Management Software AT-S94 WEB User’s Guide AT-8000S Series Stackable Gigabit Ethernet Switches Version 2.0.0 613-001104 Rev.
Copyright © 2008 Allied Telesis, Inc. All rights reserved. No part of this publication may be reproduced without prior written permission from Allied Telesis, Inc. Allied Telesis is a trademark of Allied Telesis, Inc. Microsoft and Internet Explorer are registered trademarks of Microsoft Corporation. Netscape Navigator is a registered trademark of Netscape Communications Corporation.
Table of Contents Table of Contents Preface.................................................................................................................................... 7 Web Browser Interface User’s Guide Overview .............................................................................. 8 Intended Audience........................................................................................................................... 8 Document Conventions ............................................
Table of Contents Configuring Network Security ........................................................................................................ 63 Managing Port Security ...........................................................................................................................63 Defining 802.1x Port Access....................................................................................................................66 Enabling Storm Control.......................................
Table of Contents Configuring Multicast Forwarding ....................................................................................... 150 Configuring IGMP Snooping ..................................................................................................................151 Defining Multicast Bridging Groups .......................................................................................................153 Defining Multicast Forward All Settings ..........................................
Table of Contents Managing Stacking ............................................................................................................. 231 Stacking Overview.......................................................................................................................231 Stacking Ring Topology.........................................................................................................................231 Stacking Chain Topology...................................................
Preface Preface This guide contains instructions on how to configure an AT-8000S Series Layer 2+ Fast Ethernet Switch using the interface in the Embedded Management System (EWS). The Embedded Management System enables configuring, monitoring, and troubleshooting of network devices remotely via a web browser. The web pages are easy-to-use and easy-to-navigate.
Preface Web Browser Interface User’s Guide Overview Web Browser Interface User’s Guide Overview The Web Browser Interface User’s Guide provides the following sections: • Section 1,“Getting Started” — Provides information for using the Embedded Web Management System, including adding, editing, and deleting configurations. • Section 2, “Defining System Information” — Provides information for defining basic device information.
Preface Document Conventions Document Conventions This document uses the following conventions: Note Provides related information or information of special importance. Caution Indicates potential damage to hardware or software, or loss of data. Warning Indicates a risk of personal injury. Contacting Allied Telesis This section provides Allied Telesis contact information for technical support as well as sales or corporate information.
Getting Started Starting the Application Section 1. Getting Started This section provides an introduction to the Web Browser Interface, and includes the following topics: • • • • • Starting the Application User Interface Components Logging Out Resetting the Device Configurable Login Banner Starting the Application This section contains information for starting the application. The login information is configured with a default user name and password.
Getting Started Starting the Application Figure 1: 3. 4. 5. Embedded Web System Login Page Enter manager in the User Name field. Enter friend in the Password field. Click Sign In.
Getting Started Starting the Application Figure 2: System General Page Page 12
Getting Started Using the Web Browser Interface Using the Web Browser Interface This section provides general information about the interface, and describes the following topics: • • • • Viewing the Device Representation User Interface Components Using the Management Buttons Adding, Modifying and Deleting Information Viewing the Device Representation Zoom Views provide a graphical representation of the device ports.
Getting Started Using the Web Browser Interface User Interface Components The System General Page example shows the interface components. Figure 4: System General Page The following table lists the interface components with their corresponding numbers: Table 1: Interface Components Comp on en t Des cription 1 Menu The Menu provides easy navigation through the main management software features. In addition, the Menu provides general navigation options.
Getting Started Using the Web Browser Interface Using the Management Buttons Management buttons provide an easy method of configuring device information, and include the following: Table 2: Butto n Configuration Management Buttons Bu t to n Na me D escr ip tio n Add Opens a page which creates new configuration entries. Create Opens a page which creates new configuration entries. Modify Modifies the configuration settings.
Getting Started Using the Web Browser Interface Table 2: Butto n Configuration Management Buttons Bu t to n Na me D escr ip tio n Test Performs a diagnostic test. Clear All Counters Removes all counters. The application menu includes the following general purpose buttons: Configuration Opens the default configuration page (System General). Login Signs the user into the WBI, starts the management session. Logout Signs the user out of the WBI, ending the management session.
Getting Started Using the Web Browser Interface Adding, Modifying and Deleting Information The WBI contains and tables for configuring devices. User-defined information can be added, modified or deleted in specific WBI pages. To add information to tables or WBI pages: 1. Open a WBI page. 2. Click Add. An Add page opens, for example, the Add Community Page: Figure 5: 3. 4. Add Community Page Define the fields. Click Apply. The configuration information is saved, and the device is updated.
Getting Started Using the Web Browser Interface Figure 6: Local User Settings Page 4. Define the fields. 5. Click Apply. The fields are modified, and the information is saved to the device. To delete information in tables or WBI pages: 1. 2. 3. Open the WBI page. Select a table row. Click Delete. The information is deleted, and the device is updated. Saving Configurations User-defined information can be saved for permanent use or until next update, not just for the current session.
Getting Started Logging Out Logging Out The Logout option enables the user to log out of the device thereby terminating the running session. To log out: • In any page, click Logout on the menu.
Getting Started Resetting the Device Resetting the Device The Reset option enables resetting the device from a remote location. Note Save all changes to the Running Configuration file before resetting the device. This prevents the current device configuration from being lost. See also "System Utilities". To reset the device: 1. In the System General Page, click Reset. You are prompted to confirm. 2. Click OK. The device is reset. Resetting the device ends the web browser management session.
Defining System Information Section 2. Defining System Information The System General Page contains general device information, including system name and its IPv4 addressing, administrator and passwords information, Dynamic Host Configuration Protocol (DHCP) configuration and MAC Address Aging Time. To define the general system information: 1. Click System > General.
Defining System Information • Default Gateway — The IP address of a router for remote management of the device. The address must be entered in the format: xxx.xxx.xxx.xxx. The default value is 0.0.0.0. Note Packets are forwarded to the default IP when frames are sent to a remote network via the default gateway. The configured IP address must belong to the same subnet as one of the IP interfaces.
Configuring Internet Protocol Version 6 Section 3. Configuring Internet Protocol Version 6 The device functions as an IPv6 compliant Host, as well as an IPv4 Host (also known as dual stack). This allows device operation in a pure IPv6 network as well as in a combined IPv4/IPv6 network. The primary change from IPv4 to IPv6 is the length of network addresses. IPv6 addresses are 128 bits long, whereas IPv4 addresses are 32 bits; allowing a much larger address space.
Configuring Internet Protocol Version 6 In addition to the dynamically configured IPv6 interfaces, there are two types of static IP addresses that can be configured on an IPv6 interface: • Link Local Addresses — Defines a Link Local address that is non-routable and used for communication on the same network only. • Global Addresses — Defines a globally unique IPv6 address; visible and reachable from different subnets.
Configuring Internet Protocol Version 6 The IPv6 Interface Table on the IPv6 Interface Page displays the IPv6 interfaces defined on the selected Interface. This table contains the following fields: • Check Box — Deletes the selected IPv6 interface. The first IPv6 interface entry displayed in the table is read-only and represents the automatically generated Link Local IPv6 address that cannot be removed or modified. The possible field values are: • – – Checked — Removes the selected IPv6 interface.
Configuring Internet Protocol Version 6 Adding Multiple IPv6 Addresses The Add IPv6 Address Page allows the user to add multiple IPv6 addresses to an existing IPv6 interface. 1. Click Add. The Add IPv6 Address Page opens. Figure 10: Add IPv6 Address Page In addition to the fields in the Add IPv6 Address Page, the Add IPv6 Address Page contains the following field: • EUI-64 — Indicates the interface ID (low-order 64 bits of the IPv6 address) is built from the system base MAC address.
Configuring Internet Protocol Version 6 Defining the IPv6 Default Gateway The IPv6 Default Gateway Page enables you to configure the IPv6 address of the next hop that can be used to reach the network. Two IPv6 Link-Local address formats are used: standard and one with a specified IPv6 interface identifier. For IPv6, the configuration of the default gateway is not mandatory, as hosts can automatically learn of the existence of a router on the local network via the router advertisement procedure.
Configuring Internet Protocol Version 6 – • Tunnel Type — Specifies the means by which the default gateway was configured. The possible field values are: – – • 2. 3. Static — Indicates the default gateway is user-defined. Dynamic — Indicates the default gateway is dynamically configured. State — Displays the default gateway status. The following states are available: Incomplete, Reachable, Stale, Delay, Probe and Unreachable. Select an Interface. Click Add. The Add Static Default Gateway Page opens.
Configuring Internet Protocol Version 6 Configuring Tunnels The Tunneling Page defines the tunneling process on the device, which encapsulates IPv6 packets in IPv4 packets for delivery across an IPv4 network. The Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) address assignment and automatic tunneling mechanism is used for Unicast communication between IPv6/IPv4 nodes in an IPv4 intranet. To define Tunneling: 1. Click System > Tunneling. The Tunneling Page opens.
Configuring Internet Protocol Version 6 • • • 2. Domain Name Query Interval (10-3600) — Specifies the interval between DNS Queries (before the IP address of the ISATAP router is known) for the automatic tunnel router domain name. The range is 10 - 3600 seconds. The default is 10 seconds. ISATAP Router Solicitation Interval (10-3600) — Specifies the interval between router solicitations messages when there is no active router. The range is 10 - 3600 seconds. The default is 10.
Configuring Internet Protocol Version 6 The IPv6 Neighbors Page contains the following fields: View IPV6 Neighbors • View Static — Displays the static IPv6 address entries from the IPv6 Neighbor Table. • View Dynamic — Displays the dynamic IPv6 address entries from the IPv6 Neighbor Table. • View IPv6 Address — Displays the currently configured neighbor IPv6 address entries from the IPv6 • Neighbor Table.
Configuring Internet Protocol Version 6 3. Click Add. The Add IPv6 Neighbor Page opens. Figure 15: Add IPv6 Neighbor Page 4. 5. Define the static IPv6 Address and MAC Address fields. Click Apply. The IPv6 Neighbors entry is defined, and the device is updated. To modify IPv6 Neighbor entries: 1. Click System > IPv6 Neighbors. The IPv6 Neighbors Page opens. 2. Select the IPv6 Address field to be edited. 3. Click Modify. The IPv6 Neighbor Configuration Page opens. Notes • 4. 5.
Configuring Internet Protocol Version 6 To view IPv6 Neighbor entries: 1. Click System > IPv6 Neighbors. The IPv6 Neighbors Page opens. 2. Select an interface. 3. Click View. The View IPv6 Neighbors Page opens. Figure 16: View IPv6 Neighbors Page The View IPv6 Neighbors Page contains the following fields: • Interface — Displays the interface (VLAN) on which the IPv6 interface is configured. • IPv6 Address — Defines the currently configured neighbor IPv6 address.
Configuring System Time Section 4. Configuring System Time The System Time Page provides information for configuring system time parameters, including: • • • Setting the System Clock Configuring SNTP Configuring Daylight Saving Time Setting the System Clock The System Time Page contains fields for defining system time parameters for both the local hardware clock and the external SNTP clock.
Configuring System Time • • System Date — Sets the system date. The field format is Day/Month/Year. For example: 04/May/2050 (May 4, 2050). Time Zone Offset — The difference between Greenwich Mean Time (GMT) and local time. For example, the Time Zone Offset for Paris is GMT +1, while the Time Zone Offset for New York is GMT –5. To set the system clock: 1. Select the system time mode. 2. Define the System Date, System Time and Time Zone Offset fields. 3. Click Apply in each section.
