ECS4310-26T 26-Port Gigabit Smart Switch Ma nage me nt Gu ide www.edge-core.
M ANAGEMENT G UIDE ECS4310-26T GIGABIT SMART SWITCH with 24 10/100/1000BASE-T (RJ-45) Ports, and 2 Gigabit SFP Slots ECS4310-26T E072010-CS-R01 149100000083A
ABOUT THIS GUIDE PURPOSE This guide gives specific information on how to operate and use the management functions of the switch. AUDIENCE The guide is intended for use by network administrators who are responsible for operating and maintaining network equipment; consequently, it assumes a basic working knowledge of general switch functions, the Internet Protocol (IP), and Simple Network Management Protocol (SNMP).
ABOUT THIS GUIDE – 6 –
CONTENTS SECTION I ABOUT THIS GUIDE 5 CONTENTS 7 FIGURES 11 TABLES 13 GETTING STARTED 15 1 INTRODUCTION 17 Key Features 17 Description of Software Features 18 Configuration Backup and Restore 18 Authentication 18 Port Configuration 18 Rate Limiting 18 Port Mirroring 18 Port Trunking 19 Storm Control 19 Static Addresses 19 IEEE 802.
CONTENTS SECTION II Changing a PC’s IP Address 27 WEB CONFIGURATION 29 3 USING THE WEB INTERFACE 31 Connecting to the Web Interface 31 Navigating the Web Browser Interface 32 Home Page 32 Configuration Options 32 Panel Display 33 Main Menu 33 4 SYSTEM SETTINGS 37 Displaying System Information 37 Setting a User Account 39 Setting an IP Address 40 Setting an IPv4 Address 40 Setting an IPv6 Address 41 5 PORT SETTINGS 45 6 LINK AGGREGATION 49 General Link Aggregation Guidelin
CONTENTS Multicast Entry Table 66 IGMP Snooping Setting 67 IGMP Global Setting 67 IGMP VLAN Setting 69 10 SPANNING TREE 71 Configuring the Spanning Tree Protocol 71 Configuring STP Global Settings 72 Configuring STP Port Settings 75 11 QUALITY OF SERVICE 79 QoS Introduction 79 Port-Based Priority 80 DSCP-Based Priority 81 Priority-to-Queue Mapping 82 Packet Scheduling 84 12 LINK LAYER DISCOVERY PROTOCOL 87 Configuring LLDP 87 LLDP Neighbors 89 13 SNMP SETTINGS 91 Simple
CONTENTS 802.1X Global Settings 110 802.
FIGURES Figure 1: Login Page 24 Figure 2: Web Interface Home Page 24 Figure 3: IP Settings Page 25 Figure 4: User Accounts Page 26 Figure 5: Home Page 32 Figure 6: Front Panel Indicators 33 Figure 7: System Information 38 Figure 8: System Password 39 Figure 9: IPv4 Address Configuration 41 Figure 10: IPv6 Address Configuration 43 Figure 11: Port Configuration 47 Figure 12: Trunk Group Setting 51 Figure 13: Trunk Distribution Algorithm Setting 53 Figure 14: LACP Port Configuration
FIGURES Figure 32: Port Mirroring 96 Figure 33: Port Security 98 Figure 34: Bandwidth Control 100 Figure 35: Jumbo Frame Setting 101 Figure 36: Management Access Filter 104 Figure 37: MAC Address Forwarding Table 106 Figure 38: Static MAC Setting 107 Figure 39: MAC Address Filtering 108 Figure 40: 802.1X Setting 111 Figure 41: 802.
TABLES Table 1: Key Features 17 Table 2: System Defaults 21 Table 3: Web Page Configuration Buttons 32 Table 4: Main Menu 33 Table 5: Recommended STP Path Cost Range 75 Table 6: Recommended STP Path Costs 75 Table 7: Default STP Path Costs 76 Table 8: Default Mapping of CoS Values to Egress Queues 82 Table 9: CoS Priority Levels 83 Table 10: LLDP System Capabilities Table 11: Troubleshooting Chart – 13 – 89 131
TABLES – 14 –
SECTION I GETTING STARTED This section provides an overview of the switch, and introduces some basic concepts about network switches. It also describes the basic settings required to access the management interface.
SECTION | Getting Started – 16 –
1 INTRODUCTION This switch provides a broad range of features for Layer 2 switching. It includes a management agent that allows you to configure the features listed in this manual. The default configuration can be used for most of the features provided by this switch. However, there are many options that you should configure to maximize the switch’s performance for your particular network environment.
CHAPTER 1 | Introduction Description of Software Features DESCRIPTION OF SOFTWARE FEATURES The switch provides a wide range of advanced performance enhancing features. Flow control eliminates the loss of packets due to bottlenecks caused by port saturation. Storm suppression prevents broadcast, multicast, and unknown unicast traffic storms from engulfing the network. Untagged (port-based) and tagged VLANs provide traffic security and efficient use of network bandwidth.
CHAPTER 1 | Introduction Description of Software Features PORT TRUNKING Ports can be combined into an aggregate connection. Trunks can be manually set up or dynamically configured using Link Aggregation Control Protocol (LACP – IEEE 802.3-2005). The additional ports dramatically increase the throughput across any connection, and provide redundancy by taking over the load if a port in the trunk should fail. The switch supports up to 8 trunks.
CHAPTER 1 | Introduction Description of Software Features ◆ Rapid Spanning Tree Protocol (RSTP, IEEE 802.1w) – This protocol reduces the convergence time for network topology changes to about 3 to 5 seconds, compared to 30 seconds or more for the older IEEE 802.1D STP standard.
CHAPTER 1 | Introduction System Defaults SYSTEM DEFAULTS The following table lists some of the basic system defaults. Table 2: System Defaults Function Parameter Default Authentication User Name admin Password admin 802.
