Owner's manual

ManualsBrandsAsus ManualsCommunicationGigaX2124

User Manual

E3394/ November

GigaX 2124

L2 Managed Switch

Summary of content (122 pages)

PAGE 1
® GigaX 2124 L2 Managed Switch User Manual E3394/ November
PAGE 2
Copyright Information E3394 First Edition November 2007 Copyright © 2006 ASUSTeK COMPUTER INC. All Rights Reserved. No part of this manual, including the products and software described in it, may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means, except documentation kept by the purchaser for backup purposes, without the express written permission of ASUSTeK COMPUTER INC. (ASUS).
PAGE 3
Contact Information ASUSTeK COMPUTER INC. Company address: General (tel): Web site address: General (fax): General email: 15 Li-Te Road, Beitou, Taipei 11259 +886-2-2894-3447 www.asus.com.tw +886-2-2894-7798 info@asus.com.tw Technical support General support (tel): +886-2-2894-3447 Online support: http://support.asus.com ASUS COMPUTER INTERNATIONAL (America) Company address: General (fax): Web site address: 44370 Nobel Drive, Fremont, CA 94538, USA +1-510-608-4555 usa.asus.
PAGE 4
Notices Federal Communications Commission Statement This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: • This device may not cause harmful interference, and • This device must accept any interference received including interference that may cause undesired operation. This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules.
PAGE 5
Table of Contents 1 Introduction.............................................................1 1.1 L2 managed switching features.................................1 1.2 Conventions used in this manual...............................3 1.2.1 Notational conventions................................................ 3 1.2.2 Typographical conventions.......................................... 3 1.2.3 Symbols...................................................................... 3 2. Getting to know the GigaX2124.......
PAGE 6
4.2.1 Menu navigation tips................................................. 19 4.3 System......................................................................20 4.3.1 Management............................................................. 20 4.3.2 IP Setup.................................................................... 21 4.3.3 Reboot ..................................................................... 21 4.3.4 Firmware Upgrade.................................................... 21 4.
PAGE 7
4.8.12.2 CoS queue mapping......................................... 46 4.8.12.3 QoS Bandwidth................................................. 47 4.8.13 Policy Map................................................................ 48 4.8.13.1 Policy Map Setting............................................ 48 4.8.13.2 Policy Attach..................................................... 49 4.9 SNMP........................................................................50 4.9.1 Community Host Table.................
PAGE 8
5.1.1 Boot ROM command mode...................................... 69 5.1.2 Boot ROM commands............................................... 70 5.2 Login and logout........................................................71 5.3 CLI commands..........................................................71 5.3.1 User account ............................................................ 71 5.3.1.1 Add user............................................................ 71 5.3.1.2 Delete user..............................
PAGE 9
5.3.4 Physical interface commands................................... 76 5.3.4.1 Interface mode.................................................. 76 5.3.4.2 Interface duplex................................................. 77 5.3.4.3 Interface flow control......................................... 77 5.3.4.4 Show L2 interface ............................................ 77 5.3.5 IP interface................................................................ 77 5.3.5.1 show vlan name string.......................
PAGE 10
5.3.10.2 no mac-address-table multicast........................ 81 5.3.10.3 show mac-address-table multicast.................... 82 5.3.11 IGMP Snooping . ...................................................... 82 5.3.11.1 ip igmp snooping.............................................. 82 5.3.11.2 interval time....................................................... 82 5.3.12 DHCP Snooping . ..................................................... 82 5.3.12.1 ip dhcp snooping......................................
PAGE 11
5.3.17.2 gvrp mode......................................................... 86 5.3.17.3 show gvrp configuration.................................... 87 5.3.17.4 show gvrp statistics........................................... 87 5.3.18 CoS/QoS .................................................................. 87 5.3.18.1 queue cos-map................................................. 87 5.3.18.2 show queue cos-map........................................ 87 5.3.18.3 cos policy...................................
PAGE 12
5.3.22.2 dot1x port-control.............................................. 92 5.3.23 Dial-in User ............................................................. 92 5.3.23.1 dot1x username password................................ 92 5.3.23.2 show dot1x user................................................ 92 5.3.24 RADIUS .................................................................. 92 5.3.24.1 RADIUS settings............................................... 92 5.3.24.2 show dot1x radius.....................
PAGE 13
Chapter 1 - Introduction 1 Introduction Thank you for buying a GigaX L2 Managed Switch! You may now manage your LAN (local area network) through a friendly and powerful user interface. This user manual will show you how to set up the GigaX L2 Managed Switch, and how to customize its configuration to get the most out of this product. 1.
PAGE 14
Chapter 1 - Introduction • QoS Policy Map • 802.1x Authentication • Port Security • RADIUS client • Dynamic VLAN assignment within 802.
PAGE 15
Chapter 1 - Introduction 1.2 Conventions used in this manual 1.2.1 Notational conventions • Acronyms are defined the first time they appear in the text. • The Asus GigaX L2 Managed Switch is simply referred to as “the switch”. • The terms LAN and network are used interchangeably to refer to a group of Ethernet-connected computers at one site. 1.2.
PAGE 16
Chapter 2 - Getting to know the GigaX2124 2. Getting to know the GigaX2124 2.1 Package contents Check the following items in your ASUS GigaX2124 package. Contact your retailer if any item is damaged or missing. GigaX 2124 L2 managed switch AC power cord Null modem cable for console interface (DB9) Rack installation kit (two brackets with six #6-32 screws) USB cable for console interface Installation CD-ROM User Manual Figure 1.
PAGE 17
Chapter 2 - Getting to know the GigaX2124 2.2 Front panel features The front panel includes LED indicators and system console. LED indicators show the system, RPS, fan, and port status. Figure 2.
PAGE 18
Chapter 2 - Getting to know the GigaX2124 10/100/1000 Green port speed Amber Off 10/100/1000 Green port duplex Amber On On 1000Mbps 1000Mbps 10Mbps Full-duplex mode Half-duplex mode Collision On On Flashing 2.3 Rear panel features The switch rear panel contains the ports and power connections. 1 2 3 Figure 3.
