Dell™ PowerConnect™ 28xx Systems User Guide w w w. d e l l . c o m | s u p p o r t . d e l l .
Notes, Notices, and Cautions NOTE: A NOTE indicates important information that helps you make better use of your computer. NOTICE: A NOTICE indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. CAUTION: A CAUTION indicates a potential for property damage, personal injury, or death. ____________________ Information in this document is subject to change without notice. © 2008 Dell Inc. All rights reserved.
Contents 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . System Description. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PowerConnect 2808 . . . . . . . . . PowerConnect 2816 . . . . . . . . . PowerConnect 2824 . . . . . . . . . PowerConnect 2848 . . . . . . . . . Summary of PowerConnect Models Features 9 . . . . . . . . . . . . . . . . . . . . 9 9 10 10 11 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 . . . . . .
Power Connectors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Internal Power Supply Connector 3 . . . . . . . . . . . . . . . . . . . . . Installing the PowerConnect Device 27 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 Site Requirements Package Contents. . . Unpacking the Device Mounting the Device . . . . . . . . . .
Startup Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Startup Menu Procedures . . . . . . . . . Software Download . . . . . . . . . . . . . Erase FLASH File . . . . . . . . . . . . . . Erasing the Device Configuration . . . . . . Password Recovery. . . . . . . . . . . . . Software Download Through TFTP Server . Management Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 Default Values. . . . . . . . .
Configuring RADIUS Global Parameters Defining SNMP Parameters . . . . . . . . . . . . . . . . . . 71 . . . . . . . . . . . . . . . . . . . . . . . . . . . 74 Defining SNMP Global Parameters . . . Defining Communities. . . . . . . . . . Defining SNMP Notification Recipients Managing Files . . . . . . . . . . . . . . . . . . . 75 76 78 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Downloading Files . . .
Configuring Rapid Spanning Tree . Configuring VLANs . . . . . . . . . . . . . . . . . . . . . 124 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126 Defining VLAN Members . . . VLAN Port Membership Table Defining VLAN Ports Settings . Defining VLAN LAG Settings . Aggregating Ports . . . . . . . . . . . . . . . . . . . . . . 126 128 130 131 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Command Mode Overview . . User EXEC Mode . . . . . . . Privileged EXEC Mode . . . . Global Configuration Mode . . Interface Configuration Mode CLI Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Command: asset-tag .
1 Introduction This User’s Guide contains the information needed for installing, configuring and maintaining the PowerConnect 2808, PowerConnect 2816, PowerConnect 2824, and PowerConnect 2848 Webmanaged Gigabit Ethernet switches. The PowerConnect 28xx switches can be used to connect workstations and other network devices, such as: • Servers • Hubs • Routers The PowerConnect devices are primarily designated for the Small Office/Home Office (SOHO) that require high performance edge connectivity.
Figure 1-2. PowerConnect 2816 Front Panel The PowerConnect 2816 supports the following ports: • 16 Gigabit Ethernet copper ports PowerConnect 2824 The following figure illustrates the PowerConnect 2824 front panel. Figure 1-3. PowerConnect 2824 Front Panel The PowerConnect 2824 supports the following ports: • 24 Gigabit Ethernet copper ports • 2 SFP combo ports (1000BASE-SX or 1000BASE-LX) PowerConnect 2848 The following figure illustrates the PowerConnect 2848 front panel. Figure 1-4.
Summary of PowerConnect Models The following table summarizes the PowerConnect models. Table 1-1.
Auto Negotiation Auto negotiation allows an Ethernet switch to advertise modes of operation. The auto negotiation function provides the means to exchange information between two Ethernet switches that share a pointto-point link segment, and to automatically configure both Ethernet switches to take maximum advantage of their transmission capabilities. Port advertisement allows the system administrator to configure the port speeds advertised.
MAC Address Supported Features MAC Address Capacity Support The PowerConnect 2808, 2816, 2824 switches support a total of 8K MAC addresses, and the PowerConnect 2848 supports a total of 16K MAC addresses. Auto-Learning MAC Addresses The switch enables MAC address auto-learning from incoming packets. The MAC addresses are stored in the Bridging Table. Automatic Aging for MAC Addresses MAC addresses from which no traffic is received for a given period of time are aged out.
• Short-Reach — Reduction of power over Ethernet cables shorter than 40m. IGMP Snooping Internet Group Membership Protocol (IGMP) Snooping examines IGMP frame contents, when they are forwarded by the device from work stations to an upstream Multicast router. From the frame, the device identifies work stations configured for Multicast sessions, and which Multicast routers are sending Multicast frames.
• Higher bandwidth connections • Improved bandwidth granularity • High bandwidth server connectivity A LAG is composed of ports with the same speed set to full-duplex operation. DHCP Server Dynamic Host Configuration Protocol is a method of managing network parameter assignment from a single DHCP server. The Dynamic Host Configuration Protocol (DHCP) automates the assignment of IP addresses, subnet masks, default gateway, and other IP parameters.
Class of Service (CoS) Features The PowerConnect 28xx system enables users to define various services for traffic classes of service. The underlying mechanism for supporting bandwidth management and control is based on the use of multiple priority queues for classifying traffic. The switches support four queues per port. A CoS is defined by the user, whereby packets are related to the same Class of Service. After a packet has been classified, it is assigned to one of the queues.
2 Hardware Description Switch Port Configurations PowerConnect 28xx Front and Back Panel Port Description The Dell™ PowerConnect™ 28xx switches use 10/100/1000BASE-T ports on the front panel for connecting to a network. The Gigabit Ethernet ports can operate at 10, 100 or 1000 Mbps. These ports support autonegotiation, duplex mode (Half or Full duplex), and flow control. The combo 1000 Mbps optical ports can only operate at 1000 Mbps, full-duplex mode.
Figure 2-2. PowerConnect 2808 Back Panel Figure 2-3. PowerConnect 2816 Front Panel On the front panel there are 16 ports which are numbered 1 to 16, top down and left to right. On each port there are LEDs to indicate the port status. On the left side of the front panel is the Managed Mode LED which indicates the Ethernet switch operational status and the management mode. The Power LED on the front panel indicates whether the device is powered on or not.
Figure 2-5. PowerConnect 2824 Front Panel On the front panel there are 24 ports which are numbered 1 to 24, top down and left to right. On each port there are LEDs to indicate the port status. There are two SFP (Small Form-Factor Plugable) ports, designated as ports 23 and 24, for fiber connection.
Figure 2-6. PowerConnect 2824 Back Panel Figure 2-7. PowerConnect 2848 Front Panel On the front panel there are 48 ports, which are numbered 1 to 48, top down and left to right. On each port, there are LEDs to indicate the port status. There are four SFP (Small Form-Factor Plugable) ports, designated as ports 45, 46, 47 and 48, for fiber connection. The four combo ports are logical ports with two physical connections: • An RJ-45 connection for Twisted Pair (TP) copper cabling.
button, located on the right side on the front panel is used to transition between management modes and to reset the device. For more information about management modes and transitioning between them, see "Management Modes" on page 49. Fans are provided on the side panel. The back panel contains an AC Power Supply Interface. The following figure illustrates the back panel of the PowerConnect 2848 device. Figure 2-8.
Power LED On the PowerConnect 28xx front panel there is a Power LED. The following table describes the Power Supply status LED indications. Table 2-1. Power LED Indications LED Color Description Green Solid The switch is turned on. Off The switch is not turned on. Managed Mode LED On the PowerConnect 28xx front panel there is a Managed Mode LED monitoring the switch node as well as indicating diagnostic test results. The following table describes the Managed Mode LED indications.
Figure 2-9. RJ-45 Copper-based 10/100/1000BASE-T LEDs The RJ-45 LED indications are described in the following table: Table 2-4. RJ-45 Copper based 10/100/ 1000BASE-T LED Indications LED Color Description Left LED Green Solid The port is linked at 1000 Mbps. Green Flashing The port is transmitting or receiving data at 1000 Mbps. Amber Solid The port is linked at either 10 or 100 Mbps. Amber Flashing The port is transmitting or receiving data at 10 or 100 Mbps. Off No link is established.
Cables, Port Connections, and Pinout Information This section explains the switch physical interfaces, and provides information about cables and port connections. Copper cable diagnostics are supported. High-speed workstations, hubs, routers, or other switches are connected through standard RJ-45 connectors to the switch physical interface ports, located on the front panel. For each device, the supported mode is set to Half Duplex, Full Duplex, and Auto.
