Dell™ PowerConnect™ M6220/M6348/M8024 User’s Guide Model M6220/M6348/M8024 w w w. d e l l . c o m | s u p p o r t . d e l l .
Notes, Notices, and Cautions A NOTE indicates important information that helps you make better use of your switch. A NOTICE indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. A CAUTION indicates a potential for property damage, personal injury, or death. ____________________ Information in this document is subject to change without notice. © 2009 Dell Inc. All rights reserved.
Contents 1 Introduction Switching Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Virtual Local Area Network Supported Features . Link Aggregation Features . . . . . . . . . . . . MAC Address Supported Features . . . . . . . . IPv4 Routing Features . . . . . . . . . . . . . . . IPv6 Routing Features . . . . . . . . . . . . . . . IPv6 . . . . . . . . . . . . . . 21 24 26 27 28 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 Multicast Features .
3 Cable and Port Information Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Connecting the Switch to a Terminal . Power Connection 4 . . . . . . . . . . . . . . . . . . . 48 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 Hardware Description Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Physical Dimensions . . . . . . Power Supplies . . . . . . . . . Ventilation System . . . . . . . Stacking . . . . . . .
Display Operational Code Vital Product Data Update Boot Code. . . . . . . . . . . . . . . Reset the System . . . . . . . . . . . . . . . Restore Configuration to Factory Defaults . . Password Recovery Procedure . . . . . . . Sample Configuration Process . . . . . . . . . . . . . . . 90 91 92 92 93 . . . . . . . . . . . . . . . . . . . . . . . . . 93 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ARP Table . . . . . . . . . . IPv6 Management Features . . . . . . . . . . . . . . . . . . . . . . . 140 141 . . . . . . . . . . . . . . . . . . . . . . . . . . 143 Cable Test for Copper Cables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143 145 . . . . . . . . . . . . . . . . . . . . . . . . . . 147 Running Cable Diagnostics . . . . . . . . . . . . . . . . . . . . . . . Integrated Optical Transceiver Diagnostics Managing Device Security Access Profile . . . . . .
Defining SNMP Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . SNMP v1 and v2 . . . . . . . . . . . SNMP v3 . . . . . . . . . . . . . . . SNMP Global Parameters . . . . . . SNMP View Settings . . . . . . . . . Access Control Group . . . . . . . . SNMPv3 User Security Model (USM) Communities . . . . . . . . . . . . . Notification Filter . . . . . . . . . . . Notification Recipients . . . . . . . . File Management . . . . . . . . . . . . . . . . . . . 207 207 208 209 212 215 219 222 225 . .
7 Configuring Switching Information Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Dot1x Authentication . . . . . Authenticated Users . . . . . Port Security . . . . . . . . . IP ACL Configuration . . . . . IP ACL Rule Configuration . . MAC ACL Configuration . . . . MAC ACL Rule Configuration . IPv6 Access Control Lists . . . IPv6 ACL Rule Configuration . ACL Bind Configuration . . . . Configuring Ports . . . . . . . . . . . . . . . . . . . . . . .
VLAN Port Settings . . . VLAN LAG Settings . . . Bind MAC to VLAN . . . Bind IP Subnet to VLAN . Protocol Group . . . . . GVRP Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330 333 335 337 339 342 . . . . . . . . . . . . . . . . . . . . . . . . . . . 345 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347 Configuring Voice VLAN . Aggregating Ports LACP Parameters . . . . LAG Membership . . . . LAG Hash Configuration LAG Hash Summary . . .
Dynamic ARP Inspection . . . . . . . . . . . . . . . . . . . . . . . . . . . . DAI Global Configuration . . DAI Interface Configuration DAI VLAN Configuration . . DAI ACL Configuration . . . DAI ACL Rule Configuration. DAI Statistics . . . . . . . . DHCP Snooping . . . . . . . . . . . . . . . . . . . . . . . 387 388 390 391 392 394 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 395 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
RMON. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . RMON Statistics . . . . . . . . RMON History Control Statistics RMON History Table . . . . . . RMON Event Control . . . . . . RMON Event Log . . . . . . . . RMON Alarms . . . . . . . . . . Charts . . . . . . . . . . . . . . . . . . . . . . 432 434 436 438 441 442 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 446 Ports Statistics LAG Statistics . 9 431 . . . . . . . . . . . . . . . . . . . .
IP Helper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . IP Helper Global Configuration . . IP Helper Interface Configuration IP Helper Statistics . . . . . . . . RIP . . . . . . . . . . . . . . . . . . . . 501 504 506 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 507 RIP Configuration . . . . . . . . . . . . RIP Interface Summary . . . . . . . . . RIP Interface Configuration . . . . . . . RIP Route Redistribution Configuration .
10 Configuring IPv6 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Global Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 559 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 562 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 563 Interface Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 568 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
11 Configuring Quality of Service Quality of Service Overview . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring Differentiated Services . . . . . . . . . . . . . . . . . . . . . . 622 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 622 622 623 624 626 630 633 637 638 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 639 DiffServ Overview . . . . . Defining DiffServ . . . . . Diffserv Configuration . . .
MLD Traffic . . . . . . . . . . . . . . . . . . . MLD Proxy Configuration . . . . . . . . . . . . MLD Proxy Configuration Summary . . . . . . Interface Membership Information . . . . . . . Interface Membership Information—Detailed . . . . . . . . . . . . . . 670 671 673 674 676 . . . . . . . . . . . . . . . . . 677 . . . . . . . . . . . . . . . . . . . . . 678 679 680 683 684 685 Distance Vector Multicast Routing Protocol DVMRP Global Configuration . .
13 Getting Help Online Services . . . . . . . . . . Automated Order-Status Service . Support Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Dell Enterprise Training and Certification . . . . . . . . . . . . . . . . . . . 731 . . . . . . . . . . . . . . . . . . . . . . . . . . 731 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 732 Problems With Your Order .
1 Introduction This section describes the switch user-configurable features. For a list of all features, see the software version release notes. Note: Before proceeding, read the release notes for this product. You can download the release notes from the Dell Support website, support.dell.com.
System Features sFlow sFlow is the standard for monitoring high-speed switched and routed networks. sFlow technology is built into network equipment and gives complete visibility into network activity, enabling effective management and control of network resources. CDP Interoperability Allows the PowerConnect switch to interoperate with Cisco™ devices running CDP.
Software Download Software download enables storage of backup firmware images. For information about downloading the software, see "Software Download and Reboot." Trivial File Transfer Protocol (TFTP) The PowerConnect M6220/M6348/M8024 switches support boot image, firmware, and configuration upload or download through TFTP.
Port Aggregator The Port Aggregator feature minimizes the administration required for managing the PowerConnect M6220/M6348/M8024. When the switch is operating in simple mode, the administrator can map internal ports to external ports without having to know anything about STP, VLANs, Link Aggregation or other L2/L3 protocols. For more information configuring the Port Aggregator feature, see "Using the Port Aggregator Feature.
Dynamic ARP Inspection Dynamic ARP Inspection (DAI) is a security feature that rejects invalid and malicious ARP packets. The feature prevents a class of man-in-the-middle attacks, where an unfriendly station intercepts traffic for other stations by poisoning the ARP caches of its unsuspecting neighbors. The miscreant sends ARP requests or responses mapping another station's IP address to its own MAC address. Dynamic ARP Inspection relies on DHCP Snooping.
Port-Based Features Jumbo Frames Support Jumbo frames enable transporting identical data in fewer frames to ensure less overhead, lower processing time, and fewer interrupts. Auto-MDI/MDIX Support Your switch supports auto-detection between crossed and straight-through cables. Media-Dependent Interface (MDI) is the standard wiring for end stations, and the standard wiring for hubs and switches is known as Media-Dependent Interface with Crossover (MDIX).
Alternate Store and Forward (ASF) The Alternate Store and Forward (ASF) feature reduces latency for large packets. When ASF is enabled, the memory management unit (MMU) can forward a packet to the egress port before it has been entirely received on the Cell Buffer Pool (CBP) memory. AFS, which is also known as cut-through mode, is configurable through the command-line interface.
GVRP Support GARP VLAN Registration Protocol (GVRP) provides IEEE 802.1Q-compliant VLAN pruning and dynamic VLAN creation on 802.1Q trunk ports. When GVRP is enabled, the switch registers and propagates VLAN membership on all ports that are part of the active spanning tree protocol topology. For information about configuring GVRP, see "GVRP Parameters.
Spanning Tree Protocol Features Spanning Tree now supports IEEE802.1Q-2005 This version of the IEEE Multiple Spanning Tree Protocol corrects problems associated with the previous version, provides for faster transition-to-forwarding, and incorporates new features for a port (restricted role and restricted TCN). Spanning Tree Enhancements • Loop Guard — This feature prevents a port from erroneously transitioning from blocking state to forwarding when the port stops receiving BPDUs.
Spanning Tree Root Guard Spanning Tree Root Guard is used to prevent the root of a Spanning Tree instance from changing unexpectedly. The priority of a Bridge ID can be set to zero but another Bridge ID with a lower mac address could also set its priority to zero and take over root. Bridge Protocol Data Unit Guard Spanning Tree BPDU Guard is used to disable the port in case a new device tries to enter the already existing topology of STP.
Routing Features VLAN Routing The PowerConnect M6220/M8024/M6348 software supports VLAN routing. You can also configure the software to allow traffic on a VLAN to be treated as if the VLAN were a router port. Routing Information Protocol (RIP) The route configuration and route preference features have the following changes: • You can configure static reject routes (see Static Reject Routes). • The default values for route preferences have changed.
IP Interface Configuration IP interface configuration includes the ability to configure the bandwidth, Destination Unreachable messages, and ICMP Redirect messages. IP Helper Provides the ability to relay various protocols to servers on a different subnet. VRRP Route Interface Tracking Extends the capability of the Virtual Router Redundancy Protocol (VRRP) to allow tracking of specific route/interface IP state within the router that can alter the priority level of a virtual router for a VRRP group.
MAC Multicast Support Multicast service is a limited broadcast service that allows one-to-many and many-to-many connections. In Layer 2 multicast services, a single frame addressed to a specific multicast address is received, and copies of the frame to be transmitted on each relevant port are created. For information about configuring MAC Multicast Support, see "Managing Multicast Support.
IPv6 Routing Features IPv6 6 to 4 Auto Tunnels Automatically formed IPv4 6 to 4 tunnels for carrying IPv6 traffic. The automatic tunnel IPv4 destination address is derived from the 6 to 4 IPv6 address of the tunnel nexthop. There is support the functionality of a 6 to 4 border router that connects a 6 to 4 site to a 6 to 4 domain. It sends/receives tunneled traffic from routers in a 6 to 4 domain that includes other 6 to 4 border routers and 6 to 4 relay routers.
OSPFv3 The OSPFv3 Configuration page has been updated with the following changes: • AutoCost Reference Bandwidth field • Default Passive Setting field • Maximum Paths increased from 2 to 4 • Passive Mode field Quality of Service Features Voice VLAN The Voice VLAN feature enables switch ports to carry voice traffic with defined priority. The priority level enables the separation of voice and data traffic coming onto the port.
Multicast Features IPv4 Multicast Features Updated IPv4 Multicast Routing Support The Multicast package code has been extensively re-engineered and furnished with the following: • PIM-DM advanced to RFC 3973 • PIM-SM advanced to RFC 4601, pim-sm-bsr-05, draft-ietf-pim-mib-v2-03 • DVMRP advanced to draft-ietf-idmr-dvmrp-v3-10.txt, draft-ietf-idmr-dvmrp-mib-11.
IPv6 Multicast Features Protocol Independent Multicast IPv6 Support PIM-DM and PIM-SM support IPv6 routes. MLD/MLDv2 (RFC2710/RFC3810) MLD is used by IPv6 systems (listeners and routers) to report their IP multicast addresses memberships to any neighboring multicast routers. The implementation of MLD v2 is backward compatible with MLD v1.
Password Management Security Password management provides increased network security and improved password control. Passwords for SSH, Telnet, HTTP, HTTPS, and SNMP access are assigned security features. For more information about password management, see "Password Management." TACACS+ TACACS+ provides centralized security for validation of users accessing the switch. TACACS+ provides a centralized user management system, while still retaining consistency with RADIUS and other authentication processes.
2 Using Dell™ OpenManage™ Switch Administrator The topics covered in this section include: • Setting the IP Address of the Switch • Starting the Application • Understanding the Interface • Using the Switch Administrator Buttons • Defining Fields • Accessing the Switch Through the CLI • Using the CLI Configuring Dell PowerConnect 33
Setting the IP Address of the Switch Two methods for setting the IP address are to use DHCP or to statically assign the address. See the the section titled "Accessing the Switch Through the CLI" on page 41 to start the CLI. Verifying the Out-of-Band (OOB) IP Address Using the show ip interface out-of-band command, verify that the OOB interface has an IP address. console#show ip interface out-of-band IP Address..................................... 10.27.22.168 Subnet Mask...................................
Starting the Application 1. Open a web browser. 2. Enter the switch’s IP address (as defined in the CLI) or the out-of-band IP address in the address bar and press . For information about assigning an IP address to a switch, see "Configuration Overview." 3. When the Login window displays, enter a user name and password. Note: The switch is not configured with a default password, and you can configure the switch without entering a password when you connect to the CLI by using the console port.
Figure 2-1.
Figure 2-2.
Figure 2-3.
Table 2-1 lists the interface components with their corresponding numbers. Table 2-1. Interface Components Component Name 1. The tree view contains a list of various device features. The branches in the tree view can be expanded to view all the components under a specific feature, or retracted to hide the feature's components. By dragging the vertical bar to the right, you can expand the tree area to view a full name of a component. 2.
Using the Switch Administrator Buttons Information Buttons Table 2-2. Information Buttons Button Description Support Opens the Dell Support page at support.dell.com Help Online help that contains information to assist in configuring and managing the switch. The online help pages are context sensitive. For example, if the IP Addressing page is open, the help topic for that page displays if you click Help. About Contains the version and build number and Dell copyright information.
Check Boxes Table 2-4. Check Boxes Check Box Type Description Add Hyperlink that takes you to a configuration page. Remove Removes the selected item. General selection To enable a configuration item, i.e., adjust sensitivity of log files, select match criteria for diffserv, select ACL rule parameters. Defining Fields User-defined fields can contain 1–159 characters, unless otherwise noted on the Dell OpenManage Switch Administrator Web page.
Console Connection 1. Turn on the switch and wait until the startup is complete. 2. If the admin has not configured a login authentication method, then the console> prompt displays when the switch boots up. Otherwise, the user is presented with the User: login prompt. Note: The following steps assume that the admin user and password is configured on the system. 3. Type admin at the prompt, and press . The Password: prompt now displays. 4. Enter the password, which displays as asterisks (*).
The Interface Configuration mode configures the device at the physical interface level. Interface commands, which require subcommands, have another level called the Subinterface Configuration mode. User EXEC Mode The user EXEC level prompt consists of the host name followed by the angle bracket (>). For example: console> Note: The default host name is console unless it has been modified during initial configuration.
Global Configuration Mode Global Configuration commands apply to system features, rather than to a specific protocol or interface. To access Global Configuration mode: 1. At the Privileged EXEC Mode prompt, type configure and press . The Global Configuration Mode displays as the device host name, followed by (config) and the number sign #. console(config)# 2. To list the Global Configuration commands, enter a question mark at the command prompt. 3.
3 Cable and Port Information Overview This section describes the switch’s physical interfaces and provides information about cable connections. Stations are connected to the switch’s ports through the physical interface ports on the front panel. For each station, the appropriate mode (Half/Full Duplex, Auto) is set.
Ethernet Interface The switching port can connect to stations wired in standard RJ-45 Ethernet station mode using straight cables. Transmission devices connected to each other use crossed cables. Figure 3-1 illustrates the RJ-45 connector. Figure 3-1.
Bay 1 and Bay 2 Interfaces (M6220 and M8024) The PowerConnect M6220 supports dual 10G slot interfaces. These interfaces can operate at 10 Gbps when supporting optional 10GE modules, or 12 Gbps (top slot only) when supporting a stacking module. Figure 3-2 illustrates the 10G slots. The Dell™ PowerConnect™ M8024 supports dual 10 Gb slot interfaces. These interfaces can operate at 10 Gbps when supporting optional SFP+ or CX4 modules. Figure 3-3 illustrates the 10 Gb slots. Figure 3-2.
Serial Cable Connection You can use the suppled USB Type A to DB9a serial cable (null-modem) to connect the switch to a terminal for initial setup and configuration (You can also use a computer running terminal emulation software.). The switch’s serial cable is a USB type A to female DB-9 crossover cable (see Figure 3-4). Figure 3-4. Serial Connectors USB Type A Female DB9 Connecting the Switch to a Terminal 1. Connect the serial cable to the terminal (console) ASCII DTE RS-232. 2.
4 Hardware Description Overview This section contains information about device characteristics and modular hardware configurations for the Dell™ PowerConnect™ M6220/M6348/M8024.
PowerConnect Front Panel PowerConnect M6348 Front Panel The PowerConnect M6348 front panel provides 16 10/100/1G Base-T ports. There are also 32 internal 1 gigabit ports that connect to each of the server blades. Figure 4-1.
PowerConnect M8024 Front Panel The PowerConnect M8024 front panel supports up to eight 10-gigabit ports. It has two 10-gigabit bays that can support SFP+, CX-4, or 10GBase-T modules. The SFP+ Module supports 4 ports, the CX-4 module supports 3 ports, and the 10GBase-T module supports 2 ports. The modules can be used in any combination and are sold separately. There are also 16 internal 10-gigabit ports that connect to each of the server blades. Figure 4-2.
PowerConnect M6220 Front Panel The PowerConnect M6220 front panel provides four 10/100/1000 Base-T RJ-45 ports. The front panel has two 10-gigabit bays that can support Stacking, CX-4, SFP+, XFP, or 10GBase-T modules. Each module provides support for 2 ports. The stacking module can only be used in Bay 1; the 10Gbase-T module can only be used in Bay 2. The modules are sold separately. There are also 16 internal ports that connect to each of the server blades. Figure 4-3.
Console (RS-232) Port The console (RS-232) port is used only for management through a serial interface. This port provides a direct connection to the switch and is used to access the CLI from a console terminal connected to an EIA/TIA-232 port. To connect from the console port on the PowerConnect M6220/M6348/M8024 to a terminal, use the supplied serial cable with a USB Type A connector on one end and a female DB-9 connector on the other end.
Stacking PowerConnect M6348 Stacking You can stack up to 12 PowerConnect M6348, supporting up to 576 1-GB ports. Create a stack by connecting adjacent units using the stacking ports on the bottom of the switch panel. See Figure 4-5. Note: The PowerConnect M6348 and M6220 can not be stacked together. 1. For each switch in the stack, connect one of the short stacking cables from stacking port one on the switch to stacking port two on the next switch. 2.
PowerConnect M6220 Stacking You can stack up to 12 PowerConnect M6220 units, supporting up to 240 1-Gb ports. Create a stack by connecting adjacent units using the stacking ports on the top of the switch panel. See Figure 4-5. 1. Install a separately purchased stacking module in Bay 1 of each of the switches in the stack. 2. For each switch in the stack, connect one of the short stacking cables from stacking port one on the switch to stacking port two on the next switch. 3.
In Figure 4-4 and Figure 4-5, the stack has six M6220 switches connected through the stacking ports. The first stacking port on each switch is physically connected to the second stacking port on the next switch by using a stacking cable. The first stacking port on switch six is connected to the second stacking port on switch one. PowerConnect LED Definitions PowerConnect M6348 LEDs Figure 4-6.
Table 4-1 contains the System Status LED definitions. Table 4-1. PowerConnect M6348 Power and Status LED Definitions LED Color Definition Green Power is being supplied to the PowerConnect M6348 module Off The PowerConnect M6348 does not have power. Blue The switch is the stack master. Off The switch is not the stack master. Amber A fault has occurred, or the switch is booting.
Table 4-2 contains the System Status LED definitions. Table 4-2. LED PowerConnect M8024 Power and Status LED Definitions Color Definition Green Power is being supplied to the PowerConnect M8024 module Off The PowerConnect M8024 does not have power. Blue The switch is operating normally. Amber A fault has occurred, or the switch is booting.
Table 4-3. M6220 Status LEDs Definitions LED Color Definition Green Power is being supplied to the M6220 module Off The M6220 does not have power. Blue The switch is the stack master. Off The switch is not the stack master. Amber A fault has occurred SFP+ Port LEDs Table 4-4 contains SFP+ port LED definitions for the PowerConnect M6220 and M8024. Table 4-4. SFP+ Port LEDs Definitions LED Color Definition LNK/ACT Solid Green The port is linked.
Figure 4-9. 10/100/1000 Base-T Port LEDs Port 1 Link/Duplex/Activity LEDs Speed LEDs Port 2 Link/Activity Duplex Table 4-6 contains 10/100/1000 Base-T port LED definitions. Table 4-6. 10/100/1000 Base-T Port Definitions LED Color Definition Link/Activity Green The port is operating at 1000 Mbps. Amber The port is operating at 10/100 Mbps. Solid Link but no activity. Blinking Link and activity. Off No link. Green Full duplex mode. Off Half duplex mode.
Table 4-7. LED Act Wrong Bay 10 Gb Base-T Module Definitions Color Definition Off No link. Blinking Green Activity. Off No activity. Solid Red Module is in the wrong bay. Note: On the PowerConnect M6220, the module must be inserted into Bay 2 to operate. When the module is inserted into Bay 1, it will not operate and the Wrong Bay LED is solid red.
62 Hardware Description
5 Configuring Dell™ PowerConnect™ Overview This chapter describes the initial switch configuration. Topics covered include: • Starting the CLI • General Configuration Information • Booting the Switch • Configuration Overview • Advanced Configuration • Software Download and Reboot • Boot Menu Functions • Sample Configuration Process After completing all external connections, connect a terminal to the switch to monitor the boot process and other procedures.
Starting the CLI To begin running the CLI, perform the following steps: Note: The following steps are for use on the console line only. 1. Start the switch and wait until the startup procedure is complete. The Easy Setup Wizard welcome message now displays. Note: If you are using the autoconfig feature, do not use the Easy Setup Wizard. 2. Configure the switch using the Easy Setup Wizard and enter the necessary commands to complete the required tasks. 3.
Figure 5-1.
General Configuration Information The PowerConnect M6220/M6348/M8024 switches are delivered with binary files containing the switch operating system and ASCII configuration files that are used to define the relationship of the switch to its network environment. The configuration process consists of adjusting the ASCII configuration files so that each switch fits into its unique network topology.
Booting the Switch When the power is turned on with the local terminal already connected, the switch goes through Power On Self Test (POST). POST runs every time the switch is initialized and checks hardware components to determine if the switch is fully operational before completely booting. If a critical problem is detected, the program flow stops. If POST passes successfully, a valid executable image is loaded into RAM. POST messages are displayed on the terminal and indicate test success or failure.
file descriptors in use: 0 # of different files in use: 0 # of descriptors for deleted files: # of obsolete descriptors: 0 0 current volume configuration: - volume label: NO LABEL ; (in boot sector: - volume Id: 0x0 - total number of sectors: - bytes per sector: 61,076 512 - # of sectors per cluster: 4 - # of reserved sectors: - FAT entry size: 1 FAT16 - # of sectors per FAT copy: - # of FAT table copies: - # of hidden sectors: 60 2 4 - first cluster is in sector # 136 - Update last ac
Boot Menu May 25 2009 Select an option. If no selection in 10 seconds then operational code will start. 1 - Start operational code. 2 - Start Boot Menu.
Target Name: vxTarget Attached IPv4 interface to motetsec unit 0 Adding 70447 symbols for standalone. CPU: Broadcom SBC8548. Processor #0. Memory Size: 0x20000000. BSP version 2.0/2. Created: May 26 2009, 13:11:31 ED&R Policy Mode: deployed WDB Comm Type: WDB_COMM_END WDB: Ready. remLib: Not initialized. remLib: Not initialized.
- bytes per sector: 512 - # of sectors per cluster: 4 - # of reserved sectors: - FAT entry size: 1 FAT16 - # of sectors per FAT copy: - # of FAT table copies: 122 2 - # of hidden sectors: 8 - first cluster is in sector # 260 - Update last access date for open-read-close = FALSE - directory structure: VFAT - file name format: 8-bit (extended-ASCII) - root dir start sector: 245 - # of sectors per root: 15 - max # of entries in root: 240 FAT handler information: ------------------------ a
<186> JAN 01 00:00:15 0.0.0.0-1 UNKN[536870176]: bootos.c(218) 1 % Event(0xaaaaaaaa) Instantiating RamCP: as rawFs, device = 0x20001 Formatting RamCP: for DOSFS Instantiating RamCP: as rawFs, device = 0x20001 Formatting...OK. (Unit 1 - Waiting to select management unit)> Applying Global configuration, please wait ... Applying Interface configuration, please wait ... console> After the switch boots successfully, a prompt appears and you can use the local terminal to begin configuring the switch.
Configuration Overview Before configuring the switch, obtain the following information from the network administrator: • Is the network setup for the autoconfig feature? If the network is setup for autoconfig, manual configuration of the switch is not necessary (skip the procedures in this section).
• Sets up the SNMP community string to be used by the SNMP manager at a given IP address. You may choose to skip this step if SNMP management is not used for this switch. If it is configured, the default access level is set to the highest available access for the SNMP management interface. Initially only SNMPv1/2c is activated. SNMPv3 is disabled until you return to configure security access for SNMPv3 (for example, engine ID, view, etc.). The SNMP community string may include spaces.
Figure 5-2. Setup Wizard Flow Chart Did the user previously save a startup configuration? Yes Transfer to CLI mode No Auto Config will attempt to download a configuration. Transfer to CLI mode.
Example of an Easy Setup Wizard Session This section describes an Easy Setup Wizard session. See the state diagram (Figure 5-2) for the general flow. The values used by the following session are examples only. Please request the actual values from your network adminstrator(s): • IP address for the management VLAN is 192.168.1.1:255.255.255.0. • The user name is admin, and password is admin123. • The network management system IP address is 192.168.1.10. • The default gateway is 192.168.1.100.
The system is not setup for SNMP management by default. To manage the switch using SNMP (required for Dell Network Manager) you can . Set up the initial SNMP version 2 account now. . Return later and setup other SNMP accounts. (For more information on setting up an SNMP version 1 or 3 account, see the user documentation).
Management IP address = 192.168.2.1 255.255.255.0 Default Gateway = 0.0.0.0 Operation Mode = Normal Step 5: Do you want to select the operational mode as Simple Mode? [Y/N] n Final Step: If the information is correct, please select (Y) to save the configuration, and copy to the start-up configuration file. If the information is incorrect, select (N) to discard configuration and restart the wizard: [Y/N] y Thank you for using Dell Easy Set up Wizard. You will now enter CLI mode.
Ctrl-K .... delete to end of line Ctrl-W .... delete previous word Ctrl-T .... transpose previous character Ctrl-P .... go to previous line in history buffer Ctrl-R .... rewrites or pastes the line Ctrl-N .... go to next line in history buffer Ctrl-Y .... print last deleted character Ctrl-Z .... return to root command prompt Ctrl-Q .... enables serial flow Ctrl-S .... disables serial flow Tab, command-line completion Exit .... go to next lower command prompt ? ....
• Interface Types — the following interface types are defined in the PowerConnect M6220/M6348/M8024 switches: • xg — 10 Gb Ethernet port (for example, 1/xg2 is the 10 Gb Ethernet port 2). M6220, M6348, and M8024CLI Reference Guide For detailed information on all the CLI commands available, see the CLI Reference Guide.
Modifying Switching Port Default Settings When configuring/receiving IP addresses through DHCP and BOOTP, the configuration received from these servers includes the IP address, and may include subnet mask and default gateway. When you first log in, the CLI enters the root of the command hierarchy. To go to a different level of the command hierarchy, enter commands such as configure, which causes the CLI to enter the config sub tree.
The following is an example for changing the port description on port 1/ g1 using CLI commands: console(config)#interface ethernet 1/g1 console(config-if-1/g1)#description 100 Retrieving an IP Address From a DHCP Server When using the DHCP protocol to retrieve an IP address, the switch acts as a DHCP client. The out-of-band interface is configured by default to use DHCP. If the configuration has been changed, follow these steps to use DHCP: 1.
Security Management and Password Configuration System security is handled through the AAA (Authentication, Authorization, and Accounting) mechanism that manages user access rights, privileges, and management methods. AAA uses both local and remote user databases. Data encryption is handled through the SSH mechanism. The system is delivered with no default password configured; all passwords are user-defined. If a userdefined password is lost, a password recovery procedure can be invoked from the Boot menu.
Configuring an Initial Telnet Password To configure an initial Telnet password, enter the following commands: console(config)#aaa authentication login default line console(config)#aaa authentication enable default line console(config)#line telnet console(config-line)#login authentication default console(config-line)#enable authentication default console(config-line)#password pass1234 • When initially logging onto a switch through a Telnet session, enter pass1234 at the password prompt.
Software Download and Reboot Software Download Through TFTP Server This section contains instructions for downloading switch software (system and boot images) through a TFTP server. The TFTP server must be available on the network before downloading the software. The switch boots and runs when decompressing the system image from the flash memory area where a copy of the system image is stored. Notice: You must run the boot system command to activate the newly downloaded image.
TFTP Filename.................................. PC8024v3.1.0.x.stk Data Type...................................... Code Destination Filename........................... image Management access will be blocked for the duration of the transfer Are you sure you want to start? (y/n) y 5. Select the image for the next boot by entering the boot system command.
Update Bootcode Use the update bootcode command to update the bootcode on all switches. For each switch, the bootcode is extracted from the next-active image and programmed to flash. To update the bootcode for one switch, specify the unit in the command (as shown in the following example). To show the boot code that’s on a switch, reboot that switch. Build dates show during the boot process. 1. Enter the following command: console# update bootcode Updating boot code ...
5 - Display operational code vital product data 7 - Update boot code 8 - Delete backup image 9 - Reset the system 10 - Restore configuration to factory defaults (delete config files) 11 - Activate Backup Image 12 - Password Recovery Procedure The following sections describe the Boot menu options. Start Operational Code Use option 1 to resume loading the operational code. To relaunch the boot process from the Boot menu: 1. On the Boot menu, select 1 and press .
6 - 38400 7 - 57600 8 - 115200 0 - no change Note: The selected baud rate takes effect immediately. 2. The boot process resumes. Retrieve Event Log using XMODEM Use option 3 to retrieve the event log and download it to your ASCII terminal. To retrieve the event log from the Boot menu: 1. On the Boot menu, select 3 and press . The following prompt displays: [Boot Menu] 3 Sending event log, start XMODEM receive..... File asciilog.
The Send File window displays. 4. Enter the file path for the file to be downloaded. 5. Ensure the protocol is defined as Xmodem. 6. Click Send. The software is downloaded. Software downloading takes several minutes. The terminal emulation application, such as HyperTerminal, may display the loading process progress. Display Operational Code Vital Product Data Use option 5 to view boot image information. To display boot image information from the Boot menu: 1. On the Boot menu, select 5 and press .
2. The boot process resumes. Update Boot Code Use option 7 to update the boot code in the FLASH memory. This option is only valid after loading new boot code using Boot Menu option 4. User action is confirmed with a Y/N question before executing the command. To download software from the Boot menu: 1. On the Boot menu, select 7 and press . The following prompt displays: Do you wish to update Boot Code? (y/n) y Erasing Boot Flash.....Done. Wrote 0x10000 bytes. Wrote 0x20000 bytes.
Reset the System Use option 9 to clear all FLASH and reset the system to its default setting. User action is confirmed with a Y/N question before executing the command. To reset the system from the Boot menu: 1. On the Boot menu, select 9 and press . The following prompt displays: [Boot Menu] 9 Are you SURE you want to reset the system? (y/n):y 2. The boot process starts over.
Password Recovery Procedure Use option 12 when a password is lost. This allows the switch to boot one time without prompting for a console password. Note that the enable password is not prompted for in this mode. To recover a lost password for the local terminal only: 1. From the Boot menu, select 12 and press . The password is deleted. 2. The boot process resumes. 3. To ensure switch security, reconfigure passwords for applicable management methods.
Initial Connection 1. Using the RS-232 port, connect the switch to the workstation. 2. Set the ASCII terminal with the following settings and select the appropriate COM port. The sample screen uses the HyperTerminal. Figure 5-3. HyperTerminal Properties Window Note: 9600 is the default baud rate for a new switch. The switch may have another baud rate. If using the default baud rate does not result in viewing the switch terminal, try another baud rate. 3.
