Management Software ® AT-S39 ◆ User’s Guide AT-8012M, AT-8012M-QS, AT-8016F/xx (MT, SC and ST), AT-8024, AT-8024GB, AT-8024M, AT-8026FC, AT-8026T, and AT-8088/xx (MT and SC) FAST ETHERNET SWITCHES VERSION 3.3.
Copyright © 2004 Allied Telesyn, Inc. 960 Stewart Drive Suite B, Sunnyvale, CA 94085 USA All rights reserved. No part of this publication may be reproduced without prior written permission from Allied Telesyn, Inc. Microsoft is a registered trademark of Microsoft Corporation, Netscape Navigator is a registered trademark of Netscape Communications Corporation.
Table of Contents List of Figures ........................................................................................................................................................................................................ 9 Preface ....................................................................................................................................................................................................................13 How This Guide is Organized .......................
Table of Contents Chapter 3 Basic Switch Parameters ................................................................................................................................................................................ 38 When Does a Switch Need an IP Address? ................................................................................................................................................. 39 How Do You Assign an IP Address?...........................................................
Chapter 9 STP and RSTP .......................................................................................................................................................................................................96 STP and RSTP Overview .....................................................................................................................................................................................97 Bridge Priority and the Root Bridge..............................................
Table of Contents Chapter 14 Class of Service .................................................................................................................................................................................................174 Class of Service Overview ...............................................................................................................................................................................175 Configuring CoS ...............................................
Section III Web Browser Management ........................................................................................................ 241 Chapter 21 Starting a Web Browser Management Session ................................................................................................................................ 242 Starting a Web Browser Management Session ......................................................................................................................................
Table of Contents Displaying VLANs ..............................................................................................................................................................................................304 Setting the VLAN Mode ...................................................................................................................................................................................305 Procedure 1..................................................................
List of Figures Chapter 1 Overview .....................................................................................................................................................................20 Chapter 2 Starting a Local or Telnet Management Session .....................................................................................................29 Figure 1: Connecting a Terminal or PC to the RS232 Terminal Port ...................................................................................
List of Figures Chapter 7 Port Trunking ............................................................................................................................................................. 82 Figure 20: Port Trunk Example ....................................................................................................................................................................... 83 Figure 21: Load Distribution Method .........................................................................
Chapter 16 Broadcast Storm Control .........................................................................................................................................187 Figure 51: Broadcast Storm Control Menu .............................................................................................................................................. 190 Chapter 17 TACACS+ and RADIUS Protocols .............................................................................................................
List of Figures Figure 82: Port Status Window .................................................................................................................................................................... 272 Figure 83: Port Statistics Window ............................................................................................................................................................... 274 Chapter 25 Port Security .........................................................................
Preface This guide contains instructions on how to configure an AT-8000 Series Fast Ethernet Switch using the AT-S39 management software.
Preface How This Guide is Organized This manual is divided into three sections. Section I: Overview This section contains just one chapter. It reviews the different ways that you can access the AT-S39 management software on a switch. Section II: Local and Telnet Management The chapters in this section explain how to manage a switch from a local management session or a Telnet management session.
AT-S39 User’s Guide Document Conventions This document uses the following conventions: Note Notes provide additional information. Warning Warnings inform you that performing or omitting a specific action may result in bodily injury. Caution Cautions inform you that performing or omitting a specific action may result in equipment damage or loss of data.
Preface Where to Find Web-based Guides The installation and user guides for all Allied Telesyn products are available in Portable Document Format (PDF) from on our web site at www.alliedtelesyn.com. You can view the documents on-line or download them onto a local workstation or server.
AT-S39 User’s Guide Contacting Allied Telesyn This section provides Allied Telesyn contact information for technical support as well as sales or corporate information. Online Support Email and Telephone Support Returning Products You can request technical support online by accessing the Allied Telesyn Knowledge Base from the following web site: http://kb.alliedtelesyn.com. You can use the Knowledge Base to submit questions to our technical support staff and review answers to previously asked questions.
Preface Management Software Updates You can download new releases of management software for our managed products from either of the following Internet sites: ❑ Allied Telesyn web site: http://www.alliedtelesyn.com ❑ Allied Telesyn FTP server: ftp://ftp.alliedtelesyn.com To download new software from the Allied Telesyn FTP server using your workstation’s command prompt, you need FTP client software and you must log in to the server.
Section I Overview The chapter in this section provides a brief overview of the AT-S39 management software. It explains some of the functions that you can perform with the management software and reviews different methods for accessing the AT-S39 software on an AT-8000 Series Fast Ethernet Switch.
Chapter 1 Overview The AT-S39 management software is intended for the AT-8000 Series Fast Ethernet Switches. The software is used to monitor and adjust a switch’s operating parameters.
AT-S39 User’s Guide Note The default settings for the management software can be found in Appendix A, AT-S39 Default Settings on page 331. To actively manage a switch, such as to change or adjust the operating parameters, you must access the switch’s AT-S39 management software. The AT-S39 software features a menu interface and a command line interface that make it very easy to use, and a special interface for managing a switch with a web browser.
Section I: Overview Local Management Session You establish a local management session with an AT-8000 Series switch by connecting a terminal or a PC with a terminal emulator program to the RS232 Terminal port on the front panel of the switch, using a straight-through RS-232 cable. This type of management session is referred to as “local” because you must be physically close to the switch, such as in the wiring closet where the switch is located.
AT-S39 User’s Guide Telnet Management Session Any management workstation on your network that has the Telnet application protocol can be used to manage an AT-8000 Series switch. This type of management session is referred to in this guide as a remote management session because you do not have to be in the wiring closet where the switch you want to manage is located. You can manage the switch from any workstation on the network that has the application protocol.
Section I: Overview Web Browser Management Session You can also use a web browser to manage a switch. This too is referred to as remote management, just like a Telnet management session. You can manage a switch from any workstation on your network that has a web browser. Note For instructions on starting this type of management session, refer to Starting a Web Browser Management Session on page 242.
AT-S39 User’s Guide SNMP Management Session Another way to remotely manage the switch is with an SNMP management program. A familiarity with Management Information Base (MIB) objects is necessary for this type of management.
Section I: Overview Management Access Levels There are two levels of management access on an AT-8000 Series switch: Manager and Operator. When you log in as a Manager, you can view and configure all of a switch’s operating parameters. When you log in as an Operator, you can only view the operating parameters; you cannot change any values. You log in as a manager or an operator by entering the appropriate password when you start an AT-S39 management session.
Section II Local and Telnet Management The chapters in this section explain how to manage an AT-8000 Series switch from a local or Telnet management session.
Section II: Local and Telnet Management ❑ Chapter 18: 802.
Chapter 2 Starting a Local or Telnet Management Session This chapter contains the procedure for starting a local or Telnet management session on an AT-8000 Series switch.
Section II: Local or Telnet Management Local Management Session On the front panel of the switch is a port labelled RS232 Terminal Port. You can use this port to establish a local (out-of-band) management session with the switch’s AT-S39 management software. A local management session is so named because you must be close to the switch, usually within a few meters, to start this type of management session. This typically means that you must be in the wiring closet where the switch is located.
AT-S39 User’s Guide Starting a Local Management Session To start a local management session, perform the following procedure: 1. Connect one end of the straight-through RS232 management cable with a DB-9 connector to the RS232 Terminal Port on the switch. (The management cable is included with the switch.) POR TB RS- DE 232 LINK MOD E TER MIN AL P ORT FAU LT MAS TER PWR Figure 1 Connecting a Terminal or PC to the RS232 Terminal Port 2.
Section II: Local or Telnet Management Note The switch has an auto-detect feature on the serial port that automatically determines the speed of the local terminal. You activate this feature by pressing the Return or Enter key twice on your keyboard when you initially start the local interface or within five seconds after powering on or resetting the switch. The switch determines the speed of the terminal and automatically configures the speed of the RS232 Terminal Port accordingly.
AT-S39 User’s Guide The Main Menu is shown in Figure 2. Allied Telesyn Ethernet Switch AT-8024GB - AT-S39 Sales Switch Login Privilege: Manager Main Menu 1 - Port Menu 2 - VLAN Menu 3 - Spanning Tree Menu 4 - Administration Menu 5 - System Config Menu 6 - MAC Address Tables 7 - Ethernet Statistics 8 - Diagnostics 9 - Enhanced Stacking C - Command Line Interface Q - Quit Enter your selection? Figure 2 Main Menu To select a menu item, type the corresponding letter or number.
Section II: Local or Telnet Management For information on enhanced stacking and how to manage different switches from the same management session, refer to Chapter 4, Enhanced Stacking on page 57. Quitting from a Local Session To quit a local session, return to the Main Menu and type Q for Quit. You should always exit from a management session when you are finished managing a switch.
AT-S39 User’s Guide Telnet Management Session You can use the Telnet application protocol from a workstation on your network to manage an AT-8000 Series switch. This type of management is referred to as remote management because, unlike a local management session, you do not have to be in the wiring closet where the switch is located. You can use any workstation on your network with the application protocol to manage the switch.
Section II: Local or Telnet Management Note You can run only one Telnet management session on a switch at a time. Additionally, you cannot run both a Telnet management session and a local management session on the same switch at the same time. Quitting from a Telnet Management Session To end a Telnet management session, return to the Main Menu and type Q for Quit.
AT-S39 User’s Guide Saving Your Parameter Changes When you make a change to a switch parameter, the change is, in most cases, immediately activated on the switch as soon as you enter it. However, a parameter change is initially saved only to temporary memory by the switch and will be lost the next time you reset or power cycle the unit. To permanently save a change, you must select the S Save Configuration Changes option.
Chapter 3 Basic Switch Parameters This chapter contains a variety of information and procedures. There is a discussion on when to assign an IP address to a switch and the different ways that you can go about it. There are also procedures for resetting the switch, activating the original switch default settings, and more.
AT-S39 User’s Guide When Does a Switch Need an IP Address? One of the tasks to building or expanding a network is deciding which of the managed switches need a unique IP address. In the past the rule was that a managed switch needed an IP address if you wanted to manage it remotely, such as with the Telnet application protocol or a web browser. However, if a network contained a lot of managed switches, having to assign each one an IP address was often cumbersome and time consuming.
Section II: Local and Telnet Management How Do You Assign an IP Address? Once you have decided which, if any, switches on your network need an IP address, you have to access the AT-S39 software on the switches and assign the addresses. There are actually two ways in which a switch can obtain an IP address. The first method is for you to assign the IP configuration information manually. This procedure is explained in Configuring an IP Address and Switch Name on page 41.
AT-S39 User’s Guide Configuring an IP Address and Switch Name The procedure in this section explains how to manually assign an IP address, subnet mask, and gateway address to the switch from a local or Telnet management session. (If you want the switch to obtain its IP configuration from a DHCP or BOOTP server on your network, go to the procedure Activating the BOOTP and DHCP Client Software on page 44.
Section II: Local and Telnet Management 2. Change the parameters as desired. The parameters in the IP Parameters menu are described below: 1 - IP Address This parameter specifies the IP address of the switch. You must assign an IP address if you want the switch to function as the Master switch of an enhanced stack. (Slave switches do not need and IP address.
AT-S39 User’s Guide 7 - Set Password This parameter is used to change the Manager and Operator’s login passwords. For instructions, refer to Configuring the Management Passwords on page 51. 8 - BOOTP/DHCP This selection activates and deactivates the BOOTP and DHCP client software on the switch. For information on this selection, refer to Activating the BOOTP and DHCP Client Software on page 44. 9 - Reset Switch This selection resets the switch, as explained in Resetting a Switch on page 49.
Section II: Local and Telnet Management Activating the BOOTP and DHCP Client Software The BOOTP and DHCP application protocols were developed to simplify network management. They are used to automatically assign IP configuration information to the devices on your network, such as an IP address, subnet mask, and a default gateway address. An AT-8000 Series switch contains the client software of these protocols and can obtain IP configuration information from a BOOTP or DHCP server on your network.
AT-S39 User’s Guide 4. Type S to select Save Configuration Changes. Note If you activate the BOOTP and DHCP client software, the switch immediately begins to query the network for a BOOTP or DHCP server. The switch continues to query the network for its IP configuration until it receives a response. Any static IP address, subnet mask, and gateway address assigned to the switch are deleted from the Administration menu and replaced with the values the switch receives from the BOOTP or DHCP server.
Section II: Local and Telnet Management Configuring SNMP Community Strings and Trap IP Addresses To configure the SNMP community strings for the switch and assign up to four IP addresses of management stations to receive traps from the switch, perform the following procedure: Note SNMP access is disabled by default. To enable SNMP access, refer to Configuring Management Access on page 52. 1. From the Main Menu, type 5 to select System Config Menu. The System Configuration Menu is shown in Figure 4.
AT-S39 User’s Guide 2. From the System Configuration Menu, type A to select Advanced Configuration. The Advanced Configuration menu is shown in Figure 5. Allied Telesyn Ethernet Switch AT-8024GB - AT-S39 Sales Switch Login Privilege: Manager Advanced Configuration Menu 1 - IGMP Snooping Configuration 2 - Broadcast Timers Setup 3 - SNMP Configuration R - Return to Previous Menu Enter your selection: Figure 5 Advanced Configuration Menu 3.
Section II: Local and Telnet Management 4. Adjust the parameters as desired. To change a value, type its corresponding number and, when prompted, enter the new value. The parameters are described below. 1 - GET Community 2 - SET Community 3 - Trap Community Use these parameters to set a switch’s SNMP community strings. A community string can be up to thirteen characters. Community strings are case sensitive and can contain spaces and special characters, such as an exclamation point (!).
AT-S39 User’s Guide Resetting a Switch This procedure reboots the switch. Note Any configuration changes not saved will be lost once the switch reboots. To save your configuration changes, return to the Main Menu and type S to select Save Configuration Changes. Caution The switch will not forward traffic during the brief period required to reload its operating software. Some network traffic may be lost. To reset a switch, perform the following procedure: 1.
Section II: Local and Telnet Management Configuring the AT-S39 Management Security Features The AT-S39 software has several security features that can help prevent unauthorized individuals from changing a switch’s parameter settings. The security features are: ❑ Manager and Operator Passwords - The management software has two standard, management login accounts: Manager and Operator.
AT-S39 User’s Guide Configuring the Management Passwords There are two levels of management access on an AT-8000 Series switch: Manager and Operator. When you log in as a Manager, you can view and configure all of a switch’s operating parameters. When you log in as an Operator, you can only view the operating parameters; you cannot change any values. The default password for Manager access is “friend”. The default password for Operator access is “operator”.
Section II: Local and Telnet Management Configuring Management Access To configure the console timer, web access, and SNMP access security features of the AT-S39 management software, perform the following procedure: 1. From the Main Menu, type 5 to select System Config Menu. The System Config Menu is shown in Figure 4 on page 46. 2. To configure the console timer, type 3 to select Console Disconnect Timer Interval and, when prompted, enter a value of from 1 to 60 minutes. The default value is ten minutes.
