SmartSwitch 2200 Series Standalone Switches (2E25x and 2H25x) Local Management User’s Guide 9033069-01
ELECTRICAL HAZARD: Only qualified personnel should perform installation procedures. NOTICE Enterasys Networks and its licensors reserve the right to make changes in specifications and other information contained in this document without prior notice. The reader should in all cases consult Enterasys Networks to determine whether any such changes have been made. The hardware, firmware, or software described in this manual is subject to change without notice.
ENTERASYS NETWORKS, INC. PROGRAM LICENSE AGREEMENT BEFORE OPENING OR UTILIZING THE ENCLOSED PRODUCT, CAREFULLY READ THIS LICENSE AGREEMENT. This document is an agreement (“Agreement”) between You, the end user, and Enterasys Networks, Inc. (“Enterasys”) that sets forth your rights and obligations with respect to the Enterasys software program (“Program”) in the package. The Program may be contained in firmware, chips or other media.
. UNITED STATES GOVERNMENT RESTRICTED RIGHTS. The enclosed Product (i) was developed solely at private expense; (ii) contains “restricted computer software” submitted with restricted rights in accordance with section 52.227-19 (a) through (d) of the Commercial Computer Software-Restricted Rights Clause and its successors, and (iii) in all respects is proprietary data belonging to Enterasys and/or its suppliers.
Contents Figures ...........................................................................................................................................xii Tables.............................................................................................................................................xv ABOUT THIS GUIDE Using This guide .......................................................................................................... xvii Structure of This Guide ...............................
3.4 3.5 3.6 3.7 4 DEVICE CONFIGURATION MENU SCREENS 4.1 4.2 4.3 4.4 4.5 4.6 4.7 4.8 vi Overview of Security Methods ...................................................................... 3-10 3.4.1 Host Access Control Authentication (HACA) ................................ 3-10 Security Menu Screen................................................................................... 3-13 Passwords Screen ........................................................................................ 3-15 3.6.
5 PORT CONFIGURATION MENU SCREENS 5.1 5.2 5.3 5.4 5.5 5.6 5.7 5.8 6 Port Configuration Menu Screen..................................................................... 5-1 Ethernet Interface Configuration Screen......................................................... 5-3 Ethernet Port Configuration Screen ................................................................ 5-7 5.3.1 Selecting Settings ......................................................................... 5-11 5.3.
6.8 6.9 6.10 7 802.1Q VLAN CONFIGURATION MENU SCREENS 7.1 7.2 7.3 7.4 7.5 7.6 7.7 7.8 viii Protocol Port Configuration Screen............................................................... 6-38 6.8.1 Assigning Ports to a PID/Classification......................................... 6-40 Example, Prioritizing Traffic According to Classification Rule....................... 6-41 6.9.1 Solving the Problem......................................................................
8 GARP CONFIGURATION MENU SCREENS 8.1 8.2 8.3 9 LAYER 3 EXTENSIONS MENU SCREENS 9.1 9.2 9.3 10 10.4 Device Statistics Menu Screen ..................................................................... 10-2 Switch Statistics Screen................................................................................ 10-4 Interface Statistics Screen ............................................................................ 10-6 10.3.1 Displaying Interface Statistics .........................................
.6 12.7 12.8 12.9 12.10 12.11 12.12 12.13 12.14 12.15 12.16 12.17 12.18 12.19 x Contents Configuration Process................................................................................... 12-7 12.6.1 Defining a VLAN ........................................................................... 12-7 12.6.2 Classifying Frames to a VLAN ...................................................... 12-7 12.6.3 Customizing the VLAN Forwarding List ........................................
A GENERIC ATTRIBUTE REGISTRATION PROTOCOL (GARP) A.1 B GARP Switch Operation..................................................................................A-1 A.1.1 GARP VLAN Registration Protocol (GVRP) ...................................A-1 A.1.2 GARP Multicast Registration Protocol (GMRP) ..............................A-3 ABOUT IGMP B.1 B.2 B.3 IGMP Overview ...............................................................................................B-1 Supported Features and Functions.........
Figures Figure 1-1 2-1 2-2 3-1 3-2 3-3 3-4 3-5 3-6 3-7 4-1 4-2 4-3 4-4 4-5 4-6 4-7 4-8 4-9 4-10 4-11 4-12 4-13 5-1 5-2 5-3 5-4 5-5 5-6 5-7 6-1 6-2 6-3 6-4 6-5 xii Page Example of a Local Management Screen ....................................................................... 1-4 Management Terminal Connection................................................................................. 2-2 Uninterruptible Power Supply (UPS) Connection ...........................................................
Figure 6-6 6-7 6-8 6-9 6-10 6-11 7-1 7-2 7-3 7-4 7-5 7-6 7-7 7-8 8-1 8-2 8-3 9-1 9-2 10-1 10-2 10-3 10-4 11-1 11-2 12-1 12-2 12-3 12-4 12-5 12-6 12-7 12-8 12-9 12-10 12-11 12-12 12-13 12-14 12-15 12-16 12-17 Page Transmit Queues Configuration Screen ........................................................................ 6-19 Priority Classification Configuration Screen .................................................................. 6-23 Datagram, Layer 2 and Layer 3.....................................
Figure Page 12-18 12-19 12-20 12-21 12-22 12-23 12-24 12-25 12-26 A-1 Example 3, 1D Trunk Connection to 802.1Q VLAN Network ......................................12-32 Bridge 1 Broadcasts Frames .......................................................................................12-35 Switch 2 Forwards to 1Q Trunk ...................................................................................12-35 Switch 1 Forwards to 1D Trunk ........................................................................
Tables Table 1-1 1-2 2-1 3-1 3-2 3-3 3-4 4-1 4-2 4-3 4-4 4-5 4-6 4-7 4-8 4-9 5-1 5-2 5-3 5-4 5-5 5-6 5-7 6-1 6-2 6-3 6-4 6-5 6-6 6-7 6-8 6-9 6-10 6-11 7-1 Page Event Messages ........................................................................................................... 1-5 Keyboard Conventions .................................................................................................1-7 VT Terminal Setup.....................................................................................
Table Page 7-2 7-3 7-4 7-5 7-6 7-7 7-8 7-9 8-1 8-2 8-3 9-1 9-2 10-1 10-2 10-3 10-4 Device VLAN Configuration Screen Field Descriptions ................................................7-7 Port Assignment Configuration Screen Field Descriptions .........................................7-12 Port Filtering Configuration Screen Field Descriptions ...............................................7-16 VLAN Forwarding Configuration Screen Field Descriptions .......................................
About This Guide Welcome to the Cabletron Systems SmartSwitch 2200 Series Standalone Switches (2E25x and 2H25x) Local Management User’s Guide for SmartSwitch devices with firmware revision 4.08.11 and higher. This manual explains how to access and use Cabletron Systems Local Management for the SmartSwitch device. Local Management is a series of screens that enable the user to monitor and control the SmartSwitch device and its attached segments.
Structure of This Guide Chapter 3, Accessing Local Management, describes how to access the Main Menu screen and navigate the Local Management screens. This chapter also describes the Security screens that allow you to configure the level of access security for the device. Chapter 4, Device Configuration Menu Screens, describes the Device Configuration Menu screen and the screens that can be selected from it.
Related Documents Appendix A, Generic Attribute Registration Protocol (GARP), describes the switch operation when its ports are configured to operate under the Generic Attribute Registration Protocol (GARP) applications – GARP VLAN Registration Protocol (GVRP) and/or GARP Multicast Registration Protocol (GMRP). Appendix B, About IGMP, introduces the Internet Group Management Protocol (IGMP), its features and functions, and describes how it detects multicast routers.
Typographical and Keystroke Conventions TYPOGRAPHICAL AND KEYSTROKE CONVENTIONS bold type Bold type can denote either a user input or a highlighted screen selection. RETURN Indicates either the ENTER or RETURN key, depending on your keyboard. ESC Indicates the keyboard Escape key. SPACE bar Indicates the keyboard space bar key. BACKSPACE Indicates the keyboard backspace key. arrow keys Refers to the four keyboard arrow keys. [-] Indicates the keyboard – key.
1 Introduction This chapter provides an overview of the tasks that may be accomplished using Local Management (LM), and an introduction to LM screen navigation, in-band and out-of-band network management, screen elements, and LM keyboard conventions. Important Notice Depending on the firmware version used in the SmartSwitch device, some features described in this document may not be supported. Refer to the Release Notes shipped with the SmartSwitch device to determine which features are supported. 1.
Overview • Set flow control on a port-by-port basis. • Configure ports to prioritize incoming frames. • Clear NVRAM. • Set 802.1Q VLAN memberships and port configurations. • Redirect frames according to port or VLAN and transmit them on a preselected destination port. • Transmit frames on preselected destination ports according to protocol and priority or protocol and VLAN.
Navigating Local Management Screens Out-of-band network management passes data along a medium that is entirely separate from the common data carrier of the network, for example, a cable connection between a dumb terminal and a SmartSwitch device COM port. Cabletron Systems Local Management is an out-of-band network management system. A device connected out-of-band to the management agent is not connected to the LAN.
Local Management Screen Elements 1.4 LOCAL MANAGEMENT SCREEN ELEMENTS There are six types of screens used in Local Management: password, menu, statistics, configuration, status, and warning screens. Each type of screen can consist of one to five basic elements, or fields. Figure 1-1 shows an example of the fields in a screen. A description of each field follows the figure. NOTE: The following definitions apply to most of the Local Management screens.
Local Management Screen Elements The following list explains each of the Local Management fields: Event Message Field This field briefly displays messages that indicate if a Local Management procedure was executed correctly or incorrectly, that changes were saved or not saved to Non-Volatile Random Access Memory (NVRAM), or that a user did not have access privileges to an application. Table 1-1 describes the most common event messages.
Local Management Screen Elements Input Fields Input Fields require the entry of keyboard characters. IP addresses, subnet mask, default gateway and device time are examples of input fields. In the screens shown in this guide, the characters in the input fields are in bold type. In the field description, the field is identified as being “modifiable”. Selection Fields Selection fields provide a series of possible values. Only applicable values appear in a selection field.
Local Management Keyboard Conventions 1.5 LOCAL MANAGEMENT KEYBOARD CONVENTIONS All key names appear as capital letters in this manual. Table 1-2 explains the keyboard conventions and the key functions that are used. Table 1-2 Keyboard Conventions Key Function ENTER Key These are selection keys that perform the same Local Management function. For example, “Press ENTER” means that you can press either ENTER or RETURN, unless this manual specifically instructs you otherwise.
1.6 GETTING HELP For additional support related to the device or this document, contact Enterasys Networks using one of the following methods: World Wide Web http://www.enterasys.com/ Phone (603) 332-9400 Internet mail support@enterasys.com FTP Login ftp://ftp.enterasys.com anonymous Password your email address To send comments or suggestions concerning this document, contact the Technical Writing Department via the following email address: TechWriting@enterasys.