If you do not enter the Boot menu, the system continues operation by decompressing the code into RAM. The code starts running from the RAM and the list of available port numbers and their states (up or down) are displayed. Note: The following screen is an example configuration. Items such as addresses, versions, and dates may differ for each switch.
Boot Menu Version: 12 May 2009 Select an option. If no selection in 10 seconds then operational code will start. 1 - Start operational code. 2 - Start Boot Menu. Select (1, 2): Operational Code Date: Tue May 26 14:12:20 2009 Uncompressing..... Target Name: vxTarget Attached IPv4 interface to motetsec unit 0 Adding 70447 symbols for standalone. CPU: Broadcom SBC8548. Processor #0. Memory Size: 0x20000000. BSP version 2.0/2.
volume write mode: copyback (DOS_WRITE) max # of simultaneously open files: file descriptors in use: 52 0 # of different files in use: 0 # of descriptors for deleted files: # of obsolete descriptors: 0 0 current volume configuration: - volume label: NO LABEL ; (in boot sector: - volume Id: 0x0 - total number of sectors: - bytes per sector: ) 124,408 512 - # of sectors per cluster: 4 - # of reserved sectors: - FAT entry size: 1 FAT16 - # of sectors per FAT copy: - # of FAT table copies:
- free space on volume: 44,380,160 bytes PCI unit 0: Dev 0xb624, Rev 0x12, Chip BCM56624_B1, Driver BCM56624_B0 SOC unit 0 attached to PCI device BCM56624_B1 Adding BCM transport pointers Configuring CPUTRANS TX Configuring CPUTRANS RX st_state(0) = 0x0 st_state(1) = 0x2 <186> JAN 01 00:00:15 0.0.0.0-1 UNKN[536870176]: bootos.c(218) 1 % Event(0xaaaaaaaa) Instantiating RamCP: as rawFs, device = 0x20001 Formatting RamCP: for DOSFS Instantiating RamCP: as rawFs, device = 0x20001 Formatting...OK.
Device Default Settings To return to device default settings use delete startup-config command at the privileged mode prompt (#), and reboot the device. Once device reloads – it is set with the default settings. console> console>enable console#delete startup-config Startup file was deleted console#reload Management switch has unsaved changes. Are you sure you want to continue? (y/n) y Configuration Not Saved! Are you sure you want to reload the stack? (y/n) y Reloading all switches..
Burned In MAC Address.......................... 0063.4802.0011 console# 5. Ping the management station from the switch to ensure that connectivity has been achieved. Wait 30 seconds for port to be in STP forwarding before pinging the management station. In this example, the Management station IP is 50.1.1.2. console>ping 50.1.1.2 64 bytes from 50.1.1.2: icmp_seq=1. time=0 ms 64 bytes from 50.1.1.2: icmp_seq=2. time=0 ms 64 bytes from 50.1.1.2: icmp_seq=3. time=0 ms 64 bytes from 50.1.1.2: icmp_seq=4.
console(config)#aaa authentication login default line console(config)#aaa authentication enable default line console(config)#line console console(config-line)#login authentication default console(config-line)#enable authentication default console(config-line)#password tommy123 console(config-line)#exit console(config)#line telnet console(config-line)#login authentication default console(config-line)#enable authentication default console(config-line)#password bobby123 console(config-line)#exit console(config
Configuring Secure Management Access (HTTPS) When managing the switch securely through the standard Web browser, the SSL (Secure Socket Layer) security protocol is used. To manage the switch securely through the standard Web browser, perform the following: 1.
6 Configuring System Information Overview Use the menus listed on the System page to define the switch’s relationship to its environment. To display the System page, click System in the tree view.
Defining General Device Information The General menu page contains links to pages that allow you to configure device parameters. Use this page to access the following features: • Asset • System Health • Versions • System Resources • Time Zone Configuration • Summer Time Configuration • Clock Detail • Reset Asset Use the Asset page fields to configure and view general device information. To display the Asset page, click System > General > Asset in the tree view. Figure 6-1.
• Banner motd (message of the day) — Enter the message that appears on the GUI banner (if enabled). • Banner motd acknowledge — Enable to display the GUI banner motd in the GUI banner. • Sys Object ID — The assigned System Object ID. • MAC Address — Displays the MAC address of the switch. • Sys Uptime — Displays the number of days, hours, and minutes since the last restart. • Date — Displays the current system date. The format is month, day, year (MM/DD/YY).
System Health Use the Health page to view physical device information, including information about the switch’s power and ventilation sources. To display the Health page, click System > General > Health in the tree view. Figure 6-2. Health The Health page contains the following fields: • Unit No. — Displays the unit’s position in the stack. • Power Supply Status — Displays the power supply status. – — The power supply is operating normally. – — The power supply is not operating normally.
Versions Use the Versions page to view information about the software versions currently running. To display the Versions page, click System > General > Versions in the tree view. Figure 6-3. Versions The Versions page contains the following fields: • Unit No. — Displays the unit’s number in the stack. • Boot Version — Displays the version of the boot code. • Image1 Version — Displays the version number of one of the two available software images.
System Resources Use the System Resources page to view information about memory usage and task utilization. To display the System Resources page, click System > General > System Resources in the tree view. Figure 6-4. System Resources The System Resources page contains the following fields: • Total Memory — Displays the total memory present on the switch. • Available Memory — Displays the available memory (Free for allocation) present on the switch.
– One minute – Five minutes Displaying System Resources Using the CLI For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • System Management Commands Time Zone Configuration Use the Time Zone Configuration to configure the time zone difference from Coordinated Universal Time (UTC). To display the Time Zone Configuration page, click System > General > Time Zone Configuration in the tree view. Figure 6-5.
Configuring Time Zone Settings Using the CLI For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • Clock Commands Summer Time Configuration Use the Summer Time Configuration page to specify a defined summer time duration and offset. To display the Summer Time Configuration page, click System > General > Summer Time Configuration in the tree view. Figure 6-6.
• Start Week — Select the starting week number. This field displays only when the Recurring check box is selected. • Start Day — Select the starting day number. This field displays only when the Recurring check box is selected. • Start Month — Select the starting month. • Start Time — Select the starting time in hh:mm format. • Start Date — Select the starting date. This field displays only when the Recurring check box is cleared. • Start Year — Select the starting year.
Clock Detail Use the Clock Detail page to set the time and date or view information about the current time, time zone, and summer time settings. To display the Clock Detail page, click System > General > Clock Detail in the tree view. Figure 6-7. Clock Detail The Clock Detail page provides information about the following clock features: • Current Time — This section allows you to set the current time and date. • Time Zone — This section displays the time zone settings.
Reset Use the Reset page to reset the device. To display the Reset page, click System > General > Reset in the tree view. Figure 6-8. Reset The Reset page contains the following fields: • Reset Unit No. — Use to select the device in the stack that needs to be reset. Resetting the Device 1. Open the Reset page. 2. Click Reset Unit No. 3. Select either Individual Unit or All. 4. Click Apply Changes button. 5. When the confirmation message displays, click OK. The selected device is reset.
Configuring SNTP Settings The device supports the Simple Network Time Protocol (SNTP). SNTP assures accurate network device clock time synchronization up to the millisecond. Time synchronization is performed by a network SNTP server. The device operates only as an SNTP client and cannot provide time services to other systems. Time sources are established by Stratums. Stratums define the accuracy of the reference clock. The higher the stratum (where zero is the highest), the more accurate the clock.
• If more than one Unicast device responds, synchronization information is preferred from the device with the lowest stratum. • If the servers have the same stratum, synchronization information is accepted from the SNTP server that responded first. MD5 (Message Digest 5) Authentication safeguards device synchronization paths to SNTP servers. MD5 is an algorithm that produces a 128-bit hash. MD5 is a variation of MD4, and increases MD4 security.
• Receive Broadcast Servers Update — If enabled, listens to the SNTP servers for Broadcast server time information on the selected interfaces. The device is synchronized whenever an SNTP packet is received, even if synchronization was not requested. • Receive Unicast Servers Update — If enabled, polls the SNTP servers defined on the device for Unicast server time information. Defining SNTP Global Parameters 1. Open the SNTP Global Settings page. 2. Define the fields as needed. 3. Click Apply Changes.
Figure 6-10. SNTP Authentication The SNTP Authentication page contains the following fields: • SNTP Authentication — If enabled, requires authenticating an SNTP session between the device and an SNTP server. • Authentication — Type of authentication. System supports MD5 only. • Encryption Key ID — Contains a list of user-defined key IDs used to authenticate the SNTP server and device. Possible field values are 1–4294767295.
Adding an SNTP Authentication Key 1. Open the SNTP Authentication page. 2. Click Add. The Add Authentication Key page displays: Figure 6-11. Add Authentication Key 3. Define the fields as needed. 4. Click Apply Changes. The SNTP authentication key is added, and the device is updated. Displaying the Authentication Key Table 1. Open the SNTP Authentication page. 2. Click Show All. The Authentication Key Table page displays: Figure 6-12.
Removing an Authentication Key 1. Open the SNTP Authentication page. 2. Click Show All. The Authentication Key Table page displays. 3. Select an Authentication Key Table entry by checking its the Remove check box. 4. Click Apply Changes. The entry is removed, and the device is updated. Defining SNTP Authentication Settings Using CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • Clock Commands.
The SNTP Servers page contains the following fields: • SNTP Server — Selects user-defined SNTP server IP address from a drop-down menu. Up to eight SNTP servers can be defined by using the Add button. • Encryption Key ID — Specifies user-defined key ID used to communicate between the SNTP server and device. The encryption key ID is defined in the SNTP Authentication page.
Displaying the SNTP Servers Table 1. Open the SNTP Servers page. 2. Click Show All. The SNTP Servers Table page displays. Figure 6-15. SNTP Servers Table Modifying an SNTP Server 1. Open the SNTP Servers page. 2. Click Show All. The SNTP Servers Table opens. 3. Click Edit next to the SNTP Server entry you wish to modify. 4. Modify the relevant fields. 5. Click Apply Changes. The SNTP server information is updated. Removing the SNTP Server 1. Open the SNTP Servers page. 2. Click Show All.
• Clock Commands. Managing Logs The switch may generate messages in response to events, faults, or errors occurring on the platform as well as changes in configuration or other occurrences. These messages are stored both locally on the platform and forwarded to one or more centralized points of collection for monitoring purposes as well as long term archival storage.
To display the Global Settings page, click System > Logs > Global Settings in the tree view. Figure 6-16. Global Settings The Global Settings page contains the following fields: • Logging — Enables device global logs for Cache, File, and Server Logs. All logs which are printed to the console are saved to the log files. The possible field values are: – Enable — Enables saving logs in Cache (RAM), File (FLASH), and an External Server. – Disable — Disables saving logs.
• Alert — The second highest warning level. An alert log is saved if there is a serious device malfunction, such as all device features being down. • Critical — The third highest warning level. A critical log is saved if a critical device malfunction occurs, for example, two device ports are not functioning, while the rest of the device ports remain functional. • Error — A device error has occurred, such as if a port is offline. • Warning — The lowest level of a device warning.
RAM Log Table Use the RAM Log Table page to view information about specific RAM (cache) log entries, including the time the log was entered, the log severity, and a description of the log. To display the RAM Log Table, click System > Logs > RAM Log in the tree view. Figure 6-17. RAM Log Table The RAM Log Table contains the following fields: • Log Index — Indicates the Log Number within the Log RAM Table. • Severity — The log severity.
Removing Log Information Using the CLI For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • Syslog Commands. Log File The Log File contains information about specific log entries, including the time the log was entered, the log severity, and a description of the log. To display the Log File, click System > Logs > Log File in the tree view. Figure 6-18.
Removing Log Information 1. Open the Log File Table page. 2. Click Clear Log. The log information is removed from the log file table, and the device is updated. Removing Log Information Using the CLI For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • Syslog Commands.
• UDP Port (1–65535) — Sets the UDP port from which the logs are sent. The default value is 514. • Facility — A user-defined application from which system logs are sent to the remote server. Only one facility can be assigned to a single server. If a second facility level is assigned, the first facility level is overridden. All applications defined for a device use the same facility on a server. The possible field values are from Local 0 to Local 7. • Description — Sets the server description.
Figure 6-20. Add Remote Log Server Settings 3. Complete the fields in the dialog and click Apply Changes. The Remote Log Server Settings page displays the server in the Log Server list only after you go back to the Remote Log Server Settings page. Viewing/Removing a Log Server 1. Open the Remote Log Server Settings page. 2. Click Show All to display the Remote Log Servers Table page. Figure 6-21. Show All Log Servers 3. To remove a server, check the corresponding Remove check box. 4.
Working with Remote Server Logs Using the CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • Syslog Commands. Setting the Operational Mode Users with a privilege level of 15 can configure the switch to operate in normal mode or simple mode. By default, the switch operates in normal mode. When the PowerConnect M6220/M6348/M8024 is operating in simple mode, a limited number of features are available to configure.
Figure 6-22. Operational Mode Configuration The Operational Mode Configuration page contains the following fields: • Simple Switch Mode — Enable or disable Simple mode on the switch. When Simple Switch Mode is disabled, the switch operates in the normal mode, and all applicable features described in this User’s Guide are visible. When Simple Switch Mode is enabled, many of the features described in this document are hidden and unavailable. Configuring the Operational Mode 1.
Figure 6-23. Operational Mode Configuration Confirmation 4. To confirm the mode change, select Yes. 5. Click Apply Changes to change the mode.
Out of Band Interface Use the Out of Band Interface menu page to assign the Out of Band Interface IP address, the Subnet Mask, the Default Gateway IP address, and to assign the boot protocol. To display the Out of Band Interface page, click System > IP Addressing > Out of Band Interface in the tree view. Figure 6-24. Out of Band Interface The Out of Band Interface page contains the following fields: • Protocol — Use the drop-down menu to select None, Bootp, or DCHP.
Defining Out of Band Interface Parameters Using CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • IP Addressing Commands. Domain Name Server (DNS) The Domain Name System converts user-defined domain names into IP addresses. Each time a domain name is assigned, this service translates the name into a numeric IP address. For example, www.ipexample.com is translated to 192.87.56.2.
Adding a DNS Server 1. Open the Domain Name Server (DNS) page. 2. Click Add. The Add DNS Server page displays: Figure 6-26. Add DNS Server 3. Define the relevant fields. 4. Click Apply Changes. The new DNS server is defined, and the device is updated. Configuring DNS Servers Using the CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • IP Addressing Commands.
Figure 6-27. Default Domain Name The Default Domain Name page contains the following field: • Default Domain Name (0–255 characters) — Contains the user-defined default domain name. When configured, the default domain name is applied to all unqualified host names. Defining DNS Domain Names Using the CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • 136 IP Addressing Commands.
Host Name Mapping Use the Host Name Mapping page to assign an IP address to a static host name. The Host Name Mapping page provides one IP address per host. To display the Host Name Mapping page, click System > IP Addressing > Host Name Mapping. Figure 6-28. Host Name Mapping The Host Name Mapping page contains the following fields: • Host Name — Contains a list of host names. Host names are defined on the Add Static Host Name Mapping page. Each host provides one IP address.
Figure 6-29. Add Static Host Name Mapping 3. Define the relevant fields. 4. Click Apply Changes. The IP address is mapped to the host name, and the device is updated. Displaying the Static Host Name Mapping Table 1. Open the Host Name Mapping page. 2. Click Show All. The Static Host Name Mapping Table displays: Figure 6-30. Static Host Name Mapping Table Removing a Host Name From IP Address Mapping 1. Open the Host Name Mapping page. 2. Click Show All. The Host Name Mapping Table opens. 3.
Mapping an IP Address to Domain Host Names Using the CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • IP Addressing Commands. Dynamic Host Name Mapping Use the Dynamic Host Name Mapping page to view dynamic host entries the switch has learned. To display the Dynamic Host Name Mapping page, click System > IP Addressing > Dynamic Host Name Mapping in the tree view. Figure 6-31.
ARP Table Use the ARP Table page to view ARP parameters for IP interfaces. The ARP table displays the correlation between each MAC address and its corresponding IP address. To display the ARP Table page, click System > IP Addressing > ARP in the tree view. Figure 6-32. ARP Table The ARP Table page contains the following fields: • IP Address — The station IP address, which is associated with the MAC address filled in below.
IPv6 Management Features The PowerConnect M6220/M6348/M8024 switch software includes several enhancements to the IPv6 management feature. You can assign either an IPv4 or IPv6 address to the management interface. In previous software releases, the management port supported IPv6 addresses, but only when the switch received its IPv6 addressing and gateway definitions through auto-configuration when connected to an IPv6 router on the management network.
• Change IPv6 Gateway — Select this option to allow the IPv6 Gateway field to be edited. • IPv6 Gateway — Enter the IPv6 gateway address (do not include a prefix). Use an IPv6 global or linklocal address format. • Add IPv6 Address — To add an IPv6 address, select Add so you can specify an address in the New IPv6 Address field. • New IPv6 Address — If Add is selected from the Add IPv6 Address field, enter an IPv6 prefix/length in this field.
Running Cable Diagnostics Use the Diagnostics menu page to perform virtual cable tests for copper and fiber optics cables. To display the Diagnostics page, click System > Diagnostics in the tree view. Use this page to go to the following feature: • Integrated Cable Test for Copper Cables Integrated Cable Test for Copper Cables Use the Integrated Cable Test for Copper Cables page to perform tests on copper cables.
The Integrated Cable Test for Copper Cables page contains the following fields: • Interface — The interface to which the cable is connected. • Test Result — The cable test results. Possible values are: – No Cable — There is not a cable connected to the port. – Open Cable — The cable is open. – Short Cable — A short has occurred in the cable. – OK — The cable passed the test. – Fiber Cable — A fiber cable is connected to the port.
Figure 6-36. Integrated Cable Test Results Table Performing Copper Cable Tests Using CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • PHY Diagnostics Commands. Optical Transceiver Diagnostics Use the Optical Transceiver Diagnostics page to perform tests on Fiber Optic cables. To display the Optical Transceiver Diagnostics page, click System > Diagnostics > Optical Transceiver Diagnostics in the tree view.
Figure 6-37. Optical Transceiver Diagnostics The Optical Transceiver Diagnostics page contains the following fields: • Interface — The port IP address on which the cable is tested. • Temperature — The temperature (C) at which the cable is operating. • Voltage — The voltage at which the cable is operating. • Current — The current at which the cable is operating. • Output Power — The rate at which the output power is transmitted. • Input Power — The rate at which the input power is transmitted.
Figure 6-38. Optical Transceiver Diagnostics Table The test runs and displays the Optical Transceiver Diagnostics Table page. Performing Fiber Optic Cable Tests Using CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • PHY Diagnostics Commands. Managing Device Security Use the Management Security menu page to set management security parameters for port, user, and server security.
• RADIUS Accounting Server Statistics • RADIUS Server Statistics • Authorization Network RADIUS • Telnet Server • Denial of Service Access Profile Use the Access Profile page to define a profile and rules for accessing the device. You can limit access to specific management functions, to specific ingress interfaces, and/or to source IP address and/or source IP subnets. The feature has been modified to include TFTP in the list of management access methods.
Figure 6-39. Access Profile • Access Profile — Shows the Access Profile. • Current Active Access Profile — Shows profile that is activated. • Set Active Access Profile — Activates the access profile. • Remove Profile — When checked, removes an access profile from the Access Profile list. Note: Assigning an access profile to an interface implies that access through other interfaces is denied. If an access profile is not activated, the device can be accessed by all. Displaying the Access Profile 1.
Figure 6-40. Profile Rules Table Adding an Access Profile 1. Open the Access Profile page. 2. Click Add Profile. The Add an Access Profile page displays. Figure 6-41. Add an Access Profile 3. Enter the profile name in the Access Profile Name text box. 4.
Management Method — Select from the dropdown box. The policy is restricted by the management chosen. Interface — Choose the check box for the interface if the policy should have a rule based on the interface. Interface can be a physical interface, a LAG, or a VLAN. Source IP Address — Select the Source IP Address check box if the policy should have a rule based on the IP address of the client sending the management traffic. Fill in the source IP address and mask details in the fields provided.
Figure 6-42. Add An Access Profile Rule 3. Complete the fields in the dialog: Management Method — Select from the dropdown box. The policy is restricted by the management chosen. Interface — Choose the check box for the interface if the policy should have a rule based on the interface. Interface can be a physical interface, a LAG, or a VLAN. Source IP — Select the Source IP Address check box if the policy should have a rule based on the IP address of the client originating the management traffic.
Removing a Rule 1. Open the Access Profile page. 2. Click Show All to display the Profile Rules Table page. 3. Select a rule. 4. Check the Remove check box. 5. Click Apply Changes. The rule is removed, and the device is updated. Defining Access Profiles Using CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • Management ACL Commands. Authentication Profiles User authentication occurs locally and on an external server.
Figure 6-43. Authentication Profiles The Authentication Profiles page contains the following fields: Authentication Profile Name Displays lists to which user-defined authentication profiles are added. Use the radio buttons to apply the authentication profile to govern either Login or Enable part of the switch’s operations, and to select one of two available lists: 154 • Login — Allows you to login to the switch. Options are defaultList, networkList and any user-defined login authentication profiles.
Authentication Method • Optional Methods — User authentication methods. Possible options are: – None — No user authentication occurs. – Local — User authentication occurs at the device level; the device checks the user name and password for authentication. – RADIUS — User authentication occurs at the RADIUS server. For more information about RADIUS servers, see "RADIUS Global Configuration." – TACACS+ — User authentication occurs at the TACACS+ server.
3. Enter the profile name of 1 to 12 characters in the Profile Name field. Note: The profile name should not include spaces. 4. Click Apply Changes. A profile is created. You can activate an authentication profile using the System > Management Security > Select Authentication web page. Modifying Authentication Profiles 1. Open the Authentication Profiles page. 2. Select an element from the list in the Authentication Profile Name field. 3. Select one or more Optional Methods by using the arrows. 4.
Configuring an Authentication Profile Using CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • AAA Commands. Select Authentication After authentication profiles are defined, you can apply them to management access methods. For example, console users can be authenticated by Authentication Profile List 1, while Telnet users are authenticated by Authentication Profile List 2.
• 158 Secure HTTP and HTTP — Authentication method used for Secure HTTP access and HTTP access, respectively. Possible field values are: – None — No authentication method is used for access. – Local — Authentication occurs locally. – RADIUS — Authentication occurs at the RADIUS server. – TACACS+ — Authentication occurs at the TACACS+ server. – Local, None — Authentication first occurs locally. – RADIUS, None — Authentication first occurs at the RADIUS server.
– TACACS+, Local, None — Authentication first occurs at the TACACS+ server. If authentication cannot be verified at the TACACS+ server, the session is authenticated locally. If the session cannot be authenticated locally, the session is permitted. Applying an Authentication Method List to Console Sessions 1. Open the Select Authentication page. 2. Select an authentication profile in the Console field. 3. Click Apply Changes. Console sessions are assigned an authentication method List.
Applying an Authentication Profile to Telnet Sessions 1. Open the Select Authentication page. 2. Select an authentication profile in the Telnet field. 3. Click Apply Changes. Console sessions are assigned authentication profiles. Applying an Authentication Profile to Secure Telnet (SSH) Sessions 1. Open the Select Authentication page. 2. Select an authentication profile in the Secure Telnet (SSH) field. 3. Click Apply Changes. Secure Telnet (SSH) sessions are assigned authentication profiles.
Password Management Password management provides increased network security and improved password control.
• Enable Password Aging (1–365) — Indicates the amount of time that elapses before a password is aged out, when checked. The field value is from 1 to 365 days. The password aging feature functions only if the switch clock is synchronized to an SNTP server. See the "Clock Commands" section in the CLI Reference Guide for additional information. • Consecutive Passwords Before Reuse (1–10) — Indicates the amount of times a password is changed, before the password can be reused.
Figure 6-48. Local User Database The Local User Database page contains the following fields: • User Name — List of users. • Access Level — User access level. The lowest user access level is 1 (readonly), and 15 (readwrite) is the highest. To suspend a user’s access, set level to 0 (only a level 15 user has this ability). • Password (8– 64 characters) — User-defined password. • Confirm Password — Confirms the user-defined password.
Adding a User to the Local User Database 1. Open the Local User Database page. 2. Click Add to display the Add User page. The Add a New User page is displayed. Figure 6-49. Add a New User 3. Complete the fields. 4. Click Apply Changes. The new user is defined, and the device is updated. Note: You can define as many as eight local users on the device. Displaying Users on the Local User Database 1. Open the Local User Database page. 2. Click Show All to display the Local User Table page.
Removing Users From the Local User Database 1. Open the Local User Database page. 2. Click Show All to display the Local User Table page. 3. Select a User Name. 4. Check Remove. 5. Click Apply Changes. The user is removed, and the device is updated. Assigning Users With CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • AAA Commands.
Figure 6-51. Line Password The Line Password page contains the following fields: • Line Mode — Drop-down menu specifies device access through a Console, Telnet, or Secure Telnet (SSH) session. • Line Password (8 – 64 characters) — The line password for accessing the device through a console, Telnet, or Secure Telnet session. The password appears in the ***** format. • Confirm Password (8 – 64 characters) — Confirms the new line password. The password appears in the ***** format.
Assigning Line Passwords Using CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • AAA Commands. Enable Password Use the Enable Password page to set a local password to control access to normal and privilege levels. To display the Enable Password page, click System > Management Security > Enable Password in the tree view. Figure 6-52.
Defining Enable Passwords 1. Open the Enable Password page. 2. Specify the Enable password. 3. Confirm the Enable password. 4. Click Apply Changes. The Enable password is set. Assigning Enable Passwords Using CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • AAA Commands. TACACS+ Settings The device provide Terminal Access Controller Access Control System (TACACS+) client support.
Figure 6-53. TACACS+ Settings The TACACS+ Settings page contains the following fields: • Host Name / IP Address — Specifies the TACACS+ Server. • Priority (0–65535) — Specifies the order in which the TACACS+ servers are used. The default is 0. • Authentication Port (0–65535) — The port number through which the TACACS+ session occurs. The default is port 49.
– Not Connected — There is not currently a connection between the device and the TACACS+ server. The fields in the Default Parameters section of the page contain values that are automatically applied to new TACACS+ servers. • Key String (0–128 Characters) — Enter the default authentication and encryption key for TACACS+ communication between the device and the TACACS+ server.
The TACACS+ Servers Table opens. Figure 6-55. TACACS+ Servers Table Removing a TACACS+ Server from the TACACS+ Servers List 1. Open the TACACS+ Settings page. 2. Click Show All. The TACACS+ Servers Table opens. 3. Select a TACACS+ Servers Table entry. 4. Select the Remove check box. 5. Click Apply Changes. The TACACS+ server is removed, and the device is updated.
In some networks, the RADIUS server is responsible for assigning traffic to a particular VLAN. The RADIUS enhancements include the Authorization Network RADIUS feature that allows the switch to accept VLAN assignment by the RADIUS server. The RADIUS server maintains a user database, which contains per-user authentication information. RADIUS servers provide a centralized authentication method for: • Telnet Access • Web Access • Console to Switch Access • Access Control Port (802.
• Named Authentication Server Groups — The number of authentication server groups configured on the system. An authentication server group contains one or more configured authentication servers that share the same RADIUS server name. • Named Accounting Server Groups — The number of accounting server groups configured on the system. An accounting server group contains one or more configured authentication servers that share the same RADIUS server name.
Figure 6-57. RADIUS Server Configuration The RADIUS Server Configuration page contains the following fields: 174 • RADIUS Server Host Address — Use the drop-down menu to select the IP address of the RADIUS server to view or configure. Click Add to display the Add RADIUS Server page used to configure additional RADIUS servers. • Port — Identifies the authentication port the server uses to verify the RADIUS server authentication. The port is a UDP port, and the valid range is 1-65535.
• Message Authenticator — Enable or disable the message authenticator attribute for the selected server. • Secret Configured — Indicates whether the shared secret for this server has been configured. • Status — Indicates whether the selected RADIUS server is currently serving as the active RADIUS server If more than one RADIUS server is configured with the same name, the switch selects one of the servers to be the active server from the group of servers with the same name.
Viewing RADIUS Server Status and Removing a Named Server 1. Open the RADIUS Server Configuration page. 2. Click Show All. The RADIUS Named Server Status page displays. Figure 6-59. RADIUS Server Status 3. To remove a named server, select the check box in the Remove column. 4. Click Apply Changes. The RADIUS server is removed from the list.
Figure 6-60. RADIUS Accounting Server Configuration The RADIUS Accounting Server Configuration page contains the following fields: • RADIUS Accounting Server Host Address — Use the drop-down menu to select the IP address of the accounting server to view or configure. Click Add to display the Add RADIUS Accounting Server page used to configure additional RADIUS servers. • Port — Identifies the authentication port the server uses to verify the RADIUS accounting server authentication.
Adding a RADIUS Accounting Server 1. Open the RADIUS Accounting Server Configuration page. 2. Click Add. The Add RADIUS Accounting Server page displays. Figure 6-61. Add RADIUS Accounting Server 3. Enter an IP address and name for the RADIUS accounting server to add. 4. Click Apply Changes. The new RADIUS server is added, and the device is updated. Viewing RADIUS Accounting Server Status and Removing a Accounting Named Server 1. Open the RADIUS Accounting Server Configuration page. 2. Click Show All.
RADIUS Accounting Server Statistics Use the RADIUS Accounting Server Statistics page to view statistical information for each RADIUS accounting server configured on the system. To access the RADIUS Accounting Server Statistics page, click System > Management Security > RADIUS Accounting Server Statistics in the tree view. Figure 6-63.
• Pending Requests — The number of RADIUS Accounting-Request packets destined for this server that have not yet timed out or received a response. • Timeouts — The number of accounting timeouts to this server. • Unknown Types — The number of RADIUS packets of unknown type which were received from this server on the accounting port. • Packets Dropped — The number of RADIUS packets received from this server on the accounting port and dropped for some other reason.
• Access Requests — The number of RADIUS Access-Request packets sent to this server. This number does not include retransmissions. • Access Retransmissions — The number of RADIUS Access-Request packets retransmitted to this server. • Access Accepts — The number of RADIUS Access-Accept packets, including both valid and invalid packets, that were received from this server.
Figure 6-65. Authorization Network RADIUS The Authorization Network RADIUS page contains the following field: • 182 Admin Mode— Enables or disables the ability of the switch to accept VLAN assignment from the RADIUS server.
Telnet Server Use the Telnet Server page to enable or disable telnet service on the switch or to modify the telnet port. To display the Telnet Server page, click System > Management Security > Telnet Server. Figure 6-66. Telnet Server The Telnet Server page contains the following fields: • New Telnet Sessions — Controls the administrative mode for inbound telnet sessions. If you set the mode to Block, new telnet sessions are not allowed, but existing sessions are not interrupted.
Configuring the Telnet Server Using CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • Telnet Server Commands Denial of Service Denial of Service refers to the exploitation of a variety of vulnerabilities which would interrupt the service of a host or make a network unstable. Use the Denial of Service page to configure settings to help prevent denial of service attacks.
• Denial of Service Min TCP Hdr Size — Specify the minimum TCP header size allowed. If First Fragment DoS prevention is enabled, the switch will drop packets that have a TCP header smaller then this configured value. • Denial of Service TCP Fragment — Enabling TCP Fragment DoS prevention causes the switch to drop packets that have an IP fragment offset equal to one.
Captive Portal The Captive Portal (CP) feature allows you to block clients directly connected to the switch from accessing the network until user verification has been established. You can configure CP verification to allow access for both guest and authenticated users. Authenticated users must be validated against a database of authorized Captive Portal users before access is granted. The database can be stored locally on the switch or on a RADIUS server.
CP Global Configuration From the CP Global Configuration page, you can control the administrative state of the CP feature and configure global settings that affect all captive portals configured on the switch. To configure the global CP settings, click System > Captive Portal > Global Configuration. Figure 6-68. CP Global Configuration The CP Global Configuration page contains the following fields: • Captive Portal — Enable or disable the CP feature on the switch.
• Authentication Timeout — To access the network through a portal, the client must first enter authentication information on an authentication Web page. Enter the number of seconds to keep the authentication session open with the client. When the timeout expires, the switch disconnects any active TCP or SSL connection with the client.
The CP Configuration page contains the following fields: • Configuration Name — If multiple CP configurations exist on the system, select the CP configuration to view or configure. Use the Add button to add a new CP configuration to the switch. • Captive Portal — Use this field to enable or disable the selected CP configuration. • Protocol Mode — Choose whether to use HTTP or HTTPS as the protocol for the portal to use during the verification process.
