Figure 119: SNMP Views Page The SNMP Views Page contains the following fields: • • • View Name — Displays the user-defined views. The view name can contain a maximum of 30 alphanumeric characters.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide 2. Click Add. The Add SNMP VIew Page opens: Figure 120:Add SNMP VIew Page 3. 4. Define the View Name field. Select the Object ID Subtree using one of the following options: – Select from List — Select the Subtree from the list provided. Pressing the Up and Down buttons allows you to change the priority by moving the selected subtree up or down in the list. – 5.
Configuring SNMP Defining Notification Recipients The SNMP Notify Page contains fields for defining SNMP notification recipients. The page contains information for defining filters that determine whether traps are sent to specific users, and the trap type sent. SNMP notification filters provide the following services: • • • • Identifying Management Trap Targets Trap Filtering Selecting Trap Generation Parameters Providing Access Control Checks To configure SNMP notification recipients: 1.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide SNMPv1,2c Notification Recipient The SNMP v1, v2c Recipient table contains the following fields: • Recipients IP Address — Displays the IP address to which the traps are sent. • Notification Type — Displays the type of notification sent. The possible field values are: – – • • • Inform — Indicates that informs are sent. Community String — Displays the community string of the trap manager.
Configuring SNMP 2. Click Add. The Add Notify Page opens: Figure 122:Add Notify Page In addition to the SNMP Notify Page, the Add Notify Page contains the following fields: • Supported IP Format — Indicates the supported Internet Protocol on the device. The possible field values are: – – • IPv4 — Indicates that IPv4 is supported. IPv6 — Indicates that IPv6 is supported. IPv6 Address Type — Defines the type of configurable static IPv6 IP address for an interface.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide 3. 4. 5. Define the fields. Click Apply. The notification recipient settings are saved and the device is updated. Click Save Config on the menu to save the changes permanently. To modify notification settings: 1. 2. Click SNMP > Notify. The SNMP Notify Page opens. Select an entry from one of the tables and click Modify. The SNMP Notify Configuration Page opens. Figure 123:SNMP Notify Configuration Page 3. 4. 5.
Configuring SNMP Defining Notification Filters The SNMP Notification Filter Page permits filtering traps based on OIDs. Each OID is linked to a device feature or a portion of a feature. The SNMP Notification Filter Page also allows network managers to filter notifications. To configure SNMP notification filters: 1. Click SNMP > Notify. The SNMP Notify Page opens. 2. Click Configure next to Configure Notification Filters.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide To add an SNMP notification filter: 1. Click the Add button. The Add SNMP Notification Filter Page opens: Figure 125:Add SNMP Notification Filter Page The Add SNMP Notification Filter Page contains the following fields: • • Filter Name — Contains a list of user-defined notification filters. Object ID Tree — Displays the OID for which notifications are sent or blocked.
Configuring LLDP Chapter 13.Configuring LLDP Link Layer Discovery Protocol (LLDP) is a Layer 2 protocol that allows a network device supporting the 802.1ab standard to advertise its identity and capabilities on a local network. LLDP allows network managers to troubleshoot and enhance network management by discovering and maintaining network topologies over multi-vendor environments.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide Defining Global LLDP Properties The LLDP Properties Page allows network managers to assign global LLDP parameters. To enable and configure LLDP on the device: 1. Click LLDP > Properties. The LLDP Properties Page opens: Figure 126:LLDP Properties Page The LLDP Properties Page contains fields for configuring LLDP: • Enable LLDP — Indicates if LLDP is enabled on the device.
Configuring LLDP • Transmit Delay (1 - 8192) — Indicates the amount of time that passes between successive LLDP frame transmissions due to changes in the LLDP local systems MIB. The possible field range is 1 - 8192 seconds. The default value is 2 seconds. A Tx delay < 0.25 is recommended for the TLV Adv Interval. – 2. 3. 4. 5. 6. 7. Use Default — Selecting the check box returns settings to default. Select Enable in the LLDP Status checkbox.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide • • • 2. State — Indicates the LLDP state on the port. The possible field values are: – – – – Tx Only — Enables transmitting LLDP packets only. – – Stop Advertising — Indicates the IP address is not advertised. This is the default setting. Rx Only — Enables receiving LLDP packets only. Tx & Rx — Enables transmitting and receiving LLDP packets. This is the default value.