2 Local Management Requirements This chapter provides the following information: • Management Terminal Setup (Section 2.1), which describes how to attach a Local Management terminal to the host device. • Telnet Connections (Section 2.2), which provides guidelines when using a Telnet connection to access Local Management. • Monitoring an Uninterruptible Power Supply (Section 2.
Management Terminal Setup 2.1.1 Console Cable Connection Use the Console Cable Kit provided with the SmartSwitch device to attach the management terminal to the SmartSwitch device COM port as shown in Figure 2-1. To connect the SmartSwitch device to a PC or compatible device running the VT terminal emulation, proceed as follows: 1. Connect the RJ45 connector at one end of the cable (supplied in the kit) to the COM port on the SmartSwitch device. 2.
Management Terminal Setup 2.1.2 Management Terminal Setup Parameters Table 2-1 lists the setup parameters for the local management terminal.
Telnet Connections 2.2 TELNET CONNECTIONS Once the SmartSwitch device has a valid IP address, the user can establish a Telnet session from any TCP/IP based node on the network. Telnet connections to the SmartSwitch device require the community name passwords assigned in the SNMP Community Names Configuration screen. For information about setting the IP address, refer to Section 4.2. For information about assigning community names, refer to Section 4.4.
Monitoring an Uninterruptible Power Supply Figure 2-2 Uninterruptible Power Supply (UPS) Connection FAST ETHERNET WORKGROUP SWITCH 2 2X RX-TX 6 5 4 3 1 LED MODE 4X 8 7 6X 10 9 8X 12 11 10X 16 15 14 13 12X 14X 22 21 20 19 18 17 16X 18X 20X 24 23 22X 24X DPX-SPD 2H252-25R PWR CPU RESET COM DB9 Port RJ45 COM Port UTP Cable with RJ45 Connectors UPS Device RJ45-to-DB9 UPS Adapter 30691_03 Local Management Requirements 2-5
3 Accessing Local Management This chapter provides information about the following: • Navigating through the Local Management screen hierarchy for each mode of operation (802.1Q Switching and SecureFast VLAN) (Section 3.1). • Accessing the Password screen to enter a Local Management session (Section 3.2). • Accessing the Device Menu screen and its menu items to gain access to other screens for configuring the switch, obtaining operating statistics, and obtaining access to network tools (Section 3.3).
Navigating Local Management Screens 3.1 NAVIGATING LOCAL MANAGEMENT SCREENS The SmartSwitch device Local Management application consists of a series of menu screens. Navigate through Local Management by selecting items from the menu screens. The SmartSwitch device supports two modes of switch operation. The switching modes are as follows: • 802.1Q SWITCHING (IEEE 802.
Navigating Local Management Screens Figure 3-1 802.1Q Switching Mode, LM Screen Hierarchy Device Configuration Menu General Configuration SNMP Configuration Menu SNMP Community Names Configuration SNMP Traps Configuration Access Control List System Resources Information FLASH Download Configuration Ethernet Interface Configuration Port Configuration Menu 802.1 Configuration Menu Password Ethernet Port Configuration Switch Configuration Device Menu 802.
Navigating Local Management Screens Figure 3-2 SecureFast VLAN Mode, LM Screen Hierarchy Device Configuration Menu General Configuration SNMP Configuration Menu SNMP Community Names Configuration SNMP Traps Configuration System Resources Information FLASH Download Configuration Port Configuration Menu Password Device Menu Ethernet Interface Configuration Ethernet Port Configuration Device Statistics Menu Interface Statistics RMON Statistics HSIM/VHSIM Configuration Port Redirect Configuration Netw
Navigating Local Management Screens Using the RETURN Command To exit LM using the RETURN command, proceed as follows: 1. Use the arrow keys to highlight the RETURN command at the bottom of the Local Management screen. 2. Press ENTER. The previous screen in the Local Management hierarchy displays. NOTE: The user can also exit Local Management screens by pressing ESC twice. This exit method does not warn about unsaved changes and all unsaved changes are lost. 3.
Password Screen 3.2 PASSWORD SCREEN When to Use To start a Local Management session. Local Management is controlled through the Local Management Password screen shown in Figure 3-3. Whenever a connection is made to the SmartSwitch device the Local Management Password screen displays. Before continuing, you must enter a password (community name), which is compared to the previously stored passwords. The level of access allowed the user depends on the password.
Password Screen 2. Enter the Password and press ENTER. The default super-user access password is “public” or press ENTER. NOTE: The password is one of the community names specified in the SNMP Community Names Configuration screen. Access to certain Local Management capabilities depends on the degree of access accorded that community name. Refer to Section 4.4. If an invalid password is entered, the terminal beeps and the cursor returns to the beginning of the password entry field.
Device Menu Screen 3.3 DEVICE MENU SCREEN When to Use To access the three major menu screens of Local Management to configure the SmartSwitch device, obtain operating statistics, access the network tools command set, and set the security access policy for the switch. How to Access Enter a valid password in the Local Management Password screen as described in Section 3.2, and press ENTER. The Device Menu screen, Figure 3-4, displays.
Device Menu Screen Menu Descriptions Refer to Table 3-1 for a functional description of each menu item. Table 3-1 Device Menu Screen Menu Item Descriptions Menu Item Screen Function DEVICE CONFIGURATION MENU Provides access to the Local Management screens that are used to configure the SmartSwitch device and also provides access to the Port Configuration Menu, 802.1 Configuration Menu, and Layer 3 Extensions Menu screens.
Overview of Security Methods 3.4 OVERVIEW OF SECURITY METHODS Three security methods are available to control which users are allowed access to the switch’s host to monitor the configuration and control of the switch. • Host Access Control List (ACL) – allows only the defined list of IP Addresses to communicate with the host for Telnet, WebView (HTTP) and SNMP. To set up these parameters refer to the Host Access Control List (ACL) screen described in Section 4.6.
Overview of Security Methods On the Radius Server, each user is configured with the following: • name • password • access level The access level can be set to one of the following levels for each user name: • super-user • read-write • read-only To support multiple access levels per user name, it involves sending back a different “FilterID” attribute using some server feature to differentiate between the same user name with different prefixes/suffixes.
Overview of Security Methods The client cannot be enabled unless the primary server is configured with at least the minimum configuration information. NOTE: The minimum additional information that must be configured to use a server is its IP and Shared Secret. When the Radius Client is active on the switch, you are prompted by an authorization screen for a user login name and password when attempting to access the host IP address via the local console LM, Telnet to LM, or WebView application.
Security Menu Screen The secondary server is always consulted if it is configured. Note that the minimum additional information that must be configured to use a server is its IP and shared secret. A backup secondary server is always consulted if it has been configured with its IP and Shared Secret.
Security Menu Screen Screen Example Figure 3-5 Security Menu Screen PASSWORDS RADIUS CONFIGURATION EXIT RETURN 3559_66w Menu Descriptions Refer to Table 3-2 for a functional description of each menu item. Table 3-2 Security Menu Screen Descriptions Menu Item Screen Function PASSWORDS Used to set the Locally Administered Passwords (super user, read-write, and read-only) to access the device according to an access policy. For details, refer to Section 3.6.
Passwords Screen 3.6 PASSWORDS SCREEN Screen Navigation Path For MATRIX E7 chassis: Password > > Device Menu > Security > Passwords When to Use To provide additional security by using login passwords associated to an access policy. This screen allows the use of passwords to provide three levels of Local Management access (super-user, read-write and read-only) via serial console or telnet connection.
Passwords Screen Field Descriptions Refer to Table 3-3 for a functional description of each screen field. Table 3-3 Module Login Passwords Screen Field Descriptions Use this field… To… Password (Modifiable) Enter the password used to access the device according to an access policy. Access Policy (Read-only) See the access given each password.
RADIUS Configuration Screen 3.6.1 Setting the Login Password To set passwords and disable the function of switch S8 so that the password cannot be cleared, proceed as follows: 1. Use the arrow keys to highlight the appropriate Password field. A different password can be assigned to each Access Policy. 2. Press ENTER. 3. To disable the function of switch S8 so the passwords cannot be cleared, use the arrow keys to highlight the Switch 8 field. 4. Press the SPACE bar to select DISABLED. 5.
RADIUS Configuration Screen How to Access Use the arrow keys to highlight the RADIUS CONFIGURATION menu item on the Security Menu screen and press ENTER. The RADIUS Configuration screen, Figure 3-7, displays. Screen Example Figure 3-7 Radius Configuration Screen IP: Secret: Auth Port: Acct Port: Primary Server 172.29.80.90 ******************************** 1645 1646 IP: Secret: Auth Port: Acct Port: Secondary Server 134.141.40.
RADIUS Configuration Screen Table 3-4 Radius Configuration Screen Field Descriptions (Continued) Use this field… To… Auth Port (Modifiable) Enter the number of the Authorization UDP Port for the Primary and Secondary server. Acct Port (Modifiable) Enter the number of the Accounting UDP Port for the Primary and Secondary server. Timeout (Modifiable) Enter the maximum time in seconds to establish contact with the Radius Server before timing out.
RADIUS Configuration Screen 3.7.1 Setting the Last Resort Authentication The RADIUS client can be configured to use primary and secondary servers. If the primary server does not respond within the specified number of retries during the specified time-out period, the client will then attempt to authenticate using the secondary server. If the secondary server also does not respond, then the client returns a time-out condition.
4 Device Configuration Menu Screens This chapter describes the Device Configuration Menu screen and the following screens that may be selected: • General Configuration screen (Section 4.2) • SNMP Configuration Menu screen (Section 4.3) • SNMP Community Names Configuration screen (Section 4.4) • SNMP Traps Configuration screen (Section 4.5) • Access Control List screen (Section 4.6) • System Resources Information screen (Section 4.7) • FLASH Download Configuration screen (Section 4.
Device Configuration Menu Screen 4.1 DEVICE CONFIGURATION MENU SCREEN When to Use To access a series of Local Management screens used to establish an Access Control List (ACL) to provide additional security, configure and monitor operating parameters, modify SNMP community names, set SNMP traps, configure switch parameters, and configure the SmartSwitch device ports. How to Access Use the arrow keys to highlight the DEVICE CONFIGURATION MENU item on the Device Menu screen, and press ENTER.
Device Configuration Menu Screen Menu Descriptions Refer to Table 4-1 for a functional description of each menu item. Table 4-1 Device Configuration Menu Screen Menu Item Descriptions Menu Item Screen Function GENERAL CONFIGURATION Used to monitor and configure the SmartSwitch device operating parameters. For details, refer to Section 4.2. SNMP CONFIGURATION MENU Used to access the SNMP Community Names Configuration, SNMP Traps Configuration, and Access Control List screens.