Adding a Captive Portal Configuration 1. Open the Captive Portal Configuration page. 2. Click Add. The Add CP Configuration page displays: Figure 6-70. Add CP Configuration 3. Enter a name for the new CP configuration. 4. Click Apply Changes. The CP configuration is added, and the device is updated. Displaying the CP Configuration Summary 1. Open the Captive Portal Configuration page. 2. Click Show All. The CP Summary page displays: Figure 6-71. CP Summary 3.
CP Web Customization When a client connects to the access point, the user sees a Web page. The CP Web Customization page allows you to customize the appearance of that page with specific text and images. To display the CP Web Customization page, click System > Captive Portal > Web Customization. To configure the portal users in a remote RADIUS server, see "Configuring Users in a Remote RADIUS Server" on page 196. Figure 6-72.
Figure 6-73. CP Web Customization (cont.) The CP Web Customization page contains the following fields: 192 • Captive Portal ID — The drop-down menu lists each CP configured on the switch. To view information about the clients connected to the CP, select it from the list. • Branding Image — Select the name of the image file to display on the top left corner of the page. This image is used for branding purposes, such as the company logo.
• User Label — Enter the text to display next to the field where the user enters the username. • Password Label — Enter the text to display next to the field where the user enters the password. • Button Label — Enter the text to display on the button the user clicks to connect to the network. • Acceptance Use Policy — Enter the text to display in the Acceptance Use Policy field. The acceptance use policy instructs users about the conditions under which they are allowed to access the network.
Local User You can configure a portal to accommodate guest users and authorized users. Guest users do not have assigned user names and passwords. Authorized users provide a valid user name and password that must first be validated against a local database or RADIUS server. Authorized users can gain network access once the switch confirms the user’s credentials. The Local User page allows you to add authorized users to the local database, which can contain up to 1024 user entries.
Removing a Local User 1. Select the user from the Local User Name field. 2. Select the Remove option at the bottom of the page. 3. Click Apply Changes to remove the user. Adding a Local User 1. Open the Local User page. 2. Click Add. The Add Local User page displays: Figure 6-75. Add Local User 3. Enter a name for the new user. The name is 1 to 31 alphanumeric characters. 4. Enter a password for the new user. The password is 8-64 characters in length. 5. Click Apply Changes.
Configuring Users in a Remote RADIUS Server You can use a remote RADIUS server client authorization. You must add all users to the RADIUS server. The local database does not share any information with the remote RADIUS database. The following table indicates the RADIUS attributes you use to configure authorized captive portal clients. The table indicates both RADIUS attributes and vendor-specific attributes (VSA). VSAs are denoted in the Attribute column and are comma delimited (vendor id, attribute id).
Figure 6-77. User Group The User Group page contains the following fields: • Group Name — The menu contains the name of all of the groups configured on the system. The Default user group is configured by default. New users are assigned to the 1-Default user group by default. To delete a user group, select the name of the group from the Group Name menu, select the Remove option, and then click Apply Changes.
3. Enter a name for the new group. 4. Click Apply Changes. The group is added, and the device is updated. Displaying the User Group Page 1. Open the User Group page. 2. Click Show All. The User Group Summary page displays: Figure 6-79. CP User Group Summary 3. To remove a configured group, select the Remove option in the appropriate row, and then click Apply Changes. Interface Association From the Interface Association page, you can associate a configured captive portal with specific interfaces.
Figure 6-80. CP Interface Association The Interface Association page contains the following fields: • CP Configuration — Lists the captive portals configured on the switch by number and name. • Interface List — Lists the interfaces available on the switch that are not currently associated with a captive portal. Use the following steps to associate one or more interfaces with a captive portal: 1. Select the desired captive portal from the CP Configuration list. 2.
CP Status The CP Status page contains a variety of information about the CP feature. From the CP Status page, you can access information about the CP activity and interfaces. To view captive portal status information, click System > Captive Portal > Status. Figure 6-81. CP Status The CP Status page contains the following fields: 200 • CP Global Operational Status — Shows whether the CP feature is enabled.
• CP IP Address — Shows the captive portal IP address • Configured Captive Portals — Shows the number of captive portals configured on the switch. • Supported Captive Portals — Shows the number of supported captive portals in the system. • Active Captive Portals — Shows the number of captive portal instances that are operationally enabled. CP Activation and Activity Status The CP Activation and Activity Status page provides information about each CP configured on the switch.
– • The associated interfaces do not exist or do not support the CP capability. Blocked Status — Indicates whether authentication attempts to the captive portal are currently blocked. Use the Block and Unblock buttons to control the blocked status. If the CP is blocked, users cannot gain access to the network through the CP. Use this function to temporarily protect the network during unexpected events, such as denial of service attacks.
• Disable Reason — If the selected CP is disabled on this interface, this field indicates the reason, which can be one of the following: – Interface Not Attached – Disabled by Administrator • Blocked Status — Indicates whether the captive portal is temporarily blocked for authentications. • Authenticated Users — Displays the number of authenticated users using the captive portal instance on this interface.
• Packets Received Counter — Shows whether the interface supports displaying the number of packets received from each client. • Packets Transmitted Counter — Shows whether the interface supports displaying the number of packets transmitted to each client. • Session Timeout — Shows whether the interface supports client session timeout. This attribute is supported on all interfaces. • Idle Timeout — Shows whether the interface supports a timeout when the user does not send or receive any traffic.
Client Detail The Client Detail page shows detailed information about each client connected to the network through a captive portal. To view detailed information about the clients connected to the switch through the captive portal, click System > Captive Portal > Client Detail. Figure 6-86. Client Detail The Client Detail page contains the following fields: • MAC Address — The menu lists each associated client by MAC address.
Figure 6-87. Interface - Client Status The Interface Client Status page contains the following fields: • Interface — The drop-down menu lists each interface on the switch. To view information about the clients connected to a CP on this interface, select it from the list. • MAC Address — Identifies the MAC address of the client. • IP Address — Identifies the IP address of the client. • CP Configuration — Identifies the captive portal the client used to access the network.
• Configuration Name — The drop-down menu lists each CP configured on the switch. To view information about the clients connected to the CP configuration, select the CP configuration name from the list. • MAC Address — Identifies the MAC address of the client. • IP Address — Identifies the IP address of the client. • Interface — Identifies the interface the client used to access the network. • Protocol — Shows the current connection protocol, which is either HTTP or HTTPS.
• Traps Authentication or Privacy Keys are modified in the SNMPv3 User Security Model (USM). Use the SNMP page to define SNMP parameters. To display the SNMP page, click System > SNMP in the tree view. SNMP Global Parameters Use the Global Parameters page to enable SNMP and Authentication notifications. To display the Global Parameters page, click System > SNMP > Global Parameters in the tree view. Figure 6-89.
2. Type desired hexadecimal ID into the Local Engine ID field. 3. Click Apply Changes. The new Local Engine ID is set, and the device is updated. Using Default SNMP Engine ID 1. Open the Global Parameters page. 2. Click the Use Default check box. 3. Click Apply Changes. The default SNMP engine ID, based on the MAC address, is created and the device is updated. Enabling SNMP Traps 1. Open the Global Parameters page. 2. Select Enable in the SNMP Traps field. 3. Click Apply Changes.
Figure 6-90. SNMP View Settings The SNMP View Settings page contains the following fields: • View Name — Contains a list of user-defined views. A view name can contain a maximum of 30 alphanumeric characters. • OID Subtree — Specifies a valid SNMP OID string that can include meta characters like *. • View Type — Specifies whether the objectIDs in the view are included or excluded. • Remove — Check to remove displayed view type. Adding a View 1. Open the SNMP View Settings page. 2. Click Add.
Figure 6-91. Add View 3. Define the relevant fields. 4. Click Apply Changes. The SNMP view is added, and the device is updated. Displaying the View Table 1. Open the SNMP View Settings page. 2. Click Show All. The View Table page displays: Figure 6-92.
Removing SNMP Views 1. Open the SNMP View Settings page. 2. Click Show All. The View Table page displays. 3. Select an SNMP view. 4. Check the Remove check box. 5. Click Apply Changes. The SNMP view is removed, and the device is updated. Defining SNMP Views Using CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • SNMP Commands.
Figure 6-93. Access Control Group The Access Control Group page contains the following fields: • Group Name — Contains a list of user-defined groups to which access control rules are applied. A group name can contain a maximum of 30 alphanumeric characters. • Security Model — Defines the SNMP version attached to the group. The possible field values are: • – SNMPv1 — SNMPv1 is defined for the group. – SNMPv2 — SNMPv2 is defined for the group.
– Read — Select a view that restricts management access to viewing the contents of the agent. If no view is selected, all objects except the community-table, SNMPv3 user and access tables can be viewed. – Write — Select a view that permits management read-write access to the contents of the agent. – Notify — Select a view that permits sending SNMP traps or informs. Adding SNMP Groups 1. Open the Access Control Configuration page. 2. Click Add.
Figure 6-95. Access Table Removing a Group 1. Open the Access Control Configuration page. 2. Click Show All. The Access Table opens. 3. Select a group. 4. Check Remove. 5. Click Apply Changes. The group is removed, and the device is updated. Defining SNMP Access Control Using CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • SNMP Commands.
Figure 6-96. SNMPv3 User Security Model (USM) The SNMPv3 User Security Model (USM) page contains the following fields: • User Name — Contains a list of user-defined user names. • Group Name — Contains a list of user-defined SNMP groups. SNMP groups are defined in the Access Control Group page. • Engine ID — Selects whether the selected user is associated to a local or to a specified remote SNMPv3 enabled device.
• Privacy — Specifies whether or not the authentication key is to be used. Choose one of the following values: – None — Do not use an authentication key. – des — Use a CBC-DES Symmetric Encryption Password for the authentication key. – des-key — Use an HMAC-MD5-96 Authentication Pre-generated key. • Authentication Key(MD5-16; SHA-20 HEX character pairs) — Specify the authentication key. An authentication key is defined only if the authentication method is MD5 or SHA.
Figure 6-98. Add Remote User 3. Define the relevant fields. 4. Click Apply Changes. 5. The user is added to the group, and the device is updated. Viewing the User Security Model Table 1. Open the SNMPv3 User Security Model (USM) page. 2. Click Show All. The User Security Model Table displays: Figure 6-99.
Removing a User Security Model Table Entry 1. Open the User Security Model page. 2. Click Show All. The User Security Model Table page displays. 3. Select an entry. 4. Check the Remove check box. 5. Click Apply Changes. The entry is removed, and the device is updated. Defining SNMP Users Using CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • SNMP Commands.
Figure 6-100. SNMPv1, 2 Community The SNMPv1, 2 Community page contains the following fields: • Community String — Contains a list of user-defined community strings that act as a password and are used to authenticate the SNMP management station to the device. A community string can contain a maximum of 20 characters. • SNMP Management Station — Contains a list of management station IP address for which community strings have been defined. • Basic — Enables SNMP Basic mode for the selected community.
Adding a New Community 1. Open the SNMPv1, 2 Community page. 2. Click Add. The Add SNMPv1,2 Community page displays: Figure 6-101. Add SNMPv1,2 Community 3. Complete the relevant fields. In addition to the fields in the SNMPv1, 2 Community page, the Add SNMPv1,2 Community page contains the All (0.0.0.0) field, which indicates that the community can be used from any management station. 4. Click Apply Changes. The new community is saved, and the device is updated. Displaying Communities 1.
Figure 6-102. Basic and Advanced Table Removing Communities 1. Open the SNMPv1, 2 Community page. 2. Click Show All. The Basic and Advanced Table page displays. 3. Select a community and check the Remove check box. 4. Click Apply Changes. The community entry is removed, and the device is updated. Configuring Communities Using CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • SNMP Commands.
Figure 6-103. Notification Filter The Notification Filter page contains the following fields: • Notification Filter Name — Contains a list of user-defined notification filters. A notification filter name can contain a maximum of 30 characters. • New Object Identifier Tree — Displays the OID configured for the selected filter. This field can be edited. • Filter Type — Indicates whether informs or traps are sent regarding the OID to the trap recipients.
Figure 6-104. Add Filter 3. Define the relevant fields. 4. Click Apply Changes. The new filter is added, and the device is updated. Displaying the Filter Table 1. Open the Notification Filter page. 2. Click Show All. The Filter Table page appears, which displays all of the filters configured for the selected filter name: Figure 6-105. Show Notification Removing a Filter 1. Open the Notification Filter page. 2. Click Show All. The Show Notification page displays. 3. Select the Filter Table entry. 4.
Configuring Notification Filters Using CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • SNMP Commands. Notification Recipients Use the Notification Recipients page to view information for defining filters that determine whether traps are sent to specific users, and the trap type sent.
Figure 6-106. Notification Recipients The Notification Recipients page contains the following fields: • Recipient IP — Contains a user-defined list of notification recipients IP addresses. • Notification Type — The type of notification sent. The possible field values are: • • – Trap — Traps are sent. – Inform — Informs are sent. SNMPv1,2 — SNMP versions 1 or 2 are enabled for the selected recipient.
– Security Level — The security level attached to notifications. The possible field values are: • NoAu NoPriv — The packet is neither authenticated nor encrypted. • Auth NoPriv — The packet is authenticated. • Auth Priv — The packet is both authenticated and encrypted. • UDP Port (1–65535) — UDP port used to send notifications. The default is 162. • Filter Name — Check this check box to apply a user-defined SNMP filter (selected from the dropdown menu) to notifications.
4. Click Apply Changes. The notification recipient is added, and the device is updated. Displaying the Notification Recipients Tables 1. Open Notification Recipients page. 2. Click Show All. The Notification Recipient Tables page opens: Figure 6-108. Notification Recipient Tables Removing Notification Recipients 1. Open the Notification Recipients page. 2. Click Show All. The Notification Recipient Tables page open. 3.
File Management Use the File Management menu page to manage device software, the image file, and the configuration files. In addition to a TFTP server, the file management feature has been enhanced to allow file uploads and downloads by using an HTTP session (in other words, by using your web browser). Configuration file transfers are also permitted by using Secure Copy (SCP) and SSH File Transfer Protocol (SFTP). The system handles two versions of the software image.
• Image Description — A field 0-128 characters in length that displays an image description of the file. • Size — Displays the size of the specified file in bytes. • Remove — Select to remove the specified file. • Flash Memory Details — Displays Flash Memory availability details, in terms of total bytes of memory used, and memory (in bytes) available. Active Images Use the Active Images page to set the boot image.
Figure 6-111. File Download The File Download page contains the following fields: File Type — Select the type of file to be downloaded. Possible filetypes are: • Firmware — Downloads the active image.
• Transfer Mode — Select the file transfer mode for the configuration to download. The options are: – TFTP — Trivial File Transfer Protocol – SFTP — SSH File Transfer Protocol – SCP — Secure Copy – HTTP — Download files of various types to the switch using an HTTP session (in other words, by using your web browser). • Server Address — Specify the TFTP/SFTP/SCP server IP address from which the configuration files are downloaded. • Source File Name — Name of the file on the TFTP/SFTP/SCP server.
Downloading Files Using CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • Configuration and Image Files Commands. File Upload Use the File Upload to Server page to upload configuration (ASCII), image (binary), operational log, and startup log files from the device to the server. To display the File Upload to Server page, click System > File Management > File Upload in the tree view. Figure 6-112.
– TFTP — Trivial File Transfer Protocol – SFTP — SSH File Transfer Protocol – SCP — Secure Copy – HTTP— Hypertext Transfer Protocol Upload Upload contains the following fields: • Server Address — The server IP address to which the selected file is uploaded. • Destination File Name — The name which the file will have after it is uploaded. The name can be 1 – 32 characters. • User Name — Name of the user on the server. Used for authentication in case of SFTP/SCP server.
Figure 6-113. Copy Files The Copy Files page contains the following fields: • Copy Master Firmware — Specifies that a software image file should be copied. • Destination — The destination unit(s) (within the stack) to which the file is copied. Select from the menu one of the following values: – All — All units in the stack. – Unit — Specified unit within the stack, unit 1 for example. • Copy Configuration — Specifies that a configuration file should be copied.
• – Startup Config — The startup configuration file. – Backup Config — The backup configuration file. Restore Configuration Factory Default — Select the radio button and click Apply Changes to restore all configuration structures to the defaults. Defining Advanced Settings Use Advanced Settings to set miscellaneous global attributes of the device. The changes to these attributes are applied only after the device is reset.
Use the Auto Configuration page to enable the switch to be automatically configured when it is initialized and cannot find a configuration file. With Auto Configuration enabled, the switch obtains an IP address and downloads a configuration file from a TFTP server. NOTE: The Auto Configuration process requires the DHCP client on the switch to be enabled by default.
Configuring Auto Configuring Using the CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • Utility Commands Defining Stacking Use the Stacking menus to set the stacking characteristics of the device. The changes to these attributes are applied only after the device is reset. System > Stacking in the tree view to display the Stacking page.
Figure 6-115. Unit Configuration The Unit Configuration page contains the following fields: • Switch ID — Specifies unit to be configured. • Change Switch ID to — Changes the unit number of the selected unit. • Management Status — Shows whether the selected unit is a Management Unit or a Stack Member. • Unit Type — Specify whether the select unit is the Management Unit (Stack Master), a Stack Member, or the Standby Switch.
• Plugged-in Model Identifier — A 16-byte character string to identify the plugged-in model of the selected unit. • Switch Status — Displays the status of the selected unit. The possible values are: • – OK — The unit is in place and functioning. – Unsupported — The unit is in place, but can not function as a member of the stack. – Code Mismatch — The software of the switch does not match the master unit software.
– OPR Standby — Indicates that this unit is operating as the Standby Unit and the configured Standby Unit is not part of the stack. – CFG Standby — Indicates that the unit is configured as the Standby Unit. The unit configured as the Standby switch becomes the stack manager if the current manager fails. – Blank — Indicates that the switch is not configured as the Standby Unit.
Figure 6-117. Supported Switches The Supported Switches page contains the following fields: • Supported Switches — Drop-down list permits selection of switches supported. • Switch Index — Specifies the index into the database of the supported switch types. • Switch Type — Hardware ID given to the switch. • Switch Model ID — Displays a 16-byte character string to identify the model of the supported switch. • Description — Displays a 256-byte data field used to identify the device.
Viewing Supported Switches Using the CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • System Management Commands Stack Port Summary Use the Stack Port Summary page to view the stackable ports present. This screen displays the unit, the stackable interface, the configured mode of the interface, the running mode as well as the link status and link speed of the stackable port.
• Link Status — Indicates whether or not the stack interface for each unit is operating. • Link Speed (Gb/s) — Indicates the nominal speed of each unit’s link. Viewing Stack Port Summary Using the CLI Command For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • System Management Commands Stack Port Counters Use the Stack Port Counters page to view the transmitted and received statistics, including data rate and error rate.
• Transmit Error Rate (Errors/sec) — Indicates the number of errors transmitted per second. • Total Errors — Total number of errors transmitted. • Data Rate (Mb/s) — Indicates the speed at which the data is received. • Receive Error Rate (Errors/sec) — Indicates the number of errors received per second. • Total Errors — Total number of errors received. Viewing Stack Port Counters 1. Open the Stack Port Counters page.
• The collector can analyze traffic patterns for whatever protocols are found in the headers (e.g. TCP/IP, IPX, Ethernet, AppleTalk…), which means there is no need for a layer 2 switch to decode and understand all protocols. sFlow Agent Summary Packet Flow Sampling and Counter Sampling are performed by sFlow Instances associated with individual data sources within the sFlow Agent. Packet Flow Sampling and Counter Sampling are designed as part of an integrated system.
The sFlow Agent Summary page contains the following fields: • • Version — Uniquely identifies the version and implementation of this MIB. The version string must have the following structure: MIB Version; Organization; Software Revision where: – MIB Version — 1.3, the version of this MIB. – Organization — Dell Corp. – Revision — 1.0 Agent Address — The IP address associated with this agent.
The sFlow Receiver Configuration page contains the following fields: • Receiver Index — Selects the receiver for which data is to be displayed or configured. The allowed range is 1 to 8. • Receiver Owner String — The entity making use of this sFlowRcvrTable entry. The empty string indicates that the entry is currently unclaimed and the receiver configuration is reset to the default values.
Configuring and Viewing sFlow Settings Using CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • sFlow Commands. sFlow Sampler Configuration The sFlow Agent collects a statistical packet-based sampling of the switched flows and sends them to the configured receivers. A data source configured to collect flow samples is called a sampler.
Figure 6-123. sFlow Sampler Configuration The sFlow Sampler Configuration page contains the following fields: • Sampler DataSource— The sFlow data source for this sFlow sampler. This Agent supports physical ports only. • Receiver Index — The sFlow Receiver for this sFlow sampler. If set to zero, no packets will be sampled. Only active receivers can be set. If a receiver expires, then all samplers associated with the receiver will also expire. The allowed range is 1 to 8.
Figure 6-124. sFlow Sampler Summary Configuring and Viewing sFlow Settings Using CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • sFlow Commands. sFlow Poll Configuration The sFlow agent collects time-based sampling of network interface statistics and sends them to the configured sFlow receivers. A data source configured to collect counter samples is called a poller.
Figure 6-125. sFlow Poll Configuration The sFlow Poll Configuration page contains the following fields: • Poll DataSource— The sFlow Sampler data source for this flow sampler. This Agent supports physical ports only. • Receiver Index — The sFlowReceiver for this sFlow Counter Poller. If set to zero, the poller configuration is set to the default and the poller is deleted. Only active receivers can be set. If a receiver expires, then all pollers associated with the receiver will also expire.
Configuring and Viewing sFlow Settings Using CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • sFlow Commands. Industry Standard Discovery Protocol The Industry Standard Discovery Protocol (ISDP) is a proprietary Layer 2 network protocol that interoperates with Cisco® devices running the Cisco Discovery Protocol (CDP). ISDP is used to share information between neighboring devices.
Figure 6-127. ISDP Global Configuration The ISDP Global Configuration page contain the following fields: • ISDP Mode — Use this field to enable or disable the Industry Standard Discovery Protocol on the switch. • ISDP V2 Mode — Use this field to enable or disable the Industry Standard Discovery Protocol v2 on the switch. • Message Interval — Specifies the ISDP transmit interval. The range is (5–254). Default value is 30 seconds.
– other—Indicates that the value is in the form of a platform specific ASCII string containing info that identifies the device. For example: ASCII string contains serialNumber appended/prepended with system name. Configuring ISDP Using CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • ISDP Commands.
• Protocol Version — Displays the ISDP Protocol Version for the neighbor. • Last Time Changed — Displays when entry was last modified. Viewing ISDP Cache Table Information CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • ISDP Commands. Interface Configuration From the ISDP Interface Configuration page, you can configure the ISDP settings for each interface.
Figure 6-130. ISDP Interface Summary Configuring ISDP Using CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • ISDP Commands. ISDP Statistics From the ISDP Statistics page, you can view information about the ISDP packets sent and received by the switch. To access the ISDP Statistics page, click System > ISDP > Statistics in the navigation tree. Figure 6-131.
The ISDP Statistics page contain the following fields: • Packets Received — Displays the number of all ISDP protocol data units (PDUs) received. • Packets Transmitted — Displays the number of all ISDP PDUs transmitted. • ISDPv1 Packets Received — Displays the number of v1 ISDP PDUs received. • ISDPv1 Packets Transmitted — Displays the number of v1 ISDP PDUs transmitted. • ISDPv2 Packets Received — Displays the number of v2 ISDP PDUs received.
7 Configuring Switching Information Overview This section provides all system operations and general information for network security, ports, address tables, GARP, VLANs, Spanning Tree, Port Aggregation, and Multicast Support.
Configuring Network Security Use the Network Security menu page to set network security through port-based authentication, locked ports, DHCP Filtering configuration, and access control lists. To display the Network Security page, click Switching > Network Security in the tree view.
Figure 7-1. Dot1x Authentication The Dot1x Authentication page contains the following fields: Global Parameters • • Administrative Mode— Permits 802.1X port-based authentication on the switch. The possible field values are: – Enable — Enables 802.1X authentication on the switch. – Disable — Disables 802.1X authentication on the switch. Authentication Method — Selects the Authentication method used.
Interface Parameters 262 • Interface — Selects the Unit and Port to be affected. • Guest VLAN — Enables or disables the guest VLAN mode on this interface. To enable the guest VLAN, select the VLAN ID to use as the guest VLAN. All VLANs configured on the system are included in the menu. • Unauthenticated VLAN — Allows or prohibits unauthenticated traffic on the port. To allow unauthenticated traffic on the port, select the ID of the VLAN to assign to supplicants that fail 802.1X authentication.
• Max Users — Set the maximum number of clients supported on the port when MAC-based 802.1X authentication is enabled on the port. The number of users allowed to authenticate per port ranges from 1 to 16. • Termination Cause — Displays the reason for termination. • MAC Authentication Bypass — Enable this feature to provide 802.1x unaware clients controlled access to the network using the MAC address of the device as an identifier.
Figure 7-2. Dot1x Authentication Table 3. Use the horizontal scroll bar or click the right arrow at the bottom of the screen to display the right side of the table. 4. Use the Unit drop-down menu to view the Dot1x Authentication Table for other units in the stack, if they exist. Re-Authenticating One Port 1. Open the Dot1x Authentication page. 2. Click Show All. The Dot1x Authentication Table displays. 3. Check Edit to select the Unit/Port to re-authenticate. 4. Check Reauthenticate Now. 5.
Changing Administrative Port Control 1. Open the Dot1x Authentication page. 2. Click Show All. The Dot1x Authentication Table displays. 3. Scroll to the right side of the table and select the Edit check box for each port to configure. Change Admin Port Control to Authorized, Unauthorized, or Automode as needed for chosen ports. Only MAC-Based and Automode actually uses dot1x to authenticate. Authorized and Unauthorized are manual overrides. 4. Click Apply Changes.
Port Security The Port Security page is used to enable security on a per-port basis. When a port is locked, only packets with allowable source MAC addresses can be forwarded. All other packets are discarded. A MAC address can be defined as allowable by one of two methods: dynamically or statically. To display the Port Security page, click Switching > Network Security > Port Security in the tree view. Figure 7-4.
Viewing the Port Security Table 1. Open the Port Security page. 2. Click Show All. The Port Security Table displays. Figure 7-5. Port Security Table 3. Use the Unit drop-down menu to view the Port Security Table for other units in the stack, if they exist. Defining Multiple Locked Ports 1. Open the Port Security page. 2. Click Show All. The Port Security Table displays. 3. Click Edit for each port whose parameters are to be changed. 4. Fields can now be edited as needed for these ports. 5.
Packets can be filtered on ingress or egress. If the filter rules match, then some actions can be taken, including dropping the packet or disabling the port. For example, a network administrator defines an ACL rule that says port number 20 can receive TCP packets. However, if a UDP packet is received the packet is dropped. ACLs are composed of access control entries (ACE), or rules, that consist of the filters that determine traffic classifications.
Figure 7-7. Add IP ACL 3. Enter the desired ACL Name in the related entry field. 4. Click Apply Changes. The IP-based ACL is added, and the device is updated. Removing an IP-based ACL 1. Open the IP ACL Configuration page, and select the ACL to be deleted from the IP ACL drop-down menu. 2. Check the Remove ACL check box. 3. Click Apply Changes. The IP-based ACL is removed, and the device is updated. Displaying IP ACLs 1. Open the IP ACL Configuration page. 2. Click Show All.
IP ACL Rule Configuration Use the IP ACL Rule Configuration page to define rules for IP-based ACLs. The access list definition includes rules that specify whether traffic matching the criteria is forwarded normally or discarded. Additionally, you can specify to assign traffic to a particular queue, filter on some traffic, change VLAN tag, shut down a port, and/or redirect the traffic to a particular port. NOTE: There is an implicit "deny all" rule at the end of an ACL list.
• Action — Selects the ACL forwarding action. Choose from the drop-down menu options to apply a forwarding action. Possible values are: – Permit — Forwards packets which meet the ACL criteria. – Deny — Drops packets which meet the ACL criteria. • Assign Queue ID — Click the check box to apply this criteria, then enter an identifying number from 0 to 6. • Redirect Interface — Select from the drop-down list of interfaces one that packets meeting this rule can be redirected to.
Service Type fields Select one of the following three Match fields to use in matching packets to ACLs: • IP DSCP — Matches the packet DSCP value to the rule. Either the DSCP value or the IP Precedence value is used to match packets to ACLs. – Select From List — Select from a list of DSCP keyword values. – Match to Port — Click to add a user-defined Port ID. • IP Precedence — Matches the packet IP Precedence value to the rule when checked. Enter the IP Precedence value to match.
• ACL Commands MAC ACL Configuration The MAC ACL Configuration page allows network administrators to define a MAC-based ACL. For an explanation of ACLs, see "IP ACL Configuration." To display the MAC ACL Configuration page, click Switching > Network Security > Access Control Lists > MAC Access Control Lists > Configuration in the tree view. Figure 7-10. MAC ACL Configuration The MAC ACL Configuration page contains the following fields: • MAC ACL Name — User-defined ACL name.
Figure 7-11. Add MAC ACL 3. Enter the desired MAC ACL Name in the entry field. 4. Click Apply Changes. The MAC-based ACL is added, and the device is updated. Removing a MAC-based ACL 1. Open the MAC ACL Configuration page, and select the ACL to be removed from the MAC ACL drop-down menu. 2. Select the Remove check box. 3. Click Apply Changes. The MAC-based ACL is removed, and the device is updated. Displaying MAC ACLs 1. Open the MAC ACL Configuration page. 2. Click Show All.
MAC ACL Rule Configuration Use the MAC ACL Rule Configuration page to define rules for MAC-based ACLs. The access list definition includes rules that specify whether traffic matching the criteria is forwarded normally or discarded. A default 'deny all' rule is the last rule of every list. To display the MAC ACL Rule Configuration page, click Switching > Network Security > Access Control Lists > MAC Access Control Lists > Rule Configuration in the tree view. Figure 7-13.
• Assign Queue ID — Click the check box to apply this criteria, then enter an identifying number from 0 to 6. • Redirect Interface — Select from the drop-down list of interfaces one that packets meeting this rule can be redirected to. • Mirror Interface — Select from the drop-down list of interfaces one that packets meeting this rule can be mirrored to. • Logging — Click the check box to enable logging for this ACL. This feature is supported for the Deny action only.
Adding a New Rule to a MAC-based ACL 1. Open the MAC ACL Rule Configuration page. 2. Select the desired ACL from the MAC ACL drop-down menu. 3. Specify Create New Rule for Rule ID. 4. Enter a new ID number. 5. Define the remaining fields as needed. 6. Click Apply Changes. The new rule is assigned to the specified MAC-based ACL. Removing a Rule From a MAC-based ACL 1. Select an ACL. 2. Select a rule from the Rule ID drop-down menu. 3. Check the Remove check box. 4. Click Apply Changes.
Figure 7-14. IPv6 ACL Configuration The IPv6 ACL Configuration page contains the following fields: • IPv6 ACL Name — Specify an IPv6 ACL name string which includes alphanumeric characters only. The name must start with an alphabetic character. This field displays the name of the currently selected IPv6 ACL if any ACLs have already been created. • Rename — To rename an existing IPv6 ACL, select this option, enter a new name in the text field, and click Apply Changes.
4. Click Apply Changes. Displaying IPv6 ACLs 1. Open the IPv6 ACL Configuration page. 2. Click Show All. All IP ACLs and their related data display in the IPv6 ACL Table. Figure 7-16. IPv6 ACL Table The Summary page has the following fields: • IPv6 ACL Name — Describes the number ranges for IPv4 ACL standard versus extended. The range for a standard IP ACL is 1-99. For an extended IP ACL, the ID range is 101-199. • Rules — Shows the number of rules currently configured for the IP ACL.
To display the IPv6 ACL Rule Configuration page, click Switching > Network Security > Access Control Lists > IPv6 Access Control Lists > Rule Configuration in the navigation menu. Figure 7-17. IPv6 ACL - Rule Configuration The IPv6 ACL Configuration page contains the following fields: 280 • IPv6 ACL Name — Select the ACL you want to configure. • Rule ID — Select an existing Rule ID to modify or select Create Rule to configure a new ACL Rule.
• Mirror Interface — Specifies the egress interface where the matching traffic stream is copied, in addition to it being forwarded normally by the device. This field cannot be set if a Redirect Interface is already configured for the ACL rule. • Logging — When set to True, logging is enabled for this ACL rule (subject to resource availability in the device).
• IPv6 DSCP Service — Specify the IP DiffServ Code Point (DSCP) value, which is defined as the highorder six bits of the Service Type octet in the IPv6 header. This is an optional configuration. Enter an integer from 0 to 63. The IPv6 DSCP can be selected from one of the DSCP keywords in the menu. To specify a DSCP by its numeric value, select the Other option in the menu, and a text box displays for entering the numeric value.