CHAPTER 1 | Introduction System Defaults – 22 –
2 INITIAL SWITCH CONFIGURATION This chapter includes information on connecting to the switch and basic configuration procedures. The switch includes a built-in network management agent. The agent offers a web-based management interface, and it also supports management through SNMP (Simple Network Management Protocol). The switch’s web management interface allows you to configure switch parameters, monitor port connections, and display statistics using a standard web browser such as Internet Explorer 5.
CHAPTER 2 | Initial Switch Configuration Connecting to the Switch you are unfamiliar with this process, see “Changing a PC’s IP Address” on page 27. 4. Open your web browser and enter the address http://192.168.1.1. If your PC is properly configured, you will see the login page of your switch. If you do not see the login page, repeat step 3. Figure 1: Login Page 5. Enter the default user name “admin” and password “admin,” then click the OK button to access the web interface home page.
CHAPTER 2 | Initial Switch Configuration Connecting to the Switch 6. From the menu, click on System, then IP Settings. On the IP Address Setting page, enter the new IP address, Subnet Mask and Gateway IP Address for the switch, then click on the Apply button. NOTE: The switch also supports dynamic IPv4 address assignment through DHCP (Dynamic Host Configuration Protocol). The switch sends IPv4 configuration requests to DHCP servers on the network. NOTE: The switch also supports IPv6 addressing.
CHAPTER 2 | Initial Switch Configuration Connecting to the Switch Figure 4: User Accounts Page 2. In the New Username field, define an administrator user name. 3. In the New Password field, define an administrator password. 4. Confirm the new password setting in the Retype Password field. 5. Click the Apply button.
CHAPTER 2 | Initial Switch Configuration Changing a PC’s IP Address CHANGING A PC’S IP ADDRESS To change the IP address of a Windows 2000 PC: 1. Click Start, Settings, then Network and Dial-up Connections. 2. For the IP address you want to change, right-click the network connection icon, and then click Properties. 3. In the list of components used by this connection on General tab, select Internet Protocol (TCP/IP), and then click the Properties button. 4.
CHAPTER 2 | Initial Switch Configuration Changing a PC’s IP Address – 28 –
SECTION II WEB CONFIGURATION This section describes the basic switch features, along with a detailed description of how to configure each feature via a web browser.
SECTION | Web Configuration ◆ "General Security Settings" on page 113 ◆ "Port Statistics" on page 119 ◆ "Management Tools" on page 121 – 30 –
3 USING THE WEB INTERFACE The switch provides an embedded HTTP web agent. Using a web browser you can configure the switch and view statistics to monitor network activity. The web agent can be accessed by any computer on the network using a standard web browser (Internet Explorer 5.0, Netscape 6.2, Mozilla Firefox 2.0, or more recent versions). CONNECTING TO THE WEB INTERFACE Prior to accessing the switch from a web browser, be sure you have first performed the following tasks: 1.
CHAPTER 3 | Using the Web Interface Navigating the Web Browser Interface NAVIGATING THE WEB BROWSER INTERFACE To access the web-browser interface you must first enter a user name and password. By default, the user name is “admin” and password “admin.” HOME PAGE When your web browser connects with the switch’s web agent, the home page is displayed as shown below. The home page displays the Main Menu on the left side of the screen and an image of the front panel on the right side.
CHAPTER 3 | Using the Web Interface Navigating the Web Browser Interface NOTE: To ensure proper screen refresh, be sure that Internet Explorer is configured so that the setting “Check for newer versions of stored pages” reads “Every visit to the page.” Internet Explorer 6.x and earlier: This option is available under the menu “Tools / Internet Options / General / Temporary Internet Files / Settings.” Internet Explorer 7.
CHAPTER 3 | Using the Web Interface Navigating the Web Browser Interface Table 4: Main Menu Menu Description Page S-VLAN Table Sets QinQ settings for the switch 62 S-VLAN Setting Sets QinQ settings for ports 63 Multicast Entry Table Displays multicast groups to be filtered for VLANs 66 IGMP Snooping Setting Configures global and port settings for multicast filtering 67 VLAN Stacking IGMP Snooping Spanning Tree STP Global Setting Configures global bridge settings for RSTP 72 STP Port Sett
CHAPTER 3 | Using the Web Interface Navigating the Web Browser Interface Table 4: Main Menu Menu Description Page Port Isolation Limits traffic to and from specified ports 116 Defence Engine Provides protection from traffic storms 117 Shows detailed Ethernet port statistics 119 HTTP Upgrade Updates software on the switch, and saves/restores configuration settings from a file on the management station 121 Reset Restarts the switch and restores factory default settings 122 Reboot Restarts t
CHAPTER 3 | Using the Web Interface Navigating the Web Browser Interface – 36 –
4 SYSTEM SETTINGS This chapter describes some basic system settings on the switch. It includes the following sections: ◆ “Displaying System Information” on page 37 ◆ “Setting a User Account” on page 39 ◆ “Setting an IP Address” on page 40 DISPLAYING SYSTEM INFORMATION The System>Information page displays some basic settings for the switch, including MAC address, IPv4 and IPv6 settings, and software version information.
CHAPTER 4 | System Settings Displaying System Information WEB INTERFACE To view System Information in the web interface, click System, then Information.
CHAPTER 4 | System Settings Setting a User Account SETTING A USER ACCOUNT The administrator has read/write access for all parameters governing the onboard agent. You should therefore assign a new administrator user name and password as soon as possible, and store them in a safe place. The default administrator user name is “admin” and password is “admin.” User names can consist of up to 16 alphanumeric characters, and passwords can be up to 8 characters. Both user names and passwords are case sensitive.
CHAPTER 4 | System Settings Setting an IP Address SETTING AN IP ADDRESS This section describes how to configure an IP interface for management access to the switch over the network. This switch supports both IP Version 4 and Version 6, and can be managed simultaneously through either of these address types. You can manually configure a specific IPv4 or IPv6 address, or direct the switch to obtain an IPv4 address from a DHCP server when it is powered on.