PAGE 19
Chapter 2 - Getting to know the GigaX2124 2.4 Technical specifications Table 3: Technical specifications Physical Dimensions Power 43.5mm(H) X 444 mm(W) X 322mm(D) Input: 100-240V AC/2.5A 50-60Hz Consumption: <82 watts Input: 100-240V AC/1.8A 50-60Hz Output: 12V DC/12.
PAGE 20
Chapter 3 - Quick Start 3 Quick Start This section provides the basic instructions to set up the GigaX environment. Refer also to the GigaX212 4 Installation Guide. Part 1 shows you how to install the GigaX on a flat surface or on a rack. Part 2 provides instructions to set up the hardware. Part 3 shows you how to configure basic settings on the GigaX.
PAGE 21
Chapter 3 - Quick Start 3.1.2 Installing on a rack 1. With the front panel facing out, insert the switch between the rack posts and align the four mounting holes with that in the equipment rack. 2. Securely fasten the switch to the rack with two screws on each side. 3.2 Part 2: Connecting the hardware Connect the device to the power outlet, and to your computer and to your network. Refer to Figure 5 for the overview of the hardware connections.
PAGE 22
Chapter 3 - Quick Start 3.2.1 Connect the console port For console management, use an RS232 (DB9) or a USB cable to connect the switch. If you want to use WEB interface, connect your PC to the switch using the Ethernet cable. 3.2.2 Connect to the computers or a LAN You can use Ethernet cable to connect computers directly to the switch ports. You can also connect hubs/switches to the switch ports by Ethernet cables.
PAGE 23
Chapter 3 - Quick Start 3.3 Part 3: Basic switch settings After completing the hardware setup, configure the basic settings for your switch. You can manage the switch either through the: • Configuration Manager: The switch has a preinstalled web application to allow you to manage the switch using Java®-enabled IE6.0 or higher versions. • Command Line Interface (CLI): Use console port to manage the switch. 3.3.1 Setting up through the console port 1.
PAGE 24
Chapter 3 - Quick Start 6. Follow these steps to assign an IP address to the switch: a) Type “enable”. b) Type “configure terminal”, new prompt is “ASUS(config)#”. c) Type “interface vlan 1”, the prompt is “ASUS (config-if)#”. d) Type “ip address ”. For example, if your switch IP is 192.168.1.1 and the network mask is 255.255.255.0. Then you should type “ip address 192.168.1.1/24”. e) Type “end”, it will return to previous level with prompt “ASUS#”.
PAGE 25
Chapter 3 - Quick Start Figure 5. Login and IP setup screen 3.3.2 Setting up thru the Configuration Manager To successfully connect your PC to the switch, your PC must have a valid IP in your network. Contact your network administrator to obtain a valid IP for the switch. If you wish to change the default IP address of the switch, follow section 3.3.1 to change the IP address. 1. If Java Runtime Environment is not installed on your PC, Your PC will automatically download and install it.
PAGE 26
Chapter 3 - Quick Start Figure 6. Default web page Then click “ASUS GigaX-Switch Manager”. A login screen appears, as shown in Figure 7. Figure 7. Login Screen Enter your user name and password, and then click OK to enter the Configuration Manager. Use the following defaults the first time you log into this interface: Default User Name: admin Default Password: You can change the password at any time (see section 6.3.1).
PAGE 27
Chapter 3 - Quick Start 3. To setup a new IP address, click “System”, select IP Setup. Fill in the IP address, network mask and default gateway, then click OK. 4. When the new address is applied to the switch, the browser can no longer update the switch status windows or retrieve any page. You need to retype the new IP address in the address/location box, and press , then WEB link returns. Figure 8.
PAGE 28
Chapter 4 - Management with the web interface 4. Management with the web interface The switch provides Web pages that allow switch management through the Internet. The program is designed to work best with Microsoft Internet Explorer® 6.0, or later versions. 4.1 Login to web user interface 1. From a PC, open your web browser, type the following in the web address (or location) box, and press : http://192.168.1.1 This is the factory default IP address for the switch.
PAGE 29
Chapter 4 - Management with the web interface The home page appears each time you log into the program. See Figure 10. Figure 10. Home page 4.2 Functional layout Typical web page consists of two separate frames. The top frame has a switch logo and front panel as shown in Figures 11. This frame remains on the top of the browser window all the times and updates the LED status periodically or manually by pushing “Auto” or “manual” bottoms on the right side. See Table 4 for the LED definitions.
PAGE 30
Chapter 4 - Management with the web interface The menu item as shown in Figure 12 contains all the features available for switch configuration. These features are grouped into categories, e.g. System, Bridge, etc. You can click any of these to display a specific configuration page. (Click mouse right button to show popup menu) Figure 12.
PAGE 31
Chapter 4 - Management with the web interface 4.2.1 Menu navigation tips To open a specific configuration page, click the desired menu item. 4.2.2 Commonly used buttons and icons The following table describes the function for each button and icon used in the application. Table 6: Commonly used buttons Button / Icon Function Stores any changes made on the current page. Re-displays the current page with updated statistics or settings. Modifies the existing configuration in the system, e.g.
PAGE 32
Chapter 4 - Management with the web interface 4.3 System Figure 13. System menu System page includes Management, IP Setup, Reboot, Firmware Upgrade and other system related functions. 4.3.1 Management The Management page contains the following information: Model Name: product name MAC Address: switch MAC address System Name: user assigned name to identify the system (editable) System Contact (editable) System Location (editable) To save any changes and make it effective immediately, click OK.
PAGE 33
Chapter 4 - Configuration Management 4.3.2 IP Setup The IP Setup page contains the following information: DHCP Client: Enable/Disable DHCP Client for the switch. IP Address: IP address for the switch Network Mask: Network mask for this network Default Gateway: Default gateway for this network To save any changes and make it effective immediately, click OK. Use Reload to refresh the settings. Figure 15. IP Setup page 4.3.3 Reboot The Reboot page contains a Reboot button.