Configuring System Time To define SNTP global parameters: 1. Click System > System Time. The System Time Page opens. The Simple Network Time Protocol (SNTP) section of the System Time Page contains the following fields: • Status — Indicates if SNTP is enabled on the device. The possible field values are: – – Disabled — Indicates that SNTP is disabled. Enabled — Indicates that SNTP is enabled.
Configuring System Time • • Time Set Offset — Used for non-USA and European countries to set the amount of time for DST (in minutes). The default time is 60 minutes. The range is 1-1440 minutes. From — Indicates the time that DST begins in countries other than the USA and Europe, in the format Day/ Month/Year in one field and HH:MM in another. For example, if DST begins on October 25, 2007 at 5:00 am, the two fields should be set to 25/Oct./07 and 05:00.
Configuring System Time • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • Bahamas — From April to October, in conjunction with Daylight Savings Time in the United States. Belarus — From the last weekend of March until the last weekend of October. Belgium — From the last weekend of March until the last weekend of October. Brazil — From the third Sunday in October until the third Saturday in March.
Configuring System Time • • • • • • • • • • Slovak Republic - From the last weekend of March until the last weekend of October. South Africa — South Africa does not use Daylight Saving Time. Spain — From the last weekend of March until the last weekend of October. Sweden — From the last weekend of March until the last weekend of October. Switzerland — From the last weekend of March until the last weekend of October. Syria — From March 31 until October 30. Taiwan — Taiwan does not use Daylight Saving Time.
Configuring Device Security Section 5. Configuring Device Security This section describes setting security parameters for ports, device management methods, users, and servers.
Configuring Device Security Configuring Management Security Configuring Management Security This section provides information for configuring device management security, device authentication methods, users and passwords. This section includes the following topics: • • • • Defining Access Profiles Defining Profile Rules Defining Authentication Profiles Mapping Authentication Profiles Defining Access Profiles Access profiles are profiles and rules for accessing the device.
Configuring Device Security Configuring Management Security To define access profiles: 1. Click Mgmt. Security > Access Profile. The Access Profile Page opens: Figure 18: Access Profile Page The Access Profile Page contains a table listing the currently defined profiles and their active status: • • Access Profile Name — The name of the profile. The access profile name can contain up to 32 characters. Current Active Access Profile — Indicates if the profile is currently active.
Configuring Device Security Configuring Management Security 2. Click Add. The Add Access Profile Page opens: Figure 19: Add Access Profile Page In addition to the Access Profile Page, the Add Access Profile Page contains the following fields: • • • Access Profile Name — Defines the name of a new access profile. Rule Priority — Defines the rule priority. When the packet is matched to a rule, user groups are either granted permission or denied device management access.
Configuring Device Security Configuring Management Security • Supported IP Format — Defines the supported Internet Protocol on which the access profile is defined. The possible field values are: – – • IPv6 — Indicates that IPv6 is supported. IPv6 Address Type — If IPv6 is selected as a Supported IP Format, defines the supported Unicast address type. The possible field values are: – – • IPv4 — Indicates that IPv4 is supported.
Configuring Device Security Configuring Management Security Defining Profile Rules Access profiles can contain up to 128 rules that determine which users can manage the device module, and by which methods. Users can also be blocked from accessing the device. Rules are composed of filters including: • • • • • • Rule Priority Interface Management Method IP Address Prefix Length Forwarding Action To define profile rules: 1. Click Mgmt.
Configuring Device Security Configuring Management Security • Management Method — Defines the management method for which the rule is defined. Users with this access profile can access the device using the management method selected. The possible field values are: – – • • • Telnet — Assigns Telnet access to the rule. If selected, users accessing the device using Telnet meeting access profile criteria are permitted or denied access to the device. – Secure Telnet (SSH) — Assigns SSH access to the rule.
Configuring Device Security Configuring Management Security – • • 3. 4. 5. IPv6 — Indicates that IPv6 is supported. IPv6 Address Type — If IPv6 is selected as a Supported IP Format, defines the supported Unicast address type. The possible field values are: – – Link Local — Specifies that link local addressing is supported by the interface. – – VLAN 1 — Specifies that VLAN 1 is supported. Global — Specifies that global Unicast addressing is supported by the interface.
Configuring Device Security Configuring Management Security To modify an access rule: 1. Click Mgmt. Security > Profile Rules: The Profile Rules Page opens. 2. Click Modify. The Profiles Rules Configuration Page opens: Figure 22: Profiles Rules Configuration Page 3. 4. Define the fields. Click Apply. The profile rule is saved, and the device is updated.
Configuring Device Security Configuring Management Security Defining Authentication Profiles Authentication profiles allow network administrators to assign authentication methods for user authentication. User authentication can be performed either locally or on an external server. User authentication occurs in the order the methods are selected. If the first authentication method is not available, the next selected method is used.
Configuring Device Security Configuring Management Security 2. – RADIUS — Authenticates the user at the RADIUS server. For more information, see Defining RADIUS Server Settings. – TACACS+ — Authenticates the user at the TACACS+ server. For more information, see Defining TACACS+ Host Settings. – Local, RADIUS — Indicates that authentication first occurs locally. If authentication cannot be verified locally, the RADIUS server authenticates the management method.
Configuring Device Security Configuring Management Security Figure 24: Add Authentication Profile Page 3. 4. 5. 6. Select the type of function to configure for the profile: Method or Login. Enter the Profile Name. Using the arrows, move the method(s) from the Optional Method list to the Selected Method list. Click Apply. The authentication profile is defined. The profile is added to the profiles table and the device is updated. To modify the authentication profile settings: 1. Click Mgmt.
Configuring Device Security Configuring Management Security Figure 25: Authentication Profile Configuration Page 3. 4. 5. Select the Profile Name from the list. Using the arrows, move the method(s) from the Optional Method list to the Selected Method list. Click Apply. The profile settings are saved and the device is updated.
Configuring Device Security Configuring Management Security Mapping Authentication Profiles After authentication profiles are defined, they can be applied to management access methods. For example, console users can be authenticated by Authentication Profile List 1, while Telnet users are authenticated by Authentication Profile List 2. Authentication methods are selected using arrows. The order in which the methods are selected is the order by which the authentication methods are used.
Configuring Device Security Configuring Management Security • Secure HTTP — Indicates that authentication methods are used for secure HTTP access. The possible methods are: – – – – • Local — Authentication occurs locally. RADIUS — Authenticates the user at the RADIUS server. TACACS+ — Authenticates the user at the TACACS+ server. None — Indicates that no authentication method is used for access. HTTP — Indicates that authentication methods are used for HTTP access.
Configuring Device Security Configuring Server Based Authentication Configuring Server Based Authentication Network administrators assign authentication methods for user authentication. User authentication can be performed locally, or on an external server. User authentication occurs in the order the methods are selected. If the first authentication method is not available, the next selected method is used.
Configuring Device Security Configuring Server Based Authentication Figure 27: TACACS+ Page The TACACS+ Page contains the following fields: • Supported IP Format — Indicates that IPv4 is supported. • Timeout for Reply — Defines the time interval, in seconds, that passes before the connection between the device and the TACACS+ server times out. The field range is 1-30 seconds and the default is 5 seconds. • Key String — Defines the default key string. • Server # — Displays the server number.
Configuring Device Security Configuring Server Based Authentication Figure 28: Add TACACS+ Page 3. 4. Define the fields. Click Apply. The TACACS+ profile is saved, and the device is updated.
Configuring Device Security Configuring Server Based Authentication To modify TACACS+ server settings: 1. Click Mgmt. Protocols > TACACS+. The TACACS+ Page opens. 2. Click Modify. The TACACS+ Configuration Page opens: Figure 29: TACACS+ Configuration Page 3. 4. Define the relevant fields. Click Apply. The TACACS+ settings are modified, and the device is updated.
Configuring Device Security Configuring Server Based Authentication Configuring RADIUS Remote Authorization Dial-In User Service (RADIUS) servers provide additional security for networks. RADIUS servers provide a centralized authentication method for web access. In addition, RADIUS servers, when activated, record device management sessions on Telnet, serial and WEB and/or 802.1x authentication sessions.
Configuring Device Security Configuring Server Based Authentication • Default Dead Time — Defines the default amount of time (in minutes) that a RADIUS server is bypassed for service requests. The range is 0-2000. • Default Source IPv4 Address — Defines the default IPv4 address. • Default Source IPv6 Address — Defines the default IPv6 address. • Default Key String — Defines the default key string used for authenticating and encrypting all RADIUS-communications between the device and the RADIUS server.
Configuring Device Security Configuring Server Based Authentication 2. Click Add. The Add RADIUS Page opens. Figure 31: Add RADIUS Page 3. 4. Define the fields. Click Apply. The RADIUS profile is saved, and the device is updated.
Configuring Device Security Configuring Server Based Authentication To modify RADIUS server settings: 1. Click Mgmt. Protocols > RADIUS. The RADIUS Page opens: 2. Click Modify. The RADIUS Configuration Page opens: Figure 32: RADIUS Configuration Page 3. 4. Define the relevant fields. Click Apply. The RADIUS server settings are modified, and the device is updated.
Configuring Device Security Configuring Server Based Authentication Configuring Local Users Network administrators can define users, passwords, and access levels for users using the Local Users Page. To configure local users and passwords: 1. Click Mgmt. Security > Local Users. The Local Users Page opens: Figure 33: Local Users Page The Local Users Page displays the list of currently defined local users and contains the following fields: • User Name — Displays the user’s name.
Configuring Device Security Configuring Server Based Authentication 2. Click Create. The Add Local User Page opens: Figure 34: Add Local User Page In addition to the fields in the Local Users Page, the Add Local User Page contains the following fields: • Password — Defines the local user password. Local user passwords can contain up to 159 characters. • Confirm Password — Verifies the password. 3. 4. Define the fields. Click Apply. The user is added to the Local Users table and the device is updated.
Configuring Device Security Configuring Server Based Authentication To modify local users: 1. Click Mgmt. Security > Local Users. The Local Users Page opens. 2. Click Modify. The Local Users Configuration Page opens: Figure 35: Local Users Configuration Page 3. 4. Define the User Name, Access Level, Password, and Confirm Password fields. Click Apply. The local user settings are defined, and the device is updated.
Configuring Device Security Configuring Server Based Authentication Defining Line Passwords Network administrators can define line passwords in the Line Password Page. The administrator enters the new password in the Password column and then confirms it in the Confirm Password column. After the line password is defined, a management method is assigned to the password. The device can be accessed using the following methods: • • • Console Telnet Secure Telnet To define line passwords: 1. Click Mgmt.
Configuring Device Security Configuring Network Security Configuring Network Security Network security manages locked ports. Port-based authentication provides traditional 802.1x support, as well as, Guest VLANs. Guest VLANs limited network access to authorized ports. If a port is denied network access via port-based authorization, but the Guest VLAN is enabled, the port receives limited network access.
Configuring Device Security Configuring Network Security To configure secure ports: 1. Click Network Security > Port Security. The Port Security Page opens: Figure 37: Port Security Page The Port Security Page displays the Zoom View of the selected stacking member’s (defined in the Unit No. field) ports. The possible port indicators are: Port is active — Indicates that the port is linked. Port is inactive — Indicates that the port is not linked. Port is disabled — Indicates that the port is disabled.
Configuring Device Security Configuring Network Security 4. Click Modify. The Port Security Configuration Page opens: Figure 38: Port Security Configuration Page The Port Security Configuration Page contains the following fields: • Interface — Displays the port name. • Action On Violation— Indicates the intruder action defined for the port. Indicates the action to be applied to packets arriving on a locked port.
