AT-GS950/10PS Gigabit Ethernet PoE+ Switch AT-GS950/10PS Switch Web Interface User’s Guide AT-S110 [1.00.
Copyright © 2013 Allied Telesis, Inc. All rights reserved. No part of this publication may be reproduced without prior written permission from Allied Telesis, Inc. Allied Telesis and the Allied Telesis logo are trademarks of Allied Telesis, Incorporated. All other product names, company names, logos or other designations mentioned herein are trademarks or registered trademarks of their respective owners. Allied Telesis, Inc.
Contents List of Figures .................................................................................................................................................. 9 List of Tables ................................................................................................................................................. 13 Preface ............................................................................................................................................................
Contents Forwarding Delay and Topology Changes........................................................................................... 65 Mixed STP and RSTP Networks .......................................................................................................... 67 Spanning Tree and VLANs .................................................................................................................. 68 Basic STP and RSTP Configuration..........................................................
AT-GS950/10PS Switch Web Interface User’s Guide Ingress Rate Limiting......................................................................................................................... 143 Egress Rate Limiting ......................................................................................................................... 143 Configuration............................................................................................................................................
Contents Overview...................................................................................................................................................202 SNMPv3 Authentication Protocols .....................................................................................................202 SNMPv3 Privacy Protocol ..................................................................................................................203 SNMPv3 MIB Views ...............................................
AT-GS950/10PS Switch Web Interface User’s Guide Overview .................................................................................................................................................. 258 CoS with Voice VLAN ........................................................................................................................ 258 Organization Unique Identifier (OUI) .................................................................................................
Contents Displaying System Information...........................................................................................................307 Setting Port States .............................................................................................................................307 Neighbors Information ..............................................................................................................................309 Chapter 25: Network Statistics .............................
List of Figures Figure 1. Entering a Switch’s IP Address in the URL Field................................................................................................ 22 Figure 2. Management Login Dialog Box .......................................................................................................................... 22 Figure 3. AT-GS950/10PS Switch Information Page......................................................................................................... 23 Figure 4.
Figures Figure 51. Example of AT-GS950/10PS Tagged VLAN Page ......................................................................................... 159 Figure 52. AT-GS950/10PS Modify VLAN Page.............................................................................................................. 159 Figure 53. AT-GS950/10PS VLAN Port Setting Page ..................................................................................................... 162 Figure 54. Port-Based VLAN Page ...............
AT-GS950/10PS Switch Web Interface User’s Guide Figure 111. Figure 112. Figure 113. Figure 114. Figure 115. Figure 116. Figure 117. Figure 118. Figure 119. Figure 120. Figure 121. Figure 122. Figure 123. Figure 124. Figure 125. Figure 126. Figure 127. Figure 128. Figure 129. Figure 130. Figure 131. Figure 132. Figure 133. Figure 134. Figure 135. Figure 136. Figure 137. Figure 138. Figure 139. Figure 140. Figure 141. Figure 142. Figure 143. Figure 144. Figure 145. Dial-In User Page Example .................
Figures 12
List of Tables Table 1. Bridge Priority Value Increments ...................................................................................... 63 Table 2. Valid Port Priority Values .................................................................................................. 65 Table 3. Default Mappings Priority Levels to Priority Queues ...................................................... 177 Table 4. Customized Mappings Priority Levels to Priority Queues ..........................................
List of Tables 14
Preface This guide contains instructions on how to use the AT-S110 Management Software to manage and monitor the AT-GS950/10PS Gigabit Ethernet PoE+ Switch. The AT-S110 Management software has a web browser interface that you can access from any management workstation on your network that has a web browser application.
Preface Document Conventions This document uses the following conventions: Note Notes provide additional information. Caution Cautions inform you that performing or omitting a specific action may result in equipment damage or loss of data. Warning Warnings inform you that performing or omitting a specific action may result in bodily injury.
AT-GS950/10PS Switch Web Interface User’s Guide Allied Telesis Contact Information If you need assistance with this product, you may contact Allied Telesis technical support by going to the Support & Services section of the Allied Telesis web site at www.alliedtelesis.com/support.
Preface 18
Section I Getting Started This section contains the following chapters: Chapter 1, “Starting a Web Browser Session” on page 21 Chapter 2, “System Configuration” on page 27 19
Chapter 1 Starting a Web Browser Session This chapter contains the procedures for starting, using, and quitting a web browser management session on the AT-GS950/10PS switch.
Chapter 1: Starting a Web Browser Session Establishing a Remote Connection to the Web Browser Interface The AT-GS950/10PS switch is shipped with a pre-assigned IP address of 192.168.1.1. After your initial login, Allied Telesis suggests that you assign a new IP address to your switch. To manually assign an IP address to the switch, refer to “Configuration of IP Address, Subnet Mask and Gateway Address” on page 30.
AT-GS950/10PS Switch Web Interface User’s Guide 4. Press OK. The AT-GS950/10PS Switch Information page is displayed. See Figure 3. Note To change the user name and password, refer to “User Name and Password Configuration” on page 34. Figure 3. AT-GS950/10PS Switch Information Page The main menu appears on the left side and is common for all of the management pages discussed in this manual.
Chapter 1: Starting a Web Browser Session LLDP Statistics Chart Tools Save Configuration 5. To see the front panel of the switch, select Front Panel from the main menu on the left side of the page. The AT-S110 Management software displays the front of the switch. Ports are green that have a link to an end node. Ports without a link are grey. The AT-GS950/10PS switch front panel page is shown in Figure 4. Figure 4.
AT-GS950/10PS Switch Web Interface User’s Guide Web Browser Tools You can use the web browser tools to move around the management pages. Selecting Back on your browser’s toolbar returns you to the previous display. You can also use the browser’s Bookmark feature to save the link to the switch.
Chapter 1: Starting a Web Browser Session Quitting a Web Browser Management Session To exit a web browser management session, close the web browser.
Chapter 2 System Configuration This chapter provides procedures to configuring basic system parameters for the AT-GS950/10PS switch and contains information for the following sections: “System Management Information” on page 28 “Configuration of IP Address, Subnet Mask and Gateway Address” on page 30 “IP Access List Configuration” on page 32 “User Name and Password Configuration” on page 34 “User Interface Configuration” on page 37 “System Time” on page 39 “SSL Settings” on page
Chapter 2: System Configuration System Management Information This section explains how to assign a name, location, and contact information for the AT-GS950/10PS switch. This information helps in identifying each specific AT-GS950/10PS switch among other switches in the same local area network. Entering this information is optional. Note Allied Telesis recommends that you assign a name to the switch. Naming each switch can help you identify the specific switch you want to manage among others.
AT-GS950/10PS Switch Web Interface User’s Guide System Name - Specifies a name for the switch, for example, Sales. The name is optional and may contain up to 15 characters. System Location - Specifies the location of the switch. The location is optional and may contain up to 30 characters. System Contact - Specifies the name of the network administrator responsible for managing the switch. This contact name is optional and may contain up to 30 characters. 4. Click Apply. 5.
Chapter 2: System Configuration Configuration of IP Address, Subnet Mask and Gateway Address This procedure explains how to change the IP address, subnet mask, and gateway address of the switch. Before performing the procedure, note the following: A gateway address is only required if you want to remotely manage the device from a management station that is separated from the switch by a router.
AT-GS950/10PS Switch Web Interface User’s Guide System Default Gateway - Displays the default gateway of the switch. To change the default gateway, enter a new gateway. When DHCP is enabled, you cannot change this parameter. DHCP Mode - For information about setting this parameter, refer to “DHCP Client Configuration” on page 45. 4. Click Apply. Note Changing the IP address ends your management session.
Chapter 2: System Configuration IP Access List Configuration When the IP Access List feature is enabled, remote access to the AT-S110 management software is restricted to the IP addresses entered into the IP Access List. The procedures in this section describe how to enable or disable the IP Access List feature and how to add or remove IP addresses from the list.
AT-GS950/10PS Switch Web Interface User’s Guide 5. From the IP Restriction Status field, select one of the following choices from the pull-down menu: Enable - This selection restricts the access to the AT-S110 management software to the IP addresses in the table listed under Accessible IP. Disable - This selection allows unrestricted access to the AT-S110 management software. 6. Click Apply. Access to the management software is now restricted to those IP addresses listed in the IP Access List table. 7.
Chapter 2: System Configuration User Name and Password Configuration Password protection is always enabled for access to the AT-S110 Management software. This section explains how to create new users names and passwords and how to modify or delete existing users for the web interface.
AT-GS950/10PS Switch Web Interface User’s Guide 4. To add a password that corresponds to the user name entered in step 3, enter a password of up to 12 alphanumeric characters in the box next to the Password field. The Password field is case sensitive. 5. To confirm the password entry, retype the password in the box next to the Confirm Password field. 6. Click Add to activate your changes on the switch. 7.
Chapter 2: System Configuration Delete User Name and Password To delete a user name that you have previously added, perform the following procedure. 1. From the main menu on the left side of the page, click the System folder. The System folder expands. 2. From the System folder, select Administration. The Administration Page is shown in Figure 8 on page 34. 3. Identify the user name that you want to delete and click Delete. The user name is removed from the Administration table.
AT-GS950/10PS Switch Web Interface User’s Guide User Interface Configuration This procedure explains how to enable and disable the user interfaces on the switch. With this procedure you can enable or disable the AT-GS950/ 10PS SNMP Agent. For more information about SNMP, go to Chapter 20, “Simple Network Management Protocol SNMPv1 and v2c” on page 263 and Chapter 21, “Simple Network Management Protocol SNMPv3” on page 273. Note The Web Server Status is displayed as Enabled for your information only.
Chapter 2: System Configuration Note See Chapter 20, “Simple Network Management Protocol SNMPv1 and v2c” on page 263 and Chapter 21, “Simple Network Management Protocol SNMPv3” on page 273 to configure the remaining SNMP parameters. 4. Click Apply located under the Web Server Status Enable/Disable field. 5. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes.
AT-GS950/10PS Switch Web Interface User’s Guide System Time The procedures in this section describe how to configure the system time by manually entering the time or through SNTP and how to configure the daylight savings time feature. See the following sections: Manually Setting System Time “Manually Setting System Time” on page 39 “Setting SNTP” on page 40 “Setting Daylight Savings Parameters” on page 41 To set the system time manually, perform the following procedure: 1.
Chapter 2: System Configuration 4. In the Local Time Settings section, set the Date Setting (YYYY:MM:DD) to the current date in the YYYY:MM:DD format. 5. In the Local Time Settings section, set the Time Settings (HH:MM:SS) to the current time in the HH:MM:SS format. 6. Click the Apply button at the bottom of the page. The time will take effect immediately. 7.
AT-GS950/10PS Switch Web Interface User’s Guide Setting Daylight Savings Parameters If you want to configure the switch for daylight savings time, perform the following procedure: 1. From the main menu on the left side of the page, click the System folder. The System folder expands. 2. From the System folder, select System Time. The System Time Page is displayed. See Figure 11 on page 39. 3. In the Daylight Savings Time Status field, select Enabled. 4.
Chapter 2: System Configuration SSL Settings The AT-GS950/10PS switch has a web browser server for remote management of the unit with a web browser application from management workstations on your network. By default, the server operates in a non-secure HTTP mode and can be configured to communicate in a secure HTTPS mode with SSL protocol.
AT-GS950/10PS Switch Web Interface User’s Guide 4. Click Apply. The SSL setting that you have selected is now active. 5. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes.
Chapter 2: System Configuration DHCP and ATI Web Discovery Tool The AT-GS950/10PS Gigabit Ethernet Smart switch is managed through a web browser interface only. The factory default IP address is 192.168.1.1. The switch does not have a local console connector, which means that you cannot learn what the switch’s management IP address is on a web browser without first knowing what the address is. Once the IP address is known, you can enter it in the browser.
AT-GS950/10PS Switch Web Interface User’s Guide DHCP Client Configuration This procedure explains how to activate and deactivate the DHCP client on the AT-GS950/10PS switch. When the client is activated, the switch obtains its IP configuration including an IP address and subnet mask from a DHCP server on your network. Before performing the procedure, note the following: By default, the DHCP client is disabled on the switch. The DHCP client supports DHCP Auto Configuration Settings or BOOTP.
Chapter 2: System Configuration Note The ATI Web Discovery Tool is available for download on the ATGS950/10PS product page at alliedtelesis.com. 6. Follow the procedure to log on with the new IP address provided by the DHCP Server as described in “Establishing a Remote Connection to the Web Browser Interface” on page 20. 7. Save your new settings or any changes to the configuration file by selecting Save Configuration to Flash from the main menu on the left side of the page.
AT-GS950/10PS Switch Web Interface User’s Guide DHCP Auto Configuration If you need to automatically update the switch’s configuration files via a remote server, the DHCP Auto Configuration feature is available for this purpose via the DHCP server. Note You must enable the DHCP client so that this feature can operate with the DHCP server. See “DHCP Client Configuration” on page 45 for more information. To configure this feature on the switch, perform the following procedure: 1.
Chapter 2: System Configuration System Information Display The Switch Information page is initially displayed when you first log into the AT-GS950/10PS switch. It provides general information about the switch. To view this information, perform the following procedure: 1. From the main menu on the left side of the page, select Switch Info. The Switch Information Page is displayed. See Figure 14. Figure 14.
AT-GS950/10PS Switch Web Interface User’s Guide Administration Information Section: Switch Name - This parameter displays the name assigned to the switch. To assign the switch a name, refer to “System Management Information” on page 28. Switch Location - This parameter displays the location of the switch. To assign the location, refer to “System Management Information” on page 28. Switch Contact - This parameter displays the contact person responsible for managing the switch.
Chapter 2: System Configuration System Log Configuration The System log is designed to monitor the operation the AT-GS950/10PS switch by recording the event messages it generates during normal operation. These events may provide vital information about system activity that can help in the identification and solutions of system problems. To configure the System log, perform the following procedure: 1. From the main menu on the left side of the page, click the System folder. The System folder expands. 2.
AT-GS950/10PS Switch Web Interface User’s Guide 3. From the Syslog Status field, select one of the following choices from the pull-down menu: Enable - The System log is active. Disable - The System log is inactive. 4. From the Time Stamp field, select one of the following choices from the pull-down menu: Enable - Each event message recorded in the log will have a time stamp recorded with it. Disable - No time stamp will be recorded with the event messages. 5. Enter the Messages Buffer Size.
Chapter 2: System Configuration 52
Section II Bridge Configuration This section contains the following chapters: Chapter 3, “Port Configuration” on page 55 Chapter 4, “STP and RSTP” on page 61 Chapter 5, “Multiple Spanning Tree Protocol” on page 79 Chapter 6, “Static Port Trunking” on page 93 Chapter 7, “LACP Port Trunks” on page 103 Chapter 8, “Port Mirroring” on page 113 Chapter 9, “Loopback Protection” on page 119 Chapter 10, “MAC Address Table” on page 123 Chapter 11, “IGMP Snooping” on page 135 C
Chapter 3 Port Configuration This chapter provides a description of the physical characteristics of the ports and a procedure that explains how to view and change the port settings. This chapter includes the following sections: “Overview” on page 56 “Displaying and Configuring Ports” on page 57 Note To permanently save your new settings or any changes to the configuration file, select Save Configuration to Flash from the main menu on the left side of the page.
Chapter 3: Port Configuration Overview This chapter describes how to display and modify the physical characteristics of an AT-GS950/10PS switch. You can display and modify the settings of all the ports on one web page. The port characteristics that are displayed are: Trunk Group Number Port type Link Status Admin Status Duplex Mode Jumbo frame Flow control EAP Pass BPDU frame These characteristics are described in the next section.