CHAPTER 4 | System Settings Setting an IP Address WEB INTERFACE To configure static IPv4 address settings: 1. Click System, then IP Setting. 2. Set the Mode to “Static IP.” 3. Specify the IPv4 address, subnet mask, and gateway address. 4. Click Apply. Figure 9: IPv4 Address Configuration SETTING AN IPV6 This section describes how to configure an IPv6 interface for management ADDRESS access over the network. IPv6 includes two distinct address types; link-local unicast and global unicast.
CHAPTER 4 | System Settings Setting an IP Address interface identifier (i.e., the physical MAC address). You can manually configure a link-local address by entering the full address with the network prefix FE80. ◆ To connect to a larger network with multiple subnets, you must configure a global unicast address.
CHAPTER 4 | System Settings Setting an IP Address WEB INTERFACE To configure IPv6 & Time in the web interface: 1. Click Configuration, System, IPv6 & Time. 2. Specify the IPv6 settings, and indicate the local time zone by configuring the appropriate offset. The information shown below provides a example of how to manually configure an IPv6 address. 3. Click Save.
CHAPTER 4 | System Settings Setting an IP Address – 44 –
5 PORT SETTINGS The Port Configuration page includes configuration options for enabling auto-negotiation or manually setting the speed and duplex mode, or enabling flow control. PARAMETERS The following parameters are displayed on the Port Configuration page: ◆ Port – Selects one or more ports or trunks to configure. Hold down the Ctrl key and click port numbers to selelct multiple ports. Hold down the Shift key to select a range of ports. ◆ State – Sets the link state of port interfaces.
CHAPTER 5 | Port Settings NOTE: Avoid using flow control on a port connected to a hub unless it is actually required to solve a problem. Otherwise back pressure jamming signals may degrade overall performance for the segment attached to the hub. Current Port Status ◆ Port – The number of the port or trunk interface. ◆ State – Indicates if the port is enabled or disabled. ◆ Speed/Duplex – Displays the following: ■ ■ ◆ Config – The configured speed/duplex mode of the port.
CHAPTER 5 | Port Settings Figure 11: Port Configuration – 47 –
CHAPTER 5 | Port Settings – 48 –
6 LINK AGGREGATION You can create multiple links between devices that work as one virtual, aggregate link. A port trunk offers a dramatic increase in bandwidth for network segments where bottlenecks exist, as well as providing a faulttolerant link between two switches.
CHAPTER 6 | Link Aggregation Creating Trunk Groups ◆ When configuring static trunks on switches of different types, they must be compatible with the Cisco EtherChannel standard. ◆ The ports at both ends of a trunk must be configured in an identical manner, including communication mode (that is, speed, duplex mode and flow control), VLAN assignments, and CoS settings. ◆ Any of the ports on the front panel can be trunked together, including ports of different media types.
CHAPTER 6 | Link Aggregation Creating Trunk Groups Current Configured Trunk Groups ◆ Group ID – Displays the trunk identifier. ◆ Type – Displays the trunk type; Static or LACP. ◆ Ports – Configured port members in the trunk. ◆ LACP Active/Passive – Configured port members in an LACP trunk. ◆ Aggregated Ports – Indicates ports in a trunk that are members of an active link. ◆ Select – Selects a configured trunk to be deleted. WEB INTERFACE To configure a trunk group: 1.
CHAPTER 6 | Link Aggregation Configuring Trunk Settings CONFIGURING TRUNK SETTINGS When incoming data frames are forwarded through the switch to a trunk, the switch must determine to which port link in the trunk an outgoing frame should be sent. To maintain the frame sequence of various traffic flows between devices in the network, the switch also needs to ensure that frames in each “conversation” are mapped to the same trunk link.
CHAPTER 6 | Link Aggregation Configuring Trunk Settings ■ Dest. IP – All traffic with the same source and destination IP address is output on the same link in a trunk. This mode works best for switch-to-router trunk links where traffic through the switch is destined for many different hosts. Do not use this mode for switchto-server trunk links where the destination IP address is the same for all traffic. WEB INTERFACE To configure a trunk’s load-balancing settings: 1.
CHAPTER 6 | Link Aggregation Configuring LACP CONFIGURING LACP Use the LACP Settings page to enable LACP on the switch and configure the system priority. USAGE GUIDELINES ◆ To avoid creating a loop in the network, be sure you enable LACP before connecting the ports, and also disconnect the ports before disabling LACP. ◆ If the target switch has also enabled LACP on the connected ports, the trunk will be activated automatically.
CHAPTER 6 | Link Aggregation Configuring LACP Current LACP Port Configuration ◆ Port – Port identifier. (Range: 1-26) ◆ LACP – Indicates ports that are enabled as LACP ports and if they are passive or active. ◆ Aggregated – Indicates ports in a trunk that are members of an active link. WEB INTERFACE To configure LACP settings: 1. Click Configuration, Link Aggregation, LACP Setting. 2. Enable LACP on the switch. 3. Specify the LACP System Priority to identify LAGs on the switch. 4. Click Apply.
CHAPTER 6 | Link Aggregation Configuring LACP – 56 –
7 CREATING VLANS This chapter includes the following sections for configuring VLANs: ◆ “IEEE 802.1Q VLANs” on page 57 ◆ “Assigning Ports to VLANs” on page 58 ◆ “Configuring VLAN Attributes for Port Members” on page 60 IEEE 802.1Q VLANS In large networks, routers are used to isolate broadcast traffic for each subnet into separate domains. This switch provides a similar service at Layer 2 by using VLANs to organize any group of network nodes into separate broadcast domains.
CHAPTER 7 | Creating VLANs Assigning Ports to VLANs ASSIGNING PORTS TO VLANS Before enabling VLANs for the switch, you must first assign each port to the VLAN group(s) in which it will participate. By default all ports are assigned to VLAN 1 as untagged ports. Add a port as a tagged port if you want it to carry traffic for one or more VLANs, and any intermediate network devices or the host at the other end of the connection supports VLANs.