General Configuration Screen Table 4-1 Device Configuration Menu Screen Menu Item Descriptions (Continued) Menu Item Screen Function LAYER 3 EXTENSIONS MENU Provides access to the IGMP/VLAN Configuration screen to configure ports and VLANs to operate according to the Internet Group Management Protocol (IGMP). For details, refer to Chapter 9. NOTE: The Layer 3 Extensions Menu and IGMP/VLAN Configuration screens display only if the SmartSwitch device has been configured to operate in the 802.
General Configuration Screen Screen Example Figure 4-2 General Configuration Screen MAC Address: 00-00-ID-00-00-00 Device Date: 10/11/1999 IP Address: 0.0.0.0 Device Time: 14:23:00 Subnet Mask: 255.255.0.0 Screen Refresh Time: 30 sec. Default Gateway: NONE DEFINED Screen Lockout Time: 15 min. TFTP Gateway IP Addr: 0.0.0.0 Device Uptime XX D XX H XX M Operational Mode: [802.
General Configuration Screen Table 4-2 General Configuration Screen Field Descriptions (Continued) Use this field… To… Subnet Mask (Modifiable) See the subnet mask for the SmartSwitch device. A subnet mask “masks out” the network bits of the IP address by setting the bits in the mask to 1 when the network treats the corresponding bits in the IP address as part of the network or subnetwork address, or to 0 if the corresponding bit identifies the host.
General Configuration Screen Table 4-2 General Configuration Screen Field Descriptions (Continued) Use this field… To… Device Uptime (Read-Only) See the total time that the device has been operating. Operational Mode (Toggle) Set the SmartSwitch device to operate as either an IEEE 802.1Q switch (802.1Q SWITCHING option) or as a SecureFast switch (SECURE FAST VLAN option). In the 802.1Q SWITCHING mode (the default mode of operation), the SmartSwitch device functions like an 802.
General Configuration Screen Table 4-2 General Configuration Screen Field Descriptions (Continued) Use this field… To… IP Fragmentation (Toggle) Enable or disable IP Fragmentation. The default setting for this field is ENABLED. If the SmartSwitch device is to be bridged to an FDDI ring using an HSIM-F6, IP Fragmentation should be enabled.
General Configuration Screen Figure 4-3 Configuration Warning Screen, IP Address WARNING! YOU HAVE ELECTED TO SAVE ONE OR MORE CONFIGURATION ITEMS THAT REQUIRE RESETTING THIS DEVICE. ARE YOU SURE YOU WANT TO CONTINUE? NO YES 30691_09 5. Use the arrow keys to highlight the YES command, then press ENTER. The changes are saved and the device reboots. 4.2.
General Configuration Screen 4. Use the arrow keys to highlight the SAVE command, then press ENTER. The warning screen shown in Figure 4-4 displays. Figure 4-4 Configuration Warning Screen, Subnet Mask WARNING! YOU HAVE ELECTED TO SAVE ONE OR MORE CONFIGURATION ITEMS THAT REQUIRE RESETTING THIS DEVICE. ARE YOU SURE YOU WANT TO CONTINUE? YES NO 30691_09 5. Use the arrow keys to highlight the YES command, then press ENTER. The changes are saved and the device reboots. 4.2.
General Configuration Screen 3. Press ENTER. If the default gateway entered is in the correct format, the cursor returns to the beginning of the Default Gateway field. If the format is not correct, the screen displays “INVALID DEFAULT GATEWAY OR FORMAT ENTERED”. Local Management does not alter the current value, but it does refresh the Default Gateway field with the previous value. 4. Use the arrow keys to highlight the SAVE command. 5. Press ENTER. The message “SAVED OK” displays at the top of the screen.
General Configuration Screen 3. Press ENTER to set the system calendar to the date in the input field. 4. Use the arrow keys to highlight the SAVE command at the bottom of the screen and press ENTER. If the date entered is a valid format, the message displays “SAVED OK” at the top of the screen. If the entry is not valid, Local Management does not alter the current value, but it does refresh the Device Date field with the previous value. 4.2.
General Configuration Screen 4.2.7 Entering a New Screen Refresh Time The screen refresh time can be set from 3 to 99 seconds with a default of 3 seconds. To set a new screen refresh time, perform the following steps: 1. Use the arrow keys to highlight the Screen Refresh Time field. 2. Enter a number from 3 to 99. 3. Press ENTER to set the refresh time to the time entered in the input field. 4. Use the arrow keys to highlight the SAVE command at the bottom of the screen and press ENTER.
General Configuration Screen 4.2.9 Setting the Operational Mode NOTE: If the device is to be configured to operate as a SecureFast switch, the device must be assigned an IP address. To set the Operational Mode, proceed as follows: 1. Use the arrow keys to highlight the Operational Mode field. 2. Press the SPACE bar to step to the appropriate operational mode (802.1Q SWITCHING or SECURE FAST VLAN). 3. Use the arrow keys to highlight the SAVE command, then press ENTER.
General Configuration Screen 4. Use the arrow keys to highlight the YES command, then press ENTER. The changes are saved and the device reboots. NOTE: Upon saving the new operational mode, the module will reboot. If the SmartSwitch device is set to 802.1Q SWITCHING and is going to be configured for VLANs, refer to Chapter 7 to configure the SmartSwitch device for this type of operation.
General Configuration Screen 2. Press the SPACE bar to choose either ENABLED or DISABLED. The COM port must be ENABLED for the LM or UPS application. Selecting DISABLED disallows the COM port connection to the terminal, providing additional device security. CAUTION: If the COM port is reconfigured without a valid IP address set on the SmartSwitch device, the message shown in Figure 4-6 displays. Do not continue unless the outcome of the action is fully understood.
General Configuration Screen 4.2.10.1 Changing the COM Port Application After enabling the COM port as described in Section 4.2.10, one of the applications supported by the COM port (LM or UPS) can be selected. The default application is LM. To change the COM port application: 1. Use the arrow keys to highlight the Application field. 2. Use the SPACE bar or BACKSPACE key to step to the desired setting. Table 4-3 lists the available settings and their corresponding applications.
General Configuration Screen 3. Use the arrow keys to highlight SAVE at the bottom of the screen. 4. Press ENTER. The warning shown in Figure 4-7 displays. Figure 4-7 Clear NVRAM Warning WARNING YOU HAVE ELECTED TO CLEAR NVRAM. THIS WILL CLEAR ALL SYSTEM DEFAULTS INCLUDING BUT NOT LIMITED TO IP ADDRESS, INTERFACE CONFIGURATION, AND COM PORT C O N F I G U R AT I O N , T H E N R E B O O T T H I S D E V I C E . ARE YOU SURE YOU WANT TO CLEAR NVRAM? YES NO 30691_13 5.
SNMP Configuration Menu Screen 4.3 SNMP CONFIGURATION MENU SCREEN When to Use To provide access to the SNMP Community Names Configuration, SNMP Traps Configuration, and Access Control List screens. These screens are used to modify SNMP community names, set SNMP traps, and establish an access control list to provide additional switch security. How to Access Use the arrow keys to highlight the SNMP CONFIGURATION MENU item on the DEVICE CONFIGURATION MENU screen, and press ENTER.
SNMP Configuration Menu Screen Menu Descriptions Refer to Table 4-4 for a functional description of each menu item. Table 4-4 SNMP Configuration Menu Screen Menu Item Descriptions Menu Item Screen Function SNMP COMMUNITY NAMES CONFIGURATION Used to enter new, change, or review the community names used as access passwords for device management operation. Access is limited based on the password level of the user. For details, refer to Section 4.4.
SNMP Community Names Configuration Screen 4.4 SNMP COMMUNITY NAMES CONFIGURATION SCREEN When to Use To set SNMP Management community names. Community names act as passwords to Local/Remote Management and are agents of security access to the SmartSwitch device. Access is controlled by enacting any of three different levels of security authorization (read-only, read-write, and super-user).
SNMP Community Names Configuration Screen Field Descriptions Refer to Table 4-5 for a functional description of each screen field. Table 4-5 SNMP Community Names Configuration Screen Field Descriptions Use this field… To… Community Name (Modifiable) Enter the user-defined name through which a user accesses the SmartSwitch device SNMP Management. Any community name assigned here acts as a password to Local Management. Access Policy (Read-Only) Indicate the access accorded each community name.
SNMP Community Names Configuration Screen 4.4.1 Establishing Community Names The password used to access Local Management at the Password Screen must have super-user access to view and edit the SNMP Community Names Configuration screen. Using a password with read-only or read-write access does not allow the viewing or editing of the SNMP Community Names Configuration screen.
SNMP Traps Configuration Screen 4.5 SNMP TRAPS CONFIGURATION SCREEN When to Use To assign SNMP traps to eight different IP addresses. Since the SmartSwitch device is an SNMP compliant device, it can send messages to multiple Network Management Stations to alert users of status changes. How to Access Use the arrow keys to highlight the SNMP TRAPS CONFIGURATION menu item on the SNMP Configuration Menu screen, and press ENTER. The SNMP Traps Configuration screen, Figure 4-10, displays.
SNMP Traps Configuration Screen Field Descriptions Refer to Table 4-6 for a functional description of each screen field. Table 4-6 SNMP Traps Configuration Screen Field Descriptions Use this field… To… Trap Destination (Modifiable) Display/enter the IP address of the workstation to receive trap alarms. Up to eight different destinations can be defined.
Access Control List Screen 7. Use the arrow keys to highlight the SAVE command and press ENTER. The message “SAVED OK” displays on the screen. NOTE: Exiting without saving causes a “NOT SAVED?” message to appear above the SAVE command. Edits are lost if they are not saved before exiting. The designated workstations will now receive traps from the SmartSwitch device as long as the communication path to the designated workstations is not inhibited (for example, by subnets or VLANs). 4.
Access Control List Screen Screen Example Figure 4-11 Access Control List Screen Access Control Lists: [ENABLED] IP Addresses 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.
Access Control List Screen Field Descriptions Refer to Table 4-7 for a functional description of each screen field. Table 4-7 Access Control List Screen Field Descriptions Use this field… To… Access Control Lists (Toggle) Enable or disable to restrict SNMP/IP access to a limited number of IP addresses. This field toggles between ENABLED and DISABLED. DISABLED is the default setting. When ACL is enabled, all SmartSwitch device access is limited to the 16 IP addresses shown in the screen.
Access Control List Screen 4.6.1 Entering IP Addresses To enter IP addresses into the ACL, proceed as follows: 1. Use the arrow keys to highlight one of the place holders (0.0.0.0) under IP Addresses. 2. Enter the IP address of a device that you want to have access to Local Management using the following format: nn.nn.nn.nn (where n is an alphanumeric character) 3. Repeat steps 1 and 2 if more than one address is being entered.