AT-S39 User’s Guide Viewing the AT-S39 Version Number and Switch MAC Address The procedure in this section displays the following switch information: ❑ AT-S39 version number ❑ Bootloader version number ❑ Serial number ❑ MAC Address To display the information, type 8 to select Diagnostics from the Main Menu. The Diagnostics menu is shown in Figure 8. Allied Telesyn Ethernet Switch AT-8024 - AT-S39 Login Privilege: Manager Diagnostics 1 2 3 4 5 6 7 8 - Application Software Version ....
Section II: Local and Telnet Management Pinging a Remote System You can instruct the switch to ping a remote device on your network. This procedure is useful in determining whether a valid link exists between the switch and another device. Note The switch must have an IP address in order for you to perform this procedure. This means that in most cases you must perform this procedure from the master switch of an enhanced switch.
AT-S39 User’s Guide Returning the AT-S39 Software to the Factory Default Values The procedure in this section returns all AT-S39 software parameters to their default values. This procedure also deletes any VLANs you created on the switch. The AT-S39 software default values can be found in Appendix A, AT-S39 Default Settings on page 331. Caution Performing this procedure resets the switch. The switch will not forward traffic during the brief period required to reload its operating software.
Section II: Local and Telnet Management Configuring the Console Startup Mode You can configure the AT-S39 software to display either the Main Menu or the command line interface prompt ($) whenever you start a local or remote management session. The default is the Main Menu. To change the console startup mode, perform the following procedure: 1. From the Main Menu, type 5 to select System Config Menu. 2. From the System Configuration Menu, type 6 to select Console Startup Mode.
Chapter 4 Enhanced Stacking This chapter explains the enhanced stacking feature.
Section II: Local and Telnet Management Enhanced Stacking Overview The enhanced stacking feature can make it easier for you to manage the AT-8000 Series switches in your network. It offers the following benefits: ❑ You can manage up to 24 switches from one local or remote management session. This eliminates the need of having to start separate management sessions for the different switches in your network. ❑ The switches can share the same IP address.
AT-S39 User’s Guide There are three basic steps to implementing this feature on your network: 1. You must select a switch in your network to function as the master switch of the stack. The master switch can be any switch that supports enhanced stacking, such as an AT-8000 Series switch, an AT-8400 Series switch, or an AT-8524M switch. For networks that consist of more than one subnet, there must be at least one master switch in each subnet.
Section II: Local and Telnet Management Figure 9 is an example of the enhanced stacking feature. Master 1 IP Address 149.32.11.22 Master 2 IP Address Subnet A 149.32.11.16 Router TROP LANIMRET 232-SR TLUAF RETSAM RWP Subnet B Master 1 IP Address 149.32.09.18 Master 2 IP Address 149.32.09.24 Figure 9 Enhanced Stacking Example The example consists of a network of two subnets interconnected with a router. Each subnet consists of one enhanced stack.
AT-S39 User’s Guide Setting a Switch’s Enhanced Stacking Status The enhanced stacking status of the switch can be master switch, slave switch, or unavailable. Each status is described below: ❑ Master switch - A master switch of a stack can be used to manage all the other switches in the stack. Once you establish a local or remote management session with the Master switch, you can access and manage all the switches in the stack. A master switch must have a unique IP address.
Section II: Local and Telnet Management The menu displays the current status of the switch at the end of selection “1 - Switch State.” For example, the switch’s current status in the figure above is Master. Note The “2 - Stacking Services” selection is included in the menu only for master switches. 2. To change a switch’s stacking status, type 1 to select Switch State. The following prompt is displayed. Enter new setup (M/S/U) -> 3.
AT-S39 User’s Guide Selecting a Switch in an Enhanced Stack The first thing you should do before performing a procedure on a switch in an enhanced stack is check to be sure you are performing it on the correct switch. If you assigned system names to your switches, then this is easy. The name of the switch being managed is always displayed at the top of every management menu. When you start a management session on the Master switch of an enhanced stack, you are by default addressing that particular switch.
Section II: Local and Telnet Management 3. Type G to select Get/Refresh List of Switches. The Master switch polls the network for all slave and other Master switches in the enhanced stack and displays a list of the switches in the Stacking Services menu. Note The Master switch on which you started the management session is not included in the list, nor are any switches with an enhanced stacking status of Unavailable.
Chapter 5 Port Parameters The chapter contains procedures for viewing and changing the parameter settings for the individual ports on a switch.
Section II: Local and Telnet Management Displaying Port Status To display the status of the ports on the switch, perform the following procedure: 1. From the Main Menu, type 1 to select Port Menu.
AT-S39 User’s Guide The information in this window is for viewing purposes only. The columns in the window are described below: Prt The port number. Link The status of the link between the port and the end node connected to the port. Possible values are: Up - indicates that a valid link exists between the port and the end node. Down - indicates that the port and the end node have not established a valid link. Neg The status of Auto-Negotiation on the port.
Section II: Local and Telnet Management Transmit - Flow control only as packets are being transmitted out the port. Receive - Flow control only on as packets are being received on the port. Both - Flow control for both packets entering and leaving the port. State The current operating status of the port. Possible values are: Forwarding - The port is sending and receiving Ethernet frames. Disabled - The port has been manually disabled.
AT-S39 User’s Guide Configuring Port Parameters To configure the parameter settings for a port on the switch, perform the following procedure: 1. From the Main Menu, type 1 to select Port Menu. 2. From the Port Menu, type 1 to select Port Configuration. The following prompt is displayed: Enter Ports List -> 3. Enter the port you want to configure. You can specify more than one port at a time.
Section II: Local and Telnet Management If you are configuring multiple ports and the ports have different settings, the Port Configuration menu displays the settings of the lowest numbered port. Once you have configured the settings of the port, all of its settings are copied to the other selected ports. 4. Adjust the port parameters as desired. You adjust a parameter by typing its number. This toggles the parameter through its possible settings. The parameters are described below.
AT-S39 User’s Guide To avoid this problem, when connecting an end node with a fixed duplex mode of full-duplex to a switch port, you should disable Auto-Negotiation on the port and set the port’s speed and duplex mode manually. ❑ The auto-MDI/MDI-X setting is available only when a port’s speed and duplex mode are set by Auto-Negotiation. If a port’s speed or duplex mode is set manually, the port’s wiring configuration defaults to MDI-X.
Section II: Local and Telnet Management 6 - Advertise 10FDX 7 - Advertise 10HDX 8 - Advertise 100FDX 9 - Advertise 100HDX These selections appear in the menu only when a port is configured for Auto-Negotiation. During Auto-Negotiation, a switch port determines the appropriate speed and duplex mode by advertising its capabilities to the end node connected to it.
AT-S39 User’s Guide Where they differ is that while flow control applies to ports operating in full-duplex, backpressure applies to ports operating in half-duplex mode. When a twisted pair port on the switch operating in half-duplex mode needs to stop an end node from transmitting data, it forces a collision. A collision on an Ethernet network occurs when two end nodes attempt to transmit data using the same data link at the same time. A collision causes the end nodes to stop sending data.
Section II: Local and Telnet Management Displaying Uplink Information The AT-S39 management software can display basic manufacturer information about an optional GBIC module in an AT-8024GB switch or the fiber optic ports in an AT-8026FC switch. To display uplink information, perform the following procedure: 1. From the Main Menu, type 8 to select Diagnostics. 2. From the Diagnostics menu, type 8 to select Uplink Information. The GBIC Information menu is shown in Figure 16.
AT-S39 User’s Guide The management software displays a menu containing basic information about the GBIC module or fiber optic port. Figure 17 is an example of the menu. Allied Telesyn Ethernet Switch AT-8024GB - AT-S39 Login Privilege: Manager Uplink Information Menu Port Number ................... Type of Serial Transceiver .... Extended Serial Transceiver ... Connector Type ................ Elect/Opt Transceiver ......... Serial Encoding ............... Nominal bit rate(100Mbits/s) ..
Chapter 6 Port Security This chapter contains the procedures for setting port security. The sections in this chapter include: ❑ Port Security Overview on page 77 ❑ Configuring Port Security on page 79 ❑ Configuring the Limited Security Mode on page 80 Note To change a switch’s port security level, you must use a local management session. You cannot set port security from a Telnet or web browser management session, or through enhanced stacking.
AT-S39 User’s Guide Port Security Overview This feature can enhance the security of your network. You can use it to control which end nodes can forward frames through the switch, and so prevent unauthorized individuals from accessing your network or particular parts of the network. This type of network security uses a frame’s source MAC address to determine whether the switch should forward a frame or discard it. The source address is the MAC address of the end node that sent the frame.
Section II: Local and Telnet Management Static MAC addresses are retained by the switch and are not included in the count of maximum addresses that can be learned by a port. You can continue to add static MAC addresses to a port even after a port has learned its maximum number of dynamic MAC addresses. Secure This security level instructs the switch to forward frames based solely on static MAC addresses.
AT-S39 User’s Guide Configuring Port Security Note Port security can only be set through a local management session. You cannot set this feature from a Telnet or web browser management session, or through enhanced stacking. To set a switch’s port security level, perform the following procedure: 1. From the Main Menu, type 1 to select Port Menu. 2. From the Port Menu, type 5 to select Port Security. The Port Security menu is shown in Figure 18.
Section II: Local and Telnet Management Configuring the Limited Security Mode The Limited security mode lets you set the maximum number of dynamic MAC addresses each port on a switch can learn. When you activate this security level, the switch deletes all MAC addresses in the dynamic MAC address table and immediately begins to learn new addresses as frames are received on the ports.
AT-S39 User’s Guide 5. Enter the port(s) where you want to specify a new MAC address limit. You can specify the ports individually (e.g., 1,4), as a range (e.g., 4-7), or both (e.g., 2-7,11,15). The following prompt is displayed: Enter new MAC limit -> [1 to 150] -> 6. Enter the maximum number of dynamic MAC addresses you want the port to be able to learn and press Return. The range is 1 to 150 addresses. The default is 100. 7.
Chapter 7 Port Trunking This chapter contains the procedures for creating and deleting port trunks.
AT-S39 User’s Guide Port Trunking Overview Port trunking is an economical way for you to increase the bandwidth between two Ethernet switches. A port trunk is 2, 3, or 4 ports that have been grouped together to function as one logical path. A port trunk increases the bandwidth between switches and is useful in situations where a single physical data link between switches is insufficient to handle the traffic load.
❑ When cabling a trunk, the order of the connections should be maintained on both nodes. The lowest numbered port in a trunk on the switch should be connected to the lowest numbered port of the trunk on the other device, the next lowest numbered port on the switch should be connected to the next lowest numbered port on the other device, and so on. For example, assume that you are connecting a trunk between two AT-8024 switches. On the first AT-8024 switch you had chosen ports 12, 13, 14, 15 for the trunk.
AT-S39 User’s Guide The AT-S39 management software offers two load distribution methods. They are: ❑ Source Address (SA) Trunking ❑ Source Address / Destination Address (SA/DA) Trunking Let’s first take a look at the SA method. When a switch receives a packet from a network node, it examines the destination address to determine on which switch port, if any, the packet should be transmitted. If the packet is destined for a port trunk, the switch then examines the source address of the packet.
Workstation C Workstation B Workstation D Workstation A AT-8024 RS-232 TERMINAL PORT 10Base-T / 100Base-TX Fast Ethernet Switch Switch #1 MODE Link COL Mode Link 100 Mode ACT FAULT MASTER FULL PWR AT-8026FC RS-232 TERMINAL PORT CLASS 1 LASER PRODUCT DO NOT STARE INTO BEAM 10Base-T / 100Base-TX Fast Ethernet Switch 25 MODE Link COL Mode Link 100 Mode ACT 26 FAULT LINK LINK FULL TX RX MODE TX RX MODE MASTER Switch #2 PWR Figure 21 Load Distribution Method Now assume tha
AT-S39 User’s Guide For example, when Workstation B sends a packet to the server, Switch #1 will use Port 14 of the trunk to transmit it to Switch #2. An assignment of a source MAC address to a port trunk remains active as long as the source node remains active. If the MAC address times out, the assignment is dropped. Should the source node become active again and need to transmit a packet over the trunk, a new assignment is made, either to the same port or to a different port in the trunk.
Even though there is only one source, all the data links in the trunk are used. For instance, if the server needed to send a packet to Workstation C, by referring to the matrix Switch #2 would use Port 3 of the trunk to transmit the packet from that particular source MAC address to Switch #1. As you can see, the SA/DA method is useful when a port trunk needs to send packets from one source node to many destination nodes, something that the SA method is not suited for.
AT-S39 User’s Guide Creating a Port Trunk This section contains the procedure for creating a port trunk on the switch. Be sure to review the guidelines in Port Trunking Overview on page 83 before performing the procedure. Caution Do not connect the cables to the trunk ports on the switches until after you have configured the trunk with the management software. Connecting the cables before configuring the software will create a loop in your network topology.
3. Type 1 to select Trunk Ports. The following prompt is displayed. Enter Trunk Port(s) -> 4. Enter the ports that will constitute the port trunk and press Return. You can specify the ports individually (e.g., 1,2,3,4) or as a range (e.g., 7-10). Once you have specified the ports of the trunk, the following menu selection appears: 2 - Trunk Method ....... SA/DA trunking You use this selection to specify the load distribution method. The default is SA/DA. 5.
AT-S39 User’s Guide Deleting a Port Trunk Caution Disconnect the cables from the port trunk on the switch before performing the following procedure. Deleting a port trunk without first disconnecting the cables can create loops in your network topology. Data loops can result in broadcast storms and poor network performance. To delete a port trunk from the switch, perform the following procedure: 1. From the Main Menu, type 1 to select Port Menu. 2. From the Port Menu, type 3 to select Port Trunking.
Chapter 8 Port Mirroring This chapter contains the procedures for creating and deleting a port mirror.
AT-S39 User’s Guide Port Mirroring Overview The port mirroring feature allows you to unobtrusively monitor the traffic being received and transmitted on one or more ports on a switch by having the traffic copied to another switch port. You can connect a network analyzer to the port where the traffic is being copied and monitor the traffic on the other ports without impacting network performance or speed.
Creating a Port Mirror To create a port mirror, perform the following procedure: 1. From the Main Menu, type 1 to select Port Menu. 2. From the Port Menu, type 2 to select Port Mirroring. The Port Mirroring menu is shown in Figure 23. Allied Telesyn Ethernet Switch AT-8024 - AT-S39 Sales Switch Login Privilege: Manager Port Mirroring 1 - Mirror (Destination) Port ....... None 2 - Mirroring (Source) Port(s) ......
AT-S39 User’s Guide Deleting a Port Mirror To delete a port mirror, perform the following procedure: 1. From the Main Menu, type 1 to select Port Menu. 2. From the Port Menu, type 2 to select Port Mirroring. The Port Mirroring menu is shown in Figure 23 on page 94. 3. Type 1 to select Mirror (Destination) Port. The following prompt is displayed. Enter mirror port (0=None) [0 to 24] -> 4. Enter 0 and press Return. The port mirror on the switch is deleted.