CHAPTER 7 | Creating VLANs Assigning Ports to VLANs WEB INTERFACE To configure IEEE 802.1Q VLAN groups: 1. Click Configuration, VLAN, Static VLAN. 2. Select a VLAN ID number. 3. Define a name to identify the VLAN. 4. Mark the ports to be assigned to the new VLAN as tagged or untagged members. 5. Click Add/Modify. NOTE: To modify a created VLAN, click on the VLAN ID in the current VLAN list to display the current settings.
CHAPTER 7 | Creating VLANs Configuring VLAN Attributes for Port Members CONFIGURING VLAN ATTRIBUTES FOR PORT MEMBERS You can configure VLAN attributes for specific interfaces, including the default Port VLAN identifier (PVID). PARAMETERS The following parameters are displayed on the VLAN Setting page: ◆ Port - Selects one or more ports or trunks to configure. Hold down the Ctrl key and click port numbers to selelct multiple ports. Hold down the Shift key to select a range of ports.
8 VLAN STACKING This chapter includes the following sections for configuring VLAN Stacking: ◆ “Configuring IEEE 802.1Q Tunneling” on page 61 ◆ “VLAN Stacking Table” on page 62 ◆ “VLAN Stacking Settings” on page 63 CONFIGURING IEEE 802.1Q TUNNELING VLAN Stacking, or IEEE 802.1Q Tunneling (QinQ), is designed for service providers carrying traffic for multiple customers across their networks.
CHAPTER 8 | VLAN Stacking VLAN Stacking Table When a double-tagged packet enters another trunk port in an intermediate or core switch in the service provider’s network, the outer tag is stripped for packet processing. When the packet exits another trunk port on the same core switch, the same S-VLAN tag is again added to the packet. When a packet enters the trunk port on the service provider’s egress switch, the outer tag is again stripped for packet processing.
CHAPTER 8 | VLAN Stacking VLAN Stacking Settings Figure 17: VLAN Stacking Table VLAN STACKING SETTINGS After configuring port members for stacking VLANs on the switch, the ports connected to a service provider network need to be enabled as doubledtagged ports. Also the Tag Protocol Identifier (TPID) value must be set for the doubled-tagged ports to identify 802.1Q tagged frames. PARAMETERS ◆ PVID – The stacking VLAN Port VLAN Identifier.
CHAPTER 8 | VLAN Stacking VLAN Stacking Settings the ethertype field, as they would be with a standard 802.1Q trunk. Frames arriving on the port containing any other ethertype are looked upon as untagged frames, and assigned to the native VLAN of that port. WEB INTERFACE To configure stacking VLAN port settings: 1. Click Configuration, VLAN Stacking, S-VLAN Setting. 2. Specify the Tag Protocol ID number. 3. Set the stacking PVID for service provider ports and configure them as “Enabled.” 4. Click Apply.
9 IGMP SNOOPING This chapter includes the following sections for configuring IGMP Snooping: ◆ “IGMP Snooping Introduction” on page 65 ◆ “Multicast Entry Table” on page 66 ◆ “IGMP Snooping Setting” on page 67 IGMP SNOOPING INTRODUCTION Multicasting is used to support real-time applications such as videoconferencing or streaming audio. A multicast server does not have to establish a separate connection with each client.
CHAPTER 9 | IGMP Snooping Multicast Entry Table MULTICAST ENTRY TABLE The IGMP Multicast Router Information table displays the current multicast groups learned through IGMP Snooping. Multicast routers that are attached to ports on the switch use information obtained from IGMP, along with a multicast routing protocol such as DVMRP or PIM, to support IP multicasting across the Internet.
CHAPTER 9 | IGMP Snooping IGMP Snooping Setting WEB INTERFACE To display multicast group and router port information, click Configuration, IGMP Snooping, Multicast Entry Table. Figure 19: Multicast Entry Table IGMP SNOOPING SETTING You can configure the switch to forward multicast traffic intelligently. Based on the IGMP query and report messages, the switch forwards traffic only to the ports that request multicast traffic.
CHAPTER 9 | IGMP Snooping IGMP Snooping Setting ◆ IGMP Fast-Leave - Immediately deletes a member port of a multicast service if a leave packet is received on that port. Fast Leave can improve bandwidth usage for a network which frequently experiences many IGMP host add and leave requests. (Default: Disabled) ◆ Unknown Multicast — When the table used to store multicast entries for IGMP snooping is filled, no new entries are learned.
CHAPTER 9 | IGMP Snooping IGMP Snooping Setting Figure 20: IGMP Snooping Global Settings IGMP VLAN SETTING The following parameters are displayed for the VLAN Setting section of the IGMP Snooping Setting page: ◆ VLAN ID — Specifies the ID of a configured VLAN on the switch. (Range: 1-4094) ◆ VLAN Name — Displays the name of the VLAN. ◆ Snooping State — Enables IGMP snooping on the VLAN. (Default: Disabled) ◆ Querier State — Enables IGMP querier on the VLAN.
CHAPTER 9 | IGMP Snooping IGMP Snooping Setting Figure 21: IGMP Snooping VLAN Settings – 70 –
10 SPANNING TREE This chapter includes the following sections for configuring Spanning Tree: ◆ “Configuring the Spanning Tree Protocol” on page 71 ◆ “Configuring STP Global Settings” on page 72 ◆ “Configuring STP Port Settings” on page 75 CONFIGURING THE SPANNING TREE PROTOCOL The Spanning Tree Protocol (STP) can be used to detect and disable network loops, and to provide backup links between switches, bridges or routers.
CHAPTER 10 | Spanning Tree Configuring STP Global Settings Once a stable network topology has been established, all bridges listen for Hello BPDUs (Bridge Protocol Data Units) transmitted from the Root Bridge. If a bridge does not get a Hello BPDU after a predefined interval (Maximum Age), the bridge assumes that the link to the Root Bridge is down. This bridge will then initiate negotiations with other bridges to reconfigure the network to reestablish a valid network topology.