ACL Bind Configuration When an ACL is bound to an interface, all the rules that have been defined are applied to the selected interface. Use the ACL Bind Configuration page to assign ACL lists to ACL Priorities and Interfaces. From the Web interface, you can configure the ACL rule in the ingress or egress direction so that the ACLs implement security rules for packets entering or exiting the port. You can apply ACLs to any physical (including 10 Gb) interface, LAG, or routing port.
– Assign ACL Priority — Assigns the priority of this ACL. If more than one ACL is applied to an interface, then the match criteria for the highest priority ACLs are checked first. Assigning an ACL to an Interface 1. Open the ACL Bind Configuration page. 2. In the Interface field, specify the Unit and Port, LAG, or VLAN to configure. 3. Select the IP, IPv6, or MAC ACL in the Select an ACL field.
Configuring Ports The Ports menu page provides links for configuring port functionality, including advanced features such as storm control and port mirroring, and for performing virtual port tests. To display the page, click Switching > Ports in the tree view. The Ports menu page contains links to the following features: • Global Parameters • Port Configuration • Protected Port Configuration • LAG Configuration • Storm Control Global Parameters Use the Global Parameters to configure Flow Control.
Enabling Ingress Backpressure 1. Open the Ports Global Parameters page. 2. Select Enable from the drop-down menu in the Flow Control field. 3. Click Apply Changes. 4. Ingress backpressure is now enabled. Configuring Flow Control Using the CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • Ethernet Configuration Commands Port Configuration Use the Port Configuration page to define port parameters.
Figure 7-20. Port Configuration The Port Configuration page contains the following fields: • Port — Specifies the Unit and Port for which port parameters are defined. • Description (0–64 Characters) — Provides a brief interface description, such as Ethernet. • Admin Status — Enables (Up) or disables (Down) traffic forwarding through the port. • Current Port Status — Specifies whether the port is currently operational or non-operational.
– • Current Duplex Mode — Displays the synchronized port duplex mode. • Auto Negotiation — Enables Auto Negotiation on the port. Auto Negotiation is a protocol between two link partners that enables a port to advertise its transmission rate, duplex mode, and flow control abilities to its partner. • Current Auto Negotiation — Displays the current Auto Negotiation setting. • Admin Advertisement — Specifies the capabilities advertised by the port.
Defining Port Parameters 1. Open the Port Configuration page. 2. Select a unit and port in the Unit and Port fields. 3. Define the available fields on the screen. 4. Click Apply Changes. The port parameters are saved to the switch. Displaying the Port Table 1. Open the Port Configuration page. 2. Click Show All. The Port Configuration Table displays. Figure 7-21. Port Configuration Table 3. Use the Unit drop-down menu to view the Port Configuration Table for other units in the stack, if they exist.
Modifying Port Configuration Settings for Multiple Ports 1. Open the Port Configuration page. 2. Click Show All. The Port Configuration Table displays. 3. Click Edit for each Port to modify. 4. Edit the Port Configuration fields as needed. 5. Click Apply Changes. The Port Configuration settings are modified, and the device is updated.
The Protected Port Configuration page contains the following fields: • Port — Specifies the Unit and Port for which port parameters are defined. • Protected Group ID — Drop-down menu used to assign a port to Group 0, 1, or 2. • Remove Group Name — Check this box to disassociate the selected port from the protected group. Displaying the Protected Port Table 1. Open the Protected Port Configuration page. 2. Click Show All. The Protected Ports Summary table displays. Figure 7-23.
Figure 7-24. 3. Add Protected Port Use the drop-down menu to assign the numeric designation 0, 1, or 2 to the Protected Group ID. 4. Enter a Protected Group Name (1–32 characters). 5. Click Apply Changes. The Protected Group settings are copied, and the device is updated.
• LAG — Contains a list of LAG numbers. • LAG Type — The port types that comprise the LAG. • Description (0–64 Characters) — Description of the port. • Admin Status — Enables or disables traffic forwarding through the selected LAG. • Current LAG Status — Indicates whether the selected LAG is Up or Down. Defining LAG Parameters 1. Open the LAG Configuration page. 2. Select a LAG in the LAG field. 3. Define the available fields on the screen. 4. Click Apply Changes.
5. Admin Status and Description can now be edited as needed. 6. Click Apply Changes. The LAG parameters are saved to the switch. Configuring LAGs with CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • Port Channel Commands Storm Control A broadcast storm is the result of an excessive number of broadcast messages simultaneously transmitted across a network by a single port.
– Multicast — If the rate of L2 multicast traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped. – Unknown Unicast — If the rate of unknown L2 unicast (destination lookup failure) traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped. • Storm Control Admin Mode — Enables or Disables Storm Control.
Modifying Broadcast Control 1. Open the Storm Control interface. 2. Click Show All. The Storm Control Settings Table displays. 3. Check Edit for each port that Broadcast Control is to be modified. 4. Edit Broadcast Control as needed. 5. Click Apply Changes. The storm control port parameters are saved to the switch.
Figure 7-29. Port Mirroring The Port Mirroring page contains the following fields: • Session — Specifies the monitoring session. • Admin Mode — Enables or Disables the port mirroring. • Destination Port — Select the port to which port traffic may be copied. • Reset Session — Allows you to reset the port monitoring session. • Source Port — Lists the source ports that have been added from the Add Source Port page. • Type — Shows the type traffic monitored on the source port.
Figure 7-30. Add Source Port 3. Configure the following fields: Session — Select the session to monitor. Source Port —Select the unit and port from which traffic is mirrored. Up to four source ports can be mirrored to a destination port. Type — Specifies the type of traffic monitored. Possible field values are: TX — Monitors transmitted packets only. RX — Monitors received packets only. TX and RX — Monitors transmitted and received packets. 4. Click Apply Changes.
Configuring a Port Mirroring Session Using CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • Port Monitor Commands Flow Based Mirroring The flow based mirroring feature builds upon the DiffServ component in QoS. In QoS, the user creates traffic classes to define match criteria, then policies to define the action to be taken on that traffic class.
Copying Mirroring to a Destination Port 1. Open the Flow Based Mirroring page. 2. Specify Policy Name and Member Class, and select the destination unit and port to be affected in Copy to Interface. 3. Click Apply Changes. The flow-based mirroring details are copied to the specified port, and the device is updated.
Figure 7-32. Static MAC Address The Static MAC Address page contains the following fields: • Interface — Specifies the Unit and Port or LAG to which the static MAC address is applied. To view addresses for a different Unit/Port or LAG, change the Interface listed here. • VLAN ID - MAC Address — Specifies VLAN ID attached to the MAC Address and the MAC address(es) included in the current static address list. Note: Only MAC addresses assigned to the specified interface and VLAN are displayed.
Figure 7-33. Adding Static MAC Address 3. Complete the fields as needed. 4. Click Apply Changes. The new static address is added to the Static MAC Address Table, and the device is updated. Modifying a Static Address in the Static MAC Address Table 1. Open the Static MAC Address page. 2. Modify the fields. 3. Click Apply Changes. The static MAC address is modified, and the device is updated. Displaying the Static MAC Address Table 1. Open the Static MAC Address page. 2. Click Show All.
Removing a Static Address from the Static Address Table 1. Open the Static MAC Address page. 2. Click Show All to display the Static MAC Address Table. 3. Check the Remove check box for the address to be removed. 4. Click Apply Changes. The static address is deleted, and the device is updated.
Figure 7-35. Dynamic Address Table The Dynamic Address Table contains the following fields: 304 • Address Aging (10–1000000) — Specifies aging time in seconds before a dynamic MAC address is erased. The default value is 300 seconds. • Clear Table — Clears all dynamic MAC address data from the table when checked and Apply Changes is clicked. • The Dynamic Address Table can be queried by: – Interface — Specifies Unit and Port queried for an address.
• Interface — Displays the port number. Defining the Aging Time 1. Open the Dynamic Address Table page. 2. Define the Address Aging field. 3. Click Apply Changes. The aging time is modified, and the device is updated. Querying the Dynamic Address Table 1. Open the Dynamic Address Table page. 2. Define the parameter by which to query the Dynamic Address Table. Entries can be queried by Interface, LAG, MAC Address, or VLAN ID. 3. Click Query to query the Dynamic Address Table.
Figure 7-36. GARP Timers The GARP Timers page contains the following fields: • Interface — Specifies the Unit and Port or LAG on which the GARP timer is enabled. • GARP Join Timer (10–100) — Displays time, in centiseconds, that PDUs are transmitted. The possible field value is 10-100. The default value is 100 centisecs. • GARP Leave Timer (30–600) — Displays time lapse, in centiseconds, that the switch waits before leaving its GARP state.
Figure 7-37. GARP Timers Table 3. Use the Unit drop-down menu to view the GARP Timers Table for other units in the stack, if they exist. Copying GARP Timers Settings 1. Open the GARP Timers page. 2. Click Show All. The GARP Timers Table displays. 3. Specify the Unit and Port you are copying from in Copy Parameters From. 4. Click Copy To for each Interface to receive these parameters. 5. Click Apply Changes. The GARP Timers settings are copied, and the device is updated.
Defining GARP Timers Using CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • GVRP Commands Configuring the Spanning Tree Protocol The Spanning Tree Protocol (STP) provides a tree topology for any arrangement of bridges. STP also provides one path between end stations on a network, eliminating loops. Spanning tree versions supported include Classic STP, Multiple STP, and Rapid STP.
Figure 7-38. Spanning Tree Global Settings The STP Global Settings page contains the following fields: • Spanning Tree Status — Enables or disables RSTP, STP, or MSTP on the switch. • STP Operation Mode — Specifies the STP mode by which STP is enabled on the switch. Possible field values are: Classic STP, Rapid STP, and Multiple STP. • BPDU Flooding — Specifies Bridge Protocol Data Unit (BPDU) packet handling when the spanning tree is disabled on an interface.
Bridge Settings • Priority — Specifies the bridge priority value. When switches or bridges are running STP, each are assigned a priority. After exchanging BPDUs, the switch with the lowest priority value becomes the root bridge. Valid values are from 0–61440. The default value is 32768. • Max Age — Specifies the switch maximum age time, which indicates the amount of time in seconds a bridge waits before implementing a topological change. Valid values are from 6 to 40 seconds.
Figure 7-39. STP Port Settings The STP Port Settings page contains the following fields: • Select a Port — Specifies the Unit and Port on which STP is enabled. • STP — Enables or disables STP on the port. • Port Fast — Enables Port Fast mode for the port when checked. If Port Fast mode is enabled for a port, the Port State is automatically placed in the Forwarding state when the port link is up. STP convergence can take 30–60 seconds in large networks.
312 – Blocking — The port is currently blocked and cannot be used to forward traffic or learn MAC addresses. – Listening — The port is currently in the listening mode. The port cannot forward traffic nor can it learn MAC addresses. – Learning — The port is currently in the learning mode. The port cannot forward traffic, however, it can learn new MAC addresses. – Forwarding — The port is currently in the forwarding mode. The port can forward traffic and learn new MAC addresses.
Displaying the STP Port Table and Configuring STP Port Settings 1. Open the STP Port Settings page. 2. Click Show All. The STP Port Table displays. Figure 7-40. STP Port Table 3. Use the Unit drop-down menu to view the STP Port Table for other units in the stack, if they exist. 4. To change the STP settings for one or more ports, select the Edit option for the port(s), configure the desired settings, and then click Apply Changes.
Figure 7-41. STP LAG Settings The STP LAG Settings page contains the following fields: 314 • Select a LAG — Specifies the LAG number for which you want to modify STP settings. • STP — Enables or disables STP on the LAG. Default is enable. • Port Fast — Enables Port Fast mode for the LAG. If Port Fast mode is enabled for a LAG, the Port State is automatically placed in the Forwarding state when the LAG is up. Port Fast mode optimizes the time it takes for the STP protocol to converge.
– Learning — The LAG is in the learning mode and cannot forward traffic, but it can learn new MAC addresses. – Forwarding — The LAG is currently in the forwarding mode, and it can forward traffic and learn new MAC addresses. – Broken — The LAG is currently malfunctioning and cannot be used for forwarding traffic. • STP Root Guard — Enables or disables STP Root Guard. The default is disable. • Role — Displays the role this port has in the STP topology.
Figure 7-42. STP LAG Table 3. To change the STP settings for one or more LAGs, select the Edit option for the LAG(s), configure the desired settings, and then click Apply Changes.
• Role — Displays the spanning tree role for the port in the STP topology. • Mode — Displays the administrative mode and if its enabled or disabled. • Fast Link Operational Status — Indicates if Fast Link is enabled or disabled for the port or LAG. If Fast Link is enabled for a port, the port is automatically placed in the forwarding state. This setting can be changed from the "STP Port Settings" or "STP LAG Settings" page.
MSTP Settings The Multiple Spanning Tree Protocol (MSTP) supports multiple instances of Spanning Tree to efficiently channel VLAN traffic over different interfaces. MSTP is compatible with both RSTP and STP; a MSTP bridge can be configured to behave entirely as a RSTP bridge or a STP bridge. To display the MSTP Settings page, click Switching > Spanning Tree > MSTP Settings in the tree view. Figure 7-45.
• Included VLANs — Maps the selected VLANs to the selected instance. Every VLAN belongs to one instance only. • Priority (0–61440) — Specifies the switch priority for the selected spanning tree instance. The default value is 32768. • Bridge ID — Indicates the bridge ID of the selected instance. • Root Bridge ID of the root bridge which is the one with the lowest path cost. • Root Port — Indicates the root port of the selected instance.
Defining MST Instances Using CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • Spanning Tree Commands MSTP Interface Settings Use the MSTP Interface Settings page to assign MSTP settings to specific interfaces. To display the MSTP Interface Settings page, click Switching > Spanning Tree > MSTP Interface Settings in the tree view. Figure 7-47.
– Designated — Indicates the port or LAG through which the designated switch is attached to the LAN. – Alternate — Provides an alternate path to the root switch from the interface. – Backup — Provides a backup path to the designated LAN. Backup ports occur only when two ports are connected in a loop by a point-to-point link. Backup ports also occur when a LAN has two or more connections connected to a shared segment. – Disabled — Indicates the port is not participating in the Spanning Tree.
Figure 7-48. MSTP Interface Table 3. Use the Unit drop-down menu to view the MSTP Interface Table for other units in the stack, if they exist. 4. To modify the port priority or path cost for one or more interfaces, check Edit for the desired interfaces. 5. Make the needed changes to the values in the Port Priority or Path Cost columns. 6. Click Apply Changes. The fields are modified for the selected Interfaces, and the device is updated.
Each VLAN in a network has an associated VLAN ID, which appears in the IEEE 802.1Q tag in the Layer 2 header of packets transmitted on a VLAN. An end station may omit the tag, or the VLAN portion of the tag, in which case the first switch port to receive the packet may either reject it or insert a tag using its default VLAN ID. A given port may handle traffic for more than one VLAN, but it can only support one default VLAN ID. To display the VLAN menu page, click Switching > VLAN in the tree view.
Figure 7-49. VLAN Membership The VLAN Membership page is divided into two sections. The top section contains fields that define the entire VLAN’s membership. The bottom section contains tables that define membership settings for specific Ports and LAGs on this VLAN. Following are the VLAN Membership fields: • Show VLAN — Selects the VLAN to display. Use either the VLAN ID or VLAN Name drop-down menu to select the VLAN. • VLAN Name (0–32) — Indicates the user-defined VLAN name.
There are two tables in this section of the page: • Ports — Displays and assigns VLAN membership to ports. To assign membership, click in Static for a specific port. Each click toggles between U, T, and blank. See the following table for definitions. • LAGs — Displays and assigns VLAN membership to LAGs. To assign membership, click in Static for a specific LAG. Each click toggles between U, T, and blank. See the following table for definitions. Table 7-1.
Assigning VLAN Membership to a Port or LAG 1. Open the VLAN Membership page. 2. Select a VLAN from the VLAN ID or VLAN Name drop-down menu. 3. In the VLAN Port Membership Table, assign a value by clicking in the Static row for a specific Port/LAG. Each click toggles between U, T, and blank (not a member). 4. Click Apply Changes. The Port or LAG is assigned to the VLAN with the selected designation, the Current row is updated with the designation, and the device is updated.
With Double VLAN Tunneling enabled, every frame that is transmitted from an interface has a DVLAN Tag attached while every packet that is received from an interface has a tag removed (if one or more tags are present). Use the Double VLAN Global Configuration page to specify the Double VLAN configuration for all the ports. To access the Double VLAN Global Configuration page, click Switching > VLAN > Double VLAN > Global Configuration from the navigation tree. Figure 7-51.
– • Custom — Use this to specify that double-tagged frames will use a custom Ethertype. A custom Ethertype may be used to make the switch interoperable with specific or non-standard equipment that does not support 802.1 or vMAN values of Ethertype in double-tagged frames. For more information, refer to the list of registered Ethertype values for common protocols. Custom Type — If Custom is selected in the Ethertype field, enter a custom Ethertype value in any range from 0 to 65535.
The Double VLAN Interface Configuration page contains the following fields: • Interface — Select the port or LAG for which you want to display or configure data. • Interface Mode — Enables or disables double VLAN tagging on the selected interface. The default value is Disable. Assigning Double VLAN Tags 1. Open the Double VLAN Global Configuration page. 2. Select the Ethertype from the drop-down menu. 3. Click Apply Changes. 4. Open the Double VLAN Interface Configuration page. 5.
Copying Double VLAN Parameters 1. Open the Double VLAN Interface Configuration page. 2. Click Show All. The Double VLAN Port Parameters Table displays. 3. Specify the Port you are copying from in Copy Parameters From. 4. Click Copy To for each Interface to receive these parameters. 5. Click Apply Changes. The Double VLAN port settings are copied, and the device is updated. Modifying Settings for Multiple Ports 1. Open the Double VLAN Interface Configuration page. 2. Click Show All.
Figure 7-54. VLAN Port Settings The VLAN Port Settings page contains the following fields: • Ports — Specifies the Unit and Port included in the VLAN. • Port VLAN Mode — Indicates the port mode. Possible values are: – General — The port belongs to VLANs, and each VLAN is user-defined as tagged or untagged (full 802.1Q mode). – Access — The port belongs to a single untagged VLAN. When a port is in Access mode, the packet types which are accepted on the port (packet type) cannot be designated.
Assigning Port Settings 1. Open the VLAN Port Settings page. 2. Select the port to which you want to assign settings from the Unit and Port drop-down menus. 3. Complete the remaining fields on the page. 4. Click Apply Changes. The VLAN port settings are defined, and the device is updated. Displaying the VLAN Port Table 1. Open the VLAN Port Settings page. 2. Click Show All. The VLAN Port Table displays. Figure 7-55.
Assigning Ports to VLAN Groups Using CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • VLAN Commands VLAN LAG Settings Use the VLAN LAG Settings page to map a LAG to a VLAN. Untagged packets entering the switch are tagged with the LAGs ID specified by the PVID. To display the VLAN LAG Settings page, click Switching > VLAN > LAG Settings in the tree view. Figure 7-56.
• – Admit Tag Only — The LAG only accepts tagged packets. – Admit All — Tagged and untagged packets are both accepted by the LAG. Ingress Filtering — Enables or disables Ingress filtering by the LAG. Ingress filtering discards packets where the VLAN tag does not match the LAG VLAN membership. Assigning VLAN LAG Settings 1. Open the VLAN LAG Settings page. 2. Select a LAG from the LAG drop-down menu 3. Complete the remaining fields on the page. 4. Click Apply Changes.
Modifying Settings for Multiple LAGs 1. Open the VLAN LAG Settings page. 2. Click Show All. The VLAN LAG Table displays. 3. Click Edit for each LAG to modify. 4. Edit fields as needed. 5. Click Apply Changes. The VLAN LAG settings are modified, and the device is updated.
• MAC Address — Specifies MAC Address for a VLAN. • Bind to VLAN (1–4093) — Specifies VLAN to which the MAC is to be bound. Assigning Bind MAC to VLAN Settings 1. Open the Bind MAC to VLAN page. 2. Enter the MAC Address to bind to the VLAN. 3. Enter the VLAN to which the MAC Address is to be bound. 4. Click Apply Changes. The listed MAC Address and VLAN are now bound, and the device is updated. Displaying the VLAN LAG Table 1. Open the Bind MAC to VLAN page. 2. Click Show All.
Removing a MAC - VLAN Entry 1. Open the Bind MAC to VLAN page. 2. Click Show All. The MAC - VLAN Bind Table displays. 3. Check Remove for each entry to remove. 4. Click Apply Changes. The entry/entries are removed, and the device is updated.
The Bind IP Subnet to VLAN page contains the following fields: • IP Address — Specifies packet source IP address. • Subnet Mask — Specifies packet source IP subnet mask. • Bind to VLAN (1–4093) — Specifies VLAN to which the IP Address is assigned. Binding an IP Subnet to a VLAN 1. Open the Bind IP Subnet to VLAN page. 2. Enter the IP Address to bind to the VLAN. 3. Enter the IP Subnet associated with the IP address. 4. Enter the VLAN ID to which the IP address and subnet mask are assigned. 5.
Removing a MAC - IP Subnet Entry 1. Open the Bind IP Subnet to VLAN page. 2. Click Show All. The IP Subnet - VLAN Bind Table displays. 3. Check Remove for each entry to remove. 4. Click Apply Changes. The entry/entries are removed, and the device is updated.
Figure 7-62. Protocol Group The Protocol Group page contains the following fields: • Protocol Group — Displays the name associated with the protocol group ID (up to 16 characters). Create a new group by clicking the Add button. • Protocol — Specifies protocols (in hexadecimal format in the range 0x0600 to 0xffff) associated with this group. Enter up to 16 protocols using comma separated list. • VLAN ID (1–4093) — Specifies VLAN ID associated with this group.
Figure 7-63. Add Protocol Group 3. Enter a new Protocol Group Name and a VLAN ID to associate with this group. 4. Return to the Protocol Group page. 5. Select the Protocol Group that you added, then select the protocol. 6. In the first Interface column, click to highlight the interfaces to be added to the protocol group. (To select multiple interfaces, press (to select contiguous interfaces) or (non-contiguous interfaces) when clicking.) 7. Click the right arrow.
Removing Multiple Protocols From the Protocol Group Table 1. Open the Protocol Group page. 2. Click Show All. The Protocol Group Table displays. Figure 7-64. Protocol Group Table 3. Check Remove for the protocol groups you want to remove. 4. Click Apply Changes. The protocol is removed, and the device is updated.
Figure 7-65. GVRP Global Parameters The GVRP Global Parameters page contains the following fields: • GVRP Global Status — Enables or disables GVRP on the switch. GVRP is disabled by default. • Interface — Specifies the Unit and Port or LAG for which GVRP is enabled. • GVRP State — Enables or disables GVRP on the specified interface. • Dynamic VLAN Creation — Enables or disables VLAN creation through GVRP. • GVRP Registration — Enables or disables GVRP Registration.
Displaying the GVRP Port Parameters Table 1. Open the GVRP Global Parameters page. 2. Click Show All. The GVRP Port Parameters Table displays. Figure 7-66. GVRP Port Parameters Table 3. Use the Unit drop-down menu to view the GVRP Port Parameters Table for other units in the stack, if they exist. Copying GVRP Parameters 1. Open the GVRP Global Parameters page. 2. Click Show All. The GVRP Port Parameters Table displays. 3. Specify the Port or LAG you are copying from in Copy Parameters From. 4.
Modifying GVRP Parameters for Multiple Ports 1. Open the GVRP Global Parameters page. 2. Click Show All. The GVRP Port Parameters Table displays. 3. Click Edit for each Interface/LAG to modify. 4. Edit the GVRP Port Parameter fields as needed. 5. Click Apply Changes. The GVRP Port Parameter settings are modified, and the device is updated.
Figure 7-67. Voice VLAN Configuration The Voice VLAN Configuration page contains the following fields: • Voice VLAN Admin Mode — Select the administrative mode for Voice VLAN for the switch from the drop-down menu. The default is disable. • Port — Select the interface to view or configure. • Voice VLAN Interface Mode —Select the Voice VLAN mode for selected interface. The default is disable. The mode can be one of the following: – Disable — Disable voice VLAN on the port.
Configuring Voice VLAN Settings 1. Open the Voice VLAN Configuration page. 2. Configure the settings for the system or for each port. 3. Click Apply Changes. The system parameters are applied, and the device is updated.
Figure 7-68. LACP Parameters The LACP Parameters page is divided into two sections: Global Parameters and Port Parameters. Following are the fields on this page: Global Parameters • LACP System Priority (1–65535) — Indicates the LACP priority value for global settings. The default value is 1. Port Parameters • Interface— Specifies the unit and port number to which timeout and priority values are assigned. • LACP Port Priority (1–65535) — Specifies LACP priority value for the specified port.
Displaying the LACP Parameters Table 1. Open the LACP Parameters page. 2. Click Show All. The LACP Parameters Table displays. Figure 7-69. LACP Parameters Table 3. Use the Unit drop-down menu to view the LACP Parameters Table for other units in the stack, if they exist. Modifying LACP Parameters for Multiple Ports 1. Open the LACP Parameters page. 2. Click Show All. The LACP Parameters Table displays. 3. Click Edit for each Port to modify. 4. Edit the fields as needed. 5. Click Apply Changes.
To display the LAG Membership page, click Switching > Link Aggregation > LAG Membership in the tree view. Figure 7-70. LAG Membership The LAG Membership page contains a table with the following fields: • LACP — Aggregates a LAG port to LACP membership. For ports with a number in the LAG row, you can click in the LACP row to toggle LACP "on." Each click toggles between L (LACP) and blank (no LACP). • LAG — Adds a port to a LAG, and indicates the specific LAG to which the port belongs.
Adding a LAG Port to an LACP 1. Open the LAG Membership page. 2. Click in the LACP row to toggle the desired LAG port to L. Note: The port must be assigned to a LAG before it can be aggregated to an LACP. 3. Click Apply Changes. The LAG port is aggregated to the LACP, and the device is updated.
– Source MAC, VLAN, EtherType, SourceModule and Port Id – Destination MAC, VLAN, EtherType, SourceModule and Port Id – Source IP and Source TCP/UDP Port (default) – Destination IP and Destination TCP/UDP Port – Source/Destination MAC, VLAN, EtherType, source MODID/port – Source/Destination IP and source/destination TCP/UDP port Configuring the LAG Hash 1. Open the LAG Hash Configuration page. 2. Select the LAG to configure and the hash algorithm to assign to the LAG. 3. Click Apply Changes.
Figure 7-72. LAG Hash Summary The LAG Hash Summary page contains a table with the following fields: • LAGs — Lists the LAG numbers. • Hash Algorithm Type — Shows the type of HASH algorithm for unicast traffic flows that is associated with the LAG.
To display the Multicast Support menu page, click Switching > Multicast Support in the tree view. This Multicast Support page contains links to the following features: • Multicast Global Parameters • Bridge Multicast Group • Bridge Multicast Forward • IGMP Snooping • MRouter Status • MLD Snooping Multicast Global Parameters Use the Multicast Global Parameters page to enable bridge multicast filtering or IGMP Snooping on the switch.
Enabling Bridge Multicast Filtering on the Switch 1. Open the Multicast Global Parameters page. 2. Select Enable in the Bridge Multicast Filtering field. 3. Click Apply Changes. Bridge Multicast is enabled on the switch.
Figure 7-74. Bridge Multicast Group The Bridge Multicast Group page contains the following fields: • VLAN ID — Selects the VLAN to add a multicast group to or to modify ports on an existing multicast group. • Bridge Multicast Address — Identifies the multicast group MAC address/IP address associated with the selected VLAN ID. Use the Add button to associate a new address with a VLAN ID. • Remove — Removes a Bridge Multicast address when checked.
• LAGs — Displays and assigns multicast group membership to LAGs. To assign membership, click in Static for a specific LAG. Each click toggles between S, F, and blank. See the following table for definitions. The following table contains definitions for port/LAG IGMP management settings. Table 7-2. Port/LAG IGMP Management Settings Port Control Definition D Dynamic: Indicates that the port/LAG was dynamically joined to the Multicast group (displays in the Current row).
Figure 7-75. Add Bridge Multicast Group 3. Select the VLAN ID from the drop-down menu. 4. Define the New Bridge Multicast IP or MAC address. 5. In the Bridge Multicast Group tables, assign a setting by clicking in the Static row for a specific port/LAG. Each click toggles between S, F, and blank. (not a member). 6. Click Apply Changes.
Removing a Bridge Multicast Group 1. Open the Bridge Multicast Group page. 2. Select the VLAN ID associated with the bridge multicast group to be removed from the drop-down menu. The Bridge Multicast Address and the assigned ports/LAGs display. 3. Check the Remove check box. 4. Click Apply Changes. The selected bridge multicast group is removed, and the device is updated.
• Forwarding Mode — Specifies the multicast forwarding mode for the selected VLAN. Possible values are: – Forward Unregistered — Permits the forwarding of IPv4 multicast packets with a destination address that does not match any of the groups announced in earlier IGMP Membership Reports. – Forward All — Permits registered and unregistered multicast packets to forward.
To display the IGMP Snooping page, click Switching > Multicast Support > IGMP Snooping in the tree view. Use this page to go to the following features: • General IGMP Snooping • Global Querier Configuration • VLAN Querier • VLAN Querier Status • MFDB IGMP Snooping Table General IGMP Snooping Use the General IGMP snooping page to add IGMP members. To display the General IGMP snooping page, click Switching > Multicast Support > IGMP Snooping > General in the tree view. Figure 7-77.
• Multicast Router Timeout — Specifies time before aging out a Multicast router entry. The default value is 300 seconds. • Leave Timeout — Specifies time, in seconds, after a port leave message is received before the entry is aged out. Enter an amount of time for the timeout period, or click Immediate Leave to specify an immediate timeout. The default timeout is 10 seconds. Enabling IGMP Snooping on an Interface 1. Open the General IGMP snooping page. 2.
Modifying IGMP Snooping Settings for Multiple Ports, LAGs, or VLANs 1. Open the General IGMP snooping page. 2. Click Show All. The IGMP Snooping Table displays. 3. Click Edit for each Port, LAG, or VLAN to modify. 4. Edit the IGMP Snooping fields as needed. 5. Click Apply Changes. The IGMP Snooping settings are modified, and the device is updated. Copying IGMP Snooping Settings to Multiple Ports, LAGs, or VLANs 1. Open the General IGMP snooping page. 2. Click Show All. The IGMP Snooping Table displays. 3.
Figure 7-79. Global Querier Configuration The Global Querier Configuration page contains the following fields: • IP Address— Specifies the Snooping Querier IP Address which will be used as the source address in periodic IGMP queries. This address is used when no address is configured for the VLAN on which the query is being sent. • Snooping Querier Admin Mode — Enables or disables the administrative mode for IGMP Snooping for the switch.
VLAN Querier Use the VLAN Querier page to specify the IGMP Snooping Querier settings for individual VLANs. To display the VLAN Querier page, click Switching > Multicast Support > IGMP Snooping > VLAN Querier in the tree view. Figure 7-80. VLAN Querier The VLAN Querier page contains the following fields: • VLAN ID — Specifies the VLAN for the IGMP Snooping Querier configuration. • VLAN Mode — Enables or disables the IGMP Snooping Querier on the VLAN selected in the VLAN ID field.
Adding a New VLAN and Configuring its VLAN Querier Settings 1. Open the VLAN Querier page. 2. Click Add. The page refreshes, and the Add VLAN page displays. Figure 7-81. Add VLAN Querier 3. Enter the VLAN ID and, if desired, an optional VLAN name. 4. Complete the fields on the page as needed. 5. Click Apply Changes. The VLAN Querier settings are modified, and the device is updated. Displaying the VLAN Querier Summary Table 1. Open the VLAN Querier page. 2. Click Show All.
VLAN Querier Status Use the VLAN Querier Status page to view the IGMP Snooping Querier settings for individual VLANs. To display the VLAN Querier Status page, click Switching > Multicast Support > IGMP Snooping > VLAN Querier Status in the tree view. Figure 7-83. IGMP Snooping VLAN Querier Status The VLAN Querier Status page contains the following fields: • VLAN ID — Identifies the VLAN. • VLAN Mode — Shows whether the IGMP Snooping Querier is enabled or disabled on the VLAN.
– Disabled — The Snooping Querier is not operational on the VLAN. The Snooping Querier transitions to disabled mode when 1) IGMP Snooping is not operational on the VLAN, 2) the querier address is not configured or 3) the network management address is not configured. • Operational Version — Displays the operational IGMP protocol version of the querier. • Last Querier Address — Displays the IP address of the last querier from which a query was snooped on the VLAN.