Chapter 9 STP and RSTP This chapter provides background information on the Spanning Tree Protocol (STP) and Rapid Spanning Tree Protocol (RSTP). The chapter also contains procedures on how to adjust the STP and RSTP bridge and port parameters. The sections in this chapter include: ❑ STP and RSTP Overview on page 97 ❑ Enabling or Disabling STP or RSTP on page 105 ❑ Configuring STP on page 107 ❑ Configuring RSTP on page 112 Note For detailed information on the Spanning Tree Protocol, refer to IEEE Std 802.
AT-S39 User’s Guide STP and RSTP Overview A significant danger to Ethernet network performance is the existence of a data loop in a network topology. A data loop exists when two or more nodes on a network can transmit data to each other over more than one data link. The problem that data loops pose is that data packets can become caught in repeating cycles, referred to as broadcast storms, that needlessly consume network bandwidth and significantly reduce network performance.
Section II: Local and Telnet Management Bridge Priority and the Root Bridge The first task that bridges perform when a spanning tree protocol is activated on a network is the selection of a root bridge. A root bridge distributes network topology information to the other network bridges and is used by the other bridges to determine if there are redundant paths in the network.
AT-S39 User’s Guide Path Costs and Port Costs Once the Root Bridge has been selected, the bridges must determine if the network contains redundant paths and, if one is found, they must select a preferred path while placing the redundant paths in a backup or blocking state. Where there is only one path between a bridge and the root bridge, the bridge is referred to as the designated bridge and the port through which the bridge is communicating with the root bridge is referred to as the root port.
Section II: Local and Telnet Management RSTP port cost also features an Auto-Detect feature. This features allows RSTP to automatically set the port cost according to the speed of the port, assigning a lower value for higher speeds. Auto-Detect is the default setting on the ports when the switch is operating in RSTP. Table 6 lists the ports cost with Auto-Detect.
AT-S39 User’s Guide Forwarding Delay and Topology Changes If there is a change in the network topology due to a failure, removal, or addition of any active components, the active topology also changes. This may trigger a change in the state of some blocked ports. However, a change in a port state is not activated immediately. It might take time for the root bridge to notify all bridges that a topology change has occurred, especially if it is a large network.
Section II: Local and Telnet Management The root bridge will periodically transmit a BPDU to determine whether there have been any changes to the network topology and to inform other bridges of topology changes. The frequency with which the root bridge sends out a BPDU is called the Hello Time. This is a value that you can set on the AT-8000 Series switch. The interval is measured in seconds and the default is 2 seconds.
AT-S39 User’s Guide If a port is operating in half-duplex mode and is not connected to any further bridges participating in STP or RSTP, then the port is an edge port. Figure 25 illustrates an edge port on an AT-8024 switch. The port is connected to an Ethernet hub, which in turn is connected to a series of Ethernet workstations. This is an edge port because it is connected to a device operating at half-duplex mode and there are no participating STP or RSTP devices connected to it.
Section II: Local and Telnet Management Mixed STP and RSTP Networks RSTP IEEE 802.1w is fully compliant with STP IEEE 802.1d. Your network can consist of bridges running both protocols. STP and RSTP in the same network should be able to operate together to create a single spanning tree domain. There is no reason not to activate RSTP on an AT-8000 Series switch even when all other switches are running STP. The AT-8000 Series switch can combine its RSTP with the STP of the other switches.
AT-S39 User’s Guide Enabling or Disabling STP or RSTP The AT-S39 software supports STP and RSTP. Only one spanning tree protocol can be active on the switch at a time. Before you can enable a spanning tree protocol or configure its settings, you must first select it as the active spanning tree protocol on the switch. The default active spanning tree is RSTP. Note Changing the active spanning tree protocol resets the switch. Some network traffic may be lost during the reset process.
Section II: Local and Telnet Management b. Type Y for yes to change the currently active spanning tree protocol, or N to cancel this procedure. The following prompt is displayed: Enter new active protocol version: S-STP, R-RSTP: c. Type S to select STP or R to select RSTP. The following prompt is displayed: Enter Spanning Tree Status: E-Enable, D-Disable: d. If you want the switch to enable the new active spanning tree protocol after resetting, type E.
AT-S39 User’s Guide Configuring STP This section contains the following procedures: ❑ Configuring STP Bridge Settings on page 107 ❑ Configuring STP Port Settings on page 109 Configuring STP Bridge Settings This section contains the procedure for configuring a bridge’s STP settings. Caution The default STP parameters are adequate for most networks. Changing them without prior experience and an understanding of how STP works might have a negative effect on your network. You should consult the IEEE 802.
Section II: Local and Telnet Management 2. Adjust the bridge STP settings as needed. The parameters are described below. 1 - Bridge Priority The priority number for the bridge. This number is used in determining the root bridge for STP. The bridge with the lowest priority number is selected as the root bridge. If two or more bridges have the same priority value, the bridge with the numerically lowest MAC address becomes the root bridge.
AT-S39 User’s Guide 6 - Config STP Port Settings Configures the STP port parameters. For instructions, refer to Configuring STP Port Settings on page 109. 8 - Reset STP to Defaults Resets all STP bridge and port settings to their default values. This option is available only when spanning tree is disabled on the switch. For instructions on disabling spanning tree, refer to Enabling or Disabling STP or RSTP on page 105. 3. After you have made the desired changes, type S to select Save Configuration Changes.
Section II: Local and Telnet Management The STP Port Configuration menu is shown in Figure 30. Allied Telesyn AT-8024 Ethernet Switch - AT-S39 Sales Switch Login Privilege: Manager Config STP Port Settings Configuring Ports 4 to 4 1 2 3 4 5 6 - Participate ....... Fast Mode ......... Port Cost ......... Port Priority ..... Port State ........ Root Bridge .......
AT-S39 User’s Guide 3 - Port Cost The spanning tree algorithm uses the cost parameter to decide which port provides the lowest cost path to the root bridge for that LAN. The default value for this parameter for all ports and speeds is 100. The range is 1 to 65535. To automatically set a port’s STP port cost based on port speed, set the value to a “0”. 4 - Priority This parameter is used as a tie breaker when two or more ports are determined to have equal costs to the root bridge.
Section II: Local and Telnet Management Configuring RSTP This section contains the following procedures: ❑ Configuring RSTP Bridge Settings on page 112 ❑ Configuring RSTP Port Settings on page 115 Configuring RSTP Bridge Settings This section contains the procedure for configuring a bridge’s RSTP settings. Caution The default RSTP parameters are adequate for most networks. Changing them without prior experience and an understanding of how RSTP works might have a negative effect on your network.
AT-S39 User’s Guide 2. Adjust the parameters as needed. The parameters are defined below. 1 - Force Version This selection determines whether the bridge will operate with RSTP or in an STP-compatible mode. If you select RSPT, the bridge will operate all ports in RSTP, except for those ports that receive STP BPDU packets. If you select Force STP Compatible, the bridge will operate in RSTP, using the RSTP parameter settings, but it will send only STP BPDU packets out the ports.
Section II: Local and Telnet Management 6 - Bridge Identifier The MAC address of the bridge. The bridge identifier is used as a tie breaker in the selection of the root bridge when two or more bridges have the same bridge priority value. This value cannot be changed. 7 - Root Bridge The MAC address of the bridge functioning as the root bridge in the spanning tree domain. This value is for display purposes only and cannot be changed. 8 - Root Priority The bridge priority on the root bridge.
AT-S39 User’s Guide Configuring RSTP Port Settings To adjust RSTP port parameters, perform the following procedure: 1. From the Spanning Tree Menu, type 4 to select RSTP Configuration. 2. From the RSTP Configuration menu, type P to select RSTP Port Parameters. The RSTP Port Parameters menu is shown in Figure 31: Allied Telesyn Ethernet Switch AT-8024 - AT-S39 Sales Switch Login Privilege: Manager RSTP Port Parameters The current protocol version is RSTP.
Section II: Local and Telnet Management The Configure RSTP Port Settings menu is shown in Figure 33. Allied Telesyn Ethernet Switch AT-8024 - AT-S39 Sales Switch Login Privilege: Manager Configure RSTP Port Settings Configuring Ports 4 to 4 1 2 3 4 - Port Priority ...... Port Cost .......... Point-to-Point ..... Edge Port ..........
AT-S39 User’s Guide M - MCHECK This option instructs the bridge to send out RSTP BPDU packets for several seconds from the selected port. The purpose is to determine if there are any RSTP or STP bridges connected to the port. If the port receives STP BPDU packets in response, the port changes to STP compatible mode. Note The MCHECK option is visible and can be set only when RSTP is enabled on the switch. All changes are immediately activated on the switch. 7.
Chapter 10 Virtual LANs Overview This chapter contains overviews of tagged and port-based VLANs and the Basic VLAN Mode. It also explains how to select a VLAN mode. For the procedures for creating tagged and port-based VLANs, refer to the next chapter.
AT-S39 User’s Guide VLAN Overview A VLAN is a group of ports on an Ethernet switch that form a logical Ethernet segment. The ports of a VLAN form an independent traffic domain where the traffic generated by the nodes of a VLAN remains within the VLAN. A router or Layer 3 network device is required in order for traffic to cross a VLAN boundary.
Section II: Local and Telnet Management But with VLANS, you can change LAN segment assignments through the switch’s AT-S62 management software. VLAN memberships can be changed any time through the management software without moving the workstations physically, or having to change group memberships by moving cables from one switch port to another. Additionally, a virtual LAN can span more than one switch.
AT-S39 User’s Guide User-Configured VLAN Mode Overview The user-configured VLANs mode lets you create your own VLANs. You can create two types of VLANs: ❑ Port-based VLANS (discussed in the following section) ❑ Tagged VLANs (see Tagged VLAN Overview on page 128) Port-based VLAN Overview Port-based VLANs are the simplest and most common form of a VLAN. In a port-based VLAN configuration, each port of the switch is assigned to a particular VLAN. Each port can belong to only one port-based VLAN at a time.
Section II: Local and Telnet Management If a VLAN consists only of ports located on one physical switch in your network, you would assign it a VID unique from all other VLANs in your network. If a VLAN spans multiple switches, the VID for the VLAN on the different switches should be identical. In this manner, the switches are able to recognize and forward frames belonging to the same VLAN even though the VLAN spans multiple switches.
AT-S39 User’s Guide Some switches and switch management programs require that you assign the PVID value for each port manually. However, the AT-S39 management software performs this task automatically. The software automatically assigns a PVID to a port, making it identical to the VID of the VLAN to which the port is an untagged member. General Rules for Creating Port-Based VLANs Below is a summary of the general rules to observe when creating portbased VLANs.
Section II: Local and Telnet Management In network configurations with many individual VLANs that span switches, ports are often ineffectively used to interconnect the various VLANs. Port-based Example 1 Figure 34 illustrates an example of one AT-8024 Fast Ethernet Switch with three port-based VLANs. (For purposes of the following examples, the Default_VLAN is not shown.
AT-S39 User’s Guide Each VLAN has been assigned a unique VID. You assign this number when you create a VLAN. The ports have been assigned PVID values. A port’s PVID is assigned automatically by the management software when you create the VLAN. A PVID is the same as the VID to which the port is an untagged member. In the example, each VLAN has one port connected to the router. The router interconnects the various VLANs and provides access to the WAN.
Section II: Local and Telnet Management Port-based Example 2 Figure 35 illustrates more port-based VLANs. In this example, two VLANs span more than one Ethernet switch.
AT-S39 User’s Guide The table below lists the port assignments for the Sales, Engineering, and Production VLANs on the switches: Switch Sales VLAN (VID 2) Engineering VLAN (VID 3) Production VLAN (VID 4) AT-8024 (top) Ports 1 - 6, 18 (PVID 2) Ports 9 - 11, 14, 20 (PVID 3) Ports 21 - 24 (PVID 4) AT-8024 (bottom) Ports 1 - 6 (PVID 2) Ports 13, 19-24 (PVID 3) none ❑ Sales VLAN - This VLAN spans both switches.
Section II: Local and Telnet Management Tagged VLAN Overview The second type of user-configured VLAN supported by the AT-8000 Series switch is the tagged VLAN. VLAN membership in a tagged VLAN is determined by information within the frames that are received on a port. This contrasts to a port-based VLAN, where the PVIDs assigned to the ports determine VLAN membership. The VLAN information within an Ethernet frame is referred to as a tag or tagged header.
AT-S39 User’s Guide ❑ Port VLAN Identifier Note For explanations of VLAN name and VLAN identifier, refer back to VLAN Name and VLAN Identifier on page 121. Tagged and Untagged Ports You must specify which ports are members of the VLAN. In the case of a tagged VLAN, VLAN members are usually a combination of both tagged and untagged ports. When you create the VLAN, you specify which ports are tagged and which ports are untagged.
Section II: Local and Telnet Management ❑ The AT-8000 Series switch can support up to 32 tagged and portbased VLANS. Tagged VLAN Example Figure 36 illustrates how tagged ports can be used to interconnect IEEE 802.1Q-based products. Engineering VLAN (VID 3) Legacy Server Production VLAN (VID 4) Sales VLAN (VID 2) AT-8024 Ethernet Switch AT-8024 RS-232 TERMINAL PORT 10Base-T / 100Base-TX Fast Ethernet Switch MODE Link COL Mode Link 100 Mode ACT FAULT MASTER FULL PWR WAN IEEE 802.
AT-S39 User’s Guide The port assignments for the VLANs are as follows: Switch Sales VLAN (VID 2) Engineering VLAN (VID 3) Production VLAN (VID 4) Untagged Ports Tagged Ports Untagged Ports Tagged Ports Untagged Ports Tagged Ports AT-8024 (top) 1 to 5, 18 (PVID 2) 8, 16 9 to 11, 20 (PVID 3) 8, 16 21 to 24 (PVID 4) 8 AT-8024 (bottom) 1 to 5 (PVID 2) 15 19 to 24 (PVID 3) 15 none none This example is similar to the Port-based Example 2 on page 126.
Section II: Local and Telnet Management Basic VLAN Mode Overview The Fast Ethernet switches support a special VLAN configuration referred to as Basic VLAN Mode. When the Basic VLAN Mode is activated, frames are forwarded based solely on MAC addresses. All VLAN information, including PVIDs assigned to ports and VLAN tags in tagged frames, is ignored. Tagged frames are analyzed only for priority level. Packets are passed through the switch unchanged.
AT-S39 User’s Guide Setting the VLAN Mode The procedure in this section explain how to set the switch for either the user configured (Tagged) VLAN mode, which supports tagged and portbased VLANs, or the Basic VLAN mode. The default setting for the switch is the user configured (Tagged) VLAN mode. (To configure the switch for a Multiple VLAN mode, refer to Activating or Deactivating a Multiple VLAN Mode on page 159. To set the VLAN mode on the switch, do the following: 1.
Chapter 11 Creating Port-based and Tagged VLANs This chapter contains procedures for creating, modifying, and deleting user-configured VLANs from a local or Telnet management session. To create VLANs, the switch’s VLAN mode must be set to the User Configure (Tagged) VLAN mode, which is the default setting. For instructions on setting the switch mode, please refer to Setting the VLAN Mode on page 133.