Configuring LLDP Defining LLDP Media Endpoint Discovery Network Policy LLDP Media Endpoint Discovery (LLDP MED) is an enhancement to the 802.1ab standard. LLDP MED increases network flexibility by allowing different IP systems to co-exist on a single network. LLDP MED: • • • • 1. Provides detailed network topology information, including what devices are located on the network, and where the devices are located.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide • • • • 2. – Guest VLAN Signaling — Indicates that the network policy is defined for a Guest VLAN Signalling application. – – – – Softphone Voice — Indicates that the network policy is defined for a Softphone Voice application. – – Tagged — Indicates the network policy is defined for tagged VLANs. Video Conferencing — Indicates that the network policy is defined for a Video Conferencing application.
Configuring LLDP To modify a network policy setting: 1. Click LLDP > Profile Rules: The LLDP MED Network Policy Page opens. 2. Click Modify. The Network Policy Settings Configuration Page opens: Figure 131:Network Policy Settings Configuration Page 3. 4. Define the fields. Click Apply. The network policy setting is saved, and the device is updated.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide Defining LLDP MED Port Settings The LLDP MED Port Settings Page contains parameters for assigning LLDP network policies to specific ports. To configure LLDP MED port settings: 1. Click LLDP > LLDP-MED Port Settings. The LLDP MED Port Settings Page opens: Figure 132:LLDP MED Port Settings Page The LLDP MED Port Settings Page contains the following fields: • Unit No.
Configuring LLDP 2. Click Modify. The Modify LLDP MED Port Settings Page opens: Figure 133:Modify LLDP MED Port Settings Page In addition to the fields in the LLDP MED Port Settings Page, the Modify LLDP MED Port Settings Page contains the following additional fields: • Available TLVs/Tx Optional TLVs — Contains a list of available TLVs that can be advertised by the port. The possible field values are: – – – • • • • 3. 4. 5. 6. 7. Network Policy — Advertises network policies attached to the port.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide Viewing the LLDP Neighbors Information The LLDP Neighbors Information Page contains information received from neighboring device LLDP advertisements. To view LLDP Neighbor information: 1. Click LLDP > Neighbors Information. The LLDP Neighbors Information Page opens: Figure 134:LLDP Neighbors Information Page The LLDP Neighbors Information Page contains the following fields: • Unit No.
Configuring LLDP 2. Click Details to view the Neighbors Information Details Page for ports. Figure 135:Neighbors Information Details Page The Neighbors Information Details Page contains the following fields: • Port — The port for which detailed information is displayed. • Auto-Negotiation Status — The auto-negotiation status of the port. The possible field values are: – – • • • • • • • Enabled — Auto-negotiation is enabled on the port. Disabled — Auto-negotiation is disabled on the port.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide LLDP MED Power over Ethernet The port PoE information. • • • • Power Type — Indicates the power type advertised on the port. Power Source — Indicates the power source advertised on the port. Power Priority — Indicates the port’s power priority advertised on the port. Power Value — Indicates the port’s power value, in Watts advertised on the port. Inventory Hardware Revision — Displays the hardware version number.
Configuring Power Over Ethernet Chapter 14.Configuring Power Over Ethernet This section describes configuring Power over Ethernet (PoE) for an AT-S9 device. PoE only applies to the supporting AT-8000S devices. Power-over-Ethernet (PoE) provides power to devices over existing LAN cabling, without updating or modifying the network infrastructure. Power-over-Ethernet removes the necessity of placing network devices next to power sources.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide To enable PoE for the device: 1. Click System > Power Over Ethernet. The Power Over Ethernet Page opens: Figure 136:Power Over Ethernet Page The Power Over Ethernet Page contains the following fields: Global PoE Configuration • Power Threshold — Indicates the percentage of power consumed before an alarm is generated. The value range is 1-99 percent; the default value is 95 percent.