Configuring Device Security Configuring Network Security 6. 7. Click Apply. The port security settings are saved and the device is updated. Click Save Config on the menu to save the changes permanently. Defining 802.1x Port Access The 802.1x Port Access Page allows enabling port access globally, defining the authentication method, and configuration of port roles and settings. To configure 802.1x port access parameters: 1. Click Network Security > 802.1x Port Access. The 802.
Configuring Device Security Configuring Network Security For example, a network administrator can use Guest VLANs to deny network access via port-based authentication, but grant Internet access to unauthorized users. The possible field values are: – – • • Enable — Enables Guest VLAN. Disable — Disables Guest VLAN. Guest VLAN ID — Specifies the VLAN ID assigned to the Guest VLAN. Guest VLAN — Sets Guest VLAN timers for the device. The possible field values are: – – Join Timer — Enables the join timer.
Configuring Device Security Configuring Network Security To modify port based authentication settings: 1. Click Modify.
Configuring Device Security Configuring Network Security The Port Authentication Settings Page contains the following port authentication parameters: • • • Port — Displays a list of interfaces on which port-based authentication is enabled. User Name — Displays the supplicant user name. Admin Port Control — Indicates the port state. The possible field values are: – • Auto —Enables port-based authentication on the device.
Configuring Device Security Configuring Network Security • Enable Periodic Reauthentication — Permits port reauthentication. The possible field values are: – – Enable — Enables port reauthentication. This is the default value. • Disable — Disables port reauthentication. Reauthentication Period — Displays the time span (in seconds) in which the selected port is reauthenticated. The field default is 3600 seconds. Reauthenticate Now — Reauthenticates the port immediately.
Configuring Device Security Configuring Network Security Enabling Storm Control Storm control limits the amount Multicast and Broadcast frames accepted and forwarded by the device. When Layer 2 frames are forwarded, Broadcast, and Multicast frames are flooded to all ports on the relevant VLAN. This occupies bandwidth, and loads all nodes on all ports. A Broadcast Storm is a result of an excessive amount of Broadcast messages simultaneously transmitted across a network by a single port.
Configuring Device Security Configuring Network Security The Storm Control Page displays the Zoom View of the selected stacking member’s (defined in the Unit No. field) ports. The possible port indicators are: Port is active — Indicates that the port is linked. Port is inactive — Indicates that the port is not linked. Port is disabled — Indicates that the port is disabled. Port is selected — Indicates that the port is selected for modification. Select a port to configure.
Configuring Device Security Defining Access Control Defining Access Control Access Control Lists (ACL) allow network managers to define classification actions and rules for specific ingress ports. Your switch supports up to 256 ACLs. Packets entering an ingress port, with an active ACL, are either admitted or denied entry. If they are denied entry, the user can disable the port. ACLs are composed of access control entries (ACEs) that are made of the filters that determine traffic classifications.
Configuring Device Security Defining Access Control The MAC Based ACL Page contains the following fields: • • • • • • • • • • • • • ACL Name — Displays the specific MAC based ACLs. Remove ACL — Deletes the specified ACL. The possible field values are: – – Checked — Deletes the ACL when user clicks the Apply button. – – – Permit — Forwards packets which meet the ACL criteria. Unchecked — Maintains the ACL.
Configuring Device Security Defining Access Control 2. Click the Add ACL button. The Add MAC Based ACL Page opens: Figure 44: Add MAC Based ACL Page 3. 4. 5. 6. In the ACL Name field, type a name for the ACL. Enable Rule Priority and define the ACL’s relevant fields. Click Apply. The MAC Based ACL configuration is defined and the device is updated. Click Save Config on the menu to save the changes permanently.
Configuring Device Security Defining Access Control Adding ACE Rules 1. 2. Click Network Security > MAC Based ACL. The MAC Based ACL Page opens. Click the Add ACE button. The Add MAC Based ACE Page opens. Figure 45: Add MAC Based ACE Page 3. 4. 5. Define the fields. Click Apply. The MAC Based ACE rule is defined and the device is updated. Click Save Config on the menu to save the changes permanently. To modify the MAC Based ACL configuration: 1. Click Network Security > MAC Based ACL.
Configuring Device Security Defining Access Control Figure 46: IPv4 Based ACL Page The IPv4 Based ACL Page contains the following fields: • • • • ACL Name — Displays the specific IP based ACLs. Remove ACL — Deletes the specified ACL. The possible field values are: – – Checked — Deletes the ACL when user clicks the Apply button. – ICMP — Internet Control Message Protocol (ICMP). The ICMP allows the gateway or destination host to communicate with the source host.
Configuring Device Security Defining Access Control – HMP — Host Mapping Protocol (HMP). Collects network information from various networks hosts. HMP monitors hosts spread over the internet as well as hosts in a single network. – RDP — Remote Desktop Protocol (RDP). Allows clients to communicate with the Terminal Server over the network. – – – – – IDPR — Matches the packet to the Inter-Domain Policy Routing (IDPR) protocol. IDRP— Matches the packet to the Inter-Domain Routing Protocol (IDRP).
Configuring Device Security Defining Access Control • Destination – – • IPv4 Address — Matches the destination port IPv4 address to which packets are addressed to the ACE. Mask — Defines the destination IP address wildcard mask. Wildcard masks specify which bits are used and which bits are ignored. A wild card mask of 255.255.255.255 indicates that no bit is important. A wildcard of 0.0.0.0 indicates that all the bits are important. Flag Set — Sets the indicated TCP flag that can be triggered.
Configuring Device Security Defining Access Control 2. Click the Add ACL Button. The Add IPv4 Based ACL Page opens: Figure 47: Add IPv4 Based ACL Page In addition to the IPv4 Based ACL Page, the Add IPv4 Based ACL Page contains the following fields: • Match QoS — Enables or disables the ACL classification to identify flows based on QoS values, such as DSCP or IP Precedence. The possible field values are: – Checked — Enables identification of flows based on QoS values.
Configuring Device Security Defining Access Control Adding ACE Rules 1. 2. Click Network Security > IPv4 Based ACL. The IPv4 Based ACL Page opens. Click the Add ACE button. The Add IPv4 Based ACE Page opens. Figure 48: Add IPv4 Based ACE Page 3. 4. 5. Define the fields. Click Apply. The IPv4-based ACE rule is defined and the device is updated. Click Save Config on the menu to save the changes permanently. To modify the IPv4-based ACL configuration: 1. Click Network Security > IPv4 Based ACL.
Configuring Device Security Defining Access Control Defining IPv6 Based ACL The IPv6 Based ACL Page contains information for defining IPv6-based ACLs, including defining the ACEs defined for IPv6-based ACLs. 1. Click Network Security > IPv6 Based ACL. The IPv6 Based ACL Page opens. Figure 49: IPv6 Based ACL Page The IPv6 Based ACL Page contains the following fields: • • • • ACL Name — Displays the specific IPv6-based ACLs. Remove ACL — Deletes the specified ACL.
Configuring Device Security Defining Access Control • • • • Destination Port — Defines the TCP/UDP destination port. This field is active only if 800/6-TCP or 800/17UDP are selected in the Select from List drop-down menu. The possible field range is 0 - 65535. Source – – IPv6 Address — Matches the source port IPv6 address from which packets are addressed to the ACE. – – IPv6 Address — Matches the destination port IPv6 address to which packets are addressed to the ACE.
Configuring Device Security Defining Access Control 2. Click the Add ACL Button. The Add IPv6 Based ACL Page opens: Figure 50: Add IPv6 Based ACL Page In addition to the IPv6 Based ACL Page, the Add IPv6 Based ACL Page contains the following fields: • Match QoS — Enables or disables the ACL classification to identify flows based on QoS values, such as DSCP or IP Precedence. The possible field values are: – Checked — Enables identification of flows based on QoS values.
Configuring Device Security Defining Access Control Adding ACE Rules 1. 2. 3. 4. 5. Click Network Security > IPv6 Based ACL. The IPv6 Based ACL Page opens. Click the Add ACE button. The Add IPv6 Based ACL Page opens. Define the fields. Click Apply. The IPv6-based ACE rule is defined and the device is updated. Click Save Config on the menu to save the changes permanently. To modify the IPv6-based ACL configuration: 1. Click Network Security > IPv6 Based ACL. The IPv6 Based ACL Page opens. 2. Click Modify.
Configuring Device Security Defining Access Control Defining ACL Binding When an ACL is bound to an interface, all the ACE rules that have been defined are applied to the selected interface. Whenever an ACL is assigned on an interface, flows from that ingress interface that do not match the ACL are matched to the default rule, which is Drop unmatched packets. 1. Click Network Security > ACL Binding.
Configuring Device Security Defining Access Control 2. Click the Modify button. The ACL Binding Configuration opens: Figure 52: ACL Binding Configuration The ACL Binding Configuration contains the following fields: • Interface — Choose the interface to which the ACL is bound. The possible values are: – – • 3. 4. 5. Port — Port associated with the ACL. Trunk — Trunk associated with the ACL. Select IPv4 Based ACL, IPv6 Based ACL or MAC Based ACL — Choose the ACL that is bound to the interface.
Configuring DHCP Snooping Section 6. Configuring DHCP Snooping DHCP Snooping expands network security by providing an extra layer of security between untrusted interfaces and DHCP servers. By enabling DHCP Snooping network administrators can identify between trusted interfaces connected to end-users or DHCP Servers, and untrusted interface located beyond the network firewall. DHCP Snooping filters untrusted messages.
Configuring DHCP Snooping Defining DHCP Snooping General Properties The DHCP Snooping General Page contains parameters for enabling DHCP Snooping on the device. To define DHCP Snooping on the device: 1. Click DHCP Snooping > General. The DHCP Snooping General Page opens: Figure 53: DHCP Snooping General Page The DHCP Snooping General Page contains the following fields: • • Enable DHCP Snooping Status — Indicates if DHCP Snooping is enabled on the device.
Configuring DHCP Snooping • • • 2. 3. 4. Backup Database — Indicates if the DHCP Snooping Database is enabled. The possible field values are: – – Enable — Enables storing allotted IP addresses in the DHCP Snooping Database. – – Enable — Enables DHCP Option 82 Insertion on the device. Disable — Disables storing allotted IP addresses in the DHCP Snooping Database. This is the default value. Database Update Interval — Indicates how often the DHCP Snooping Database is updated.
Configuring DHCP Snooping To define DHCP Snooping on VLANs: 1. Click DHCP Snooping > VLAN Settings. The VLAN Settings Page opens: Figure 54: VLAN Settings Page The VLAN Settings Page contains the following fields: • • 2. 3. VLAN ID — Indicates the VLAN to be added to the Enabled VLAN list. Enabled VLANs — Contains a list of VLANs for which DHCP Snooping is enabled. Select the VLAN name from the VLAN ID list and click Add. This VLAN name then appears in the Enabled VLANs list.
Configuring DHCP Snooping To define trusted interfaces: 1. Click DHCP Snooping > Trusted Interfaces. The Trusted Interfaces Page opens: Figure 55: Trusted Interfaces Page The Trusted Interfaces Page contains the following fields: • Select the interfaces displayed in the table. – – • • 2. Ports of Unit — Displays the stacking member whose trusted interface configuration is displayed. Trunk — Displays the trunks whose trusted interface configuration is displayed.
Configuring DHCP Snooping 3. In the table, select an interface and click Modify. The Trusted Configuration Page opens. Figure 56: Trusted Configuration Page 4. • Edit the following field: Trusted Status — Indicates whether the interface is a Trusted Interface. – – 5. 6. Enable — Interface is a trusted interface. Disable — Interface is an untrusted interface. Click Apply. The Trusted Interfaces configuration is defined and the device is updated.