System Resources Information Screen 4.7 SYSTEM RESOURCES INFORMATION SCREEN When to Use To monitor the current switch utilization and the peak switch utilization. This screen provides information concerning the processor used in the SmartSwitch device and the amount of FLASH memory, DRAM, and NVRAM that is installed and how much of that memory is available. How to Access Use the arrow keys to highlight the SYSTEM RESOURCES INFORMATION menu item on the Device Configuration Menu screen, and press ENTER.
System Resources Information Screen Field Descriptions Refer to Table 4-8 for a functional description of each screen field. Table 4-8 System Resources Information Screen Field Descriptions Use this field… To… CPU Type (Read-Only) See which microprocessor is used in the SmartSwitch device. Flash Memory Installed (Read-Only) See the amount of FLASH memory that is installed in the SmartSwitch device and how much is currently available.
FLASH Download Configuration Screen 4.8 FLASH DOWNLOAD CONFIGURATION SCREEN When to Use To perform any of the following: • Download a new firmware image file from a TFTP server to the SmartSwitch device. • Download a configuration file from a TFTP server to the SmartSwitch device. • Upload the configuration file from the SmartSwitch device to a TFTP server.
FLASH Download Configuration Screen How to Access Use the arrow keys to highlight the FLASH DOWNLOAD CONFIGURATION menu item on the Device Configuration Menu screen, and press ENTER. The Flash Download Configuration screen, Figure 4-13, displays. Screen Example Figure 4-13 Flash Download Configuration Screen Download Method: Reboot After Download: [YES] TFTP Gateway IP Addr: nnn.nnn.nnn.nnn Download Server IP: nnn.nnn.nnn.nnn Download File Name: /tftpboot/SS2200.fls Last Image Server IP: nnn.
FLASH Download Configuration Screen Field Descriptions Refer to Table 4-9 for a functional description of each screen field. Table 4-9 Flash Download Configuration Screen Field Descriptions Use this field… To… Download Method (Selectable) Select a method (RUNTIME, DOWNLOAD CONFIG, or UPLOAD CONFIG) to download (receive) an image file from a TFTP server, or upload (transmit) or download a configuration file to/from a TFTP server.
FLASH Download Configuration Screen Table 4-9 Flash Download Configuration Screen Field Descriptions (Continued) Use this field… To… Reboot After Download (Toggle) Set the SmartSwitch device so it will either reboot or not reboot after completing the download of an image. This field toggles between YES and NO, when the Download Method field is set to RUNTIME. If YES is selected, the device reboots after the download is completed.
FLASH Download Configuration Screen 4.8.1 Image File Download Using Runtime To download a firmware image file to the SmartSwitch device using Runtime, proceed as follows: 1. Use the arrow keys to highlight the Reboot After Download field. 2. Use the SPACE bar to select either YES or NO. Select YES if you want the device to reboot after the download is completed. Select NO if you want the device to store the new image in FLASH memory until the device is reset or during the next power-up. 3.
FLASH Download Configuration Screen 4.8.2 Configuration File Download Using TFTP To download a configuration file from a TFTP server to the SmartSwitch device, proceed as follows: 1. Use the arrow keys to highlight the Download Method field. 2. Use the SPACE bar to select DOWNLOAD CONFIG. NOTE: When DOWNLOAD CONFIG is selected, the Reboot After Download field is automatically set to YES (and cannot be changed), so that the SmartSwitch device automatically reboots after a successful download. 3.
FLASH Download Configuration Screen 4.8.3 Configuration File Upload Using TFTP To upload a configuration file to a TFTP server, proceed as follows: 1. Use the arrow keys to highlight the Download Method field. 2. Use the SPACE bar to select UPLOAD CONFIG. NOTE: When Upload Config is selected, the Reboot After Download field is automatically set to NO (and cannot be changed). 3. Use the arrow keys to highlight the TFTP Gateway IP Addr field. 4.
5 Port Configuration Menu Screens This chapter describes the Port Configuration Menu screen and the following screens that may be selected: • Ethernet Interface Configuration screen (Section 5.2) • Ethernet Port Configuration screen (Section 5.3) • HSIM/VHSIM Configuration screen (Section 5.4) • Redirect Configuration Menu screen (Section 5.5) • Port Redirect Configuration screen (Section 5.6) • VLAN Redirect Configuration screen (Section 5.
Port Configuration Menu Screen How to Access Use the arrow keys to highlight the PORT CONFIGURATION MENU item on the Device Configuration Menu screen and press ENTER. The Port Configuration Menu screen, Figure 5-1, screen displays.
Ethernet Interface Configuration Screen Table 5-1 Port Configuration Menu Screen Menu Item Descriptions (Continued) Menu Item Screen Function HSIM/VHSIM CONFIGURATION Provides access to the HSIM or VHSIM setup screen, depending on the one installed in the device. The screens for optional non-Ethernet HSIMs and VHSIMs are described in their respective user’s guides. For details, refer to Section 5.4. REDIRECT CONFIGURATION MENU When the operational mode is set for 802.
Ethernet Interface Configuration Screen How to Access Use the arrow keys to highlight the ETHERNET INTERFACE CONFIGURATION menu item on the Port Configuration Menu screen and press ENTER. The Ethernet Interface Configuration screen, Figure 5-2, displays.
Ethernet Interface Configuration Screen Table 5-2 Ethernet Interface Configuration Screen Field Descriptions (Continued) Use this field… To… Port Type (Read-Only) See the type of interface using the name of the physical port type. For the Ethernet 10/100 Mbps ports in the SmartSwitch device, FE-100TX will be displayed. If a Fast Ethernet port is installed via an optional HSIM, the interface displayed may be FE-100TX or FE100-FX.
Ethernet Interface Configuration Screen Table 5-2 Ethernet Interface Configuration Screen Field Descriptions (Continued) Use this field… To… FDX FC (Read-Only) See the current full duplex flow control setting. Flow control is used to manage the transmission between two devices as specified by IEEE 802.3x to prevent receiving ports from being overwhelmed by frames from transmitting devices. One of the following values is displayed: Sym, AsymRx, AsymTx, Off, or NA.
Ethernet Port Configuration Screen 5.3 ETHERNET PORT CONFIGURATION SCREEN When to Use To change the operating mode of a specific Ethernet interface, such as the speed, duplex, auto-negotiation, advertised ability, and the flow control settings. Configuring optional Fast Ethernet or Gigabit Ethernet ports is also done on this screen. How to Access Use the arrow keys to highlight the desired Ethernet port on the Ethernet Interface Configuration screen and press ENTER.
Ethernet Port Configuration Screen Field Descriptions Refer to Table 5-3 for a functional description of each screen field. Table 5-3 Ethernet Port Configuration Screen Field Descriptions Use this field… To… Interface (Read-Only) See the Interface number. Physical Port (Read-Only) See the number of the physical port on the interface. Default Speed (Selectable) See the current operational speed in Mbps. Display options are 10, 100, and 1000.
Ethernet Port Configuration Screen Table 5-3 Ethernet Port Configuration Screen Field Descriptions (Continued) Use this field… To… Advertised Ability (Selectable) Select the port advertised mode of operation. In normal operation, with all capabilities enabled, the port “advertises” that it has the ability to operate in any mode. The user may choose to set up the port so that only a portion of the available capabilities are advertised and the others are disabled.
Ethernet Port Configuration Screen Table 5-3 Ethernet Port Configuration Screen Field Descriptions (Continued) Use this field… To… Full Duplex Flow Control (Selectable) Set the flow control feature on each port for a specific mode. The choices are as follows: Symmetric – the port operates in Symmetric mode, causing the port to interpret received PAUSE frames and allow the port to transmit PAUSE frames when necessary at any speed connection.
Ethernet Port Configuration Screen 5.3.1 Selecting Settings All selectable or toggle fields other than Advertised Ability can be changed by following this procedure: 1. Use the arrow keys to highlight the field to be changed. 2. Use the SPACE bar or BACKSPACE key to step or toggle through the selections. 3. Press the ENTER key when the desired selection is displayed. 4. Use the arrow keys to highlight the SAVE command at the bottom of the screen. Press ENTER. The selection is saved for that interface.
HSIM/VHSIM Configuration Screen 5.4 HSIM/VHSIM CONFIGURATION SCREEN When to Use To configure an optional HSIM or VHSIM. NOTE: The HSIM/VHSIM Configuration menu item can only be selected when a non-Ethernet HSIM or VHSIM is installed in the SmartSwitch device. When selected, the applicable setup screen for that interface displays. This only applies to HSIMs and VHSIMs that can support WAN, FDDI or ATM. Refer to the appropriate HSIM or VHSIM user’s guide to set its operating parameters.
Redirect Configuration Menu Screen How to Access Use the arrow keys to highlight the REDIRECT CONFIGURATION MENU item on the Port Configuration Menu screen and press ENTER. The Redirect Configuration Menu screen, Figure 5-4, displays. Screen Example Figure 5-4 Redirect Configuration Menu Screen PORT REDIRECT CONFIGURATION VLAN REDIRECT CONFIGURATION EXIT RETURN 30691_23 Menu Descriptions Refer to Table 5-1 for a functional description of each menu item.
Port Redirect Configuration Screen 5.6 PORT REDIRECT CONFIGURATION SCREEN NOTE: If the device is operating in the SecureFast VLAN Mode, the Port Redirect Configuration screen will display instead of the Redirect Configuration Menu screen. The VLAN Redirect Configuration screen is not available in SECURE FAST VLAN mode. When to Use To redirect frames from one source port to one destination port on the SmartSwitch device.
Port Redirect Configuration Screen Figure 5-5 Port Redirect Configuration Screen Source Port -------------------1 Destination Port ---------------------2 Frame Format --------------------NORMAL Redirect Errors --------------------ON 3 4 TAGGED ON 6 9 UNTAGGED OFF -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Source Port [1] Destination Port [1] Frame Format [UNTAGGED] Redirect Errors [OFF] PREVIOUS SAVE NEXT -Status EXIT [ADD] RETURN 30691_24 Field D
Port Redirect Configuration Screen Table 5-5 Port Redirect Configuration Screen Field Descriptions (Continued) Use this field… To… Redirect Errors (Read-Only) See whether the corresponding source ports are configured ON to send errored frames to the destination ports, or OFF to drop all errored frames and only forward valid frames to the destination ports. All redirected error frames display in the way they were received or transmitted on the source port, regardless of the frame format setting.
Port Redirect Configuration Screen 5. Use the arrow keys to highlight the Frame Format field near the bottom of the screen. 6. Use the SPACE bar or BACKSPACE key to step to the appropriate frame format setting (NORMAL, TAGGED, or UNTAGGED) for the selected Destination Port. 7. Use the arrow keys to highlight the Redirect Errors field near the bottom of the screen. 8. Use the SPACE bar to select either the ON or OFF option and press ENTER.