Table 2-7. RJ-45 Pin Number Allocation for 10/100/ 1000BASE-T Ethernet Port Pin No Function 6 TxRx 3- 7 TxRx 4+ 8 TxRx 4- SFP Ports The PowerConnect 2824 switch supports two SFP transceivers combo ports, and the PowerConnect 2848 switch supports four SFP transceivers combo ports for various fiber-based modules (1000BASE-SX or 1000BASE-LX). Only one of the two physical connections of a combo port can be used at any time.
Table 2-8. SFP Pin Connections Pin No Use 15 Receiver power supply 16 Transmitter power supply 17 Transmitter ground (common with receiver ground) 18 Transmitter non-inverted data in 19 Transmitter inverted data in 20 Transmitter ground (common with receiver ground) Power Connectors The PowerConnect 28xx is powered by using the AC internal power supply. Internal Power Supply Connector The PowerConnect 28xx supports a single internal power supply to provide power for switching operations.
3 Installing the PowerConnect Device This section contains information about device unpacking, location, installation, and cable connections. Installation Precautions CAUTION Before performing any of the following procedures, read and follow the safety instructions located in the System Information Guide included in the Dell Documentation.
Site Requirements The PowerConnect 28xx can be mounted in a standard equipment rack, placed on a tabletop, or mounted on the wall. Before installing the device, verify that the site selected for the device meets the following site requirements: • Power — The device is installed within 1.5 m (5 feet) of a grounded, easily accessible outlet 220/110 VAC, 50/60 Hz. If the device has two power supplies, the site should have two power outlets with different power feeders.
5 Inspect the product for damage. Report any damage immediately. Mounting the Device Overview There are three device mounting options: • Installing in a Rack • Installing on a Flat Surface • Installing on a Wall Device Rack Installation CAUTION Read the safety information in the Product Information Guide as well as the safety information for other devices that connect to or support the switch. CAUTION Disconnect all cables from the device before mounting the device in a rack or cabinet.
Figure 3-1. Bracket Installation for Rack Mounting 2 Insert the supplied screws into the rack mounting holes and tighten with a screwdriver. 3 Repeat the process for the rack-mounting bracket on the other side of the device. 4 Insert the device into the rack, ensuring the rack-mounting holes on the device line up to the mounting hole on the rack. 5 Secure the device to the rack with the rack screws (not provided). Fasten the lower pair of screws before the upper pair of screws.
Installing on a Wall To mount the device on a wall: 1 Ensure that the mounting location meets the following requirements: • The surface of the wall must be capable of supporting the device. • Allow at least 2 inches (5.1 cm) space on the sides for proper ventilation and 5 inches (12.7 cm) at the back for power cable clearance. • The location must not be exposed to direct sunlight.
6 On the wall mark the locations where the screws to hold the device must be prepared. 7 On the marked locations, drill the holes and place all plugs (not provided) in the holes. 8 Secure the device to the wall with screws (not provided). Ensure that the ventilation holes are not obstructed. Figure 3-3. Mounting Device on a Wall Connecting the Device To configure the device, the device must be connected to a terminal.
NOTE: Do not plug a phone jack connector into an RJ-45 port. This will damage the Ethernet device. Use only twisted-pair cables with RJ-45 connectors that conform to FCC standards. NOTE: If auto negotiation is turned off on the ports, a straight through cable must be used. To connect the device to the network: 1 Attach one end of a Twisted-Pair cable to the device’s RJ-45 connector and the other end to a switch or server. 2 Make sure each twisted pair cable does not exceed 328 feet (100 meters) in length.
3 Connect the female connector of the RS-232 crossover cable directly to the device Console port on the device, and tighten the captive retaining screws. The Console port is located on the back panel. Connecting to Console Port Connecting a Device to a Power Supply 1 Connect the supplied standard AC power cable to the AC connector on the back panel. 2 Do not connect the power cable to a grounded AC outlet at this time.
Port Connections, Cables, and Pinout Information This section explains the device’s physical interfaces, and provides information about port connections. Connector types, ports and cables are summarized in Ports, Connectors, and Cables. Copper Cable and Optical Transceiver Diagnostics are supported. RJ-45 Connections for 10/100/1000BaseT Ports The 10/100/1000BaseT ports are copper twisted-pair ports.
Port Default Settings The general information for configuring the device ports includes the short description of the autonegotiation mechanism and the default settings for switching ports. Auto-Negotiation Auto-negotiation enables automatic detection of speed, duplex mode and flow control on switching 10/100/1000BaseT ports. Auto-negotiation is enabled per port by default.
Switching Port Default Settings The following table gives the port default settings. Table 3-3.
Dell PowerConnect 28xx Systems User Guide
4 Starting and Configuring the Device After completing all external connections, procede as follows: • If the device is to be used as an unmanaged switch, there is no need for a terminal connection. • A terminal connection is required if the device is to be used in a managed mode. NOTE: The PowerConnect 2808 has an internal serial port. NOTE: Before proceeding, read the release notes for this product. The release notes can be downloaded from http://support.dell.com.
Figure 4-1.
3 Deactivate the AC power receptacle. 4 Connect the device to the AC receptacle. 5 Activate the AC power receptacle. When the power is turned on with the local terminal already connected, the device goes through Power On Self Test (POST). POST runs every time the device is initialized and checks hardware components to determine if the device is fully operational before completely booting. If a critical problem is detected, the program flow stops.
• SNMP Community String and SNMP Management System IP address (optional) • Username and Password • Device IP address • IP subnet mask • Default Gateway IP address The Setup Wizard displays the following information: Welcome to Dell Easy Setup Wizard. The Setup Wizard guides you through the initial switch configuration, and gets you up and running as quickly as possible. You can skip the setup wizard, and enter CLI mode to manually configure the switch.
To setup the SNMP management account you must specify the management system IP address and the "community string" or password that the particular management system uses to access the switch. The wizard automatically assigns the highest access level [Privilege Level 15] to this account. You can use Dell Network Manager or CLI to change this setting, and to add additional management systems. For more information on adding management systems, see the user documentation.
Wizard Step 4 The following information displays: Finally, setup the default gateway. Please enter the IP address of the gateway from which this network is reachable(e.g. 192.168.1.1).Default gateway (A.B.C.D):[10.6.22.97] Enter the default gateway. Press Enter. The following is displayed (as per the example parameters described): This is the configuration information that has been collected: ============================================================== SNMP Interface = Dell_Network_Manager@0.0.0.
Retrieving an IP Address From a DHCP Server When using the DHCP protocol to retrieve an IP address, the device acts as a DHCP client. When the device is reset, the DHCP command is saved in the configuration file, but not the IP address. To configure the device so it will retrieve an IP address from a DHCP server, use the web interface (see "Defining DHCP Server Settings" on page 83). NOTE: It is not necessary to delete the device configuration to retrieve an IP address from the DHCP server.
Processor: FireFox 88E6218 ARM946E-S , 64 MByte SDRAM. I-Cache 8 KB. D-Cache 8 KB. Cache Enabled. Autoboot in 2 seconds - press RETURN or Esc. to abort and enter prom. Preparing to decompress... 2 When the auto-boot message appears, press to get the Startup menu. The Startup menu procedures can be done using the ASCII terminal or Windows HyperTerminal.
Erasing the Device Configuration 1 From the Startup menu, press [2] within two seconds to erase flash file. The following message is displayed: Warning! About to erase a Flash file. Are you sure (Y/N)? y 2 Press Y. The following message is displayed. Write Flash file name (Up to 8 characters, Enter for none.):config File config (if present) will be erased after system initialization ======== Press Enter To Continue ======== 3 Enter config as the name of the flash file.
3 Enter copy tftp://{tftp address}/{file name} image to copy a new system image to the device. When the new image is downloaded, it is saved in the area allocated for the other copy of system image. The following is an example of the information that appears: console# copy tftp://176.215.31.3/file1.ros image Accessing file ‘file1’ on 176.215.31.3Ö Loading file1 from 176.215.31.
session. Do you want to continue (y/n) [n]? 5 Enter y. The device reboots. Management Modes The device supports the following modes: • Managed Mode — Provides switch management through the web interface. From Managed mode, you can move to Unmanaged mode by pressing the Mode button on the device, or you can move to Secure mode using the web interface (see "Entering Secure Mode" on page 63). Before leaving Managed mode it is highly recommended to save the configuration (see "Uploading Files" on page 82).