AT-GS950/10PS Switch Web Interface User’s Guide Displaying and Configuring Ports This procedure explains how to configure the ports on the AT-GS950/10PS switch using the Port Configuration Page. This page allows you to view and configure the parameter settings of individual or all the switch ports at one time. To configure the ports, perform the following procedure: 1. From the main menu on the left side of the page, select Physical Interface. Figure 16. AT-GS950/10PS Physical Interface Page 2.
Chapter 3: Port Configuration for the SFP ports (9 and 10) for copper or fiber SFP type. Link Status - This parameter indicates the status of the link between the port and the end node connected to the port. The possible values are: Up -This parameter i Indicates a valid link exists between the port and the end node. Down -This parameter i Indicates the port and the end node have not established a valid link. Admin. Status -This parameter indicates the operating status of the port.
AT-GS950/10PS Switch Web Interface User’s Guide settings for the port. You can use this parameter to set the speed and duplex mode of a port. The possible settings are: Ignore -This parameter i Indicates that the All setting does not apply to the Mode field. In other words, each port is set individually. Auto -This parameter i Indicates the port is using AutoNegotiation to set the operating speed and duplex mode.
Chapter 3: Port Configuration notify the end node to stop transmitting for a specified period of time. The possible values are: Ignore - This parameter indicates that the All setting does not apply to the Flow Control field. In other words, each port is set individually. Enabled - This parameter indicates that the port is permitted to use flow control. Disabled - This parameter indicates that the port is not permitted to use flow control.
Chapter 4 STP and RSTP This chapter provides background information about the Spanning Tree Protocol (STP) and the Rapid Spanning Tree Protocol (RSTP). In addition, there are procedures to configure STP and RSTP. The sections in the chapter include: “Overview” on page 62 “Basic STP and RSTP Configuration” on page 70 “Configure RSTP Port Settings” on page 73 “Spanning Tree Topology” on page 78 For detailed information about STP, refer to IEEE Std 802.1D.
Chapter 4: STP and RSTP Overview The performance of a Ethernet network can be negatively impacted by the formation of a data loop in the network topology. A data loop exists when two or more nodes on a network can transmit data to each other over more than one data path. The problem that data loops pose is that data packets can become caught in repeating cycles, referred to as broadcast storms, that needlessly consume network bandwidth and can significantly reduce network performance.
AT-GS950/10PS Switch Web Interface User’s Guide Bridge Priority and the Root Bridge The first task that bridges perform when a spanning tree protocol is activated on a network is the selection of a root bridge. A root bridge distributes network topology information to the other network bridges and is used by the other bridges to determine if there are redundant paths in the network.
Chapter 4: STP and RSTP Path Costs and Port Costs After the root bridge has been selected, the bridges determine if the network contains redundant paths and, if one is found, select a preferred path while placing the redundant paths in a backup or blocking state. Where there is only one path between a bridge and the root bridge, the bridge is referred to as the designated bridge and the port through which the bridge is communicating with the root bridge is referred to as the root port.
AT-GS950/10PS Switch Web Interface User’s Guide . Forwarding Delay and Topology Changes Table 2. Valid Port Priority Values Step Port Priority 1 0 2 16 3 32 4 48 5 64 6 80 7 96 8 112 9 128 10 144 11 160 12 176 13 192 14 208 15 224 16 240 If there is a change in the network topology due to a failure, removal, or addition of any active components, the active topology also changes. This may trigger a change in the state of some blocked ports.
Chapter 4: STP and RSTP The forwarding delay value is adjustable in the AT-S110 Management software. The appropriate value for this parameter depends on a number of variables; the size of your network is a primary factor. For large networks, you should specify a value large enough to allow the root bridge sufficient time to propagate a topology change throughout the entire network.
AT-GS950/10PS Switch Web Interface User’s Guide Point-to-Point Ports Figure 17. Point-to-Point Ports A port operates as an edge port when it is connected to a network terminal device such as a workstation or a server. An edge port on a bridge should not have any STP or RSTP devices connected to it either directly or through another device connected to that port. In this configuration since the port has no STP or RSTP devices connected to it, it will always forward network traffic.
Chapter 4: STP and RSTP Spanning Tree and VLANs The spanning tree implementation in the AT-S110 Management software can be a single-instance spanning tree as described in this chapter. If you choose to define multiple spanning trees on this switch, go to Chapter 5, “Multiple Spanning Tree Protocol” on page 79. The single spanning tree encompasses all ports on the switch. If the ports are divided into different VLANs, the spanning tree crosses the VLAN boundaries.
AT-GS950/10PS Switch Web Interface User’s Guide VLAN VLAN VLAN 1-3 1-3 1-3 T T T Ports blocked by STP Blocked Data Links T T T VLAN VLAN VLAN 1-3 1-3 1-3 Figure 20. STP and VLAN Compatibility with Tagged Ports Note For information about tagged and untagged ports, refer to Chapter 13, “VLAN Overview” on page 150.
Chapter 4: STP and RSTP Basic STP and RSTP Configuration To configure the basic STP and RSTP settings, perform the following procedure: 1. From the main menu on the left side of the page, select Bridge. The Bridge folder expands. 2. From the Bridge folder, select the Spanning Tree folder. The Spanning Tree folder expands. 3. From the Spanning Tree folder, select the RSTP folder. The RSTP folder expands. 4. Form the RSTP folder, select RSTP. The Rapid Spanning Tree Configuration Page is displayed.
AT-GS950/10PS Switch Web Interface User’s Guide The RSTP Configuration page allows you to configure basic STP (STP-Compatible) or RSTP protocols as well as to view current settings of the feature. In the upper portion of the page, you can set the following parameters: Global RSTP Status - Set this field to activate or de-activate the RSTP feature on the switch.
Chapter 4: STP and RSTP The following parameters refer to the designated root bridge. You cannot change these fields. Designated Root - This parameter includes two fields: the root bridge priority and the MAC address of the root bridge. For example, 1000 00C08F1211BB shows the root bridge priority as 1000, and 00C08F1211BB as the MAC address. Hello Time - This parameter is the Hello Me. See “Hello Time and Bridge Protocol Data Units (BPDU)” on page 66. This parameter affects only the root bridge.
AT-GS950/10PS Switch Web Interface User’s Guide Configure RSTP Port Settings This section contains the following topics: Configure the Basic RSTP Port Settings “Configure the Basic RSTP Port Settings,” next “Configure the Advanced RSTP Port Settings” on page 75 To configure the basic RSTP port settings, perform the following procedure: 1. From the main menu on the left side of the page, select Bridge. The Bridge folder expands. 2. From the Bridge folder, select the Spanning Tree folder.
Chapter 4: STP and RSTP sent or received on a the port except for BPDU data. A port with a higher path cost to the root bridge than another on the switch will cause a switching loop and is placed in the blocking state by the Spanning Tree algorithm. The port’s state may change to the forwarding state if the other links in use fail and the Spanning Tree algorithm determines the port may transition to the forwarding state. Listening - This state occurs on a port during the convergence process.
AT-GS950/10PS Switch Web Interface User’s Guide Enable - The spanning tree protocol (both RSTP or STPCompatible) is enabled on the port. Disabled - The spanning tree protocol (both RSTP or STPCompatible) is disabled on the port. Priority - Indicates the port priority. See “Port Priority” on page 64 for more information. Path Cost - Indicates the Path Cost assigned to each port. For STP, the range is from 0 to 65,535. For RSTP, the range is from 0 to 200,000,000.
Chapter 4: STP and RSTP This page displays the following information about the ports: Port - Indicates ports 1 through 10 on the AT-GS950/10PS switch. You can select the All row to apply the same setting to all ports of your switch for the AdminOperEdge, Admin/OperPtoP, and Migration fields. Trunk - Indicates the trunk assignment of a port. Link - Indicates that the port’s link is active (Up) or inactive (Down).
AT-GS950/10PS Switch Web Interface User’s Guide this port receives root path cost information that is greater than the root port's path cost and less than any other port's received information, then this port becomes the designated port. Backup - Any operational Bridge Port that is not a Root or Designated Port is a Backup Port if the Bridge is the Designated Bridge for the attached LAN.
Chapter 4: STP and RSTP Spanning Tree Topology To view the current spanning tree topology, perform the following procedure: 1. From the main menu on the left side of the page, select Bridge. This folder expands. 2. From the Bridge folder, select the Spanning Tree folder. 3. From the Spanning Tree folder, select Topology Info. The AT-GS950/10PS Designated Topology Information Page is displayed. See Figure 24 for a partial view of this page. Figure 24.
Chapter 5 Multiple Spanning Tree Protocol This chapter provides the procedures for configuring Multiple Spanning Tree Protocol (MSTP). You can find an overview and configuration guidelines for this feature in “MSTP Overview” on page 349.
Chapter 5: Multiple Spanning Tree Protocol Multiple Spanning Tree Configuration To configure the MSTP settings, perform the following procedure: 1. From the main menu on the left side of the page, select Bridge. The Bridge folder expands. 2. From the Bridge folder, select the Spanning Tree folder. The Spanning Tree folder expands. 3. From the Spanning Tree folder, select the MSTP folder. The MSTP folder expands. 4. From the MSTP folder, select MSTP.
AT-GS950/10PS Switch Web Interface User’s Guide following parameters: Global MSTP Status - Set this field to Enable or Disable the MSTP feature on the switch. The Global MSTP Status must be set to Enable before the other MSTP configuration parameters can be set. Note Both RSTP and BPDU Passthrough must be disabled before you enable MSTP. Caution Enabling or disabling MSTP causes the switch to temporarily stop switching Ethernet network traffic.
Chapter 5: Multiple Spanning Tree Protocol Forward Delay - The Forward Delay defines the time that the bridge spends in the listening and learning states. Its range is 4 - 30 seconds. Maximum Hop Count - The Maximum Hop Count is a parameter set in a BPDU packet when it originates. It is decremented by 1 each time it is retransmitted by the next bridge. When the Hop Count value reaches zero, the bridge drops the BPDU packet. Its range is 6 - 40 hops.
AT-GS950/10PS Switch Web Interface User’s Guide Port Configuration To configure the MSTP parameters for each of the ports, perform the following procedure: 1. From the main menu on the left side of the page, select Bridge. The Bridge folder expands. 2. From the Bridge folder, select the Spanning Tree folder. The Spanning Tree folder expands. 3. From the Spanning Tree folder, select the MSTP folder. The MSTP folder expands. 4. From the MSTP folder, select MSTP Port Configuration.
Chapter 5: Multiple Spanning Tree Protocol ForcedTrue - The port is connected to a network device in the network topology. ForcedFalse - The port is not connected to a network device in the network topology. Auto - The switch will automatically determine the port type. Edge Port - Indicates if a port is connected to an edge device in the network topology or not. See “Point-to-Point and Edge Ports” on page 66 for more information.
AT-GS950/10PS Switch Web Interface User’s Guide Restricted TCN - The Restricted TCN parameter does not allow Topology Change Notification (TCN) BPDUs to be processed on the port. True - The port cannot process receive/transmit TCN BPDUs. False - The port can process receive/transmit TCN BPDU packets. 5. Once you have configured the parameters, click Apply in the Action column. 6. If you choose to change the MSTP port configuration for other ports, repeat steps 4 and 5. 7.
Chapter 5: Multiple Spanning Tree Protocol VLAN Mapping You can create, modify and delete MSTP settings with the procedures in the following sections: Open MSTP VLAN Mapping Page ”Open MSTP VLAN Mapping Page” ”Create VLAN Mapping to MST Instance”. “Modify MST Instance” on page 87. “Delete MST Instance” on page 87. 1. From the main menu on the left side of the page, select Bridge. The Bridge folder expands. 2. From the Bridge folder, select the Spanning Tree folder.
AT-GS950/10PS Switch Web Interface User’s Guide 5. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes. Modify MST Instance If you wish to modify a MST Instance, you must first delete the instance and then redefine it. Refer to “Create VLAN Mapping to MST Instance” on page 86 for more information. Delete MST Instance 1. In the Action column of the table, click on Delete for the MST Instance that want to delete.
Chapter 5: Multiple Spanning Tree Protocol Port Settings To configure the MSTP port settings, perform the following procedure: 1. From the main menu on the left side of the page, select Bridge. The Bridge folder expands. 2. From the Bridge folder, select the Spanning Tree folder. The Spanning Tree folder expands. 3. From the Spanning Tree folder, select the MSTP folder. The MSTP folder expands. 4. From the MSTP folder, select MSTP Port Settings. The MSTP Port Settings Page is displayed. See Figure 28.
AT-GS950/10PS Switch Web Interface User’s Guide 6. If you choose to change the MSTP port settings for other ports, repeat steps 4 and 5. 7. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes.
Chapter 5: Multiple Spanning Tree Protocol Topology Information To configure the MSTP port settings, perform the following procedure: 1. From the main menu on the left side of the page, select Bridge. The Bridge folder expands. 2. From the Bridge folder, select the Spanning Tree folder. The Spanning Tree folder expands. 3. From the Spanning Tree folder, select the MSTP folder. The MSTP folder expands. 4. From the MSTP folder, select MSTP Port Settings.
AT-GS950/10PS Switch Web Interface User’s Guide Regional Root - The root bridge of the MST instance. Regional Root Priority - The priority of the regional root port. Regional Path Cost - The path cost from the regional root port to the regional root bridge. Type - This specifies the regional port type which can be either a point-to-point or an edge type port. See “Point-to-Point and Edge Ports” on page 66 for more information.
Chapter 5: Multiple Spanning Tree Protocol 92
Chapter 6 Static Port Trunking This chapter contains a description of port trunking and the procedures for creating, modifying, and deleting a static port trunk. The following topics are discussed: “Overview” on page 94 “Create a Port Trunk” on page 97 “Modify a Port Trunk” on page 99 “Disable a Port Trunk” on page 101 Note For information about Link Aggregation Control Protocol (LACP) port trunking, see Chapter 11, “LACP Port Trunks” on page 155.
Chapter 6: Static Port Trunking Overview A port trunk is an economical way for you to increase the bandwidth between the Ethernet switch and another networking device, such as a network server, router, workstation, or another Ethernet switch. A port trunk is a group of ports that have been grouped together to function as one logical path.
AT-GS950/10PS Switch Web Interface User’s Guide Network equipment vendors tend to employ different techniques to implement static trunks. Consequently, a static trunk on one device may be incompatible with the same feature on a device from a different manufacturer. For this reason static trunks are typically employed only between devices from the same vendor.
Chapter 6: Static Port Trunking A port can belong to only one static trunk at a time. The ports of a static trunk can be configured to be members of more than one VLAN. The ports of a static trunk can be either untagged or untagged members of the same VLAN. The switch selects a port in the trunk to handle broadcast packets and packets of unknown destination. The switch makes this choice based on a hash algorithm, depending upon the source and destination MAC addresses.
AT-GS950/10PS Switch Web Interface User’s Guide Create a Port Trunk This procedure explains how to create a static port trunk. Caution Do not connect the cables of a port trunk to the ports on the switch until you have configured the ports on both the switch and the end nodes. Connecting the cables prior to configuring the ports can create loops in your network topology. Loops can result in broadcast storms which can severely limited the effective bandwidth of your network.