The MFDB IGMP Snooping Table page contains the following fields: • VLAN — Displays the VLAN ID associated with an IGMP group entry in the MFDB table. • MAC Address — Displays the MAC Address associated with an IGMP group entry in the MFDB table. • Type — Displays the type of the entry. Static entries are those that are configured by the user. Dynamic entries are added to the table as a result of a learning process or protocol. • Description — The text description of this multicast table entry.
MLD Snooping In IPv4, Layer 2 switches can use IGMP snooping to limit the flooding of multicast traffic by dynamically configuring Layer-2 interfaces so that multicast traffic is forwarded to only those interfaces associated with an IP multicast address. In IPv6, MLD snooping performs a similar function. With MLD snooping, IPv6 multicast data is selectively forwarded to a list of ports that want to receive the data instead of being flooded to all ports in a VLAN.
The MLD Snooping General page contains the following fields: • Interface — Specifies the Unit and Port or the LAG on which MLD Snooping should be enabled. • Auto Learn — Enable or Disable the ability of the switch to automatically learn about dynamic MLD ports. • Host Timeout — Specifies time (in seconds) before an MLD snooping entry is aged out. The range is from 2 to 3600 seconds. The default time is 260 seconds.
MLD Snooping Global Querier Configuration Use the MLD Snooping Global Querier Configuration page to configure the parameters for the MLD Snooping Querier. To display the Global Querier Configuration page, click Switching > Multicast Support > MLD Snooping > Global Querier Configuration in the tree view. Figure 7-88.
MLD Snooping VLAN Querier Use the MLD Snooping VLAN Querier page to specify the MLD Snooping Querier settings for individual VLANs. To display the MLD Snooping VLAN Querier page, click Switching > Multicast Support > MLD Snooping > VLAN Querier in the tree view. Figure 7-89. MLD Snooping VLAN Querier The MLD Snooping VLAN Querier page contains the following fields: • VLAN ID — Specifies the VLAN for the MLD Snooping Querier configuration.
Figure 7-90. Add VLAN Querier 3. Enter the VLAN ID and, if desired, an optional VLAN name. 4. Complete the fields on the page as needed. 5. Click Apply Changes. The VLAN Querier settings are modified, and the device is updated. Displaying the MLD Snooping VLAN Querier Summary Table 1. Open the MLD Snooping VLAN Querier page. 2. Click Show All. The VLAN Querier Summary Table displays. Figure 7-91.
MLD Snooping VLAN Querier Status Use the VLAN Querier Status page to view the MLD Snooping Querier settings for individual VLANs. To display the VLAN Querier Status page, click Switching > Multicast Support > MLD Snooping > VLAN Querier Status in the tree view. Figure 7-92. MLD Snooping VLAN Querier Status The MLD Snooping VLAN Querier Status page contains the following fields: • VLAN ID — Identifies the VLAN. • VLAN Mode — Shows whether the MLD Snooping Querier is enabled or disabled on the VLAN.
• Last Querier Address — Displays the IP address of the last querier from which a query was snooped on the VLAN. • Last Querier Version — Displays the MLD protocol version of the last querier from which a query was snooped on the VLAN. • Operational Max Response Time — Displays the maximum response time to be used in the queries that are sent by the Snooping Querier.
• VLAN — Displays the VLAN ID associated with an MLD group entry in the MFDB table. • MAC Address — Displays the MAC Address associated with an MLD group entry in the MFDB table. • Type — Displays the type of entry. Static entries are those that are configured by the user. Dynamic entries are added to the table as a result of a learning process or protocol. • Description — The text description of this multicast table entry.
Figure 7-94. LLDP Configuration The LLDP Configuration page contains the following fields: Global Settings • Transmit Interval (1–32768) — Specifies the interval at which frames are transmitted. The default is 30 seconds. • Hold Multiplier (2–10) — Specifies multiplier on the transmit interval to assign to TTL. Default is 4. • Re-Initialization Delay (1–10) — Specifies delay before a re-initialization. Default is 2 seconds.
Modifying the LLDP Configuration 1. Open the LLDP Configuration page. 2. Define the fields as needed. 3. Click Apply Changes. LLDP parameters are saved to the switch. Displaying the LLDP Interface Settings Table 1. Open the LLDP Configuration page. 2. Click Show All. The LLDP Interface Settings Table displays. Figure 7-95. LLDP Interface Settings Table 3. Use the Unit drop-down menu to view the LLDP Interface Settings Table for other units in the stack, if they exist. Copying LLDP Interface Settings 1.
Modifying LLDP Interface Settings for Multiple Ports 1. Open the LLDP Configuration page. 2. Click Show All. The LLDP Interface Settings Table displays. 3. Click Edit for each Unit/Port to modify. 4. Edit the LLDP Interface fields as needed. 5. Click Apply Changes. The LLDP Interface settings are modified, and the device is updated.
The LLDP Statistics page displays the following statistics: System-wide Statistics • Last Update — Displays the value of system up time the last time a remote data entry was created, modified, or deleted. • Total Inserts — Displays the number of times a complete set of information advertised by a remote switch has been inserted into the table. • Total Deletes — Displays the number of times a complete set of information advertised by a remote switch has been deleted from the table.
LLDP Connections Use the LLDP Connections page to view the list of ports with LLDP enabled. Basic connection details are displayed. To display the LLDP Connections page, click Switching > LLDP > LLDP Connections in the tree view. Figure 7-97. LLDP Connections Table The LLDP Connections page displays the following port details: • Local Interface — Designates a unit and port in the stack. • Chassis ID — Identifies the 802 LAN device's chassis.
Viewing Details about the LLDP Connections 1. Open the LLDP Connections page. 2. Click the interface in the Local Interface field to view details about that device. The LLDP Connections - Detailed page for the device displays. Figure 7-98. Detailed LLDP Connections 3. Use the Back button to return to the LLDP Connections page.
Creating Link Dependencies The link dependency feature provides the ability to enable or disable one or more ports based on the link state of one or more different ports. With link dependency enabled on a port, the link state of that port is dependent on the link state of another port. For example, if port A is dependent on port B and the switch detects a link loss on port B, the switch automatically brings down the link on port A.
Figure 7-99. Link Dependency Summary The Link Dependency Summary page contains the following fields: • Group ID — The ID number of the group. • Member Ports — The list of member ports belonging to the group. • Ports Depended On — The list of ports upon which the group depends. • Remove — A check box for removing the configuration for a group. • Modify — A link for modifying the configuration of a group. Click the Modify link to access the configuration page for the group.
Figure 7-100. Link Dependency Group Configuration 3. To add a port to the Member Ports column, click the port in the Available Ports column, and then click the << button to the left of the Available Ports column. Ctrl + click to select multiple ports. 4. To add a port to the Ports Depended On column, click the port in the Available Ports column, and then click the >> button to the right of the Available Ports column. 5. Click Apply Changes.
Dynamic ARP Inspection Dynamic ARP Inspection (DAI) is a security feature that rejects invalid and malicious ARP packets. DAI prevents a class of man-in-the-middle attacks, where an unfriendly station intercepts traffic for other stations by poisoning the ARP caches of its unsuspecting neighbors. The miscreant sends ARP requests or responses mapping another station’s IP address to its own MAC address. DAI relies on DHCP snooping.
The Dynamic ARP Inspection Global Configuration page contains the following fields: • Validate Source MAC — Select the DAI Source MAC Validation Mode for the switch. If you select Enable, Sender MAC validation for the ARP packets will be enabled. The default is Disable. • Validate Destination MAC—Select the DAI Destination MAC Validation Mode for the switch. If you select Enable, Destination MAC validation for the ARP Response packets will be enabled. The default is Disable.
Figure 7-102. Dynamic ARP Inspection Interface Configuration The Dynamic ARP Inspection Interface Configuration page contains the following fields: • Port— Select the port or LAG for which data is to be displayed or configured. • Trust State — Indicates whether the interface is trusted for Dynamic ARP Inspection. If you select Enable, the interface is trusted. ARP packets coming to this interface will be forwarded without checking. If you select Disable, the interface is not trusted.
DAI VLAN Configuration Use the DAI VLAN Configuration page to select the DAI-capable VLANs for which information is to be displayed or configured. To display the DAI VLAN Configuration page, click Switching > Dynamic ARP Inspection > VLAN Configuration in the navigation tree. Figure 7-103. Dynamic ARP Inspection VLAN Configuration The Dynamic ARP Inspection VLAN Configuration page contains the following fields: 390 • VLAN ID — Select the VLAN ID for which information is to be displayed or configured.
Configuring Dynamic ARP Inspection With CLI Commands For information about the CLI commands that perform this function, refer to the following chapter in the CLI Reference Guide: • Dynamic ARP Inspection Commands DAI ACL Configuration Use the DAI ARP ACL Configuration page to add or remove DAI ARP ACLs. To display the DAI ARP ACL Configuration page, click Switching > Dynamic ARP Inspection > ACL Configuration in the navigation tree. Figure 7-104.
Displaying the DAI ACL Summary Table and Removing an Entry 1. Open the DAI ACL Configuration page. 2. Click Show All. The Dynamic ARP Inspection ACL Summary table displays. Figure 7-105. Dynamic ARP Inspection ACL Summary 3. To remove an ARP ACL from the list, select the Remove option in the appropriate row, and then click Apply Changes.
Figure 7-106. Dynamic ARP Inspection Rule Configuration The Dynamic ARP Inspection Rule Configuration page contains the following fields: • ARP ACL Name — Select the ARP ACL for which information is to be displayed or configured. • Sender IP Address — To create a new rule for the selected ARP ACL, enter in this field the Sender IP Address match value for the ARP ACL.
DAI Statistics Use the DAI Statistics page to display the statistics per VLAN. To display the DAI Statistics page, click Switching > Dynamic ARP Inspection > Statistics in the navigation tree. Figure 7-108. Dynamic ARP Inspection Statistics The Dynamic ARP Inspection Statistics page contains the following fields: 394 • VLAN ID — Select the DAI-enabled VLAN ID for which to display statistics.
• Dropped — The number of not valid ARP packets dropped by DAI.
• DHCP Snooping Persistent Configuration • DHCP Snooping Static Bindings Configuration • DHCP Snooping Dynamic Bindings Summary • DHCP Snooping Statistics • IP Source Guard DHCP Snooping Configuration Use the DHCP Snooping Configuration page to control the DHCP Snooping mode on the switch and to specify whether the sender MAC Address for DHCP Snooping must be validated. To access the DHCP Snooping Configuration page, click Switching > DHCP Snooping > Global Configuration in the navigation tree.
DHCP Snooping Interface Configuration Use the DHCP Snooping Interface Configuration page to configure the DHCP Snooping settings on individual interfaces. The hardware rate limits DHCP packets sent to the CPU from untrusted interfaces to 64 Kbps. There is no hardware rate limiting on trusted interfaces. To prevent DHCP packets from being used as a DoS attack when DHCP snooping is enabled, the snooping application enforces a rate limit for DHCP packets received on untrusted interfaces.
The DHCP Snooping Interface Configuration page contains the following fields: • Port — Select the interface for which data is to be displayed or configured. • Trust State — If it is enabled, the DHCP snooping application considers the port as trusted. The default is Disable. • Logging Invalid Packets — If it is enabled, the DHCP snooping application logs invalid packets on this interface. The default is Disable. • Rate Limit — Specifies the rate limit value for DHCP snooping purposes.
DHCP Snooping VLAN Configuration The DHCP snooping application does not forward server messages because they are forwarded in hardware. DHCP snooping forwards valid DHCP client messages received on non-routing VLANs. The message is forwarded on all trusted interfaces in the VLAN. DHCP snooping can be configured on switching VLANs and routing VLANs. When a DHCP packet is received on a routing VLAN, the DHCP snooping application applies its filtering rules and updates the bindings database.
Figure 7-113. DHCP Snooping VLAN Summary Configuring DHCP Snooping With CLI Commands For information about the CLI commands that perform this function, refer to the following chapter in the CLI Reference Guide: • DHCP Snooping Commands DHCP Snooping Persistent Configuration Use the DHCP Snooping Persistent Configuration page to configure the persistent location of the DHCP snooping database. This location can be local or remote on a given IP machine.
– Local — Select the Local check box to store the DHCP binding database in the flash memory on the switch. – Remote — Check the Remote check box to store the DHCP binding database on a remote server. • Remote IP Address — Enter the Remote IP address on which the snooping database will be stored when the Remote check box is selected. • Remote File Name — Enter the Remote filename to store the database when the Remote check box is selected.
If the absolute lease time of the snooping database entry expires, then that entry will be removed. You should take care of the system time to be consistent across the reboots. Otherwise, the snooping entries will not expire properly. If a host sends a DHCP release while the switch is rebooting then, when the switch receives the DHCP discovery or request, the client’s binding will go to the tentative binding as shown in the following figure. Figure 7-115.
• MAC Address — Specify the MAC address for the binding to be added. This is the Key to the binding database. • VLAN ID — Select the VLAN from the list for the binding rule. The range of the VLAN ID is 1 to 4093. • IP Address — Specify a valid IP address for the binding rule. Displaying the DHCP Snooping Static Bindings Summary Table 1. Open the DHCP Snooping Static Bindings Configuration page. 2. Click Show All. The DHCP Snooping Static Bindings Summary table displays. Figure 7-117.
Figure 7-118. DHCP Snooping Dynamic Bindings Summary The DHCP Snooping Dynamic Bindings Summary page contains the following fields: • Interface — Displays the interface. • MAC Address — Displays the MAC address. • VLAN ID — Displays the VLAN ID. • IP Address — Displays the IP address. • Lease Time — Displays the remaining Lease time for the dynamic entries. • Remove — Select to remove the particular binding entry.
DHCP Snooping Statistics The DHCP Snooping Statistics page displays DHCP snooping interface statistics. To access the DHCP Snooping Statistics page, click Switching > DHCP Snooping > Statistics in the navigation tree. Figure 7-119. DHCP Snooping Statistics The DHCP Snooping Statistics page contains the following fields: • Interface — Select the untrusted and snooping-enabled interface for which statistics are to be displayed.
IP Source Guard IP source guard (IPSG) is a security feature that filters IP packets based on source ID. The source ID may either be source IP address or a {source IP address, source MAC address} pair. IPSG is disabled by default. NOTE: The PowerConnect 6220 does not support IPSG.
IPSG Binding Configuration Use the IPSG Binding Configuration page displays DHCP snooping interface statistics. To access the DHCP Snooping Statistics page, click Switching > DHCP Snooping > IP Source Guard > IPSG Binding Configuration in the navigation tree. Figure 7-121. IPSG Binding Configuration The IPSG Binding Configuration page contains the following fields: • Interface — Select the interface on which IPSG binding is to be configured. • VLAN ID — Specifies VLAN ID.
IPSG Binding Configuration Summary The IPSG Binding Configuration Summary page displays the IPSG Static binding list and IPSG dynamic binding list (the static bindings configured in Binding configuration page). To access the IPSG Binding Configuration Summary page, click Switching > DHCP Snooping > IP Source Guard > IPSG Binding Configuration Summary in the navigation tree. Figure 7-122.
Before it relays DHCP requests from clients, the switch can add a Circuit ID and a Remote ID. These provide information about the circuit and port number connected to the client. This information is added as suboptions in the DHCP Option 82 packets (see sections 3.1 and 3.2 of RFC3046). The switch removes this option from packets that it relays from L3 Relay agents/DHCP servers to clients.
DHCP Relay Interface Configuration Use this page to enable L2 DHCP relay on individual ports. NOTE: L2 DHCP relay must also be enabled globally on the switch. To access this page, click Switching > DHCP Relay > Interface Configuration in the tree view. Figure 7-124. DHCP Relay Interface Configuration The DHCP Relay Interface Configuration page contains the following fields: • Interface — Select the slot/port to configure this feature on.
Figure 7-125. DHCP Relay Interface Summary Configuring DHCP Relay With CLI Commands For information about the CLI commands that perform this function, refer to the following chapter in the CLI Reference Guide: • L2 DHCP Relay Agent Commands DHCP Relay Interface Statistics Use this page to display statistics on DHCP Relay requests received on a selected port. To access this page, click Switching > DHCP Relay > Interface Statistics in the tree view. Figure 7-126.
The DHCP Relay Interface Statistics page contains the following fields: • Interface — Select the slot/port to configure this feature on. • Untrusted Server Msgs With Option-82 — If the selected interface is configured in untrusted mode, this field shows the number of messages received on the interface from a DHCP server that contained Option 82 data.These messages are dropped.
DHCP Relay VLAN Configuration You can enable L2 DHCP relay on a particular VLAN. The VLAN is identified by a service VLAN ID (SVID), which a service provider uses to identify a customer’s traffic while traversing the provider network to multiple remote sites. The switch uses the VLAN membership of the switch port client (the customer VLAN ID, or C-VID) to perform a lookup a corresponding S-VID. If the S-VID is enabled for DHCP Relay, then the packet can be forwarded.
• DHCP Relay Remote-Id — When a string is entered here, if a client sends a DHCP request to the switch and the client is in a VLAN that corresponds to the selected S-VID, then the switch adds the string to the Remote-ID sub-option of Option 82 in the DHCP request packet. The range is 0-128 alphanumeric characters. The default is NULL string. This sub-option can be used by the server for parameter assignment. The content of this option is vendor-specific. Displaying the DHCP Relay VLAN Summary Table 1.
Port Configuration Summary Use the Port Configuration Summary page to view information about the port members and LACP modes for the aggregator groups. From the Port Configuration Summary page, you can access the Port Configuration page. To display the Port Configuration Summary page, click Switching > Port Aggregator > Port Configuration Summary in the tree view. Figure 7-129.
Configuring Port Aggregator Groups You can assign each port to an aggregator group from the Port Configuration page, which is accessible from the Port Configuration Summary page. By default, all ports are in aggregator group 1. 1. Open the Port Configuration Summary page. 2. Click any Modify link to access the Port Configuration page. The Port Configuration page displays. Figure 7-130. Port Aggregator Group Port Configuration 3. If the system supports stacking, select the stack member to configure. 4.
Removing Ports from an Aggregator Group 1. Open the Port Configuration Summary page. 2. Select the Remove option for the group with the ports to remove. 3. Click Apply Changes. All ports assigned to the Port Aggregator group are removed from the group and are not assigned to any group. Note: To delete a single port from a group, click Modify to access the Port Configuration page, delete the group ID from the port’s Group ID field, and then click Apply Changes.
The Group Configuration Summary page contains the following fields: 418 • Group ID — Identifies the aggregator group. • VLAN — Select the VLAN or VLANs that will have the Aggregator Group as a member. An Aggregator Group can be a member of multiple VLANs, but each VLAN can only belong to one Aggregator Group. By default, a VLAN is reserved for each group, starting with VLAN 4022 for group 1.
• Duplex — Identifies the group duplex mode, which is either Full or Half. – Full — Indicates that the group supports transmission between the switch and the client in both directions simultaneously. – Half — Indicates that the group supports transmission between the switch and the client in only one direction at a time. Configuring a Port Aggregator Group 1. Open the Group Configuration Summary page. 2. For the group to configure, click the Modify link at the end of the row.
Group VLAN MAC Summary Use the Group VLAN MAC Summary page to view the MAC address table entries for one Port Aggregator group or all groups. To display the Group VLAN MAC Summary page, click Switching > Port Aggregator > Group VLAN MAC Summary in the tree view. Figure 7-133. Group VLAN MAC Summary The Group VLAN MAC Summary page contains the following fields: • Group ID — Select the Port Aggregator group with the information to view. To view information for all groups, select All.
8 Viewing Statistics and Remote Monitoring Overview This section explains the RMON options available from the Statistics/RMON menu page. These options include viewing statistics in table form, editing and viewing RMON statistics, and charting Port and LAG statistics. The Statistics/RMON menu page provides access to these options through the following menu pages: • Table Views • RMON • Charts Note: CLI commands are not available for all the Statistics/RMON pages.
Table Views The Table Views menu page contains links to web pages that display statistics in table form. To display this page, click Statistics/RMON > Table Views in the tree view. Following are the web pages accessible from this menu page: • Interface Statistics • Etherlike Statistics • GVRP Statistics • EAP Statistics • Utilization Summary • Counter Summary Interface Statistics Use the Interface Statistics page to display statistics for both received and transmitted packets.
The Interface Statistics page contains the following fields: • Interface — Select physical interface (unit, port) or LAG interface for which statistics is displayed. • Refresh Rate — Specifies amount of time that passes before statistics are refreshed. The possible field values are No Refresh, 15, 30 and 60 seconds. Default is No Refresh. Received Statistics • Total Bytes (Octets) — Displays the total number of octets received on the selected interface.
Etherlike Statistics Use the Etherlike Statistics page to display interface statistics. To display the page, click Statistics/RMON > Table Views > Etherlike Statistics in the tree view. Figure 8-2. Etherlike Statistics The Etherlike Statistics page contains the following fields: 424 • Interface — Select physical interface (unit, port) or LAG interface for which statistics is displayed. • Refresh Rate — Specifies amount of time that passes before statistics are refreshed.
• Internal MAC Receive Errors — Displays number of internal MAC received errors on the selected interface. • Received Pause Frames — Displays number of received paused frames on the selected interface. Transmitted Pause Frames — Displays number of transmitted paused frames on the selected interface. Displaying Etherlike Statistics for an Interface 1. Open the Etherlike Statistics page. 2. Specify an interface. Statistics for the specified interface display.
The GVRP Statistics page contains the following fields: • Interface — Select physical interface (unit, port) or LAG interface for which statistics will be displayed. • Refresh Rate — Specifies amount of time that passes before statistics are refreshed. The possible field values are No Refresh, 15, 30, and 60 seconds. Default is No Refresh. GVRP Statistics Table Attribute (Counters) - Received and Transmitted • Join Empty — Displays switch GVRP Join Empty statistics.
EAP Statistics Use the EAP Statistics page to display information about EAP packets received on a specific port. For more information about EAP, see "Dot1x Authentication." To display the EAP Statistics page, click Statistics/RMON > Table Views > EAP Statistics in the tree view. Figure 8-4. EAP Statistics The EAP Statistics page contains the following fields: • Interface — Specifies the interface which is polled for statistics.
• Respond Frames Received — Displays the number of valid EAP Respond frames received on the port. • Request ID Frames Received — Displays the number of EAP Request ID frames that have been received on the port. • Request Frames Transmitted — Displays the number of EAP Request frames transmitted through the port. • Request ID Frames Transmitted — Displays the number of EAP Requested ID frames transmitted through the port.
Utilization Summary Use the Utilization Summary page to display interface utilization statistics. To display the page, click Statistics/RMON > Table Views > Utilization Summary in the tree view. Figure 8-5. Utilization Summary The Utilization Summary page contains the following fields: • Unit — Specifies the unit for which statistics are displayed. • Refresh Rate — Specifies amount of time that passes before statistics are refreshed. The possible field values are No Refresh, 15, 30, and 60 seconds.
Viewing Interface Utilization Statistics Using the CLI Command For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • RMON Commands Counter Summary Use the Counter Summary page to display interface utilization statistics in numeric sums as opposed to percentages. To display the page, click Statistics/RMON > Table Views > Counter Summary in the tree view. Figure 8-6.
• Received Errors— Displays number of received errors on the interface. • Transmit Errors — Displays number of transmitted errors from the interface. Setting Refresh Rate 1. Open the Counter Summary page. 2. Select the Refresh Rate from the drop-down menu. Statistics refresh for the displayed interfaces at the selected frequency.
RMON Statistics Use the RMON Statistics page to display details about switch use such as packet processing statistics and errors that have occurred on the switch. To display the page, click Statistics/RMON > RMON > Statistics in the tree view. Figure 8-7. RMON Statistics The RMON Statistics page contains the following fields: 432 • Interface — Specifies whether statistics are shown for a Unit or a LAG as well as which Unit/LAG is displayed.
• Multicast Packets Received — Displays number of good multicast packets received on the interface since the switch was last refreshed. • CRC & Align Errors — Displays number of CRC and Align errors that have occurred on the interface since the switch was last refreshed. • Undersize Packets — Displays number of undersized packets (less than 64 octets) received on the interface since the switch was last refreshed.
RMON History Control Statistics Use the RMON History Control page to maintain a history of statistics on each port. For each interface (either a physical port or a port-channel), you can define how many buckets exist, and the time interval between each bucket snapshot. To display the page, click Statistics/RMON > RMON > History Control in the tree view. Figure 8-8.
Adding a History Control Entry 1. Open the RMON History Control page. 2. Click Add. The Add History Entry page displays. Figure 8-9. Add History Entry 3. Complete the fields on this page and click Apply Changes. The entry is added to the RMON History Control Table. Displaying the RMON History Control Table 1. Open the RMON History Control page. 2. Click Show All. The RMON History Control Table displays. Figure 8-10. RMON History Control Table Removing a History Control Table Entry 1.
Viewing RMON History Control Using the CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • RMON Commands RMON History Table Use the RMON History Table page to display interface-specific statistical network samplings. Each table entry represents all counter values compiled during a single sample. To display the RMON History Table page, click Statistics/RMON > RMON > History Table in the tree view. Figure 8-11.
• Drop Events — Displays the total number of events in which packets were dropped by the port due to lack of resources. Note that this number is not necessarily the number of packets dropped; it is just the number of times this condition has been detected. • Received Bytes (Octets)— Displays the total number of octets of data (including those in bad packets) received on the network (excluding framing bits but including Frame Check Sequence (FCS) octets).
Viewing RMON History Control Using the CLI Command For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • RMON Commands RMON Event Control Use the RMON Events Control page to define RMON events. Events are used by RMON alarms to force some action when a threshold is crossed for a particular RMON counter. The event information can be stored in a log and/or sent as a trap to a trap receiver.
The RMON Event Control page contains the following fields: • Event Entry — Selects the event. • Community — Specifies the community to which the event belongs. • Description — Describes the user-defined event. • Event Type — Selects the event type. Possible values are: – Log — Event type is a log entry. – Trap — Event type is a trap. – Log and Trap — Event type is both a log entry and a trap. – None — There is no event. • Time — Displays the time when the event occurred.
Modifying an RMON Event 1. Open the RMON Event Control page. 2. Click Show All to display the Event Control Table page. 3. Select the Edit check box in for the event entry to change. 4. Modify the fields on the page as needed. 5. Click Apply Changes. The RMON Events Table entry is modified, and the device is updated. Displaying the RMON Event Control Table 1. Open the RMON Event Control page. 2. Click Show All. The Event Control Table displays. Figure 8-14.
RMON Event Log Use the RMON Event Log page to display a list of RMON events. To display the page, click Statistics/RMON > RMON > Events Log in the tree view. Figure 8-15. RMON Event Log The RMON Event Log page contains the following fields: • Event — Displays the RMON Events Log entry number. • Log No. — Displays the log number. • Log Time — Displays the time when the log entry was entered. • Description — Describes the log entry.
RMON Alarms Use the RMON Alarms page to set network alarms. Alarms occur when certain thresholds are crossed for the configured RMON counters. The alarm triggers an event to occur. The events can be configured as part of the RMON Events group. For more information about events, see "RMON Event Log." To display the page, click Statistics/RMON > RMON > Alarms in the tree view. Figure 8-16.
• Rising Threshold (0–2147483647) — Displays the rising counter value that triggers the rising threshold alarm. The rising threshold is presented on top of the graph bars. Each monitored variable is designated a color. The default is 100. • Rising Event — Displays the mechanism in which the alarms are reported, including a log, a trap, or both. When a log is selected, there is no saving mechanism either in the switch or in the management system.
Figure 8-17. Add an Alarm Entry 3. Complete the fields on this page as needed. 4. Click Apply Changes. The RMON alarm is added, and the device is updated. Displaying the Alarm Table 1. Open the RMON Alarms page. 2. Click Show All. The left side of the RMON Alarms Table displays. Figure 8-18. RMON Alarms Table 3. Click the right arrow at the bottom of the screen to view the right side of the table.
Removing One Alarm Table Entry 1. Open the RMON Alarms page. 2. Select an entry in the Alarm Entry drop-down menu. 3. Check the Remove check box and click Apply Changes. The entry is removed, and the device is updated. Removing Multiple Alarm Table Entries 1. Open the RMON Alarms page. 2. Click Show All. The RMON Alarms Table displays. 3. Check Remove for each Alarm Entry to remove. 4. Click Apply Changes. The entries are removed, and the device is updated.
Charts The Chart menu page contains links to web pages that allow you to chart statistics on a graph. To display the Charts menu page, click Statistics/RMON > Charts in the tree view. The Charts menu page contains links to the following features: • Ports Statistics • LAG Statistics Ports Statistics Use the Ports Statistics page to chart port-related statistics on a graph. To display the page, click Statistics/RMON > Charts > Ports in the tree view. Figure 8-19.
The Ports Statistics page contains the following fields: • Unit No. — Selects the port to be displayed. • Interface Statistics — Selects Interface Statistics when clicked, and specifies the type of interface statistics to graph from the drop-down menu. The default is Received Rate (MFrame Bits/sec). • Etherlike Statistics — Selects Etherlike Statistics when clicked, and specifies the type of etherlike statistics to graph from the drop-down menu. The default is Frame Check Sequence (FCS) Errors.
LAG Statistics Use the LAG Statistics page to chart LAG-related statistics on a graph. To display the page, click Statistics/RMON > Charts > LAGs in the tree view. Figure 8-20. LAG Statistics The LAG Statistics page contains the following fields: 448 • Interface Statistics — Selects Interface Statistics when clicked, and specifies the type of interface statistics to graph from the drop-down menu. The default is Received Rate.
Displaying LAG Statistics 1. Open the LAG Statistics page. 2. Click the radio button associated with the statistics to chart. 3. Select the type of statistics from the related drop-down menu. 4. Select the desired refresh rate from the Refresh Rate drop-down menu. 5. Click Draw. The selected statistics are charted on the graph.
450 Viewing Statistics and Remote Monitoring
9 Configuring Routing Overview The PowerConnect M6220/M6348/M8024 supports the IP routing feature. Use the Routing menu page to configure routing on VLANs. When a packet enters the switch, the destination MAC address is checked to see if it matches any of the configured routing interfaces. If it does, then the device searches the host table for a matching destination IP address. If an entry is found, then the packet is routed to the host.
ARP The PowerConnect M6220/M6348/M8024 uses the ARP protocol to associate a layer 2 MAC address with a layer 3 IPv4 address. Additionally, the administrator can statically add entries into the ARP table. ARP is a necessary part of the internet protocol (IP) and is used to translate an IP address to a media (MAC) address, defined by a local area network (LAN) such as Ethernet.
ARP Create Use the ARP Create page to add an entry to the Address Resolution Protocol table. To display the page, click Routing > ARP > ARP Create in the tree view. Figure 9-1. ARP Create The ARP Create page contains the following fields: • IP Address — Enter the IP address you want to add. It must be the IP address of a device on a subnet attached to one of the switch's existing routing interfaces. • MAC Address — The unicast MAC address of the device.
Adding Entries to the ARP Table using the CLI Command For information about the CLI command that performs this function, see the following chapter in the CLI Reference Guide: • ARP Commands ARP Table Configuration Use this page to change the configuration parameters for the Address Resolution Protocol Table. You can also use this screen to display the contents of the table. To display the page, click Routing > ARP > ARP Table Configuration in the tree view. Figure 9-2.
The ARP Table Configuration page contains the following fields: • Age Time (secs) — Enter the value you want the switch to use for the ARP entry ageout time. You must enter a valid integer, which represents the number of seconds it takes for an ARP entry to age out. The range for this field is 15 to 21600 seconds. The default value for Age Time is 1200 seconds. • Response Time (secs) — Enter the value you want the switch to use for the ARP response timeout.
Configuring ARP Table 1. Open the ARP Table Configuration page. 2. Change parameters as needed. 3. Click Apply Changes. Changes are saved, and the ARP table is updated. Configuring ARP Table with CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • ARP Commands IP The IP menu page contains links to web pages that configure and display IP routing data. To display this page, click Routing > IP in the tree view.
The IP Configuration page contains the following fields: • Default Time to Live — The default value inserted into the Time-To-Live field of the IP header of datagrams originated by the switch, if a TTL value is not supplied by the transport layer protocol. • Routing Mode — Select Enable or Disable from the drop-down menu. You must enable routing for the switch before you can route through any of the interfaces. Routing is also enabled or disabled per VLAN interface. The default value is Disable.
IP Statistics The statistics reported on the IP Statistics page are as specified in RFC 1213. To display the page, click Routing > IP > Statistics in the tree view. Figure 9-4. IP Statistics The IP Statistics page contains the following fields: 458 • IpInReceives — The total number of input datagrams received from interfaces, including those received in error.
• IpForwDatagrams — The number of input datagrams for which this entity was not their final IP destination, as a result of which an attempt was made to find a route to forward them to that final destination. In entities which do not act as IP Gateways, this counter includes only those packets which were Source-Routed through this entity, and the Source-Route option processing was successful.