Configuring Power Over Ethernet 4. 5. Click Modify. PoE is enabled on the device and global settings are saved. The new threshold is immediately activated on the device. Click Save Config on the menu to permanently save the change.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide Defining Power Over Ethernet Configuration To modify PoE port settings: 1. In the Power Over Ethernet Page Zoom View, click the port(s) to modify. The port indication changes to Port is selected. 2. Click Modify.
Configuring Power Over Ethernet – Fault — Indicates one of the following: –The powered device test has failed. For example, a port could not be enabled and cannot be used to deliver power to the powered device. –The device has detected a fault on the powered device. For example, the powered device memory could not be read. – 3. 4. 5. Test — Indicates the powered device is being tested. For example, a powered device is tested to confirm it is receiving power from the power supply.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide Page 198
Configuring Services Section 15. Configuring Services This section describes Quality of Service related configurations. QoS supports activating one of the following Trust settings: • • • VLAN Priority Tag DiffServ Code Point None Only packets that have a Forward action are assigned to the output queue, based on the specified classification.
Configuring Services Enabling Class of Service (CoS) The CoS Page enables configuring the CoS ports or trunks on the device. To configure CoS ports or trunks on the device: 1. Click Services > CoS. The CoS Page opens: Figure 138:CoS Page As a default the CoS Page opens displaying the port options. The fields are identical when displaying the trunk CoS. The CoS Page contains the following fields: • • • Enable QoS Mode — Indicates if QoS is enabled on the device.
Configuring Services • • • Interface — Displays the interface number. Default CoS— Determines the default CoS value for incoming packets for which a VLAN tag is not defined. The possible field values are 0-7. The default CoS is 0. This field appears in the CoS Ports table. Restore Defaults — Restores the factory CoS defaults. The possible field values are: – – 2. 3. 4. Checked — Restores the factory CoS defaults on the interface. Unchecked — Maintains the current CoS settings.
Configuring Services Configuring CoS Queueing and Scheduling The CoS Queuing & Scheduling Page provides fields for configuring CoS Priority to Egress Queues and for defining Egress Weights. The queue settings are set system-wide. When configuring QoS for stacking, note that stacking only uses three queues. To define schedule and queue settings for Quality of Service: 1. Click Services > Queuing & Scheduling.
Configuring Services Mapping CoS Values to Queues The Configure CoS Page contains fields for classifying CoS settings to traffic queues. When configuring QoS for stacking, note that stacking only uses three queues. To set CoS to queue: 1. Click Services > Queuing & Scheduling. The CoS Queuing & Scheduling Page opens: 2. In the Configure Priority to Egress Queues section, select Configure CoS. 3. Click Configure.
Configuring Services Mapping DSCP Values to Queues The Configure DSCP Page contains fields for classifying DSCP settings to traffic queues. For example, a packet with a DSCP tag value of 3 can be assigned to queue 2. To set DSCP to queues: 1. Click Services > Queuing & Scheduling. The CoS Queuing & Scheduling Page opens: 2. In the Configure Priority to Egress Queues section, select Configure DSCP. 3. Click Configure.
Configuring Services Configuring QoS Bandwidth The Bandwidth Page allows network managers to define the bandwidth settings for a specified egress interface. The Bandwidth Page is not used with the Service mode, as bandwidth settings are based on services. To configure bandwidth: 1. Click Services > Bandwidth.
Configuring Services As a default the Bandwidth Page opens displaying the port options. The fields are identical when displaying the trunk CoS. The Bandwidth Page contains the following fields: • Select the interfaces displayed in the table. • • • – – Ports of Unit — Specifies the port and stacking member for which the bandwidth settings are displayed. – – Status — Enables or disables rate limiting for ingress interfaces. Disable is the default value.