Chapter 6: Static Port Trunking A check in a box indicates the port is a member of the trunk. No check means the port is not a member. A port trunk can contain up to eight ports. 5. Change the Trunk Status from Disable to another setting. The choice in the status field are the following: Active - The specific aggregator will broadcast and respond to LACPDU (LACP Data Unit) packets. This setting enables the LACP feature for the trunk.
AT-GS950/10PS Switch Web Interface User’s Guide Modify a Port Trunk This procedure explains how to change the status of a port trunk and add or remove ports from a port trunk. Caution Before you disable or modify a port trunk, disconnect all of the cables from the ports of the trunk. Leaving the cables connected during the reconfiguration of a trunk can create loops in your network topology. Loops can result in broadcast storms which can severely limited the effective bandwidth of your network.
Chapter 6: Static Port Trunking 9. Configure the port trunk on the other switch with the same parameters. 10. Connect the Ethernet cables between trunk ports on the AT-GS950/ 10PS switch and the trunk ports on the other switch.
AT-GS950/10PS Switch Web Interface User’s Guide Disable a Port Trunk This procedure explains how to disable a port trunk. Caution Before you disable or modify a port trunk, disconnect all of the cables from the ports of the trunk. Leaving the cables connected during the reconfiguration of a trunk can create loops in your network topology. Loops can result in broadcast storms which can severely limited the effective bandwidth of your network. To disable a port trunk, perform the following procedure: 1.
Chapter 6: Static Port Trunking 102
AT-GS950/10PS Switch Web Interface User’s Guide Chapter 7 LACP Port Trunks This chapter contains overview information about LACP port trunks and the procedures for setting this feature.
Chapter 7: LACP Port Trunks Overview LACP (Link Aggregation Control Protocol) port trunks perform the same function as static trunks. They increase the bandwidth between network devices by distributing the traffic load over multiple physical links. The advantage of an LACP trunk over a static port trunk is its flexibility. While implementations of static trunking tend to be vendor specific, the AT-S110 Management software implementation of LACP is compliant with the IEEE 802.
AT-GS950/10PS Switch Web Interface User’s Guide System Priority It is possible for two devices interconnected by an aggregate trunk to encounter a conflict when they form the trunk. For example, the two devices might not support the same number of active ports in an aggregate trunk or might not agree on which ports are active and which are in standby mode. If a conflict does occur, the two devices need a mechanism for resolving the problem and deciding whose LACP settings take precedence.
Chapter 7: LACP Port Trunks Port Priority Value The switch uses a port’s LACP priority to determine which ports are active and which are in the standby mode in situations where the number of ports in the aggregate trunk exceeds the highest allowed number of active ports. This parameter is a value in a range of 1 to 255, based on the port number. For instance, the priority values for ports 2 and 11 are 002 and 011, respectively. The lower the number, the higher the priority.
AT-GS950/10PS Switch Web Interface User’s Guide General Guidelines The following guidelines apply when creating aggregators: LACP must be activated on both the AT-GS950/10PS switch and its partner device. The other device must be 802.3ad-compliant. The AT-S110 Management software supports up to eight active ports in an aggregate trunk at a time.
Chapter 7: LACP Port Trunks unknown destination. 108 Prior to creating an aggregate trunk between an Allied Telesis device and another vendor’s device, refer to the vendor’s documentation to determine the maximum number of active ports the device can support in a trunk. If the number is less than eight, the maximum number for the AT-GS950/10PS switch, you should assign the other vendor’s device a higher system LACP priority than your AT-GS950/10PS switch.
AT-GS950/10PS Switch Web Interface User’s Guide Group Status To display the LACP Group Status, perform the following procedure: 1. Select the Bridge folder. The Bridge folder expands. 2. From the Bridge folder, select the Trunk Config folder. The Trunk Config folder expands. 3. From the Trunk Config folder, select LACP Group Status. The LACP Group Status Page is displayed. See Figure 32. Figure 32.
Chapter 7: LACP Port Trunks The System Priority is a preassigned value that you cannot alter. This value applies to the switch. See “System Priority” on page 105. The System ID is a MAC address value assigned to the individual switch. You cannot change this value. Group 1 to 8 indicates the ID number of the trunk (aggregation group). Configuration Example Use the procedure given in “Create a Port Trunk” on page 97 to configure Trunk ID 1 as Active with ports 3, 4 and 5.
AT-GS950/10PS Switch Web Interface User’s Guide Figure 34. LACP Group Status Page with Three Cables Connected You can now see that each port has been grouped under a single aggregator since the ports are now in a Link-Up status.
Chapter 7: LACP Port Trunks Port Priority Configuration To select a priority for an LACP port, perform the following procedure: 1. Select the Bridge folder. The Bridge folder expands. 2. From the Bridge folder, select the Trunk Config folder. The Trunk Config folder expands. 3. From the Trunk Config folder, select Port Priority. The AT-GS950/10PS Port Priority Page is displayed. See Figure 35 for a partial view of this page. Figure 35.
Chapter 8 Port Mirroring This chapter describes the Port Mirroring feature and the procedure for setting up port mirroring. Port mirroring allows you to unobtrusively monitor the ingress and egress traffic on a port by having the traffic copied to another port.
Chapter 8: Port Mirroring Overview The port mirroring feature allows you to unobtrusively monitor the traffic received and transmitted on one or more ports by copying the traffic to another switch port. You can connect a data analyzer to the port where the traffic is copied and monitor the traffic on the other ports without impacting network performance or speed. A port mirror has two component ports. The port or ports whose traffic you want to mirror is called the source port(s).
AT-GS950/10PS Switch Web Interface User’s Guide Port Mirroring Configuration To configure Port Mirroring, perform the following procedure: 1. Select the Bridge folder. The Bridge folder expands. 2. From the Bridge folder, select Mirroring. The Mirroring Page is displayed. See Figure 36. Figure 36. AT-GS950/10PS Mirroring Page 3.
Chapter 8: Port Mirroring 7. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes.
AT-GS950/10PS Switch Web Interface User’s Guide Disable Port Mirroring To disable Port Mirroring, perform the following procedure: 1. Select the Bridge folder. The Bridge folder expands. 2. From the Bridge folder, select Mirroring. The Mirroring page is shown in Figure 36 on page 115. 3. From the Status field, select Disable and click Apply. Port mirroring is immediately disabled on the switch and the parameters on the web page become inactive.
Chapter 8: Port Mirroring 118
Chapter 9 Loopback Protection This chapter explains how to configure the Loopback Protection feature for specific ports on the AT-GS950/10PS switch. If the Tx and Rx pairs on the same port are connected, then this feature detects this condition and disables the port for a pre-configured amount of time.
Chapter 9: Loopback Protection Configuration To configure the Loopback Detection feature, perform the following procedure: 1. From the main menu on the left side of the page, select Bridge. The Bridge folder expands. 2. From the Bridge folder, select Loopback Detection. A partial view of the AT-GS950/10PS Loopback Detection Page is displayed. See Figure 37. Figure 37. AT-GS950/10PS Loopback Detection Page 3.
AT-GS950/10PS Switch Web Interface User’s Guide 4. Under the Loopback Detection Global Settings, configure the following parameters: Interval: This parameter sets the interval of time that the ports are tested. The range is 1 to 32767 seconds. Recover Time: This parameter sets the amount of time that the port will take to recover once the loopback condition has been removed. The range is 60 to 1000000 seconds. If the Recover Time is set to 0, the port recovery is disabled until it is manually reset.
Chapter 9: Loopback Protection Status The status of the Loopback Detection is given in the Loop Status column of the table at the bottom of the Loopback Detection page. See Figure 37 on page 120. The status is one of the following states: Normal: This status indicates that the port does not have the Tx to Rx pairs connected. Disabled: This status indicates that the port does not have the Tx to Rx pairs connected.
Chapter 10 MAC Address Table This chapter provides a description of the static multicast MAC address feature and the procedure for configuring it.
Chapter 10: MAC Address Table Overview The AT-GS950/10PS switch has a MAC address table with a storage capacity of up to 8,000 entries. The table stores the MAC addresses of the network nodes connected to its ports and the port number where each address is learned. There are two types of MAC addresses, dynamic and static. Dynamic MAC addresses are addresses that the switch learns automatically by examining the source MAC addresses of the frames received by the ports.
AT-GS950/10PS Switch Web Interface User’s Guide predefined ports entered in the MAC table without any configuration delays or loss of data.
Chapter 10: MAC Address Table Static Unicast MAC Address Configuration This procedure explains how to set the static multicast feature for each port on the AT-GS950/10PS switch. Before beginning this procedure, you must create either an 802.1Q VLAN ID or a Port-Based VLAN Index. For information about defining these parameters, see: “Tagged VLAN Configuration” on page 157 regarding the 802.1Q VLAN ID parameter. “Port-Based VLAN Configuration” on page 164 regarding the PortBased VLAN Index parameter.
AT-GS950/10PS Switch Web Interface User’s Guide Note An error message is generated when you enter a VLAN ID or VLAN Index which is not been defined or when you enter a VLAN ID or VLAN Index without also clicking on the respective radio button. 4. In the Group MAC Address field, enter a unicast MAC address. 5. Assign the MAC address a Port Member (or members) by selecting the check box beside each port number. Note You can assign a maximum limit of 256 static unicast addresses on the switch. 6. Click Add.
Chapter 10: MAC Address Table Modify Static Unicast Address To modify the port assignment of a unicast MAC address in the MAC address table, perform the following procedure: 1. From the main menu on the left side of the page, select the Bridge folder. 2. From the Bridge folder, select Static Unicast. The Static Unicast Address Table Page is displayed. See Figure 38 on page 126. 3. Select Modify next to the static MAC address that you want to change. The Modify Static Unicast Address Page is displayed.
AT-GS950/10PS Switch Web Interface User’s Guide Delete Static Unicast Address To delete a unicast MAC address from the MAC address table, perform the following procedure: 1. From the main menu on the left side of the page, select the Bridge folder. 2. From the Bridge folder, select Static Unicast. The Static Unicast Address Table Page is displayed. See Figure 38 on page 126. 3. Select delete next to the static unicast address that you want to remove.
Chapter 10: MAC Address Table Static Multicast Address Configuration This procedure explains how to set the static multicast feature for each port on the AT-GS950/10PS switch. Before beginning this procedure, you must create an 802.1Q VLAN ID or a Port-Based VLAN Index. For information about defining these parameters, see: “Tagged VLAN Configuration” on page 157 regarding the 802.1Q VLAN ID parameter. “Port-Based VLAN Configuration” on page 164 regarding the PortBased VLAN Index parameter.
AT-GS950/10PS Switch Web Interface User’s Guide Note An error message is generated when you enter a VLAN ID or VLAN Index which is not been defined or when you enter a VLAN ID or VLAN Index without also clicking on the respective radio button. 4. In the Group MAC Address field, enter a multicast MAC address. The range is from 01:00:5E:00:01:00 to 01:00:5E:7F:FF:FF. 5. Assign the MAC address a Group Member (or members) by selecting the check box beside each port number.
Chapter 10: MAC Address Table 7. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes.
AT-GS950/10PS Switch Web Interface User’s Guide Modify Static Multicast Address To modify the port assignment of a multicast MAC address in the MAC address table, perform the following procedure: 1. From the main menu on the left side of the page, select the Bridge folder. 2. From the Bridge folder, select Static Multicast. The Static Multicast Address Table Page is displayed. See Figure 41 on page 130. 3. Select Modify next to the static MAC address that you want to change.
Chapter 10: MAC Address Table Delete Static Multicast Address To delete a multicast MAC address from the MAC address table, perform the following procedure: 1. From the main menu on the left side of the page, select the Bridge folder. 1. From the Bridge folder, select Static Multicast. The Static Multicast Address Table Page is displayed. See Figure 41 on page 130. 2. Select delete next to the static multicast address that you want to remove.
Chapter 11 IGMP Snooping This chapter contains a description of the IGMP Snooping procedure as well as procedures for working with IGMP Snooping in the web interface. The following topics are discussed: “Overview” on page 136 “IGMP Snooping Configuration” on page 138 Note To permanently save your new settings or any changes to the configuration file, select Save Configuration to Flash from the main menu on the left side of the page.
Chapter 11: IGMP Snooping Overview IGMP enables IPv4 routers to create lists of nodes that are members of multicast groups. (A group of end nodes that receive multicast packets from a multicast application is defined as a multicast group.) The router creates a multicast membership list by periodically sending out queries to the local area networks connected to its ports.
AT-GS950/10PS Switch Web Interface User’s Guide Without IGMP snooping, a switch floods multicast packets from all of its ports, except the port on which it received the packet. Such flooding of packets can negatively impact network performance. The AT-GS950/10PS switch maintains a list of multicast groups through an adjustable time out value, which controls how frequently it expects to see reports from end nodes that want to remain members of multicast groups, and by processing leave requests.
Chapter 11: IGMP Snooping IGMP Snooping Configuration This procedure explains how to set IGMP snooping and IGMP Snooping Querier on the switch and set the IGMP Snooping (V1) age-out timer. To configure IGMP snooping, perform the following procedure: 1. From the main menu on the left side of the page, select the Bridge folder. The Bridge folder expands. 2. From the Bridge folder, select the Trunk Config folder. 3. From the Trunk Config folder, select IGMP Snooping. The IGMP Snooping Page is displayed.
AT-GS950/10PS Switch Web Interface User’s Guide 9. The IGMP Snooping Page is updated with active Multicast Group address. See Figure 45. Note The Multicast Group Address table contains MAC addresses of nodes that are active members of multicast groups. To set a static Multicast Group Address, see “Static Multicast Address Configuration” on page 130. Figure 45. IGMP Snooping Page with MAC Addresses 10. To display ports that are members of the multicast group address, click on the MAC address. 11.
Chapter 11: IGMP Snooping 140
Chapter 12 Storm Control This chapter contains a description and configuration procedures for the Storm Control (bandwidth) feature. The following topics are discussed: “Overview” on page 142 “Configuration” on page 144 “Ingress Rate Limiting” on page 146 “Egress Rate Limiting” on page 148 Note To permanently save your new settings or any changes to the configuration file, select Save Configuration to Flash from the main menu on the left side of the page.
Chapter 12: Storm Control Overview The features available in the AT-S110 Management Software allow you to limit Ethernet traffic within your switch based on specific criteria. You can use Storm Control to limit the bandwidth of various types of Ethernet packets. With Ingress and Egress Rate Limiting, you can limit the traffic volume at the input or output ports respectively.
AT-GS950/10PS Switch Web Interface User’s Guide Ingress Rate Limiting The Ingress Rate Limiting feature restricts the traffic to a pre-configured data rate that can flow into a port. This data rate limit can be configured in 64 Kbps increments within a range from 64 Kbps to 1000 Mbps. The formula for calculating the bandwidth limit is as follows: Bandwidth = 64Kbps x rate limit The rate limit parameter is an integer ranging from 1 to 15625.
Chapter 12: Storm Control Configuration This procedure explains how to set DLF, broadcast, multicast, and threshold levels for each port on the AT-GS950/10PS switch. To change the settings of the storm control feature, perform the following procedure: 1. From the main menu on the left side of the page, select the Bridge folder. 2. From the Bridge folder, select Storm Control. The Storm Control folder expands. 3. From the Storm Control folder, select Storm Control.
AT-GS950/10PS Switch Web Interface User’s Guide Note For more information, see the Broadcast setting definition in“Overview” on page 142. 7. Click Apply. 8. To enable or disable ingress and egress Multicast packets, select Enable or Disable from the Multicast pull-down menu next to the port that you want to change. You can select the ALL row to set all of the ports to the same setting. Note For more information, see the Multicast setting definition in “Overview” on page 142. 9. Click Apply. 10.