460 • IcmpInMsgs — The total number of ICMP messages which the entity received. Note that this counter includes all those counted by icmpInErrors. • IcmpInErrors — The number of ICMP messages which the entity received but determined as having ICMP-specific errors (bad ICMP checksums, bad length, etc.). • IcmpInDestUnreachs — The number of ICMP Destination Unreachable messages received. • IcmpInTimeExcds — The number of ICMP Time Exceeded messages received.
Refreshing IP Statistics 1. Open the IP Statistics page. 2. Click Refresh. The screen displays with the present state of the data in the switch. Displaying IP Statistics using the CLI Command For information about the CLI command that performs this function, see the following chapter in the CLI Reference Guide: • IP Routing Commands IP Interface Configuration Use the IP Interface Configuration page to update IP interface data for this switch.
The IP Interface Configuration page contains the following fields: 462 • Interface — Select the interface to configure from the drop-down menu. The drop-down menu contains loopback interfaces and VLANs created from the Switching→VLAN→VLAN Membership→Add page. • IP Address — Enter the IP address for the interface. • Subnet Mask — Enter the subnet mask for the interface.
Modifying an IP Interface 1. Open the IP Interface Configuration page. 2. Change values as needed. 3. Click Apply Changes. Changes are saved, and the IP Interface is updated. IP Interface Configuration CLI Commands For information about the CLI commands that perform this function, see the following chapters in the CLI Reference Guide: • IP Addressing Commands • IP Routing Commands • ARP Commands OSPF The Open Shortest Path First (OSPF) routing protocol is an Interior Gateway Protocol (IGP).
• Link State Database • Virtual Link Configuration • Virtual Link Summary • Route Redistribution Configuration • Route Redistribution Summary OSPF Configuration Use the OSPF Configuration page to enable OSPF on a router and to configure the related OSPF settings. To display the page, click Routing > OSPF > Configuration in the tree view. Figure 9-6.
The OSPF Configuration page contains the following fields: • Router ID — The 32-bit integer in dotted decimal format that uniquely identifies the router within the autonomous system (AS). If you want to change the Router ID you must first disable OSPF. After you set the new Router ID, you must re-enable OSPF to have the change take effect. The default value is 0.0.0.0, although this is not a valid Router ID. • OSPF Admin Mode — Select Enable or Disable from the drop-down menu.
466 • External LSA Checksum — The sum of the LS checksums of the external LSAs (link state advertisements) contained in the link-state database. This sum can be used to determine if there has been a change in a router's link state database, and to compare the link-state databases of two routers. This value is in hexadecimal. • AS_OPAQUE LSA Count — Shows the number of opaque LSAs with domain wide flooding scope.
Default Route Advertise • Default Information Originate — Enable or Disable Default Route Advertise. • Always — Sets the router advertise 0.0.0.0/0.0.0.0 when set to True. • Metric — Specifies the metric of the default route. The valid values are 1 to 16777214. Enter 0 to unconfigure. • Metric Type — Sets the metric type of the default route. Options are External Type 1 and External Type 2. External Type 2 is the default. Modifying an OSPF Configuration 1. Open the OSPF Configuration page. 2.
Figure 9-7. OSPF Area Configuration The OSPF Area Configuration page displays the following fields: 468 • Area — Select the area to be displayed from the drop-down menu. When an area is selected, fields in the Stub Area Information are displayed. • Area ID — The OSPF area. An Area ID is a 32-bit integer in dotted decimal format that uniquely identifies the area to which a router interface connects.
• Area LSA Checksum — The 32-bit unsigned sum of the link-state advertisements' LS checksums contained in this area's link-state database. This sum excludes external (LS type 5) link-state advertisements. The sum can be used to determine if there has been a change in a router's link state database, and to compare the link-state database of two routers. This value is in hexadecimal. Stub Area Information: • Import Summary LSAs — Select Enable or Disable from the drop-down menu.
Displaying an OSPF Area Configuration 1. Open the OSPF Area Configuration page. 2. Select the OSPF area to display from the drop-down menu. The OSPF area configuration is displayed for this area. Deleting an OSPF Area Configuration Use these steps to delete NSSA configuration or Stub area configuration. 1. Open the OSPF Area Configuration page. 2. Select the OSPF area configuration to delete from the drop-down menu. The configuration displays. 3. Click Delete. The OSPF area configuration is removed.
The OSPF Stub Area Summary page displays the following fields: • Area ID — The Area ID of the stub area. • Type of Service — The type of service associated with the stub metric. The switch supports Normal only. • Metric Value — The metric value for the default route advertised into the area. • Import Summary LSAs — Whether the import of Summary LASs is enabled or disabled.
The OSPF Area Range Configuration page contains the following fields: • Area ID — Select the area for which data is to be configured from the drop-down menu. • IP Address — Enter the IP Address for the address range for the selected area. • Subnet Mask — Enter the Subnet Mask for the address range for the selected area. • LSDB Type — Select the type of Link Advertisement associated with the specified area and address range. The default type is 'Network Summary.
Interface Statistics Use the OSPF Interface Statistics page to display statistics for the selected interface. The information is displayed only if OSPF is enabled. To display the page, click Routing > OSPF > Interface Statistics in the tree view. Figure 9-10. OSPF Interface Statistics The OSPF Interface Statistics page contains the following fields: • Interface — Select the interface for which data is to be displayed from the drop-down menu.
474 • Neighbor Events — The number of times this neighbor relationship has changed state, or an error has occurred. • External LSA Count — The number of external (LS type 5) link-state advertisements in the link-state database. • Sent Packets — The number of OSPF packets transmitted on the interface. • Received Packets — The number of valid OSPF packets received on the interface.
• DD Packets Received — The number of Database Description packets received on this interface by this router. • LS Requests Sent — The number of LS Requests sent on this interface by this router. • LS Requests Received — The number of LS Requests received on this interface by this router. • LS Updates Sent — The number of LS updates sent on this interface by this router. • LS Updates Received — The number of LS updates received on this interface by this router.
Figure 9-11. OSPF Interface Configuration The OSPF Interface Configuration page contains the following fields: • Interface — Select the interface for which data is to be displayed or configured from the drop-down menu. • IP Address — Displays the address of the VLAN Interface. • Subnet Mask — Displays the subnet mask of the VLAN Interface. • OSPF Admin Mode — You may select Enable or Disable from the drop-down menu. The default value is Disable.
• Advertise Secondaries — Select Enable or Disable from the drop-down menu to indicate the advertiseability of all secondary addresses. By default all the secondary addresses would be advertised on an interface enabled for OSPF. • Router Priority — Enter the OSPF priority for the selected interface. The priority of an interface is specified as an integer from 0 to 255. The default is 1, which is the highest router priority.
• 478 Authentication Type — You may select an authentication type other than None by clicking on the Modify button. You then see a new web page, where you can select the authentication type from the drop-down menu. Possible values are: – None — This is the initial interface state. If you select this option from the drop-down menu on the second screen and click Apply Changes, you are returned to the first screen, and no authentication protocols are run.
– Backup Designated Router — This router is the Backup Designated Router on the attached network. It is promoted to Designated Router if the present Designated Router fails. The router establishes adjacencies to all other routers attached to the network. The Backup Designated Router performs slightly different functions during the Flooding Procedure, as compared to the Designated Router.
Configuring an OSPF Interface using CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • OSPF Commands Neighbor Table Use the OSPF Neighbor Table page to display the OSPF neighbor table list. When a particular neighbor ID is specified, detailed information about a neighbor is given. The information below is only displayed if OSPF is enabled. To display the page, click Routing > OSPF > Neighbor Table in the tree view.
The OSPF Neighbor Table page displays the following fields: • Interface — Select the interface for which data is to be displayed from a drop-down menu. • Router ID — A 32-bit integer in dotted decimal format representing the neighbor interface. • IP Address — The IP address of the neighboring router's interface to the attached network. It is used as the destination IP address when protocol packets are sent as unicasts along this adjacency.
Figure 9-13. OSPF Neighbor Configuration The OSPF Neighbor Configuration page contains the following fields: • Interface — Select the VLAN interface on which routing is enabled from the drop-down menu. • Neighbor IP Address — Select the IP Address of the neighbor for which data is to be displayed. • Router ID — A 32-bit integer in dotted decimal format that identifies the neighbor router. • Options — The optional OSPF capabilities supported by the neighbor.
– Attempt — This state is only valid for neighbors attached to NBMA networks. It indicates that no recent information has been received from the neighbor, but that an effort should be made to contact the neighbor (sending the neighbor Hello packets at intervals of Hello Interval). – Init — In this state, a Hello packet has recently been seen from the neighbor. However, bidirectional communication has not yet been established with the neighbor (i.e.
Link State Database Use the OSPF Link State Database page to display OSPF link state, external LSDB table, and AS opaque LSDB table information. To display the page, click Routing > OSPF > Link State Database in the tree view. Figure 9-14. OSPF Link State Database The OSPF Link State Database page displays the following fields: 484 • Router ID — The 32-bit integer in dotted decimal format that uniquely identifies the router within the autonomous system (AS).
• LS ID — The Link State ID identifies the piece of the routing domain that is being described by the advertisement. The value of the LS ID depends on the advertisement's LS type. • Age — The time since the link state advertisement was first originated, in seconds. • Sequence — The sequence number field is a signed 32-bit integer. It is used to detect old and duplicate link state advertisements. The larger the sequence number, the more recent the advertisement.
Figure 9-15. OSPF Virtual Link Configuration - Create The OSPF Virtual Link Configuration pages contain the following fields: • 486 Virtual Link (Area ID - Neighbor Router ID) — Select the virtual link for which you want to display or configure data. It consists of the Area ID and Neighbor Router ID. To create a new virtual link, select Create New Virtual Link from the drop-down menu to define a new virtual link.
• Interface Delay Interval (secs) — The OSPF Transit Delay for the virtual link in units of seconds. It specifies the estimated number of seconds it takes to transmit a link state update packet over this interface. • State — The current state of the selected Virtual Link. One of: – Down — This is the initial interface state. In this state, the lower-level protocols have indicated that the interface is unusable. In this state, interface parameters are set to their initial values.
– Simple — If you select Simple you are prompted to enter an authentication key. This key is included, in the clear, in the OSPF header of all packets sent on the network. All routers on the network must be configured with the same key. – Encrypt — If you select Encrypt you are prompted to enter both an authentication key and an authentication ID. Encryption uses the MD5 Message-Digest algorithm. All routers on the network must be configured with the same key and ID.
Figure 9-16. OSPF Virtual Link Configuration 5. Click Configure Authentication to modify authentication.
Figure 9-17. OSPF Virtual Link Authentication Configuration 6. Select values for Authentication Type and Authentication Key. 7. Click Apply Changes when finished. Configuring Virtual Link Data 1. Open the OSPF Virtual Link Configuration page. 2. Specify the area ID and neighbor router ID to configure. 3. Enter data into the fields as needed. 4. Click Configure Authentication to modify authentication. 5. Click Apply Changes when finished.
Displaying Virtual Link Data 1. Open the OSPF Virtual Link Configuration page. 2. Specify the area ID and neighbor router ID to display. The virtual link data for these IDs displays. Removing a Virtual Link 1. Open the OSPF Virtual Link Configuration page. 2. Specify the Area ID and Neighbor Router ID associated with the virtual link to be removed. The related virtual link data displays. 3. Click Delete. The virtual link is removed, and the device is updated.
Figure 9-18. OSPF Virtual Link Summary The OSPF Virtual Link Summary page contains the following fields: 492 • Area ID — The Area ID portion of the virtual link identification for which data is to be displayed. The Area ID and Neighbor Router ID together define a virtual link. • Neighbor Router ID — The neighbor portion of the virtual link identification. Virtual links may be configured between any pair of area border routers with interfaces to a common (non-backbone) area.
Displaying the Virtual Link Summary using the CLI Command For information about the CLI command that performs this function, see the following chapter in the CLI Reference Guide: • OSPF Commands Route Redistribution Configuration Use the OSPF Route Redistribution Configuration page to configure redistribution in OSPF for routes learned through various protocols. You can choose to redistribute routes learned from all available protocols or from selected ones.
The OSPF Route Redistribution Configuration page contains the following fields: • Source — A protocol configured for OSPF to redistribute the routes learned through this protocol. Only source routes that have been configured for redistribution by OSPF are available. Possible values are Static, Connected, and RIP. • Metric — Sets the metric value for redistributed routes. This field displays a metric value if the source was preconfigured. The valid values are 0 to 16777214.
Creating an OSPF Route Redistribution Source When no redistributions are configured, the system displays only Create in the Configured Source field and possible sources in the Available Source fields. When you select an Available Source, enter configuration data, and click Apply Changes, the item displays in the Configure Source drop-down list and is removed from the Available Source drop-down list. 1. Open the OSPF Route Redistribution Configuration page. 2. Specify Create in the Configured Source field.
Route Redistribution Summary Use the OSPF Route Redistribution Summary page to display OSPF Route Redistribution configurations. To display the page, click Routing > OSPF > Route Redistribution Summary in the tree view. Figure 9-20. OSPF Route Redistribution Summary The OSPF Route Redistribution Summary page contains the following fields: • Source — The Source Route to be redistributed by OSPF. • Redistribute — Specify whether to allow the routes learned through this protocol to be redistributed.
BOOTP/DHCP Relay Agent BootP/DHCP Relay Agent enables BootP/DHCP clients and servers to exchange BootP/DHCP messages across different subnets. The relay agent receives the requests from the clients, and checks the valid hops and giaddr fields. If the number of hops is greater than the configured, the agent assumes the packet is looped through the agents and discards the packet. If giaddr field is zero the agent must fill in this field with the IP address of the interface on which the request was received.
BOOTP/DHCP Relay Agent Configuration Use the BOOTP/DHCP Relay Agent Configuration page to configure and display a BOOTP/DHCP relay agent. To display the page, click Routing > BOOTP/DHCP Relay Agent > Configuration in the tree view. Figure 9-21. BOOTP/DHCP Relay Agent Configuration The BOOTP/DHCP Relay Agent Configuration page contains the following fields: 498 • Maximum Hop Count — Enter the maximum number of hops a client request can take before being discarded.
Configuring BOOTP/DHCP 1. Open the BOOTP/DHCP Configuration page. 2. Enter data in the fields as needed. 3. Click Apply Changes when finished. The BOOTP/DHCP data is configured, and the device is updated.
The BOOTP/DHCP Status page displays the following fields: • Maximum Hop Count — The maximum number of Hops a client request can go without being discarded. • Server IP Address — The IP address of the BOOTP/DHCP server or the IP address of the next BOOTP/DHCP Relay Agent. • Admin Mode — The administrative mode of the relay. When you select Enable on the configuration page, BOOTP/DHCP requests are forwarded to the IP address you entered in the Server IP address field.
IP Helper Global Configuration Use the IP Helper Global Configuration page to add, show, or delete UDP Relay and Helper IP configuration To display the page, click Routing > IP Helper > Global Configuration in the tree view. Figure 9-23.
The IP Helper Global Configuration page contains the following fields: • UDP Relay Mode — Use the menu to enable or disable the UDP relay mode. You must enable the UDP Relay Mode to relay any other protocols for which an IP helper address has been configured. By default UDP Relay Mode is Enabled. • UDP Destination Port — Identifies destination UDP port number of UDP packets to be relayed. Table 9-1 lists UDP Port allocations. Table 9-1.
• Server Address — The IPv4 address of the server to which packets are relayed for the specific UDP Destination Port. • Hit Count — The number of times a packet has been forwarded or discarded according to this entry. • Remove — Removes the specified UDP Relay when selected and Apply Changes is pressed. Adding an IP Helper Entry 1. Open the IP Helper Global Configuration page. 2. Click Add to display the Add Helper IP Address page: Figure 9-24. Add Helper IP Address 3.
IP Helper Interface Configuration Use the IP Helper Interface Configuration page to add, show, or delete UDP Relay and Helper IP configuration for a specific interface. To display the page, click Routing > IP Helper > Interface Configuration in the tree view. Figure 9-25. IP Helper Interface Configuration The IP Helper Interface Configuration page contains the following fields: 504 • Source IP Interface — Select the interface to use for UDP/Helper relays.
Adding an IP Helper Entry to an Interface 1. Open the IP Helper Interface Configuration page. 2. Click Add to display the Interface Configuration Add page: Figure 9-26. Add Helper IP Address 3. Select the interface to use for the relay. 4. Select a UDP Destination port name from the menu or enter the UDP Destination Port ID. Select the Default Set to configure for the relay entry for the default set of protocols.
IP Helper Statistics Use the IP Helper Statistics page to view UDP Relay Statistics for the switch. To display the page, click Routing > IP Helper > Statistics in the tree view. Figure 9-27. IP Helper Statistics The IP Helper Statistics page contains the following fields: 506 • DHCP Client Messages Received — The number of valid messages received from a DHCP client.
• DHCP Client Messages Hop Count Exceeded Max — The number of DHCP client messages received whose hop count is larger than the maximum allowed. The maximum hop count is a configurable value.A log message is written for each such failure. The DHCP relay agent does not relay these packets. • DHCP Pkts Rcvd Too Early — The number of DHCP client messages received whose secs field is less than the minimum value. The minimum secs value is a configurable value. A log message is written for each such failure.
RIP Configuration Use the RIP Configuration page to enable and configure or disable RIP in Global mode. To display the page, click Routing > RIP > Configuration in the tree view. Figure 9-28. RIP Configuration The RIP Configuration page contains the following fields: • RIP Admin Mode — Select Enable or Disable from the drop-down menu. If you select Enable, RIP is enabled for the switch. The default is Disable. • Split Horizon Mode — Select None, Simple, or Poison Reverse from the drop-down menu.
• Host Routes Accept Mode — Select Enable or Disable from the drop-down menu. If you select Enable, the router accepts host routes. The default is Enable. • Global Route Changes — Displays the number of route changes made to the IP Route Database by RIP. This does not include the refresh of a route's age. • Global Queries — Displays the number of responses sent to RIP queries from other systems. • Default Information Originate — Enable or Disable Default Route Advertise.
RIP Interface Summary Use the RIP Interface Summary page to display RIP configuration status on an interface. To display the page, click Routing > RIP > Interface Summary in the tree view. Figure 9-29. RIP Interface Summary The RIP Interface Summary page displays the following fields: 510 • Interface — The interface, such as the routing-enabled VLAN on which RIP is enabled. • IP Address — The IP Address of the router interface.
• Receive Version — Specifies which RIP version control packets are accepted by the interface. The default is Both. Possible values are: – RIP-1 — only RIP version 1 formatted packets are received. – RIP-2 — only RIP version 2 formatted packets are received. – Both — packets are received in either format. – None — no RIP control packets are received. • RIP Admin Mode — Specifies whether RIP is Enabled or Disabled on the interface. • Link State — Specifies whether the RIP interface is up or down.
RIP Interface Configuration Use the RIP Interface Configuration page to enable and configure or to disable RIP on a specific interface. To display the page, click Routing > RIP > Interface Configuration in the tree view. Figure 9-30. RIP Interface Configuration The RIP Interface Configuration page contains the following fields: • Interface — Select the interface for which data is to be configured from the drop-down menu. • Send Version — RIP Version that router sends with its routing updates.
– RIP-2 — accept only RIP version 2 formatted packets. – Both — accept packets in either format. • None — no RIP control packets is accepted. • RIP Admin Mode — Select Enable or Disable from the drop-down menu. Before you enable RIP version 1 or version 1c on an interface, you must first enable network directed broadcast mode on the corresponding interface. The default value is Disable. • Authentication Type — You may select an authentication type other than None by clicking the Modify button.
Configuring the RIP Interface 1. Open the RIP Interface Configuration page. 2. Specify the interface for which data is to be configured. 3. Enter data into the fields as needed: Send Version — From the drop-down box, select None, RIP-1, RIP-1c, or RIP2. Receive Version — From the drop-down box select None, RIP-1, RIP-2, or Both. RIP Admin Mode — Select Enable or Disable. Authentication Type — Click the Modify button to configure different Authentication Types. 4. Click Apply Changes when finished.
Static Reject Routes A static reject route is a static route to discard the packets to a particular destination, thereby forcing a black-hole routing behavior for a particular set of IP prefixes. Static reject routes can help prevent a routing loop in the network if a default route is configured on a router. Static reject routes also help protect against a DOS attack on a router with unwanted destination addresses. NOTE: Static reject routes are not redistributed by OSPF or RIP.
The drop-down menu lists the ACLs configured through the pages under Switching→Network Security→Access Control Lists→IP Access Control Lists. When used for route filtering, the only fields in an access list that get used are: – Source IP Address and netmask – Destination IP Address and netmask – Action (Permit or Deny) All other fields (source and destination port, precedence, tos, etc.) are ignored. The source IP address is compared to the destination IP address of the route.
RIP Route Redistribution Summary Use the RIP Route Redistribution Summary page to display Route Redistribution configurations. To display the page, click Routing > RIP > Route Redistribution Summary in the tree view. Figure 9-32. RIP Route Redistribution Summary The RIP Route Redistribution Summary page contains the following fields: • Source — The source route to be redistributed by RIP. • Metric — The metric of redistributed routes for the given source route. Displays 0 when not configured.
Displaying RIP Route Redistribution Summary using the CLI Command For information about the CLI command that performs this function, see the following chapter in the CLI Reference Guide: • Routing Information Protocol (RIP) Commands Router Discovery The Router Discovery protocol is used by hosts to identify operational routers on the subnet. Router Discovery messages are of two types: “Router Advertisements” and “Router Solicitations.
Figure 9-33. Router Discovery Configuration The Router Discovery Configuration page contains the following fields: • VLAN Interface — Select the router interface for which data is to be configured. • Advertise Mode — Select Enable or Disable from the drop-down menu. If you select Enable, Router Advertisements are transmitted from the selected interface. • Advertise Address — Enter the IP Address to be used to advertise the router.
Configuring Router Discovery 1. Open the Router Discovery Configuration page. 2. Select the router interface to be configured. 3. Configure data as needed for the remaining fields. 4. Click Apply Changes Specified configuration changes are saved, and the device is updated.
The Router Discovery Status page displays the following fields: • Interface — The router interface for which data is displayed. • Advertise Mode — The values are Enable or Disable. Enable denotes that Router Discovery is enabled on that interface. • Advertise Address — The IP Address used to advertise the router. • Maximum Advertise Interval (secs) — The maximum time (in seconds) allowed between router advertisements sent from the interface.
Route Table Use the Router Route Table page to display the route table configuration. To display the page, click Routing > Router > Route Table in the tree view. Figure 9-35. Router Route Table The Router Route Table page displays the following fields: 522 • Total Number of Routes — The total number of routes in the route table. • Network Address — The IP route prefix for the destination.
– OSPF Type-1 – OSPF Type-2 – RIP • Next Hop Interface — The outgoing router interface to use when forwarding traffic to the destination. • Next Hop IP Address — The outgoing router IP address to use when forwarding traffic to the next router (if any) in the path towards the destination. The next router is always one of the adjacent neighbors or the IP address of the local interface for a directly attached network.
The Router Best Routes Table page displays the following fields: • Total Number of Routes — The total number of routes in the route table. • Network Address — The IP route prefix for the destination. • Subnet Mask — Also referred to as the subnet/network mask, this indicates the portion of the IP interface address that identifies the attached network. • Protocol — This field tells which protocol created the specified route.
Route Entry Configuration Use the Router Route Entry Configuration page to add new and configure router routes. To display the page, click Routing > Router > Route Entry Configuration in the tree view. Figure 9-37. Router Route Entry Configuration The Router Route Entry Configuration page contains the following fields: • Network Address — Specify the IP route prefix for the destination from the drop-down menu.
– OSPF Type-1 – OSPF Type-2 – RIP • Next Hop Interface — The outgoing router interface to use when forwarding traffic to the destination. • Next Hop IP Address — The outgoing router IP address to use when forwarding traffic to the next router (if any) in the path towards the destination. The next router is always one of the adjacent neighbors or the IP address of the local interface for a directly attached network.
Figure 9-39. Route Entry Configuration - Add Static Route Type 4. Click Apply Changes. The new route is added, and you are redirected to the Configured Routes page.
Configured Routes Use the Configured Routes page to display the routes that have been configured. To display the page, click Routing > Router > Configured Routes in the tree view. Figure 9-40. Configured Routes The Configured Routes page displays the following fields: 528 • Network Address — The IP route prefix for the destination. • Subnet Mask — Also referred to as the subnet/network mask, this indicates the portion of the IP interface address that identifies the attached network.
Adding a Router Route 1. Open the Configured Routes page. 2. Click Add. The Router Route Entry Configuration page displays, as Figure 9-38 shows. 3. Next to Route Type, use the drop-down box to add a Default route or a Static route. Default — Enter the default gateway address in the Next Hop IP Address field. Figure 9-38 shows the fields that display when the Route Type value is Default. Static — Enter values for Network Address, Subnet Mask, Next Hop IP Address, and Preference.
You can select Static Reject as a route type from the Route Type field on the following pages under the Routing > Router menu: • Route Entry Configuration • Configured Routes NOTE: For a static reject route, the next hop interface value is Null0. Packets to the network address specified in static reject routes are intentionally dropped. To display the page, click Routing > Router > Route Preferences Configuration in the tree view. Figure 9-41.
Configuring Route Preferences using CLI Command For information about the CLI command that performs this function, see the following chapter in the CLI Reference Guide: • OSPF Commands VLAN Routing You can configure PowerConnect M6220/M6348/M8024 software with some VLANs that support routing. You can also configure the software to allow traffic on a VLAN to be treated as if the VLAN were a router port.
VLAN Routing Configuration Use the VLAN Routing Configuration page to enable routing on VLAN interfaces and to add VLAN routing interfaces. To display the page, click Routing > VLAN Routing > Configuration in the tree view. Figure 9-42. VLAN Routing Configuration The VLAN Routing Configuration page displays the following fields: • VLAN ID — The ID of the VLAN whose data is displayed in the current table row. • VLAN Routing Mode — Enable or disable routing on the VLAN selected in the VLAN ID field.
VLAN Routing Summary Use the VLAN Routing Summary page to display the VLAN routing summary. To display the page, click Routing > VLAN Routing > Summary in the tree view. Figure 9-44. VLAN Routing Summary The VLAN Routing Summary page displays the following fields: • VLAN ID — The ID of the VLAN whose data is displayed in the current table row. • MAC Address — The MAC Address assigned to the VLAN Routing Interface. • IP Address — The configured IP address of the VLAN Routing Interface.
VRRP The Virtual Router Redundancy (VRRP) protocol is designed to handle default router failures by providing a scheme to dynamically elect a backup router. The driving force was to minimize “black hole” periods due to the failure of the default gateway router during which all traffic directed towards it is lost until the failure is detected. Though static configuration of default routes is popular, such an approach is susceptible to a single point of failure when the default router fails.
VRRP Router Configuration Use the VRRP Configuration page to enable or disable the administrative status of a virtual router. To display the page, click Routing > VRRP > Router Configuration in the tree view. Figure 9-45. VRRP Router Configuration The Virtual Router Configuration page contains the following fields: • VRID and Interface — Select Create from the drop-down menu to configure a new Virtual Router, or select one of the existing Virtual Routers, listed by interface number and VRID.
• Advertisement Interval — Enter the time, in seconds, between the transmission of advertisement packets by this virtual router. Enter a number between 1 and 255. The default value is 1 second. • Interface IP Address — Indicates the IP Address associated with the selected interface. • IP Address — Enter the IP Address associated with the Virtual Router. The default is 0.0.0.0, which you must change prior to pressing Create.
Figure 9-46. Virtual Router Secondary Address 3. In the Secondary Address field, select Create to add a new secondary IP address, or select an existing secondary IP address to modify. 4. In the IP Address field, enter the secondary IP address. 5. Click Apply Changes. Configuring VRRP Interface Tracking 1. Open the VRRP Router Configuration page. 2. Click Track Interface. The VRRP Interface Tracking Configuration page displays.
Figure 9-48. Add VRRP Interface Tracking 4. Complete the fields as necessary. The Add VRRP Interface Tracking page contains the following fields. • Interface — The interface associated with the Virtual Router ID. • Virtual Router ID — The Virtual Router ID. • Track Interface — Select an interface for the VRRP router to track. • Priority Decrement — When a tracked interface goes down, the priority decrement specifies the amount that the router priority will be decreased. The valid range is 1 to 254.
Figure 9-50. Add VRRP Route Tracking 4. Complete the fields as necessary. The Add VRRP Route Tracking page contains the following fields. • Interface — The interface associated with the Virtual Router ID. • Virtual Router ID — The Virtual Router ID. • Track Route pfx— Enter the destination prefix for the route to be tracked. Specify the prefix in dotted decimal format, for example 192.168.10.0 • Track Route pfxlen — Enter the prefix length for the route to track.
VRRP Virtual Router Status Use the Virtual Router Status page to display virtual router status. To display the page, click Routing > VRRP > Virtual Router Status in the tree view. Figure 9-51. Virtual Router Status The Virtual Router Status page displays the following fields: 540 • VRID — Virtual Router Identifier. • VLANID - Indicates the interface associate with the VRID. • Priority — The priority value used by the VRRP router in the election for the master virtual router.
• Interface IP Address — The actual IP Address associated with the interface used by the Virtual Router. • Owner — Set to True if the Virtual IP Address and the Interface IP Address are the same, otherwise set to False. If this parameter is set to True, the Virtual Router is the owner of the Virtual IP Address, and always wins an election for master router when it is active.
VRRP Virtual Router Statistics Use the Virtual Router Statistics page to display statistics for a specified virtual router. To display the page, click Routing > VRRP > Virtual Router Statistics in the tree view. Figure 9-52. Virtual Router Statistics The Virtual Router Statistics page contains the fields listed below. Many of the fields display only when there is a valid VRRP configuration. 542 • Router Checksum Errors — The total number of VRRP packets received with an invalid VRRP checksum value.
• Up Time — The time, in days, hours, minutes and seconds, that has elapsed since the virtual router transitioned to the initialized state. • State Transitioned to Master — The total number of times that this virtual router's state has transitioned to Master. • Advertisement Received — The total number of VRRP advertisements received by this virtual router.
Tunnels The PowerConnect M6220/M6348/M8024 switches support the creation, deletion, and management of tunnel interfaces. These are dynamic interfaces that are created and deleted through user-configuration. Each switch also supports the functionality of a 6to4 border router that connects a 6to4 site to a 6to4 domain. It sends and receives tunneled traffic from routers in a 6to4 domain that includes other 6to4 border routers and 6to4 relay routers.
Tunnels Configuration Use the Tunnels Configuration page to create, configure, or delete a tunnel. To display the page, click Routing > Tunnels > Configuration in the tree view. Figure 9-53. Tunnels Configuration The Tunnels Configuration page contains the following fields: • Tunnel — Use the drop-down menu to select from the list of currently configured tunnel IDs. Create is also a valid choice if the maximum number of tunnel interfaces has not been created.
• IPv6 Address —Select an IPv6 address for the selected Tunnel interface. Add is also a valid choice if the maximum number of addresses has not been configured. • IPv6 Address — When Add is chosen from the IPv6 Address drop-down menu, this IPv6 address input field becomes visible. The Address must be entered in the format prefix/length. You also have the option to specify the 64-bit extended unique identifier (EUI-64). • IPv6 Prefix Length — Specify the IPv6 prefix length.
Figure 9-54. Tunnels Configuration - Entry 5. Configure the fields as needed. 6. Enter desired values in the remaining fields. 7. Click Apply Changes. The new tunnel is saved, and the device is updated. Modifying an Existing Tunnel 1. Open the Tunnels Configuration page. 2. Specify the tunnel to modify in the Tunnel drop-down menu. 3. Change field values as desired in the remaining fields. 4. Click Apply Changes. The new configuration is saved, and the device is updated.
Removing a Tunnel 1. Open the Tunnels Configuration page. 2. Specify the tunnel to remove in the Tunnel drop-down menu. 3. Click Delete Tunnel. The tunnel is deleted, and the device is updated. Configuring a Tunnel using CLI Commands For information about the CLI command that performs this function, see the following chapter in the CLI Reference Guide: • Tunnel Interface Commands Tunnels Summary Use the Tunnels Summary page to display a summary of configured tunnels.
• IPv6 Address — The IPv6 Address(es) of the Tunnel. IPv6 Address State — Shows whether the address is active. Displaying Tunnels Summary using the CLI Command For information about the CLI command that performs this function, see the following chapter in the CLI Reference Guide: • Tunnel Interface Commands Loopbacks The PowerConnect M6220/M6348/M8024 provides for the creation, deletion, and management of loopback interfaces.