CHAPTER 10 | Spanning Tree Configuring STP Global Settings ◆ Maximum Age — The maximum time (in seconds) a device can wait without receiving a configuration message before attempting to reconfigure. All device ports (except for designated ports) should receive configuration messages at regular intervals. Any port that ages out STP information (provided in the last configuration message) becomes the designated port for the attached LAN.
CHAPTER 10 | Spanning Tree Configuring STP Global Settings network. (References to “ports” in this section means “interfaces,” which includes both ports and trunks.) ◆ Root Hello Time — The interval (in seconds) at which this device transmits a configuration message. ◆ Root Forward Delay — The maximum time (in seconds) this device will wait before changing states (i.e., discarding to learning to forwarding).
CHAPTER 10 | Spanning Tree Configuring STP Port Settings CONFIGURING STP PORT SETTINGS Use the STP Port Setting page to configure Spanning Tree attributes for specific interfaces, including path cost, port priority, edge port (for fast forwarding), automatic detection of an edge port, and point-to-point link type. PARAMETERS The following parameters are displayed on the STP Port Setting page: ◆ Port — Port identifier.
CHAPTER 10 | Spanning Tree Configuring STP Port Settings Table 7: Default STP Path Costs Port Type Link Type IEEE 802.1w-2001 Ethernet Half Duplex Full Duplex Trunk 2,000,000 1,000,000 500,000 Fast Ethernet Half Duplex Full Duplex Trunk 200,000 100,000 50,000 Gigabit Ethernet Full Duplex Trunk 10,000 5,000 ◆ Priority — Defines the priority used for this port in the Spanning Tree Protocol. If the path cost for all ports on a switch are the same, the port with the highest priority (i.e.
CHAPTER 10 | Spanning Tree Configuring STP Port Settings ■ ■ ■ Discarding — Port receives STP configuration messages, but does not forward packets. Learning — Port has transmitted configuration messages for an interval set by the Forward Delay parameter without receiving contradictory information. Port address table is cleared, and the port begins learning addresses. Forwarding — Port forwards packets, and continues learning addresses.
CHAPTER 10 | Spanning Tree Configuring STP Port Settings ◆ Edge — The Edge setting for the port: ■ ■ Config — The administrator configured Edge setting. Actual — This parameter is initialized to the port setting for Edge (that is, True or False), but will be set to false if a BPDU is received, indicating that another bridge is attached to this port. WEB INTERFACE To configure port settings for Spanning Tree: 1. Click Configuration, Spanning Tree, STP Port Setting. 2.
11 QUALITY OF SERVICE This chapter includes the following sections for configuring Quality of Service (QoS): ◆ “QoS Introduction” on page 79 ◆ “Port-Based Priority” on page 80 ◆ “DSCP-Based Priority” on page 81 ◆ “Priority-to-Queue Mapping” on page 82 ◆ “Packet Scheduling” on page 84 QOS INTRODUCTION All switches or routers that access the Internet rely on class information to provide the same forwarding treatment to packets in the same class.
CHAPTER 11 | Quality of Service Port-Based Priority PORT-BASED PRIORITY You can specify the default port priority for each port on the switch, a Quality Control List (which sets the priority for ingress packets based on detailed criteria), the default tag assigned to egress packets, the queuing mode, and queue weights. PARAMETERS The following parameters are displayed on the Port-Based Priority page: ◆ Port — Port identifier. ◆ Priority — The default priority used when adding a tag to untagged frames.
CHAPTER 11 | Quality of Service DSCP-Based Priority Figure 24: Port-Based Priority Setting DSCP-BASED PRIORITY The Differentiated Services Code Point (DSCP) is a six-bit field in the IP header, allowing coding for up to 64 different forwarding behaviors. The DSCP replaces the ToS bits, but it retains backward compatibility with the three precedence bits so that non-DSCP compliant, ToS-enabled devices, will not conflict with the DSCP mapping.
CHAPTER 11 | Quality of Service Priority-to-Queue Mapping WEB INTERFACE To configure port-level DSCP remarking: 1. Click Configuration, QoS, DSCP-based Priority. 2. Map one or more DSCP values to a priority value. 3. Click Apply. Figure 25: DSCP-Based Priority Setting PRIORITY-TO-QUEUE MAPPING This switch processes Class of Service (CoS) priority tagged traffic by using eight priority queues for each port, with service schedules based on Weighted Fair Queuing (WFQ) or Weighted Round Robin (WRR).
CHAPTER 11 | Quality of Service Priority-to-Queue Mapping Table 9: CoS Priority Levels Priority Level Traffic Type 1 Background 2 (Spare) 0 (default) Best Effort 3 Excellent Effort 4 Controlled Load 5 Video, less than 100 milliseconds latency and jitter 6 Voice, less than 10 milliseconds latency and jitter 7 Network Control PARAMETERS ◆ Priority — CoS value. (Range: 0-7, where 7 is the highest priority) ◆ Queue ID — Output queue buffer.
CHAPTER 11 | Quality of Service Packet Scheduling Figure 26: Priority-to-Queue Mapping PACKET SCHEDULING You can set the switch to service the queues based on a strict rule that requires all traffic in a higher priority queue to be processed before lower priority queues are serviced, Weighted Fair Queuing (WFQ), or Weighted Round-Robin (WRR) queuing that specifies a relative weight of each queue. The traffic classes are mapped to one of the eight egress queues provided for each port.
CHAPTER 11 | Quality of Service Packet Scheduling percentage of service time the switch services each queue before moving on to the next queue. ◆ Queue ID — Output queue buffer. (Range: 1-8, where 8 is the highest priority queue) ◆ Weight — Set a new weight for the selected traffic class. (Range: Strict or 1-15) Use queue weights 1-15 for queues to allocate service time based on WFQ or WRR. Queue weights must be configured in ascendant manner, assigning more weight to each higher numbered queue.