Chapter 12: Storm Control Ingress Rate Limiting This procedure explains how to set Bandwidth levels and Status for Ingress Rate Limiting on each port of the AT-GS950/10PS switch. To change the settings of the ingress rate limiting feature, perform the following procedure: 1. From the main menu on the left side of the page, select the Bridge folder. 2. From the Bridge folder, select Storm Control. The Storm Control folder expands. 3. From the Storm Control folder, select Ingress Rate Limiting.
AT-GS950/10PS Switch Web Interface User’s Guide 7. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes.
Chapter 12: Storm Control Egress Rate Limiting This procedure explains how to set Bandwidth levels and Status for Egress Rate Limiting on each port of the AT-GS950/10PS switch. To change the settings of the egress rate limiting feature, perform the following procedure: 1. From the main menu on the left side of the page, select the Bridge folder. 2. From the Bridge folder, select Storm Control. The Storm Control folder expands. 3. From the Storm Control folder, select Egress Rate Limiting.
Chapter 13 Virtual LANs This chapter contains a description of Virtual Local Area Networks (VLANs) and the procedures for creating, modifying, and deleting both port-based and tagged VLANs.
Chapter 13: Virtual LANs VLAN Overview A virtual LAN or VLAN is a group of ports on an Ethernet switch that form a logical Ethernet segment via the AT-S110 Management software. The ports of a VLAN form an independent traffic domain where the traffic generated by the nodes of a VLAN remains within the VLAN. With VLANs, you can segment your local area network using the ATS110’s Management software and group nodes with related functions into their own separate, logical, VLAN segments.
AT-GS950/10PS Switch Web Interface User’s Guide With VLANS, you can reconfigure the LAN segment assignment of an end node connected to the AT-GS950/10PS switch’s management software. Also, you can change the VLAN memberships without moving the workstations physically or change group memberships without moving cables from one port to another. In addition, a virtual LAN can span more than one switch.
Chapter 13: Virtual LANs Each port of a port-based VLAN can belong to as many VLANs as needed. Therefore, traffic can be forwarded to the members of the groups to which the port is assigned. For example, port 1 and port 2 are members of group 1 and ports 1 and 3 are members of group 2. In this case, traffic from port 1 is forwarded to ports 2 and 3, traffic from port 2 is forwarded only to port 1, and traffic from port 3 is forwarded only to port 1.
AT-GS950/10PS Switch Web Interface User’s Guide VLAN Index You must assign a unique number to each tagged VLAN in a network. This number is called the tagged VLAN ID. This number uniquely identifies a tagged VLAN in the AT-GS950/10PS switch and across the network. VLAN Name To create a tagged VLAN, you must give it a unique name. This name can reflect the function of the network devices that are VLAN members, such as Sales, Production, and Engineering.
Chapter 13: Virtual LANs associates a received untagged packet to the VLAN ID that matches the PVID assigned to the port and the packet is only forwarded to those ports that are members. General Rules for Creating a Tagged VLAN 154 Here is a summary of the rules to observe when you create a tagged VLAN: Assign a unique name to each tagged VLAN. Each tagged VLAN must be assigned a unique VLAN ID.
AT-GS950/10PS Switch Web Interface User’s Guide Assign Ports to a VLAN Mode The procedure described in this section allows you to assign ports to tagged or a port-based VLAN. In addition, it permits you to display the current VLAN assignment of ports. However, you can assign ports to a port-based VLAN only after you have created a port-based VLAN with the procedure described in “Port-Based VLAN Configuration” on page 164.
Chapter 13: Virtual LANs 6. If you want to restore the port assignment before saving the configuration, click Restore. Note Once the VLAN assignment has been saved by clicking first on the Apply button and then saving the configuration, the Restore button will not be active for those port assignments. 7. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes.
AT-GS950/10PS Switch Web Interface User’s Guide Tagged VLAN Configuration On a port, the tag information within a frame is examined when it is received to determine if the frame is qualified as a member of a specific tagged VLAN. If it is, it is eligible to be switched to other member ports of the same VLAN. If it is determined that the frame’s tag does not conform to the tagged VLAN, the frame is discarded.
Chapter 13: Virtual LANs 4. To assign a VLAN ID, type a VLAN ID in the VLAN ID field. The range for this field is 2 to 4,000. You can create a maximum of 255 tagged VLANs. 5. To assign a name to the VLAN, type a unique name in the VLAN Name field. Enter a value of up to 32 characters. For more information about this field, refer to “VLAN Name” on page 151. 6. Set the Management VLAN to one of the following choices from the pull-down menu: Enable - This parameter enables management access on this VLAN.
AT-GS950/10PS Switch Web Interface User’s Guide 2. From the Bridge folder, select VLAN. The VLAN folder expands. 3. From the VLAN folder, select Tagged VLAN. An example of a tagged VLAN (Index 2, Sales VLAN) is shown in the table at the bottom of Figure 51 on page 159. Figure 51. Example of AT-GS950/10PS Tagged VLAN Page 4. In the VLAN Action column, click Modify in the row of the VLAN that you want to change. The Modify VLAN Page is displayed. See Figure 52. Figure 52.
Chapter 13: Virtual LANs 5. You cannot modify the VLAN ID on this web page. If you want to delete the VLAN ID, go to “Delete a Tagged VLAN” on page 160 for more information. 6. To change the VLAN Name, type a new VLAN Name in the VLAN Name field. For more information about this field, refer to “VLAN Name” on page 151. 7. To change the Management VLAN assignment, select one of the following choices from the pull-down menu: Enable: This parameter enables Management VLAN on this VLAN.
AT-GS950/10PS Switch Web Interface User’s Guide 3. From the VLAN folder, select Tagged VLAN. An example of the Tagged VLAN Page is shown in Figure 52 on page 159. 4. In the VLAN Action column, select Delete next to the VLAN that you want to delete. A confirmation prompt is displayed. 5. Click OK to delete the VLAN or Cancel to cancel the deletion. Note You cannot delete the Default VLAN which has a VID of 1. 6.
Chapter 13: Virtual LANs Tagged VLAN Port Settings To configure a VLAN port that is a member of a Tagged VLAN, perform the following procedure: 1. From the main menu on the left side of the page, select Bridge. The Bridge folder expands. 2. From the Bridge folder, select VLAN. The VLAN folder expands. From the VLAN folder, select Port Setting. A partial view of the AT-GS950/10PS VLAN Port Settings is displayed. See Figure 53. Figure 53. AT-GS950/10PS VLAN Port Setting Page 3.
AT-GS950/10PS Switch Web Interface User’s Guide Disable - This disables Ingress Filtering at the selected port. 6. Click Apply. The port configuration becomes effective. 7. If you need to configure other ports of the switch for the VLAN Port Settings, repeat steps 4 through 7. 8. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes.
Chapter 13: Virtual LANs Port-Based VLAN Configuration A port-based VLAN is a group of ports on the switch that form a logical Ethernet segment. This type of VLAN is independent of the header information including VLAN tags in a frame.
AT-GS950/10PS Switch Web Interface User’s Guide 6. To assign ports to the VLAN, click on the port numbers labeled Group Member. 7. Click Apply. 8. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes. Modify a PortBased VLAN To modify the name or port assignments of a port-based VLAN, perform the following procedure: 1. From the main menu on the left side of the page, select Bridge. The Bridge folder expands. 2.
Chapter 13: Virtual LANs 3. From the VLAN folder, select Port-Based VLAN. The Port-Based VLAN Page is shown in Figure 54 on page 164. 4. In the VLAN Action column, click Delete next to the VLAN that you want to delete. A confirmation prompt is displayed. 5. Click OK to delete the VLAN or Cancel to cancel the deletion. Note You cannot delete the Default VLAN which has a VID of 1. 6. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes.
Chapter 14 GVRP This chapter contains the following sections: “Overview and Guidelines” on page 168 “General Configuration” on page 169 “Port Settings” on page 170 “Time Settings” on page 172 167
Chapter 14: GVRP Overview and Guidelines The GARP VLAN Registration Protocol (GVRP) allows network devices to share VLAN information and to use the information to modify existing VLANs or create new VLANs, automatically. This makes it easier to manage VLANs that span more than one switch. Without GVRP, you have to manually configure your switches to ensure that the various parts of the VLANs can communicate with each other across the different switches.
AT-GS950/10PS Switch Web Interface User’s Guide General Configuration Perform the following procedure to enable or disable GVRP: 1. From the main menu on the left side of the page, select Bridge. The Bridge folder expands. 2. From the Bridge folder, select GVRP. The GVRP folder expands. 3. From the GVRP folder, select GVRP Global Configuration. The GVRP Global Configuration Page is displayed. See Figure 56. Figure 56. GVRP Global Configuration Page 4.
Chapter 14: GVRP Port Settings Perform the following procedure to configure the GVRP port settings: 1. From the main menu on the left side of the page, select Bridge. The Bridge folder expands. 2. From the Bridge folder, select GVRP. The GVRP folder expands. 3. From the GVRP folder, select Port Setting. A partial view of the AT-GS950/10PS Port Settings Page is displayed. See Figure 57. Figure 57. GVRP Port Setting Page 4.
AT-GS950/10PS Switch Web Interface User’s Guide port row selected. Disable - The Restricted VLAN Registration is de-active for the port row selected. 5. Once you have configured the parameters, click Apply for the affected port. 6. If you want to configure GVRP for other ports, repeat steps 4 and 5. 7. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes.
Chapter 14: GVRP Time Settings Perform the following procedure to configure the GVRP port settings: 1. From the main menu on the left side of the page, select Bridge. The Bridge folder expands. 2. From the Bridge folder, select GVRP. The GVRP folder expands. 3. From the GVRP folder, select Time Setting. A partial view of the AT-GS950/10PS GVRP Time Setting Page is displayed. See Figure 58. Figure 58.
AT-GS950/10PS Switch Web Interface User’s Guide GarpLeaveAllTime - This parameter is the GARP Leave Timer.Its range si 30 - 2147483630 milli-seconds. This timer must be set in relation to the GVRP Leave Timer according to the following equation: GARPLeaveAllTimer > (GARPLeaveTimer + 10) Note To ensure compatibility between network devices, you need to configure the same values for the GARP Join Timer, GARP Leave Timer, and GARP Leave All Timer on all participating GVRP devices in your network. 5.
Chapter 14: GVRP 174
Chapter 15 Quality of Service and Cost of Service This chapter provides descriptions of both the Quality of Service (QoS) and Cost of Service (CoS) features. The following topics are covered: “Overview” on page 176 “Associate Ports to CoS Priorities” on page 182 “Associate DSCP Classes to Egress Queues” on page 183 “Queue Scheduling Algorithm” on page 185 Note Before mapping the QoS Priorities and the egress Queues, you must disable the Jumbo frame parameter on each port.
Chapter 15: Quality of Service and Cost of Service Overview When a port on an Ethernet switch becomes oversubscribed, its egress queues contain more packets than the port can handle in a timely manner. In this situation, the port may be forced to delay the transmission of some packets, resulting in the delay of packets reaching their destinations.
AT-GS950/10PS Switch Web Interface User’s Guide Egress Queue vs Packet Priority Mapping Each port has four egress queues, labeled Q0, Q1, Q2, and Q3. Q0 is the lowest priority queue and Q3 is the highest. A packet in a high priority egress queue is typically transmitted sooner than a packet in a low priority queue.Table 3 lists the default mappings between the eight CoS priority levels and the four egress queues of a switch port. Table 3. Default Mappings Priority Levels to Priority Queues IEEE 802.
Chapter 15: Quality of Service and Cost of Service The procedure for changing the default mappings is found in “Associate Ports to CoS Priorities” on page 182. Note that because all ports must use the same priority-to-egress queue mappings, these mappings are applied at the switch level. They cannot be set on a per-port basis. One last thing to note is that the AT-S110 Management Software does not change the priority level in a tagged packet.
AT-GS950/10PS Switch Web Interface User’s Guide The problem with this method is that some low priority packets might never be transmitted from the switch because the algorithm might never have time to process the packets waiting in the lower priority queues. Weighted Round Robin Priority Scheduling The weighted round robin (WRR) scheduling method functions as its name implies.
Chapter 15: Quality of Service and Cost of Service Mapping CoS Priorities to Egress Queues Before mapping the CoS priorities and the egress queues, you must disable the Jumbo frame parameter on each port. See the Jumbo parameter definition in “Displaying and Configuring Ports” on page 57. Note When Jumbo frames are enabled, COS can not be enabled. To configure CoS mapping, perform the following procedure: 1. From the main menu on the left side of the page, select Bridge. The Bridge folder expands. 2.
AT-GS950/10PS Switch Web Interface User’s Guide 4. For each Traffic Class whose queue you want to change, click on the Queue (0, 1, 2, or 3) radio button that applies to your configuration. 5. After you have completed this mapping process, select Enable in the QoS Status field, 6. Click Apply. 7. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes.
Chapter 15: Quality of Service and Cost of Service Associate Ports to CoS Priorities The Port Priority values is assigned to an untagged frame at ingress for internal processing in the switch. This procedure explains how to change the default mappings of port priorities to the User Priority. This is set at the switch level. You cannot set this at the per-port level. To change the port priority mappings, perform the following procedure. 1. From the main menu on the left side of the page, select Bridge.
AT-GS950/10PS Switch Web Interface User’s Guide Associate DSCP Classes to Egress Queues If you choose to use the DSCP tags in your Access Control policy configuration, each DSCP value (0-63) that is relevant to your configuration needs to be mapped to one of the four egress queues (0-3). The default queue for all DSCP values is 0.To assign the queue mappings to the DSCP values, perform the following procedure. 1. From the main menu on the left side of the page, select Bridge. The Bridge folder expands. 2.
Chapter 15: Quality of Service and Cost of Service 5. After you have completed this mapping process, click Apply. 6. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes.
AT-GS950/10PS Switch Web Interface User’s Guide Queue Scheduling Algorithm To change the scheduling algorithm for the egress queues, perform the following procedure. 1. From the main menu on the left side of the page, select Bridge. The Bridge folder expands. 2. From the Bridge folder, select QoS. The QoS folder expands. 3. From the QoS folder, select Scheduling Algorithm. The Scheduling Algorithm Page page is shown in Figure 62. Figure 62. Scheduling Algorithm Page 4.
Chapter 15: Quality of Service and Cost of Service 186
Section III Advanced Features This section contains the following chapters: Chapter 16, “SNMPv1 and v2c” on page 189 Chapter 17, “SNMPv3” on page 201 Chapter 18, “Access Control Configuration” on page 217 Chapter 19, “RMON” on page 245 Chapter 20, “Voice VLAN” on page 257 Chapter 21, “Security” on page 267 Chapter 22, “Power Over Ethernet (PoE)” on page 283 Chapter 23, “DHCP Snooping” on page 290 Chapter 24, “LLDP” on page 303 Chapter 25, “Network Statistics” on page
Chapter 16 SNMPv1 and v2c This chapter contains a description of SNMPv1 and SNMPv2c and the procedures for configuring with these protocols.
Chapter 16: SNMPv1 and v2c SNMPv1 and SNMPv2c Overview You can manage a switch by viewing and configuring the management information base (MIB) objects on the device with the Simple Network Management Program (SNMP). This chapter describes how to configure SNMPv1 and SNMPv2c. A Group Name, IP address of the switch and at least one community string is the minimum required to manage the switch using SNMPv1 and SNMPv2c. To configure SNMPv3, see “SNMPv3” on page 201 for more information.