AT-S39 User’s Guide Creating a New Port-based or Tagged VLAN To create a new port-based or tagged VLAN, perform the following procedure: 1. From the Main Menu, type 2 to select VLAN Menu. The VLAN Menu is shown in Figure 37. Allied Telesyn Ethernet Switch AT-8024 - AT-S39 Sales Switch Login Privilege: Manager VLAN Menu 1 2 3 4 5 6 7 8 - VLANs Status ................Enabled Ingress Filtering Status ....Enabled VLANs Mode ..................User Configured Management VLAN .............
Section II: Local and Telnet Management 3. From the Configure VLANs menu, type 1 to select Create VLAN. The Create VLAN menu is shown in Figure 39. Allied Telesyn Ethernet Switch AT-8024 - AT-S39 Sales Switch Login Privilege: Manager Create VLAN 1 2 3 4 5 - VLAN Name ............ VLAN ID (VID) ........ 2 Tagged Ports ......... Untagged Ports ....... Mirror Port ....... None C - Create VLAN R - Return to Previous Menu Enter your selection? Figure 39 Create VLAN Menu 4.
AT-S39 User’s Guide has VLANs using VIDs 2 through 24, the AT-S39 software will still use VID 2 as the default value for the first VLAN you create on the new switch, even though that VID number is already being used by another VLAN on the network. To prevent inadvertently using the same VID for two different VLANs, you should keep a list of all your network VLANs and their VID values. Note A VLAN must have a VID. 6. If the VLAN will contain tagged ports, type 3 to select Tagged Ports and specify the ports.
Section II: Local and Telnet Management 12. Press Esc or type R to return to the Configure VLANS menu. To verify that the VLAN was created correctly, complete steps 13 through 14. Otherwise, you can repeat this procedure to create additional VLANs. 13. Type 7 to select Show VLANs. 14. Check to see that the VLAN was created correctly and that it contains the appropriate ports. If you need to modify the VLAN, go to Modifying a VLAN on page 141.
AT-S39 User’s Guide Example of Creating a Port-based VLAN The following procedure creates the Sales VLAN illustrated in Figure 34 on page 124. This VLAN will be assigned a VID of 2 and will consist of four untagged ports, Ports 1 to 4. The VLAN will not contain any tagged ports and the VLAN traffic will not be mirrored on another port. To create the example Sales VLAN, perform the following procedure: 1. From the Main Menu, type 2 to select VLAN Menu. 2.
Section II: Local and Telnet Management Example of Creating a Tagged VLAN The following procedure creates the Engineering VLAN in the top switch illustrated in Figure 36 on page 130. This VLAN will be assigned a VID of 3. It will consist of four untagged ports, Ports 9, 10, 11, and 20, and two tagged ports, Ports 8 and 16. The VLAN traffic will not be mirrored on another port. To create the example Engineering VLAN, perform the following procedure: 1. From the Main Menu, type 2 to select VLAN Menu. 2.
AT-S39 User’s Guide Modifying a VLAN Note To modify a VLAN, you need to know its VID. To view VLAN VIDs, refer to the procedure Displaying VLAN Information on page 144. To modify a VLAN, perform the following procedure: 1. From the Main Menu, type 2 to select VLAN Menu. 2. From the VLAN Menu, type 5 to select Configure VLANS. 3. From the Configure VLANS menu, type 2 to select Modify a VLAN. The Modify a VLAN menu is shown in Figure 40.
Section II: Local and Telnet Management When changing a VLAN’s name, observe the following guidelines: ❑ A VLAN’s new name cannot be the same as the name of another VLAN on the same switch. For example, if the switch already contains a VLAN called Sales, you cannot change an existing VLAN’s name to Sales. ❑ You cannot change the name of the Default_VLAN. Note A VLAN must have a name. 2 - VLAN ID (VID) This is the VLAN’s VID value. You cannot change this value.
AT-S39 User’s Guide ❑ If the VLAN does not contain untagged ports, leave this field empty. ❑ To remove all untagged ports from a VLAN, enter a 0 (zero) for this value. ❑ You cannot remove untagged ports directly from the Default_VLAN. Instead, you remove an untagged port from the Default_VLAN by assigning the port as an untagged port to another VLAN. An untagged port removed from a VLAN is automatically returned to the Default_VLAN as an untagged port.
Section II: Local and Telnet Management Displaying VLAN Information To view the name, VID number, and member ports of all the VLANs on a switch, perform the following procedure: 1. From the Main Menu, type 2 to select VLAN Menu. 2. From the VLAN Menu, type 7 to select Show VLANs. An example of the Show VLANs menu is shown Figure 41.
AT-S39 User’s Guide Deleting a VLAN This procedure deletes a port-based or tagged VLAN. All untagged ports in a deleted VLAN are returned to the Default_VLAN. You cannot delete the Default_VLAN. Note To delete a VLAN, you need to know its VID. To view VLAN VIDs, refer to the procedure Displaying VLAN Information on page 144. To delete a VLAN, perform the following procedure: 1. From the Main Menu, type 2 to select VLAN Menu. 2. From the VLAN Menu, type 5 to select Configure VLANS. 3.
Section II: Local and Telnet Management 6. Type D to delete the VLAN or R to cancel the procedure. The following confirmation prompt is displayed: Are you sure you want to delete this VLAN [Yes/No] -> 7. Type Y to delete the VLAN or N to cancel the procedure. Press Return. A confirmation message is displayed: 8. Press any key. 9. Type S to select Save Configuration Changes. The VLAN has been deleted. All untagged ports in the deleted VLAN are returned to the Default_VLAN as untagged ports. 10.
AT-S39 User’s Guide Deleting All VLANs This section contains the procedure for deleting all port-based and tagged VLANs, except the Default_VLAN, on a switch. Note To delete selected VLANs, perform the procedure Deleting a VLAN on page 145. To delete all VLANs on a switch, perform the following procedure: 1. From the Main Menu, type 2 to select VLAN Menu. 2. From the VLAN Menu, type 5 to select Configure VLANS. 3. From the Configure VLANS menu, type 4 to select Clear All VLANs.
Section II: Local and Telnet Management Displaying PVIDs and Priorities The following procedure displays a window that lists the PVIDs for all the ports on the switch. The window also contains the current priority queue settings for each port. To display the PVID settings on the switch, perform the following procedure: 1. From the Main Menu, type 2 to select VLAN Menu. 2. From the VLAN Menu, type 8 to select Show PVIDs & Priorities. The Show PVIDs & Priorities window is displayed.
AT-S39 User’s Guide Enabling or Disabling Ingress Filtering There are certain rules that a switch follows as it receives and forwards an Ethernet frame. There are rules for frames as they enter a port (called ingress rules) and rules for when a frame is transmitted out a port (called egress rules). A switch will not accept and forward a frame unless the frame passes the ingress and egress rules. There are quite a few ingress and egress rules for Fast Ethernet switches.
Section II: Local and Telnet Management There is one other thing that should be mentioned about ingress filtering and tagged packets, and that is the priority tag. Each tagged frame has a priority tag in it that instructs the switch as to the importance of the frame. Frames with a high priority are handled ahead of frames with a low priority. Activating or deactivating ingress filtering has no effect on the switch’s handling of priority tags.
AT-S39 User’s Guide Designating a Management VLAN The management VLAN is the VLAN on which the AT-S39 management software expects to receive remote management packets. This VLAN is important if you will be managing a switch remotely using Telnet or a web browser, or through the enhanced stacking feature of the switch. Management packets are packets generated by a management workstation when you manage a switch remotely using the Telnet application protocol or a web browser.
Section II: Local and Telnet Management Now assume that you decide to create a VLAN called NMS with a VID of 24 for the sole purpose of remote network management. For this, you need to create the NMS VLAN on each AT-8000 Series switch you want to manage remotely, being sure to assign each NMS VLAN the VID of 24. Then you need to be sure that the uplink and downlink ports connecting the switches together are either tagged or untagged members of the NMS VLAN.
Chapter 12 Multiple VLAN Modes This chapter describes the Multiple VLAN Modes and how to select a mode.
Section II: Local and Telnet Management Multiple VLAN Modes Overview The Multiple VLAN modes simplify the task of configuring the switch in network environments that require a high degree of network segmentation. In the multiple VLAN modes, the ports on a switch are prohibited from forwarding traffic to each other and are only allowed to forward traffic to a user designated uplink port.
AT-S39 User’s Guide When you activate the 802.1Q-compliant VLAN mode, you are asked to specify the uplink port for all the client VLANs. Once you have specified the port, the switch automatically configures the VLANs. Table 8 is an example of this multiple VLAN mode. It shows the client VLANs on a switch that supports 26 ports. Port 15 has been selected as the uplink port. Note In 802.1Q Multiple VLANs mode, the device connected to the uplink port must be 802.1Q-compliant.
Section II: Local and Telnet Management VLAN Name VID Untagged Port Tagged Port Client_VLAN_18 18 18 15 Client_VLAN_19 19 19 15 Client_VLAN_20 20 20 15 Client_VLAN_21 21 21 15 Client_VLAN_22 22 22 15 Client_VLAN_23 23 23 15 Client_VLAN_24 24 24 15 Client_VLAN_25 25 25 15 Client_VLAN_26 26 26 15 Note Remote management of the switch is possible only through the uplink port. Non-802.1Q Compliant Multiple VLAN Mode The Non-802.
AT-S39 User’s Guide Table 9 is an example of this mode. The table lists the VLANs on a switch that supports 26 ports where port 15 was selected as the uplink port. Ports 1 to14 and 16 to 26 are configured as untagged Client VLANs. Port 15, the uplink port, is configured as the Uplink VLAN that contains all ports as members. Table 9 Non-802.
Section II: Local and Telnet Management VLAN Name VID Untagged Port Client_VLAN_23 23 23,15 Client_VLAN_24 24 24,15 Client_VLAN_25 25 25,15 Client_VLAN_26 26 26,15 Tagged Port Caution The non-802.1Q-Compliant Multiple VLAN mode does not protect the switch from VLAN leakage. If a packet arrives on the uplink port containing a destination MAC address not in the MAC address table, the switch will broadcast the packet out all ports, except the uplink port.
AT-S39 User’s Guide Activating or Deactivating a Multiple VLAN Mode The following procedure explains how to enable or disable a multiple VLANs mode on an AT-8000 Series switch. Note The VLAN mode on the switch must be set to User Configured (Tagged) VLAN mode, and not the Basic Mode, for the unit to operate in a multiple VLAN mode. To set a switch’s VLAN mode, refer to Setting the VLAN Mode on page 133. 1. From the Main Menu, type 2 to select VLAN Menu. 2. From the VLAN Menu, type 3 to select VLANs Mode.
Section II: Local and Telnet Management Displaying VLAN Information To view the name, VID number, and member ports of all the VLANs on a switch, perform the following procedure: 1. From the Main Menu, type 2 to select VLAN Menu. 2. From the VLAN Menu, type 7 to select Show VLANs. The Show VLANs window is displayed. An example of the window is shown in Figure 44.
Chapter 13 MAC Address Table The chapter contains the procedures for viewing the static and dynamic MAC address table.
Section II: Local and Telnet Management MAC Address Overview The hardware devices that you connect to your network have unique MAC addresses assigned by the device manufacturers. For example, every network interface card that you use to connect your computers to your network has a MAC address assigned to it by the adapter’s manufacturer. The AT-8000 Series switch contains a 4 kilobyte MAC address table.
AT-S39 User’s Guide The type of MAC address described above is referred to as a dynamic MAC address. Dynamic MAC addresses are addresses that the switch learns by examining the source MAC addresses of the frames received on the ports. Dynamic MAC addresses are not stored indefinitely in the MAC address table. The switch deletes a dynamic MAC address from the table if it does not receive any frames from the node over a specified period of time.
Section II: Local and Telnet Management Displaying MAC Addresses The management software has two menu selections for displaying the MAC addresses of a switch. One selection displays the static and dynamic MAC addresses while the other displays just the static addresses. To display the MAC address table, perform the following procedure: 1. From the Main Menu, type 6 to select MAC Address Tables. The MAC Address Table menu is shown in Figure 45.
AT-S39 User’s Guide The management software displays the MAC addresses. Figure 46 is an example of the Show All MAC Addresses window, which displays both static and dynamic MAC addresses. The static MAC address window is exactly the same, except for the title and the fact that it displays only static MAC addresses.
Section II: Local and Telnet Management The port numbering scheme is from right to left. As an example, assume that ports 1 through 4 on the switch were members of the same multicast group. This would be represented in the column as follows: “0000000F”. Another example is “000020F. This example would indicate that ports 1 to 4 and port 10 on the switch were members of the same multicast group. This column is empty for unicast addresses. CPU This feature is not supported.
AT-S39 User’s Guide Adding Static Unicast and Multicast MAC Addresses This section contains the procedure for adding static unicast and multicast addresses to the switch. You can assign up to 255 static MAC addresses per port on an AT-8000 Series switch. To add a static unicast or multicast address to the MAC address table, perform the following procedure: 1. From the Main Menu, type 6 to select MAC Address Tables. 2. From the MAC Address Tables menu, type 2 to select Add Static MAC Address.
Section II: Local and Telnet Management Deleting MAC Addresses The following procedure explains how to delete a static, dynamic, or multicast MAC address from the MAC address table. To delete an address from the MAC address table, perform the following procedure: 1. From the Main Menu, type 6 to select MAC Address Tables. 2. From the MAC Address Tables menu, type 3 to select Delete MAC Address. The following prompt is displayed: Please enter a MAC address -> 3.
AT-S39 User’s Guide Deleting All Dynamic MAC Addresses The management software allows you to purge the MAC address table of all dynamic MAC addresses. Once the table has been purged, the switch immediately begins to relearn the MAC addresses as frames are received on the ports. Note This procedure does not delete static MAC addresses. To delete all dynamic MAC addresses from the MAC address table, perform the following procedure. 1. From the Main Menu, type 6 to select MAC Address Tables. 2.
Section II: Local and Telnet Management Viewing MAC Addresses by Port This section contains the procedure for viewing the dynamic MAC addresses that have been learned on a particular port. You can also use this procedure to view any static MAC addresses that have been assigned to a port. 1. From the Main Menu, type 6 to select MAC Address Table. 2. From the MAC Address Tables menu, type 6 to select View MAC Addresses by Port Menu.
AT-S39 User’s Guide Identifying a Port Number by MAC Address In some situations, you might want to know which port a particular MAC address was learned. You could display the MAC address table and scroll through the list looking for the MAC address. But if the switch is part of a large network, finding the address could prove difficult. The procedure in this section offers an easier way.
Section II: Local and Telnet Management Viewing the MAC Addresses of a VLAN The procedure in this section can be useful if you created VLANs on the switch and want to view the MAC addresses of the nodes of a particular VLAN. (This procedure is not of much value if the switch contains only the Default_VLAN, in which case displaying the entire MAC address table, as explained earlier in this chapter, produces the same result.