Configuring DHCP Snooping Binding Addresses to the DHCP Snooping Database The Binding Database Page contains parameters for querying and adding IP addresses to the DHCP Snooping Database. To bind addresses to the DHCP Snooping database: 1. Click DHCP Snooping > Binding Database. The Binding Database Page opens: Figure 57: Binding Database Page 2. Define any of the following fields as a query filter: Query Parameters MAC Address — Indicates the MAC addresses recorded in the DHCP Database.
Configuring DHCP Snooping Query Results The Query Results table contains the following fields: • • • • • MAC Address — Indicates the MAC address found during the query. VLAN ID — Displays the VLAN ID to which the IP address is attached in the DHCP Snooping Database. IPv4 Address — Indicates the IPv4 address found during the query. Interface — Indicates the specific interface connected to the address found during the query. Type — Displays the IP address binding type.
Configuring Ports Setting Ports Configurations Section 7. Configuring Ports Port Configuration includes the following procedures for configuring ports and trunks on the device. • • Setting Ports Configurations Aggregating Ports Setting Ports Configurations This section contains the following topics: • • Defining Port Settings Configuring Port Mirroring Defining Port Settings The Port Settings Page contains fields for defining port parameters. To define port general settings: 1.
Configuring Ports Setting Ports Configurations The Port Settings Page contains the Zoom View of the device ports. The possible port settings are: Port is active — Indicates that the port is linked. Port is inactive — Indicates that the port is not linked. Port is disabled — Indicates that the port is disabled. Port is selected — Indicates that the port is selected for modification. 2. 3. :Select the port(s). Clicking a port toggles it through the possible settings. Click Modify.
Configuring Ports Setting Ports Configurations The Port Setting Configuration Page contains the following fields: • Port— Lists the names of configured ports. • Description — Provides a user-defined port description. • Port Type — Indicates the type of port. • Admin Status — Displays the link administrative status. The possible field values are: – – Up — Indicates that the port is currently operating. Down — Indicates that the port is currently not operating.
Configuring Ports Setting Ports Configurations • Admin Advertisement — Defines the auto negotiation setting the port advertises. The possible field values are: – – – – – – • • • 100 Half — Indicates that the port advertises for a 100 Mbps speed port and half duplex mode setting. 100 Full — Indicates that the port advertises for a 100 Mbps speed port and full duplex mode setting. 1000 Full — Indicates that the port advertises for a 1000 Mbps speed port and full duplex mode setting.
Configuring Ports Setting Ports Configurations Configuring Port Mirroring Port mirroring monitors and mirrors network traffic by forwarding copies of incoming and outgoing packets from one port to a monitoring port. Port mirroring can be used as a diagnostic tool as well as a debugging feature. Port mirroring also enables device performance monitoring.
Configuring Ports Setting Ports Configurations • Status — Indicates if the port is currently monitored. The possible field values are: – – 2. Active — Indicates the port is currently monitored. Ready — Indicates the port is not currently monitored. Click Add. The Add Port Mirroring Page opens: Figure 62: Add Port Mirroring Page The Add Port Mirroring Page contains the following fields: • Unit Number— Displays the stacking member for which the port is defined.
Configuring Ports Setting Ports Configurations 3. 4. 5. Define the Type field. Click Apply. The Port mirroring is modified, and the device is updated. Click Save Config on the menu to permanently save the change.
Configuring Ports Aggregating Ports Aggregating Ports Link Aggregation optimizes port usage by linking a group of ports together to form a single trunk. Aggregating ports multiplies the bandwidth between the devices, increases port flexibility, and provides link redundancy. The device supports both static trunks and Link Aggregation Control Protocol (LACP) trunks. LACP trunks negotiate aggregating port links with other LACP ports located on a different device.
Configuring Ports Aggregating Ports Defining Trunk Settings The Trunk Settings Page contains parameters for defining Trunks. To define a port trunk: 1. Click Layer 1 > Trunk Settings. The Trunk Settings Page opens: Figure 64: Trunk Settings Page The Trunk Settings Page displays information about the currently defined trunks and contains the following fields: • Trunk — Displays the trunk name. • Description — Displays the user-defined trunk name and/or description.
Configuring Ports Aggregating Ports • • Flow Control — Displays the flow control status of the trunk. LACP — Indicates if LACP is enabled on the trunk. The possible values are: – – • 2. Enable — LACP is enabled on the trunk. Disable — LACP is disabled on the trunk. PVE — Enables a port to be a Private VLAN Edge (PVE) port. When a port is defined as PVE, it bypasses the Forwarding Database (FDB), and forwards all Unicast, Multicast and Broadcast traffic to an uplink (except MAC-to-me packets).
Configuring Ports Aggregating Ports • Current Status — Indicates whether the trunk is currently operational or non-operational. The possible field values are: – – • • • • • • • • • • • • 3. 4. Down — Indicates the trunk is currently not operating. Reactivate Suspended — Reactivates suspended trunks. The possible field values are: – – Checked — Reactivates the selected suspended trunk. – – – Suspended — The trunk is currently active, and is not receiving or transmitting traffic.
Configuring Ports Aggregating Ports Defining Port Trunking The Port Trunking Page displays information about the defined trunks. To modify Port Trunking settings: 1. Click Layer 1 > Port Trunking. The Port Trunking Page opens: Figure 66: Port Trunking Page The Port Trunking Page contains information about all port trunks currently defined on the device. The following information is displayed: • • • • Trunk — Displays the ID number of the trunk. Name — Displays the name of the trunk.
Configuring Ports Aggregating Ports 3. Click Modify. The Port Trunking Configuration Page opens: Figure 67: Port Trunking Configuration Page In addition to the fields in the The Port Trunking Page, the Port Trunking Configuration Page contains the following additional field: • • Unit Number — Displays the stacking member for which the port trunking parameters are defined. LACP — Indicates if LACP is enabled on the trunk. The possible field values are: – – Checked — Enables LACP on the trunk. 4.
Configuring Ports Aggregating Ports Configuring LACP Trunk ports can contain different media types if the ports are operating at the same speed. Aggregated links can be set up manually or automatically established by enabling Link Aggregation Control Protocol (LACP) on the relevant links. Aggregate ports can be linked into link-aggregation port-groups. Each group is comprised of ports with the same speed. The LACP Page contains fields for configuring LACP trunks. To configure LACP for trunks: 1.
Configuring Ports Aggregating Ports 2. Click Modify. the LACP Configuration Page opens: Figure 69: LACP Configuration Page 3. 4. Define the fields. Click Apply. The LACP settings are saved and the device is updated.
Configuring Interfaces Section 8. Configuring Interfaces This section contains information on configuring the interfaces of the device. This section describes the following topics: • • • Defining MAC Addresses Configuring VLANs Defining MAC Based Groups Defining MAC Addresses The MAC Address Page contains parameters for querying information in the Static MAC Address Table and the Dynamic MAC Address Table, in addition to viewing and configuring Unicast addresses.
Configuring Interfaces The MAC Address Page contains the following fields: • View Static — Displays the static addresses assigned to the ports on the device. • View Dynamic — Displays the dynamic addresses learned on the ports on the device. • View MAC Addresses on Interface — Displays the port’s or trunk’s dynamic or static MAC addresses. • View MAC Addresses for VLAN — Displays the static or dynamic addresses learned on the tagged and untagged ports of a specific VLAN.
Configuring Interfaces 4. Click Apply. The new MAC address is added to the addresses table and the device information is updated. To delete all MAC addresses: 1. Click Layer 2 > MAC Address. The MAC Address Page opens. 2. Click Delete in the Delete All MAC Addresses section of the MAC Address Page. All addresses are cleared from the Dynamic MAC Address Table and the device begins to learn new addresses as packets arrive on the ports. To view or remove static MAC addresses: 1. Click Layer 2 > MAC Address.
Configuring Interfaces Configuring VLANs Configuring VLANs This section describes how to create and configure Virtual LANs (VLANs). VLANs are logical subgroups within a Local Area Network (LAN) which combine user stations and network devices into a single unit, regardless of the physical LAN segment to which they are attached. VLANs allow network traffic to flow more efficiently within subgroups.
Configuring Interfaces Configuring VLANs Defining VLAN Properties The VLAN Page provides information and global parameters for configuring and working with VLANs. To configure a VLAN: 1. Click Layer 2 > VLAN. The VLAN Page opens: Figure 73: VLAN Page The VLAN Page is divided into two sections. The first section contains the following fields: • VLAN ID — Defines the VLAN ID. Possible VLAN IDs are 1-4095, in which “1” is reserved for the default VLAN, and “4095” is reserved as the “discard” VLAN.
Configuring Interfaces Configuring VLANs The second section contains a table that maps VLAN parameters to ports. • • 2. Select the interfaces displayed in the table. – – Ports of Unit — Specifies the port and stacking member for which the VLAN mapping is displayed. – Tagged — Indicates the interface is a tagged member of a VLAN. All packets forwarded by the interface are tagged. The packets contain VLAN information. – Untagged — Indicates the interface is an untagged VLAN member.
Configuring Interfaces Configuring VLANs 3. Click Modify. The VLAN Configuration opens. Figure 75: VLAN Configuration 4. 5. 6. Change the Interface Status setting. Click Apply. The VLAN configuration is modified, and the device is updated. Click Save Config on the menu to permanently save the change.
Configuring Interfaces Configuring VLANs Defining VLAN Interface Settings The VLAN Interface Page contains fields for managing ports that are part of a VLAN. To define a VLAN interface: 1. Click Layer 2 > VLAN Interface. The VLAN Interface Page opens: Figure 76: VLAN Interface Page The VLAN Interface Page displays the VLAN interface information for a selected Port/Unit or Trunk: • • • Select the interfaces displayed in the table.
Configuring Interfaces Configuring VLANs • Frame Type — Specifies the packet type accepted on the port. The possible field values are: – – • • 2. 3. Admit Tag Only — Only tagged packets are accepted on the port. Admit All — Both tagged and untagged packets are accepted on the port. Ingress Filtering — Indicates whether ingress filtering is enabled on the port. The possible field values are: – Enable — Enables ingress filtering on the device.
Configuring Interfaces Configuring VLANs Defining GVRP The GVRP Page enables users to configure GARP VLAN Registration Protocol (GVRP) on the device. GVRP is specifically provided for automatic distribution of VLAN membership information among VLAN-aware bridges. GVRP allows VLAN-aware bridges to automatically learn VLANs to bridge ports mapping, without having to individually configure each bridge and register VLAN membership.
Configuring Interfaces Configuring VLANs • • Interface — Displays the port or trunk name on which GVRP is enabled. GVRP State — Indicates if GVRP is enabled on the port. The possible field values are: – – • Enable — Enables Dynamic VLAN creation on the interface. Disable — Disables Dynamic VLAN creation on the interface. GVRP Registration — Indicates if VLAN registration through GVRP is enabled on the interface. The possible field values are: – – 2. 3. 4. 5. Disable — Disables GVRP on the interface.
Configuring Interfaces Defining MAC Based Groups Defining MAC Based Groups The MAC Based Groups Page allows network managers to group VLANs based on the VLAN MAC address, and to map groups to VLANs. For these purposes, the page contains two tables: • • MAC-Based Groups table Mapping Group table To define MAC Based Groups: 1. Click Layer 2 > MAC Based Groups.
Configuring Interfaces Defining MAC Based Groups • 2. VLAN ID — Attaches the interface to a user-defined VLAN ID. VLAN group ports can be attached to a VLAN ID. The possible field range is 1-4093, and 4095 (4094 is not available for configuration). Below the MAC-Based Group table, click the Add button.