Transitioning Between Modes The following diagram summarizes movement between modes: Figure 4-2.
Returning to Managed Mode When returning to Managed mode from either Unmanaged or Secure mode, the Restore Saved Configuration page appears. This page can be used to retrieve a saved configuration. You can also change the device IP address using this page. Figure 4-3. Restore Saved Configuration • Local Configuration — No saved configuration is loaded. • Server IP Address/File Name — Loads a previously saved configuration.
Dell PowerConnect 28xx Systems User Guide
5 Using Dell OpenManage Switch Administrator This section provides an introduction to the user interface. Understanding the Interface The home page contains the following views: • Tree View — Located on the left side of the home page, the tree view provides an expandable view of the features and their components. • Device View — Located on the right side of the home page, the device view provides a view of the device, an information or table area, and configuration instructions. Figure 5-1.
Table 5-1. Interface Components Component Name 1 The tree view contains a list of the different device features. The branches in the tree view can be expanded to view all the components under a specific feature, or retracted to hide the feature's components. By dragging the vertical bar to the right, the tree area can be expanded to display the full name of a component.
The port coloring indicates if a specific port is currently active. Ports can be the following colors: Table 5-2. Led Indicators Component Name Port Indicators Green The port is currently enabled. Red An error has occurred on the port. Blue The port is currently disabled. NOTE: The Port LEDs are not reflected in PowerConnect front panel in the PowerConnect OpenManage Switch Administrator. LED status can only be determined by viewing the actual device.
Device Management Buttons Device Management buttons provide an easy method of configuring device information, and includes the following: Table 5-4. Device Management Buttons Button Description Apply Changes Applies changes to the device. Add Adds information to tables or dialogs. Telnet Starts a Telnet session. Query Queries tables. Show All Displays the device tables. Left arrow/Right arrow Moves information between lists. Refresh Refreshes device information.
• Management — This is a read-write mode where you can see and edit all pages of the interface. • Monitor — This is a read-only mode where you can see a subset of the interface pages, but you cannot edit them. For more information about setting the access level, see ("Defining the Local User Databases" on page 69).
Dell PowerConnect 28xx Systems User Guide
6 Configuring System Information This section provides information for defining system parameters including security features, downloading device software, and resetting the device. To open the System page, click System in the tree view. Figure 6-1. System Defining General Device Information The General page contains links to pages for configuring device parameters.
Figure 6-2. Asset 60 • System Name (0-159 Characters) — Defines the user-defined device name. • System Contact (0-159 Characters) — Specifies the name of the contact person. • System Location (0-159 Characters) — Specifies the location where the system is currently running. • MAC Address — Specifies the device MAC address. • Sys Object ID — Specifies the vendor's authoritative identification of the network management subsystem contained in the entity.
Defining System Information: 1 Open the Asset page. 2 Define the relevant fields. 3 Click Apply Changes. The system parameters are defined, and the device is updated. Initiating a Telnet Session: 1 Open the Asset page. 2 Click Telnet. A Telnet session is initiated. Viewing the Versions Page The Versions page contains information about the hardware and software versions currently running. To open the Versions page, click System→ General→ Versions in the tree view. Figure 6-3.
Resetting the Device The Reset page enables the device to be reset from a remote location. For more information about saved Configuration files, see "Managing Files" on page 80. To open the Reset page, click System → General → Reset in the tree view. Figure 6-4. Reset Resetting the Device 1 Open the Reset page 2 Click reset. A confirmation message displays. 3 Click OK. The device is reset. After the device is reset, a prompt for a user name and password displays.
Entering Secure Mode The Secure Mode page allows you to put the device in the Secure management mode. Once enabled, it prevents users from making any further configuration changes to the switch. This is done by removing the IP address of the switch so that it becomes inaccessible. In Secure Mode the switch retains configuration through power cycles just like in Managed Mode. To use Secure Mode, configure the device in Managed Mode, and then switch to Secure Mode via the web interface.
Defining Device IP Addresses The IP Addressing page contains links for assigning interface and default gateway IP addresses, and enabling or disabling DHCP. To open the IP Addressing page, click System → IP Addressing in the tree view. Defining IP Interface Parameters The IP Interface Parameters page is used to select whether the device IP address, mask and/or gateway is assigned statically, or dynamically using DHCP.
• DHCP Default Gateway — Defines the Default Gateway Address received from the DHCP server. • Apply DHCP Address — Activates the IP Address, Subnet Mask Address, and Default Gateway Address, received from the DHCP server. Enabling DHCP: 1 Open the IP Interface Parameters page. 2 Set DHCP to Enable. 3 Click the Apply DHCP Address checkbox. 4 Click Apply Changes. DHCP is enabled and the device is updated. Setting static IP Interface parameters: 1 Open the IP Interface Parameters page.
Figure 6-7. Integrated Cable Test for Copper Cables • Port — The port to which the cable is connected. • Test Result — The cable test results. Possible values are: – No Cable — There is no cable connected to the port. – Open Cable — The cable is connected on only one side. – Short Cable — The cable is 2 meters long. – OK — The cable passed the test. – Fiber Cable — A fiber cable is connected to the port. • Cable Fault Distance — The distance from the port where the cable error occurred.
Displaying Virtual Cable Test Results Table 1 Open the Integrated Cable Test for Copper Cables page. 2 Click Show All. The Virtual Cable Test Results Table opens. Viewing Optical Transceiver Diagnostics The Optical Transceiver Diagnostics page contains fields for performing tests on Fiber Optic cables. Optical transceiver diagnostics can be performed only when the link is present. To open the Optical Transceiver Diagnostics page, click System→ Diagnostics→ Optical Transceiver Diagnostics in the tree view.
• Loss of Signal — Indicates if a signal loss occurred in the cable. • Data Ready — The transceiver has achieved power up and data is ready. Displaying Optical Transceiver Diagnostics Test Results Table 1 Open the Optical Transceiver Diagnostics page. 2 Click Show All. The test is run and the Virtual Cable Test Results Table opens with the following columns: • Temp — Internally measured transceiver temperature. • Voltage — Internally measured supply voltage. • Current — Measured TX bias current.
Managing Device Security The Management Security page provides access to security pages that contain fields for setting security parameters for user database, password and RADIUS security. To open the Management Security page, click System→Management Security in the tree view. Defining the Local User Databases The Local User Database page contains fields for defining users, passwords and access levels.
4 Click Apply Changes. The user access rights and passwords are defined, and the device is updated. Defining a New User: 1 Open the Local User Database page. 2 Click Add. The Add User page opens: Figure 6-10. Add a User 3 Define the fields. 4 Click Apply Changes. The new user is defined, and the device is updated. Displaying the Local User Table: 1 Open the Local User Database page. 2 Click Show All. The Local User Table opens: Figure 6-11.
2 Click Show All. The Local User Table opens. 3 Select a User Name. 4 Select the Remove check box. 5 Click Apply Changes. The selected user is deleted and the device is updated. Configuring RADIUS Global Parameters Remote Authorization Dial-In User Service (RADIUS) servers provide additional security for networks.
• Priority (0-65535) — Specifies the server priority. The possible values are 0-65535, where 0 is the highest value. This is used to configure the order in which servers are queried. • Authentication Port — Identifies the authentication port. The authentication port is used to verify the RADIUS server authentication. • Number of Retries (1-10) — Specifies the number of transmitted requests sent to RADIUS server before a failure occurs. The possible field values are 1 - 10. Three is the default value.
2 Click Add. The Add RADIUS Server page opens: Figure 6-13. Add RADIUS Server Page 3 Define the fields. 4 Click Apply Changes. The new RADIUS server is added, and the device is updated. Displaying the RADIUS Server List: 1 Open the RADIUS Settings page. 2 Click Show All. The Show all RADIUS Servers page opens: Figure 6-14. Show all RADIUS Servers Modifying the RADIUS Server Settings: 1 Open the RADIUS Settings page.