System Utilities Chapter 16.System Utilities The configuration file structure involves the following configuration files: • Startup Configuration File — Contains the commands required to reconfigure the device to the same settings as when the device is powered down or rebooted. The Startup file is created by copying the configuration commands from the Running Configuration file or the Backup Configuration file.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide Restoring the Default Configuration The Reset to Factory Defaults function restores the Configuration file to factory defaults during device reset. When this option is not selected, the device maintains the current Configuration file. To restore the default system configuration: 1. Click Utilities > System Utilities.
System Utilities 2. 3. Select the After Reset image file. Click Apply (below the table). The factory defaults are restored, and the device is updated. The device reboots. Defining TFTP File Uploads and Downloads The File System Page contains parameters for system uploads and downloads and for copying firmware and configuration files. To define file upload and download settings: 1.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide • Link Local Interface — If Link Local is selected as the supported IPv6 Address Type, indicates the supported interface. The possible field values are: – – • • • VLAN 1 — Indicates that VLAN 1 is supported. Tunnel 1 — Indicates that ISATAP tunneling (Tunnel 1) mechanism is supported. TFTP Operation — Defines the type of TFTP operation and the type of file.
System Utilities The Configuration Copy section of the File System Page contains the following fields: • Copy Configuration— Allows the copy configuration operation. • Source File Name — Specifies the configuration file type to be copied. – Startup Configuration — Copies the Startup Configuration file, and overwrites the old Startup Configuration file. – • Running Configuration — Copies the Running Configuration file. Destination File Name — Specifies the destination file type to create.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide Viewing Integrated Cable Tests The Cable Test Page contains fields for performing tests on copper cables. Cable testing provides diagnostic information about where errors occurred in the cable, the last time a cable test was performed, and the type of cable error that occurred. The tests use Time Domain Reflectometry (TDR) technology to test the quality and characteristics of a copper cable attached to a port.
System Utilities 3. 4. Click Test. The cable test is performed. Click Advanced. The Cable Test Configuration Page opens, and the copper cable test results are displayed.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide Viewing Optical Transceivers The Optical Transceivers Page allows network managers to perform tests on Fiber Optic cables. Optical transceiver diagnostics can be performed only when the link is present. To view transceiver diagnostics: 1. Click Utilities > Optical Transceivers. The Optical Transceivers Page opens: Figure 149:Optical Transceivers Page The Optical Transceivers Page contains the following fields: • Unit No.
System Utilities Resetting the Device The Reset Page enables the user to reset the system. Save all changes to the Startup Configuration file before resetting the device. This prevents the current (Running) device configuration from being lost. To reset the device: 1. Click Utilities > Reset. The Reset Page opens. Figure 150:Reset Page 2. 3. 4. Select the Reset Unit No. Select a specific unit number in the dropdown list or select Stack to reset all stack members simultaneously. Click Reset.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide Page 216
Viewing Statistics Viewing Device Statistics Chapter 17.Viewing Statistics This section provides device statistics for RMON, interfaces, and Etherlike. This section contains the following topics: • • Viewing Device Statistics Managing RMON Statistics Viewing Device Statistics This section contains the following topics: • • Viewing Interface Statistics Viewing Etherlike Statistics Viewing Interface Statistics The interface page contains statistics for both received and transmitted packets.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide The Interface Statistics Page contains the following fields: • Select the interfaces displayed in the table. • – – – – Unit No. — Specifies the unit for which the Etherlike statistics are displayed. – – – – 15 Sec — Indicates that the Interface statistics are refreshed every 15 seconds. Port — Specifies the port for which the interface statistics are displayed.
Viewing Statistics Viewing Device Statistics Viewing Etherlike Statistics The Etherlike Statistics Page displays interface statistics. To view Etherlike statistics: 1. Click Statistics > Etherlike. The Etherlike Statistics Page opens: Figure 152:Etherlike Statistics Page The Etherlike Statistics Page contains the following fields: • Select the interfaces displayed in the table. – – – • Unit No. — Specifies the unit for which the Etherlike statistics are displayed.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide – • • • • • • • • 2. No Refresh — Indicates that the Etherlike statistics are not refreshed. Frame Check Sequence (FCS) Errors — Displays the number of FCS errors received on the selected interface. Single Collision Frames — Displays the number of single collision frames received on the selected interface. Late Collisions — Displays the number of late collision frames received on the selected interface.