Configuring Interfaces Defining MAC Based Groups To add a mapped group: 1. 2. Click Layer 2 > MAC Based Groups. The MAC Based Groups Page opens: Below the Mapping Group table, click the Add button. The Add MAC Address Group Mappings Page opens: Figure 83: Add MAC Address Group Mappings Page In addition to the fields in the MAC Based Groups Page, the Add MAC Address Group Mappings Page contains the following additional fields: • Group Type – Indicates the VLAN Group to which interfaces are mapped.
Configuring System Logs Section 9. Configuring System Logs This section provides information for managing system logs. System logs enable viewing device events in real time and recording the events for later usage. System Logs record and manage events, and report errors and informational messages.
Configuring System Logs The Event Log Page contains the following fields: The Configure Log Outputs table displays the following log information: • Type — Indicates the log type included in the output. The possible values are: – – – – • • • Console — Indicates that the output is of a console log. Temporary — Indicates that the output is of the temporary memory log. Syslog — Indicates that the output is of a system log. Flash — Indicates that the output is of a Flash memory log.
Configuring System Logs The Add Syslog Page contains the following fields: • Description — Provides any additional information about the syslog server, for example its location. • UDP Port — Defines the UDP port to which the server logs are sent. The possible range is 1-65535. The default value is 514. • Minimum Severity — Indicates the minimum severity level to be included in the log output. All logs that have the severity higher than the minimum severity are also included in the output.
Configuring System Logs Modifying Log Servers Clicking Modify opens the Event Log Configuration Page, in which administrators can modify Server Log entries. To modify a Server Log entry: 1. Select the entry in the Log Table and click Modify. The Event Log Configuration Page opens. Figure 87: Event Log Configuration Page The Event Log Configuration Page contains the following fields: • Enable — Enables logging or disables event logging.
Configuring System Logs 3. Click View. The selected log page opens: Figure 88: View Flash Log Page The View Flash Log Page and View Temporary Log Page list the following information: • Log Index —The log index number. • Log Time — The date and time that the log was entered. • Severity — The severity of the event for which the log entry was created. • Description — The event details. To clear memory logs: 1. Click Clear Logs. Logs are removed from the table. 2. Click Close.
Configuring Spanning Tree Configuring Classic Spanning Tree Section 10. Configuring Spanning Tree Spanning Tree Protocol (STP) provides tree topography for any arrangement of bridges. STP also provides a single path between end stations on a network, eliminating loops. Loops occur when alternate routes exist between hosts. Loops in an extended network can cause bridges to forward traffic indefinitely, resulting in increased traffic and reducing network efficiency.
Configuring Spanning Tree Configuring Classic Spanning Tree Defining STP Properties The Spanning Tree Page contains parameters for enabling and configuring STP on the device. To enable STP on the device: 1. Click Layer 2 > Spanning Tree. The Spanning Tree Page opens: Figure 89: Spanning Tree Page The STP General section of the Spanning Tree Page contains the following fields: • Spanning Tree State — Indicates whether STP is enabled on the device.
Configuring Spanning Tree Configuring Classic Spanning Tree • Path Cost Default Values — Specifies the method used to assign default path cost to STP ports. The possible field values are: – – Short — Specifies 1 through 65,535 range for port path cost. This is the default value. Long — Specifies 1 through 200,000,000 range for port path cost. The Bridge Settings section of the Spanning Tree Page contains the following fields: • Priority — Specifies the bridge priority value.
Configuring Spanning Tree Configuring Classic Spanning Tree Defining STP Interfaces Network administrators can assign STP settings to a specific interface (port or trunk) using the STP Interface Configuration Page. The Global trunks section displays the STP information for Link Aggregated Groups. To assign STP settings to an interface (port or trunk): 1. Click Layer 2 > Spanning Tree. The Spanning Tree Page opens. 2. Click Configure.
Configuring Spanning Tree Configuring Classic Spanning Tree • • • • Port Fast — Indicates if Fast Link is enabled on the port. If Fast Link mode is enabled for a port, the Port State is automatically placed in the Forwarding state when the port link is up. Fast Link optimizes the STP protocol convergence. STP convergence can take 30-60 seconds in large networks. The possible field values are: – – – Enable — Enables Port Fast. – – Enable — Enables Root Guard. – – Enable — Enables BPDU Guard.
Configuring Spanning Tree Configuring Classic Spanning Tree • • Designated Cost — Indicates the cost of the port participating in the STP topology. Ports with a lower cost are less likely to be blocked if STP detects loops. Forward Transitions — Indicates the number of times the port has changed from Forwarding state to Blocking state. Trunk — Indicates the trunk to which the port belongs. 3. 4. Select the Unit, in the STP Interface Configuration section. Click Modify.
Configuring Spanning Tree Configuring Rapid Spanning Tree Configuring Rapid Spanning Tree While Classic STP prevents Layer 2 forwarding loops in a general network topology, convergence can take between 30-60 seconds. This time may delay detecting possible loops and propagating status topology changes. Rapid Spanning Tree Protocol (RSTP) detects and uses network topologies that allow a faster STP convergence without creating forwarding loops. To define RSTP on the device: 1. Click Layer 2 > RSTP.
Configuring Spanning Tree Configuring Rapid Spanning Tree • • • • • Mode — Displays the current STP mode. The STP mode is selected in the Spanning Tree Page. The possible field values are: – – STP — Classic STP is enabled on the device. – – Enable — Enables the device to establish point-to-point links. – Auto — Device automatically determines the state. Rapid STP — Rapid STP is enabled on the device.
Configuring Spanning Tree Configuring Rapid Spanning Tree – Learning — Indicates the port is currently in the learning mode. The interface cannot forward traffic however it can learn new MAC addresses – 3. 4. 5. Disabled — Indicates that STP is currently disabled on the port. The port forwards traffic while learning MAC addresses. Define the Interface, Point to Point Admin Status, and Activate Protocol Migration Test fields. Click Apply.
Configuring Spanning Tree Configuring Multiple Spanning Tree Configuring Multiple Spanning Tree Multiple Spanning Tree Protocol (MSTP) provides differing load balancing scenarios. For example, while port A is blocked in one STP instance, the same port can be placed in the Forwarding state in another STP instance.
Configuring Spanning Tree Configuring Multiple Spanning Tree • IST Master — Identifies the Spanning Tree Master instance. The IST Master is the specified instance root. • • • Configure Interface Settings — Click Configure to assign MSTP settings to a specific interface. Configure Instance Mapping — Click Configure to assign MSTP mapping to a specific instance. Configure Instance Settings — Click Configure to define MSTP Instances settings. Define the Region Name, Revision, and Max Hops fields.
Configuring Spanning Tree Configuring Multiple Spanning Tree The MSTP Interface Settings Page contains the following fields: • Instance ID — Lists the MSTP instances configured on the device. The possible field range is 1-7. • Interface — Displays the specific interface for this page’s MSTP setting. The possible field values are: • • • • – – Port of Unit — Specifies the port for which the MSTP settings are displayed. – – Enabled — Indicates that STP is enabled on the port.
Configuring Spanning Tree Configuring Multiple Spanning Tree 3. 4. 5. 6. Define the fields. Click Apply. MSTP is defined for the selected interface. Click Save Config on the menu, to save changes permanently. To view the MSTP configurations of all interfaces, click Interface Table. The MSTP Interface Table is displayed. In the MSTP Interface Table, administrators can modify the Interface Priority and Path Cost of any interface.
Configuring Spanning Tree Configuring Multiple Spanning Tree Defining MSTP Instance Mappings Network administrators can assign MSTP mapping to a specific instance (port or trunk) using the MSTP Instance Mapping Page. To define MSTP interface mapping: 1. Click Layer 2 > MSTP. The MSTP Page opens. 2. Click Configure next to the Configure Instance Mapping option.
Configuring Spanning Tree Configuring Multiple Spanning Tree Defining MSTP Instance Settings MSTP maps VLANs into STP instances. Packets assigned to various VLANs are transmitted along different paths within Multiple Spanning Tree Regions (MST Regions). Regions are one or more Multiple Spanning Tree bridges by which frames can be transmitted. In configuring MSTP, the MST region to which the device belongs is defined. A configuration consists of the name, revision, and VLANs that belong to an instance.
Configuring Spanning Tree Configuring Multiple Spanning Tree 3. 4. 5. Define the fields. Click Apply. MSTP is defined for the selected instance, and the device is updated. The MSTP Page is displayed. Click Save Config on the menu, to save changes permanently.
Configuring Multicast Forwarding Section 11. Configuring Multicast Forwarding Multicast forwarding allows a single packet to be forwarded to multiple destinations. Layer 2 Multicast service is based on a Layer 2 switch receiving a single packet addressed to a specific Multicast address. Multicast forwarding creates copies of the packet, and transmits the packets to the relevant ports.
Configuring Multicast Forwarding Configuring IGMP Snooping When IGMP Snooping is enabled globally, all IGMP packets are forwarded to the CPU. The CPU analyzes the incoming packets and determines: • • • Which ports want to join which Multicast groups. Which ports have Multicast routers generating IGMP queries. Which routing protocols are forwarding packets and Multicast traffic. Ports requesting to join a specific Multicast group issue an IGMP report, specifying that Multicast group is accepting members.
Configuring Multicast Forwarding • • • • • • • • 2. IGMP Querier Status — Indicates if the specific VLAN can operate as an IGMP Querier. The possible field values are: – – Enable — Enables IGMP Querying on the VLAN. – – IGMPv2 — Indicates that IGMP version 2 is enabled on the device. – – Enable — Enables auto learn Disable — Disables IGMP Querying on the VLAN. IGMP Querier Version — Displays the IGMP Snooping version enabled on the device which functions as an IGMP Snooper of the selected VLAN.
Configuring Multicast Forwarding To modify the IGMP Snooping configuration: 1. Click Multicast > IGMP. The IGMP Page opens. 2. Click Modify. The IGMP Configuration Page opens: Figure 100:IGMP Configuration Page In addition to the IGMP Page, the IGMP Configuration Page contains the following fields: • • Supported IP Format — Indicates that IPv4 is supported. Immediate Leave — Host immediately times out after requesting to leave the IGMP group and not receiving a Join message from another station.
Configuring Multicast Forwarding To define Multicast Groups: 1. Click Multicast > Multicast Group. The Multicast Group Page opens: Figure 101:Multicast Group Page The Multicast Group Page contains the following fields: • Enable Bridge Multicast Filtering — Indicates if bridge Multicast filtering is enabled on the device. The possible field values are: – – • • • Checked — Enables Multicast filtering on the device. Unchecked — Disables Multicast filtering on the device.
Configuring Multicast Forwarding 3. Click Add. The Add Multicast Group Page opens: Figure 102:Add Multicast Group Page 4. 5. 6. Select the VLAN ID. Enter the Bridge Multicast MAC Address and the Bridge Multicast IPv4 Address. Click Apply. The new Multicast group is saved and the device is updated. To modify a Multicast group: 1. Click Modify. The Multicast Group Configuration Page opens: Figure 103:Multicast Group Configuration Page 2. 3. Define the fields. Click Apply.
Configuring Multicast Forwarding Defining Multicast Forward All Settings Multicast forwarding enables transmitting packets from either a specific Multicast group to a source, or from a nonspecific source to a Multicast group. The Bridge Multicast Forward All Page contains fields for attaching ports or trunks to a device that is attached to a neighboring Multicast router/switch. Once IGMP Snooping is enabled, Multicast packets are forwarded to the appropriate port or VLAN.