CHAPTER 11 | Quality of Service Packet Scheduling – 86 –
12 LINK LAYER DISCOVERY PROTOCOL This chapter includes the following sections for configuring Link Layer Discovery Protocol (LLDP): ◆ “Configuring LLDP” on page 87 ◆ “LLDP Neighbors” on page 89 CONFIGURING LLDP The Link Layer Discovery Protocol (LLDP) is used to discover basic information about neighboring devices on the local broadcast domain. LLDP is a Layer 2 protocol that uses periodic broadcasts to advertise information about the sending device.
CHAPTER 12 | Link Layer Discovery Protocol Configuring LLDP ◆ Port — Port identifier. (Range: 1-26) ◆ State — Enables LLDP message transmit and receive modes for LLDP Protocol Data Units. (Options: Disabled, Tx/Rx, Rx only, Tx only; Default: Disabled) WEB INTERFACE To configure global and port settings for LLDP: 1. Click Configuration, LLDP, LLDP Settings. 2. Enable LLDP for the switch. 3. If required, modified other LLDP parameters. 4. For one or a group of ports, set the LLDP mode. 5. Click Apply.
CHAPTER 12 | Link Layer Discovery Protocol LLDP Neighbors LLDP NEIGHBORS Use the LLDP Neighbors page to display information about devices connected directly to the switch’s ports which are advertising information through LLDP. PARAMETERS The following parameters are displayed on the LLDP Neighbors page: ◆ Local Port — The local port to which a remote LLDP-capable device is attached. ◆ Chassis ID — An octet string indicating the specific identifier for the particular chassis in this system.
CHAPTER 12 | Link Layer Discovery Protocol LLDP Neighbors WEB INTERFACE To display LLDP neighbors, click Configuration, LLDP, LLDP Neighbors. Use the Refresh button to update the LLDP information.
13 SNMP SETTINGS This chapter includes the following sections for configuring Simple Network Management Protocol (SNMP): ◆ “Simple Network Management Protocol” on page 91 ◆ “Setting SNMP System and Community Strings” on page 92 ◆ “Specifying SNMP Trap Receivers” on page 93 SIMPLE NETWORK MANAGEMENT PROTOCOL Simple Network Management Protocol (SNMP) is a communication protocol designed specifically for managing devices on a network.
CHAPTER 13 | SNMP Settings Setting SNMP System and Community Strings SETTING SNMP SYSTEM AND COMMUNITY STRINGS To manage the switch through SNMP, you must first enable the protocol and configure the basic access parameters. You can configure community strings authorized for management access by clients using SNMP v1 and v2c. All community strings used for IP Trap Receivers should be listed in this table. For security reasons, you should consider removing the default strings.
CHAPTER 13 | SNMP Settings Specifying SNMP Trap Receivers 6. Click Apply. Figure 30: SNMP Settings SPECIFYING SNMP TRAP RECEIVERS Traps indicating status changes are issued by the switch to specified trap managers. You must specify trap managers so that key events are reported by this switch to your management station (using network management software).
CHAPTER 13 | SNMP Settings Specifying SNMP Trap Receivers 2. Specify the IP address of management station that will receive SNMP trap messages. 3. Specify a configured community string for the trap receiver. 4. Click Apply.
14 PORT MIRRORING You can mirror traffic from one or more source ports to a target port for real-time analysis. You can then attach a logic analyzer or RMON probe to the target port and study the traffic crossing the source ports in a completely unobtrusive manner. USAGE GUIDELINES ◆ The destination port speed should match or exceed source port speed, otherwise traffic may be dropped from the monitor port. ◆ Two mirror sessions can be configured. ◆ All mirrored ports share the same destination port.
CHAPTER 14 | Port Mirroring Figure 32: Port Mirroring – 96 –
15 PORT SECURITY Port security is a feature that allows you to configure a switch port with a maximum number of device MAC addresses that are authorized to access the network through that port. When port security is enabled on a port, the switch stops learning new MAC addresses on the specified port when it has reached a configured maximum number.
CHAPTER 15 | Port Security WEB INTERFACE To configure port security: 1. Click Configuration, Port Security. 2. Select the ports to configure. 3. Set Security to Enable. 4. Configure the maximum number of MAC addresses allowed on the port. 5. Set an action for port security violations. 6. Click Apply.
16 BANDWIDTH CONTROL This function allows the network manager to control the maximum rate for traffic received on a port or transmitted from a port. Rate limiting is configured on ports at the edge of a network to limit traffic into or out of the switch. Packets that exceed the acceptable amount of traffic are dropped. Rate limiting can be applied to individual ports or trunks. When an interface is configured with this feature, the traffic rate will be monitored by the hardware to verify conformity.
CHAPTER 16 | Bandwidth Control Figure 34: Bandwidth Control – 100 –
17 JUMBO FRAME The switch provides more efficient throughput for large sequential data transfers by supporting jumbo frames up to 9216 bytes. Compared to standard Ethernet frames that run only up to 1.5 KB, using jumbo frames significantly reduces the per-packet overhead required to process protocol encapsulation fields. USAGE GUIDELINES To use jumbo frames, both the source and destination end nodes (such as a computer or server) must support this feature.
CHAPTER 17 | Jumbo Frame – 102 –
18 MANAGEMENT ACCESS FILTER You can create a list of up to eight IP addresses or IP address groups that are allowed management access to the switch through the web interface. USAGE GUIDELINES ◆ The web management interface is open to all IP addresses by default. Once you add an entry to a filter list, access to that interface is restricted to the specified addresses.
CHAPTER 18 | Management Access Filter Figure 36: Management Access Filter – 104 –
19 MAC ADDRESS SECURITY This chapter includes the following sections for configuring MAC address security: ◆ “MAC Forwarding Table” on page 105 ◆ “Static MAC Addresses” on page 106 ◆ “MAC Address Filtering” on page 107 MAC FORWARDING TABLE Switches store the addresses for all known devices. This information is used to pass traffic directly between the inbound and outbound ports. All the addresses learned by monitoring traffic are stored in the dynamic address table.