AT-S39 User’s Guide Changing the Aging Time The switch uses the aging time to delete inactive dynamic MAC addresses from the MAC address table. When the switch detects that no packets have been sent to or received from a particular MAC address in the table after the period specified by the aging time, the switch deletes the address. This prevents the table from becoming full of addresses of nodes that are no longer active. The default setting for the aging time is 300 seconds (5 minutes).
Chapter 14 Class of Service This chapter contains the procedures for configuring the Class of Service (CoS) feature of the AT-S39 software.
AT-S39 User’s Guide Class of Service Overview When a port on an Ethernet switch becomes oversubscribed—its egress queues contain more packets than the port can handle in a timely manner—the port may be forced to delay the transmission of some packets. This can result in the delay of packets reaching their destinations. Minor delays are often of no consequence to a network or its performance.
Section II: Local and Telnet Management Table 10 lists the mappings between the eight CoS priority levels and the four egress queues of a switch port. Table 10 Default Mappings of IEEE 802.1p Priority Levels to Priority Queues IEEE 802.1p Priority Level Port Priority Queue 0, 1, 2, 3 low 4, 5, 6, 7 high For example, assume that a tagged packet with a priority level of 3 enters a port on the switch.
AT-S39 User’s Guide Configuring CoS To configure CoS for a port, perform the following procedure: 1. From the Main Menu, type 2 to select VLAN Menu. 2. From the VLAN Menu, type 6 to select Configure COS Priorities. The following prompt is displayed: Enter port number -> [1 to 24] -> 3. Enter the port where you want to configure CoS. You can configure only one port at a time. Press Return. The Configure COS Priorities menu is shown in Figure 47.
Section II: Local and Telnet Management Note The tagged information in a frame is not changed as the frame traverses the switch. A tagged frame leaves a switch with the same priority level that it had when it entered. The default for this parameter is No, meaning that the priority level of tagged frames is determined by the priority level specified in the frame itself. 7. Type C to select Configure Port VLANS & Priorities. 8. Type S to select Save Configuration Changes. 9.
Chapter 15 IGMP Snooping This chapter explains how to activate and configure the Internet Group Management Protocol (IGMP) snooping feature on the switch.
Section II: Local and Telnet Management IGMP Snooping Overview IGMP enables routers to create lists of nodes that are members of multicast groups. (A multicast group is a group of end nodes that want to receive multicast packets from a multicast application.) The router creates a multicast membership list by periodically sending out queries to the local area networks connected to its ports. A node wanting to become a member of a particular multicast group responds to a query by sending a report.
AT-S39 User’s Guide Without IGMP snooping, a switch would have to flood multicast packets out all of its ports, except the port on which it received the packet. Such flooding of packets can negatively impact switch and network performance. The AT-8000 Series switch supports both IGMP Version 1 and Version 2.
Section II: Local and Telnet Management Activating IGMP Snooping To activate or deactivate IGMP snooping on the switch and to configure IGMP snooping parameters, perform the following procedure: 1. From the Main Menu, type 5 to select System Config Menu. 2. From the System Config Menu, type A to select Advanced Configuration. 3. From the Advanced Configuration menu, type 1 to select IGMP Snooping Configuration. The IGMP Snooping Configuration menu is shown in Figure 48.
AT-S39 User’s Guide stops sending reports. The switch responds by immediately ceasing the transmission of further multicast packets out the port where the host node is connected. The Multi-Host setting is appropriate if there is more than one host node connected to a switch port, such as when a port is connected to an Ethernet hub to which multiple host nodes are connected.
Section II: Local and Telnet Management 5 - Multicast Router Port(s) Specifies the port on the switch to which the multicast router is detected. You can let the switch determine this automatically by selecting Auto Detect, or you can specify the port yourself by entering a port number. To select Auto Detect, enter “0” (zero) for this parameter. You can specify more than one port. Your changes are activated immediately on the switch. Note Selections 6 and 7 in the menu are discussed later in this chapter.
AT-S39 User’s Guide Displaying a List of Host Nodes You can use the AT-S39 software to display a list of the multicast groups on a switch, as well as the host nodes. To display the list, perform the following procedure: 1. From the Main Menu, type 5 to select System Config Menu. 2. From the System Config Menu, type A to select Advanced Configuration. 3. From the Advanced Configuration menu, type 1 to select IGMP Snooping Configuration. The IGMP Snooping Configuration menu in Figure 48 is displayed. 4.
Section II: Local and Telnet Management Displaying a List of Multicast Routers A multicast router is a router that is receiving multicast packets from a multicast application and transmitting the packets to host nodes. You can use the AT-S39 software to display a list of the multicast routers that are connected to the switch. To display a list of the multicast routers, perform the following procedure: 1. From the Main Menu, type 5 to select System Config Menu. 2.
Chapter 16 Broadcast Storm Control This chapter contains the procedures for configuring the broadcast storm control feature of the AT-S39 management software.
Section II: Local and Telnet Management Broadcast Storm Control Overview Most frames on an Ethernet network are usually unicast frames. A unicast frame is a frame sent to a single destination. The node sending a unicast frame intends the frame for a particular node on the network. For example, when a node needs to send a file to a network server for storage, it sends the file in a unicast Ethernet frame containing the destination address of the server where the file is to be stored.
AT-S39 User’s Guide It is important to note that the maximum number applies to the egress port of a broadcast frame, not the ingress port. That is, any port on the switch will accept any number of broadcast frames. But a port will transmit out (forward) a broadcast frame only if it has not exceeded the maximum number of broadcast frames it can transmit. Here’s an example.
Section II: Local and Telnet Management Configuring the Interval Timer To set the interval timer for the Broadcast Storm Control feature, perform the following procedure: 1. From the Main Menu, type 5 to select System Config Menu. 2. From the System Configuration Menu, type A to select Advanced Configuration. 3. From the Advanced Configuration Menu, type 2 to select Broadcast Timers Setup. The Broadcast Storm Control menu is shown in Figure 51.
AT-S39 User’s Guide Configuring the Maximum Broadcast Frame Count To specify the maximum number of broadcast frames a port on the switch can transmit, perform the following procedure: 1. From the Main Menu, type 1 to select Port Menu. 2. From the Port Menu, type 1 to select Port Configuration. The following prompt is displayed: Enter Ports List -> 3. Enter the port(s) that you want to configure and press Return. The Port Configuration menu is shown in Figure 14 on page 69. 4.
Chapter 17 TACACS+ and RADIUS Protocols This chapter contains the procedure for configuring the two authentication protocols TACACS+ and RADIUS.
AT-S39 User’s Guide TACACS+ and RADIUS Overview TACACS+ and RADIUS are authentication protocols used to enhance the security of your network. (TACACS+ is an acronym for Terminal Access Controller Access Control System. RADIUS is an acronym for Remote Authentication Dial In User Services.) The authentication protocols are used to transfer the task of authenticating network access from a network device to an authentication protocol server. The AT-S39 software comes with TACACS+ and RADIUS client software.
Section II: Local and Telnet Management Note The switch communicates with the authentication server via the switch’s management VLAN. Consequently, the node functioning as the authentication server must be communicating with the switch through a switch port that is a member of that VLAN. The default management VLAN is Default_VLAN. For further information, refer to Designating a Management VLAN on page 151.
AT-S39 User’s Guide Functions of an Authentication Protocol There are three basic functions an authentication protocol provides: ❑ Authentication ❑ Authorization ❑ Accounting When a network manager logs in to a switch, the switch passes the username and password entered by the manager to the authentication protocol server. The server checks to see if the username and password are valid for that switch. This is referred to as authentication.
Section II: Local and Telnet Management Configuring the Authentication Client Software To configure the TACACS+ and RADIUS client software settings, perform the following procedure: 1. From the Main Menu, type 4 to select Administration Menu. 2. From the Administration Menu, type A to select Server-based Authentication. The Authentication Menu is shown in Figure 52.
AT-S39 User’s Guide 5. To configure TACACS+, do the following: a. Type 3 to select TACACS+ Configuration. The following menu is displayed: Allied Telesyn Ethernet Switch AT-8024 - AT-S39 Sales Switch Login Privilege: Manager Authentication Menu 1 2 3 4 5 6 - TAC TAC TAC TAC TAC TAC Server 1 .................. Server 2 .................. Server 3 .................. Server Order .............. Global Secret ............. Timeout ................... 0.0.0.0 0.0.0.0 0.0.0.
Section II: Local and Telnet Management 4 - TAC Server Order You use this selection to indicate the order in which you want the switch to query the TACACS+ servers for logon authentication. Of course, you can skip this option if you specified only one IP address. The default is 1, 2, and 3, in that order.
AT-S39 User’s Guide 6. To configure the RADIUS protocol, from the Authentication Menu in Figure 52 on page 196 do the following: a. Type 4 to select RADIUS Configuration. The following menu is displayed: Allied Telesyn Ethernet Switch AT-8024 - AT-S39 Sales Switch Login Privilege: Manager RADIUS Client Configuration 1 2 3 4 5 6 - Global Encryption Key ............. Global Server Timeout period....... RADIUS Server 1 Configuration ..... RADIUS Server 2 Configuration ..... RADIUS Server 3 Configuration ...
Section II: Local and Telnet Management 3 - RADIUS Server 1 Configuration 4 - RADIUS Server 1 Configuration 5 - RADIUS Server 1 Configuration Use these parameters to specify the IP addresses of up to three network servers containing the RADIUS server software. Selecting one of the options displays the following menu: Allied Telesyn Ethernet Switch AT-8024 - AT-S39 Sales Switch Login Privilege: Manager RADIUS Server 1 Configuration 1 - Server IP Address ................. 0.0.0.
AT-S39 User’s Guide RADIUS client software for the 802.1x port-based access control feature, but not for the manager accounts feature, leave this option disabled. The following prompt is displayed: Server Based User Authentication (E-Enabled, DDisabled) -> e. Type E to enable the manager account feature on the switch or D to disable it. The default is disabled. f. After you have finished configuring the parameters, type S to select Save Configuration Changes.
Chapter 18 802.1x Port-Based Access Control This chapter contains an overview and procedures for the 802.1x portbased access control feature. Sections are as follows: ❑ 802.1x Port-based Access Control Overview on page 203 ❑ Enabling and Disabling Port Access Control on page 209 ❑ Configuring Port Access Control Parameters on page 211 ❑ Viewing Port Access Status on page 214 Note You must use a local management session to configure port-based access control.
AT-S39 User’s Guide 802.1x Port-based Access Control Overview The AT-S39 management software has several different methods for protecting your network and its resources from unauthorized access. For instance, Chapter 6, Port Security on page 76, explains how you can restrict network access by having the switch accept or discard packets based on source MAC addresses. This chapter explains yet another way. This method is referred to as portbased access control (IEEE 802.1x).
Section II: Local and Telnet Management ❑ Authentication server - The authentication server is the network device that has the RADIUS server software. This is the device that will do the actual authenticating of the user names and password from the supplicants. The AT-8524M switch itself does not authenticate the username and passwords from the clients. Rather, it simply acts as an intermediary between a supplicant and the authentication server during the authentication process.
AT-S39 User’s Guide Port Roles Part of the task to implementing this feature is specifying the roles of the ports on the switch. A port can have one of two roles: ❑ None ❑ Authenticator None Role A port in the none role does not participate in port-based access control. Any device can connect to the port and send traffic through it and receive traffic from it without having to provide a username and password. This is the default setting for a port.
Section II: Local and Telnet Management Note This feature is not supported with the TACACS+ authentication protocol. 2. You need to install 802.1x client software on those workstations that are to be supplicants. Microsoft WinXP client software and Meeting House Aegis client software have been verified as fully compatible with the AT-S39 management software. 3. You must configure and activate the RADIUS client software in the AT-S39 management software.
AT-S39 User’s Guide Note Connecting multiple supplicants to a port set to the authenticator role does not conform to the IEEE 802.1x standard, can introduce security risks, and can result in undesirable switch behavior. To avoid this, Allied Telesyn recommends not using the authenticator role on a port that is connected to more than one end node, such as a port connected to another switch or a hub. ❑ A username and password combination is not tied to the MAC address of an end node.
Section II: Local and Telnet Management ❑ Ports used to interconnect switches should be set to the none role, as illustrated in Figure 56. Switch A AT-8024 Port 2 in None Role Port 24 in None Role Port 21 in None Role RADIUS Authentication Server AT-8024 Switch B Ports in Authenticator Role Supplicants with 802.
AT-S39 User’s Guide Enabling and Disabling Port Access Control This procedure explains how to enable and disable port-based access control on the switch. If you plan to activate the feature, there are two things you need to do first. They are: ❑ Configure the RADIUS authentication protocol on the switch, as explained in Configuring the Authentication Client Software on page 196. ❑ Assign port roles and configure the parameter settings, as explained in Configuring Port Access Control Parameters on page 211.
Section II: Local and Telnet Management Note Option 2 - Authentication Method cannot be changed. 802.1x portbased access control is supported only with the RADIUS authentication protocol. It is not supported with TACACS+. 3. Type 1 to select Port Access Control. The following prompt is displayed: Port Access Control (E-Enable, D-Disable): 4. Type E to enable port access control, or D to disable port access control. Press Return. The change is immediately activated on the switch. 5.
AT-S39 User’s Guide Configuring Port Access Control Parameters Note You must use a local management session to configure port-based access control. You cannot configure this feature through a Telnet management session or enhanced stacking. To configure port access control parameters, perform the following procedure: 1. From the main menu, type 1 to select the Port menu. 2. In the Port menu, type 6 to select the Port Access Control menu. 3.
Section II: Local and Telnet Management Allied Telesyn Ethernet Switch AT-8024 - AT-S39 Sales Switch Login Privilege: Manager Configure Port Access Parameters Configuring Ports 3 0 - Port Role ............. 1 - Port Control .......... 2 - Quiet Period .......... 3 - Tx Period ............. 4 - Reauth Period ......... 5 - Supplicant Timeout .... 6 - Server Timeout ........ 7 - Max Requests ..........
AT-S39 User’s Guide ❑ Force-unauthorized: Causes the port to remain in the unauthorized state, ignoring all attempts by the client to authenticate. The switch cannot provide authentication services to the client through the interface 2 - Quiet Period Sets the number of seconds that the switch remains in the quiet state following a failed authentication exchange with the client. The default value is 60 seconds. The range is 0 to 65,535 seconds.
Section II: Local and Telnet Management Viewing Port Access Status Note You must use a local management session to view port-based access control parameters. You cannot view the parameters through a Telnet management session or enhanced stacking. To view port access status, perform the following procedure: 1. From the main menu, type 1 to select the Port menu. 2. In the Port menu, type 6 to select the Port Access Control menu. 3.
Chapter 19 Ethernet Statistics This chapter contains the procedures for displaying data traffic statistics.
Section II: Local and Telnet Management Displaying Port Statistics To display Ethernet port statistics, perform the following procedure: 1. From the Main Menu, type 7 to select Ethernet Statistics. The Ethernet Statistics menu is shown in Figure 61.