Configuring Multicast Forwarding 3. Click Modify. The Multicast Forward All Configuration Page opens: Figure 105:Multicast Forward All Configuration Page 4. 5. Define the Interface Status field. Click Apply. The Multicast Forward All settings are saved and the device is updated.
Configuring Multicast Forwarding Defining Unregistered Multicast Settings Multicast frames are generally forwarded to all ports in the VLAN. If IGMP Snooping is enabled, the device learns about the existence of Multicast groups and monitors which ports have joined what Multicast group. Multicast groups can also be statically enabled. This enables the device to forward the Multicast frames (from a registered Multicast group) only to ports that are registered to that Multicast group.
Configuring Multicast Forwarding 2. Click Modify. The Unregistered Multicast Configuration Page opens: Figure 107:Unregistered Multicast Configuration Page 3. 4. Define the Unregistered Multicast field. The . Click Apply. The Multicast Forward All settings are saved and the device is updated.
Configuring SNMP Section 12. Configuring SNMP Simple Network Management Protocol (SNMP) provides a method for managing network devices. Equipment commonly managed with SNMP includes switches, routers and host computers. SNMP is typically used to configure these devices for proper operation in a network environment, as well as to monitor them to evaluate performance or detect potential problems.
Configuring SNMP Enabling SNMP The SNMP Global Page provides fields for globally enabling and configuring SNMP on the device. To enable SNMP: 1. Click SNMP > Global. The SNMP Global Page opens: Figure 108:SNMP Global Page The SNMP Global Page contains the following fields: • Local Engine ID (9-64 Hex Characters) — Displays the engine number. • Use Default — Restores default SNMP settings, using the Local Engine ID. • Enable SNMP Notifications — Indicates if SNMP traps are enabled for the device.
Configuring SNMP Defining SNMP Communities Access rights are managed by defining communities in the SNMP Community Page. When the community names are changed, access rights are also changed. SNMP communities are defined only for SNMP v1 and SNMP v2c. Note The device switch is delivered with no community strings configured. To define SNMP communities: 1. Click SNMP > Community. The SNMP Global Page opens.
Configuring SNMP • • Access Mode — Defines the access rights of the community. The possible field values are: – Read Only — Management access is restricted to read-only, and changes cannot be made to the community. – Read Write — Management access is read-write and changes can be made to the device configuration, but not to the community. – SNMP Admin — User has access to all device configuration options, as well as permissions to modify the community.
Configuring SNMP The Add SNMP Community Page contains the following fields: • Supported IP Format — Indicates the type of IP addressing protocol supported. The possible values are: – – • IPv4 IPv6 IPv6 Address Type — Defines the type of configurable static IPv6 IP address for an interface. The possible values are: – Link Local — Defines a Link Local address; non routable and can be used for communication on the same network only. A Link Local address has a prefix of 'FE80'.
Configuring SNMP To modify SNMP community settings: 1. Select an SNMP community entry in the Basic table or in the Advanced Table. 2. Click Modify. The Community Configuration Page opens: Figure 111: Community Configuration Page 3. 4. Define the Basic or Advanced configuration of the community. Click Apply. The SNMP community settings are modified, and the device is updated.
Configuring SNMP Defining SNMP Groups The SNMP Group Page provides information for creating SNMP groups, and assigning SNMP access control privileges to SNMP groups. Groups allow network managers to assign access rights to specific device features, or feature aspects. To define an SNMP group: 1. Click SNMP > Groups.
Configuring SNMP • • 2. Security Level — Defines the security level attached to the group. Security levels apply to SNMPv3 only. The possible field values are: – No Authentication — Indicates that neither the Authentication nor the Privacy security levels are assigned to the group. – Authentication — Authenticates SNMP messages, and ensures that the SNMP message’s origin is authenticated. – Privacy — Encrypts SNMP messages. Operation — Defines the group access rights.
Configuring SNMP To modify an SNMP group: 1. Click SNMP > Groups. The SNMP Group Page opens. 2. Click Modify. The Group Configuration Page opens: Figure 114: Group Configuration Page 3. 4. Define the Group Name, Security Level, Security Model, and Operation fields. Click Apply. The SNMP group profile is saved.
Configuring SNMP Defining SNMP Users The SNMP Users Page enables assigning system users to SNMP groups, as well as defining the user authentication method. To define SNMP group membership: 1. Click SNMP > Users. The SNMP Users Page opens: Figure 115: SNMP Users Page The SNMP Users Page contains the following fields: • • • User Name — Contains a list of user-defined user names. The field range is up to 30 alphanumeric characters. Group Name — Contains a list of user-defined SNMP groups.
Configuring SNMP • Authentication — Displays the method used to authenticate users. The possible field values are: – – – 2. MD5 Key — Users are authenticated using the HMAC-MD5 algorithm. SHA Key — Users are authenticated using the HMAC-SHA-96 authentication level. MD5 Password — The HMAC-MD5-96 password is used for authentication. The user should enter a password. – SHA Password — Users are authenticated using the HMAC-SHA-96 authentication level. The user should enter a password.
Configuring SNMP • Authentication Key — Defines the HMAC-MD5-96 or HMAC-SHA-96 authentication level. The authentication and privacy keys are entered to define the authentication key. If only authentication is required, 16 bytes are defined. If both privacy and authentication are required, 32 bytes are defined. Each byte in hexadecimal character strings is two hexadecimal digits. Each byte can be separated by a period or a colon. • Privacy Key — Defines the Privacy Key (LSB).
Configuring SNMP Defining SNMP Views The SNMP views provide or block access to device features or portions of features. Feature access is granted via the MIB name or MIB Object ID. To define SNMP views: 1. Click SNMP > Views. The SNMP Views Page opens: Figure 118: SNMP Views Page The SNMP Views Page contains the following fields: • • • View Name — Displays the user-defined views. The view name can contain a maximum of 30 alphanumeric characters.
Configuring SNMP 2. Click Add. The Add SNMP VIew Page opens: Figure 119: Add SNMP VIew Page 3. 4. Define the View Name field. Select the Object ID Subtree using one of the following options: – Select from List — Select the Subtree from the list provided. Pressing the Up and Down buttons allows you to change the priority by moving the selected subtree up or down in the list. – 5. Insert — Enables a Subtree not included in the Select from List field to be entered. Click Apply.
Configuring SNMP Defining Notification Recipients The SNMP Notify Page contains fields for defining SNMP notification recipients. The page contains information for defining filters that determine whether traps are sent to specific users, and the trap type sent. SNMP notification filters provide the following services: • • • • Identifying Management Trap Targets Trap Filtering Selecting Trap Generation Parameters Providing Access Control Checks To configure SNMP notification recipients: 1.
Configuring SNMP SNMPv1,2c Notification Recipient The SNMP v1, v2c Recipient table contains the following fields: • Recipients IP Address — Displays the IP address to which the traps are sent. • Notification Type — Displays the type of notification sent. The possible field values are: – – • • • Inform — Indicates that informs are sent. Community String — Displays the community string of the trap manager. Notification Version — Displays the trap type.
Configuring SNMP 2. Click Add. The Add Notify Page opens: Figure 121:Add Notify Page In addition to the SNMP Notify Page, the Add Notify Page contains the following fields: • Supported IP Format — Indicates the type of IP addressing protocol supported. The possible values are: – – • IPv4 IPv6 IPv6 Address Type — Defines the type of configurable static IPv6 IP address for an interface.
Configuring SNMP 4. 5. Click Apply. The notification recipient settings are saved and the device is updated. Click Save Config on the menu to save the changes permanently. To modify notification settings: 1. 2. Click SNMP > Notify. The SNMP Notify Page opens. Select an entry from one of the tables and click Modify. The SNMP Notify Configuration Page opens. Figure 122:SNMP Notify Configuration Page 3. 4. 5. Define the fields. Click Apply.
Configuring SNMP Defining Notification Filters The SNMP Notification Filter Page permits filtering traps based on OIDs. Each OID is linked to a device feature or a portion of a feature. The SNMP Notification Filter Page also allows network managers to filter notifications. To configure SNMP notification filters: 1. Click SNMP > Notify. The SNMP Notify Page opens. 2. Click Configure next to Configure Notification Filters.
Configuring SNMP To add an SNMP notification filter: 1. Click the Add button. The Add SNMP Notification Filter Page opens: Figure 124:Add SNMP Notification Filter Page The Add SNMP Notification Filter Page contains the following fields: • • Filter Name — Contains a list of user-defined notification filters. Object ID Tree — Displays the OID for which notifications are sent or blocked. If a filter is attached to an OID, traps or informs are generated and sent to the trap recipients.
Configuring LLDP Section 13. Configuring LLDP Link Layer Discovery Protocol (LLDP) is a Layer 2 protocol that allows a network device supporting the 802.1ab standard to advertise its identity and capabilities on a local network. LLDP allows network managers to troubleshoot and enhance network management by discovering and maintaining network topologies over multi-vendor environments.
Configuring LLDP Defining Global LLDP Properties The LLDP Properties Page allows network managers to assign global LLDP parameters. To enable and configure LLDP on the device: 1. Click LLDP > Properties. The LLDP Properties Page opens: Figure 125:LLDP Properties Page The LLDP Properties Page contains fields for configuring LLDP: • Enable LLDP — Indicates if LLDP is enabled on the device. The possible field values are: – – • Checked —Enables LLDP on the device. This is the default value.
Configuring LLDP • Transmit Delay (1 - 8192) — Indicates the amount of time that passes between successive LLDP frame transmissions due to changes in the LLDP local systems MIB. The possible field range is 1 - 8192 seconds. The default value is 2 seconds. A Tx delay < 0.25 is recommended for the TLV Adv Interval. – 2. 3. 4. 5. 6. 7. Use Default — Selecting the check box returns settings to default. Select Enable in the LLDP Status checkbox.
Configuring LLDP • • • 2. State — Indicates the LLDP state on the port. The possible field values are: – – – – Tx Only — Enables transmitting LLDP packets only. – – Stop Advertising — Indicates the IP address is not advertised. Rx Only — Enables receiving LLDP packets only. Tx & Rx — Enables transmitting and receiving LLDP packets. This is the default value. Disable — Indicates that LLDP is disabled on the port. Optional TLVs — Contains a list of optional TLVs advertised by the port.
Configuring LLDP Defining LLDP Media Endpoint Discovery Network Policy LLDP Media Endpoint Discovery (LLDP MED) is an enhancement to the 802.1ab standard. LLDP MED increases network flexibility by allowing different IP systems to co-exist on a single network. LLDP MED: • • • • 1. Provides detailed network topology information, including what devices are located on the network, and where the devices are located.
Configuring LLDP • • • • 2. – Guest VLAN Signaling — Indicates that the network policy is defined for a Guest VLAN Signalling application. – – – – Softphone Voice — Indicates that the network policy is defined for a Softphone Voice application. – – Tagged — Indicates the network policy is defined for tagged VLANs. Video Conferencing — Indicates that the network policy is defined for a Video Conferencing application.
Configuring LLDP To modify a network policy setting: 1. Click LLDP > Profile Rules: The LLDP MED Network Policy Page opens. 2. Click Modify. The Network Policy Settings Configuration Page opens: Figure 130:Network Policy Settings Configuration Page 3. 4. Define the fields. Click Apply. The network policy setting is saved, and the device is updated.
Configuring LLDP Defining LLDP MED Port Settings The LLDP MED Port Settings Page contains parameters for assigning LLDP network policies to specific ports. To configure LLDP MED port settings: 1. Click LLDP > LLDP-MED Port Settings. The LLDP MED Port Settings Page opens: Figure 131:LLDP MED Port Settings Page The LLDP MED Port Settings Page contains the following fields: • Unit No. — Indicates the stacking member’s ports for which the LLDP-MED port settings are displayed.