PAGE 34
Chapter 4 - Configuration Management Enter the TFTP server IP address and firmware file name. Click Upgrade to update the switch firmware. For example, TFTP Server: 192.168.1.155 File Name: Gx2124-4.1.05.00.img Runtime Status: Displays the following information for each port Clicking the upload button loads the assigned firmware to the switch, then reboot system after a successful firmware update. You have to relogin to web interface again.
PAGE 35
Chapter 4 - Configuration Management 4.4 Physical Interface Figure 17. Physical Interface item The Physical Interface displays the Ethernet port status in real time. You can configure the port in following fields in Interface Configuration window: Port: Select the port to configure Admin: Disable/enable the port Mode: Set the speed and duplex mode Flow Control: Enable/Disable 802.
PAGE 36
Chapter 4 - Configuration Management Figure 18. Physical Interface -1 Ethernet Link: The link is connected or not connected. STP Status: The STP status Duplex: The duplex mode Speed: Link speed Flow Control: The setting value to enable or disable 802.3x flow control mechanism Oper Port VLAN: The PVID of the port Figure 19.
PAGE 37
Chapter 4 - Configuration Management 4.5 Router Reports Figure 20. Router Reports item This page shows all routing information including static and dynamic learned by routing protocols. Click Reload to refresh status. Figure 21.
PAGE 38
Chapter 4 - Configuration Management 4.6 Cable Diagnosis Figure 22. Cable Diagnosis item To analysis the cabling plant for the common cable problems, such as open circuits, short circuits and impedance mismatches. Interface: Select the interface want to detect. Click Query to start diagnose. Cable diagnosis is capable of detecting cable open or short length. Note If the cable length is too shorter, the detecting result may have more error rate. Figure 23.
PAGE 39
Chapter 4 - Configuration Management 4.7 Save Configuration Figure 24. Save Configuration item To save configuration permanently, you have to click Save. Sometimes you may want to reset the switch configuration, you can click Reload to reset the configuration file to factory default. Of course, a system reboot will follow this restoration process. You will lose all the configurations when you choose to restore the Note factory default configurations. Figure 25.
PAGE 40
Chapter 4 - Configuration Management 4.8 Bridge Figure 26. Bridge menu The Bridge page group contains most layer 2 configurations, like link aggregation, STP, etc. 4.8.1 Spanning tree The page configures three types of Spanning Tree Protocol. 4.8.1.1 STP Status The “STP Status” can disable or enable STP. There are three modes STP, RSTP and MSTP can be enabled.
PAGE 41
Chapter 4 - Configuration Management Figure 27. Spanning tree – STP Status 4.8.1.
PAGE 42
Chapter 4 - Configuration Management Figure 28. Spanning tree – Current Roots 4.8.1.
PAGE 43
Chapter 4 - Configuration Management 4.8.1.4 Port Parameters This contains a display window to show the current configuration for each port. You can select a port then edit it. Click Modify to change the port setting for spanning-tree. The following fields are available: Instance ID (MSTP Only): A spanning-tree instance, you can configure MSTP on your switch to map multiple VLANs into a single STP instance. Path Cost: The valid value is from 1 to 200000000.
PAGE 44
Chapter 4 - Configuration Management 4.8.1.5 Runtime Status It shows the current status for each port. Figure 31. Spanning tree – RunTime Status 4.8.2 Link aggregation static The page configures the link aggregation static group (port trunking). The maximum group is 8 and up to 8 ports per group. Trunk ID: A number to identify the trunk group Protocol: Show the state of the link aggregation group. For the page is static.
PAGE 45
Chapter 4 - Configuration Management members are in the same speed and full duplex mode, then the trunk group will set up successfully. If one of the members is not in the same speed or full duplex mode, the trunk will not set correctly. Check the link partner and change the settings to have the same speed and full duplex mode for all the members of your trunk group. Note All the ports in the link aggregation group MUST operate in fullduplex mode at the same speed.
PAGE 46
Chapter 4 - Configuration Management 4.8.3 LACP The page configures the LACP group (port trunking) and shows LACP running information. The maximum group is 8 and up to 8 ports per group. The first part configures LACP group. Trunk ID: A number to identify the trunk group Protocol: Show the state of the link aggregation group. For the page is LACP.
PAGE 47
Chapter 4 - Configuration Management The second part shows LACP running information for each Trunk ID. Figure 34. LACP – LACP Information The last part shows LACP running information for each operation port interface. Figure 35.
PAGE 48
Chapter 4 - Configuration Management 4.8.4 Mirroring Mirroring, together with a network traffic analyzer, helps you monitor network traffics. You can monitor the selected ports for egress or ingress packets. Mirror Mode: Enable or disable the mirror function for the selected group. Stack ID: Select stack ID. In standalone mode, it is always 1. Session: Two sessions for selection. Session 1 is for port 1 ~ 12 and Session 2 is for port 13~24.
PAGE 49
Chapter 4 - Configuration Management 4.8.5 Static Multicast This page can add multicast addresses into the multicast table. The switch can hold up to 256 multicast entries. All the ports in the group will forward the specified multicast packets to other ports in the group. VLAN: Input the VLAN group, it is VLAN-based feature MAC Address: Assign the multicast address Port: Select the port from selection panel.
PAGE 50
Chapter 4 - Configuration Management 4.8.6 IGMP snooping IGMP snooping helps reduce the multicast traffics on the network by allowing the IGMP snooping function to be turned on or off. The first part provides the following settings. Enable IGMP Snooping: Globally enable IGMP snooping in all existing VLAN interfaces. By default, IGMP snooping is globally disabled on the switch. When globally enabled or disabled, it is also enabled or disabled in all existing VLAN interfaces.
PAGE 51
Chapter 4 - Configuration Management Figure 38. IGMP Snooping – Setting Multicast Group shows all multicast group information, including static configured and dynamic learned. Figure 39.
PAGE 52
Chapter 4 - Configuration Management 4.8.7 Traffic control Traffic control prevents the switch bandwidth from flooding packets including broadcast packets, multicast packets and the unicast packets because of destination address lookup failure. The limit number is a threshold to limit the total number of the checked type packets. For example, if broadcast and multicast are enabled, the total traffic amount for those two types will not exceed the limit value.