AT-GS950/10PS Switch Web Interface User’s Guide Trap Receiver Attributes A trap is a message sent by the agent to one or more managers to indicate the occurrence of a particular event on the device. There are numerous events that can trigger a trap. For instance, when the switch reboots or when the Spanning Tree Root Bridge changes. You use traps to monitor activities on the switch. Trap receivers are the typically SNMP management stations, that you want to receive the traps sent by the switch.
Chapter 16: SNMPv1 and v2c Activate SNMP Interface The SNMP interface is activated by default. If you want to de-activate it or re-activate it, go to “User Interface Configuration” on page 37.
AT-GS950/10PS Switch Web Interface User’s Guide SNMPv1 and SNMPv2c User and Group Names SNMPv1 and SNMPv2c User Name and Group Name definitions is the basis for creating SNMP communities.
Chapter 16: SNMPv1 and v2c Note If you choose to use the default User and Group Names (ReadOnly and ReadWrite) that are already displayed in the table, proceed to step 7 below. 3. Type a new User Name. Enter a name up to 31 characters in length. 4. Type a previously defined Group Name. Enter a name up to 31 characters in length. 5. Select either v1 or v2c as the SNMP Version.
AT-GS950/10PS Switch Web Interface User’s Guide To create a new entry in this table, see “Create User and Group Names” on page 193. Delete User and Group Names This procedure explains how to delete an entry on the SNMP User/Group page. 1. From the main menu on the left side of the page, select the SNMP folder. The SNMP folder expands. 2. From the SNMP folder, select SNMP User/Group. The SNMP User/Group Page is displayed. See Figure 63 on page 193. 3.
Chapter 16: SNMPv1 and v2c SNMP Community Strings A community string has attributes for controlling who can use the string and what the string will allow a network management station to do on the switch. The AT-S110 Management Software does not provide any default community strings. You must first define an SNMP User and Group Name on the SNMP User/Group page and then define a Community Name on the SNMP Community Table page.
AT-GS950/10PS Switch Web Interface User’s Guide 5. Click Add. The values of the new Community Name and User Name are displayed. See Figure 66 for an example. Figure 66. SNMP Community Table Page Example 6. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes.
Chapter 16: SNMPv1 and v2c SNMP Traps A Host IP address is used to specify a management device that needs to receive SNMP traps sent by the switch. This IP address is associated with the SNMP Version and a valid Community Name in the Host table of the switch. Create Trap Host Table Entry Use the following procedure to create a trap Host table entry: 1. From the main menu on the left side of the page, select the SNMP folder. The SNMP folder expands. 2. From the SNMP folder, select Trap Management.
AT-GS950/10PS Switch Web Interface User’s Guide Note The Community Name must correlate with one of the communities displayed on the SNMP Community Table page. See “SNMP Community Strings” on page 196. If you enter a Community Name that has not been pre-defined, the Trap Host entry is displayed, but agent/manager communication fails. 7. Click Add. The new host is added to the table. Figure 68. Trap Management Page Example 8.
Chapter 16: SNMPv1 and v2c 4. To delete an entry in the host table, click Delete next to the entry in the table that you want to remove. The Host table entry is removed from the table. No confirmation message is displayed. 5. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes.
Chapter 17 SNMPv3 This chapter contains a description of SNMPv3 and the procedures for configuring this protocol. This chapter contains the following sections: “Overview” on page 202 “SNMPv3 User and Group Names” on page 206 “SNMPv3 View Names” on page 209 “SNMPv3 View Table” on page 212 “SNMPv3 Traps” on page 215 Note To permanently save your new settings or any changes to the configuration file, select Save Configuration to Flash from the main menu on the left side of the page.
Chapter 17: SNMPv3 Overview The SNMPv3 protocol builds on the existing SNMPv1 and SNMPv2c protocol implementation which is described in Chapter 16 on page 189. In SNMPv3, User-based Security Model (USM) authentication is implemented along with encryption, allowing you to configure a secure SNMP environment. The SNMPv3 protocol uses different terminology than the SNMPv1 and SNMPv2c protocols. In the SNMPv1 and SNMPv2c protocols, the terms agent and manager are used.
AT-GS950/10PS Switch Web Interface User’s Guide this configuration for someone with super-user capabilities. SNMPv3 Privacy Protocol After you have configured an authentication protocol, you have the option of assigning a privacy protocol if you have the encrypted version of the AT-S110 Management software. In SNMPv3 protocol terminology, privacy is equivalent to encryption. Currently, the DES protocol is the only encryption protocol supported.
Chapter 17: SNMPv3 In addition, you can define a MIB view that the user can access or a MIB view that the user cannot access. When you want to permit a user to access a MIB view, you include a particular view. When you want to deny a user access to a MIB view, you exclude a particular view. After you specify a MIB subtree view you have the option of further restricting a view by defining a subtree mask.
AT-GS950/10PS Switch Web Interface User’s Guide 5. Finally, the traps can be defined on the Trap Management page based on the Community or User Name. See Figure 70 for an illustration of how the user configuration tables are linked. Figure 70.
Chapter 17: SNMPv3 SNMPv3 User and Group Names An SNMPv3 User Name and Group Name definition is the basis for all the other SNMPv3 tables. You can create and delete View Names by following the procedures in the following sections: Creating SNMPv3 User and Group Names “Creating SNMPv3 User and Group Names” on page 206 “Modifying SNMPv3 User and Group Names” on page 207 “Deleting SNMPv3 User and Group Names” on page 207 Use this procedure to create SNMPv3 User Names and Group Names: 1.
AT-GS950/10PS Switch Web Interface User’s Guide 8. Enter the password for the Auth-Protocol. 9. Select one of the following choices for the Priv-Protocol field: DES: Specifies DES encryption scrambles the SNMP data so that outside observers are prevented from seeing the data content. none: Specifies no encryption is applied to SNMP data. Note If you specify a privacy password, the privacy protocol is set to DES and you must also specify an authentication protocol and password. 10. Click Add.
Chapter 17: SNMPv3 folder. The SNMP folder expands. 2. From the SNMP folder, select SNMP User/Group. The SNMP User/Group Page is displayed. See Figure 63 on page 193. 3. In the Action column of the table, click Delete for the User Name and Group Name that you want to remove. 4. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes.
AT-GS950/10PS Switch Web Interface User’s Guide SNMPv3 View Names The SNMPv3 View names are defined in the SNMP Group Access table and are based on the User and Group Names.You can create and delete View Names with the following procedures: Creating SNMPv3 View Names “Creating SNMPv3 View Names” on page 209 “Modifying SNMPv3 View Names” on page 211 “Deleting SNMPv3 View Names” on page 211 Before you can create an SNMPv3 View name, you must defined a Group Name using the SNMP User/Group page.
Chapter 17: SNMPv3 This name is an optional field. It can be up to 31 characters in length. 5. Enter the Write View Name. This name is an optional field. It can be up to 31 characters in length. 6. Enter the Notify View Name. This name is an optional field. It can be up to 31 characters in length. 7. From the Security Model pull-down menu, select v3. 8. Enter the Security Level from the pull-down menu.
AT-GS950/10PS Switch Web Interface User’s Guide Modifying SNMPv3 View Names Deleting SNMPv3 View Names If you need to modify an entry in the SNMP Group Access page, you must first delete the entry and then re-enter it. For information about how to delete an entry in this table, see “Deleting SNMPv3 View Names” on page 211. For information about how to create a new entry in this table, see “Creating SNMPv3 View Names” on page 209.
Chapter 17: SNMPv3 SNMPv3 View Table The SNMPv3 View table specifies the MIB object access criteria for each View Name. If the View Name is not specified on this page, then it has access to all MIB objects. You can specify specific areas of the MIB that can be accessed or denied based on the entries in this table.
AT-GS950/10PS Switch Web Interface User’s Guide Included: This selection allows the specified MIB object to be included in the view. Excluded: This selection blocks the view of the specified MIB object. 7. Click the Add button. The updated view is displayed in the View Table. See Figure 75. Figure 75. SNMP View Table Page Example 8. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes.
Chapter 17: SNMPv3 3. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes.
AT-GS950/10PS Switch Web Interface User’s Guide SNMPv3 Traps The creation, modification and deletion of traps for SNMPv3 is identical to the procedure for SNMPv1/v2. See “SNMP Traps” on page 198.
Chapter 17: SNMPv3 216
Chapter 18 Access Control Configuration This chapter contains a description of the AT-GS950/10PS switch’s Access Control Configuration feature and the procedures to create, modify, and delete a Access Control configuration.
Chapter 18: Access Control Configuration Overview Access Control configuration allows you to control different aspects of the Ethernet traffic as it enters the switch ports and is process through the switch. You can specify what traffic is permitted or denied to flow through the switch by setting up specific filter criteria at an ingress port. You can also manage the switching priority of ethernet packets. All of this is done by specifying policies that define the filtering and priority behavior.
AT-GS950/10PS Switch Web Interface User’s Guide Classifier The Create Classifier page allows you to specify packet settings for filtering Ethernet traffic. You can create, modify or delete a Classifier by following the procedures in the following sections: Creating a Classifier “Creating a Classifier,” next “Modifying a Classifier” on page 221 “Deleting a Classifier” on page 222 To create a classifier, perform the following procedure: 1.
Chapter 18: Access Control Configuration 3. Enter a number in the Classifier Index field. The Classifier Index must be a unique number within the range of 1 - 65535. Note The Classifier Index is a required parameter when you create a Policy. See “Create Policy” on page 238 for more information. 4. Enter data one or more of the remaining parameters. They are listed here: Source MAC Address - Specifies the source MAC address. The format is xx.xx.xx.xx.xx.xx.
AT-GS950/10PS Switch Web Interface User’s Guide 5. Click ADD. The classifier entry is displayed in the table at the bottom of the page. If you do not see you new entry, you may need to navigate to another page of the table with the First Page, Previous Page, Next Page, and Last Page buttons located below the table. An example of a classifier table entry is shown in Figure 77. Figure 77. Create Classifier Example Page 6.
Chapter 18: Access Control Configuration 2. From the Access Control Config folder, select Classifier. An example of a classifier table entry on the Create Classifier page is displayed in Figure 77. 3. From the Create Classifier page, identify which classifier that want to modify and click the Modify link in the Action column. The Modify Classifier page is displayed in Figure 78. Figure 78. Modify Classifier Page 4. Change the parameters as required.
AT-GS950/10PS Switch Web Interface User’s Guide 2. From the Access Control Config folder, select Classifier. The Example of Create Classifier page is displayed in Figure 77 on page 221. 3. From the Create Classifier page, identify which classifier table entry that want to delete and click the Delete link in the Action column. You are prompted with a verification message. 4. Click on the OK button. The classifier entry is deleted from the classifier table. 5.
Chapter 18: Access Control Configuration Profile Action The Create Profile Action page defines the priority parameters for policing on DSCP (layer 3) and/or class of service (layer 2). Note You must enter a Profile Index on this page even if you do not define the Policed-DHCP and Policed-CoS parameters because the Profile Index is a required parameter for creating both the In-Profile and Out-Profile Actions.
AT-GS950/10PS Switch Web Interface User’s Guide 3. Enter a number in the Profile Action Index field. The Index must be a unique number ranging from 1 to 72. 4. Enter a number in the Policed DSCP field within the range of 0 to 63. This field indicates the DSCP level of interest. This field is not mandatory and you may elect to leave it blank. 5. Enter a number in the Policed-CoS field ranging from 0 to 7. This field indicates the CoS level of interest.
Chapter 18: Access Control Configuration 2. From the Access Control Config folder, select Profile Action. An example of the Create Profile Action page with a Profile Action table entry is shown in Figure 79 on page 224. 3. Select the table entry that you want to modify and click the Modify link in the Action column. The Modify Profile Action page will be displayed. See Figure 81. Figure 81. Modify Profile Action Page 4. Change the parameters as required.
AT-GS950/10PS Switch Web Interface User’s Guide In-Profile Action The Create In-Profile Action page allows you to specify a Profile Action’s Permit or Deny privilege for packets in the ingress queue. Note A Profile Action Index is required to create an In-Profile Action. See “Creating a Profile Action” on page 224 for more information.
Chapter 18: Access Control Configuration Note The In-Profile Action Index is a required parameter when you create a Policy. See “Create Policy” on page 238 for more information. 4. Enter a number in the Profile Action ID field ranging from 0 to 72. This field is mandatory. Note This field must be pre-defined on the Create Profile page - see “Creating a Profile Action” on page 224 for more information. 5.
AT-GS950/10PS Switch Web Interface User’s Guide 7. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes. Modifying an InProfile Action To modify a In-Profile action entry, perform the following procedure: Note You must first enter a In-Profile action before you can modify it. See “Creating an In-Profile Action” on page 227 for more information. 1. From the main menu on the left side of the page, select the Access Control Config folder.
Chapter 18: Access Control Configuration Deleting an InProfile Action To delete a In-Profile action entry, perform the following procedure: 1. From the main menu on the left side of the page, select the Access Control Config folder. The Access Control Config folder expands. 2. From the Access Control Config folder, select In-Profile Action. An example of the Create In-Profile Action page with a In-Profile Action table entry is shown in Figure 83. 3.
AT-GS950/10PS Switch Web Interface User’s Guide Out-Profile Action The Create Out-Profile Action page allows you to specify a Profile Action’s Permit or Deny privilege and bandwidth restrictions for packets in the egress queue.
Chapter 18: Access Control Configuration 4. Enter a number in the Profile Action ID field ranging from 0 to 72. This field is mandatory. Note This field must be pre-defined on the Create Profile page - see “Creating a Profile Action” on page 224 for more information. 5. In the Deny/Permit field, use the pull down menu to select one of the following parameters: Deny - This selection drops ingress packets that conform to the specified Profile Action ID.
AT-GS950/10PS Switch Web Interface User’s Guide 7. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes. Modify OutProfile Action To modify a Out-Profile action entry, perform the following procedure: Note Before you can modify an entry, you must first enter a Out-Profile action - see “Creating an In-Profile Action” on page 227. 1. From the main menu on the left side of the page, select the Access Control Config folder.
Chapter 18: Access Control Configuration Delete OutProfile Action To delete a Out-Profile action entry, perform the following procedure: 1. From the main menu on the left side of the page, select the Access Control Config folder. The Access Control Config folder expands. 2. From the Access Control Config folder, select Out-Profile Action. An example of the Create Out-Profile Action page with a Out-Profile Action table entry is shown in Figure 86 on page 232. 3.
AT-GS950/10PS Switch Web Interface User’s Guide Port List The Create Port List page allows you to specify a list of ports that will be used as part of the policy specification. You can create, modify or delete a Port List by following the procedures in the following sections: Create Port List “Create Port List,” next “Modify Port List” on page 236 “Delete Port List” on page 237 To create an Port List, perform the following procedure: 1.
Chapter 18: Access Control Configuration 6. Click Add. The Out-Profile Action entry is added to the status table. If the Page field located below the table displays a page number and you do not see your new entry, then there are multiple pages of the table that you can navigate. This is done by clicking on the First Page, Previous Page, Next Page, and Last Page buttons located below the table.An example of a Port List table entry is displayed in Figure 89. Figure 89. Example of Port List Entry 7.
AT-GS950/10PS Switch Web Interface User’s Guide 4. Change the parameters as required. Note See “Create Port List” on page 235 for the definitions of each parameters. 5. Click Apply. The modified Port List entry is displayed in the table at the bottom of the page of the Create Port List page. 6. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes. Delete Port List To delete a Port List entry, perform the following procedure: 1.