Viewing Statistics Managing RMON Statistics Figure 153:RMON Statistics Page The RMON Statistics Page contains the following fields: • Select the interfaces displayed in the table. – – – • Unit No. — Specifies the unit for which the RMON statistics are displayed. Port — Specifies the port for which the RMON statistics are displayed. Trunk — Defines the specific trunk for which the RMON statistics are displayed. Refresh Rate — Defines the frequency of the RMON statistics updates.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide – • • • • • • • • • • • No Refresh—Indicates that the RMON statistics are not refreshed. Received Bytes (Octets) — Displays the number of octets received on the interface since the device was last refreshed. This number includes bad packets and FCS octets, but excludes framing bits.
Viewing Statistics Managing RMON Statistics Configuring RMON History The RMON History Page contains information about samples of data taken from ports. For example, the samples may include interface definitions or polling periods. To view RMON history information: 1. Click Statistics > RMON History. The RMON History Page opens: Figure 154:RMON History Page The RMON History Page contains the following fields: • • History Entry No. — Displays the history control entry number.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide Figure 155:Add RMON History Page 3. 4. Define the Source Interface, Owner, Max. No. of Samples to Keep, and Sampling Interval fields. Click Apply. The new entry is added to the history table, and the device is updated. To edit an RMON history entry: 1. Click Statistics > RMON History. The RMON History Page opens. 2. Click Modify. The RMON History Configuration Page opens: Figure 156:RMON History Configuration Page 3. 4.
Viewing Statistics Managing RMON Statistics Viewing the RMON History Table The RMON History Table Page contains interface specific statistical network samplings. Each table entry represents all counter values compiled during a single sample. To view the RMON History Table: 1. Click Statistics > RMON History. The RMON History Page opens. 2. Click View. The RMON History Table Page opens: Figure 157:RMON History Table Page The RMON History Table Page contains the following fields: • • History Entry No.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide Each table entry represents all counter values compiled during a single sample. • • • • Sample No. — Displays the entry number for the History Control Table page. Received Bytes (Octets) — Displays the number of octets received on the interface since the device was last refreshed. This number includes bad packets and FCS octets, but excludes framing bits.
Viewing Statistics Managing RMON Statistics Configuring RMON Events The RMON Events Page contains fields for defining, modifying and viewing RMON events statistics. To add an RMON event: 1. Click Statistics > RMON Events. The RMON Events Page opens: Figure 158:RMON Events Page The RMON Events Page contains the following fields: • Event Entry — Displays the event. • Community — Displays the community to which the event belongs. • Description — Displays the user-defined event description.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide Figure 159:Add RMON Events Page 3. 4. Define the Community, Description, Type and Owner fields. Click Apply. The event entry is added and the device is updated. To modify the RMON Event entry settings: 1. Click Statistics > RMON Events. The RMON Events Page opens. 2. Click Modify. The RMON Events Configuration Page opens 3. Select an event entry and define the fields for the entry. 4. Click Apply.
Viewing Statistics Managing RMON Statistics Figure 160:RMON Events Logs Page The RMON Events Logs Page contains the following event log information: • Event — Displays the RMON Events Log entry number. • Log No. — Displays the log number. • Log Time — Displays the time when the log entry was entered. • Description — Displays the log entry description. 3. Click RMON Event to return to the RMON Events Page.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide Defining RMON Alarms The RMON Alarm Page contains fields for setting network alarms. Network alarms occur when a network problem, or event, is detected. Rising and falling thresholds generate events. To set RMON alarms: 1. Click Statistics > RMON Alarm. The RMON Alarm Page opens: Figure 161:RMON Alarm Page The RMON Alarm Page contains the following fields: • Alarm Entry — Indicates a specific alarm.