AT-S39 User’s Guide CRC Error (CRC_ERROR) Number of packets with a cyclic redundancy check (CRC) error but with the proper length (64-1518 bytes) received on the port. Undersize Packets (UNDERSIZE) Number of packets that were less than the minimum length specified by IEEE 802.3 (64 bytes including the CRC) received on the port. Fragmented Packets (FRAGMENT) Number of undersized packets, packets with alignment errors, and packets with FCS errors (CRC errors) received on the port.
Section II: Local and Telnet Management Displaying Switch Statistics To display Ethernet statistics for the entire switch, perform the following procedure: 1. From the Main Menu, type 7 to select Ethernet Statistics. 2. From the Ethernet Statistics menu, type 2 to select Display Module Statistics. The statistics for the entire switch are displayed in the Display Module Statistics window, shown in Figure 62.
AT-S39 User’s Guide Received Broadcast Number of broadcast packets received on the switch. Received Multicast Number of multicast packets received on the switch. CRC Error Number of packets with a cyclic redundancy check (CRC) error but with the proper length (64-1518 bytes) received by the switch. Undersize Packets Number of packets that were less than the minimum length specified by IEEE 802.3 (64 bytes including the CRC) received on the switch.
Chapter 20 File Downloads and Uploads This chapter contains the following sections: ❑ File Uploads and Downloads Overview on page 221 ❑ Downloading Files from a Local Management Session on page 223 ❑ Downloading Files from a Remote Management Session on page 229 ❑ Downloading Files Switch to Switch on page 232 ❑ Uploading Files from a Local Management Session on page 235 ❑ Uploading Files from a Remote Management Session on page 239 Note For instructions on how to obtain the latest version of the AT-S39 m
AT-S39 User’s Guide File Uploads and Downloads Overview The firmware on an AT-8000 Series switch consists of the following three parts: ❑ AT-S39 management software This is the operating software for the switch. ❑ AT-S39 bootloader This code initially controls the switch whenever you power on or reset the unit. ❑ Switch configuration This contains the settings for the different switch parameters, such as VLANs, STP settings, and so forth. Note In versions previous to AT-S39 Version 2.0.
Section II: Local and Telnet Management There are a several methods for downloading and uploading files from a switch. They are: ❑ Local management session This method uses a local management session to upload or download a file onto a switch. This method supports Xmodem and TFTP. You can use this method on any type of AT-8000 switch, regardless of its enhanced stacking status (i.e., master, slave or unavailable.
AT-S39 User’s Guide Downloading Files from a Local Management Session This section contains the procedure for downloading a new AT-S39 software image file or configuration file onto a switch from a local management session. Note To download a file through enhanced stacking or a Telnet management session, go to Downloading Files from a Remote Management Session on page 229.
Section II: Local and Telnet Management ❑ The file to be downloaded must be stored on the computer or terminal connected to the RS232 Terminal Port on the switch. Here are guidelines that apply to a TFTP download: ❑ There must be a node on your network that contains the TFTP server software. The AT-S39 image file or configuration file to download must be stored on the server. ❑ You should start the TFTP server software before you begin the download procedure.
AT-S39 User’s Guide Note Options 3 and 4 in the menu are described in Uploading Files from a Local Management Session on page 235. 4. To download a new software image onto the switch, type 1. To download a configuration file, type 2. The following prompt is displayed: Download Method/Protocol [X-Xmodem, T-TFTP]: 5. To download a file using Xmodem, go to Step 6. To download a file using TFTP, do the following: a. Type T. The following prompt is displayed: TFTP Server IP address: b.
Section II: Local and Telnet Management 6. To download an AT-S39 image file or configuration using Xmodem, do the following: a. Type X at the prompt displayed in Step 4. The following prompt is displayed: You are going to invoke the Xmodem download utility. Do you wish to continue? [Yes/No] b. Type Y for Yes. The following prompt is displayed: Use Hyper Terminal's 'Transfer/Send File' option to select Filename & Protocol Note: Please select '1K Xmodem' protocol for faster download... c.
AT-S39 User’s Guide The Send File window in Figure 65 is displayed. Figure 65 Send File Window e. Click the Browse button and specify the location and file to be downloaded onto the switch. f. Click on the Protocol field and select as the transfer protocol either Xmodem or, for a faster download, 1K XModem. g. Click Send. The software immediately begins to download onto the switch. The Xmodem File Send window in Figure 66 displays current status of the software download.
Section II: Local and Telnet Management The download begins. If you are downloading a configuration file, the switch automatically resets once the download is complete. Some network traffic may be lost during the system reset. Caution When downloading a switch image file, the switch must initialize it by decompressing it and writing it to flash. This requires one to two minutes to complete. Do not reset or power off the unit while it is decompressing the file.
AT-S39 User’s Guide Downloading Files from a Remote Management Session This section contains the procedure for downloading a new AT-S39 software image or configuration file onto a switch from a remote session. The remote switch can be a switch accessed through enhanced stacking (such as a slave switch) or a switch where you started a Telnet management session. Please note the following before you begin the procedure: ❑ You must use TFTP to remotely download a file.
Section II: Local and Telnet Management To remotely download a new software image or configuration file onto a switch, perform the following procedure: 1. From the Main Menu of the switch where you want to remotely download the file, type 4 to select Administration Menu. 2. From the Administration Menu, type D to select Downloads & Uploads. The Downloads and Uploads menu is shown in Figure 63 on page 224. 3. To download a new software image onto the switch, type 1. To download a configuration file, type 2.
AT-S39 User’s Guide The download process is complete once the switch finishes the reset process. The new AT-S39 image file or configuration file is now active on the switch. 7. To continue managing the switch, you must reestablish your management session.
Section II: Local and Telnet Management Downloading Files Switch to Switch This procedure explains how to download an AT-S39 software image from a master AT-8000 Series switch to another switch. This procedure is useful in networks that contain a large number of AT-8000 Series switches. Once you have updated the software on the master switch of an enhanced stack, you can instruct the master switch to automatically upgrade the other slave and master AT-8000 Series switches in the same enhanced stack.
AT-S39 User’s Guide 4. Type G to select Get/Refresh List of Switches. The master switch polls the enhanced stack for all slave and other master switches and displays a list of the switches in the Stacking Services menu. Note The master switch on which you started the management session is not included in the list, nor are any switches with an enhanced stacking status of unavailable. By default, the switches are sorted in the menu by MAC address. You can sort the switches by name as well.
Section II: Local and Telnet Management The following prompt is displayed: Do you want confirmation before downloading each switch -> [Yes/No] 9. Answering Yes to this prompt means that the management software will prompt you with a confirmation message before it begins to upgrade each switch. Answering No means the management software will not display a confirmation prompt before downloading. The management software begins the download.
AT-S39 User’s Guide Uploading Files from a Local Management Session This section contains the procedure for uploading a switch’s AT-S39 software image or configuration file from a local management session. Note To upload a file through enhanced stacking or a Telnet management session, go to Uploading Files from a Remote Management Session on page 239. Please note the following before you begin the procedure: ❑ You can use Xmodem or TFTP to upload a file from a local management session.
Section II: Local and Telnet Management 3. From the Administration Menu, type D to select Downloads & Uploads. The Downloads and Uploads menu in Figure 63 on page 224 is displayed. 4. To upload the AT-S39 software image and bootloader from the switch, type 3. To upload a configuration file, type 4. The following prompt is displayed: Upload Method/Protocol [X-Xmodem, T-TFTP]: 5. To upload a file using Xmodem, go to Step 6. Upload a file using TFTP, do the following: a. Type T.
AT-S39 User’s Guide Steps d. through h. illustrate how you would upload a file using the Hilgraeve HyperTerminal program. d. From the HyperTerminal main window, select the Transfer menu. Then select Receive File from the pull-down menu, as shown in Figure 67. Figure 67 Local Management Window The Receive File window is shown in Figure 68. Figure 68 Receive File Window e. Click the Browse button and specify the location on your computer where you want the system file stored. f.
Section II: Local and Telnet Management g. Click Receive. The Receive Filename window is shown in Figure 69. Figure 69 Receive Filename Window The extension for an image file should be “.img” and the extension for a configuration file should be “.cfg.” The switch uploads the file from the switch to your computer.
AT-S39 User’s Guide Uploading Files from a Remote Management Session This section contains the procedure for uploading a switch file from a remote management session. The remote switch can be a switch that you accessed through enhanced stacking or a switch where you started a Telnet management session. Note To upload a file through enhanced stacking or a Telnet management session, go to Uploading Files from a Remote Management Session on page 239.
Section II: Local and Telnet Management 5. Enter a filename for the image file or configuration file. This is the name by which the file will be stored on the TFTP server. Once the filename has been specified, the upload begins. File upload takes only a few moments. The upload is completed when the Download and Upload menu is displayed again.
Section III Web Browser Management The chapters in this section explain how to manage an AT-8024 or AT-8024GB Fast Ethernet switch using a web browser.
Chapter 21 Starting a Web Browser Management Session This chapter contains the procedure for starting a management session on an AT-8000 Series switch using a web browser, such as Microsoft Internet Explorer or Netscape Navigator.
AT-S39 User’s Guide Starting a Web Browser Management Session This section explains how to start a web browser management session. There must be at least one Allied Telesyn enhanced stacking switch on your network that has an IP address. The switch with the IP address is referred to as the master switch. Once you have started a web browser management session on the master switch, you will have management access to all other enhanced stacking switches that reside in the same stack.
The user names cannot be changed. To change a password, refer to Configuring an IP Address and Switch Name on page 41. The window shown in Figure 71 is displayed. Figure 71 Home Page This is the Home page of the management software. In the left portion of the Home page is the main menu: ❑ Enhanced Stacking (master switches only) ❑ Configuration ❑ Monitoring ❑ Exit (or Disconnect for slave switches) Note A web browser management session remains active even if you link to other sites.
AT-S39 User’s Guide Browser Tools You can use the browser tools to move around the AT-S39 menus. Selecting Back on your browser’s toolbar returns you to the previous display. You can also use the browser’s bookmark feature on frequently-used AT-S39 menus and windows. Quitting a Web Browser Management Session To exit from a web browser management session, select Exit from the main menu.
Chapter 22 Basic Switch Parameters This chapter contains the following sections: ❑ Configuring an IP Address and Switch Name on page 247 ❑ Activating the BOOTP and DHCP Client Software on page 251 ❑ Viewing System Information on page 252 ❑ Configuring the SNMP Parameters and Trap IP Addresses on page 254 ❑ Resetting a Switch on page 256 ❑ Pinging a Remote System on page 257 ❑ Returning the AT-S39 Software to the Factory Default Values on page 258 246
AT-S39 User’s Guide Configuring an IP Address and Switch Name Note For guidelines on when to assign an IP address, subnet address, and gateway address to an AT-8000 Series switch, refer to When Does a Switch Need an IP Address? on page 39. To set the IP address, subnet mask, and other basic information for an AT-8000 Series switch, perform the following procedure: 1. From the Home Page, select Configuration. The Configuration menu is displayed with the System menu option selected by default. 2.
Section III: Web Browser Management The General tab in Figure 72 is displayed. Figure 72 General Tab Menu - Configuration This procedure describes the parameters in the Administration section of the menu. The parameters in the Configuration and Broadcast Storm Control sections are discussed later in this guide. The Reset button at the bottom of the tab resets the switch. For instructions, refer to Resetting a Switch on page 256.
AT-S39 User’s Guide 3. Change the parameters as desired. The parameters are described below: System Name This parameter specifies a name for the switch (for example, Sales Ethernet switch). Entering a value for this parameter is optional. The name can be up to 30 alphanumeric characters. Spaces are allowed. Note You should assign each switch a name. The names can help you identify the various switches in your network. This can help you avoid performing a configuration procedure on the wrong switch.
Section III: Web Browser Management The default password for Operator access is “operator”. A password can be from 0 to 20 alphanumeric characters. Passwords are case-sensitive. Caution You should not use spaces or special characters, such as asterisks (*) and exclamation points (!), in a password if you will be managing the switch from a web browser. Many web browsers cannot handle special characters in passwords. IP address This parameter specifies the IP address of the switch.
AT-S39 User’s Guide Activating the BOOTP and DHCP Client Software For background information on BOOTP and DHCP, refer to the section Activating the BOOTP and DHCP Client Software on page 44. Note The default setting for the BOOTP and DHCP client software is disabled. To activate or deactivate the BOOTP and DHCP client software on the switch from a web browser management session, perform the following procedure: 1. From the Home Page, select Configuration.
Section III: Web Browser Management Viewing System Information To view basic information about the switch, perform the following procedure: 1. From the Home page, select Monitoring. 2. From the Monitoring menu, select System. 3. Select the General tab. The General tab window is shown in Figure 73s.
AT-S39 User’s Guide This window is for viewing purposes only. You cannot change any of the values from this window. The sections in the window are defined below. Diagnostics This section displays the switch’s serial number and the switch’s MAC address. These values cannot be changed. Administration This section contains a variety of information, including the IP address of the switch and the system name.
Section III: Web Browser Management Configuring the SNMP Parameters and Trap IP Addresses To change the switch’s SNMP community strings or to specify the IP addresses of management stations to receive traps from the switch, perform the following procedure: 1. From the Home page, select Configuration. 2. From the Configuration menu, select System. 3. Select the SNMP tab. The SNMP menu in Figure 74 is displayed. Figure 74 SNMP Tab 4. Adjust the parameters as desired. The parameters are described below.
AT-S39 User’s Guide GET Community SET Community Trap Community Use these parameters to set a switch’s SNMP community strings. A community string can be up to thirteen characters. Community strings are case sensitive and can contain spaces and special characters, such as an exclamation point (!). Trap Receiver 1 Trap Receiver 2 Trap Receiver 3 Trap Receiver 4 Use these selections to specify the IP addresses of up to four management workstations on your network to receive traps from the switch. 5.
Section III: Web Browser Management Resetting a Switch Caution The switch will not forward traffic during the brief period required to reload its operating software. Some network traffic may be lost. To reset a switch, perform the following procedure: 1. From the Home Page, select Configuration. The Configuration menu is displayed with the System option selected by default. 2. If the System menu option is not selected, select it and then select the General tab. 3.
AT-S39 User’s Guide Pinging a Remote System You can instruct the switch to ping a node on your network. This procedure is useful in determining whether a valid link exists between the switch and another device. Note The switch must have an IP address in order for you to perform this procedure. This means that in most cases you must perform this procedure from the master switch of an enhanced switch. To instruct the switch to ping a network device, perform the following procedure: 1.
Section III: Web Browser Management Returning the AT-S39 Software to the Factory Default Values The procedure in this section returns all AT-S39 software parameters, except the IP address, subnet mask, and gateway address, to their default values. This procedure also deletes any VLANs that you have created on the switch. The AT-S39 software default values can be found in Appendix A, AT-S39 Default Settings on page 331. Caution Performing this procedure resets the switch.