Configuring LLDP 2. Click Modify. The Modify LLDP MED Port Settings Page opens: Figure 132:Modify LLDP MED Port Settings Page This page contains the following fields: • Port — Indicates the port for which the LLDP-MED port settings are displayed. • LLDP MED Status —Indicates the LLDP-MED port status, the possible field values are: • • • • • 3. 4. 5. – – Enable — Indicates that LLDP-MED is enabled on the port. – – – Network Policy — Advertises network policies attached to the port.
Configuring LLDP 6. 7. Define the port location in the Location Coordinate (16 Bytes in Hex), Location Civic Address (6-160 Bytes in Hex), Location ECS ELIN (10-25 Bytes in Hex) fields. Click Apply. The LLDP MED port settings are saved, and the device is updated. Viewing the LLDP Neighbors Information The LLDP Neighbors Information Page contains information received from neighboring device LLDP advertisements. To view LLDP Neighbor information: 1. Click LLDP > Neighbors Information.
Configuring LLDP 2. Click Details to view the Neighbors Information Details Page for ports. Figure 134:Neighbors Information Details Page The Neighbors Information Details Page contains the following fields: • Port — The port for which detailed information is displayed. • Auto-Negotiation Status — The auto-negotiation status of the port. The possible field values are: – – • • • • • • • Enabled — Auto-negotiation is enabled on the port. Disabled — Auto-negotiation is disabled on the port.
Configuring LLDP LLDP MED Power over Ethernet The port PoE information. • • • • Power Type — Indicates the power type advertised on the port. Power Source — Indicates the power source advertised on the port. Power Priority — Indicates the port’s power priority advertised on the port. Power Value — Indicates the port’s power value, in Watts advertised on the port. Inventory Hardware Revision — Displays the hardware version number. • • Firmware Revision — Displays the firmware version number.
Configuring Power Over Ethernet Section 14. Configuring Power Over Ethernet This section describes configuring Power over Ethernet (PoE) for an AT-S94 device. PoE only applies to the AT-8000S device. Power-over-Ethernet (PoE) provides power to devices over existing LAN cabling, without updating or modifying the network infrastructure. Power-over-Ethernet removes the necessity of placing network devices next to power sources.
Configuring Power Over Ethernet To enable PoE for the device: 1. Click System > Power Over Ethernet. The Power Over Ethernet Page opens: Figure 135:Power Over Ethernet Page The Power Over Ethernet Page contains the following fields: Global PoE Configuration • Power Threshold — Indicates the percentage of power consumed before an alarm is generated. The value range is 1-99 percent; the default value is 95 percent.
Configuring Power Over Ethernet 4. 5. Click Modify. PoE is enabled on the device and global settings are saved. The new threshold is immediately activated on the device. Click Save Config on the menu to permanently save the change.
Configuring Power Over Ethernet Defining Power Over Ethernet Configuration To modify PoE port settings: 1. In the Power Over Ethernet Page Zoom View, click the port(s) to modify. The port indication changes to Port is selected. 2. Click Modify.
Configuring Power Over Ethernet – Searching — Indicates that the device is currently searching for a powered device. Searching is the default PoE operational status. – Fault — Indicates one of the following: – The powered device test has failed. For example, a port could not be enabled and cannot be used to deliver power to the powered device. – The device has detected a fault on the powered device. For example, the powered device memory could not be read. – 3. 4. 5.
Configuring Services Section 15. Configuring Services This section describes Quality of Service related configurations. QoS supports activating one of the following Trust settings: • • • VLAN Priority Tag DiffServ Code Point None Only packets that have a Forward action are assigned to the output queue, based on the specified classification.
Configuring Services Enabling Class of Service (CoS) The CoS Page enables configuring the CoS ports or trunks on the device. To configure CoS ports or trunks on the device: 1. Click Services > CoS. The CoS Page opens: Figure 137:CoS Page As a default the CoS Page opens displaying the port options. The fields are identical when displaying the trunk CoS. The CoS Page contains the following fields: • • • Enable QoS Mode — Indicates if QoS is enabled on the device.
Configuring Services • • • Interface — Displays the interface number. Default CoS— Determines the default CoS value for incoming packets for which a VLAN tag is not defined. The possible field values are 0-7. The default CoS is 0. This field appears in the CoS Ports table. Restore Defaults — Restores the factory CoS defaults. The possible field values are: – – 2. 3. 4. Checked — Restores the factory CoS defaults on the interface. Unchecked — Maintains the current CoS settings.
Configuring Services Configuring CoS Queueing and Scheduling The CoS Queuing & Scheduling Page provides fields for configuring CoS Priority to Egress Queues and for defining Egress Weights. The queue settings are set system-wide. When configuring QoS for stacking, note that stacking only uses three queues. To define schedule and queue settings for Quality of Service: 1. Click Services > Queuing & Scheduling.
Configuring Services Mapping CoS Values to Queues The Configure CoS Page contains fields for classifying CoS settings to traffic queues. When configuring QoS for stacking, note that stacking only uses three queues. To set CoS to queue: 1. Click Services > Queuing & Scheduling. The CoS Queuing & Scheduling Page opens: 2. In the Configure Priority to Egress Queues section, select Configure CoS. 3. Click Configure.
Configuring Services Mapping DSCP Values to Queues The Configure DSCP Page contains fields for classifying DSCP settings to traffic queues. For example, a packet with a DSCP tag value of 3 can be assigned to queue 2. To set DSCP to queues: 1. Click Services > Queuing & Scheduling. The CoS Queuing & Scheduling Page opens: 2. In the Configure Priority to Egress Queues section, select Configure DSCP. 3. Click Configure.
Configuring Services Configuring QoS Bandwidth The Bandwidth Page allows network managers to define the bandwidth settings for a specified egress interface. The Bandwidth Page is not used with the Service mode, as bandwidth settings are based on services. To configure bandwidth: 1. Click Services > Bandwidth.
Configuring Services As a default the Bandwidth Page opens displaying the port options. The fields are identical when displaying the trunk CoS. The Bandwidth Page contains the following fields: • Select the interfaces displayed in the table. • • • – – Ports of Unit — Specifies the port and stacking member for which the bandwidth settings are displayed. – – Status — Enables or disables rate limiting for ingress interfaces. Disable is the default value.
Configuring Services 4. Click Modify. The Bandwidth Configuration Page opens: Figure 143:Bandwidth Configuration Page 5. 6. 7. Define the fields. Click Apply. The bandwidth information is saved and the device is updated. Click Save Config on the menu to save the changes permanently.
System Utilities Section 16. System Utilities The configuration file structure involves the following configuration files: • Startup Configuration File — Contains the commands required to reconfigure the device to the same settings as when the device is powered down or rebooted. The Startup file is created by copying the configuration commands from the Running Configuration file or the Backup Configuration file.
System Utilities Restoring the Default Configuration The Reset to Factory Defaults function restores the Configuration file to factory defaults during device reset. When this option is not selected, the device maintains the current Configuration file. To restore the default system configuration: 1. Click Utilities > System Utilities.
System Utilities To reset the configuration file to defaults with reboot: 1. Check the Reboot Switch After Resetting to Defaults option. 2. Select the After Reset image file. 3. Click Apply (below the table). The factory defaults are restored, and the device is updated. The device reboots. Defining TFTP File Uploads and Downloads The File System Page contains parameters for system uploads and downloads and for copying firmware and configuration files. To define file upload and download settings: 1.
System Utilities • Link Local Interface — If Link Local is selected as the supported IPv6 Address Type, indicates the supported interface. The possible field values are: – – • • • VLAN 1 — Indicates that VLAN 1 is supported. Tunnel 1 — Indicates that ISATAP tunneling (Tunnel 1) mechanism is supported. TFTP Operation — Defines the type of TFTP operation and the type of file. The possible values are: – – Download — Downloads a firmware or configuration file, depending on the selection below.
System Utilities The Configuration Copy section of the File System Page contains the following fields: • Copy Configuration— Allows the copy configuration operation. • Source File Name — Specifies the configuration file type to be copied. – Startup Configuration — Copies the Startup Configuration file, and overwrites the old Startup Configuration file. – • Running Configuration — Copies the Running Configuration file. Destination File Name — Specifies the destination file type to create.
System Utilities Viewing Integrated Cable Tests The Cable Test Page contains fields for performing tests on copper cables. Cable testing provides diagnostic information about where errors occurred in the cable, the last time a cable test was performed, and the type of cable error that occurred. The tests use Time Domain Reflectometry (TDR) technology to test the quality and characteristics of a copper cable attached to a port. Cables up to 120 meters long can be tested.
System Utilities 3. 4. Click Test. The cable test is performed. Click Advanced. The Cable Test Configuration Page opens, and the copper cable test results are displayed.
System Utilities Viewing Optical Transceivers The Optical Transceivers Page allows network managers to perform tests on Fiber Optic cables. Optical transceiver diagnostics can be performed only when the link is present. To view transceiver diagnostics: 1. Click Utilities > Optical Transceivers. The Optical Transceivers Page opens: Figure 148:Optical Transceivers Page The Optical Transceivers Page contains the following fields: • Unit No.
System Utilities Resetting the Device The Reset Page enables the user to reset the system. Save all changes to the Running Configuration file before resetting the device. This prevents the current device configuration from being lost. To reset the device: 1. Click Utilities > Reset. The Reset Page opens. Figure 149:Reset Page 2. 3. 4. Select the Reset Unit No. Select a specific unit number in the dropdown list or select Stack to reset all stack members simultaneously. Click Reset.
Viewing Statistics Viewing Device Statistics Section 17. Viewing Statistics This section provides device statistics for RMON, interfaces, and Etherlike. This section contains the following topics: • • Viewing Device Statistics Managing RMON Statistics Viewing Device Statistics This section contains the following topics: • • Viewing Interface Statistics Viewing Etherlike Statistics Viewing Interface Statistics The interface page contains statistics for both received and transmitted packets.
Viewing Statistics Viewing Device Statistics The Interface Statistics Page contains the following fields: • Select the interfaces displayed in the table. • – – Port — Specifies the port for which the interface statistics are displayed. – – – – 15 Sec — Indicates that the Interface statistics are refreshed every 15 seconds. Trunk — Specifies the trunk for which the interface statistics are displayed. Refresh Rate — Defines the frequency of the interface statistics updates.
Viewing Statistics Viewing Device Statistics Viewing Etherlike Statistics The Etherlike Statistics Page displays interface statistics. To view Etherlike statistics: 1. Click Statistics > Etherlike. The Etherlike Statistics Page page opens: Figure 151:Etherlike Statistics Page The Etherlike Statistics Page contains the following fields: • Select the interfaces displayed in the table. – – • • • • • Trunk — Defines the specific trunk for which the Etherlike statistics are displayed.
Viewing Statistics Viewing Device Statistics • • • 2. Internal MAC Receive Errors — Displays the number of internal MAC received errors on the selected interface. Received Pause Frames — Displays the number of received paused frames on the selected interface. Transmitted Paused Frames — Displays the number of paused frames transmitted from the selected interface. Select the Interface and the Refresh Rate. The selected interface’s Etherlike statistics are displayed.
Viewing Statistics Managing RMON Statistics Managing RMON Statistics This section contains the following topics: • • • • Viewing RMON Statistics Configuring RMON History Configuring RMON Events Defining RMON Alarms Viewing RMON Statistics The RMON Statistics Page contains fields for viewing information about device utilization and errors that occurred on the device. The RMON Statistics Page contains statistics for both received and transmitted packets. To view RMON statistics: 1.