Loopbacks Configuration Use the Loopbacks Configuration page to create, configure, or remove loopback interfaces. You can also set up or delete a secondary address for a loopback. To display the page, click Routing > Loopbacks > Configuration in the tree view. Figure 9-56. Loopback Configuration The Loopbacks Configuration pages contain the following fields: 550 • Loopback — Use the drop-down menu to select from the list of currently configured loopback interfaces.
• IPv6 Address — Select list of configured IPv6 addresses for the selected Loopback interface. Add is also a valid choice if the maximum number of addresses has not been configured. This option only displays when the Protocol specified is IPv6. • IPv6 Address — When Add is chosen from the IPv6 Address selector this IPv6 address input field becomes visible. Enter the address in the format of prefix/length. This option only displays when the Protocol specified is IPv6.
Figure 9-57. Loopbacks Configuration - IPv4 Entry 5. Enter IPv4 in the Protocol field. 6. Enter desired values in the remaining fields. 7. Click Submit. The new loopback is saved, and the webpage reappears showing secondary address configuration fields.
Figure 9-58. Loopback Configuration - Add Secondary Address 8. Complete the Secondary Address, Secondary IP Address, and Secondary Subnet Mask fields. 9. Click the Add Secondary button. The secondary address is saved, and the webpage reappears showing the primary and secondary loopback addresses. Creating a New Loopback (IPv6) 1. Open the Loopbacks Configuration page. 2. Select Create from the Loopback drop-down menu. 3. Specify an ID to use in the Loopback ID field. 4. Click Apply Changes.
Figure 9-59. Loopbacks Configuration - IPv6 Entry 5. Choose IPv6 from the drop-down box in the Protocol field. 6. Add the IPv6 Address. 7. Enter desired values in the remaining fields. 8. Click Submit. The new loopback is saved, and the device is updated. Configuring an Existing Loopback 1. Open the Loopback Configuration page. 2. Specify the loopback to configure in the Loopback drop-down menu. 3. Change field values as desired in the remaining fields. 4. Click Apply Changes.
Removing a Loopback 1. Open the Loopback Configuration page. 2. Specify the loopback to remove in the Loopback drop-down menu. 3. Click Delete Loopback. The loopback is deleted, and the device is updated. Removing a Secondary Address 1. Open the Loopback Configuration page. 2. Specify the loopback to be affected. 3. Specify the secondary address to be removed. 4. Click Delete Selected Secondary. The secondary address is deleted, and the device is updated.
Loopbacks Summary Use the Loopbacks Summary page to display a summary of configured loopbacks. To display the page, click Routing > Loopbacks > Summary in the tree view. Figure 9-60. Loopbacks Summary The Loopbacks Summary page displays the following fields: • Loopback Interface — The ID of the configured loopback interface. • Addresses — A list of the addresses configured on the loopback interface.
10 Configuring IPv6 Overview IPv6 is the next generation of the Internet Protocol. With 128-bit addresses, versus 32-bit addresses for IPv4, IPv6 solves the address depletion issues seen with IPv4 and removes the requirement for Network Address Translation (NAT), which is used in IPv4 networks to reduce the number of globally unique IP addresses required for a given network. Its aggregate addresses can dramatically reduce the size of the global routing table through well known address combinations.
Global Configuration Use the Global Configuration page to enable IPv6 forwarding on the router, enable the forwarding of IPv6 unicast datagrams, and configure global IPv6 settings. To display the page, click IPv6 > Global Configuration in the tree view. Figure 10-1. IPv6 Global Configuration The IPv6 Global Configuration page contains the following fields: • IPv6 Unicast Routing — Globally enable or disable IPv6 unicast routing on the router. The default is Disable.
Configuring IPv6 using the CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • IPV6 Routing Commands Interface Configuration Use the Interface Configuration page to configure IPv6 interface parameters. This page has been updated to include the IPv6 Destination Unreachables field. To display the page, click IPv6 > Interface Configuration in the tree view. Figure 10-2.
The IPv6 Interface Configuration page contains the following fields: 560 • Interface — Selects the interface to be configured. When the selection is changed, a screen refresh occurs, causing all fields to be updated for the newly selected interface. Shows only routing-enabled interfaces and tunnels. • IPv6 Mode — When IPv6 mode is enabled, interface is capable of IPv6 operation without a global address. In this case, an EUI-64 based link-local address is used.
• IPv6 Routing Operational Mode — Displays the operational state of an interface. • Interface Maximum Transmit Unit — Specifies the maximum transmit unit on an interface. If the value is 0 then this interface is not enabled for routing. It is not valid to set this value to 0 if routing is enabled. The valid range of MTU is 1280 to 1500. • Router Duplicate Address Detection Transmits — Specifies the number of duplicate address detections transmits on an interface.
Interface Summary Use the Interface Summary page to display settings for all IPv6 interfaces. To display the page, click IPv6 > Interface Summary in the tree view. Figure 10-3. IPv6 Interface Summary The IPv6 Interface Summary page contains the following fields: Interface — Specifies the interface whose settings are displayed in the current table row. Routing Mode — Specifies routing mode of the interface. Admin Mode — Specifies administrative mode of the interface.
IPv6 Statistics Use the IPv6 Statistics page to display IPv6 traffic statistics for one or all interfaces. To display the page, click IPv6 > IPv6 Statistics in the tree view. Figure 10-4. IPv6 Statistics The IPv6 Statistics page contains the following fields: • Interface — Selects the interface for which statistics are displayed. When the selection is changed, a screen refresh occurs, causing all fields to be updated for the newly selected interface.
564 • Received Datagrams Discarded Due To MTU — The number of input datagrams that could not be forwarded because their size exceeded the link MTU of outgoing interface. • Received Datagrams Discarded Due To No Route — The number of input datagrams discarded because no route could be found to transmit them to their destination. • Received Datagrams With Unknown Protocol — The number of locally-addressed datagrams received successfully but discarded because of an unknown or unsupported protocol.
• Datagrams Transmit Failed — The number of datagrams which this entity failed to transmit successfully. • Datagrams Successfully Fragmented — The number of IPv6 datagrams that have been successfully fragmented at this output interface. • Datagrams Failed To Fragment — The number of output datagrams that could not be fragmented at this interface. • Datagrams Fragments Created — The number of output datagram fragments that have been generated as a result of fragmentation at this output interface.
566 • ICMPv6 Neighbor Advertisement Messages Received — The number of ICMP Neighbor Advertisement messages received by the interface. • ICMPv6 Redirect Messages Received — The number of ICMPv6 Redirect messaged received by the interface. • ICMPv6 Group Membership Query Messages Received — The number of ICMPv6 Group Membership Query messages received by the interface.
• ICMPv6 Neighbor Advertisement Messages Transmitted — The number of ICMP Neighbor Advertisement messages sent by the interface. • ICMPv6 Redirect Messages Transmitted — The number of Redirect messages sent. • ICMPv6 Group Membership Query Messages Transmitted — The number of ICMPv6 Group Membership Query messages sent. • ICMPv6 Group Membership Response Messages Transmitted — The number of ICMPv6 Group Membership Response messages sent.
IPv6 Neighbor Table Use the IPv6 Neighbor Table page to display IPv6 neighbor details for a specified interface. To display the page, click IPv6 > IPv6 Neighbor Table in the tree view. Figure 10-5. IPv6 Neighbor Table The IPv6 Neighbor Table page contains the following fields: • Interface — Selects the interface for which neighbor state information is displayed. • Interface — Specifies the interface whose settings are displayed in the current table row.
• – Reachable — Positive confirmation was received within the last Reachable Time milliseconds that the forward path to the neighbor was functioning properly. While in REACH state, the device takes no special action as packets are sent. – Stale — More than ReachableTime milliseconds have elapsed since the last positive confirmation was received that the forward path was functioning properly. While in STALE state, the device takes no action until a packet is sent.
The DHCPv6 menu page contains links to web pages that define and display DHCPv6 parameters and data. To display this page, click IPv6 > DHCPv6 in the tree view.
The DHCPv6 Global Configuration page contains the following fields: • DHCPv6 Admin Mode — Specifies DHCPv6 operation on the switch. Possible values are Enable and Disable; the default value is Disable. • Relay Option — Specifies Relay Agent Information Option value. The values allowed are between 32 to 65535, and represent the value exchanged between the relay agent and the server. Each value has a different meaning, of which 1 to 39 are standardized.
DHCPv6 Pool Configuration DHCP for IPv6 clients are connected to a server which is configured to use parameters from a pool that you set up. The pool is identified with a pool name, and contains IPv6 addresses and domain names of DNS servers. Use the Pool Configuration page to create a pool and/or configure pool parameters. To display the page, click IPv6 > DHCPv6 > Pool Configuration in the tree view. Figure 10-7.
Figure 10-8. Pool Configuration - Display The Pool Configuration page contains the following fields: • Pool Name — Drop-down menu that lists all the pool names configured. When Create is selected, fields on the page are cleared of data, in preparation for new pool information. • Pool Name — Displays the pool selected from the previous field, or provides entry of a unique name for a DHCPv6 pool when Create is selected. A maximum of 31 alphanumeric characters can be entered.
• Domain Name — Displays the selected DNS domain name from the previous field. Enter a new DNS domain name here when Add is selected in the previous field. A maximum of 255 alphanumeric characters can be entered. Click Delete to remove a domain name from this pool. The name is deleted when Apply Changes is clicked. • Delete Pool — Check this box to delete the displayed pool. The pool is deleted when Apply Changes is clicked. Creating a DHCPv6 Pool 1. Open the Pool Configuration page. 2.
Configuring DHCPv6 Pool Parameters using the CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • DHCPv6 Commands Prefix Delegation Configuration Use the Prefix Delegation Configuration page to configure a delegated prefix for a pool. At least one pool must be created using DHCPv6 Pool Configuration before a delegated prefix can be configured.
• DUID - Displays selected DUID value or allows entry of new one. • Valid Lifetime — Specifies the valid lifetime in seconds for delegated prefix. • Prefer Lifetime — Specifies the prefer lifetime in seconds for delegated prefix. • Delete — Deletes the displayed pool prefix delegation configuration when checked and Apply Changes is clicked. Configuring a delegated prefix to a Pool 1. Open the Prefix Delegation Configuration page. 2. Select the pool to be configured. 3. Specify the delegated prefix.
DHCPv6 Pool Summary Use the Pool Summary page to display settings for all DHCPv6 Pools. At least one pool must be created using DHCPv6 Pool Configuration before the Pool Summary displays. To display the page, click IPv6 > DHCPv6 > Pool Summary in the tree view. Figure 10-10. Pool Summary The Pool Summary page contains the following fields: • Pool Name — Selects the pool to display. • DNS Server — Displays the IPv6 address of the associated DNS server. • Domain Name — Displays the DNS domain name.
Displaying the Pool Summary using the CLI Command For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • DHCPv6 Commands DHCPv6 Interface Configuration Use the DHCPv6 Interface Configuration page to configure a DHCPv6 interface. To display the page, click IPv6 > DHCPv6 > Interface Configuration in the tree view. Figure 10-11.
Delete — Check this box and click Apply Changes to delete this configuration. This field displays when the Interface Mode is Server or Relay. Relay Interface — Selects the interface to reach a relay server. This field displays when the Interface Mode is Relay. Destination IP Address — Selects the IPv6 address of the DHCPv6 relay server. This field displays when the Interface Mode is Relay. Remote ID — Selects the relay agent information option.
Configuring a DHCPv6 Interface Using the CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • DHCPv6 Commands Configuring a DHCPv6 Interface for Server Interface Mode 1. Open the DHCPv6 Interface Configuration page. 2. Specify the desired Interface, and select Server from the Interface Mode drop down menu. The following screen appears: Figure 10-13. DHCPv6 Interface Configuration - Server 3. Modify the fields as needed.
Configuring a DHCPv6 Interface for Server Interface Mode Using the CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • DHCPv6 Commands DHCPv6 Server Bindings Summary Use the Server Bindings Summary page to display all DHCPv6 server bindings. To display the page, click IPv6 > DHCPv6 > Bindings Summary in the tree view. Figure 10-14.
• Prefer Lifetime — Specifies the preferred lifetime value in seconds of the prefix associated with a binding. Displaying Server Bindings using the CLI Command For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • DHCPv6 Commands DHCPv6 Statistics Use the DHCPv6 Statistics page to display DHCPv6 statistics for one or all interfaces. To display the page, click IPv6 > DHCPv6 > Statistics in the tree view. Figure 10-15.
The DHCPv6 Statistics page displays the following fields: • Interface — Select the interface for which data is to be displayed or configured. On selecting All, data is shown for all interfaces. Messages Received This section specifies the aggregate of all interface level statistics for received messages: • DHCPv6 Solicit Packets Received — Specifies the number of Solicits. • DHCPv6 Request Packets Received — Specifies the number of Requests.
Displaying DHCPv6 Statistics using the CLI Command For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • DHCPv6 Commands OSPFv3 OSPFv3 is the Open Shortest Path First routing protocol for IPv6. It is similar to OSPFv2 in its concept of a link state database, intra/inter area, and AS external routes and virtual links.
OSPFv3 Configuration Use the OSPFv3 Configuration page to activate and configure OSPFv3 for a switch. To display the page, click IPv6 > OSPFv3 > Configuration in the tree view. Figure 10-16. OSPFv3 Configuration The OSPFv3 Configuration page contains the following fields: • Router ID — The 32-bit integer in dotted decimal format that uniquely identifies the router within the autonomous system (AS). If you want to change the Router ID you must first disable OSPFv3.
• ASBR Mode — Reflects whether the ASBR mode is enabled or disabled. Enable implies that the router is an autonomous system border router. Router automatically becomes an ASBR when it is configured to redistribute routes learned from other protocol. • ABR Status — The values of this are Enable or Disable. The field displays only when a valid configuration exists. Enabled implies that the router is an area border router. Disabled implies that it is not an area border router.
• Default Route Advertise: Use this section to configure the parameters for Default Route Advertisements into OSPF domain. • Default Information Originate — Enable or disable Default Route Advertise. NOTE: The values for Always, Metric, and Metric Type can only be configured after Default Information Originate is set to Enable.
OSPFv3 Area Configuration Use the OSPFv3 Area Configuration page to create and configure an OSPFv3 area. To display the page, click IPv6 > OSPFv3 > Area Configuration in the tree view. Figure 10-17. OSPFv3 Area Configuration The OSPFv3 Area Configuration page contains the following fields: 588 • Area ID — The OSPFv3 area. An Area ID is a 32-bit integer in dotted decimal format that uniquely identifies the area to which a router interface connects.
• Area LSA Checksum — The 32-bit unsigned sum of the link-state advertisements' LS checksums contained in this area's link-state database. This sum excludes external (LS type 5) link-state advertisements. The sum can be used to determine if there has been a change in a router's link state database, and to compare the link-state database of two routers. This value is in hexadecimal. Configuring OSPFv3 Area 1. Open the OSPFv3 Area Configuration page. 2. Modify the fields as needed. 3. Click Apply Changes.
Figure 10-19. OSPFv3 Stub Area Configuration 5. Complete the remaining fields. 6. Click Apply Changes. The Stub Area information is saved and the device is updated. Configuring OSPFv3 NSSA Area 1. Open the OSPFv3 Area Configuration page. 2. Modify the fields as needed. 3. Click Apply Changes. The web page reappears with Create Stub Area and NSSA Create buttons. See Figure 10-18. 4. Click NSSA Create on the OSPFv3 Area Configuration web page. The web page reappears showing options for NSSA configuration.
Figure 10-20. OSPFv3 Area Configuration - NSSA 5. Complete the remaining fields. 6. Click Apply Changes. The NSSA information is saved and the device is updated. Deleting OSPFv3 Stub Area Information 1. Open the OSPFv3 Area Configuration page with configured Stub Area information. 2. Click Delete Stub Area. 3. Click Apply Changes. Deleting OSPFv3 NSSA Information 1. Open the OSPFv3 Area Configuration page with configured NSSA information. 2. Click NSSA Delete. 3. Click Apply Changes.
OSPFv3 Stub Area Summary Use the OSPFv3 Stub Area Summary page to display OSPFv3 stub area detail. To display the page, click IPv6 > OSPFv3 > Stub Area Summary in the tree view. Figure 10-21. OSPFv3 Stub Area Summary The OSPFv3 Stub Area Summary page displays the following fields: • Area ID — The Area ID of the Stub area. • Metric Value — The metric value applied to the default route advertised into the area. • Import Summary LSAs — Whether the import of Summary LSAs is enabled or disabled.
OSPFv3 Area Range Configuration Use the OSPFv3 Area Range Configuration page to configure OSPFv3 area ranges. To display the page, click IPv6 > OSPFv3 > Area Range Configuration in the tree view. Figure 10-22. OSPFv3 Area Range Configuration The OSPFv3 Area Range Configuration page contains the following fields: • Area ID — Selects the area for which data is to be configured. • IPv6 Prefix/Prefix Length — Enter the IPv6 Prefix/Prefix Length for the address range for the selected area.
• Create New Area Range — Click this check box to create a new OSPFv3 area range using the values you specified. • Area ID — The OSPFv3 area. • IPv6 Prefix — The IPv6 Prefix of an address range for the area. • LSDB Type — The Link Advertisement type for the address range and area. • Advertisement — The Advertisement mode for the address range and area. • Delete — Click this check box to delete the specified OSPFv3 area range. Configuring OSPFv3 Area Range 1.
OSPFv3 Interface Configuration Use the OSPFv3 Interface Configuration page to create and configure OSPFv3 interfaces. This page has been updated to include the Passive Mode field. To display the page, click IPv6 > OSPFv3 > Interface Configuration in the tree view. Figure 10-23. OSPFv3 Interface Configuration The OSPFv3 Interface Configuration page contains the following fields: • Interface — Select the interface for which data is to be displayed or configured.
596 • Router Priority — Enter the OSPFv3 priority for the selected interface. The priority of an interface is specified as an integer from 0 to 255. The default is 1, which is the highest router priority. A value of 0 indicates that the router is not eligible to become the designated router on this network. • Retransmit Interval — Enter the OSPFv3 retransmit interval for the specified interface.
– Waiting — The router is trying to determine the identity of the (Backup) Designated Router for the network by monitoring received Hello Packets. The router is not allowed to elect a Backup Designated Router or a Designated Router until it transitions out of Waiting state. This prevents unnecessary changes of (Backup) Designated Router. • Designated Router — This router is itself the Designated Router on the attached network. Adjacencies are established to all other routers attached to the network.
OSPFv3 Interface Statistics Use the OSPFv3 Interface Statistics page to display OSPFv3 interface statistics. Information is only displayed if OSPF is enabled. Several fields have been added to this page. To display the page, click IPv6 > OSPFv3 > Interface Statistics in the tree view. Figure 10-24. OSPFv3 Interface Statistics The OSPFv3 Interface Statistics page displays the following fields: 598 • Interface — Select the interface for which data is to be displayed.
• Virtual Events — The number of state changes or errors that have occurred on this virtual link. • Neighbor Events — The number of times this neighbor relationship has changed state, or an error has occurred. • External LSA Count — The number of external (LS type 5) link-state advertisements in the link-state database. • Sent packets — The number of OSPFv3 packets transmitted on the interface. • Received packets — The number of valid OSPFv3 packets received on the interface.
• LS Acknowledgements Sent — The number of LS acknowledgements sent on this interface by this router. • LS Acknowledgements Received — The number of LS acknowledgements received on this interface by this router. Displaying OSPFv3 Interface Statistics 1. Open the OSPFv3 Interface Statistics page. 2. Select the interface to display from the Interface drop-down menu. Statistics for the interface display.
Figure 10-25. OSPFv3 Neighbors The OSPFv3 Neighbors page contains the following fields: • Interface — Selects the interface for which data is to be displayed or configured. • Neighbor Router ID — Selects the IP Address of the neighbor for which data is to be displayed. • Area ID — A 32-bit integer in dotted decimal format that identifies the neighbor router. • Options — The optional OSPF capabilities supported by the neighbor.
• State — The state of a neighbor can be the following: – Down — This is the initial state of a neighbor conversation. It indicates that there is no recent information received from the neighbor. On NBMA networks, Hello packets may still be sent to Down neighbors, although at a reduced frequency. – Attempt — This state is only valid for neighbors attached to NBMA networks.
Displaying OSPFv3 Neighbors using the CLI Command For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • OSPFv3 Commands OSPFv3 Neighbor Table Use the OSPFv3 Neighbor Table page to display the OSPF neighbor table list. When a particular neighbor ID is specified, detailed information about a neighbor is given. The neighbor table is only displayed if OSPF is enabled.
The OSPFv3 Neighbor Table page displays the following fields: • Interface — Selects the interface for which data is to be displayed or configured. • Neighbor Router ID — A 32-bit integer in dotted decimal format representing the neighbor interface. • Priority — The priority of this neighbor in the designated router election algorithm. A value of 0 indicates that the neighbor is not eligible to become the designated router on this network.
OSPFv3 Link State Database Use the OSPFv3 Link State Database page to display the link state and external LSA databases. The OSPFv3 Link State Database page has been updated to display external LSDB table information in addition to OSPFv3 link state information. To display the page, click IPv6 > OSPFv3 > Link State Database in the tree view. Figure 10-27. OSPFv3 Link State Database The OSPFv3 Link State Database page displays the following fields: • Adv.
• Age — The time since the link state advertisement was first originated, in seconds. • Sequence — The sequence number field is a signed 32-bit integer. It is used to detect old and duplicate link state advertisements. The larger the sequence number, the more recent the advertisement. • Checksum — The checksum is used to detect data corruption of an advertisement. This corruption can occur while an advertisement is being flooded, or while it is being held in a router's memory.
OSPFv3 Virtual Link Configuration Use the OSPFv3 Virtual Link Configuration page to define a new or configure an existing virtual link. To display this page, a valid OSPFv3 area must be defined through the OSPFv3 Area Configuration page. To display the page, click IPv6 > OSPFv3 > Virtual Link Configuration in the tree view. Figure 10-28.
608 • Dead Interval (secs) — Enter the OSPF dead interval for the specified interface in seconds. This specifies how long a router waits to see a neighbor router's Hello packets before declaring that the router is down. This parameter must be the same for all routers attached to a network. This value should be a multiple of the Hello Interval (for example 4). Valid values range from 1 to 2147483647. The default is 40.
Creating a New Virtual Link 1. Open the OSPFv3 Virtual Link Configuration page. 2. Select Create New Virtual Link from the drop-down menu to define a new virtual link. 3. Enter the Neighbor Router ID. 4. Click Create. The new link is created, and you are returned to the Virtual Link Configuration page. Configuring a Virtual Link 1. Open the OSPFv3 Virtual Link Configuration page. 2. Select the virtual link to configure. 3. Modify the remaining fields as needed. 4. Click Apply Changes. 5.
OSPFv3 Virtual Link Summary Use the OSPFv3 Virtual Link Summary page to display virtual link data by Area ID and Neighbor Router ID. To display the page, click IPv6 > OSPFv3 > Virtual Link Summary in the tree view. Figure 10-29. OSPFv3 Virtual Link Summary The OSPFv3 Virtual Link Summary page displays the following fields: 610 • Area ID — The Area ID portion of the virtual link identification for which data is to be displayed. The Area ID and Neighbor Router ID together define a virtual link.
• Dead Interval (secs) — The OSPF dead interval for the virtual link in units of seconds. This specifies how long a router waits to see a neighbor router's Hello packets before declaring that the router is down. This parameter must be the same for all routers attached to a common network, and should be a multiple of the Hello Interval (i.e. 4). • Retransmit Interval (secs) — The OSPF retransmit interval for the virtual link in units of seconds.
The OSPFv3 Route Redistribution Configuration page contains the following fields: • Source Protocol — Select the type of source routes to configure for redistribution by OSPF. Valid values are Static and Connected. • Metric — Sets the metric value to be used as the metric of redistributed routes. This field displays the metric if the source was pre-configured and can be modified. Valid values are 0 to 16777214. • Metric Type — Sets the OSPF metric type of redistributed routes.
Configuring OSPFv3 Route Redistribution using the CLI Command For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • OSPFv3 Commands OSPFv3 Route Redistribution Summary Use the OSPFv3 Route Redistribution Summary page to display route redistribution settings by source. To display the page, click IPv6 > OSPFv3 > Route Redistribution Summary in the tree view. Figure 10-32.
IPv6 Routes The IPv6 Routes menu page contains links to web pages that define and display IPv6 Routes parameters and data. To display this page, click IPv6 > IPv6 Routes in the tree view. Following are the web pages accessible from this menu page: • IPv6 Route Entry Configuration • IPv6 Route Table • IPv6 Route Preferences • Configured IPv6 Routes IPv6 Route Entry Configuration Use the IPv6 Route Entry Configuration page to configure information for IPv6 routes.
The IPv6 Route Entry Configuration page contains the following fields: • IPv6 Network Prefix/PrefixLength — Enter a valid IPv6 Network Address and Prefix. • Next Hop IPv6 Address — Enter an IPv6 Next Hop Address. If the Next Hop IPv6 Address specified is a Link-local IPv6 Address, specify the Interface for the Link-local IPv6 Next Hop Address. Select Global or Link-local from the drop-down menu to apply to this address. • Preference — Enter a Preference Value for the given route.
IPv6 Route Table Use the IPv6 Route Table page to display all active IPv6 routes and their settings. To display the page, click IPv6 > IPv6 Routes > IPv6 Route Table in the tree view. Figure 10-34. IPv6 Route Table The IPv6 Route Table page displays the following fields: 616 • Routes Displayed — Select to view either the Configured Routes, Best Routes, or All Routes from the drop-down menu.
Displaying the IPv6 Route Table 1. Open the IPv6 Route Table page. 2. Select the type of routes to display from the Routes Displayed field. The selected routes display. Displaying the IPv6 Route Table using the CLI Command For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • IPv6 Routing Commands IPv6 Route Preferences Use the IPv6 Route Preferences page to configure the default preference for each protocol.
Figure 10-35. IPv6 Route Preferences The IPv6 Route Preferences page contains the fields shown below. In each case, the lowest values indicate the highest preference. • Local — This field displays the local route preference value. • Static — The static route preference value in the router. The default value is 1. The range is 1 to 255. • OSPF Intra — The OSPF intra route preference value in the router. The default value is 110. • OSPF Inter — The OSPF inter route preference value in the router.
Configuring IPv6 Route Preferences using the CLI Command For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • IPv6Routing Commands Configured IPv6 Routes Use the Configured IPv6 Routes page to display selected IPv6 routes. To display the page, click IPv6 > IPv6 Routes > Configured IPv6 Routes in the tree view. Figure 10-36.
• Delete — Click this box and the Refresh button to delete the displayed route. When the Best Routes or All Routes options are select, the following fields appear: • Number of Routes — Displays the number of Best Routes or All Routes. • IPv6 Prefix/Prefix Length — Displays the Network Prefix and Prefix Length for the Configured Route. • Protocol — Displays the protocol in use for the Configured routes. • Next Hop Interface — Displays the Next Hop Interface for the Configured Route.
11 Configuring Quality of Service Quality of Service Overview This section gives an overview of Quality of Service (QoS) and explains the QoS features available from the Quality of Service menu page—Differentiated Services and Class of Service. In a typical switch, each physical port consists of one or more queues for transmitting packets on the attached network. Multiple queues per port are often provided to give preference to certain packets over others based on user-defined criteria.
Configuring Differentiated Services DiffServ Overview The QoS feature contains Differentiated Services (DiffServ) support that allows traffic to be classified into streams and given certain QoS treatment in accordance with defined per-hop behaviors. Standard IP-based networks are designed to provide “best effort” data delivery service. “Best effort” service implies that the network delivers the data in a timely fashion, although there is no guarantee that it will.
Diffserv Configuration Use the Diffserv Configuration page to display DiffServ General Status Group information, which includes the current administrative mode setting as well as the current and maximum number of rows in each of the main DiffServ private MIB tables. To display the page, click Quality of Service > Differentiated Services > Diffserv Configuration in the tree view. Figure 11-1.
Changing Diffserv Admin Mode 1. Open the Diffserv Configuration page. 2. Turn Diffserv Admin Mode on or off by selecting Enable or Disable from the drop-down menu. 3. Click Apply Changes. The Diffserv Admin Mode is changed, and the device is updated.
– • All — All the various match criteria defined for the class should be satisfied for a packet match. All signifies the logical AND of all the match criteria. Protocol — Indicates how to interpret Layer 3. This field displays the types of packets supported by DiffServ. The Layer 3 Protocol option is available only when you select Class Type. Options are: – IPv4 — A class where the match criteria is based on fields in an IPv4 packet.
Class Criteria Use the Diffserv Class Criteria page to define the criteria to associate with a DiffServ class. As packets are received, these DiffServ classes are used to prioritize packets. To display the page, click Quality of Service > Differentiated Services > Class Criteria in the tree view. Figure 11-4. Diffserv Class Criteria IPv4 The Diffserv Class Criteria page contains the following fields: 626 • Class Name — Selects the class name for which you are specifying criteria.
Match Attributes (IPv4) Use the following fields to match IPv4 packets to a class. Click the check box for each field to be used as a criterion for a class, and enter data in the related field. You can have multiple match criteria in a class. The logic is a Boolean “logical-and” for this criteria. • Source IP Address — Requires a packet’s source port IP address to match the address listed here. • Subnet Mask — The subnet mask of the source IP address.
• Source MAC Mask — Specifies the Source MAC address wildcard mask. Wild card masks determine which bits are used and which bits are ignored. A wild card mask of 00.00.00.00.00.00 indicates that no bit is important. A wildcard of FF:FF:FF:FF:FF:FF indicates that all bits are important. This field is required when Source MAC Address is checked. • Destination MAC Address — Requires a packet’s Destination MAC Address for incoming packets to match the address entered here.
Match Attributes (IPv6) Use the following fields to match IPv6 packets to a class. For other fields not listed here, see the description in "Match Attributes (IPv4)" on page 627. Click the check box for each field to be used as a criterion for a class, and enter data in the related field. You can have multiple match criteria in a class. The logic is a Boolean “logical-and” for this criteria. • Source IPv6 Prefix — Requires a packet’s source port IPv6 address to match the address listed here.
Policy Configuration Use the Diffserv Policy Configuration page to associate a collection of classes with one or more policy statements. To display the page, click Quality of Service > Differentiated Services > Policy Configuration in the tree view. Figure 11-6. Diffserv Policy Configuration The Diffserv Policy Configuration page contains the following fields: • Policy Name — Selects the policy name to be associated with the class(es).
Use Add a Class to associate a class with this policy. Use Remove a Class to remove the class from this policy. 4. Select the class to be affected from the relevant drop-down menu. 5. Click Apply Changes. The modified policy is saved, and the device is updated. Renaming a Policy 1. Open the Diffserv Policy Configuration page. 2. Select the Policy Name to be renamed. 3. Rename policy by checking Rename Policy and entering the new name in the adjacent field.
Figure 11-8. Diffserv Policy Summary Removing a Policy Configuration 1. Open the Diffserv Policy Configuration page. 2. Select the policy name to be deleted from the Policy Name drop-down menu. 3. Check the Remove check box. 4. Click Apply Changes. The associated policy configuration is removed, and the device is updated.
Policy Class Definition Use the Diffserv Policy Class Definition page to associate a class to a policy, and to define attributes for that policy-class instance. To display the page, click Quality of Service > Differentiated Services > Policy Class Definition in the tree view. Figure 11-9. Diffserv Policy Class Definition The Diffserv Policy Class Definition page contains the following fields: • Policy Name — Selects the policy to associate with a member class from a drop-down menu.
– Policing: Allows you to configure how policing is performed, as well as configure what happens to packets that are considered conforming and non-conforming. For more information on the fields that display when Policing is selected, see "Policing Traffic Condition." • Redirect Interface — Displays whether Redirect Interface applies to this policy-class, and specifies the interface or LAG used.
• IP DSCP — Selects the IP DSCP to mark. Select from the drop down menu or enter directly in the User Value field. • IP Precedence — Selects the specified IP Precedence queue number to mark. Class of Service — Selects the specified Class of Service queue number to mark. Configuring Packet Marking for a Policy Class Instance 1. Select Marking from the Traffic Conditioning drop-down menu on the Diffserv Policy Class Definition page. The Packet Marking page displays. 2.
• Color Mode — Selects the type of color policing used. Choose Color Blind or Color Aware from the drop-down menu. • Conform Action Selector — Selects what happens to packets that are considered conforming (below the police rate). Options are Send, Drop, Mark CoS, Mark IP DSCP, Mark IP Precedence. • Violate Action — Selects what happens to packets that are considered non-conforming (above the police rate). Options are Send, Drop, Mark CoS, Mark IP DSCP, Mark IP Precedence.