AT-S39 User’s Guide 6. Click OK. The parameter settings are reset to their default values and the switch is reset. 7. To resume managing the switch, you must reestablish your management session.
Chapter 23 Enhanced Stacking This chapter contains the following procedures: ❑ Setting a Switch’s Enhanced Stacking Status on page 261 ❑ Selecting a Switch in an Enhanced Stack on page 263 Note For background information on enhanced stacking, refer to Enhanced Stacking Overview on page 58.
AT-S39 User’s Guide Setting a Switch’s Enhanced Stacking Status The enhanced stacking status of the switch can be master, slave, or unavailable. Each status is described below: ❑ Master - A master switch of a stack can be used to manage all other AT-8000 Series switches in a subnet. Once you have established a local or remote management session with the master switch, you can access and manage all the switches in the subnet. A master switch must have a unique IP address.
Section III: Web Browser Management The Enhanced Stacking tab is shown in Figure 77. Figure 77 Enhanced Stacking Tab 4. Click the desired enhanced stacking status for the switch. 5. Click Apply. The new enhanced stacking status is immediately activated on the switch.
AT-S39 User’s Guide Selecting a Switch in an Enhanced Stack The first thing to do before you perform any procedure on a switch in an enhanced stack is check to be sure you are performing it on the correct switch. This is easy if you assigned system names to your switches. The name of the switch being managed is displayed at the top of every management menu. When you start a web browser management session on the master switch of a subnet, you are by default addressing that particular switch.
Section III: Web Browser Management Note The master switch on which you started the management session is not included in the list, nor are any switches with an enhanced stacking status of Unavailable. You can sort the switches in the list by switch name or MAC address by clicking on the column headers. By default, the list is sorted by MAC address. You can refresh the list by clicking Refresh. This instructs the master switch to again poll the subnet for all AT-8000 Series switches. 2.
Chapter 24 Port Parameters The procedures in this chapter allow you to view and change the parameter settings for the individual ports on a switch. Examples of port parameters that you can adjust include duplex mode and port speed.
Section III: Web Browser Management Configuring Port Parameters To configure the parameter settings for a port on a switch, perform the following procedure: 1. From the Home page, select Configuration. 2. From the Configuration page, select Layer 1. 3. Select the Port Setting tab. The Port Setting tab is shown in Figure 79. Figure 79 Port Setting Configuration Tab 4. Click the port in the graphical switch image that you want to configure. The selected port turns white.
AT-S39 User’s Guide The Settings for Port menu is displayed. An example of the menu is shown in Figure 80. Figure 80 Settings for Port Menu Note The Default button returns the port settings to the default values. Default values are listed in Appendix A, AT-S39 Default Settings on page 331. If you are configuring multiple ports and the ports have different settings, the Settings for Port menu displays the settings of the lowest numbered port.
Section III: Web Browser Management Speed and Mode The operating speed and duplex mode of the port. Possible settings for this parameter are: ❑ Auto-Negotiate: The port will Auto-Negotiate both speed and duplex mode. This is the default. ❑ 10Mbps - Half Duplex ❑ 10Mbps - Full Duplex ❑ 100Mbps - Half Duplex ❑ 100Mbps - Full Duplex If you select Auto-Negotiation, which is the default setting, the switch will set both speed and duplex mode for the port automatically.
AT-S39 User’s Guide Broadcast Storm Control Overview on page 188. For instructions on how to set this value, refer to Setting the Maximum Number of Broadcast Frames on page 325. Flow Control Flow control applies only to ports operating in full-duplex mode. The switch uses a special pause packet to stop the end node from sending frames. The pause packet notifies the end node to stop transmitting for a specified period of time. Possible settings are: None - No flow control on the port.
Section III: Web Browser Management When a twisted pair port on the switch operating in half-duplex mode needs to stop an end node from transmitting data, it forces a collision. A collision on an Ethernet network occurs when two end nodes attempt to transmit data using the same data link at the same time. A collision causes the end nodes to stop sending data. This is called backpressure.
AT-S39 User’s Guide Displaying Port Status and Statistics The procedure in this section displays the operating status of the ports on a switch and port statistics. You can view a port’s operating speed, duplex mode, MDI/MDI-X configuration, and more. You can also view the operating status of any GBIC modules installed in an AT-8024GB. To display the status or statistics of a switch port, perform the following procedure: 1. From the Home page, select Monitoring. 2. From the Monitoring page, select Layer 1.
Section III: Web Browser Management If you select port status, the Port Status window in Figure 82 is displayed. Figure 82 Port Status Window The information in this window is for viewing purposes only. To adjust port parameters, refer to Configuring Port Parameters on page 266. The columns in the window are described below: Port The port number. Port Name/Description Port’s name or description. Link The status of the link between the port and the end node connected to the port.
AT-S39 User’s Guide Speed The operating speed of the port. Possible values are: 0010 - 10 Mbps 0100 - 100 Mbps 1000 - 1000 Mbps Dplx The duplex mode of the port. Possible values are half-duplex and full-duplex. Flow The port’s flow control setting. Possible values are: None - No flow control on the port. Transmit - Flow control only on packets being transmitted out the port. Receive - Flow control only on packets being received on the port.
Section III: Web Browser Management Priority Level The priority queue to which untagged packets are directed when received on the port. A value of 1 to 3 directs untagged packets to the low priority queue while a value of 4 to 7 directs packets to the high priority queue. If the override priority feature has been activated on the port, tagged packets will be directed to the priority queue reflected by this status parameter.
AT-S39 User’s Guide RX_BRDCAST Number of broadcast packets received on the port. TX_COUNT Number of packets transmitted by the port. UNDERSIZE Number of packets that were less than the minimum length specified by IEEE 802.3 (64 bytes including the CRC) received on the port. FRAGMENT Number of undersized packets, packets with alignment errors, and packets with FCS errors (CRC errors) received on the port.
Chapter 25 Port Security This chapter explains how to display the current port security level on the switch from a web browser management session. Note For background information on port security, refer to Port Security Overview on page 77. Note You must use a local management session to change a switch’s port security level. You cannot set port security from a Telnet or web browser management session, or through enhanced stacking.
AT-S39 User’s Guide Displaying the Port Security Level To display the switch’s port security level, perform the following procedure: 1. From the Home page, select Monitoring. 2. From the Configuration page, select Layer 2. 3. From the Layer 2 page, select the Port Security tab. The current security level is displayed.
Chapter 26 Port Trunks This chapter contains the procedure for creating or deleting a port trunk from a web browser management session. Note For background information and guidelines on port trunking, refer to Port Trunking Overview on page 83.
AT-S39 User’s Guide Creating or Deleting a Port Trunk Caution Do not connect the cables of a port trunk to the ports on the switch until after you have configured the port trunk on both the switch and end node. Connecting the cables prior to configuring the port trunk will create a loop in your network topology. Loops can result in broadcast storms, which can adversely effect the operations of your network. If you are deleting a port trunk, disconnect the cables from the ports before you delete the trunk.
Section III: Web Browser Management To create a port trunk, go to step 4. To delete a port trunk, go to step 5. 4. To create a port trunk, do the following: a. Click the ports that will make up the port trunk. A selected port changes to white. An unselected port is black. A port trunk can contain 2, 3, or 4 ports. Once you have selected the ports of the trunk, the following appears under Trunk Method. b. Click the desired load distribution method. The default is SA/DA. c. Click Apply. d.
Chapter 27 Port Mirroring This chapter contains the following procedure: ❑ Creating or Deleting a Port Mirror on page 282 Note For background information on port mirroring, refer to Port Mirroring Overview on page 93.
Section III: Web Browser Management Creating or Deleting a Port Mirror To create or delete a port mirror, perform the following procedure: 1. From the Home page, select Configuration. 2. From the Configuration page, select Layer 1. 3. Select the Port Mirroring tab. The management software displays the Port Mirroring menu in Figure 86. Figure 86 Port Mirroring Menu To create a port mirror, go to step 4. To delete a port mirror, go to step 5. 4. To create a port mirror, do the following: a.
AT-S39 User’s Guide The port mirror is immediately activated on the switch. You can now connect a data analyzer to the mirror port to monitor the traffic on the selected ports. 5. To disable port mirroring, select “None“ from the Mirroring Port pulldown menu and click Apply. The port mirror is deleted. The port that was functioning as the mirror port can now be used for normal network operations.
Chapter 28 STP and RSTP This chapter explains how to configure the STP and RSTP parameters on an AT-8000 Series switch from a web browser management session. Sections in the chapter include: ❑ Enabling or Disabling STP or RSTP on page 285 ❑ Configuring STP on page 287 ❑ Configuring RSTP on page 291 ❑ Displaying STP or RSTP Settings on page 295 Note For background information on spanning tree, refer to STP and RSTP Overview on page 97.
AT-S39 User’s Guide Enabling or Disabling STP or RSTP The AT-S39 software supports STP and RSTP. Only one spanning tree protocol can be active on the switch at a time. Before you can enable a spanning tree protocol or configure its settings, you must first select it as the active spanning tree protocol on the switch. The default active spanning tree is RSTP. Note Changing the active spanning tree protocol resets the switch.
Section III: Web Browser Management 4. To select an active spanning tree protocol, do the following: a. Click STP or RSTP in the Active Protocol Version section of the menu. The default is RSTP. Only one spanning tree protocol can be active on the switch at a time. The switch resets and changes the active spanning tree protocol. b. To continue managing the switch, you must reestablish your management session. To configure STP settings, go to Configuring STP on page 287.
AT-S39 User’s Guide Configuring STP This section contains the following procedures: ❑ Configuring STP Bridge Settings on page 287 ❑ Configuring STP Port Settings on page 289 Configuring STP Bridge Settings This section contains the procedure for configuring a bridge’s STP settings. Caution The bridge provides default RSTP parameters that are adequate for most networks. Changing them without prior experience and an understanding of how RSTP works might have a negative effect on your network.
Section III: Web Browser Management 2. Adjust the bridge STP settings as needed. The parameters are described below. Bridge Identifier The MAC address of the bridge. The bridge identifier is used as a tie breaker in the selection of the root bridge when two or more bridges have the same bridge priority value. This value cannot be changed. Bridge Priority The priority number for the bridge. This number is used in determining the root bridge for STP.
AT-S39 User’s Guide Note The aging time for BPDUs is different from the aging time used by the MAC address table. 3. After you have made the desired changes, click Apply. Configuring STP Port Settings To configure STP port settings, do the following: 1. From the Spanning Tree tab menu, click STP Configuration and click Configure. 2. To adjust a port’s RSTP settings, click on a port in the switch image and click Modify. You can select more than one port at a time.
Section III: Web Browser Management Path Cost Though it says path cost, this is actually the port cost of the port. The spanning tree algorithm uses port cost to decide which port provides the lowest cost path to the root bridge for that LAN. The default values for this parameter are 100 for a 10 Mbps port, 10 for a 100 Mbps port, and 4 for a 1 Gbps port. The range is 1 to 65535.
AT-S39 User’s Guide Configuring RSTP This section contains the following procedures: ❑ Configuring RSTP Bridge Settings on page 291 ❑ Configuring RSTP Port Settings on page 293 Configuring RSTP Bridge Settings This section contains the procedure for configuring a bridge’s RSTP settings. Caution The bridge provides default RSTP parameters that are adequate for most networks. Changing them without prior experience and an understanding of how RSTP works might have a negative effect on your network.
Section III: Web Browser Management 2. Adjust the parameters are needed. The parameters are defined below. Force Version This selection determines whether the bridge will operate with RSTP or in an STP-compatible mode. If you select RSPT, the bridge will operate all ports in RSTP, except for those ports that receive STP BPDU packets. If you select Force STP Compatible, the bridge will operate all ports in STP. The default is RSTP. Bridge Priority The priority number for the bridge.
AT-S39 User’s Guide Bridge Identifier The MAC address of the bridge. The bridge identifier is used as a tie breaker in the selection of the root bridge when two or more bridges have the same bridge priority value. This value cannot be changed. Root Bridge The MAC address of the bridge functioning as the root bridge in the spanning tree domain. This value is for display purposes only and cannot be changed. This value only appears when RSTP has been enabled on the switch.
Section III: Web Browser Management 3. Adjust the settings as desired. The parameters are described below. Port Priority This parameter is used as a tie breaker when two or more ports are determined to have equal costs to the root bridge. The range is 0 to 240 in increments of 16. The default value is 8 (priority value of 128). For a list of the increments, refer to Table 7, RSTP Port Priority Value Increments on page 100. Path Cost Though it says path cost, this is actually the port cost of the port.
AT-S39 User’s Guide Displaying STP or RSTP Settings To display STP or RSTP parameter settings, perform the following procedure: 1. From the Home page, select Monitoring. 2. From the Monitoring menu, select Layer 2. 3. From the Layer 2 page, select the Spanning Tree tab. The Spanning Tree menu in Figure 93 is displayed. This menu displays information on whether spanning tree is enable or disabled and which protocol version, STP or RSTP, is active. Figure 92 Spanning Tree Tab - Monitoring 4.
Section III: Web Browser Management The example in Figure 93 is for RSTP. The information in this window is for viewing purposes only. Figure 93 Rapid Spanning Tree Window - Monitoring 5. To view port settings, click a port in the switch and click Status or Settings.
Chapter 29 Virtual LANs This chapter explains how to create, modify, and delete port-based and tagged VLANs from a web browser management session. This chapter also explains how to select a multiple VLAN mode. Note For background information on VLANs, refer to Chapter 10, Virtual LANs.
Section III: Web Browser Management Creating A New Port-based or Tagged VLAN To create a new port-based or tagged VLAN, perform the procedure below: 1. From the Home page, select Configuration. 2. From the Configuration menu, select Layer 2. 3. From the Layer 2 window, select the VLAN tab. The VLAN menu is shown in Figure 94.
AT-S39 User’s Guide 4. Click Add. The Add VLAN menu is shown in Figure 95. Figure 95 Add VLAN Menu 5. Select the Name field and enter a name for the new VLAN. The VLAN name can be from one to fifteen characters in length. The name should reflect the function of the nodes that will be members of the VLAN (for example, Sales or Accounting). The name can contain spaces, but not special characters, such as asterisks (*) or exclamation points (!).
Section III: Web Browser Management VLAN should be the same on each switch. For example, if you are creating a VLAN called Sales that will span three switches, you should assign the Sales VLAN on each switch the same VID value. The switch is only aware of the VIDs of the VLANs that exist on the device, and not those that might already be in use in the network.
AT-S39 User’s Guide Note Ports designated as untagged ports of the new VLAN are automatically removed from their current untagged VLAN assignment. For example, if you are creating a new VLAN on a switch that contains only the Default_VLAN, the ports that you specify as untagged ports of the new VLAN are automatically removed from the Default_VLAN. Tagged ports are not removed from any current VLAN assignments because tagged ports can belong to more than one VLAN at a time.