VLAN Redirect Configuration Screen 5.7 VLAN REDIRECT CONFIGURATION SCREEN NOTE: When the SmartSwitch device is operating as a SecureFast VLAN switch, this screen will not display. The Port Redirect Configuration screen is the only redirect screen that will display. When to Use To select a source VLAN ID and a destination port. For example, VLAN ID 1 can be set as the source VLAN with port 2 as the destination port.
VLAN Redirect Configuration Screen Screen Example Figure 5-6 VLAN Redirect Configuration Screen Source VLAN --------------------1 Destination Port ---------------------2 3 4 TAGGED UNSUPPORTED 6 9 UNTAGGED UNSUPPORTED -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Source VLAN [1] Destination Port [1] Frame Format [UNTAGGED] Redirect Errors Unsupported PREVIOUS SAVE Frame Format -------------------RECEIVED NEXT Redirect Errors --------------------UNSUPP
VLAN Redirect Configuration Screen Table 5-6 VLAN Redirect Configuration Screen Field Descriptions Use this field… To… Frame Format (Read-Only) See the current frame format setting: RECEIVED, TAGGED or UNTAGGED. The default is RECEIVED. • RECEIVED – Frames are redirected in the format that they were received by the SmartSwitch device. • TAGGED – Frames are transmitted on the destination port with a VLAN tag inserted according to the frame classification of the receiving port.
VLAN Redirect Configuration Screen 3. Use the arrow keys to highlight the Destination Port field near the bottom of the screen. 4. Use the SPACE bar or BACKSPACE key to step to the appropriate port number for the destination port. 5. Use the arrow keys to highlight the Frame Format field near the bottom of the screen. 6. Use the SPACE bar or BACKSPACE key to step to the appropriate frame format setting (RECEIVED, TAGGED, or UNTAGGED) for the selected Destination Port. 7.
Broadcast Suppression Configuration Screen 5.8 BROADCAST SUPPRESSION CONFIGURATION SCREEN NOTE: The Broadcast Suppression Configuration screen is not available if the operational mode of the device is set to SECURE FAST VLAN. This screen can only be used when the device is configured to operate as an 802.1Q switch. Section 4.2.9 describes how to set the operational mode. Broadcast frames received above the threshold setting are dropped.
Broadcast Suppression Configuration Screen Field Descriptions Refer to Table 5-7 for a functional description of each screen field. Table 5-7 Broadcast Suppression Configuration Screen Field Descriptions Use this field… To… PORT # (Read-Only) Identify the number of the port. Total RX (Read-Only) See the total number of broadcast frames received. Peak Rate (Read-Only) See the highest number of broadcast frames received in a one-second interval.
Broadcast Suppression Configuration Screen 5.8.2 Setting the Reset Peak To set the Reset Peak field to YES or NO, proceed as follows: 1. Use the arrow keys to highlight the Reset Peak field for the selected port. 2. Press the SPACE bar to select YES or NO. 3. Use the arrow keys to highlight the SAVE command at the bottom of the screen. 4. Press ENTER. The message “SAVED OK” displays and the Time Since Peak field is also reset.
6 802.1 Configuration Menu Screens This chapter describes the 802.1 Configuration Menu screen and the following screens that may be selected from its menu: NOTE: The following screens are not available when the SmartSwitch device is operating in the SecureFast mode. • Switch Configuration screen (Section 6.2) • 802.1Q VLAN Configuration Menu screen (Chapter 7) • 802.1 Priority Configuration Menu screen (Section 6.3) • Port Priority Configuration screen (Section 6.
802.1 Configuration Menu Screen 6.1 802.1 CONFIGURATION MENU SCREEN When to Use To access the Switch Configuration, 802.1Q VLAN Configuration Menu, 802.1 Priority Configuration Menu, GARP Configuration Menu, and Rate Limiting Configuration screens. NOTE: The 802.1 Configuration Menu screen is not available if the operational mode of the device is set to SECURE FAST VLAN. This screen can only be used when the SmartSwitch device is configured to operate as an 802.1Q switch.
802.1 Configuration Menu Screen Menu Descriptions Refer to Table 6-1 for a functional description of each menu item. Table 6-1 802.1 Configuration Menu Screen Menu Item Descriptions Menu Item Screen Function SWITCH CONFIGURATION Provides the basic setup options for customizing the operation of a SmartSwitch device in the network. For details, refer to Section 6.2. 802.1Q VLAN CONFIGURATION MENU Used to select the screens for configurating and managing VLANs.
Switch Configuration Screen 6.2 SWITCH CONFIGURATION SCREEN NOTE: The Switch Configuration screen is not available if the operational mode of the device is set to SECURE FAST VLAN. This screen can only be used when the device is configured to operate as an 802.1Q switch. When to Use To set the type of Spanning Tree Algorithm (802.1D, DEC, or NONE) and the aging time used for deleting old entries in the filtering database. The Switch Configuration screen, Figure 6-2, provides the basic setup options.
Switch Configuration Screen Screen Example Figure 6-2 Switch Configuration Screen Switch Address: 00-00-1D-00-00-00 Number of Ports: 27 Type of STA: [DEC] Age Time (sec): 300 Port # MAC Address State Status 1 00-00-1D-00-00-00 learning [ENABLED] 2 00-00-1D-00-00-01 listening [DISABLED] 3 00-00-1D-00-00-02 forwarding [ENABLED] 4 00-00-1D-00-00-03 learning [DISABLED] 5 00-00-1D-00-00-04 listening [ENABLED] 6 00-00-1D-00-00-05 blocking [DISABLED] 7 00-00-1D-00-00-06 listeni
Switch Configuration Screen Table 6-2 Switch Configuration Screen Field Descriptions (Continued) Use this field… To… Age Time (Modifiable) Set the amount of time (in seconds) that the SmartSwitch device keeps an address in its filtering database before discarding it. An address is automatically discarded when a valid frame is not received from that address within the time specified in the Age Time field. To change the Age Time field from the default value of 300 seconds, refer to Section 6.2.2.
Switch Configuration Screen 6.2.1 Setting the STA The Spanning Tree Algorithm (STA) setting is used to set the method that the SmartSwitch devices use to decide which is the controller (Root) switch when two or more switches are in parallel. The available selections are IEEE, DEC, and NONE. To set the STA, proceed as follows: 1. Use the arrow keys to highlight the Type of STA field. 2. Use the SPACE bar to step to the appropriate setting of IEEE, DEC, or NONE. 3.
802.1 Priority Configuration Menu Screen 6.3 802.1 PRIORITY CONFIGURATION MENU SCREEN NOTE: The 802.1 Priority Configuration Menu screen does not display when the operational mode of the device is set to SECURE FAST VLAN. Section 4.2.9 provides instructions for setting the operational mode. When to Use To access the Port Priority Configuration, Advanced Port Priority Configuration, Transmit Queues Configuration, and Priority Classification Configuration screens.
802.1 Priority Configuration Menu Screen Figure 6-3 802.1 Priority Configuration Menu Screen PORT PRIORITY CONFIGURATION ADVANCED PORT PRIORITY CONFIGURATION TRANSMIT QUEUES CONFIGURATION PRIORITY CLASSIFICATION CONFIGURATION EXIT RETURN 25044-86w Menu Descriptions Refer to Table 6-3 for a functional description of each screen menu item. Table 6-3 802.
Port Priority Configuration Screen Table 6-3 802.1 Priority Configuration Menu Screen Menu Item Descriptions (Continued) Menu Item Screen Function PRIORITY CLASSIFICATION CONFIGURATION Used to assign transmit priorities to protocol types of received frames and to access the Protocol Port Configuration screen to add or delete transmitting ports associated with a specific priority. For details, refer to Section 6.7. 6.
Port Priority Configuration Screen Screen Example Figure 6-4 Port Priority Configuration Screen Port # Priority Port # Priority 1 [0] 13 [4] 2 [2] 14 [4] 3 [2] 14 [4] 4 [3] 16 [4] 5 [3] 17 [4] 6 [4] 18 [6] 7 [4] 19 [6] 8 [0] 20 [6] 9 [5] 21 [1] 10 [6] 22 [1] 11 [6] 23 [1] 12 [7] 24 [1] Set All Switch Port's Priority PREVIOUS SAVE NEXT [3] EXIT RETURN 25042-87w Field Descriptions Refer to Table 6-4 for a functional description of each screen field.
Port Priority Configuration Screen Table 6-4 Port Priority Configuration Screen Field Descriptions (Continued) Use this field … To… Set All Switch Port’s Priority (Selectable) Set all ports to one default transmit priority. A value of 0 through 7 (with 0 being the lowest priority and 7 the highest) can be selected that will apply to all ports. To set the default transmit priority for all ports, refer to Section 6.4.2. 6.4.
Advanced Port Priority Configuration Screen 6.5 ADVANCED PORT PRIORITY CONFIGURATION SCREEN NOTE: The Advanced Port Priority Configuration screen does not display when the operational mode of the device is set to SECURE FAST VLAN. Section 4.2.9 provides instructions for setting the operational mode. When to Use To set the Priority/Queue Mapping and Priority Regeneration for a particular port and also can be used to change the default port priority used in the device.
Advanced Port Priority Configuration Screen How to Access Use the arrow keys to highlight the ADVANCED PORT PRIORITY CONFIGURATION menu item on the 802.1 Priority Configuration Menu screen and press ENTER. The Advanced Port Priority Configuration screen, Figure 6-5, displays.
Advanced Port Priority Configuration Screen Field Descriptions Refer to Table 6-5 for a functional description of each screen field. Table 6-5 Advanced Port Priority Configuration Screen Field Descriptions Use this field… To… Priority (Read-Only) See the list of the eight priorities, 0 through 7. TX Queue (Selectable) Enable the frames with a certain priority to be mapped to transmit according to one of four TX queues (0 through 3) with 0 being the lowest transmit level.
Advanced Port Priority Configuration Screen Table 6-5 Advanced Port Priority Configuration Screen Field Descriptions (Continued) Use this field… To… TX Priority (Selectable) Enable the frames with a certain RX priority to be changed to transmit according to a different TX priority (0 through 7) within the device. The following describes how frames of learned traffic are handled within the device. NOTE: The priority is only changed while the device is processing the frame.
Advanced Port Priority Configuration Screen 6.5.1 Setting the TX Mapping Queues To set the TX queue for frames with a particular priority, proceed as follows: 1. Use the arrow keys to highlight the Port # field. 2. Type in the number of the port to which the TX queue setting will be applied. 3. Use the arrow keys to highlight the Default Priority field. The screen refreshes and displays the current settings of the port in the Port # field. 4.
Transmit Queues Configuration Screen 2. Type in the number of the port having the default priority changed. 3. Use the arrow keys to highlight the Default Priority field at the bottom of the screen. The screen refreshes and displays the current settings of the port in the Port # field. 4. Press the SPACE bar to step to the appropriate value, 0 through 7. The 0 selection is the lowest level priority. 5. Use the arrow keys to highlight the SAVE command at the bottom of the screen. 6. Press ENTER.