PAGE 53
Chapter 4 - Configuration Management 4.8.8 Dynamic addresses This page displays the result of dynamic MAC address lookup by port, VLAN ID, or specified MAC address. The dynamic address is the MAC address learned by switch, it will age out from the address table if the address is not learned again during the age time. User can set the age time by entering a valid number from 10 to 1,000,000 in seconds. Click OK to make the settings effective. Click Reload to refresh the settings to current value.
PAGE 54
Chapter 4 - Configuration Management Click Add when you create a new static MAC address by the above information. Then you will see the new added entry shows in the address window. You can remove the existed address by selecting the entry with the mouse, then click Remove. The Modify button updates the existed MAC address entries. Click OK to make the settings effective. Click Reload to refresh the settings to current value. Figure 42. Static Addresses 4.8.
PAGE 55
Chapter 4 - Configuration Management time. If you want to assign an untagged port from one VLAN to another, you have to remove it from the original VLAN, or change it to be tagged in the original VLAN first. VLAN ID: this field requires user to enter the VLAN ID when a new VLAN is created Name: this field requires user to assign a name for the VLAN If you want to add a new VLAN group, must click New first. After configuring settings, click Add. Click OK to make the settings effective.
PAGE 56
Chapter 4 - Configuration Management 4.8.11 GVRP Generic Attribute Registration Protocol (GARP) VLAN Registration Protocol (GVRP) is an application defined in the IEEE 802.1Q standard that allows for the control of VLANs. GVRP will run only on 802.1Q trunk ports and is used primarily to prune traffic from VLANs that does not need to be passed between trunking switches. There are some parameters to configure GVRP: GVRP Enable: By default GVRP is not enabled for the switch.
PAGE 57
Chapter 4 - Configuration Management Edit the following attributes as needed: Joint Timer: Set value in centiseconds. Leave Timer: Set value in centiseconds. LeaveAll Timer: Set value in centiseconds. Click OK to make the settings effective. Click Reload to refresh the settings to current value. Figure 45. GARP Timer 4.8.12 QoS and CoS 4.8.12.1 802.1p Priority Eight egress queues on all switch ports.
PAGE 58
Chapter 4 - Configuration Management Weighted Round Robin (WRR): If WRR scheduling algorithm is enabled, the ratio of the weights is the ratio of frequency in which the WRR scheduler de-queues packets from each queue. Click OK to make the settings effective. Click Reload to refresh the settings to current value. Figure 46. 802.1p Priority 4.8.12.2 CoS queue mapping The switch supports eight egress queues for each port with a strict priority scheduler.
PAGE 59
Chapter 4 - Configuration Management Figure 47. CoS Queue Mapping 4.8.12.3 QoS Bandwidth Some VLAN tag related field settings for each port are included in this page. It includes: Port: Select a port from list window to configure Ingress Bandwidth: Maximum ingress bandwidth for selected port Default CoS: Every untagged packet received from this port will be assigned to this CoS value in the VLAN tagged Click Modify to change the content in the port list window. Click OK to make the settings effective.
PAGE 60
Chapter 4 - Configuration Management Figure 48. QoS Bandwidth 4.8.13 Policy Map Policy Map offers the capability that user can change the priority of incoming, transmitting packets and dropping packets when over-loading. 4.8.13.1 Policy Map Setting Give a name for policy map set then click Add. Click OK to save the configuration permanently or Reload to refresh the page. Please click OK before editing the rules of the policy set. Click Edit a policy map set to select the set you want to edit or remove.
PAGE 61
Chapter 4 - Configuration Management Provide four criteria and three take actions for rule setting: Match Criterion: Chose one of IP DSCP with range, IP Precedence with range, ACL name with an exist filter access-list, None for criteria. Profile Action: Chose one of Police Drop, Police High-Drop, None for action. In-Profile Action: Chose Cos Override with COS value, Mark IP SCP, Mark IP Precedence or None to take action on incoming packets.
PAGE 62
Chapter 4 - Configuration Management Figure 51. Policy Attach 4.9 SNMP Figure 52. SNMP menu This group offers the SNMP configuration including Community Table, Host Table, and Trap Setting. 4.9.1 Community Host Table You can type host IP addresses with different community names and specify whether the community has the privilege to do set action (ro – read only, rw – read and write) by selecting the Type. Click OK to make the settings effective. Click Reload to refresh the settings to current value.
PAGE 63
Chapter 4 - Configuration Management Figure 53. Community Host Table 4.9.2 Trap Setting By setting trap destination IP addresses and community names, you can enable SNMP trap function to send trap packets in different versions (v1 or v2). Click OK to make the settings effective. Click Reload to refresh the settings to current value. Figure 54.
PAGE 64
Chapter 4 - Configuration Management 4.9.3 SNMPv3 VGU Table There’re two articles presenting the new security features defined by SNMPv3. The User-based Security Model (USM), which provides authentication, encryption, and decryption of SNMPv3 packets. The Viewbased Access Control Model (VACM), which provides access control. The followings are three related pages. Click OK to make the settings effective. Click Reload to refresh the settings to current value. 4.9.3.
PAGE 65
Chapter 4 - Configuration Management Figure 55. SNMPv3 VGU Table - Views 4.9.3.2 Groups VACM Group is used to configure the information of SNMPV3 VACM Group. Group Name: Enter the security group name. Security Model: Chose the Security Model Name that the Group belongs. Any is suitable for v1, v2, v3. USM is SNMPv3 related. Security level: Chose the Security level Name that the Group belongs. Only NoAuthNoPriv, AuthNopriv, AuthPriv can be chosen.
PAGE 66
Chapter 4 - Configuration Management Figure 56. SNMPv3 VGU - Groups 4.9.3.2 Users USM User is used to configure the information of SNMPV3 USM User. User Name: User name of a specific security group Group Name: Chose the security group name Security level: Chose the Security level Name that the Group belongs. Only NoAuthNoPriv, AuthNopriv, AuthPriv can be chosen. Auth Algorithm: Chose the Auth Protocol that SNMP User and Security Group belong. Only MD5, SHA can be chosen.