Section III: Web Browser Management Modifying a Port-based or Tagged VLAN To modify a port-based or tagged VLAN, perform the following procedure: 1. From the Home page, select Configuration. 2. From the Configuration menu, select Layer 2. 3. From the Layer 2 window, select the VLAN tab. The VLAN menu in Figure 94 on page 298 is displayed. 4. Click the circle next to the name of the VLAN you want to modify. You can select only one VLAN. 5. Click Modify. The configuration menu for the VLAN is displayed. 6.
AT-S39 User’s Guide Deleting a Port-based or Tagged VLAN To delete a port-based or tagged VLAN from the switch, perform the following procedure: 1. From the Home page, select Configuration. 2. From the Configuration menu, select Layer 2. 3. From the Layer 2 window, select the VLAN tab. The VLAN menu in Figure 94 on page 298 is displayed. 4. Click the circle next to the name of the VLAN you want to delete. You can select only one VLAN. 5. Click Remove. A confirmation prompt is displayed. 6.
Section III: Web Browser Management Displaying VLANs To display the VLANs on a switch, perform the following procedure: 1. From the Home page, select Monitoring. 2. From the Monitoring page, select Layer 2. 3. From the Layer 2 page, select the VLAN tab. The management software displays the window shown in Figure 96. The information in this window is for viewing purposes only.
AT-S39 User’s Guide Setting the VLAN Mode The procedures in this section explain how to set the switch for either the user configured (Tagged) VLAN mode, which supports port-based and tagged VLANs, or the Basic VLAN mode. The default setting for the switch is the user configured (Tagged) VLAN mode. There are two ways that you can do this. Both methods are described below. (If you want to set the switch to one of the Multiple VLAN modes, refer to Selecting a Multiple VLANs Mode on page 306.
Section III: Web Browser Management Selecting a Multiple VLANs Mode To select a multiple VLAN mode, perform the procedure below: Note The VLAN mode on the switch must be set to User Configured (Tagged) VLAN mode, and not to Basic Mode, in order for the unit to operate in a multiple VLANs mode. To set a switch’s VLAN mode, refer to Setting the VLAN Mode on page 305. 1. From the Home page, select Configuration. 2. From the Configuration menu, select Layer 2. 3. From the Layer 2 window, select the VLAN tab.
Chapter 30 MAC Address Table This chapter contains instructions on how to view the dynamic and static addresses in the MAC address table of the switch. This chapter contains the following procedure: ❑ Viewing the MAC Address Table on page 308 ❑ Adding Static Unicast and Multicast MAC Addresses on page 311 ❑ Deleting MAC Addresses on page 312 ❑ Changing the Aging Time on page 313 Note For background information on MAC addresses, refer to MAC Address Overview on page 162.
Section III: Web Browser Management Viewing the MAC Address Table To view the MAC address table, perform the following procedure: 1. From the Home page, select either Configuration or Monitoring. 2. Select Layer 2. 3. From the Layer 2 page, select the MAC Address tab. The MAC Address menu is displayed. Figure 97 shows how this menu appears when you display it through the Configuration main menu selection. If displayed through the Monitoring main menu selection, the Add button is not included.
AT-S39 User’s Guide View All Static Addresses This option displays only the static MAC addresses. Static MAC addresses are addresses that you entered manually into the MAC address table. View All IP Multicast Addresses This option displays the multicast MAC addresses. View By Port The pull-down menu with this option is used to display the MAC addresses learned on a particular port. View By VLAN ID This option displays the MAC addresses learned by a particular VLAN on the switch.
Section III: Web Browser Management CPU Indicates whether the traffic received on the port is sent to the switch’s CPU. Yes indicates that the traffic is being sent to the CPU while No indicates it is not. MIR Indicates whether the traffic on the port is being mirrored. Yes means the traffic is being mirrored while No indicates that it is not. EMP Indicates whether multicast packets are being forwarded by ports in the blocking state. This feature is not supported at this time.
AT-S39 User’s Guide Adding Static Unicast and Multicast MAC Addresses This section contains the procedure for assigning static unicast and multicast address to ports on the switch. You can assign up to 255 static MAC addresses per port. To add a static unicast or multicast address to the MAC address table, perform the following procedure: 1. From the Home page, select Configuration. 2. From the Configuration page, select Layer 2. 3. From the Layer 2 page, select the MAC Address tab.
Section III: Web Browser Management Deleting MAC Addresses To delete a static, dynamic, or multicast MAC address from the switch, perform the following procedure: 1. From the Home page, select Configuration. 2. From the Configuration page, select Layer 2. 3. From the Layer 2 page, select the MAC Address tab. The MAC Address menu is shown in Figure 97 on page 308. 4. Display the MAC addresses on the switch by selecting one of the options. For instructions, refer to Viewing the MAC Address Table on page 308.
AT-S39 User’s Guide Changing the Aging Time The switch uses the aging time to delete inactive dynamic MAC addresses from the MAC address table. When the switch detects that no packets have been sent to or received from a particular MAC address in the table after the period specified by the aging time, the switch deletes the address. This prevents the table from becoming full of addresses of nodes that are no longer active. The default setting for the aging time is 300 seconds (5 minutes).
Chapter 31 Class of Service This chapter contains instructions on how to configure CoS. This chapter contains the following procedure: ❑ Configuring CoS on page 315 Note For background information on CoS, refer to Class of Service Overview on page 175.
AT-S39 User’s Guide Configuring CoS To configure CoS, perform the following procedure: 1. From the Home page, select Configuration. 2. From the Configuration page, select Layer 2. 3. From the Layer 2 page, select the CoS tab. The CoS tab is shown in Figure 99. Figure 99 CoS Tab 4. Click the port where you want to configure CoS. You can select only one port at a time. A selected port turns white. (To deselect a port, click it again.) 5. Click Modify.
Section III: Web Browser Management The CoS Settings for Port menu is shown in Figure 100. Figure 100 CoS Setting for Port Menu 6. If you want all tagged and untagged frames received on the port to go to the low priority queue, select any level from Level 0 to Level 3 from the Priority pull-down menu. (It does not matter which of these levels you select.) If you want all frames received on the port to go to the high priority queue, select any level from Level 4 to Level 7.
Chapter 32 IGMP Snooping This chapter describes how to configure the IGMP snooping feature on the switch. Sections in the chapter include: ❑ Configuring IGMP Snooping on page 318 ❑ Displaying a List of Host Nodes and Multicast Routers on page 321 Note For background information on this feature, refer to IGMP Snooping Overview on page 180.
Section III: Web Browser Management Configuring IGMP Snooping To configure IGMP snooping from a web browser management session, perform the following procedure: 1. From the Home page, select Configuration. 2. From the Configuration menu, select System. 3. Select the IGMP tab. The IGMP tab in Figure 101 is displayed. Figure 101 IGMP Menu - Configuration 4. Adjust the IGMP parameters as necessary.
AT-S39 User’s Guide Snoop Topology Defines whether there is only one host node per switch port or multiple host nodes per port. Possible settings are Edge (SingleHost/Port) and Intermediate (Multi-Host/Port). The Edge (Single-Host/Port) setting is appropriate when there is only one host node connected to each port on the switch.
Section III: Web Browser Management This parameter is useful with networks that contain a large number of multicast groups. You can use the parameter to prevent the switch’s MAC address table from filling up with multicast addresses, leaving no room for dynamic or static MAC addresses. The range is 1 address to 2048 addresses. The default is 256 multicast addresses. Multicast Router Port(s) Specifies the port on the switch to which the multicast router is detected.
AT-S39 User’s Guide Displaying a List of Host Nodes and Multicast Routers You can use the AT-S39 software to display a list of the multicast groups on a switch, as well as the host nodes. You can also view the multicast routers. A multicast router is a router that is receiving multicast packets from a multicast application and transmitting the packets to host nodes. To view host nodes and multicast routers, perform the following procedure: 1. From the Home Page, select Monitoring. 2.
Section III: Web Browser Management Viewing a list of host nodes displays a window containing the following information. The information in the window is for viewing purposes only. Multicast Group The multicast address of the group. Member Port The port(s) on the switch to which one or more host nodes of the multicast group are connected. VLAN ID The VID of the VLAN in which the port is an untagged member. Host IP The IP address(es) of the host node(s) connected to the port.
Chapter 33 Broadcast Storm Control This chapter contains instructions on how to configure the Broadcast Storm Control feature on the switch. Sections in the chapter include: ❑ Configuring the Interval Timer on page 324 ❑ Setting the Maximum Number of Broadcast Frames on page 325 Note For background information on this feature, refer to Broadcast Storm Control Overview on page 188.
Section III: Web Browser Management Configuring the Interval Timer The interval timer defines the time period used in counting the number of broadcast packets transmitted by a port. A port will not transmit more than its maximum number of broadcast frames during the specified timer interval. If a port reaches its maximum number, it will discard and not forward any additional broadcast frames. You can specify a different interval timer for 10 and 100 Mbps ports and 1000 Mbps ports.
AT-S39 User’s Guide Setting the Maximum Number of Broadcast Frames To set the maximum number of broadcast frames you want the ports on the switch to transmit, perform the following procedure: 1. From the Home page, select Configuration. 2. From the Configuration page, select Layer 1. When you open the Layer 1 page, the Port Settings tab is selected by default. If it is not selected, select it now. 3.
Chapter 34 TACACS+ and RADIUS Protocols This chapter contains instructions on how to configure the authentication protocols. This chapter contains the following procedure: ❑ Configuring TACACS+ and RADIUS on page 327 Note For background information on the authentication protocols, refer to TACACS+ and RADIUS Overview on page 193.
AT-S39 User’s Guide Configuring TACACS+ and RADIUS To configure the authentication protocols, perform the following procedure: 1. From the Home page, select Configuration. 2. From the Configuration page, select System. 3. From the System page, select the Server-based Authentication tab. The tab is shown in Figure 103. Figure 103 Server-based Authentication Tab Note The Enable Server-based Authentication check box applies only to the manager account feature. It does not apply to the 802.
Section III: Web Browser Management 5. To select an authentication protocol, click either TACACS+ or RADIUS in the Authentication Method section of the menu. The default is TACACS+. Only one authentication protocol can be active on the switch at a time. 6. Click Apply. Note If you activated the authentication feature, go to Step 6 to configure TACACS+ or Step 7 to configure RADIUS. 7. If you selected RADIUS, go to Step 8. To configure TACACS+, do the following: a.
AT-S39 User’s Guide expires and the server has not responded, the switch queries the next TACACS+ server in the list. If there aren’t any more servers, than the switch will default to the standard Manager and Operator accounts. The default is 30 seconds. The range is 1 to 30 seconds. IP Address and Encryption Secret Use these fields to specify the IP addresses and encryption secrets of up to three network servers containing TACACS+ server software.
Section III: Web Browser Management b. Configure the parameters as needed. They are described below. Global Encryption Key If all of the TACACS+ servers have the same encryption secret, you can enter the key here. If the servers have different keys, you must specify each key when you specify a server’s IP address. Global Server Timeout This parameter specifies the maximum amount of time the switch will wait for a response from a TACACS+ server before assuming the server cannot respond.
Appendix A AT-S39 Default Settings This appendix lists the AT-S39 factory default settings. Management Interface Default Settings The following table lists the management interface default settings. Management Interface Setting Default Manager Login Name manager Manager Password friend Operator Login Name operator Operator Password operator Console Disconnect Timer Interval 10 minutes Note Login names and passwords are case-sensitive.
Appendix A: AT-S39 Default Settings Switch Administration Default Settings The following table describes the switch administration default settings. Administration Setting Default IP Address 0.0.0.0 Subnet Mask 0.0.0.0 Gateway Address 0.0.0.
AT-S39 User’s Guide System Software Default Settings The following table lists the system software default settings. System Software Setting Default Console Startup Mode Menu Enhanced Stacking Default Setting The following table lists the enhanced stacking default setting. Enhanced Stacking Setting Default Switch State Slave SNMP Default Settings The following table describes the SNMP default settings.
Appendix A: AT-S39 Default Settings Port Configuration Default Settings The following table lists the port configuration default settings. Port Configuration Setting Default Status Enabled Back Pressure Disabled Flow Control None Speed Auto-Negotiation Duplex Mode Auto-Negotiation MDI/MDI-X Auto-MDI/MDIX Class of Service The following table lists the default mappings of IEEE 802.1p priority levels to egress port priority queues. IEEE 802.
AT-S39 User’s Guide Spanning Tree Switch Settings The following table describes the Spanning Tree Protocol default settings for the switch. STP Default Settings RSTP Default Settings STP Switch Setting Default Spanning Tree Status Disabled Active Protocol Version RSTP The following table describes the STP default settings.
Appendix A: AT-S39 Default Settings VLAN Default Settings This section provides VLAN default settings. VLAN Setting Default Default VLAN Name Default_VLAN (all ports) Management VLAN ID 1 (Default_VLAN) VLAN Mode User Configured Basic VLAN Mode Disabled Multiple VLANs Modes Disabled Port Security Default Settings The following table lists the port security default settings. Port Security Setting Default Security Mode Automatic (no security) MAC Limit No Limit 802.
AT-S39 User’s Guide Server-Based Authentication Default Settings This section describes the server-based authentication, RADIUS, and TACACS+ client default settings. Server-Based Authentication Default Settings RADIUS Default Settings TACACS+ Client Default Settings The following table describes the server-based authentication default settings.
Appendix A: AT-S39 Default Settings 338
Index 802.
bridge priority default setting 335 bridge priority, 98, 108, 113, 288, 292 bridge protocol data unit (BPDU), 108, 113, 288, 292 broadcast frame control configuring, 187, 323 defined, 188 broadcast frames maximum number, configuring, 191, 325 browser tools, 245 C Class of Service configuring, 177, 315 defined, 175 Class of Service (CoS) priority level and egress queue mappings 176 console disconnect interval default setting 331 console startup mode, default setting 333 console timeout, 50 D default values,
AT-S39 User’s Guide load distribution methods, 84 local management session defined, 22 quitting, 34 starting, 30 Lock All Ports security level, 78 M MAC address aging time default setting 332 MAC address table, 161, 308 MAC address, switch, 53 management access levels, 26, 51 Management Information Base (MIB), 25 management interface defaults 331 management VLAN ID default setting 336 management VLAN, described 151 Manager access, 26, 51 Manager password default setting 331 Manager password, 51 master swit
port priority default setting 335 port role, 212 port role, default setting 336 port security configuring, 79 defined, 77 displaying, 277 port trunking creating, 89, 279 defined, 83 deleting, 91, 279 guidelines, 83 load distribution methods, 84 port VLAN identifier (PVID) defined, 122, 129 port-based access control. See 802.
AT-S39 User’s Guide subnet mask default setting 332 subnet mask, 42, 250 supplicant port described 203 suppTimeout, 213 switch rebooting 49 resetting 49 switch mode configuring, 133 switch state, default setting 333 switch statistics, 218 system name default setting 332 system name, 42, 249 system software default settings 333 T TACACS+ configuring, 196, 327 overview, 193 server timeout 337 tagged VLAN creating, 135, 140, 298, 306 defined, 128 deleting all, 147 deleting, 145, 303 displaying, 144, 160, 304