Transmit Queues Configuration Screen How to Access Use the arrow keys to highlight the TRANSMIT QUEUES CONFIGURATION menu item on the 802.1 Priority Configuration Menu screen and press ENTER. The Transmit Queues Configuration screen, Figure 6-6, displays.
Transmit Queues Configuration Screen Field Descriptions Refer to Table 6-6 for a functional description of each screen field. Table 6-6 Transmit Queues Configuration Screen Field Descriptions Use this field … To… Current Queueing Mode (Toggle) Toggle between the STRICT 802.1 and WEIGHTED mode. The default setting is STRICT 802.1. To set the mode, refer to Section 6.6.1.
Transmit Queues Configuration Screen 6.6.1 Setting the Current Queueing Mode To set the current queueing mode for a particular port, proceed as follows: 1. Use the arrow keys to highlight the Port field. 2. Press the SPACE bar to step to the appropriate port number. The port type displays to the right of the Port number field. TIP: To display the current port settings, press ENTER after selecting the port number. 3. Use the arrow keys to highlight the Current Queueing Mode field. 4.
Priority Classification Configuration Screen 6.7 PRIORITY CLASSIFICATION CONFIGURATION SCREEN NOTE: The Priority Classification Configuration screen does not display when the operational mode of the device is set to SECURE FAST VLAN. Section 4.2.9 provides instructions for setting the operational mode. When to Use To perform the following functions: • Display the current Priority, Classification, and Description entries of each classification rule.
Priority Classification Configuration Screen Screen Example Figure 6-7 Priority Classification Configuration Screen PID 7 6 1 1 5 Description IP: 123.123.030.006 Mask: 255.255.255.255.255 IP: 123.123.030.007 Mask: 255.255.255.255.255 0x8137 0x0800 0x9999 Classification Bilateral IP Address Dest IP Address Ethernet II Type Ethernet II Type 802.3 SAP PID: CLASSIFICATION: 5 ADD IP ADDRESS: MASK: [ Bil IP Address ] 123.123.030.
Priority Classification Configuration Screen Table 6-7 Priority Classification Configuration Screen Field Descriptions (Continued) Use this field … To… PID – bottom of screen (Modifiable) Enter the PID that will be associated with the classification selected in the Classification field. A PID from 0 to 7 may be typed into the field, where 0 is the lowest priority and 7 is the highest priority. For details on how to enter the PID/Classification, refer to Section 6.7.4.
Priority Classification Configuration Screen Table 6-8 provides a list of the Classifications that can be selected in the Classification field and the associated subclassifications. NOTE: The bold type in the table indicates a user entry. Table 6-8 Classification List Classification Subclassification and Options Ethernet II Type> Ethernet II Type: - IPX - DOD IP - ARP - RARP - AppleTalk - Banyan Vines - DECNET - CUSTOM > 802.3 SAP> SSAP/DSAP (803.
Priority Classification Configuration Screen Table 6-8 Classification List (Continued) Classification Subclassification and Options IP TOS Type of Service: New IP TOS: - NO CHANGE - TOS=PID - CUSTOM> 0x0000 IP Protocol Type IP Protocol Type: New IP TOS: - NO CHANGE - TOS=PID - CUSTOM> TCP Same Same Same Same Same - UDP - ICMP - IGMP - OSPF - CUSTOM > IPX COS IPX Class Of Service: Custom or Mask Value TOS: Value = 0x00 (Range: 0 - 255) TOS: Value = 0x00 (Range: 0 - 255) Protocol Type: 000
Priority Classification Configuration Screen Table 6-8 Classification List (Continued) Classification Subclassification and Options Custom or Mask Value Src IP Address IP Address: Mask: New IP TOS: - NO CHANGE - TOS=PID - CUSTOM> 000.000.000.000 000.000.000.000 Dest IP Address IP Address: Mask: New IP TOS: - NO CHANGE - TOS=PID - CUSTOM> 000.000.000.000 000.000.000.000 Bil IP Address IP Address: Mask: New IP TOS: - NO CHANGE - TOS=PID - CUSTOM> 000.000.000.000 000.000.000.
Priority Classification Configuration Screen Table 6-8 Classification List (Continued) Classification Subclassification and Options Dest IPX Network IPX Network Num: Custom or Mask Value 0x00000000 Bil IPX Network IPX Network Num: 0x00000000 Src UDP Port IP UDP Port: New IP TOS: - NO CHANGE - TOS=PID - CUSTOM> - FTP Data Same Same Same Same Same Same Same Same Same Same Same Same Same Same Same Same - FTP - BOOTP Server - BOOTP Client - RIP - Telnet - TFTP - HTTP - DNS - SMTP - POP3 - IMAP2 - I
Priority Classification Configuration Screen Table 6-8 Classification List (Continued) Classification Subclassification and Options Bil UDP Port IP UDP Port: Same selections as for Src UDP Port Same selection as for Src UDP Port Classification Src TCP Port TCP Port: New IP TOS: - NO CHANGE - TOS=PID - CUSTOM> - FTP Data Same Same Same Same Same Same Same Same Same Same Same Same Same Same Same Same - FTP - BOOTP Server - BOOTP Client - RIP - Telnet - TFTP - HTTP - DNS - SMTP - POP3 - IMAP2 - I
Priority Classification Configuration Screen Table 6-8 Classification List (Continued) Classification Subclassification and Options Bil TCP Port TCP Port: Same selections as for Src TCP Port Same selection as for Src TCP Port Classification Src IPX Socket IPX Socket: - NCP - SAP - RIP - NETBIOS - Diagnostics - NLSP - IPX WAN - CUSTOM > Dest IPX Socket IPX Socket Type: 00000 IPX Socket Type: 00000 IPX Socket: Same selection as for Src IPX Socket Classification Src MAC Address MAC Address: 00-00
Priority Classification Configuration Screen Table 6-8 Classification List (Continued) Classification Subclassification and Options Custom or Mask Value IP Fragments1 New IP TOS: - NO CHANGE - TOS=PID - CUSTOM> TOS: Value = 0x00 (Range: 0 - 255) IP Fragments2 Start: End: New IP TOS: - NO CHANGE - TOS=PID - CUSTOM> 00000 00000 Dest UDP Range Start: End: New IP TOS: - NO CHANGE - TOS=PID - CUSTOM> 00000 00000 Bil UDP Range Start: End: New IP TOS: - NO CHANGE - TOS=PID - CUSTOM> 00000
Priority Classification Configuration Screen Table 6-8 Classification List (Continued) Classification Subclassification and Options Custom or Mask Value Src TCP Port Start: End: New IP TOS: - NO CHANGE - TOS=PID - CUSTOM> 00000 00000 Dest TCP Port Start: End: New IP TOS: - NO CHANGE - TOS=PID - CUSTOM> 00000 00000 Bil TCP Port Start: End: New IP TOS: - NO CHANGE - TOS=PID - CUSTOM> 00000 00000 TOS: Value = 0x00 (Range: 0 - 255) TOS: Value = 0x00 (Range: 0 - 255) TOS: Value = 0x00 (Ra
Priority Classification Configuration Screen Table 6-9 lists the ISO Layer, associated classification and precedence levels. NOTE: In Table 6-9, the following applies: – Highest precedence is 1a. – Lowest precedence is 6. – Exact Match indicates a match of an explicitly defined address. – Best Match indicates a match of an entire subnet, or range of addresses within a subnet.
Priority Classification Configuration Screen Table 6-9 Classification Precedence (Continued) Classification Type Precedence Level Layer 3 (Continued) Source IPX Network Number 2a Destination IPX Network Number 2b IP Fragments 3 Layer 4 6-34 UDP Port Source 4a UDP Port Destination 4b TCP Source Port 4a TCP Destination Port 4b IPX Socket Source 4a IPX Socket Destination 4b UDP Source Port 4a UDP Source Port Range 4b 802.
Priority Classification Configuration Screen Table 6-9 Classification Precedence (Continued) Classification Type Precedence Level Layer 4 (Continued) UDP Dest Port 4c UDP Dest Port Range 4d TCP Source Port 4a TCP Source Port Range 4b TCP Dest Port 4c TCP Dest Port Range 4d The following example shows how the precedence concept can be applied: Example A network administrator has defined the following two classifications involving priorities: • All frames with an IP TOS value of AA (Layer
Priority Classification Configuration Screen 6.7.2 About the IP Rewrite Function The Type of Service (TOS) field [also known as the Differential Services (DF) field in RFC 2474] is an 8-bit field. It is located in the IP packet and used by a device to indicate the precedence or priority of a given frame (see Figure 6-8). The TOS layer-3 priority indicator enables the ability to signal the frame priority from end to end as the frame makes its way through the network.
Priority Classification Configuration Screen 6.7.4 Assigning a Classification to a PID NOTE: It is strongly recommended that you read Section 6.7.1 for more information concerning classification before configuring the SmartSwitch device. Incorrect configuration will affect network operation. To add a Classification Rule, proceed as follows: 1. Use the arrow keys to highlight the PID (priority identification) field. 2.
Protocol Port Configuration Screen 6.7.5 Deleting PID/Classification/Description Line Items All, or one or more, line items can be deleted as follows: Deleting All Line Items To delete all configured Classification Rules, use the arrow keys to highlight the DEL ALL command field and press ENTER. Deleting One or More Line Items To delete one or more Classification Rules, mark each entry and then delete them, as follows: 1. Use the arrow keys to highlight a line to be deleted. 2.
Protocol Port Configuration Screen Screen Example Figure 6-9 Protocol Port Configuration Screen Classification Rule Field 1 Ether II Type Port 1 2 3 4 5 6 7 8 Classify [NO ] [NO ] [NO ] [NO ] [NO ] [NO ] [NO ] [NO ] 0x0800 (DOD IP) Port 9 10 11 12 13 14 15 16 Classify [NO ] [NO ] [NO ] [NO ] [NO ] [NO ] [NO ] [NO ] Port 17 18 19 20 21 22 23 24 Classify [NO ] [NO ] [NO ] [NO ] [NO ] NO [NO ] [NO ] Port 25 26 27 28 29 30 31 32 Classify [NO ] [NO ] [NO ] [
Protocol Port Configuration Screen Table 6-10 Protocol Port Configuration Screen Field Descriptions (Continued) Use this field… To… Port (Read-Only) See the number of each port. Classify (Toggle) See which ports are set to the PID/Classification indicated in the Classification Rule field (see Figure 6-9). The Classify field toggles between YES and NO, which determines whether or not the associated port is set to the Classification Rule.