PAGE 67
Chapter 4 - Configuration Management entries. Click OK to make the settings effective. Click Reload to refresh the settings to current value. Figure 57. SNMPv3 VGU - Users 4.10 Filters Figure 58. Filters menu The switch can filter certain traffic types according to packet header information from Layer 2 to Layer 4. Each filter set includes a couple of rules. You have to attach the filter set to certain ports to make the filter work. 4.10.
PAGE 68
Chapter 4 - Configuration Management rules. After setting filter mode and name, click Add. Click OK to save the configuration permanently or Reload to refresh the page. Please click OK before editing the rules of the filter set. Click a filter set to select the set you want to edit or remove. Second, click Edit to enter the rule page, or click Reload to remove the filter set. You have to follow the rules to make a valid filter set. One set consists of a type of rules.
PAGE 69
Chapter 4 - Configuration Management Figure 60. Filter rule in MAC mode Figure 61. Filter rule in IP mode Two examples tell us about how to use Wildcard and IP to represent IP host or IP group: 1. Assign a dedicated IP, Type = subnet, IP = 10.10.1.2, Wildcard = 0.0.0.0 2. Assign a subnet (a group of IP), Type = subnet, IP = 10.10.1.0, Wildcard = 0.0.0.
PAGE 70
Chapter 4 - Configuration Management 4.10.2 Filter Attach A filter set is idle if you did not attach it to any ingress port. Use the Filter Attach page to attach a filter set to ingress ports. Click OK to make the settings effective. Click Reload to refresh the settings to current value. To attach a filter set to ports: Filter ID/Name: Select a filter name or ID.
PAGE 71
Chapter 4 - Configuration Management 4.11 Security Figure 63. Security menu The switch supports the 802.1x port-based security feature. Only authorized hosts are allowed to access the switch port. Traffic will be blocked from unauthenticated host. Authentication can be provided via a RADIUS server or the local database in the switch. The switch also supports dynamic VALN assignment through 802.1x authentication process.
PAGE 72
Chapter 4 - Configuration Management Authentication Control: If force-authorized is selected, the selected port is forced authorized. Thus, traffic from all hosts is allowed to pass. Otherwise, if force-unauthorized is selected, the selected port is blocked and no traffic can go through. If auto is selected, the behavior of the selected port is controlled by 802.1x protocol. All ports should be set to Auto under normal conditions.
PAGE 73
Chapter 4 - Configuration Management 4.11.2 Dial-in User Dial-in User is used to define users in the local database of the switch. User Name: New user name. Password: Password for the new user. Confirm Password: Enter the password again. Vlan ID: Specify the VLAN ID assigned to the 802.1x-authenticated clients. Please click Add to add the new user. Click Modify when you’re done with the modifications. Click Remove when you want to remove the selected user. Click OK to make the settings effective.
PAGE 74
Chapter 4 - Configuration Management 4.11.3 RADIUS In order to use external RADIUS server, the following parameters are required to be setup: Authentication Primary/Secondary Server IP: The IP address of the primary/secondary RADIUS server. Authentication Primary/Secondary Server Port: The port number for the primary/secondary RADIUS server is listening to. Authentication Primary/Secondary Server Key: The key is used for communications between GigaX and the primary/secondary RADIUS server.
PAGE 75
Chapter 4 - Configuration Management 4.11.4 Port Security The switch also supports port security feature. It enables a system’s administrator to control who can connect to their network. You can use the port security feature to restrict input to an interface by limiting and identifying MAC addressed of the stations allowed to access the port. When you assign secure MAC addresses to a secure port, the port does not forward with source addresses outside the group of defined addresses.
PAGE 76
Chapter 4 - Configuration Management Click OK to make the settings effective. Click Reload to refresh the settings to current value. Figure 67. Port Configuration 4.11.4.2 Port Status This page shows the current port status, MAC address counts, static MAC address counts, and violation count. Port has five statuses: NoOper: This indicates port security on the port is configured to disabled. SecureUp: This indicates port security is operational. SecureDown: This indicates port security is not operational.
PAGE 77
Chapter 4 - Configuration Management When some port status is shutdown, you can click it and select Re-Start to Yes. It will restart the port and change status to SecureUp. Please click Modify when you’re done with the modification. Click OK to make the settings effective. Click Reload to refresh the settings to current value. Figure 68. Port Status 4.11.4.3 Secure MAC Address Secure MAC Address offers three functions for user management: Query: You can select a port by Port Selection field.
PAGE 78
Chapter 4 - Configuration Management Figure 69. Secure MAC Address 4.12 Traffic Chart Figure 70.Traffic Chart menu The Statistics Chart pages provide network flow in different charts. You can specify the period time to refresh the chart and monitor the network traffic amount in different graphic chart by these pages. Most MIB-II counters are displayed in these charts. Select Auto Refresh or Refresh Rate to set the period for retrieving new data from the switch.
PAGE 79
Chapter 4 - Configuration Management Figure 71. Traffic Comparison Chart 4.12.2 Error Group Chart After selecting the Port Selection and display Color, click Draw. The statistics window shows all the discards or error counts for the specified port. The data is updated periodically. Figure 72.
PAGE 80
Chapter 4 - Configuration Management 4.12.3 Historical Status Chart You can display information for different ports and statistics items in this chart. Since this shows the history of the statistics information, the line chart keeps the old data even it is refreshed. Figure 73.
PAGE 81
Chapter 5 - Command Line Interface 5. Console interface This chapter describes how to use console interface to configure the switch. The switch provides RS232 and USB connectors to connect your PC. Use a terminal emulator on your PC such as HyperTerminal and command line interpreter to configure the switch. You have to set up the terminal emulator with baud rate 9600, 8 bit data, no parity, and 1 stop bit, and no flow control.
PAGE 82
Chapter 5 - Command Line Interface Figure 75. Boot ROM command mode 5.1.2 Boot ROM commands The followings are two types of boot ROM commands, • “command” : The current settings will be displayed. • “command” with new setting Table 7: Boot ROM Commands Command Parameters baudrate Usage none Ip address none none IP address none 9600 19200 38400 57600 115200 none xxx.xxx.xxx.xxx none none xxx.xxx.xxx.xxx none host xxx.xxx.xxx.xxx pwd serverip slot tftpboot none IP address slot filename none xxx.