CHAPTER 19 | MAC Address Security Static MAC Addresses WEB INTERFACE To display the MAC address forwarding table, click Security, MAC Address, MAC Forwarding Table. Figure 37: MAC Address Forwarding Table STATIC MAC ADDRESSES A static address can be assigned to a specific interface on the switch. Static addresses are bound to the assigned interface and will not be moved. When a static address is seen on another interface, the address will be ignored and will not be written to the address table.
CHAPTER 19 | MAC Address Security MAC Address Filtering Figure 38: Static MAC Setting MAC ADDRESS FILTERING The MAC Filtering pages are used to filter service to clients attempting to access the Internet based on protocol type, destination/source MAC address, and the direction of traffic for each packet. Click Advanced Setup, Security, MAC Filtering. If a policy has been set, you can change the filtering action to Forwarded or Blocked. To add a new policy, click Add.
CHAPTER 19 | MAC Address Security MAC Address Filtering WEB INTERFACE To configure MAC Address Filtering: 1. Click Security, MAC Address, MAC Address Filtering. 2. Specify the MAC address to be filtered. 3. Specify the VLAN ID. 4. Select to filter the MAC address as the source, destination, or both. 5. Set a name to describe the filter. 6. Click Add.
20 802.1X SECURITY This chapter includes the following sections for configuring 802.1X security: ◆ “Configuring 802.1X Authentication” on page 109 ◆ “802.1X Global Settings” on page 110 ◆ “802.1X Port Settings” on page 111 CONFIGURING 802.1X AUTHENTICATION Network switches can provide open and easy access to network resources by simply attaching a client PC.
CHAPTER 20 | 802.1X Security 802.1X Global Settings ◆ RADIUS authentication must be enabled on the switch and the IP address of the RADIUS server specified. ◆ 802.1X must be enabled globally for the switch. ◆ Each switch port that will be used must be set to “Authentication” mode. ◆ Each client that needs to be authenticated must have dot1X client software installed and properly configured. ◆ The RADIUS server and client also have to support the same EAP authentication type. 802.
CHAPTER 20 | 802.1X Security 802.1X Port Settings WEB INTERFACE To configure 802.1X global settings: 1. Click Security, 802.1X, 802.1X Setting. 2. Set 802.1X to Enabled. 3. Specify the RADIUS server IP address. 4. Specify the RADIUS server shared key. 5. Modified other parameters as required. 6. Click Apply. Figure 40: 802.1X Setting 802.1X PORT SETTINGS When 802.
CHAPTER 20 | 802.1X Security 802.1X Port Settings ■ ■ ■ ◆ Force-Authorized – Forces the port to grant access to all clients, either dot1x-aware or otherwise. Force-Unauthorized – Forces the port to deny access to all clients, either dot1x-aware or otherwise. No Authentication – Disables 802.1X authentication on the port. (This is the default setting.) State — Shows the current status of the 802.1X authentication process. WEB INTERFACE To configure 802.1X port settings: 1. Click Security, 802.
21 GENERAL SECURITY SETTINGS This chapter includes the following sections for other general security settings: ◆ “IP Filter Security” on page 113 ◆ “Storm Control Setting” on page 114 ◆ “Port Isolation” on page 116 ◆ “Defence Engine” on page 117 IP FILTER SECURITY IP Filter Security is a feature that filters IP traffic on port interfaces based on manually configured entries in the IP Filter table, or allowed IP address assignment through DHCP.
CHAPTER 21 | General Security Settings Storm Control Setting WEB INTERFACE To configure IP Filter settings: 1. Click Security, IP Filter Setting. 2. Select one or more ports to configure. 3. Select the mode Static and set an IP address, or select DHCP. 4. Select ports on which to allow traffic to DHCP servers. 5. Click Apply.
CHAPTER 21 | General Security Settings Storm Control Setting You can also protect your network from excess multicast or unknown multicast/unicast traffic traffic by setting thresholds for each port. Any packets exceeding the specified threshold will then be dropped. PARAMETERS The following parameters are displayed on the Storm Control page: ◆ Storm Type — Selects the storm control type. (Broadcast, Multicast, Unknown Unicast, Unknown Multicast) ◆ Port — Selects port and trunk interfaces.
CHAPTER 21 | General Security Settings Port Isolation PORT ISOLATION Port Isolation provides port-based security and isolation of local ports. The switch isolates port traffic by specifying those ports to which it can forward or receive traffic. PARAMETERS The following parameters are displayed on the Port Isolation page: ◆ Port — Selects port and trunk interfaces. (Port Range: 1-26) ◆ Port Isolation List — Selects port and trunk interfaces to which traffic can be forwarded and received.
CHAPTER 21 | General Security Settings Defence Engine DEFENCE ENGINE Defence Engine is a advanced feature that can prevent switch’s CPU from being overwhelmed by flooded packets, such as unknown unicast, unknown multicast, or broadcast packets. This function can be used to prevent malicious viruses or worm attacks. PARAMETERS The following parameter is displayed on the Defence Engine page: ◆ Defence Engine — Enables or disables the feature.
CHAPTER 21 | General Security Settings Defence Engine – 118 –
22 PORT STATISTICS You can display standard statistics on network traffic passing through each port. This information can be used to identify potential problems with the switch (such as a faulty port or unusually heavy loading). All values displayed have been accumulated since the last system reboot. PARAMETERS The following parameters are displayed on the Port Statistics Information page: ◆ Port — The port number. ◆ State — Displays the link state of port interfaces (Enabled or Disabled).
CHAPTER 22 | Port Statistics WEB INTERFACE To display port statistics, click Monitoring, Port Statistics.
23 MANAGEMENT TOOLS This chapter includes the following sections for management tools: ◆ “HTTP Upgrade” on page 121 ◆ “Restoring Factory Defaults” on page 122 ◆ “Resetting the Switch” on page 123 HTTP UPGRADE Use the HTTP Upgrade page to upgrade the switch’s system firmware by specifying a new software file. You can also use the HTTP Upgrade page to save the current configuration to a file on your computer, or to restore previously saved configuration settings to the switch.