Service Configuration Use the Diffserv Service Configuration page to activate a policy on a port. To display the page, click Quality of Service > Differentiated Services > Service Configuration in the tree view. Figure 11-13. Diffserv Service Configuration The Diffserv Service Configuration page contains the following fields: • Interface — Selects the interface (Unit/Port, LAG, or All) to be affected from drop-down menus.
Figure 11-14. Diffserv Service Summary Assigning a Policy to a Port Using the CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • QoS Commands Service Detailed Statistics Use the Diffserv Service Detailed Statistics page to display packet details for a particular port and class. To display the page, click Quality of Service > Differentiated Services > Service Detailed Statistics in the tree view. Figure 11-15.
• Policy Name — Displays the policy associated with the selected interface. • Operational Status — Displays whether the policy is active or not on this interface. • Member Classes — Selects the member class for which octet statistics are to display. • Offered Packets — Displays how many packets match the policy. • Discarded Packets — Displays how many packets are dropped by the policy. Displaying Service Statistics 1. Open the Diffserv Service Detailed Statistics page. 2.
Mapping Table Configuration Each port in the switch can be configured to trust one of the packet fields (802.1p, IP Precedence, or IP DSCP), or to not trust any packet’s priority designation (untrusted mode). If the port is set to a trusted mode, it uses a mapping table appropriate for the trusted field being used. This mapping table indicates the CoS queue to which the packet should be forwarded on the appropriate egress port(s).
Figure 11-16. Mapping Table Configuration — CoS (802.1P) CoS (802.1P) Trust Mode The CoS (802.1P) Mapping Table Configuration page contains the following fields: • Interface — Selects the interface to which the class of service configuration is applied. Select a unit and port or LAG, or select Global to apply the class of configuration to all the interfaces. • Trust Mode — Selects the trust mode to apply. CoS (802.1P) is the default.
Configuring CoS (802.1P) Trust Mode 1. Open the Mapping Table Configuration page. 2. Select the unit and port or LAG to be affected, or select Global to apply the settings to all interfaces. 3. Select a Trust Mode. 4. Select a Queue to associate with each Class of Service. 5. Click Apply Changes. Changes made are applied to the selected interfaces, and the device is updated. Restoring Queue Defaults 1. Open the Mapping Table Configuration page. 2. Click the Restore Defaults check box. 3.
Configuring the IP DSCP Table To access the DSCP Queue Mapping Table, click Quality of Service > Class of Service > Mapping Table Configuration in the tree view, and then click the DSCP Table link. Figure 11-17.
The DSCP Queue Mapping Table page contains the following fields: • DSCP In — Check to select as a criterion, and enter which DiffServ Code Point in the packet to use. This field determines to which queue the packet is sent. • Queue ID — Selects the queue to which the packet is sent. Restoring Queue Defaults 1. Open the DSCP Queue Mapping Table page. 2. Click the Restore Defaults check box. 3. Click Apply Changes. Queue values are returned to their defaults, and the device is updated.
The Interface Configuration page contains the following fields: • Interface — Selects the interface to be affected by the Interface Shaping Rate. Select Unit/Port, or LAG to be affected from the drop-down menu. Select Global to specify all interfaces. • Interface Shaping Rate — Sets the cap on how much traffic can leave a port. The specified value represents the maximum negotiated bandwidth in kilobit per second (Kbps). The range is 0 - Infinity or 64 to 4294967295 kbps.
Figure 11-19. Interface Queue Configuration The Interface Queue Configuration page contains the following fields: • Interface — Specifies the Interface (Unit/Port, LAG, or Global) that’s being configured. • Queue ID — Selects the queue to be configured from the drop-down menu. • Minimum Bandwidth — Selects a percentage of the maximum negotiated bandwidth for the port. Specify a percentage from 0 to 100, in increments of 5.
Displaying Interface Queue Settings 1. Open the Interface Queue Configuration page. 2. Click Show All. The Interface Queue Status page displays. 3. Select Unit / Port, LAG, or Global. Figure 11-20.
Auto VoIP Voice over Internet Protocol (VoIP) allows you to make telephone calls using a computer network over a data network like the Internet. With the increased prominence of delay-sensitive applications (voice, video, and other multimedia applications) deployed in networks today, proper QoS configuration will ensure high-quality application performance.
The Auto VoIP Configuration page contains the following fields: • Auto VoIP Mode — Enables or Disables Auto VoIP mode. The default is Disable. • Traffic Class —Displays the traffic class used for VoIP traffic.
Viewing the Auto VoIP Summary Table 1. Open the Auto VoIP Interface Configuration page. 2. Click Show All. The Auto VoIP Summary page opens. Figure 11-23.
12 Configuring IP Multicast Overview This chapter describes how to configure multicast features on the PowerConnect M6220/M6348/M8024. Multicast protocols are used to deliver Multicast packets from one source to multi receivers. They facilitate better bandwidth utilization, less host and router processing, making them ideal for usage in applications like video or audio conferencing, Whiteboard tools, stock distribution tickers etc.
Multicast The Multicast menu page contains links to web pages that define and display Multicast parameters and data. To display this page, click IP Multicast > Multicast in the tree view.
The Multicast Global Configuration page contains the following fields: • Admin Mode — Select Enable or Disable to set the administrative status of Multicast Forwarding in the router. The default is Disable. • Protocol State — The operational state of the multicast forwarding module. • Table Maximum Entry Count — The maximum number of entries in the IP Multicast routing table.
Configuring Multicast Forwarding Administrative Mode 1. Open the Multicast Global Configuration page. 2. Select Enable or Disable for the Admin Mode. 3. Click Apply Changes. The multicast global configuration is saved, and the device is updated.
Multicast Interface Configuration Use the Multicast Interface Configuration page to configure the TTL threshold of a multicast interface. You must configure at least one router interface before fields display on this page. To display the page, click IP Multicast > Multicast > Interface Configuration in the tree view. Figure 12-2.
Configuring a Multicast Interface using the CLI Command For information about the CLI command that performs this function, see the following chapter in the CLI Reference Guide: • Multicast Commands Multicast Mroute Summary Use the Multicast Mroute Summary page to display MRoute data. To display the page, click IP Multicast > Multicast > MRoute Summary in the tree view. Figure 12-3.
• Expiry Time (secs) — The time in seconds before this entry ages out and is removed from the table. • RPF Neighbor — The IP address of the Reverse Path Forwarding neighbor. • Protocol — The multicast routing protocol which created this entry. The possibilities are: • – PIM-DM – PIM-SM – DVMRP Flags — The value displayed in this field is valid if the multicast routing protocol running is PIM-SM. The possible values are RPT or SPT. For other protocols an "------" is displayed.
Multicast Static Routes Configuration Use the Multicast Static Routes Configuration page to configure a new static entry in the Mroute table or to modify an existing entry. To display the page, click IP Multicast > Multicast > Static Routes Configuration in the tree view. Figure 12-4.
Configuring a Static Route 1. Open the Static Routes page. 2. Select Create Static Route in the Source field to configure a new static entry, or select one of the existing entries. 3. Modify the remaining fields as needed. 4. Click Apply Changes. The new or modified static route is saved, and the device is updated.
The Multicast Static Routes Summary page displays the following fields: • Source IP — The IP Address that identifies the multicast packet source for this route. • Source Mask — The subnet mask applied to the Source IP address. • RPF Address — The IP address of the RPF neighbor. • Metric — The link state cost of the path to the multicast source. The range is 0–255. • VLANID — The number of the incoming VLAN whose IP address is used as RPF for the given source IP address.
The Multicast Admin Boundary Configuration page contains the following fields: • Group — Select Create Boundary from the drop-down menu to create a new admin scope boundary, or select one of the existing boundary specifications to display or update its configuration. • Interface — Select the router interface for which the administratively scoped boundary is to be configured. • Group IP — Enter the multicast group address for the start of the range of addresses to be excluded.
Multicast Admin Boundary Summary Use the Multicast Admin Boundary Summary page to display existing administratively scoped boundaries. To display the page, click IP Multicast > Multicast > Admin Boundary Summary in the tree view. Figure 12-7. Multicast Admin Boundary Summary The Multicast Admin Boundary Summary page displays the following fields: • Interface — The router interface to which the administratively scoped address range is applied.
Multicast Route Table Use the Multicast Route Table page is used to display MRoute data. To display the page, click IPv4 Multicast > Multicast > Multicast Route Table or IPv6 Multicast > Multicast > Multicast Route Table. Figure 12-8. Multicast Route Table The Multicast Route Table page contains the following fields: • Group IP — The destination group IP address. • Source IP — The IP address of the multicast packet source that, combined with the Group IP, identifies an multicast route table entry.
Multicast Listener Discovery Multicast Listener Discovery (MLD) protocol enables IPv6 routers to discover the presence of multicast listeners, the nodes who wish to receive the multicast data packets, on its directly-attached interfaces. The protocol specifically discovers which multicast addresses are of interest to its neighboring nodes and provides this information to the active multicast routing protocol that makes decisions on the flow of multicast data packets.
The MLD Global Configuration page contains the following field: • Admin Mode — Select Enable or Disable to set the MLD administrative status. The default is disable. Click Apply Changes to send the updated configuration to the router. Configuration changes take effect immediately. These changes will not be retained across a power cycle unless a save is performed.
• Query Max Response Time (secs) — Enter the maximum query response time to be advertised in MLDv2 queries on this interface, in ms. The default value is 10000. Valid values are 0 to 65535 milliseconds (ms). • Last Member Query Interval — Enter the maximum response time inserted into group-specific queries sent in response to leave group messages. This value is also the amount of time between groupspecific query messages. This value may be tuned to modify the leave latency of the network.
The MLD Routing Interface Summary page contains the following fields: • Interface — Select the VLAN for which data is to be displayed. Interface Parameters section: • Global Admin Mode — Displays whether MLD has been globally enabled or disabled. • Interface Mode — Displays whether the administrative status of MLD on the selected interface is enabled or disabled. • Operational Mode — Displays the operational state of MLD on the selected interface, regardless of the administrative setting.
• Wrong Version Queries Received — The number of queries that have been received on the selected interface with an MLD version that does not match the MLD version configured for the interface, over the lifetime of the entry. MLD requires that all routers on a LAN be configured to run the same version of MLD. Therefore, a configuration error is indicated if any queries are received with the wrong version number.
• Last Reporter — The IP Address of the source of the last membership report received for this IP Multicast group address on the selected interface. • Up Time — The time elapsed in hours:minutes:seconds since this entry was created. • Expiry Time — The cache timer value which indicates the remaining lifetime in hours:minutes:seconds for each entry.
The MLD Routing Interface Source List Information page contains the following fields: • Multicast Group IP — Select the IP multicast group address for which data is to be displayed. Only if group membership reports have been received on the selected interface can you make this selection, and the data on this page displays. • Interface — Select the MLD routing interface for which data is displayed.
The MLD Traffic page contains the following fields: • Valid MLD Packets Received — The total number of valid MLD packets received by the router. • Valid MLD Packets Sent — The total number of valid MLD packets sent from the router • Querier Received — The total number of MLD packets sent as the MLD querier. • Querier Sent — The total number of MLD packets sent as the MLD querier. • Reports Received — The total number of MLD reports received.
The MLD Proxy Interface Configuration page contains the following fields: • Interface — Select the interface for which data is to be displayed or configured from the menu. You must have configured at least one router interface before configuring or displaying data for an MLD Proxy interface and it should not be a MLD routing interface. • Interface Mode — Select enable or disable from the menu to set the administrative status of MLD Proxy on the selected interface. The default is disable.
MLD Proxy Configuration Summary Use the MLD Proxy Configuration Summary page to view configuration and statistics on MLD proxyenabled interfaces. To display this page, click IPv6 Multicast > MLD > Proxy Interface > Configuration Summary in the navigation tree. Figure 12-16. MLD Proxy Configuration Summary The MLD Proxy Configuration Summary page contains the following fields: • Interface — Select the interface on which MLD proxy is enabled and for which data is to be displayed.
• Version — The version of MLD configured on the MLD Proxy interface. • Unsolicited Report Interval — The Unsolicited Report Interval in seconds is the time between repetitions of a host's initial report of membership in a group. • Version 1 Querier Timeout — The older MLD version 1 querier timeout value in hours:minutes:seconds. The Older Version Querier Interval is the time-out for transitioning a host back to MLD mode once an older version query is heard.
The Interface Membership Information page contains the following fields: • Interface — Displays the interface on which MLD proxy is enabled. • Multicast Group IP — Select the IP multicast group address for which data is to be displayed. If no group membership reports have been received on the selected interface you will not be able to make this selection, and none of the non-configurable data will be displayed.
Interface Membership Information—Detailed The Interface Membership Information—Detailed page provides additional information on the IP multicast groups for which the MLD proxy interface has received membership reports. To display this page, click IPv6 Multicast > MLD > Proxy Interface > Interface Membership Info Detailed in the navigation tree. Figure 12-18.
Distance Vector Multicast Routing Protocol Distance Vector Multicast Routing Protocol (DVMRP) exchanges probe packets with all its DVMRP enabled routers, it establishes two way neighboring relationships, and it builds a neighbor table. It exchanges report packets and creates a unicast topology table, with which it builds the multicast routing table. This table is used to route the multicast packets. Since every DVMRP router uses the same unicast routing protocol, routing loops are avoided.
DVMRP Global Configuration Use the DVMRP Global Configuration page to configure global DVMRP settings. To display the page, click IP Multicast > DVMRP > Global Configuration in the tree view. Figure 12-19. DVMRP Global Configuration The DVMRP Global Configuration page contains the following fields: • Admin Mode — Select Enable or Disable from the drop-down menu. This sets the administrative status of DVMRP to active or inactive. The default is Disable.
Configuring DVMRP using the CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • DVMRP Commands DVMRP Interface Configuration Use the DVMRP Interface Configuration page to configure a DVMRP interface. You must configure at least one router interface before you configure a DVMRP interface. Otherwise you see a message telling you that no router interfaces are available, and the configuration screen is not displayed.
Configuring a DVMRP Interface 1. Open the DVMRP Interface Configuration page. 2. Select the interface to configure from the Interface field. 3. Modify the remaining fields as needed. 4. Click Apply Changes. The interface configuration is saved, and the device is updated.
Figure 12-21. DVMRP Configuration Summary The DVMRP Configuration Summary page contains the following fields: • Interface — Select the interface for which data is to be displayed. You must configure at least one router interface before you can display data for a DVMRP interface. Interface Parameters • Interface Mode — Displays the administrative mode of the selected DVMRP routing interface, either Enable or Disable.
• Received Bad Routes — The number of invalid routes received on the selected interface. • Sent Routes — The number of routes sent on the selected interface. Neighbor Parameters • Neighbor IP — The IP address of the neighbor whose information is displayed. • State — The state of the specified neighbor router on the selected interface, either active or down. • Neighbor Uptime — The DVMRP uptime for the specified neighbor on the selected interface.
Next Hop Summary Use the Next Hop Summary page to display or print the next hop summary by Source IP. To display the page, click IP Multicast > DVMRP > Next Hop Summary in the tree view. Figure 12-22. Next Hop Summary The Next Hop Summary page displays the following fields: • Source IP — Displays the IP address used with the source mask to identify the source network for this table entry. • Source Mask — Displays the network mask used with the source IP address.
Prune Summary Use the Prune Summary page to display or print the prune summary by Group IP. To display the page, click IP Multicast > DVMRP > Prune Summary in the tree view. Figure 12-23. Prune Summary The Prune Summary page displays the following fields: • Group IP — The group address which has been pruned. • Source IP — The address of the source or source network which has been pruned.
Route Summary Use the Route Summary page to display or print the DVMRP route summary. To display the page, click IP Multicast > DVMRP > Route Summary in the tree view. Figure 12-24. Route Summary The Route Summary page displays the following fields: • Source Address - The network address that is combined with the source mask to identify the sources for this entry. • Source Mask — The subnet mask to be combined with the source address to identify the sources for this entry.
Displaying the DVMRP Route Summary using the CLI Command For information about the CLI command that performs this function, see the following chapter in the CLI Reference Guide: • DVMRP Commands Internet Group Management Protocol The Internet Group Management Protocol (IGMP) is used by IPv4 systems (hosts and routers) to report their IP multicast group memberships to any neighboring multicast routers.
IGMP Global Configuration Use the IGMP Global Configuration page to set IGMP on the system to active or inactive. To display the page, click IP Multicast > IGMP > Global Configuration in the tree view. Figure 12-25. IGMP Global Configuration The IGMP Global Configuration page contains the following field: • Admin Mode — Select Enable or Disable from the drop-down menu to set the administrative status of IGMP in the router to active or inactive. The default is Disable. Setting the IGMP Mode 1.
Routing Interface The Routing Interface menu page contains links to web pages that configure and display IGMP routing parameters and data. To display this page, click IP Multicast > IGMP > Routing Interface in the tree view.
The IGMP Interface Configuration page contains the following fields: • Interface — Select the interface for which data is to be displayed or configured from the drop-down menu. • Interface Mode — Select Enable or Disable from the drop-down menu to set the administrative status of IGMP on the selected interface. The default is Disable. • Version — Enter the version of IGMP you want to configure on the selected interface. Valid values are 1 to 3, and the default value is 3.
IGMP Configuration Summary Use the IGMP Configuration Summary page to display IGMP routing parameters and data. You must configure at least one IGMP router interface to access this page. To display the page, click IP Multicast > IGMP > Routing Interface > Configuration Summary in the tree view. Figure 12-27. IGMP Configuration Summary The IGMP Configuration Summary page displays the following fields: 690 • Interface — Select the interface for which data is to be displayed.
• Version — The version of IGMP configured on the selected interface. • Query Interval (secs) — The frequency at which IGMP host-query packets are transmitted on the selected interface. • Query Max Response Time (1/10 of a second) — The maximum query response time advertised in IGMPv2 queries sent from the selected interface. • Robustness — The robustness parameter for the selected interface. This variable allows tuning for the expected packet loss on a subnet.
IGMP Cache Information Use the IGMP Cache Information page to display cache parameters and data for an IP multicast group address. You must configure at least one IGMP router interface to access this page. Also, group membership reports must have been received on the selected interface for data to display here. To display the page, click IP Multicast > IGMP > Routing Interface > Cache Information in the tree view. Figure 12-28.
• Version 1 Host Timer — The time remaining until the local router assumes that there are no longer any IGMP version 1 members on the IP subnet attached to this interface. When an IGMPv1 membership report is received, this timer is reset to the group membership timer. While this timer is non-zero, the local router ignores any IGMPv2 leave messages for this group that it receives on the selected interface. This field is displayed only if the interface is configured for IGMP version 1.
IGMP Interface Detailed Membership Info Use the IGMP Interface Detailed Membership Info page to display detailed membership information for an interface. You must configure at least one IGMP router interface to access this page. Also, group membership reports must have been received on the selected interface for data to display here. To display the page, click IP Multicast > IGMP > Routing Interface > IGMP Interface Detailed Membership Info in the tree view. Figure 12-29.
• Source Hosts — The source addresses which are members of this multicast address. • Expiry Time — The expiry time interval against each source address which are members of this multicast group. This is the amount of time after which the specified source entry is aged out. Displaying IGMP Interface Detailed Membership 1. Open the IGMP Interface Detailed Membership Info page. 2. Select the interface to display from the Interface drop-down menu. 3. Select the desired Multicast Group IP.
Figure 12-30. IGMP Proxy Interface Configuration The IGMP Proxy Interface Configuration page contains the following fields: • Interface — Select the port for which data is to be displayed or configured from the drop-down menu. You must have configured at least one router interface before configuring or displaying data for an IGMP Proxy interface and it should not be a IGMP routing interface. This field is configurable only when interface mode is disabled.
IGMP Proxy Configuration Summary Use the IGMP Proxy Configuration Summary page to display proxy interface configurations by interface. You must have configured at least one router interface configured before data displays on this page. To display the page, click IP Multicast > IGMP > Proxy Interface > Configuration Summary in the tree view. Figure 12-31.
• Unsolicited Report Interval — The Unsolicited Report Interval is the time between repetitions of a host's initial report of membership in a group. Default: 1 second. • Version 1 Querier Timeout — The older IGMP version 1 querier timeout value in seconds. The Older Version Querier Interval is the time-out for transitioning a host back to IGMPv3 mode once an older version query is heard.
The IGMP Proxy Interface Membership Info page displays the following fields: • Interface — Displays the interface on which IGMP proxy is enabled. • Multicast Group IP — Select the IP multicast group address for which data is to be displayed. If no group membership reports have been received on the selected interface you cannot make this selection, and none of the following data displays.
IGMP Proxy Interface Membership Info Detailed Use the IGMP Proxy Interface Membership Info Detailed page to display detailed interface membership data. You must have configured at least one router interface before you can display detailed interface membership information, and it should not be an IGMP routing interface. Also, if no group membership reports have been received on the selected interface you cannot display data.
Displaying Detailed IGMP Proxy Interface Membership Info 1. Open the IGMP Proxy Interface Membership Info Detailed page. 2. Select the interface to display from the Interface drop-down menu. 3. Select the desired Multicast Group IP. Detailed membership data for this interface and multicast group IP displays.
PIM-DM Global Configuration Use the PIM-DM Global Configuration page to configure the administrative status of PIM-DM or PIM-SM on the switch. To display the page, click IPv4 Multicast > PIM > Global Configuration or IPv6 Multicast > PIM > Global Configuration in the navigation tree. Figure 12-34. PIM Global Configuration The PIM Global Configuration page contains the following fields: • PIM Protocol — Select PIM-DM or PIM-SM. Only one PIM protocol can be enabled on the switch at a time.
Configuring PIM-DM using the CLI Command For information about the CLI command that performs this function, see the following chapter in the CLI Reference Guide: • PIM-DM Commands PIM-DM Global Status Use the PIM-DM Global Status page to view the administrative status of PIM-DM or PIM-SM on the switch. To display the page, click IPv4 Multicast > PIM-DM > Global Status or IPv6 Multicast > PIM > Global Status in the tree view. Figure 12-35.
PIM-DM Interface Configuration Use the PIM-DM Interface Configuration page to configure specific interfaces with PIM. To display the page, click IPv4 Multicast > PIM > Interface Configuration or IPv6 Multicast > PIM > Interface Configuration in the tree view. Figure 12-36. PIM Interface Configuration The PIM Interface Configuration page contains the following fields: 704 • Interface — Select the interface for which data is to be displayed or configured.
Configuring PIM-DM for an Interface 1. Open the PIM-DM Interface Configuration page. 2. Select the interface to configure from the Interface field. 3. Modify the remaining fields as needed. 4. Click Apply Changes. The interface configuration is saved, and the device is updated.
The PIM Interface Summary page contains the following fields: • Interface — Select the interface for which data is to be displayed. There must be configured at least one router interface before displaying data for a PIM interface, otherwise an error message displays. Interface Parameters fields are: • Admin Mode — Displays the administrative status of PIM for the selected interface. • Protocol State — The operational state of the PIM protocol on this interface.
Candidate RP Configuration The Candidate RP is configured on the Add Candidate RP page. Use the Candidate RP Configuration page to display and delete the configured rendezvous points (RPs) for each port using PIM. To access the page, click IPv4 Multicast > PIM > Candidate RP Configuration or IPv6 Multicast > PIM > Candidate RP Configuration. Figure 12-38.
Configuring the Candidate RP using the CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • PIM Commands Adding a Candidate RP Use the Add Candidate RP page to add PIM Candidate rendezvous points (RPs) for each IP multicast group. 1. Open the Candidate RP Configuration page. 2. Click Add. The Add Candidate RP page displays. Figure 12-39. Add Candidate RP 3.
Static RP Configuration Use the PIM Static RP Configuration page to display or remove the configured RP. The page also allows adding new static RPs by clicking the Add button. To access the page, click IPv4 Multicast > PIM > Static RP Configuration or IPv6 Multicast > PIM > Static RP Configuration. Figure 12-40. Static RP Configuration The Static RP Configuration page contains the following fields: • RP Address — Select the slot and port for which data is to be displayed. Slot 0 is the base unit.
Adding a Static RP Use the Add Static RP page to add the specified static rendezvous point (RP) for the PIM router. 1. Open the Static RP Configuration page. 2. Click Add. The Add Static RP page displays. Figure 12-41. Add Static RP 3. Enter the IP address of the RP for the group range. 4. Enter the group address of the RP. 5. Enter the group mask of the RP. 6. Check the Override option to configure the static RP to override the dynamic (candidate) RPs learned for same group ranges. 7.
SSM Range Configuration Use this page to display or remove the the Source Specific Multicast (SSM) group IP address and group mask for the PIM router. To display the page, click IPv4 Multicast > PIM > SSM Range Configuration or IPv6 Multicast > PIM > SSM Candidate Configuration. Figure 12-42. SSM Range Configuration The SSM Range Configuration page contains the following fields: • SSM Group Address — Displays the Source-Specific Multicast (SSM) group IP address.
Adding an SSM Range Use the Add SSM Range page to add the Source-Specific Multicast (SSM) Group IP Address and Group Mask (IPv4) or Prefix Length (IPv6) for the PIM router. 1. Open the SSM Range Configuration page. 2. Click Add. The Add SSM Range page displays. Figure 12-43. Add SSM Range 3. Click the Add Default SSM Range check box to add the default SSM Range. The default SSM Range is ff3x::/32. 4. Enter the SSM Group IP Address. 5. Enter the SSM Group Mask (IPv4) or SSM Prefix Length (IPv6). 6.
BSR Candidate Configuration Use this page to configure information to be used if the interface is selected as a bootstrap router. To display the page, click IPv4 Multicast > PIM > BSR Candidate Configuration or IPv6 Multicast > PIM > BSR Candidate Configuration. Figure 12-44. BSR Candidate Configuration The BSR Candidate Configuration page contains the following fields: • Interface — Select the interface for which data is to be displayed.
BSR Candidate Summary Use this page to display information about the configured BSR candidates. To display this page, click IPv4 Multicast > PIM > BSR Candidate Summary or IPv6 Multicast > PIM > BSR Candidate Summary. Figure 12-45. BSR Candidate Summary The BSR Candidate Summary page contains the following fields: • BSR Address — Displays the IP address of the elected bootstrap router (BSR). • BSR Priority — Displays the priority value of the elected BSR.
sends the data down the shared tree to the receivers. Shared trees centered on a RP do not necessarily provide the shortest/optimal path. In such cases, PIM-SM provides a means to switch to more efficient source-specific trees. The PIM-SM menu page contains links to web pages that define and display PIM-SM parameters and data. To display this page, click IP Multicast > PIM-SM in the tree view.
Figure 12-46. PIM-SM Global Configuration The PIM-SM Global Configuration page contains the following fields: • Admin Mode — Select Enable or Disable from the drop-down menu to set the administrative status of PIM-SM on the system. You must enable IGMP before enabling PIM-SM. The default is Disable. • Join/Prune Interval (secs) — Enter the interval between the transmission of PIM-SM Join/Prune messages. The valid values are from 10 to 3600 secs. The default value is 60.
The interface configuration is saved, and the device is updated.
PIM-SM Global Status Use the PIM-SM Global Status page to display the global settings selected on the PIM-SM Global Configuration page. To display the page, click Multicast > PIM-SM > Global Status in the tree view. Figure 12-47. PIM-SM Global Status The PIM-SM Global Status page displays the following fields: • Admin Mode — The administrative status of PIM-SM in the router: either Enable or Disable. • Join/Prune Interval (secs) — The interval between the transmission of PIM-SM Join/Prune messages.
PIM-SM Interface Configuration Use the PIM-SM Interface Configuration page to configure PIM-SM for an interface. PIM-SM must be enabled on the PIM-SM Global Configuration page for this interface configuration page to display. To display the page, click Multicast > PIM-SM > Interface Configuration in the tree view. Figure 12-48.
• CBSR Hash Mask Length — Enter the CBSR hash mask length to be advertised in bootstrap messages if this interface is elected as the bootstrap router. This hash mask length is used in the hash algorithm for selecting the RP for a particular group. The valid values are from 0 to 32. The default value is 30. • CRP Preference — Enter the preference value for the local interface as a candidate bootstrap router. The value of -1 is used to indicate that the local interface is not a candidate BSR interface.
PIM-SM Interface Summary Use the PIM-SM Interface Summary page to display a PIM-SM interface and its settings. At least one interface on this router must be set up as PIM-SM for this page to display. To display the page, click Multicast > PIM-SM > Interface Summary in the tree view. Figure 12-49. PIM-SM Interface Summary The PIM-SM Interface Summary page displays the following fields: • Interface — Select the interface for which data is to be displayed.
• CBSR Preference — The preference value for the local interface as a candidate bootstrap router. The value of -1 is used to indicate that the local interface is not a candidate BSR interface. • CBSR Hash Mask Length — The CBSR hash mask length to be advertised in bootstrap messages if this interface is elected as the bootstrap router. This hash mask length is used in the hash algorithm for selecting the RP for a particular group.
Component Summary Use the Component Summary page to display PIM-SM component data. To display the page, click Multicast > PIM-SM > Component Summary in the tree view. Figure 12-50. Component Summary The Component Summary page displays the following fields: • Component Index — Unique number identifying the component index. • Component BSR Address — The IP address of the bootstrap router (BSR) for the local PIM region.
RP Set Summary Use the PIM-SM RP Set Summary page to display the static RP information for the PIM-SM router. To display the page, click Multicast > PIM-SM > RP Set Summary in the tree view. Figure 12-51. PIM-SM RP Set Summary The PIM-SM RP Set Summary page displays the following fields in a table: • Group Address — Displays IP multicast group address. • Group Mask — Displays Multicast group address mask. • Address — Displays IP address of the Candidate-RP.
Candidate RP Summary Use the PIM-SM Candidate RP Summary page to display PIM information for candidate Rendezvous Points (RPs) for each IP multicast group. To display the page, click Multicast > PIM-SM > Candidate RP Summary in the tree view. Figure 12-52. PIM-SM Candidate RP Summary The PIM-SM Candidate RP Summary page displays the following fields in a table: • Group Address — The group address transmitted in Candidate-RP-Advertisements.
Static RP Configuration Use the Static RP Configuration page to create the specified static RP IP Address for the PIM-SM router. To display the page, click Multicast > PIM-SM > Static RP Configuration in the tree view. Figure 12-53. Static RP Configuration The Static RP Configuration page contains the following fields: • IP Address — IP Address of the RP to be created. • Group — Group Address of the RP to be created. • Group Mask — Group IP Mask of the RP to be created.
Configuring Static RP using the CLI Command For information about the CLI command that performs this function, see the following chapter in the CLI Reference Guide: • PIM-SM Commands Configuring IP Multicast 727
728 Configuring IP Multicast
13 Getting Help This section contains information about getting help for questions about the Dell™ PowerConnect™ M6220/M6348/M8024.
Obtaining Assistance If you experience a problem with your computer, you can complete the following steps to diagnose and troubleshoot the problem: 1. Fill out the "Diagnostics Checklist" on page 733. 2. Use Dell's extensive suite of online services available at Dell Support (support.dell.com) for help with installation and troubleshooting procedures. See "Online Services" on page 730 for a more extensive list of Dell Support online. 3.
• Dell Support e-mail addresses mobile_support@us.dell.com support@us.dell.com la-techsupport@dell.com (Latin America and Caribbean countries only) apsupport@dell.com (Asian/Pacific countries only) • Dell Marketing and Sales e-mail addresses apmarketing@dell.com (Asian/Pacific countries only) sales_canada@dell.com (Canada only) • Anonymous file transfer protocol (FTP) ftp.dell.com Log in as user: anonymous, and use your e-mail address as your password.
Product Information If you need information about additional products available from Dell, or if you would like to place an order, visit the Dell website at www.dell.com. For the telephone number to call for your region or to speak to a sales specialist, see "Contacting Dell" on page 734. Returning Items for Warranty Repair or Credit Prepare all items being returned, whether for repair or credit, as follows: 1.
Diagnostics Checklist Name: Date: Address: Phone number: Service Tag (bar code on the back or bottom of the computer): Express Service Code: Return Material Authorization Number (if provided by Dell support technician): Operating system and version: Devices: Expansion cards: Are you connected to a network? Yes No Network, version, and network adapter: Programs and versions: See your operating system documentation to determine the contents of the system’s start-up files.
Contacting Dell For customers in the United States, call 800-WWW.DELL (800.999.3355). Note: If you do not have an active Internet connection, you can find contact information on your purchase invoice, packing slip, bill, or Dell product catalog. Dell provides several online and telephone-based support and service options. Availability varies by country and product, and some services may not be available in your area. To contact Dell for sales, technical support, or customer service issues: 1.
Getting Help 735