Chapter 18: Access Control Configuration Policy The Create Policy page allows you to specify the filtering criteria for one policy. Before creating a policy, you must pre-define the following indexes: Classifier Index: See “Creating a Classifier” on page 219 for more information. In-Profile Action Index: See “Creating an In-Profile Action” on page 227 for more information. Out-Profile Action Index: See “Creating a Out-Profile Action” on page 231 for more information.
AT-GS950/10PS Switch Web Interface User’s Guide 3. Enter a number in the Policy Index field. The Policy Index is a unique number within the range of 1 - 65535 which identifies the policy. This field is mandatory. 4. Enter data in the remaining parameters. All parameters listed below must be entered to form the policy: Classifier Index - Classifier table The Classifier Index is a unique number within the range of 1 - 65535. This field is mandatory.
Chapter 18: Access Control Configuration Figure 92. Example of Policy Entry 6. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes. Modify Policy To modify a Policy entry, perform the following procedure: Note Before you can modify an entry, you must first enter a Policy - see “Create Policy” on page 238. 1. From the main menu on the left side of the page, select the Access Control Config folder. The Access Control Config folder expands. 2.
AT-GS950/10PS Switch Web Interface User’s Guide Figure 93. Modify Policy Page 4. Change the parameters as required. Note See “Create Policy” on page 238 for the definitions of each parameters. 5. Click Apply. The modified Policy entry is displayed in the table at the bottom of the page of the Create Policy page. 6. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes.
Chapter 18: Access Control Configuration Control Config folder. The Access Control Config folder expands. 2. From the Access Control Config folder, select Policy. An example of the Create Policy page with a Policy table entry is shown in Figure 92 on page 240. 3. From the Create Policy page, identify which Policy table entry that want to delete and click the Delete button in the Action column. You are prompted with a verification message. 4. Click on the OK button.
AT-GS950/10PS Switch Web Interface User’s Guide Policy Sequence Status The Policy Sequence page displays the status of the order that policies are applied to each port. You can order the display by Policy Index or by Policy Sequence number. To display the policy sequence, perform the following procedure: 1. From the main menu on the left side of the page, select the Access Control Config folder. The Access Control Config folder expands. 2. From the Access Control Config folder, select Policy Sequence.
Chapter 18: Access Control Configuration 244
Chapter 19 RMON This chapter contains the following sections: “Overview” on page 246 “Enable and Disable RMON” on page 247 “Port Statistics” on page 248 “Histories” on page 250 “Events” on page 252 “Alarms” on page 254 245
Chapter 19: RMON Overview The RMON (Remote MONitoring) MIB is used with SNMP applications to monitor the operations of network devices. The switch supports the four RMON MIB groups listed here: 246 Statistic group— This group is used to view port statistics remotely with SNMP programs. For information about configuring a Statistics group, refer to “Port Statistics” on page 248. History group— This group is used to collect histories of port statistics to identify traffic trends or patterns.
AT-GS950/10PS Switch Web Interface User’s Guide Enable and Disable RMON You can use your SNMP Network Management System (NMS) software and the RMON section of the MIB tree to view the RMON statistics, history and alarms associated with specific ports. Since RMON uses the SNMP agent for communicating with your NMS software, the SNMP Agent must be enabled and the SNMP feature must be configured on your switch.
Chapter 19: RMON Port Statistics You can remotely view individual port statistics with RMON by using your SNMP NMS software and the RMON portion of the MIB tree. Perform the following procedure to configure RMON port statistics for a specific port: 1. From the main menu on the left side of the page, click the RMON folder. The RMON folder expands. 2. From the RMON folder, select Statistics. The Ethernet Statistics Configuration Page is displayed. See Figure 97. Figure 97.
AT-GS950/10PS Switch Web Interface User’s Guide Figure 98. Ethernet Statistics Configuration Example 5. If you want to configure RMON statistics for other ports, repeat steps 3 and 4. 6. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes.
Chapter 19: RMON Histories RMON histories are snapshots of port statistics. They are taken by the switch at predefined intervals and can be used to identify trends or patterns in the numbers or types of ingress packets on the ports on the switch. The snapshots can be viewed with your SNMP NMS software with the history group of the RMON portion of the MIB tree. A history group is divided into buckets. Each bucket stores one snapshot of statistics of a port. A group can have from 1 to 50 buckets.
AT-GS950/10PS Switch Web Interface User’s Guide snapshot of RMON statistics. Different ports can have different numbers of buckets. The range is 1 to 50 buckets. Interval: This parameter specifies how frequently the switch takes snapshots of the port’s statistics. The range is 1 to 3600 seconds (1 hour). For example, if you want the switch to take one snapshot every minute on a port, you specify an interval of sixty seconds. Owner: This parameter is used to identify the person who created an entry.
Chapter 19: RMON Events An event specifies the action of the switch when the ingress packet activity on a port crosses a statistical threshold defined in an alarm. The choices are to log a message in the event log of the switch, send an SNMP trap to an SNMP workstation, or both. Since there are only three possible actions and since events can be used with more than one alarm, you probably will not create more than three events - one for each of the three actions.
AT-GS950/10PS Switch Web Interface User’s Guide Owner: This parameter is used to identify the person who created an entry. It is primarily intended for switches that are managed by more than one person, and is an optional field. 4. Once you have configured the parameters, click Add. Your entry appears in the table at the bottom of the page. See Figure 102. Figure 102. RMON Event Configuration Example Page 5. If you want to configure additional RMON events, repeat steps 3 and 4. 6.
Chapter 19: RMON Alarms RMON alarms are used to generate alert messages when packet activity on designated ports rises above or falls below specified threshold values. The alert messages can take the form of messages that are entered in the event log on the switch or traps that are send to your SNMP NMS software or both. RMON alarms consist of two thresholds. There is a rising threshold and a falling threshold.
AT-GS950/10PS Switch Web Interface User’s Guide 2. From the RMON folder, select Alarm. The RMON Alarm Configuration Page is displayed. See Figure 103. Figure 103. RMON Alarm Configuration Page 3. The following fields are listed: Index: This parameter specifies the ID number of the new group. The range is 1 to 65535. Interval: This parameter specifies the time (in seconds) over which the data is sampled. Its range is 1 to 2147483647 seconds.
Chapter 19: RMON Falling Threshold: This parameter specifies a specific value or threshold level of the monitored statistic. When the value of the monitored statistic becomes less than this threshold level, an alarm event is triggered. The parameter’s range is 1 to 2147483647. Rising Event Index: This parameter specifies the event index for the rising threshold. Its range is 1 to 65535. This field is mandatory and must match an Event Index that you previously entered in “Events” on page 252.
Chapter 20 Voice VLAN This chapter contains a description of the AT-GS950/10PS switch’s Voice VLAN feature and the procedures to create, modify, and delete a voice VLAN configuration.
Chapter 20: Voice VLAN Overview The AT-GS950/10PS Voice VLAN feature is specifically designed to maintain high quality, uninterrupted voice traffic through the switch. When talking on a voice over IP phone, a user expects to have no interruptions in the conversation and excellent voice quality. The Voice VLAN feature can be configured to meet these requirements. CoS with Voice VLAN The Voice VLAN CoS parameter maintains the voice quality between the ingress and egress ports of the AT-GS950/10PS switch.
AT-GS950/10PS Switch Web Interface User’s Guide When you are configuring the voice VLAN parameters, you must enter the complete MAC address of at least one of your IP phones. An “OUI Mask” is automatically generated and applied by the AT-S110 management software to yield the manufacturer’s OUI. If the OUI of the remaining phones from that manufacturer is the same, then no other IP phone MAC addresses need to be entered into the configuration.
Chapter 20: Voice VLAN One or more ports in your voice VLAN must be configured as Static tagged or untagged members. Static VLAN members are permanent member ports of the voice VLAN and there is no dependency on the configuration of the devices connected to the ports. These ports might be connected to other voice VLAN network nodes such as other Ethernet switches, a telephone switch, or a DHCP server. The voice VLAN AutoDetection feature cannot be enabled on Static tagged or tagged ports.
AT-GS950/10PS Switch Web Interface User’s Guide General Guidelines Here is a summary of the rules to observe when you create a voice VLAN: One voice VLAN can be configured on the switch at any time. A voice VLAN is based on a pre-defined tagged VLAN. The voice VLAN Auto-Detection feature can only be enabled on ports that are initially defined as nonmembers of the tagged VLAN.
Chapter 20: Voice VLAN Configuration Prior to configuring your voice VLAN, you must first configure a tagged VLAN. This VLAN will be used as a basis for your voice VLAN. Note See “Create a Tagged VLAN” on page 157 for more information about configuring a tagged VLAN with Not Member and Static tagged ports. The procedure described in this section allows you to configure a voice VLAN on the AT-GS950/10PS switch. To configure a voice VLAN, perform the following procedure: 1.
AT-GS950/10PS Switch Web Interface User’s Guide 4. From the Voice VLAN field at the top of the page, select one of the following choices from the pull-down menu: Enable - The voice VLAN feature is active. The other parameter fields in the voice VLAN Global Settings section become active and are eligible for data to be entered. Disable - The voice VLAN feature is inactive. The other parameter fields in the voice VLAN Global Settings section become inactive and are greyed out so that data cannot be entered.
Chapter 20: Voice VLAN Note The voice VLAN Auto-Detection feature can only be enabled on “Not Member” ports of the voice VLAN. Member ports cannot have the voice VLAN Auto-Detection feature enabled. The Status column displays Static for the member ports. See “Dynamic Auto-Detection vs Static Ports” on page 259 for more information. 8. Click Apply in the Action column of the table. 9. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes.
AT-GS950/10PS Switch Web Interface User’s Guide OUI Setting You can create and delete Voice VLAN OUI Settings by following the procedures in these sections: Create OUI Setting “Create OUI Setting” “Modify OUI Setting” on page 266 To create a Voice OUI configuration, perform the following procedure: 1. From the main menu on the left side of the page, select Bridge. The Bridge folder expands. 2. From the Bridge folder, select Voice VLAN. The Voice VLAN folder expands. 3.
Chapter 20: Voice VLAN 8. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes. Modify OUI Setting Delete OUI Setting To modify or delete an OUI, it must be first be deleted and then re-entered by following the procedure in “Create OUI Setting” on page 265. To delete an OUI, perform the following procedure: 1. From the main menu on the left side of the page, select Bridge. The Bridge folder expands. 2.
Chapter 21 Security This chapter contains information about the Port-based security features and the procedures for setting this feature.
Chapter 21: Security Port Access Control This section contains information and configuration procedures for the Port-based Access Control. The following information is provided: “Overview” on page 268 “Port Access Control Configuration” on page 269 Note After configuring the Port-based Network Access Control, you can choose to use either the local authentication server in the AT-S110 for 802.1x authentication or a remote RADIUS server for 802.1x authentication.
AT-GS950/10PS Switch Web Interface User’s Guide Port Access Control Configuration To configure port-based access control, perform the following procedure: 1. Select the Security folder from the main menu on the left side of the page. The Security folder expands. 2. From the Security folder, select Port Access Control. The Port Access Control Configuration Page is displayed. See Figure 107. Figure 107. Port Access Control Configuration Page 3.
Chapter 21: Security 5. To set the advanced configuration parameters, click Settings. The Port Access Control Configure page is expanded. See Figure 108. Figure 108. Expanded Port Access Control Configuration Page 6. Set the following parameters as needed: Port: This parameter specifies the port being configured for authentication. Authentication Mode: This parameter specifies the port-based authentication mode. The pull-down menu choices are as follows: 802.1x: 802.
AT-GS950/10PS Switch Web Interface User’s Guide 802.1x authenticator role, in the unauthorized state. Although the ports are in the authenticator role, the switch blocks all authentication on the ports, which means that no clients can log on and forward packets through them. Auto: Sets the port to the 802.1X port-based authenticator role. Ports begin in the unauthorized state, forwarding only EAPOL frames, until a client has successfully logged on.
Chapter 21: Security authentication. Enabled: The Piggyback Mode is Enabled. Disabled: The Piggyback Mode is Disabled. VLAN Assignment - This parameter enables the VLAN assignment that you select with the Guest VLAN ID parameter. Choose from the following: Enabled: The VLAN Assignment is Enabled. Disabled: The VLAN Assignment is Disabled. Secure VLAN: This field is inactive Guest VLAN ID: This parameter specifies the VLAN ID that is designated as a Guest VLAN. The range is 0 to 4000 where 0 is disabled.
AT-GS950/10PS Switch Web Interface User’s Guide RADIUS Client You can use the RADIUS client with 802.1x port-based access control to authenticate which packets are forwarded through the switch. This section explains how to configure the RADIUS client on the switch and contains the following sections: “Overview” on page 273 “Radius Client Configuration” on page 274 Note To activate the RADIUS feature, you must also configure the portbased network access control feature.
Chapter 21: Security You need to specify the user name and password combinations when configuring the RADIUS server software on the authentication server. Note This manual does not explain how to configure RADIUS server software. Refer to the documentation that comes with the RADIUS server software for instructions. Radius Client Configuration You must activate the RADIUS client software on the switch using the AT-S110 Management Software and configure the settings.
AT-GS950/10PS Switch Web Interface User’s Guide 8. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes.
Chapter 21: Security Dial-in User— Local Authentication Dial-in User feature provides the local authentication server for port security when a remote (RADIUS) server is not available. This section includes the following: “Overview” on page 276 “Dial-in User Configuration” on page 276 Note To permanently save your new settings or any changes to the configuration file, select Save Configuration to Flash from the main menu on the left side of the page.
AT-GS950/10PS Switch Web Interface User’s Guide Figure 110. Dial-In User Page 3. In the User Name field, type a name for the user. 4. In the Password field, type a password for the user. 5. In the Dynamic VLAN field, enter the VID of the VLAN which you will allow the user to access. If you enter 0, this field will be ignored. 6. Click the Add button. The Dial-in User page is refreshed. See Figure 111. Figure 111. Dial-In User Page Example 7.
Chapter 21: Security The Dial-in User page is displayed. See Figure 110 on page 277. 3. In the list of dial-in users, highlight the user you want to modify. The user’s information is displayed in fields above. 4. In the Password field, enter the new password. 5. In the Dynamic VLAN field, enter the new VID of the VLAN which you want the user to access. 6. Click Apply. 7.
AT-GS950/10PS Switch Web Interface User’s Guide Destination MAC Filter This section contains an explanation of the Destination MAC Filter feature as well a procedure for configuring it. This section includes the following information: Overview “Overview” on page 279 “Destination MAC Filter Configuration” on page 279 “Delete Destination MAC Filter” on page 280 The Destination MAC Filter feature prevents the AT-GS950/10PS switch from forwarding packets to a specified device.
Chapter 21: Security Figure 112. Destination MAC Filter Page 3. To enter the MAC address that you want filtered, enter the MAC address into the MAC Address field. 4. Click the Add button to save your entry. See Figure 113. Figure 113. Destination MAC Filter Page Example 5. After you have configured a destination MAC address, the Destination MAC Filter Page is updated with the MAC address. 6.
AT-GS950/10PS Switch Web Interface User’s Guide 3. Select the Delete button next to the MAC address that you want to delete. The MAC address is removed from the MAC address table. 4. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes.
Chapter 21: Security 282
Chapter 22 Power Over Ethernet (PoE) This chapter provides background information about PoE and includes procedures to configure the PoE feature on each port. The sections in this chapter include: “Overview” on page 284 “PoE Configuration” on page 286 Note To permanently save your new settings or any changes to the configuration file, select Save Configuration to Flash from the main menu on the left side of the page.