2 Click Show All. The RADIUS Servers List page opens. 3 Modify the relevant fields. 4 Click Apply Changes. The RADIUS Server settings are modified, and the device is updated. Deleting a RADIUS Server for the RADIUS Servers List: 1 Open the RADIUS Settings page. 2 Click Show All. The RADIUS Servers List page opens. 3 Select a RADIUS Server in the RADIUS Servers List. 4 Select the Remove check box. 5 Click Apply Changes. The RADIUS server is removed from the RADIUS Servers List.
Defining SNMP Global Parameters The SNMP Global Parameters page permits enabling both SNMP and Authentication notifications.To open the SNMP Global Parameters page, click System → SNMP → Global Parameters in the tree view. Figure 6-15. Global Parameters • SNMP Notifications — Enables or disables the device sending SNMP notifications. • Authentication Notifications — Enables or disables the device sending SNMP traps when authentication fails.
Defining Communities Access rights are managed by defining communities in the Community Table. When the community names are changed, access rights are also changed.To open the SNMP Community page, click System → SNMP → Community in the tree view. Figure 6-16. SNMP Community • SNMP Management Station — A list of management station IP addresses. • Community String — Functions as a password and used to authenticate the selected management station to the device.
Figure 6-17. Add SNMP Community 3 Select one of the following: – SNMP Management Station — Defines an SNMP community for a specific management station. – All — Defines an SNMP community for all management stations. 4 Define the remaining fields. 5 Click Apply Changes. The new community is saved, and the device is updated. Displaying all Communities 1 Open the SNMP Community page. 2 Click Show All. The Community Table opens: Figure 6-18.
4 Select the Remove check box. 5 Click Apply Changes. The selected community entry is deleted, and the device is updated. Defining SNMP Notification Recipients The Notification Recipients page contains information for defining filters that determine whether traps are sent to specific users, and the trap type sent.
– • SNMPv2 — SNMP Version 2 traps are sent. Remove Notification Recipient — When checked, removes selected notification recipients. Adding a new Trap Recipients 1 Open Notification Recipients page. 2 Click Add. The Add Notification Recipients page opens: 3 Define the relevant fields. 4 Click Apply Changes. The notification recipient is added, and the device is updated. Displaying Notification Recipients Tables 1 Open Notification Recipients page. 2 Click Show All.
2 Click Show All. The Notification Recipients Tables page opens. 3 Select a notification recipient. 4 Check the Remove checkbox. 5 Click Apply Changes. The recipient is deleted, and the device is updated. Managing Files The File Management page contains fields for managing device software, the Image Files, and the Configuration Files. Files can be downloaded from a TFTP server.
Figure 6-21. File Download From Server • Firmware Download — The Firmware file is downloaded. If Firmware Download is selected, the Configuration Download fields are grayed out. • Configuration Download — The Configuration file is downloaded. If Configuration Download is selected, the Firmware Download fields are grayed out. • Download via TFTP — Enables initiating an image download via the TFTP server. • Download via HTTP — Enables initiating an image download via the HTTP server.
• Source File Name (1-64 Characters) — Indicates the configuration files to be downloaded. During the image file download, a dialog box opens which displays the download progress. Downloading Files 1 Open the File Download From Server page. 2 Define the fields. 3 Click Apply Changes. The software is downloaded to the device. Uploading Files The File Upload to Server page contains fields for uploading the Configuration file from the device to the TFTP server.
Uploading Files 1 Open the File Upload to Server page. 2 Define the fields. 3 Click Apply Changes. The software is uploaded to the device. Restoring Default Settings The Restore Defaults page allows you to restore the device settings to their factory default values. To open the Restore Defaults page, click System → File Management → Restore Defaults in the tree view. Figure 6-23.
The DHCP server uses a defined pool of IP addresses (user-defined) from which it allocates IP addresses to DHCP clients. The DHCP server can allocate IP addresses in three configuration modes: • Static allocation — The network administrator maps the hardware address of a host to an IP address on the DHCP server.
• • DHCP Ping — Indicates if the DHCP server is set to ping the offered IP address before responding to a client request, to ensure that the address is not in use. The possible field values are: – Enable — Enables ping on the DHCP server. – Disable — Disables ping on the DHCP server. This is the default value. DHCP Ping Retries— Optionally specifies the number of pings that are sent before an IP address can be assigned to a requesting client. The range is 1 to 10 and the default value is two.
Figure 6-25. Network Pool 86 • Subnet IP Address — Specifies the IP address of the subnet in which the network pool resides. • Network Mask — Specifies the pool’s network mask. • Prefix Length — Specifies the number of bits that comprise the address prefix. • Address Pool Start — Specifies the first IP address in the range of the network pool. • Address Pool End — Specifies the last IP address in the range of the network pool.
• Domain Name — Specifies the domain name for a DHCP client. The domain name may contain up to 32 characters. • NetBIOS WINS Server — Specifies the NetBIOS WINS name server available to a DHCP client. • NetBIOS Node Type — A parameter that informs the workstation how to resolve the NetBIOS name. Valid node types are: – Blank — The workstation is not informed as to what type of NetBIOS node the client is.
Figure 6-26. Excluded Addresses • Start IP Address — Displays the first IP address in the range of excluded IP addresses. • End IP Address — Displays the last IP address in the range of excluded IP addresses. Adding an Excluded Address 1 Open the Excluded Addresses page. 2 Click Add. The Add Excluded page opens: Figure 6-27. Add Excluded 3 Define the relevant fields. 4 Click Apply Changes. The address is excluded, and the device is updated.
Manually Allocating IP Addresses (Static Hosts) The Static Hosts page is used to manually allocate IP addresses to network hosts. To open the Static Hosts page, click System → DHCP Server → Static Hosts in the tree view. Figure 6-28. Static Hosts • Host Name — Indicates the host pool name, which can be a string of symbols and an integer (for example, piy4). The range is up to 32 characters. • IP Address — Specifies the IP address that was statically assigned to the host.
• NetBIOS WINS Server — Specifies the NetBIOS WINS name server available to a Microsoft DHCP static host. • NetBIOS Node Type — Informs the workstation how to resolve the NetBIOS name. Valid node types are: – Blank — The workstation is not informed as to which type of NetBIOS node the client is. – Broadcast — IP broadcast messages are used to register and resolve NetBIOS names to IP addresses.
Figure 6-29. Add Static Host 3 Define the relevant fields. 4 Click Apply Changes. The static host is added, and the device is updated. Displaying Static Hosts Tables 1 Open the Static Hosts page. 2 Click Show All. The Static Hosts Table page opens: Figure 6-30.
Deleting Static Hosts 1 Open the Static Hosts page. 2 Click Show All. The Static Hosts Table page opens. 3 Check the Remove checkbox next to a static host. 4 Click Apply Changes. The host is deleted, and the device is updated. Configuring Address Binding The Address Binding page displays a list of the DHCP server’s allocated IP addresses and each IP address’s client identifier, lease expiration time, and allocation type.
Defining Advanced Settings The Advanced Settings page contains information for configuring general settings. Use Advanced Settings to set miscellaneous global attributes for the device. The changes to these attributes are applied only after the device is reset. To open the Advanced Settings page, click System → Advanced Settings in the tree view. Configuring General Device Parameters The General Settings page provides information for defining general device parameters.
Update with your book title
7 Configuring Device Switching This section provides all system operation and general information for configuring network security, ports, Address tables, GARP, VLANs, Spanning Tree, Port Aggregation, and Multicast Support. Configuring Network Security The device enables network security through both Access Control Lists and Locked Ports. Port Based Authentication (802.1x) Port based authentication enables authenticating system users on a per-port basis via a external server.
Advanced Port Based Authentication is implemented in the following modes: • Single Host Mode — Enables only the authorized host for single-session access to the port. • Multiple Host Mode — Enables multiple hosts to be attached to a single port, for single-session access. Only one host must be authorized for all hosts to access the network. If the host authentication fails or an EAPOL-logoff message is received, all attached clients are denied network access.
• – None — No authentication method is used to authenticate the port. – RADIUS — Port authentication is performed using the RADIUS server. – RADIUS, None — Port authentication is performed first using the RADIUS server. If the port is not authenticated, then no authentication method is used, and the session is permitted. Guest VLAN — Specifies whether the Guest VLAN is enabled on the device. The possible field values are: – Enable — Enables using a Guest VLAN for unauthorized ports.