CHAPTER 23 | Management Tools Restoring Factory Defaults CAUTION: Do not reset or power off the switch during the upgrade process or the switch may fail to function afterwards. Figure 47: Software Upgrade RESTORING FACTORY DEFAULTS Use the Reset page to restore the original factory settings. Note that the LAN IP Address, Subnet Mask and Gateway IP Address will be reset to their factory defaults. WEB INTERFACE To restore factory defaults, click Tools, Reset, then click the Reset button.
CHAPTER 23 | Management Tools Resetting the Switch RESETTING THE SWITCH Use the Reboot page to restart the switch. WEB INTERFACE To restart the switch, click Tools, Reboot, then click the Reboot button. The reboot will be complete when the web interface displays the login page.
CHAPTER 23 | Management Tools Resetting the Switch – 124 –
SECTION III APPENDICES This section provides additional information and includes these items: ◆ "Software Specifications" on page 127 ◆ "Troubleshooting" on page 131 – 125 –
SECTION | Appendices – 126 –
A SOFTWARE SPECIFICATIONS SOFTWARE FEATURES AUTHENTICATION Local, RADIUS, Port (802.1X), HTTPS, Port Security, IP Filter PORT CONFIGURATION 1000BASE-T: 10/100 Mbps at half/full duplex, 1000 Mbps at full duplex 1000BASE-BX/SX/LX/LH - 1000 Mbps at full duplex (SFP) FLOW CONTROL Full Duplex: IEEE 802.
APPENDIX A | Software Specifications Management Features MULTICAST FILTERING IGMP Snooping ADDITIONAL FEATURES DHCP Client LLDP (Link Layer Discover Protocol) SNMP (Simple Network Management Protocol) MANAGEMENT FEATURES IN-BAND MANAGEMENT Web-based HTTP or SNMP manager SNMP Management access via MIB database Trap management to specified hosts STANDARDS IEEE 802.1AB Link Layer Discovery Protocol IEEE 802.
APPENDIX A | Software Specifications Management Information Bases MANAGEMENT INFORMATION BASES Bridge MIB (RFC 1493) Differentiated Services MIB (RFC 3289) Entity MIB (RFC 2737) Ether-like MIB (RFC 2665) Extended Bridge MIB (RFC 2674) Extensible SNMP Agents MIB (RFC 2742) Forwarding Table MIB (RFC 2096) IGMP MIB (RFC 2933) Interface Group MIB (RFC 2233) Interfaces Evolution MIB (RFC 2863) IP MIB (RFC 2011) IP Multicasting related MIBs IPV6-MIB (RFC 2065) IPV6-ICMP-MIB (RFC 2066) IPV6-TCP-MIB (RFC 2052) IP
APPENDIX A | Software Specifications Management Information Bases – 130 –
B TROUBLESHOOTING PROBLEMS ACCESSING THE MANAGEMENT INTERFACE Table 11: Troubleshooting Chart Symptom Action Cannot connect using a web browser or SNMP software ◆ ◆ Be sure the switch is powered up. ◆ Check that you have a valid network connection to the switch and that the port you are using has not been disabled. ◆ Be sure you have configured the VLAN interface through which the management station is connected with a valid IP address, subnet mask and default gateway.
APPENDIX B | Troubleshooting Problems Accessing the Management Interface – 132 –
GLOSSARY ACL Access Control List. ACLs can limit network traffic and restrict access to certain users or devices by checking each packet for certain IP or MAC (i.e., Layer 2) information. BOOTP Boot Protocol. BOOTP is used to provide bootup information for network devices, including IP address information, the address of the TFTP server that contains the devices system files, and the name of the boot file.
GLOSSARY DSCP Differentiated Services Code Point Service. DSCP uses a six-bit tag to provide for up to 64 different forwarding behaviors. Based on network policies, different kinds of traffic can be marked for different kinds of forwarding. The DSCP bits are mapped to the Class of Service categories, and then into the output queues. EUI Extended Universal Identifier is an address format used by IPv6 to identify the host portion of the network address.
GLOSSARY IEEE 802.1Q VLAN Tagging—Defines Ethernet frame tags which carry VLAN information. It allows switches to assign endstations to different virtual LANs, and defines a standard way for VLANs to communicate across switched networks. IEEE 802.1P An IEEE standard for providing quality of service (QoS) in Ethernet networks. The standard uses packet tags that define up to eight traffic classes and allows switches to transmit packets based on the tagged priority value. IEEE 802.
GLOSSARY IP MULTICAST FILTERING A process whereby this switch can pass multicast traffic along to participating hosts. IP PRECEDENCE The Type of Service (ToS) octet in the IPv4 header includes three precedence bits defining eight different priority levels ranging from highest priority for network control packets to lowest priority for routine traffic.
GLOSSARY NTP Network Time Protocol provides the mechanisms to synchronize time across the network. The time servers operate in a hierarchical-masterslave configuration in order to synchronize local clocks within the subnet and to national time standards via wire or radio. PORT AUTHENTICATION See IEEE 802.1X. PORT MIRRORING A method whereby data on a target port is mirrored to a monitor port for troubleshooting with a logic analyzer or RMON probe.
GLOSSARY SSH Secure Shell is a secure replacement for remote access functions, including Telnet. SSH can authenticate users with a cryptographic key, and encrypt data connections between management clients and the switch. STA Spanning Tree Algorithm is a technology that checks your network for any loops. A loop can often occur in complicated or backup linked network systems. Spanning Tree detects and directs data along the shortest available path, maximizing the performance and efficiency of the network.
INDEX NUMERICS M 802.1Q tunnel mode selection 63 802.
INDEX STA edge port 75, 76 global settings, displaying 72 interface settings 75 link type 76 path cost 71, 73, 75 port priority 76 standards, IEEE 128 STP 71, 72 STP Also see STA T trap manager 93 troubleshooting 131 trunk configuration 52, 54 LACP 54 static 52 Type Length Value See LLDP TLV See also LLDP-MED TLV V VLAN interface configuration 60 VLANs 802.
ECS4310-26T E072010-CS-R01 149100000083A