Example, Prioritizing Traffic According to Classification Rule Assigning All Ports Simultaneously 1. Use the arrow keys to highlight the SET ALL PORTS command field. 2. Press the SPACE bar to toggle the SET ALL PORTS field to YES or NO and press ENTER. This setting determines whether or not all the ports are set to the PID/Classification shown in the Classification Rule field. 3. Use the arrow keys to highlight the SAVE command at the bottom of the screen. 4. Press ENTER.
Example, Prioritizing Traffic According to Classification Rule Switch 1 The following settings are done using the Priority Classification Configuration screen to assign the classification to the priority. Then the Protocol Port Configuration screen is used to assign the ports to the appropriate priority and classification. NOTE: In the two settings below, the subnet mask is set to 255.255.255.255. This means that frames with a source or destination address of 123.123.30.6 or 123.123.30.
Rate Limiting Configuration Screen 6.10 RATE LIMITING CONFIGURATION SCREEN NOTE: The Rate Limiting function is not supported on SmartTrunk ports. When to Use To limit the rate of traffic entering and leaving the SmartSwitch device on a per port/priority basis. Up to two inbound rules and two outbound rules can be programmed per port to control traffic according to the priority entries. The rules also contain the programmed traffic rate. The allowable range for the rate limit is 1 kbps to 1 Gbps.
Rate Limiting Configuration Screen Screen Example Figure 6-11 Rate Limiting Configuration Screen Maximum Port # Priority List Direction Dropped Events 1 0, 1, 2, 3, 4 500 kbps Inbound 4294967295 1 0, 1, 2, 3, 4 500 kbps Outbound 1 5, 6, 7 500 kbps Inbound 1 5, 6, 7 500 kbps Outbound 0 5 1, 2, 3 500 kbps Outbound 0 5 1, 2, 3 500 kbps Outbound 10 5, 6, 7 1000 kbps Feature: ENABLED ADD Max Traffic Rate [ Port Number ] Port: DEL ALL 1 NEXT 1638067 Inbound Priority List
Rate Limiting Configuration Screen Table 6-11 Rate Limiting Configuration Screen Field Descriptions (Continued) Use this field… To… Max Traffic Rate – top of screen (Read-Only) See the maximum traffic rate set for each port entry. There can be up to four entries (two for Inbound and two for Outbound traffic) for the same port. However, there must be a different priority for each Inbound entry on a port, and the same holds true for two Outbound entries.
Table 6-11 Rate Limiting Configuration Screen Field Descriptions (Continued) Use this field… To… Priority List – bottom of screen (Selectable) Assign one or more priorities to the port being configured. The settings available are 0, 1, 2, 3, 4, 5, 6, 7, or ALL. When the Priority List is highlighted, the SPACE bar is used to step to the priority, which must be marked with an asterisk (*) using the M key. More than one priority may be selected and marked for each port.
Rate Limiting Configuration Screen Table 6-11 Rate Limiting Configuration Screen Field Descriptions (Continued) Use this field… To… Max Rate: kbps – bottom of screen (Modifiable) Enter the maximum transmission rate for this entry. The maximum transmission rate includes all frames associated with the priorities selected in the Priority List field. The minimum setting is 100 (100 kbps). For details on configuring a port, refer to Section 6.10.1.
Rate Limiting Configuration Screen 3. Use the arrow keys to highlight the field below the Priority List field. 4. Select the priority setting(s) for the port as follows: a. Use the SPACE bar to step to a priority setting: ALL, 0, 1, 2, 3, 4, 5, 6, or 7. b. Press the M key to mark the desired priority with an asterisk. c. If more than one priority is to be selected for the port being configured, repeat step a and b for each additional selection. NOTE: At least one priority must be marked to create an entry.
Rate Limiting Configuration Screen Changing One or More Line Items To change the configuration values in a line item, that line item must be deleted and replaced with a new entry with the correct configuration values. The new settings can then be configured and added. Deleting All Line Items To delete all configured line items, use the arrow keys to highlight the DEL ALL command field and press ENTER.
Rate Limiting Configuration Screen In Multi-Dwelling-Units (MDU) or similar environments, the Rate Limiting feature can be activated per port to adjust the usable bandwidth on a 10 Mbps Ethernet or other type of physical connection. In residential housing, the service provider may offer multiple internet service packages, each offering different bandwidth at a different price. These offerings can be supported using low cost 10 Mbps Ethernet ports wired to each dwelling.
7 802.1Q VLAN Configuration Menu Screens NOTE: It is strongly recommended to read Chapter 12 to obtain an understanding of VLANs and the associated terminology; how to use the VLAN Configuration screens to create VLANs; examples of how to configure VLANs in switches to solve a problem; and details on how frames are handled as they travel through the network. This chapter describes the 802.
Summary of VLAN Local Management 7.1 SUMMARY OF VLAN LOCAL MANAGEMENT The VLAN configuration process is an extension of normal Local Management operations. A series of Local Management screens provides access to the functions and commands necessary to add, change, or delete VLANs and to assign ports to those VLANs. The VLAN Configuration screens are a standard part of Local Management hierarchy when the switch is configured to operate in 802.1Q Mode.
802.1Q VLAN Configuration Menu Screen 7.2 802.1Q VLAN CONFIGURATION MENU SCREEN When to Use To select screens to assign switched network ports to VLANs, define new VLANs, and configure port filtering according to a VLAN list or untagged frames. Network users can be logically grouped into VLANs even if they span long physical distances over a vast, intricate physical network. The VLAN Local Management menu items listed on the 802.
802.1Q VLAN Configuration Menu Screen How to Access Use the arrow keys to highlight the 802.1Q VLAN CONFIGURATION MENU item on the 802.1 Configuration Menu screen and press ENTER. The 802.1Q VLAN Configuration Menu screen, Figure 7-2, displays. Screen Example Figure 7-2 802.1Q VLAN Configuration Menu Screen DEVICE VLAN CONFIGURATION PORT ASSIGNMENT CONFIGURATION PORT FILTERING CONFIGURATION VLAN FORWARDING CONFIGURATION VLAN CLASSIFICATION CONFIGURATION EXIT RETURN 30691-85 7-4 802.
802.1Q VLAN Configuration Menu Screen Menu Descriptions Refer to Table 7-1 for a functional description of each menu item. Table 7-1 802.1Q VLAN Configuration Menu Screen Menu Item Descriptions Menu Item Screen Function DEVICE VLAN CONFIGURATION Used to view, add, name, enable, or disable VLANs within the SmartSwitch device, and also associate the VLANs to a Filter Database ID (FID). It also enables the user to configure attributes that apply to the entire switch and/or VLANs. Refer to Section 7.
Device VLAN Configuration Screen 7.3 DEVICE VLAN CONFIGURATION SCREEN When to Use To define the operating characteristics of the switch to add, name, delete, enable, and disable VLANs, and assign VLANs to FIDs. The screen can display up to eight VLANs simultaneously. How to Access Use the arrow keys to highlight the DEVICE VLAN CONFIGURATION menu item on the 802.1Q VLAN Configuration Menu screen and press ENTER. The Device VLAN Configuration screen, Figure 7-3, displays.
Device VLAN Configuration Screen Field Descriptions Refer to Table 7-2 for a functional description of each screen field. Table 7-2 Device VLAN Configuration Screen Field Descriptions Use this field … To … Forward Default VLAN Out All Ports (Toggle) Assign or remove the default VLAN from the Port VLAN List for all ports. When set to YES, the default VLAN is added to the Port VLAN List of all ports that do not already include it.
Device VLAN Configuration Screen Table 7-2 Device VLAN Configuration Screen Field Descriptions (Continued) Use this field … To … VLAN Name – bottom of screen (Modifiable) Assign or change names of VLANs. The VLAN Name (with up to 32 characters) is an optional attribute of a VLAN, and is not required for VLAN operation. ADD/DEL (Toggle) Toggle the action taken between adding the entered VLAN to the switch or deleting the selected VLAN from the switch. 7.3.
Device VLAN Configuration Screen 7.3.2 Changing the VLAN to FID Association To change the association of a VLAN to a FID, proceed as follows: 1. Use the arrow keys to highlight the VLAN ID field. 2. Enter the VLAN ID of the VLAN of which the FID association is to be changed. If an illegal number is entered, the Event Message Line will display: “PERMISSIBLE RANGE FOR VLAN IDS: 2 to 1094” and the field will refresh with the previous value. 3. Use the arrow keys to highlight the FID field. 4.
Device VLAN Configuration Screen 7.3.4 Deleting a VLAN To delete a VLAN from the current VLAN list, proceed as follows: 1. Enter the VLAN ID. The VLAN Name field will automatically update to display the VLAN’s name if that VLAN has been previously configured. 2. Use the arrow keys to highlight the ADD/DEL field. 3. Press the SPACE bar to select DEL. Press ENTER. The VLAN is removed from the list. The message “VLAN DELETED” displays in the Event Message Line in the upper left-hand corner of the screen. 4.
Port Assignment Configuration Screen 7.3.7 Changing the Forwarding Mode To change the forwarding mode of the switch, proceed as follows: 1. Use the arrow keys to highlight the Forward Default VLAN Out All Ports field. 2. Press the SPACE bar or BACKSPACE to toggle between YES and NO. The YES selection places the default VLAN (VLAN ID=1) in the Port VLAN Lists of all ports on the switch.
Port Assignment Configuration Screen Screen Example Figure 7-4 Port Assignment Configuration Screen Port Port Mode VLAN ID FID 1 2 3 4 5 6 7 8 9 10 11 12 [1D TRUNK] [1Q TRUNK] [HYBRID] [HYBRID] [HYBRID] [HYBRID] [HYBRID] [HYBRID] [HYBRID] [HYBRID] [HYBRID] [HYBRID] [0001] [0001] [0001] [0001] [0001] [0001] [0001] [0001] [0001] [0001] [0001] [0001] 0001 0001 0001 0001 0001 0001 0001 0001 0001 0001 0001 0001 SAVE PREVIOUS VLAN Name Default Default Default Default Default Default Default Default D
Port Assignment Configuration Screen Table 7-3 Port Assignment Configuration Screen Field Descriptions (Continued) Use this field … To … FID (Read-Only) See the FID associated with the VLAN ID. This field updates as the associated VLAN ID field is changed. VLAN Name (Read-Only) See the name that is associated with the current VLAN ID. If a name was not assigned to a VLAN, “NOT DEFINED” displays as the VLAN name. 7.4.
Port Assignment Configuration Screen 7.4.2 Assigning a VLAN ID The Port Assignment Configuration screen also enables the user to set each port’s VLAN ID (VID) by stepping through a list of all configured VLANs. To assign a VLAN ID to a port in this manner, perform the following steps: NOTE: It may be necessary to use the NEXT and PREVIOUS commands to page through the available ports. For instructions, refer to Section 7.4.3. 1.