– Authenticated ports remain unauthenticated VLAN and Guest VLAN members. Static VLAN configuration is not applied to the port. – The following list of VLANs cannot participate in DVA: an Unauthenticated VLAN, a Dynamic VLAN that was created by GVRP, a Voice VLAN, a Default VLAN and a Guest VLAN. – Network administrators can delete the supplicant VLAN while the supplicant is logged in.
Figure 7-2. Port Based Authentication Table Termination Cause — The reason for which the port authentication was terminated. Copy To Checkbox — Copies port parameters from one port to the selected ports. Select All — Selects all ports in the Port Based Authentication Table. Copying Parameters in the Port Based Authentication Table 1 Open the Port Based Authentication page. 2 Click Show All. The Port Based Authentication Table opens. 3 Select the interface in the Copy Parameters from field.
Configuring Advanced Port Based Authentication The Multiple Hosts page provides information for defining advanced port based authentication settings for specific ports. To open the Multiple Hosts, click Switch →Network Security → Multiple Hosts. Figure 7-3. Multiple Hosts • Port — The port number for which Advanced Port Based Authentication is enabled. • Host Authentication — Defines the host authentication type.
• Trap Frequency (1-1000000) (Sec) — Defines the time period by which traps are sent to the host. The Trap Frequency (1-1000000) field can be defined only if the Multiple Hosts field is defined as Disable. The default is 10 seconds. • Status — The host status. The possible field values are: • – Unauthorized — Clients (supplicants) have full port access. – Authorized — Cents (supplicants) have limited port access.
Authenticating Users The Authenticated Users page displays user port access lists. To open the Authenticated Users page, click Switch → Network Security → Authenticated Users. Figure 7-5. Authenticated Users • User Name — List of users authorized via the RADIUS Server. • Port — The port number(s) used for authentication - per user name. • Session Time — The amount of time the user was logged on to the device.
Configuring Ports The Ports page contains links to port functionality pages including advanced features, such as Green Ethernet, Storm Control and Port Mirroring. To open the Ports page, click Switch → Ports. Defining Port Parameters The Port Configuration page contains fields for defining port parameters. To open the Port Configuration page, click Switch → Ports → Port Configuration in the tree view. Figure 7-7. Port Configuration • Port — The port number for which port parameters are defined.
• Admin Speed — The configured rate for the port. The port type determines what speed setting options are available. Admin speed can only be designated when auto negotiation is disabled on the configured port. • Current Port Speed — The actual currently configured port speed (bps). • Admin Duplex — The port duplex mode can be either Full or Half. Full indicates that the interface supports transmission between the device and its link partner in both directions simultaneously.
Defining Port Parameters 1 Open the Port Configuration page. 2 Select a port in the Port Field. 3 Define the remaining fields. 4 Click Apply Changes. The port parameters are saved to the device. Modifying Port Parameters 1 Open the Port Configuration page. 2 Select a port in the Port Field. 3 Modify the remaining fields. 4 Click Apply Changes. The port parameters are saved to the device. Displaying the Port Configuration Table: 1 Open the Port Configuration page. 2 Click Show All.
The LAG Configuration page contains fields for configuring parameters for configured LAGs. The device supports up to four LAGs, each having six members. For information about Link Aggregated Groups and assigning ports to LAGs, refer to Aggregating Ports. To open the LAG Configuration page, click Switch→ Ports→ LAG Configuration in the tree view. If port configuration is modified while the port is a LAG member, the configuration change is only effective after the port is removed from the LAG. Figure 7-9.
• Admin Status — Enables or disables traffic forwarding through the selected LAG. • Current LAG Status — Indicates if the LAG is currently operating. • Operational Status — Operational status of the LAG. • Admin Auto Negotiation — Enables or disables Auto Negotiation on the LAG. Auto-negotiation is a protocol between two link partners that enables a LAG to advertise its transmission rate and flow control (the flow control default is enabled) abilities to its partner.
The LAG Configuration Table opens: Figure 7-10. LAG Configuration Table Configuring Green Ethernet Green Ethernet, also known as Energy Efficient Ethernet, is an effort to make networking equipment environmentally friendly, specifically by reducing power usage of Ethernet connections. The following methods are supported by the device: • Energy-Detect — Auto-detection of inactivity on a port, and subsequent turning down of transmit power.
Figure 7-11. Green Ethernet Configuration • Cumulative Energy Saved — The total amount of energy saved since the last reset. This amount is equal to the saved power multiplied by the time period in hours. – Reset — Click to set the Cumulative Power Saved counter back to 0. • Link Down Energy Saving Mode — Indicates whether the Energy-Detect energy saving mode is on or off for the device ports.
The Green Ethernet Ports Table includes the following port energy saving information: • Port — Indicates the port. • Energy-Detect — The status of the Energy-Detect mode on the link: • • – Admin — Whether the Energy-Detect has been enabled for the port. – Oper — Whether Energy-Detect is currently in force for the port. – Reason — If Admin indicates that Energy-Detect is enabled and Oper indicates it is not in force, this column gives the reason.
Figure 7-12. Storm Control • Port — The port from which storm control is enabled. • Broadcast Control — Enables or disables forwarding broadcast packet types on the device. • Mode — Specifies the Broadcast mode currently enabled on the device. The possible field value are: • – Unknown Unicast, Multicast & Broadcast — Counts unknown Unicast, Multicast, and Broadcast traffic. – Multicast & Broadcast — Counts Broadcast and Multicast traffic together.
Figure 7-13. Storm Control Table Defining Port Mirroring Sessions Port mirroring monitors and mirrors network traffic by forwarding copies of incoming and outgoing packets from one port or a number of ports (source port or ports) to a monitoring (destination) port. Port mirroring is configured by selecting a specific port to copy all packets, and different ports from which the packets copied.
The following restrictions apply to ports configured to be source ports: • Source Ports cannot be a LAG member. • Ports cannot be configured as a destination port. • All packets are transmitted tagged from the destination port. • Monitored all RX/TX packets to the same port. To open the Port Mirroring page, click Switch→ Ports→ Port Mirroring in the tree view. Figure 7-14. Port Mirroring • Destination Port — The port number to which port traffic is copied.
6 Click Apply Changes. The new source port is defined, and the device is updated. Deleting a Copy Port from a Port Mirroring Session 1 Open the Port Mirroring page. 2 Select the Remove check box. 3 Click Apply Changes. The selected port mirroring session is deleted, and the device is updated. Configuring Address Tables MAC addresses are stored in the Dynamic Address database. A packet addressed to a destination stored in the database is forwarded immediately to the port.
Figure 7-15. Dynamic Address Table • Address Aging (10-630) — Specifies the amount of time the MAC Address remains in the Dynamic Address Table before it is timed out if no traffic from the source is detected. The default value is 300 seconds. • Interface — Specifies the interface for which the table is queried. There are two interface types from which to select. – Port — Specifies the port numbers for which the table is queried. – LAG — Specifies the LAG for which the table is queried.
Querying the Dynamic Address Table 1 Open the Dynamic Address Table. 2 Define the parameter by which to query the Dynamic Address Table. Entries can be queried by Port, MAC Address, or VLAN ID. 3 Click Query. The Dynamic Address Table is queried. Sorting the Dynamic Address Table 1 Open the Dynamic Address Table. 2 From the Address Table Sort Key drop-down menu, select whether to sort addresses by address, VLAN ID, or interface. 3 Click Query. The Dynamic Address Table is sorted.
Figure 7-16. STP Global Settings • • • • Spanning Tree State — Enables or disables Spanning Tree on the device. The possible field values are: – Enable — Enables Spanning Tree – Disable — Disables Spanning Tree STP Operation Mode — The STP mode by which STP is enabled on the device. The possible field values are: – Classic STP — Enables Classic STP on the device. This is the default value. – Rapid STP — Enables Rapid STP on the device.
• Priority (0-61440 in steps of 4096) — Specifies the bridge priority value. When switches or bridges are running STP, each is assigned a priority. After exchanging BPDUs, the switch with the lowest priority value becomes the Root Bridge. The default value is 32768. The bridge priority value is provided in increments of 4096 (4K increments). For example, 0, 4096, 8192, etc. • Hello Time (1-10) — Specifies the device Hello Time.
Defining STP Port Settings The STP Port Settings page contains fields for assigning STP properties to individual ports. To open the STP Port Settings page, click Switch→ Spanning Tree→ Port Settings in the tree view. Figure 7-17. STP Port Settings • Select a Port — Port on which STP is enabled. • STP — Enables or disables STP on the port. • Fast Link — When selected, enables Fast Link mode for the port.