Chapter 22: Power Over Ethernet (PoE) Overview The AT-GS950/10PS switch features Power over Ethernet (PoE) on the 10/100Base-Tx ports on ports 1 - 8. PoE is used to supply power to network devices over the same twisted pair cables that carry the network traffic. The main advantage of PoE is that it can make installing a network easier. The selection of a location for a network device is often limited by whether there is a power source nearby.
AT-GS950/10PS Switch Web Interface User’s Guide Port Prioritization As long as the total power requirements of the PDs is less than the total available power of the switch, it can supply power to all of the PDs. However, when the PD power requirements exceed the total available power, the switch denies power to some ports based on a process called port prioritization. The ports on the PoE switch are assigned to one of three priority levels. These levels and descriptions are listed in Table 7. Table 7.
Chapter 22: Power Over Ethernet (PoE) PoE Configuration To configure the basic STP and RSTP settings, perform the following procedure: 1. From the main menu on the left side of the page, select Power Over Ethernet Configuration. The Power Over Ethernet Configuration page is displayed. See Figure 114. Figure 114.
AT-GS950/10PS Switch Web Interface User’s Guide Note See Table 6 on page 284 for a definition of the PD PoE classes. Priority - Indicates the port priority: Low, High, or Critical. For more details, see “Port Prioritization” on page 285. Power(mW) - Indicates the Power in milliwatts that the port is supplying power to the PD. Voltage(V) - Indicates the Voltage in volts as measured at the port when the port is supplying power to the PD.
Chapter 22: Power Over Ethernet (PoE) 288
Chapter 23 289
Chapter 23: DHCP Snooping Chapter 23 DHCP Snooping This chapter contains a description of the DHCP Snooping feature and the procedures for creating, modifying, and deleting the DHCP Snooping configuration.
AT-GS950/10PS Switch Web Interface User’s Guide Overview The DHCP Snooping feature provides security by inspecting ingress packets for the correct IP and MAC address information. The DHCP Snooping feature defines the AT-GS950/10PS ports as either trusted or untrusted.
Chapter 23: DHCP Snooping A network device initially sends out a DHCPDISCOVER packet so that a DHCP server will respond. It waits for and then accepts the first DHCPOFFER packet from the server that it receives. This packet contains the DHCP server’s IP address and mask. If the unauthorized DHCP server responds first, then the network device will use the information from the unintended DHCP server for the default gateway or DNS server.
AT-GS950/10PS Switch Web Interface User’s Guide General Guidelines Here is a summary of the rules to observe when you configure DHCP Snooping: A trusted port is connected to one of the following: – Directly to the legitimate trusted DHCP Server. – A network device relaying DHCP messages to and from a trusted server. – Another trusted source such as a switch with DHCP Snooping enabled. Untrusted ports are connected to DHCP clients and to traffic that originates outside of the local area network.
Chapter 23: DHCP Snooping General Configuration The following procedure describes how to configure the DHCP Snooping feature on the AT-GS950/10PS switch: 1. From the main menu on the left side of the page, select DHCP Snooping. The DHCP Snooping folder expands. 2. From the DHCP Snooping folder, select General Settings. The General Settings page is displayed. See Figure 115. Figure 115. General Settings Page 3.
AT-GS950/10PS Switch Web Interface User’s Guide Disable - The MAC address of each ingress ARP packet is not validated against the Binding Table. All ARP packets are forwarded through the switch without regard to the IP and MAC Address information in the packet header. 6.
Chapter 23: DHCP Snooping VLAN Setting You can create and delete DHCP Snooping VLAN settings by following the procedures in these sections: Creating a VLAN "Creating a VLAN" “Modifying a VLAN” on page 297 “Deleting a VLAN” on page 297 To define a VLAN that will be a part of the DHCP Snooping feature, do the following: 1. From the main menu on the left side of the page, select DHCP Snooping. The DHCP Snooping folder expands. 2. From the DHCP Snooping folder, select VLAN Settings.
AT-GS950/10PS Switch Web Interface User’s Guide Modifying a VLAN Deleting a VLAN To modify or delete a VLAN ID, you must first deleted it (using the procedure below) and then re-entered re-enter it by following the procedure outline in “Creating a VLAN” on page 296. To delete a VLAN ID, do the following: 1. From the main menu on the left side of the page, select DHCP Snooping. The DHCP Snooping folder expands. 2. From the DHCP Snooping folder, select VLAN Settings. The VLAN Settings page is displayed.
Chapter 23: DHCP Snooping Trusted and Untrusted Port Configuration The following procedure describes how to configure the DHCP Snooping trusted interfaces on the AT-GS950/10PS switch: 1. From the main menu on the left side of the page, select DHCP Snooping. The DHCP Snooping folder expands. 2. From the DHCP Snooping folder, select Trusted Interfaces. A partial view of the AT-GS950/10PS Trusted Interfaces page is displayed. See Figure 117. Figure 117. AT-GS950/10PS Trusted Interfaces Page 3.
AT-GS950/10PS Switch Web Interface User’s Guide Figure 118. Trusted Interfaces Page Example 5. If you choose to configure other switch ports as trusted or untrusted, repeat steps 3 and 4. 6. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes.
Chapter 23: DHCP Snooping Binding Database The Binding Database displays learned and statically assigned MAC Address and IP Address information for each host on the local area network. Dynamically assigned IP addresses from the DHCP server will automatically populate the table on the Binding Database page as they are assigned by the server. Statically assigned IP addresses are entered manually by entering the host’s address information and clicking on the Add button.
AT-GS950/10PS Switch Web Interface User’s Guide VLAN - Enter the host’s VLAN ID. Port - Enter the port number where the host is connected. Type - Because the IP Address being entered is static, you must select Static. Lease Time - Enter the time that IP address assignment is valid. The range is 10 to 4294967295 seconds. 2. Click Add. The static address information is entered into the Binding Database. See Figure 120 for an example. Figure 120.
Chapter 23: DHCP Snooping Type: This parameter indicates the following: Learned: The host IP Address is dynamically assigned by the DHCP server. Static: The host IP Address is statically assigned. See “Static IP Addresses” on page 300 for more information. Lease Time: This parameter is the time that IP address assignment by the DHCP server is valid. If the Page field located below the table displays a page number, then there are multiple pages of the table that you can navigate.
Chapter 24 LLDP Link Layer Discovery Protocol (LLDP) allows Ethernet network devices, such as switches and routers, to receive and transmit device-related information to directly connected devices on the network and to store data that is learned about other devices.
Chapter 24: LLDP Overview The data sent and received by LLDP are useful for many reasons. The switch can discover other devices directly connected to it. Neighboring devices can use LLDP to advertise some parts of their Layer 2 configuration to each other, which may highlight inconsistencies in the neighboring device’s configuration which can then be corrected. LLDP is a “one hop” protocol.
AT-GS950/10PS Switch Web Interface User’s Guide Global Configuration The LLDP Global Setting page has three sections: On the top of the page contains the enabling or disabling LLDP selections. The middle of the page contains LLDP System Information. The LLDP port settings are on the bottom of the page. 3. See Figure 121 for an example of this page. A partial view of the AT-GS950/10PS LLDP Global Settings Page is displayed. See Figure 121. Figure 121.
Chapter 24: LLDP “Setting Port States” on page 307 You must enable LLDP before changing the LLDP System Information settings or the port settings. Enabling or Disabling LLDP To enable or disable the LLDP feature, perform the following procedure: 1. From the main menu on the left side of the page, click the LLDP folder. The LLDP folder expands. 2. From the LLDP folder, select LLDP Global Setting. The AT-GS950/10PS LLDP Global Settings Page is displayed. See Figure 121 on page 305.
AT-GS950/10PS Switch Web Interface User’s Guide LLDP TX Delay: Sets the value of the transmission delay timer, which is the minimum time interval between transmissions of LLDP advertisements due to a change in LLDP local information. The range is from 1 to 8192 seconds. 6. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes. Displaying System Information To display system information about the switch, do the following: 1.
Chapter 24: LLDP transmit LLDP data packets. To change the settings of all the ports to the same state, select a state setting next to All In the Port column. 3. In the Action column, click the Apply button that corresponds to the port to make the state change active.
AT-GS950/10PS Switch Web Interface User’s Guide Neighbors Information To view the information received from the neighboring network devices, perform the following procedure: 1. From the main menu on the left side of the page, click the LLDP folder. The LLDP folder expands. 2. From the LLDP folder, select LLDP Neighbors Information. The LLDP Neighbors Information Page is displayed. See Figure 122. Figure 122.
Chapter 24: LLDP 310
Chapter 25 Network Statistics The sections in this chapter explain how to display traffic, error, and history statistics about the network traffic on the AT-GS950/10PS switch and its ports.
Chapter 25: Network Statistics Overview Statistics provide important information for troubleshooting switch problems at the port level. The AT-S110 Management Software provides a versatile set of statistics charts that you can customize for your needs, including (depending upon the chart) the ports whose statistics you want to view and the color used to draw the chart.
AT-GS950/10PS Switch Web Interface User’s Guide Traffic Comparison Statistics The Traffic Comparison statistics chart allows you to display a specified traffic statistic over all of the ports. You can select 12 statistic types and 12 colors for each port. To display traffic comparison statistics, perform the following procedure: 1. Select the Statistics Chart folder. The Statistics Chart folder expands. 2. From the Statistics Chart folder, select Traffic Comparison.
Chapter 25: Network Statistics Table 8 Traffic Comparison Options Option Definition Inbound Octets (Bytes/s) Measures the number of inbound octet bits in bytes per second. Inbound Unicast Packets (Pkts) Measures the number of inbound unicast packets in packets per second. Inbound Non-unicast Packets (Pkts) Measures the number of inbound non-unicast packets (such as broadcast and multicast packets) in packets per second.
AT-GS950/10PS Switch Web Interface User’s Guide 5. To select the color of the traffic comparison graph, select Color. Choose one of the following colors: Green Blue Red Purple Yellow Orange Gray Light Red Light Blue Light Green Light Yellow Light Gray 6. To create the traffic comparison graph, select Draw. 7. From the menu on the left side of the page, select Save Configuration to Flash to permanently save your changes.
Chapter 25: Network Statistics Error Group Statistics The Error Group chart displays the discard and error counts for a specified port. To display error group statistics for a port, perform the following procedure: 1. Select the Statistics Chart folder. The Statistics Chart folder expands. 2. From the Statistics Chart folder, select Error Group. The Error Group Chart Page is displayed in Figure 124. Figure 124. Error Group Chart Page 3. Select a port number from the pull down menu next to Port.
AT-GS950/10PS Switch Web Interface User’s Guide 4. To select the amount of time before the screen is refreshed, click Auto Refresh. Choose from the following options: 5 seconds 10 seconds 15 seconds 30 seconds 5. To select the color of the traffic comparison graph, select Color. Choose one of the following colors: Green Blue Red Purple Yellow Orange Gray Light Red Light Blue Light Green Light Yellow Light Gray 6.
Chapter 25: Network Statistics Historical Status Charts The Historical Status chart allows you to select from 12 statistics to view for a selection of ports for however long this chart is running on the management workstation. To display historical status charts statistics for a port, perform the following procedure: 1. Select the Statistics Chart folder. The Statistics Chart folder expands. 2. From the Statistics Chart folder, select Historical Status.
AT-GS950/10PS Switch Web Interface User’s Guide Table 9 Historical Status Options Option Definition Inbound Octet Rate (Bytes) Measures the rate of inbound octet bits in bytes per second. Inbound Unicast Packet Rate (Pkts) Measures the rate of inbound unicast packets in packets per second. Inbound Non-unicast Packet Rate (Pkts) Measures the rate of inbound non-unicast packets (such as broadcast and multicast packets) in packets per second.
Chapter 25: Network Statistics 4. To select the amount of time before the screen is refreshed, click Auto Refresh. Choose from the following options: 5 seconds 10 seconds 15 seconds 30 seconds 5. To select the color of the traffic comparison graph, select Color. Choose one of the following colors: Green Blue Red Purple Yellow Orange Gray Light Red Light Blue Light Green Light Yellow Light Gray 6. To create the history group chart, select Add.
Section IV Tools This section contains the following chapters: Chapter 26, “Software/Configuration Updates” on page 323 Chapter 27, “Cable Diagnostics” on page 335 Chapter 28, “Rebooting the AT-GS950/10PS” on page 337 Chapter 29, “Pinging a Remote System” on page 347 321
Chapter 26 Software/Configuration Updates This chapter explains the methods for upgrading the AT-S110 Management Software on the switch and saving configuration files.
Chapter 26: Software/Configuration Updates Overview You can use the Management Software Updates features to upgrade the AT-S110 Management Software to a new version, save a configuration file or load a configuration file.
AT-GS950/10PS Switch Web Interface User’s Guide Upgrade Firmware Image via HTTP This section describes how to upgrade an firmware image of the AT-S110 Management Software using HTTP on an Internet server. Before downloading a new version of the AT-S110 Management Software onto the switch with HTTP, note the following: The current configuration of the switch is retained when a new AT-S110 software image is installed.
Chapter 26: Software/Configuration Updates 2. From the Firmware Upgrade folder, select via HTTP. The Firmware Upgrade via HTTP Page is displayed. See Figure 126. Figure 126. Firmware Upgrade via HTTP Page 3. Change the following parameter as necessary: Firmware File: Enter the path and the firmware file name or click the Browse button and select the file name. 4. To begin the upgrade process on the switch, click Apply. The software begins to download onto the switch immediately.
AT-GS950/10PS Switch Web Interface User’s Guide Upgrade Firmware Image via TFTP This section describes how to upgrade an firmware image of the AT-S110 Management software using TFTP on an TFTP server. Before downloading a new version of the AT-S110 Management Software onto the switch, note the following: The current configuration of a switch is retained when a new AT-S110 Management Software image is installed.
Chapter 26: Software/Configuration Updates Figure 127. Firmware Upgrade via TFTP Page The Image/Version Date shows the current version and date of software installed on the switch. 3. Change the following parameters as necessary: TFTP Server IP: The IP address of the TFTP server from which you are downloading the new software. Image File Name: The full name of the AT-S110 file (including the file extension) you are downloading. Retry Count: The number of times the firmware upgrade is retried.
AT-GS950/10PS Switch Web Interface User’s Guide Upload or Download a Configuration File via HTTP This section describes how to upload or download a configuration file using HTTP on an Internet server. Before you upload or download a configuration file via HTTP, note the following: You must be able to access the new AT-S110 configuration file from your PC when downloading a file from a PC to the switch.
Chapter 26: Software/Configuration Updates 2. Select the Upload button. The download process begins immediately. Caution If you are uploading a configuration file, the file will be implemented immediately after download. A short interruption in network service will be experienced while the new configuration file is loaded.
AT-GS950/10PS Switch Web Interface User’s Guide Configuration File Download To download or save the AT-S110 configuration file from the switch to your PC, perform the following procedure: 1. Select the Download button. Select this button to download a configuration file from the switch to your PC. The following window shown in Figure 130 is displayed. Figure 130. File Download with HTTP 2. Click Save to save the configuration file onto the switch. 3. The Save As window is displayed. 4.
Chapter 26: Software/Configuration Updates Download or Upload a Configuration File via TFTP This section describes how to upload or download a configuration file using TFTP on an TFTP server. Before you upload or download a configuration file onto the switch using TFTP, note the following: Your network must have a TFTP server. You must specify the path to the configuration file on the TFTP server. Start the TFTP server software before you begin the download procedure.