PAGE 83
Chapter 5 - Command Line Interface 5.2 Login and logout To enter the CLI mode, you have to give a valid user name and password. As the first time login, you can enter “admin” as the user name (without password). For security reason, please change the user name and password after login. Once you forget the use name and password, you may contact ASUS support team or restore the default user account in the Boot ROM Command mode – “pwd”. If you take the second choice, the default user “admin” will be restored.
PAGE 84
Chapter 5 - Command Line Interface 5.3.2 Backup and Restore 5.3.2.1 Backup start-up configuration file Backup the start-up configuration file “startup_config” of the switch to TFTP/FTP server. CLI Syntax: copy startup-config tftp: URL Example: ASUS# copy startup-config tftp: 192.168.8.56/backup.cfg CLI Syntax: copy startup-config ftp: [Username:Password@]URL Example: ASUS# copy startup-config ftp: asus:1234@192.168.8.56/ backup.cfg 5.3.2.
PAGE 85
Chapter 5 - Command Line Interface 5.3.3.2 disable Turn off privileged mode and back to user mode. CLI Syntax: disable Example: ASUS# disable 5.3.3.3 Firmware upgrade Upgrade new firmware into switch through TFTP/FTP. CLI Syntax: archive download-sw /overwrite tftp: URL Example: ASUS# archive download-sw /overwrite tftp:192.168.1.3/ firmware.img CLI Syntax: archive download-sw /overwrite ftp: [Username: Password@]URL Example: ASUS# archive download-sw /overwrite ftp: asus@1234:192.168.1.3/firmware.
PAGE 86
Chapter 5 - Command Line Interface 5.3.3.7 Help This command lists all of the command of the operation mode. CLI Syntax: list Example: ASUS# list Example: ASUS# ? 5.3.3.8 Host name Display the given name of the switch. This is an RFC-1213 defined MIB object in System Group, and provides administrative information on the managed node. CLI Syntax: hostname HOSTNAME Example: (config)# hostname Switch If you put a name in the name description field, the switch system name changes to the new one. 5.3.3.
PAGE 87
Chapter 5 - Command Line Interface Figure 76. SYS commands 5.3.3.11 IP Address and Network Mask Set the IP address for the switch. This IP address is used for manageable purpose, i.e.; network applications such as, http server, SNMP server, tftp server, ssh and telnet server of the switch are all using this IP address in interface vlan1. CLI Syntax: ip address A.B.C.D/M Example: (config)# interface vlan 1 (config-if)# ip address 192.168.20.121/24 5.3.3.
PAGE 88
Chapter 5 - Command Line Interface 5.3.3.15 show running-config Show running-config file. CLI Syntax: show running-config Example: ASUS# show running-config 5.3.3.16 write Use the command to write configuration to the file. CLI Syntax: write Example: ASUS# write 5.3.3.17 Assign a new user account Add a user, which is named tony and its password is tony123456 CLI Syntax: user add USERNAME PASSWORD Example: (config)# user add tony tony123456 5.3.3.
PAGE 89
Chapter 5 - Command Line Interface 5.3.4.2 Interface duplex Use the duplex configuration command on the switch to set duplex status of the port. CLI Syntax: duplex (full | half) Example: (config)# interface gi1/0/2 (config-if)# duplex full This example shows how to use the duplex configuration command on the switch to set full-duplex on the interface. 5.3.4.3 Interface flow control Use the flow control configuration command on the switch to set flow control status of the port.
PAGE 90
Chapter 5 - Command Line Interface Note The vlan1 is for system purpose, for example, for firmware upgrade, management, and so on. 5.3.5.2 Create a vlan entry Use the vlan vid command to create vlan entry on the switch. Use the name string command to create vlan entry with string on the switch. CLI Syntax: vlan ID Example: (config)# vlan 3 (config-vlan)# name vlan3 5.3.5.3 interface vlan VLAN-ID This command changes the operation to vlan interface command mode.
PAGE 91
Chapter 5 - Command Line Interface 5.3.6 Spanning Tree 5.3.6.1 show spanning-tree summary Show spanning-tree active. CLI Syntax: show spanning-tree summary Example: ASUS# show spanning-tree summary 5.3.6.2 spanning-tree enable and disable Enable/Disable the spanning tree. CLI Syntax: spanning-tree (enable | disable) Example: (config)# spanning-tree disable 5.3.7 Link Aggregation 5.3.7.
PAGE 92
Chapter 5 - Command Line Interface 5.3.7.3 show aggregation-link trunk Show aggregation-link trunk status. CLI Syntax: show aggregation-link group GROUPID Example: ASUS# show aggregation-link group 1 5.3.8 LACP 5.3.8.1 lacp aggregation-link trunk This command sets the Link Aggregation Control Protocol (LACP) operation add/set for the trunk group ports on the switch. CLI Syntax: lacp aggregation-link group <1-8> (add | set) IFLIST Example: ASUS# lacp aggregation-link group1 add gi1/0/1-3 5.3.8.
PAGE 93
Chapter 5 - Command Line Interface CLI Syntax: mirror session <1-2> source IFLIST (both | rx | tx) mirror session <1-2> destination IFNAME Example: (config)# mirror session 1 source gi1/0/1-4 both (config)# mirror session 1 destination gi1/0/5 5.3.9.2 show mirror To show current mirror features. CLI Syntax: Show mirror session Example: ASUS# show mirror session 5.3.9.3 no mirror This command disables the mirror function.
PAGE 94
Chapter 5 - Command Line Interface CLI Syntax: no mac-address-table multicast MACADDR VLANID IFLIST Example: (config)# no mac-address-table multicast 0100.5e11.1111 2 gi1/0/1-3 5.3.10.3 show mac-address-table multicast User executes the command to display the Layer 2 multicast entries for all VLANs. Use the command in privileged EXEC mode to display specific multicast entries. CLI Syntax: show mac-address-table multicast Example: ASUS# show mac-address-table multicast 5.3.11 IGMP Snooping 5.3.11.