• • Port State — The current port STP state. If enabled, the port state determines what forwarding action is taken on traffic. Possible port states are: – Disabled — The port link is currently down. – Blocking — The port is currently blocked and cannot be used to forward traffic or learn MAC addresses. Blocking is displayed when Classic STP is enabled. – Listening — The port is currently in the listening mode. The port cannot forward traffic nor can it learn MAC addresses.
• Priority (0-240, in steps of 16) — The priority value of the port. The priority value influences the port choice when a bridge has two ports connected in a loop. The priority value is between 0-240. The priority value is provided in increments of 16. • Designated Bridge ID — The bridge priority and the MAC Address of the designated bridge. • Designated Port ID — The selected port’s priority and interface. • Designated Cost — The cost of the port participating in the STP topology.
Defining STP LAG Settings The STP LAG Settings page contains fields for assigning STP aggregating port parameters. To open the STP LAG Settings page, click Switch→ Spanning Tree→ LAG Settings in the tree view. Figure 7-18. STP LAG Settings 122 • Select a LAG — The user-defined LAG. For more information, see "Defining LAG Membership" on page 134. • STP — Enables or disables STP on the LAG. • Fast Link — Enables Fast Link mode for the LAG.
• • LAG State — Current STP state of a LAG. If enabled, the LAG state determines what forwarding action is taken on traffic. If the bridge discovers a malfunctioning LAG, the LAG is placed in the Broken state. Possible LAG states are: – Disabled — The LAG link is currently down. – Blocking — The LAG is blocked and cannot be used to forward traffic or learn MAC addresses. – Listening — The LAG is in the listening mode and cannot forward traffic or learn MAC addresses.
Modifying the LAG STP Parameters 1 Open the STP LAG Settings page. 2 Select a LAG from the Select a LAG drop-down menu. 3 Modify the fields as desired. 4 Click Apply Changes. The STP LAG parameters are modified, and the device is updated. Configuring Rapid Spanning Tree While Classic Spanning Tree guarantees preventing L2 forwarding loops in a general network topology, convergence can take up to 30-60 seconds. The convergence time is considered too long for many applications.
Figure 7-19. Rapid Spanning Tree (RSTP) • Interface — Port or LAG on which Rapid STP is enabled. • Role — The port role assigned by the STP algorithm in order to provide to STP paths. The possible field values are: • – Root — Provides the lowest cost path to forward packets to root device. – Designated — The port or LAG via which the designated device is attached to the LAN. – Alternate — Provides an alternate path to the root device from the root interface.
– Disable — Device establishes shared, half duplex links. – Auto — Device automatically determines the state. • Point-to-Point Operational Status — Displays the point-to-point operating state which depends on a link partner. • Activate Protocol Migration Test — Select to run a Protocol Migration Test. The test identifies the STP mode of the interface connected to the selected interface. – Checked — Runs a Protocol Migration Test on the interface after you click the Apply button.
Figure 7-20. VLAN Membership • Show VLAN — Lists and displays specific VLAN information according to VLAN ID or VLAN name. • VLAN Name — The user-defined VLAN name. • Unauthorized Users — Enables or disables unauthorized users from accessing a VLAN. • Remove VLAN — When selected, removes the VLAN from the VLAN Membership Table. Adding New VLANs 1 Open the VLAN Membership page. 2 Click Add. The Create New VLAN page opens.
Figure 7-21. Create New VLAN 3 Enter the VLAN ID and name. 4 Click Apply Changes. The new VLAN is added, and the device is updated. Modifying VLAN Membership Groups 1 Open the VLAN Membership page. 2 Select a VLAN from the Show VLAN drop-down menu. 3 Modify the fields as desired. 4 Click Apply Changes. The VLAN membership information is modified, and the device is updated. Deleting VLAN Membership Groups 1 Open the VLAN Membership page. 2 Select a VLAN in the Show VLAN field.
Table 7-1. VLAN Port Membership Table Port Control Definition U The interface is a VLAN member. Packets forwarded by the interface are untagged. F The interface is denied membership to a VLAN. Blank The interface is not a VLAN member. Packets associated with the interface are not forwarded. The VLAN Port Membership Table displays the ports and the ports states, as well as LAGs. Ports which are LAG members are not displayed in the VLAN Port Membership Table.
Defining VLAN Ports Settings The VLAN Port Settings page contains fields for managing ports that are part of a VLAN. The port default VLAN ID (PVID) is configured on the VLAN Port Settings page. All untagged packets arriving to the device are tagged by the ports PVID. To open the VLAN Port Settings page, click Switch→ VLAN→ Port Settings in the tree view. Figure 7-22. VLAN Port Settings • Port — The port number included in the VLAN. • PVID (1-4095)— Assigns a VLA N ID to untagged packets.
Displaying the VLAN Port Table 1 Open the VLAN Port Settings page. 2 Click Show All. The VLAN Port Table opens. Figure 7-23. VLAN Port Table Defining VLAN LAG Settings The VLAN LAG Setting page provides parameters for managing LAGs that are part of a VLAN. VLANs can either be composed of individual ports or of LAGs. Untagged packets entering the device are tagged with the LAGs ID specified by the PVID. To open the VLAN LAG Setting page, click Switch→ VLAN→ LAG Settings in the tree view.
Figure 7-24. VLAN LAG Setting • LAG — The LAG number included in the VLAN. • PVID — Assigns a VLAN ID to untagged packets. The possible field values are 1-4095. VLAN 4095 is defined as per standard and industry practice, as the discard VLAN. Packets classified to this VLAN are dropped. • Frame Type — Packet type accepted by the LAG. Possible values are: • – Admit Tag Only — Only tagged packets are accepted by the LAG. – Admit All — Tagged and untagged packets are both accepted by the LAG.
Aggregating Ports Port Aggregation optimizes port usage by linking a group of ports together to form a single Link Aggregated Group (LAG). Port Aggregation multiplies the bandwidth between the devices, increases port flexibility, and provides link redundancy. The device supports up to four LAGs, each having six members. Each LAG is composed of ports of the same speed, set to full-duplex operations.
Defining LAG Membership The LAG Membership page contains fields for assigning ports to LAGs. LAGs can include up to 6 ports. When a port is added to a LAG, the port acquires the LAG’s properties. If the port cannot be configured with the LAG properties, a trap is generated and the port operates with its default settings. The LAG Membership page contains fields for assigning ports to LAGs. To open the LAG Membership page, click Switch→ Link Aggregation→ LAG Membership in the tree view. Figure 7-25.
Defining Multicast Global Parameters Layer 2 switching forwards Multicast packets to all relevant VLAN ports by default, treating the packet as a Multicast transmission. While this is functional, in the sense that all relevant ports/nodes receive a copy of the frame, it is potentially wasteful as ports/nodes may receive irrelevant frames only needed by a subset of the ports of that VLAN.
Enabling IGMP Snooping on the Device 1 Open the Multicast Global Parameters page. 2 Select Enable in the IGMP Snooping Status field. 3 Click Apply Changes. IGMP Snooping is enabled on the device. Adding Bridge Multicast Address Members The Bridge Multicast Group page displays the ports and LAGs attached to the Multicast service group in the Ports and LAGs tables. The Port and LAG tables also reflect the manner in which the port or LAGs joined the Multicast group.
• Ports — Port that can be added to a Multicast service. • LAGs — LAGs that can be added to a Multicast service. The following table contains the IGMP port and LAG members management settings: D The port/LAG has joined the Multicast group dynamically in the Current Row. F The port/LAG is excluded from this Multicast group. S Attaches the port to the Multicast group as static member in the Static Row. The port/LAG has joined the Multicast group statically in the Current Row.
4 Toggle a port to S to join the port to the selected Multicast group. 5 Toggle a port to F to forbid adding specific Multicast addresses to a specific port. 6 Click Apply Changes. The bridge Multicast address is assigned to the Multicast group, and the device is updated. Defining Ports to Receive Multicast Service 1 Open the Bridge Multicast Group page. 2 Define the VLAN ID and the Bridge Multicast Address fields. 3 Toggle a port to S to join the port to the selected Multicast group.