AT-GS950/10PS Switch Web Interface User’s Guide Caution If you are uploading a configuration file, the file will be implemented immediately after download. A short interruption in network service will be experienced while the new configuration file is loaded.
Chapter 26: Software/Configuration Updates 334
Chapter 27 Cable Diagnostics This chapter provides procedures to run cable diagnostics on the cables connected to the switch ports. If a port is selected, a cable must be connected to it for meaningful test results to be displayed. Note To permanently save your new settings or any changes to the configuration file, select Save Configuration to Flash from the main menu on the left side of the page. To do these cable diagnostics, perform the following procedure: 1.
Chapter 27: Cable Diagnostics Port: This parameter displays the port (cable) selected. Test Results: Displays the diagnostic results for each pair in the cable. One of the following cable status parameters is displayed: OK: There is not problem detected with the cable. Open in Cable: There is an open wire within the cable. Short in Cable: Two wires are shorted together within the cable. Cross talk in Cable: There is crosstalk detected between one pair of wires and another pair within the cable.
Chapter 28 Rebooting the AT-GS950/10PS This chapter provides the procedures for rebooting the AT-GS950/10PS switch by using the Normal reboot function provided in the AT-S110 management software. Note Alternately, you can reboot the AT-GS950/10PS switch by pressing the front panel eco-friendly switch between 5 to 9 seconds.
Chapter 28: Rebooting the AT-GS950/10PS Switch Reboot The following procedure outlines how to reboot your AT-GS950/10PS switch. Caution This procedure reboots the switch and reloads the AT-S110 Management software configuration from flash memory. Insure that your current configuration is saved before rebooting the switch by selecting Save Configuration to Flash from the main menu on the left side of the page to permanently save your changes.
AT-GS950/10PS Switch Web Interface User’s Guide 4. In the Reboot Type field, select Normal from the pull-down menu. When the switch is rebooted with this selection, all configuration parameters that are saved in flash memory are loaded into the switch’s active memory. Note Two additional options are available in the Reboot Type field. The procedures for these options are described in "Configure Factory Default Values". 5. Click Apply.
Chapter 28: Rebooting the AT-GS950/10PS Configure Factory Default Values The following procedure returns all AT-S110 Management software parameters to their factory default values and deletes all tagged and portbased VLANs on the switch. Note The AT-S110 Management software factory default values are listed in “AT-GS950/8 Default Parameters” on page 347. Caution This procedure causes the switch to reboot. The switch does not forward network traffic during the reboot process.
AT-GS950/10PS Switch Web Interface User’s Guide address, subnet mask, and gateway settings are managed by the DHCP server. 5. Click Apply. The switch begins the reboot process. You must wait approximately two minutes for the switch to complete the reboot process before you can re-establish your management session and network traffic begins flowing normally again.
Chapter 28: Rebooting the AT-GS950/10PS Password Protection of Factory Reset If your switch is located in a controlled environment such as a locked switching closet or limited access equipment room, it may be desirable to have the ability to easily reset the switch to factory defaults at any time by using either the front panel ecofriendly switch or the AT-S110 management software.
AT-GS950/10PS Switch Web Interface User’s Guide 2. From the Tools folder, select Reboot. The Factory Default Reset/Reboot Page is displayed. See Figure 133 on page 338. 3. Go to the Factory Default Reset section on the upper part of the page. You will find a field called Factory Default Reset.
Chapter 28: Rebooting the AT-GS950/10PS remain Enabled on both the switch management software and the physical front panel ecoFriendly button. 8. Click Accept.on the message. The Factory Default Reset page changes and displays the Factory Default Reset feature as Disabled. See Figure 135. Figure 135. Factory Default Reset Disabled Page 9. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes.
AT-GS950/10PS Switch Web Interface User’s Guide Figure 136. Factory Default Reset/Reboot Page with Password Entry 5. Enter the same password that you defined when you previously set the Factory Default Reset field to Disable. 6. Click Apply. The initial Factory Default Reset/Reboot Page is displayed with the Factory Default Reset field Enabled. See Figure 133 on page 338.
Chapter 28: Rebooting the AT-GS950/10PS 346
Chapter 29 Pinging a Remote System This chapter provides the procedure for pinging a node on your network from the AT-GS950/10PS switch. This procedure is useful in determining whether an active link exists between the switch and another network device. Note The device you are pinging must be a member of the Default VLAN and within the same local area network as your switch.
Chapter 29: Pinging a Remote System switch waits for a response before assuming that a ping has failed. Number of Ping Requests - Specifies the number of ping requests you want the switch to perform. 4. Click Start. 5. To view the ping results, click Show Ping Results. A sample Ping Test Results Page is displayed. See Figure 138. Figure 138. Ping Test Results Page The following information is displayed: Destination IP Address - Indicates the IP address of the unit that receives the ping.
Appendix A MSTP Overview This appendix provides background information about the Multiple Spanning Tree Protocol (MSTP) and includes the following sections: “Overview” on page 350 “Multiple Spanning Tree Instance (MSTI)” on page 352 “General Guidelines” on page 355 “VLAN and MSTI Associations” on page 356 “Ports in Multiple MSTIs” on page 357 “Multiple Spanning Tree Regions” on page 358 “Associating VLANs to MSTIs” on page 363 “VLANs Across Different Regions” on page 365
Appendix A: MSTP Overview Overview In the AT-GS950/10PS, STP and RSTP are referred to as single-instance spanning trees that search for physical loops across all VLANs in a bridged network. When loops are detected, the active protocol stops the loops by placing one or more bridge ports in a blocking state. See Chapter 4, “STP and RSTP” on page 61 for more information.
AT-GS950/10PS Switch Web Interface User’s Guide Note Do not activate MSTP on the AT-GS950/10PS switch without first familiarizing yourself with the following concepts and guidelines. Like STP and RSTP, you must activate this MSTP protocol on a switch and then configure the protocol parameters. Note The implementation of MSTP in the management software complies fully with the new IEEE 802.1s standard and should be interoperable with any other vendor’s fully compliant 802.1s implementation.
Appendix A: MSTP Overview Multiple Spanning Tree Instance (MSTI) The individual spanning trees in MSTP are referred to as Multiple Spanning Tree Instances (MSTIs). A MSTI can span any number of AT-GS950 switches. The switch can support up to 31 MSTIs at a time. Before creating a MSTI, you first enable MSTP. Then you must assign the MSTI a unique number, referred to as the MSTI ID. The range is 1 to 31.
AT-GS950/10PS Switch Web Interface User’s Guide Figure 140. MSTP Example of Two Spanning Tree Instances Multiple VLANs Assigned to an MSTI A MSTI can contain more than one VLAN. This is illustrated in Figure 141 on page 354 where there are two AT-GS950/10PS switches with four VLANs. There are two MSTIs, each containing two VLANs. MSTI 1 contains the Sales and Presales VLANs and MSTI 2 contains the Design and Engineering VLANs.
Appendix A: MSTP Overview Figure 141. Multiple VLANs in a MSTI In this example, because an MSTI contains more than one VLAN, the links between the VLAN parts is made with tagged (not untagged) ports so that they can carry traffic from more than one virtual LAN. Referring again to Figure 141, the tagged link in MSTI 1 is carrying traffic for both the Presales and Sales VLANs between the two switches while the tagged link in MSTI 2 is carrying traffic for the Design and Engineering VLANs.
AT-GS950/10PS Switch Web Interface User’s Guide General Guidelines Here are the guidelines for MSTIs: The AT-GS950/10PS switch can support up to 31 spanning tree instances, including the CIST. A MSTI can contain any number of VLANs. A VLAN can belong to only one MSTI at a time. A switch port can belong to more than one spanning tree instance at a time by being an untagged and tagged member of VLANs belonging to different MSTI’s.
Appendix A: MSTP Overview VLAN and MSTI Associations Part of the task to configuring MSTP involves assigning VLANs to spanning tree instances. The mapping of VLANs to MSTIs is called associations. A VLAN, either port-based or tagged, can belong to only one instance at a time, but an instance can contain any number of VLANs.
AT-GS950/10PS Switch Web Interface User’s Guide Ports in Multiple MSTIs A port can be a member of more than one MSTI at a time if it is a tagged member of one or more VLANs assigned to different MSTI’s. In this circumstance, a port might be have to operate in different spanning tree states simultaneously, depending on the requirements of the MSTIs.
Appendix A: MSTP Overview Multiple Spanning Tree Regions Another important concept of MSTP is regions. A MSTP region is defined as a group of bridges that share exactly the same MSTI characteristics. Those characteristics are: Region name Region revision VLANs VLAN to MSTI ID associations A region name is a name assigned to a region to identify it. You must assign each region exactly the same name for each bridge in that region; even the same upper and lowercase lettering.
AT-GS950/10PS Switch Web Interface User’s Guide Table 10. MSTP Region Configuration Name: Marketing Region, Revision Level 1 Switch 1 Switch 2 MSTI ID 1: VLAN: Sales (VID 2) VLAN: Presales (VID 3) MSTI ID 1: VLAN: Sales (VID 2) VLAN: Presales (VID 3) MSTI ID 2: VLAN: Accounting (VID 4) MSTI ID 2: VLAN: Accounting (VID 4) The AT-GS950/10PS switch determines regional boundaries by examining the MSTP BPDUs received on the ports.
Appendix A: MSTP Overview Each MSTI functions as an independent spanning tree within a region. Consequently, each MSTI must have a root bridge to locate physical loops within the spanning tree instance. An MSTI’s root bridge is called a regional root. The MSTIs within a region may share the same regional root or they can have different regional roots. A regional root for an MSTI must be within the region where the MSTI is located. An MSTI cannot have a regional root that is outside its region.
AT-GS950/10PS Switch Web Interface User’s Guide Each MSTI must have a regional root for locating loops in the instance. MSTIs can share the same regional root or have different roots. A regional root is determined by the MSTI Bridge Priority value and a bridge’s MAC address. The regional root of a MSTI must be in the same region as the MSTI.
Appendix A: MSTP Overview Common and Internal Spanning Tree (CIST) MSTP has a default spanning tree instance called the Common and Internal Spanning Tree (CIST). This instance has an MSTI ID of 0. This instance has unique features and functions that make it different from the MSTIs that you create yourself. First, you cannot delete this instance and you cannot change its MSTI ID.
AT-GS950/10PS Switch Web Interface User’s Guide Associating VLANs to MSTIs When you are using Multiple Spanning Tree, Allied Telesis recommends that you assign each VLANs to one of the existing MSTIs on a switch. You should not leave any VLAN unassigned including the Default VLAN. This is to prevent the blocking of a port that should be in the forwarding state. The reason for this guideline is explained below.
Appendix A: MSTP Overview Figure 143. CIST and VLAN Guideline - Example 2 When port 3 on switch B receives a BPDU, the switch notes the port sending the packet belongs only to CIST 0. Therefore, switch B uses CIST 0 in determining whether a loop exists. The result would be that the switch detects a loop because the other port is also receiving BPDU packets from CIST 0. Switch B would block port 3 to cancel the loop.
AT-GS950/10PS Switch Web Interface User’s Guide VLANs Across Different Regions Special consideration needs to be taken into account when you connect different MSTP regions or an MSTP region and a single-instance STP or RSTP region. Unless planned properly, VLAN fragmentation can occur between the VLANS of your network. As mentioned previously, only the CIST can span regions. A MSTI cannot.
Appendix A: MSTP Overview Region 1 VLANs Accounting Sales Pre-Sales Marketing Product Management Project Management Region 2 VLANs Accounting Sales Pre-Sales Technical Support Software Engineering Hardware Engineering The two regions share three VLANs: Accounting, Sales, and Presales. You can group these three VLANs into the same MSTI in each region. For instance, for Region 1 you might group the three VLANs in MSTI 12 and in Region 2 you could group them into MSTI 6.
AT-GS950/10PS Switch Web Interface User’s Guide Summary of Guidelines Careful planning is essential for the successful implementation of MSTP. This section reviews all the rules and guidelines mentioned in earlier sections, and contains a few new ones: The AT-GS950/10PS switch can support up to 32 multiple spanning tree instances, including the CIST, at a time. A MSTI can contain any number of VLANs. A VLAN can belong to only one MSTI at a time. An MSTI ID can be from 1 to 15.
Appendix A: MSTP Overview 368
Appendix B AT-GS950/10PS Default Parameters Table 12 lists the factory default settings for the AT-S110 Management software on the AT-GS950/10PS switch. The Parameters reflect the fields found on each web page. Table 12. AT-S110 Management Software Default Settings Parameter AT-GS950/10PS Default Setting Specifications System/Management System Description AT-GS950/10PS - System Object ID 1.3.6.1.4.1.207.1.4.
Appendix B: AT-GS950/10PS Default Parameters Table 12.
AT-GS950/10PS Switch Web Interface User’s Guide Table 12.
Appendix B: AT-GS950/10PS Default Parameters Table 12.
AT-GS950/10PS Switch Web Interface User’s Guide Table 12.
Appendix B: AT-GS950/10PS Default Parameters Table 12.
AT-GS950/10PS Switch Web Interface User’s Guide Table 12. AT-S110 Management Software Default Settings (Continued) Parameter AT-GS950/10PS Default Setting Specifications Bridge/Static Unicast 802.1Q VLAN - ID 1 - 4000 Port-Based VLAN Index - ID 1 - 52 MAC Address none Port Member xx:xx:xx:xx:xx:xx hex format All, 1 - 10 Bridge/Static Multicast 802.
Appendix B: AT-GS950/10PS Default Parameters Table 12.
AT-GS950/10PS Switch Web Interface User’s Guide Table 12.
Appendix B: AT-GS950/10PS Default Parameters Table 12.
AT-GS950/10PS Switch Web Interface User’s Guide Table 12. AT-S110 Management Software Default Settings (Continued) Parameter Destination MAC Address AT-GS950/10PS Default Setting none Specifications xx:xx:xx:xx:xx:xx hex format Destination MAC Mask none Length 1 - 48 VLAN ID none 0 - 4000 802.1p Priority none 0-7 Ether Type none 0000 - FFFF (Hex) DSCP none 0 - 63 Protocol none 1 - 255 Source IP Address none IPv4 address in xxx.xxx.xxx.
Appendix B: AT-GS950/10PS Default Parameters Table 12.
AT-GS950/10PS Switch Web Interface User’s Guide Table 12.
Appendix B: AT-GS950/10PS Default Parameters Table 12. AT-S110 Management Software Default Settings (Continued) Parameter AT-GS950/10PS Default Setting Specifications Port Access Control Authentication Method Local Local/Radius Dial-In User Name none 1 - 23 characters Dial-In User none 1 - 23 characters Password Dial-In User Dynamic none 1 - 4000 where 0 means ignore VLAN RADIUS Server IP 0.0.0.0 IPv4 address in xxx.xxx.xxx.
AT-GS950/10PS Switch Web Interface User’s Guide Table 12.
Appendix B: AT-GS950/10PS Default Parameters Table 12.
AT-GS950/10PS Switch Web Interface User’s Guide Table 12. AT-S110 Management Software Default Settings (Continued) AT-GS950/10PS Default Setting Parameter Specifications Configuration File Upload/Download via HTTP Select File none Configuration File Upload/Download via TFTP TFTP Server IP 0.0.0.0 IPv4 address in xxx.xxx.xxx.xxx hex format; except 127.0.0.
Appendix B: AT-GS950/10PS Default Parameters 386