PAGE 95
Chapter 5 - Command Line Interface 5.3.12.2 ip dhcp snooping vlan VLANLIST This command sets the VLAN groups enabled for DHCP snooping. CLI Syntax: ip dhcp snooping vlan VLANLIST Example: (config)# ip dhcp snooping vlan 1, 4, 5-100 5.3.12.3 ip dhcp snooping trust This command sets the interface as the DHCP snooping trusted port. CLI Syntax: ip dhcp snooping trust Example: (config-if)# ip dhcp snooping trust 5.3.12.
PAGE 96
Chapter 5 - Command Line Interface 5.3.13.3 show storm-control Use the show storm-control configuration command on the switch to show the limit rate of the port’s total bandwidth used by broadcast/dlf/multicast. CLI Syntax: show storm-control (broadcast | dlf | multicast) Example: ASUS# show storm-control broadcast 5.3.14 Dynamic Addresses 5.3.14.1 clear dynamic mac-address Use the command on the switch to clear dynamic L2 MAC addresses in the database.
PAGE 97
Chapter 5 - Command Line Interface 5.3.14.4 show mac-address-table aging-time CLI Syntax: show mac-address-table aging-time Example: ASUS# show mac-address-table aging-time 5.3.15 Static Addresses 5.3.15.1 add static mac-address You can add a MAC address into the switch address table. The MAC address added by this way will not age out from the address table. We call it static address. CLI Syntax: mac-address-table static MACADDR VLANID IFNAME Example: (config)# mac-address-table static 0000.1111.
PAGE 98
Chapter 5 - Command Line Interface 5.3.16.3 name VLANNAME Use the command to create vlan entry with VLANNAME on the switch. CLI Syntax: name VLANNAME Example: (config)# vlan 2 (config-vlan)# name VLAN2 5.3.16.4 access vlan Set access mode characteristics of all interfaces and Set Virtual LAN. CLI Syntax: switchport access vlan <1-3000> Example: (config)# interface gi1/0/2 (config-if)# switchport access vlan 1 5.3.16.
PAGE 99
Chapter 5 - Command Line Interface CLI Syntax: gvrp (enable | disable) Example: (config)# gvrp enable 5.3.17.3 show gvrp configuration Show gvrp configuration IFNAME status. CLI Syntax: show gvrp interface [IFNAME] Example: ASUS# show gvrp interface gi1/0/1 5.3.17.4 show gvrp statistics Show gvrp statistics IFNAME status. CLI Syntax: show gvrp statistics [IFNAME] Example: ASUS# show gvrp statistics gi1/0/1 5.3.18 CoS/QoS 5.3.18.
PAGE 100
Chapter 5 - Command Line Interface 5.3.18.4 show cos policy This command shows the cos policy. CLI Syntax: show cos policy Example: ASUS# show cos policy 5.3.18.5 qos ingress bandwidth This command used to set the Qos bandwidth informational parameter for the incoming packets. CLI Syntax: qos ingress bandwidth LIMITRATE Example: (config)# interface gi1/0/2 5.3.18.
PAGE 101
Chapter 5 - Command Line Interface This command defines a policy-map class using a name, and enter policymap-class configuration mode. CLI Syntax: class CLASSMAP Example: (config-pmap)# class a 5.3.19.3 match This command set the match criteria. CLI Syntax: match (access-group ACLNAME | ip dscp DSCPLIST | ip precedence IPPRECEDENCES ) Example: (config-pmap-class)# match access-group ipacl1 (config-pmap-class)# match ip dscp 4-6 (config-pmap-class)# match ip precedence 1,3,5 5.3.19.
PAGE 102
Chapter 5 - Command Line Interface This command attaches policy map set to an interface. CLI Syntax: policy map input POLICYMAP Example: (config-if)# policy map input policy1 5.3.20 SNMP 5.3.20.1 show rmon statistics Show rmon statistics IFNAME status. CLI Syntax: show rmon statistics [IFNAME] Example: ASUS# show rmon statistics gi1/0/1 5.3.20.2 show snmp-server community Show snmp-server community. CLI Syntax: show snmp-server community Example: ASUS# show snmp-server community 5.3.20.
PAGE 103
Chapter 5 - Command Line Interface and enter access-list configuration mode. CLI Syntax: ip access-list (standard | extended) ACLNAME Example: (config)# ip access-list extended ip_acl_1 5.3.21.3 deny any host Use the deny MAC access list configuration command on the switch to prevent non-IP traffic from being forwarded if the conditions are matched. Use the no form of this command to remove a deny condition from the named MAC access list.
PAGE 104
Chapter 5 - Command Line Interface 5.3.22.2 (config-if)# dot1x guest-vlan 3 dot1x port-control Use the dot1x port-control interface configuration command on the switch to enable manual control of the authorization state of the port. Use the no form of this command to return to the default setting. CLI Syntax: dot1x port-control (auto | force-authorized | force- unauthorized) Example: (config)# interface gi1/0/1 (config-if)# dot1x port-control force-authorized 5.3.23 Dial-in User 5.3.23.
PAGE 105
Chapter 5 - Command Line Interface Show dot1x radius server ip, radius key, and radius port for 802.1X configuration. CLI Syntax: show dot1x radius Example: ASUS# show dot1x radius 5.3.25 Port Security 5.3.25.1 show port security This command used to show the port security configuration, status and MAC addresses information.
PAGE 106
Chapter 5 - Command Line Interface (config-if)# switchport port-security (config-if)# switchport port-security mac-address 0023.1313.2313 (config-if)# switchport port-security maximum 20 (config-if)# switchport port-security violation protect (config-if)# switchport port-security reup 5.3.25.4 switchport port-security aging This command used to set the port security aging configuration.
PAGE 107
Chapter 5 - Command Line Interface This command used to show NTP server information. CLI Syntax: show ntp server Example: ASUS# show ntp server 5.3.26.4 show clock This command used to show the switch clock time. CLI Syntax: show clock Example: ASUS# show clock 5.4 Miscellaneous commands show private health: shows the environment variable, like temperature, fan speed and voltage. show private led: shows the three system LEDS – SYSTEM, RPS and FAN. show private model: shows the model name of switch.