Viewing Statistics Managing RMON Statistics – • • Absolute — Compares the values directly with the thresholds at the end of the sampling interval. • • Rising Threshold — Displays the rising counter value that triggers the rising threshold alarm. Rising Event — Displays the event that triggers the specific alarm. The possible field values are userdefined RMON events. Falling Threshold — Displays the falling counter value that triggers the falling threshold alarm.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide Figure 163:Alarm Configuration Page 3. 4. Define the fields. Click Apply. The RMON alarm is saved, and the device is updated.
Managing Stacking Stacking Overview Chapter 18.Managing Stacking This section describes the stacking control management and includes the following topics: • • Stacking Overview Configuring Stacking Management Stacking Overview Stacking provides multiple switch management through a single point as if all stack members are a single unit. All stack members are accessed through a single IP address through which the stack is managed.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide After the stacking issues are resolved, the device can be reconnected to the stack without interruption, and the Ring topology is restored. Stacking Chain Topology In a chain topology, there are two units that have only one neighbor. Every unit has an uplink neighbor and a downlink neighbor. The chain topology is less robust than the ring topology. A failure in the chain results in a topology change to the stack.
Managing Stacking Configuring Stacking Management During the Warm Standby, the Master and the Secondary Master are synchronized with the static configuration only. When the Stacking Master is configured, the Stacking Master must synchronize the Secondary Master. The Dynamic configuration is not saved, for example, dynamically learned MAC addresses are not saved.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide Figure 164:Stacking Page The Stacking Page contains the following stack configuration fields: • Force Master — The unit is forced to be master of the stack. Note that only Unit 1 or Unit 2 can be the stack master. Select None for the system to decide which of the two master-enabled units is the master in the stack. • Unit No. — Indicates the Unit ID assigned to the unit in the current stacking configuration. • Unit No.
Downloading Software with the CLI Connecting a Terminal Appendix A. Downloading Software with the CLI This section describes how to download system files using the Command Line Reference (CLI), and includes the following topics: • • • Connecting a Terminal Initial Configuration Downloading Software Connecting a Terminal Before connecting a device, ensure that the device has been installed according to the instructions described in the Allied Telesis AT-S94 Installation Guide.
Downloading Software with the CLI Initial Configuration Initial Configuration Before a device can download system software, the device must have an initial configuration of IP address and network mask.
Downloading Software with the CLI Downloading Software To check the configuration, enter the command “show ip interface” as illustrated in the following example. Console# show ip interface Proxy ARP is disabled IP Address I/F Type Broadcast Directed ------------ ------ ------ --------- 100.101.101.101/24 vlan 1 static disable User Name A user name is used to manage the device remotely, for example through SSH, Telnet, or the Web interface.
Downloading Software with the CLI Downloading Software 2. Enter the copy command to download the boot file. Console# copy tftp://172.16.101.101/file2.rfb boot Accessing file 'file2' on 172.16.101.101... Loading file1 from 172.16.101.
Downloading Software with the CLI Downloading Software 5. Enter the “copy” command to download the system file. Console# copy tftp://172.16.101.101/file1.ros image Accessing file 'file1' on 172.16.101.101... Loading file1 from 172.16.101.
Downloading Software with the CLI Downloading Software Stacking Member Software Download Ensure the stack has been correctly connected as described in the Allied Telesis AT-S94 Installation Guide. Downloading software to Stacking Members can be performed in the following ways: • Download the software to an individual device in the stack. In this example the software is downloaded to the device defined as Stacking Member number 3. Download the software to all devices in the stack.
Downloading Software with the CLI Downloading Software 5. Enter the “copy” command to download the system file. Console# copy tftp://172.16.101.101/file1.ros unit://3/image Accessing file 'file1' on 172.16.101.101... Loading file1 from 172.16.101.
System Defaults Appendix B.
System Defaults RS-232 Port Settings RS-232 Port Settings The following table contains the RS-232 port setting defaults: Data Bits 8 Stop Bits 1 Parity None Flow Control None Baud Rate 115,200 bps Port Defaults The following are the port defaults: Auto Negotiation Enabled Auto Negotiation advertised capabilities Enabled Auto MDI/MDIX Enabled Head of Line Blocking Enabled Back Pressure Disabled Flow Control Disabled Cable Analysis Disabled Optical Transceiver Analysis Disabled Ma
System Defaults Configuration Defaults Configuration Defaults The following are the initial device configuration defaults: Default User Name manager Default Password friend System Name None Comments None BootP Enabled DHCP Disabled Security Defaults The following are the system security defaults: Locked Ports Disabled 802.