Figure 7-29. Bridge Multicast Forward All • VLAN ID — Identifies a VLAN. • Ports — Ports that can be added to a Multicast service. • LAGs — LAGs that can be added to a Multicast service. The contains the settings for managing router and port settings. Port Control Definition F The port/LAG is excluded from this Multicast group. S Attaches the port to the Multicast router or switch as a static port. Blank The port is not attached to a Multicast router or switch.
Attaching a Port to a Multicast Router or Switch 1 Open Bridge Multicast Forward All page. 2 Define the VLAN ID field. 3 Select a port in the Ports table, and assign the port a value. 4 Click Apply Changes. The port is attached to the Multicast router or switch. Attaching a LAG to a Multicast Router or Switch 1 Open Bridge Multicast Forward All page. 2 Define the VLAN ID field. 3 Select a port in the LAGs table, and assign the LAG a value. 4 Click Apply Changes.
IGMP Snooping The IGMP Snooping page contains fields for adding IGMP members. To open the IGMP Snooping page, click Switch→ Multicast Support→ IGMP Snooping in the tree view. Figure 7-30. IGMP Snooping • VLAN ID — Specifies the VLAN ID. • IGMP Snooping Status — Enables or disables IGMP snooping on the VLAN. • Auto Learn — Enables or disables Auto Learn on the device. • IGMP Querier Status — Enables or disables the IGMP Querier.
Enabling IGMP Snooping on the Device 1 Open the IGMP Snooping page. 2 Select the VLAN ID for the device on which IGMP snooping needs to be enabled. 3 Select Enable in the IGMP Snooping Status field. 4 Complete the fields on the page. 5 Click Apply Changes. IGMP snooping is enabled on the device. Displaying the IGMP Snooping Table 1 Open the IGMP Snooping. 2 Click Show All. The IGMP Snooping Table opens. Figure 7-31.
8 Viewing Statistics The Statistic pages contains links to device information for RMON, and CPU utilization.
Viewing RMON Statistics Remote Monitoring (RMON) contains links for viewing network information from a remote location. To open the RMON page, click Statistics/RMON→ RMON in the tree view. Viewing RMON Statistics Group The RMON Statistics Group page contains fields for viewing information about device utilization and errors that occurred on the device. To open the RMON Statistics Group page, click Statistics/RMON→ RMON→ Statistics in the tree view. Figure 8-1.
• Interface — Specifies the port or LAG for which statistics are displayed. • Refresh Rate — Amount of time that passes before the statistics are refreshed. • Drop Events — Number of dropped events that have occurred on the interface since the device was last refreshed. • Received Bytes (Octets) — Number of octets received on the interface since the device was last refreshed. This number includes bad packets and FCS octets, but excludes framing bits.
Viewing the CPU Utilization The CPU Utilization page contains information about the system’s CPU utilization and percentage of CPU resources consumed by each stacking member. Each stacking member is assigned a color on the graph. The range of the utilization reading is from 0 to 200%. The maximum reading of 200% for a full duplex connection indicates that 100% of bandwidth of incoming and outgoing connections is used by the traffic traveling through the interface.
9 Configuring Quality of Service This section provides information for defining and configuring Quality of Service (QoS) parameters. To open the Quality of Service page, click Quality of Service in the tree view. An implementation example that requires QoS includes certain types of traffic such as Voice, Video and real-time traffic which can be assigned a high priority queue, while other traffic can be assigned a lower priority queue. The result is an improved traffic flow for traffic with high demand.
DSCP values can be mapped to priority queues. The following table contains the default DSCP mapping to forwarding queue values: Table 9-2. DSCP to Queue Mapping Table Default Values DSCP Value Forwarding Queue Values 0-15 q1 16-31 q2 32-47 q3 48-63 q4 DSCP mapping is enabled on a per-system basis. CoS Services After packets are assigned to a specific queue, CoS services can be assigned to the queue(s).
Defining CoS Global Parameters Class of Service (CoS) global parameters are set from the CoS Settings page. To open the CoS Settings page, click Quality of Service→ CoS Global Parameters → CoS Settings in the tree view. Figure 9-1. CoS Settings • Cos Mode — Enables or disables managing network traffic using Quality of Service. • Trust Mode — Determines which packet fields to use for classifying packets entering the device.
Trust is selected. Defining QoS Interface Settings The Interface Settings page contains fields for defining, per interface, if the selected Trust mode is to be activated. The default priority for incoming untagged packets is also selected in the Interface Settings page. To open the Interface Settings page, click Quality of Service → CoS Global Parameters→ Interface Settings in the tree view. Figure 9-2. Interface Settings • Interface — The specific port or LAG to configure.
2 Click Show All. The QoS Interface Settings Table page opens: Figure 9-3. QoS Interface Settings Table Defining Queue Settings The QoS Queue Settings page contains fields for configuring the scheduling method by which the queues are maintained. To open the QoS Queue Settings page click Quality of Service→ CoS Global Parameters→ Queue Settings in the tree view. Figure 9-4. QoS Queue Settings • Queues — The Queue number.
• WRR — Specifies if traffic scheduling is based on the Weighted Round Robin (WRR) weights to egress queues. The default values are: – 8 for Queue 1 – 4 for Queue 2 – 2 for Queue 3 – 1 for Queue 4 • WRR Weights — The WRR weight assigned to each queue. • WRR Percentage — The WRR percentage of each queue. Defining the Queue Settings When Strict Priority and Weighted Round Robin are both used, begin Strict Priority assignment from the queues with the highest priority.
Mapping CoS Values to Queues The CoS to Queue Mapping Table page contains fields for classifying CoS settings to traffic queues. To open the CoS to Queue Mapping Table page, click Quality of Service→ CoS Global Parameters→ CoS to Queue in the tree view. Figure 9-5. CoS to Queue Mapping Table • Class of Service — Specifies the CoS priority tag values, where zero is the lowest value and 7 is the highest value. • Queue — The traffic forwarding queue to which the CoS priority is mapped.
Mapping DSCP Values to Queues The DSCP to Queue page provides fields for defining output queue to specific DSCP fields. For the list of the DSCP default queue settings, see "DSCP to Queue Mapping Table Default Values" on page 148. To open the DSCP to Queue page, click Quality of Service→ CoS Global Parameters→ DSCP to Queue in the tree view. Figure 9-6. DSCP to Queue • DSCP In — The values of the DSCP field within the incoming packet.
1 Open the DSCP to Queue page. 2 Check the Restore Defaults checkbox. 3 Click Apply Changes. The default values are restored.
Update with your book title
A Managing the Device Using the CLI A limited number of CLI commands are available for managing the device. These commands are a subset of the options available via the web interface. Accessing the Device Through the CLI The device can be managed over a direct connection to the console port or via a Telnet connection. Using the CLI is similar to entering commands on a Linux system.
2 In the Run window, type Telnet in the Open field. 3 Click OK to begin the Telnet session. Using the CLI This section provides information for using the CLI. Command Mode Overview The CLI is divided into command modes. Each command mode has a specific command set. Entering a question mark at the console prompt displays a list of commands available for that particular command mode. In each mode, a specific command is used to navigate from one command mode to another.
Privileged EXEC Mode Privileged access can be protected to prevent unauthorized access and ensure operating parameters. Passwords are displayed in the ***** format on the screen, and are case sensitive. To access and list the Privileged EXEC Mode commands: 1 At the prompt type enable and press . 2 When a password prompt displays, enter the password and press . The Privileged EXEC mode prompt displays as the device host name followed by #.
The following example illustrates how to access Global Configuration Mode and return back to the Privileged EXEC Mode: console# console#configure console(config)#exit console# Interface Configuration Mode Interface configuration commands modify specific IP interface settings, including bridge-group, description, etc. Interface Mode The Interface mode contains commands that configure the interface. The Global Configuration mode command interface ethernet is used to enter the interface configuration mode.
CLI Commands Command: asset-tag To specify the device’s asset tag, use the asset-tag command. asset-tag asset-tag Syntax Description • asset-tag — The asset-tag to be assigned to the device. Parameters range • asset-tag — Word: 1-16 characters. Command: copy To copy any file from a source to a destination, use the copy Privileged EXEC command. copy source-url destination-url Syntax Description • source-url — The location URL or reserved keyword of the source file to be copied.
Command Mode Privileged EXEC Usage Guidelines The location of a file system dictates the format of the source or destination URL. The entire copying process may take several minutes and differs from protocol to protocol and from network to network. If the egress interface is not specified, the default interface will be selected. Specifying interface zone=0 is equal to not defining an egress interface.