Viewing Statistics Managing RMON Statistics – – – – • • • • • • • • • • • 15 Sec — Indicates that the RMON statistics are refreshed every 15 seconds. 30 Sec — Indicates that the RMON statistics are refreshed every 30 seconds. 60 Sec — Indicates that the RMON statistics are refreshed every 60 seconds. No Refresh—Indicates that the RMON statistics are not refreshed. Received Bytes (Octets) — Displays the number of octets received on the interface since the device was last refreshed.
Viewing Statistics Managing RMON Statistics Configuring RMON History The RMON History Page contains information about samples of data taken from ports. For example, the samples may include interface definitions or polling periods. To view RMON history information: 1. Click Statistics > RMON History. The RMON History Page opens: Figure 153:RMON History Page The RMON History Page contains the following fields: • • History Entry No. — Displays the history control entry number.
Viewing Statistics Managing RMON Statistics Figure 154:Add RMON History Page 3. 4. Define the Source Interface, Owner, Max. No. of Samples to Keep, and Sampling Interval fields. Click Apply. The new entry is added to the history table, and the device is updated. To edit an RMON history entry: 1. Click Statistics > RMON History. The RMON History Page opens. 2. Click Modify. The RMON History Configuration Page opens: Figure 155:RMON History Configuration Page 3. 4. Define the fields. Click Apply.
Viewing Statistics Managing RMON Statistics Viewing the RMON History Table The RMON History Table Page contains interface specific statistical network samplings. Each table entry represents all counter values compiled during a single sample. To view the RMON History Table: 1. Click Statistics > RMON History. The RMON History Page opens. 2. Click View. The RMON History Table Page opens: Figure 156:RMON History Table Page The RMON History Table Page contains the following fields: • • History Entry No.
Viewing Statistics Managing RMON Statistics • • • Undersize Packets — Displays the number of undersized packets (less than 64 octets) received on the interface since the device was last refreshed. Oversize Packets — Displays the number of oversized packets (over 1518 octets) received on the interface since the device was last refreshed.
Viewing Statistics Managing RMON Statistics Configuring RMON Events The RMON Events Page contains fields for defining, modifying and viewing RMON events statistics. To add an RMON event: 1. Click Statistics > RMON Events. The RMON Events Page opens: Figure 157:RMON Events Page The RMON Events Page contains the following fields: • Event Entry — Displays the event. • Community — Displays the community to which the event belongs. • Description — Displays the user-defined event description.
Viewing Statistics Managing RMON Statistics Figure 158:Add RMON Events Page 3. 4. Define the Community, Description, Type and Owner fields. Click Apply. The event entry is added and the device is updated. To modify the RMON Event entry settings: 1. Click Statistics > RMON Events. The RMON Events Page opens. 2. Click Modify. The RMON Events Page opens: 3. Select an event entry and define the fields for the entry. 4. Click Apply. The event control settings are saved and the device is updated.
Viewing Statistics Managing RMON Statistics Figure 159:RMON Events Logs Page The RMON Events Logs Page contains the following event log information: • Event — Displays the RMON Events Log entry number. • Log No. — Displays the log number. • Log Time — Displays the time when the log entry was entered. • Description — Displays the log entry description. 3. Click RMON Event to return to the RMON Events Page. Page 227 Not approved by Document Control. For review only.
Viewing Statistics Managing RMON Statistics Defining RMON Alarms The RMON Alarm Page contains fields for setting network alarms. Network alarms occur when a network problem, or event, is detected. Rising and falling thresholds generate events. To set RMON alarms: 1. Click Statistics > RMON Alarm. The RMON Alarm Page opens: Figure 160:RMON Alarm Page The RMON Alarm Page contains the following fields: • Alarm Entry — Indicates a specific alarm. • Counter Name — Displays the selected MIB variable.
Viewing Statistics Managing RMON Statistics • • • Falling Event — Displays the event that triggers the specific alarm. The possible field values are userdefined RMON events. Startup Alarm — Displays the trigger that activates the alarm generation. Rising is defined by crossing the threshold from a low-value threshold to a higher-value threshold. Interval (sec) — Defines the alarm interval time in seconds. Owner — Displays the device or user that defined the alarm. 2. Click Add.
Viewing Statistics Managing RMON Statistics Figure 162:Alarm Configuration Page 3. 4. Define the fields. Click Apply. The RMON alarm is saved, and the device is updated. Page 230 Not approved by Document Control. For review only.
Managing Stacking Stacking Overview Section 18. Managing Stacking This section describes the stacking control management and includes the following topics: • • Stacking Overview Configuring Stacking Management Stacking Overview Stacking provides multiple switch management through a single point as if all stack members are a single unit. All stack members are accessed through a single IP address through which the stack is managed.
Managing Stacking Stacking Overview After the stacking issues are resolved, the device can be reconnected to the stack without interruption, and the Ring topology is restored. Stacking Chain Topology In a chain topology, there are two units that have only one neighbor. Every unit has an uplink neighbor and a downlink neighbor. The chain topology is less robust than the ring topology. A failure in the chain results in a topology change to the stack.
Managing Stacking Stacking Overview During the Warm Standby, the Master and the Secondary Master are synchronized with the static configuration only. When the Stacking Master is configured, the Stacking Master must synchronize the Secondary Master. The Dynamic configuration is not saved, for example, dynamically learned MAC addresses are not saved. Each port in the stack has a specific Unit ID, port type, and port number, which are part of both the configuration commands and the configuration files.
Managing Stacking Stacking Overview Exchanging Stacking Members In normal operation of the stack, the running configuration file in the master is backed up to the secondary master when the secondary master becomes part of the stack or when any stack configuration change is made. In the event that the master goes down, the backup unit becomes the master with the stored configuration file.
Managing Stacking Configuring Stacking Management Configuring Stacking Management The Stacking Page allows network managers to either reset the entire stack or a specific device. Device configuration changes that are not saved before the device is reset are not saved. If the Stacking Master is reset, the entire stack is reset. In addition, Unit IDs can be changed on the Stacking Page. When configuring QoS for stacking, note that stacking only uses three queues. To configure stack control: 1. Click Mgmt.
Downloading Software with CLI Connecting a Terminal Appendix A. Downloading Software with CLI This section describes how to download system files using the Command Line Reference (CLI), and includes the following topics: • • • Connecting a Terminal Initial Configuration Downloading Software Connecting a Terminal Before connecting a device, ensure that the device has been installed according to the instructions described in the Allied Telesis AT-8000S Installation Guide.
Downloading Software with CLI Initial Configuration Initial Configuration Before a device can download system software, the device must have an initial configuration of IP address and network mask.
Downloading Software with CLI Downloading Software To check the configuration, enter the command “show ip interface” as illustrated in the following example. Console# show ip interface Proxy ARP is disabled IP Address I/F Type Broadcast Directed ------------ ------ ------ --------- 100.101.101.101/24 vlan 1 static disable User Name A user name is used to manage the device remotely, for example through SSH, Telnet, or the Web interface.
Downloading Software with CLI Downloading Software 2. Enter the copy command to download the boot file. Console# copy tftp://172.16.101.101/file2.rfb boot Accessing file 'file2' on 172.16.101.101... Loading file1 from 172.16.101.
Downloading Software with CLI Downloading Software 5. Enter the “copy” command to download the system file. Console# copy tftp://172.16.101.101/file1.ros image Accessing file 'file1' on 172.16.101.101... Loading file1 from 172.16.101.
Downloading Software with CLI Downloading Software Stacking Member Software Download Ensure the stack has been correctly connected as described in the Allied Telesis AT-S94 Installation Guide. Downloading software to Stacking Members can be performed in the following ways: • Download the software to an individual device in the stack. In this example the software is downloaded to the device defined as Stacking Member number 3. Download the software to all devices in the stack.
Downloading Software with CLI Downloading Software 5. Enter the “copy” command to download the system file. Console# copy tftp://172.16.101.101/file1.ros unit://3/image Accessing file 'file1' on 172.16.101.101... Loading file1 from 172.16.101.
System Defaults Appendix B.
System Defaults RS-232 Port Settings RS-232 Port Settings The following table contains the RS-232 port setting defaults: Data Bits 8 Stop Bits 1 Parity None Flow Control None Baud Rate 115,200 bps Port Defaults The following are the port defaults: Auto Negotiation Enabled Auto Negotiation advertised capabilities Enabled Auto MDI/MDIX Enabled Head of Line Blocking Enabled Back Pressure Disabled Flow Control Disabled Cable Analysis Disabled Optical Transceiver Analysis Disabled Ma
System Defaults Configuration Defaults Configuration Defaults The following are the initial device configuration defaults: Default User Name manager Default Password friend System Name None Comments None BootP Enabled DHCP Disabled Security Defaults The following are the system security defaults: Locked Ports Disabled 802.
System Defaults Spanning Tree Defaults Spanning Tree Defaults The following are the spanning tree defaults: STP Enabled STP Port Enable Rapid STP Enabled Multiple STP Disabled Fast Link Disabled Path Cost Long Address Table Defaults The following the Address Table defaults: Number of MAC Entries 8,000 MAC Address Aging Time 300 seconds VLAN-Aware MACbased Switching Enabled VLAN Defaults The following are the VLAN defaults: Possible VLANs 256 GVRP Disabled Management VLAN VLAN 1 Jo
System Defaults Trunking Defaults Trunking Defaults The following are the trunking defaults: Possible Trunks 8 Possible Ports per Trunk 8 LACP Ports/Trunk 16 Multicast Defaults The following are the Multicast defaults: IGMP Snooping Disable Maximum Multicast Groups 256 QoS Defaults The following are the QoS defaults: QoS Mode Disable Queue Mapping Cos Queue 0 2 1 1 2 1 3 2 4 3 5 3 6 4 7 4 DSCP Queue 1 0-15 2 16-31 3 32-47 4 48-63 Page 247
Index Index D Daylight saving time 36 Daylight Saving Time (DST) 36 Daylight Saving Time configuration broadcast time 35 DST per country 37 parameters 36 Default gateway 22 Delta 228 device management methods 41, 43 DHCP 22 DHCP database 98 DHCP Snooping 98 General Settings 93 Option 82 93 VLANs 94 DHCP snooping 93 DSCP 198, 200, 202 Dynamic Host Configuration Protocol (DHCP) 21 Symbols 802.
Index GVRP configuration 124, 125 H Host 127 HTTP 43, 54 I IGMP 151 interface configuration access profiles 41 Internet Group Management Protocol (IGMP) 150 IP Addresses 21 IP Base ACL 80, 86 IPv6 23 configuration 23 default gateway 27 interface definition 23 neighbor definition 30 prefixes 23 syntax 23 tunneling 29 IPv6 configuration 23 MDI 103 MDIX 103 MED LLDP port settings 187 MED network policy 184 MSTP interface 144 MSTP mapping 147 MSTP properties 143 Multicast 151, 153, 156 Multicast Forwarding
Index R Strict Priority 197, 200 Suspended 102 RADIUS 50 System Log RADIUS authentication 59 modify 132 RADIUS server System log 132 authentication methods 50 system log Rate limiting 204 configuration 129 Remote Authorization Dial-In User Service (RADIUS) 59 System time 34 Remote log server 129 restoring configuration file to factory defaults 207 RMON 225, 226, 228 RSTP 140 TACACS+ 50 Rules 43 Telnet 43, 53 Temporary 130 Terminal Access Controller Access Control System (TACACS+) 55 Samples 221 Threshold