System Defaults Spanning Tree Defaults Spanning Tree Defaults The following are the spanning tree defaults: STP Enabled STP Port Enabled Rapid STP Enabled Multiple STP Disabled Fast Link Disabled Path Cost Long Address Table Defaults The following the Address Table defaults: Number of MAC Entries 8,000 MAC Address Aging Time 300 seconds VLAN-Aware MACbased Switching Enabled VLAN Defaults The following are the VLAN defaults: Possible VLANs 256 GVRP Disabled Management VLAN VLAN 1 J
System Defaults Trunking Defaults Trunking Defaults The following are the trunking defaults: Possible Trunks 8 Possible Ports per Trunk 8 LACP Ports/Trunk 16 Multicast Defaults The following are the Multicast defaults: IGMP Snooping Disable Maximum Multicast Groups 256 QoS Defaults The following are the QoS defaults: QoS Mode Disable Queue Mapping Cos Queue 0 2 1 1 2 1 3 2 4 3 5 3 6 4 7 4 DSCP Queue 1 0-15 2 16-31 3 32-47 4 48-63 Page 248
Index Index Numerics 802.1x port access 70 A Absolute 231 Access control defining entries 77 Access Control Lists (ACL) - see ACL Access level 64 Access profiles defining 43 rules 47 ACEs defining 77 ACL 91 define binding 91 defining 77 Addresses IPv4 24 Admin Port Control 73 ForceAuthorized 73 aging time 24 Alarms RMON, defining 230 Authentication enable profiles 51 key 172 methods 73 802.
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide D Daylight Saving Time (DST) 39 configuration broadcast time 38 DST per country 41 parameters 39 Default configuration restoring 208 Default gateway 24 Delta 230 device management methods 43, 45 Devices powered 193 DHCP general settings 23 system configuration 24 DHCP Snooping 93, 94, 99 database 99 Option 82 93, 94 settings 94 VLANs 95 DSCP 202, 204 trust mode 200 E Egress Shaping Rates CoS bandwidth 206 Engine ID 170 Etherlike s
Index defining 115 VLAN ID 116 MAC Based ACL 77 Management methods access profile 45 profile rules 48 Management Station advanced SNMP community 164 IP address 163 MDI/MDIX port status 104 MED LLDP port settings 188 MED network policy 185 Mirroring port 105 MSTP defining 143, 144 mapping 148 Multicast bridging groups, defining 154 forwarding 151, 157 groups 152 ports, joining 152 Multiple Spanning Tree Protocol (MSTP) see MSTP N Notifications 162, 176 O Object ID 173 Offset 38, 40 Operation mode STP 136 Op
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide security configuration 68 status 103 Port-based authentication 67 Power optical transceivers 214 Power Over Ethernet (PoE) configuration enabling 194 configuring 193 power, maximum 194 threshold 193, 194 Powered devices 193 Priority 146 Privacy key 172 Private VLAN Edge (PVE) enable 104, 110 trunk settings 109 Profiles 44, 47, 51 PVID 123 Q QoS mode enabled 200 Queues configuring 202 DSCP priority 204 traffic forward 203 R RADIUS
Index operation mode 136 port configuration 138 SSH - see Secure Telnet (SSH) Stacking 233 chain topology 234 configuration 235 management interfaces 233 members 234 ring topology 233 Stacking Master 234 Status port 103 STP - see Spanning Tree State (STP) Stratum 38 Strict Priority 199, 202 Suspended 103 Syslog add UDP port 131 System time 37 T TACACS+ authenticating 52 configuring 56 Telnet access profile rule 45 authentication profiles 55 Terminal Access Controller Access Control System (TACACS+) - see T
Allied Telesis AT-S94 Management Software Web Browser Interface User’s Guide Page 254