PAGE 108
Chapter 6 - IP Addresses, Network Masks, & Subnets 6. IP Addresses, Network Masks & Subnets 6.1 IP Addresses Note This section pertains only to IP addresses for IPv4 (version 4 of the Internet Protocol). IPv6 addresses are not covered. This section assumes basic knowledge of binary numbers, bits, and bytes. IP addresses, the Internet’s version of telephone numbers, are used to identify individual nodes (computers or devices) on the Internet.
PAGE 109
Chapter 6 - IP Addresses, Network Masks, & Subnets Table 8: IP address structure Class A Class B Class C Field1 Network ID Network ID Network ID Field2 Host ID Field3 Host ID Field4 Host ID Here are some examples of valid IP addresses: Class A: 10.30.6.125 (network = 10, host = 30.6.125) Class B: 129.88.16.49 (network = 129.88, host = 16.49) Class C: 192.60.201.11 (network = 192.60.201, host = 11) 6.1.2 Network classes Classes A, B, and C are the three commonly used network classes.
PAGE 110
Chapter 6 - IP Addresses, Network Masks, & Subnets 6.2 Subnet masks Note A mask looks like a regular IP address, but contains a pattern of bits that tells what parts of an IP address are the network ID and what parts are the host ID: bits set to 1 mean “this bit is part of the network ID” and bits set to 0 mean “this bit is part of the host ID.” Subnet masks are used to define subnets (what you get after dividing a network into smaller pieces).
PAGE 111
Chapter 7 - Troubleshooting 7. Troubleshooting This section gives instructions for using several IP utilities to diagnose problems. A list of possible problems with suggestion actions is also provided. All the known bugs are listed in the release note. Read the release note before you set up the switch. Contact Customer Support if these suggestions do not resolve the problem. 7.1 Diagnosing problems using IP utilities 7.1.
PAGE 112
Chapter 7 - Troubleshooting If the target computer cannot be located, you will receive the message “Request timed out.” Using the ping command, you can test whether the path to the switch is working (using the pre-configured default LAN IP address 192.168.1.1) or another address you assigned. You can also test whether access to the Internet is working by typing an external address, such as that for www.yahoo.com (216.115.108.243).
PAGE 113
Chapter 7 - Troubleshooting There may be several addresses associated with an Internet name. This is common for web sites that receive heavy traffic; they use multiple, redundant servers to carry the same information. To exit from the nslookup utility, type exit and press at the command prompt. 7.2 Simple fixes The following table lists some common problems that you may encounter when installing or using the switch, and the suggested actions to solve the problems.
PAGE 114
Chapter 7 - Troubleshooting Table 9: Problems & suggested actions Problem Suggested Action Network Access PCs cannot display web 1. The switch is powered up and the connecting port is enabled. The factory default IP for the switch is 192.168.1.1. configuration pages. 2. Verify your network setup in your PC for this information. If your PC does not have a valid route to access the switch, change the switch IP to an appropriate IP that your PC can access. 3.
PAGE 115
Chapter 8 - Glossary 8. Glossary 10BASE-T A designation for the type of wiring used by Ethernet networks with a data rate of 10 Mbps. Also known as Category 3 (CAT 3) wiring. See also data rate, Ethernet. 100BASE-T A designation for the type of wiring used by Ethernet networks with a data rate of 100 Mbps. Also known as Category 5 (CAT 5) wiring. See also data rate, Ethernet. 1000BASE-T A designation for the type of wiring used by Ethernet networks with a data rate of 1000 Mbps.
PAGE 116
Chapter 8 - Glossary Filtering To screen out selected types of data, based on filtering rules. Filtering can be applied in one direction (ingress or egress), or in both directions. Filtering rule A rule can specify what kinds of data the routing device will accept and/or reject. Filtering rules are defined to operate on an interface (or multiple interfaces) and in a particular direction (upstream, downstream, or both).
PAGE 117
Chapter 8 - Glossary IGMP Snooping Snoop the IGMP packets on each port and associate the port with a layer 2 muticast group. Internet The global collection of interconnected networks used for both private and business communications. Intranet A private, company-internal network that looks like part of the Internet (users access information using web browsers), but is accessible only by employees. IP See TCP/IP.
PAGE 118
Chapter 8 - Glossary MAC address Media Access Control address The permanent hardware address of a device, assigned by its manufacturer. MAC addresses are expressed as six pairs of characters. mask See network mask. Multicast To send data to a group of network devices. Mbps Abbreviation for Megabits per second, or one million bits per second. Network data rates are often expressed in Mbps.
PAGE 119
Chapter 8 - Glossary packet Data transmitted on a network consists of units called packets. Each packet contains a payload (the data), plus overhead information such as where it came from (source address) and where it should go (destination address). ping Packet Internet (or Inter-Network) Groper A program used to verify whether the host associated with an IP address is online. It can also be used to reveal the IP address for a given domain name.
PAGE 120
Chapter 8 - Glossary STP Spanning Tree Protocol The bridge protocol to avoid packet looping in a complicate network. subnet A subnet is a portion of a network. The subnet is distinguished from the larger network by a subnet mask which selects some of the computers of the network and excludes all others. The subnet’s computers remain physically connected to the rest of the parent network, but they are treated as though they were on a separate network. See also network mask.
PAGE 121
Chapter 8 - Glossary TTL Time To Live A field in an IP packet that limits the life span of that packet. Originally meant as a time duration, the TTL is usually represented instead as a maximum hop count; each router that receives a packet decrements this field by one. When the TTL reaches zero, the packet is discarded. twisted pair The ordinary copper telephone wiring long used by telephone companies. It contains one or more wire pairs twisted together to reduce inductance and noise.
PAGE 122
Chapter 8 - Glossary Web page A web site file typically containing text, graphics and hyperlinks (cross-references) to the other pages on that web site, as well as to pages on other web sites. When a user accesses a web site, the first page that is displayed is called the home page. See also hyperlink, web site. Web site A computer on the Internet that distributes information to (and gets information from) remote users through web browsers.