Command: do To execute an EXEC-level command from global configuration mode or any configuration submode, use the do command in any configuration mode. do command Syntax Description command — The EXEC command to be executed. Command modes All configuration modes Command: end To end the current configuration session and return to privileged EXEC mode, use the end global configuration command.
Command Mode All configuration modes Default value This command has no default setting. Examples Console(config-if)# exit Console(config)# exit Console# Command: exit (EXEC) To close an active terminal session by logging off the router, use the exit command in EXEC mode. exit Syntax Description This command has no arguments or key words Command Mode EXEC Default value This command has no default setting.
Default value This command has no default setting. Command: interface ethernet To configure an interface type and enter interface configuration mode, use the interface ethernet global configuration command. interface ethernet interface Syntax Description • interface — The full syntax is: port. Parameters range • interface — Valid Ethernet port.
Example Console (config)# interface port-channel 1 Console (config-if)# Command: interface vlan To configure a vlan type and enter interface configuration mode, use the interface vlan global configuration command. interface vlan vlan-id Syntax Description • vlan-id — VLAN ID Parameters range • vlan-id — Valid VLAN Command Modes Global Configuration Usage Guidelines In case the VLAN doesn't exist ("ghost VLAN") only partial list of the commands would be available under the interface VLAN context.
Parameters range • ip-address — Valid IP address in the form A.B.C.D. Command: ip default-gateway To define a default gateway (router), use the ip default-gateway global configuration command. To remove the default gateway use the no form of this command. ip default-gateway ip-address no ip default-gateway Syntax Description ip-address — IP address of the default gateway. Parameters range ip-address — Valid IP address Defaults No default gateway is defined.
• hostname — Hostname to ping. • packet_size — Number of bytes in a packet. The default is 56 bytes. The actual packet size will be eight bytes larger than the size specified because the switch adds header information. • packet_count — Number of packets to send, from 1 to 65535 packets. The default is 4 packets. If 0 is entered it pings until stopped. • time_out — Timeout in milliseconds to wait for each reply, from 50 to 65535 milliseconds. The default is 2000 milliseconds.
----10.1.1.1 PING Statistics---4 packets transmitted, 4 packets received, 0% packet loss round-trip (ms) min/avg/max = 7/8/11 Console> ping yahoo.com Pinging yahoo.com [66.218.71.198] with 64 bytes of data: 64 bytes from 10.1.1.1: icmp_seq=0. time=11 ms 64 bytes from 10.1.1.1: icmp_seq=1. time=8 ms 64 bytes from 10.1.1.1: icmp_seq=2. time=8 ms 64 bytes from 10.1.1.1: icmp_seq=3. time=7 ms ----10.1.1.
show tech-support [config] [memory] Syntax Description • memory — (Optional) Displays memory and processor state data. • config — (Optional) Displays switch configuration within the CLI commands supported on the device. Defaults By default, this command displays the output for technical-support-related show commands. Use keywords to specify the type of information to be displayed. If you do not specify any parameters, the system displays all configuration and memory data.
show interfaces counters show users show sessions show logging file show logging If you specify the memory keyword, the show tech-support command displays the output: flash info (dir if existed, or flash mapping) buffers info (like print os buff) memory info (like print os mem) proc info (like print os tasks) Command: snmp-server community Use the snmp-server community command to set up the community access string to permit access to the Simple Network Management Protocol command.
Usage Guidelines The logical key of the command is the pair (community, ip-address). If ip-address is omitted then the key is (community, All-Ips). Examples Switch(conf)# snmp-server community public Command: username To establish a username-based authentication system, use the username command in global configuration mode. Use the no form to remove a user name. username name [password password] [level level] [encrypted] no username name Syntax Description • name — The name of the user.
Glossary This glossary contains key technical words of interest. A B C D E F G H I J L M N O P Q R S T U V W Auto-negotiation A Access Mode Specifies the method by which user access is granted to the system. Allows 10/100 Mpbs or 10/100/1000 Mbps Ethernet ports to establish for the following features: • Duplex/ Half Duplex Mode Access Profiles • Flow Control Allows network managers to define profiles and rules for accessing the device.
Baud Broadcasting The number of signaling elements transmitted each second. A method of transmitting packets to all ports on a network. Best Effort Broadcast Storm Traffic is assigned to the lowest priority queue, and packet delivery is not guaranteed. An excessive amount of broadcast messages simultaneously transmitted across a network by a single port. Forwarded message responses are heaped onto the network, overloading network resources or causing the network to time out.
CLI • Command Line Interface. A set of line commands used to configure the system. Half Duplex Mode — Permits asynchronous communication, for example, a walkie-talkie. Only one party can transmit information at a time. Communities Dynamic VLAN Assignment (DVA) Specifies a group of users which retains the same system access rights. Allows automatic assignment of users to VLANs during the RADIUS server authentication.
Gigabit Ethernet F FFT Fast Forward Table. Provides information about forwarding routes. If a packet arrives to a device with a known route, the packet is forwarded via a route listed in the FFT. If there is not a known route, the CPU forwards the packet and updates the FFT. FIFO First In First Out. A queuing process where the first packet in the queue is the first packet out of the packet. Flapping Flapping occurs when an interfaces state is constantly changing.
IEEE IPX Institute of Electrical and Electronics Engineers. An Internetwork Packet Exchange. Transmits Engineering organization that develops communications and networking standards. connectionless communications. IEEE 802.1d Used in the Spanning Tree Protocol, IEEE 802.1d supports MAC bridging to avoid network loops. IEEE 802.1p J Jumbo Frames Enables transporting the identical data in fewer frames. Jumbo Frames reduce overhead, lower processing time, and ensures fewer interrupts.
Load Balancing Enables the even distribution of data and/or processing packets across available network resources. For example, load balancing may distribute the incoming packets evenly to all servers, or redirect the packets to the next available server. MD5 Message Digest 5. An algorithm that produces a 128-bit hash. MD5 is a variation of MD4, and increases MD4 security. MD5 verifies the integrity of the communication, authenticates the origin of the communication.
O • Fast Ethernet 100Mbps OID • Gigabit Ethernet 1000 Mbps Object Identifier. Used by SNMP to identify Protocol managed objects. In the SNMP Manager/ Agent network management paradigm, each managed object must have an OID to identify it. A set of rules that governs how devices exchange information across networks. Q P Packets Blocks of information for transmission in packet switched systems. PDU Protocol Data Unit.
RSTP SoC Rapid Spanning Tree Protocol. Detects and uses System on a Chip. An ASIC that contains an entire network topologies that allow a faster convergence of the spanning tree, without creating forwarding loops. system. For example, a telecom SoC application can contain a microprocessor, digital signal processor, RAM, and ROM. Running Configuration File Spanning Tree Protocol Contains all Startup file commands, as well as all commands entered during the current session.
T V TCP/IP VLAN Transmissions Control Protocol. Enables two hosts Virtual Local Area Networks. Logical subgroups to communicate and exchange data streams. TCP guarantees packet delivery, and guarantees packets are transmitted and received in the order their sent. with a Local Area Network (LAN) created via software rather than defining a hardware solution. Telnet Terminal Emulation Protocol. Enables system users to log in and use resources on remote networks. TFTP Trivial File Transfer Protocol.
Glossary
Index Numerics Community table, 76 Fast link, 119 802.
IEEE, 177 IEEE 802.1d, 177 IEEE 802.1p, 177 IEEE 802.1Q, 177 IGMP, 177 Image File, 80, 177 Ingress, 177 Interface mode, 160 Internetwork Packet Exchange, 177 IP, 177 Management Information Base.
Spanning Tree Protocol, 116, 124 VLAN membership, 126 Startup file, 80 VLAN Port Membership Table, 128 Storm control, 110 VLAN priority, 147 STP, 15, 117, 125 VLANs, 126 System, 59 W T TFTP, 181 Time Domain Reflectometry, 65 Web management system icons, 55 Weighted Round Robin, 151 Width, 21 Tree view, 53 Trivial File Transfer Protocol, 181 Trunk Configuration Page, 106 Trust, 150 U UDP, 181 Understanding the interface, 53 Uploading files, 82 User Data Protocol, 181 V Virtual Local Area Network
Index