Port Filtering Configuration Screen 7.5 PORT FILTERING CONFIGURATION SCREEN When to Use To perform the following functions: • Select a port and view a list of VLANs that are configured to have their frames transmitted out that port. • Filter out certain incoming frames according to the VLAN List and prevent them from being switched and transmitted out another port. • Filter out of all incoming untagged frames so they will not be transmitted out another port.
Port Filtering Configuration Screen Field Descriptions Refer to Table 7-4 for a functional description of each screen field. Table 7-4 Port Filtering Configuration Screen Field Descriptions Use this field … To … VLAN ID (Read-Only) See the VLAN ID of the VLANs that are configured to have their frames transmitted out of the port selected in the Port field. VLAN Name (Read-Only) See the names of the VLANs associated with the VLAN ID. If a VLAN does not have a name, “Not Defined” is displayed.
Port Filtering Configuration Screen 3. To display additional VLANs that do not display in the current screen display, use the NEXT or PREVIOUS commands located at the bottom of the screen, as follows: NOTE: The NEXT and PREVIOUS fields will only display if there are more VLANs in the list to page through. a. To display the next screen, use the arrow keys to highlight NEXT. Press ENTER to view the entries on the next screen. b. To display the previous screen, use the arrow keys to highlight PREVIOUS.
VLAN Forwarding Configuration Screen 7.6 VLAN FORWARDING CONFIGURATION SCREEN When to Use To perform the following functions: • View the ports included in a VLAN’s Forwarding List. • Define which ports to include in the VLAN’s Forwarding List. • Specify the formats of the frames (Tagged or Untagged) that a VLAN port will forward. How to Access Use the arrow keys to highlight the VLAN FORWARDING CONFIGURATION menu item on the 802.1Q VLAN Configuration Menu screen and press ENTER.
VLAN Forwarding Configuration Screen Field Descriptions Refer to Table 7-5 for a functional description of each screen field. Table 7-5 VLAN Forwarding Configuration Screen Field Descriptions Use this field … To … Current VLAN Ports (Read-Only) See the ports that are currently configured to transmit frames classified to the selected VLAN. Port Type (Read-Only) See the MIB2 interface description for the selected switch port.
VLAN Forwarding Configuration Screen 7.6.2 Paging Through VLAN Forwarding List Entries To display additional entries in the VLAN Forwarding List that do not appear on the screen, use the NEXT or PREVIOUS commands located at the bottom of the screen, as follows: 1. To display the next screen, use the arrow keys to highlight NEXT. Press ENTER to view the entries on the next screen. 2. To display the previous screen, use the arrow keys to highlight PREVIOUS.
VLAN Classification Configuration Screen 4. Use the arrow keys to highlight the SAVE command at the bottom of the screen. 5. Press ENTER. The message “SAVED OK” displays and the port is deleted from the VLAN Forwarding List of the selected VLAN. 7.6.5 Changing the Frame Format To change the frame format for a port, proceed as follows: 1. Use the arrow keys to highlight the Port field. Step through the available ports by pressing the SPACE bar or BACKSPACE key. 2.
VLAN Classification Configuration Screen How to Access Use the arrow keys to highlight the VLAN CLASSIFICATION CONFIGURATION menu item on the 802.1Q VLAN Configuration Menu screen and press ENTER. The VLAN Classification Configuration screen, Figure 7-7, displays. Screen Example Figure 7-7 VLAN Classification Configuration Screen VID 7 6 1 1 5 Description IP: 123.123.030.006 Mask: 255.255.255.255.255 IP: 123.123.030.007 Mask: 255.255.255.255.
VLAN Classification Configuration Screen Table 7-6 VLAN Classification Configuration Screen Field Descriptions (Continued) Use this field … To … Classification – top of screen (Selectable) See the classification associated with the VLAN in the VID column. This field may be selected after the screen is saved to call up the Protocol Ports Configuration screen. Description – top of screen (Selectable) Provides a brief description of the classification.
VLAN Classification Configuration Screen Table 7-7 provides a list of the Classifications that can be selected in the Classification field and the associated subclassifications. NOTE: The bold type in the table indicates a user entry.
VLAN Classification Configuration Screen Table 7-7 Classification List (Continued) Classification Subclassification and Options IP TOS Type of Service: Custom or Mask Value 0x0000 IP Protocol Type IP Protocol Type: - IPX COS TCP UDP ICMP IGMP OSPF CUSTOM > Protocol Type: 000 IPX Class Of Service: 000 IPX Packet Type IPX Packet Type: - Src IP Address Dest IP Address Bil IP Address Src IPX Network Hello or SAP RIP Echo Packet Error Packet Netware 386/SAP Seq.
VLAN Classification Configuration Screen Table 7-7 Classification List (Continued) Classification Subclassification and Options Dest IPX Network IPX Network Num: Custom or Mask Value 0x00000000 Bil IPX Network IPX Network Num: 0x00000000 Src UDP Port IP UDP Port: - Dest UDP Port FTP Data FTP BOOTP Server BOOTP Client RIP Telnet TFTP HTTP DNS SMTP POP3 IMAP2 IMAP3 NETBIOS Name Serv NETBIOS Datagram NETBIOS Sess Serv CUSTOM > IP UDP Port: - Same selection as for Src UDP Port Classification Bil UD
VLAN Classification Configuration Screen Table 7-7 Classification List (Continued) Classification Subclassification and Options Src TCP Port TCP Port: - Dest TCP Port FTP Data FTP BOOTP Server BOOTP Client RIP Telnet TFTP HTTP DNS SMTP POP3 IMAP2 IMAP3 NETBIOS Name Serv NETBIOS Datagram NETBIOS Sess Serv CUSTOM > TCP Port Number: 00000 TCP Port: - Same selection as for Src TCP Port Classification.
VLAN Classification Configuration Screen Table 7-7 Classification List (Continued) Classification Subclassification and Options Src IPX Socket IPX Socket: - Dest IPX Socket NCP SAP RIP NETBIOS Diagnostics NLSP IPX WAN CUSTOM > IPX Socket Type: 00000 IPX Socket: - Same selection as for Src IPX Socket Classification Bil IPX Socket Custom or Mask Value IPX Socket Type: 00000 IPX Socket: - Same selection as for Src IPX Socket Classification IPX Socket Type: 00000 1.
VLAN Classification Configuration Screen Table 7-8 lists the ISO Layer, associated classification and precedence levels. NOTE: In Table 7-8, the following applies: – Highest precedence is 1a. – Lowest precedence is 6. – Exact Match indicates a match of an explicitly defined address. – Best Match indicates a match of an entire subnet, or range of addresses within a subnet.
VLAN Classification Configuration Screen Table 7-8 Classification Precedence (Continued) Classification Type Precedence Level Layer 3 (continued) Destination IP Address Exact Match 2c Destination IP Address Best Match 2d Source IPX Network Number 2a Destination IPX Network Number 2b IP Fragments 3 Layer 4 7-30 UDP Port Source 4a UDP Port Destination 4b TCP Source Port 4a TCP Destination Port 4b IPX Socket Source 4a IPX Socket Destination 4b UDP Source Port 4a UDP Source Port R
VLAN Classification Configuration Screen Table 7-8 Classification Precedence (Continued) Classification Type Precedence Level Layer 4 (continued) TCP Source Port 4a TCP Source Port Range 4b TCP Dest Port 4c TCP Dest Port Range 4d The following example shows how the precedence concept can be applied: Example A network administrator has defined the following two classifications involving VLANs: • All frames with a UDP Port Source number of 55 (Layer 4, precedence level 4a) are assigned to the R
VLAN Classification Configuration Screen 7.7.3 Assigning a Classification to a VID NOTE: It is strongly recommended that you read Section 7.7.1 for more information concerning classification before configuring the SmartSwitch device. Incorrect configuration will affect network operation. To assign a Classification to a VID, proceed as follows: 1. Use the arrow keys to highlight the VID (VLAN identification) field. 2. Type in the appropriate VID. Press ENTER. 3.
VLAN Classification Configuration Screen 7.7.4 Deleting Line Items All, or one or more, line items can be deleted as follows: Deleting All Classification Rules To delete all the Classification Rules in the top half of the screen, use the arrow keys to highlight the DEL ALL command field and press ENTER. Deleting One or More Classification Rules To delete one or more Classification Rules, mark each one and then delete them, as follows: 1.
Protocol Port Configuration Screen 7.8 PROTOCOL PORT CONFIGURATION SCREEN When to Use To perform the following: • Display the ports • Show which ports are set to the line item containing the VID/Classification (Classification Rule) of interest in the VLAN Classification Configuration screen described in Section 7.
Protocol Port Configuration Screen Screen Example Figure 7-8 Protocol Port Configuration Screen Classification Rule Field 1 Ether II Type Port 1 2 3 4 5 6 7 8 0x0800 (DOD IP) Classify [NO ] [NO ] [NO ] [NO ] [NO ] [NO ] [NO ] [NO ] Port 9 10 11 12 13 14 15 16 SET ALL PORTS: [NO ] SAVE NEXT Classify [NO ] [NO ] [NO ] [NO ] [NO ] [NO ] [NO ] [NO ] Port 17 18 19 20 21 22 23 24 Classify [NO ] [NO ] [NO ] [NO ] [NO ] NO [NO ] [NO ] Port 25 26 27 28 29 30 31 32 C
Protocol Port Configuration Screen Table 7-9 Protocol Port Configuration Screen Field Descriptions (Continued) Use this field … To … Port (Read-Only) See the number of each port. Classify (Toggle) See which ports are set to the VID/Classification displayed in the Classification Rule field above the Port and Classify column headings. This field toggles between YES and NO, which determines whether or not the associated port is set to the VID/Classification indicated in the Classification Rule field.
Protocol Port Configuration Screen Assigning One or More Ports Individually 1. Use the arrow keys to highlight the Classify field adjacent to the Port number. 2. Press the SPACE bar to toggle the Classify field to YES or NO. YES assigns the port to the VID/Classification shown in the Classification Rule field. NO removes the port from the Classification Rule. 3. If more than one port is to be added to the Classification Rule, repeat the first two steps for each port. 4.
8 GARP Configuration Menu Screens This chapter describes the Generic Attribute Registration Protocol (GARP) Configuration Menu screen and the following screens that can be selected from its menu: • GARP Configuration screen (Section 8.2), which is used to enable/disable GARP VLAN Registration Protocol (GVRP) and GARP Multicast Registration Protocol (GMRP) on the switch and set each port to operate as a GVRP- and/or GMRP-aware port. • GMRP Configuration screen (Section 8.
GARP Configuration Menu Screen 8.1 GARP CONFIGURATION MENU SCREEN When to Use To access the GARP Configuration screen and the GMRP Configuration screen. These two screens are used to configure the ports on the switch as GVRP- and/or GMRP-aware ports. Before attempting the VLAN configuration, ensure that the SmartSwitch module is operating in the 802.1Q SWITCHING mode. The mode selection is a Local Management operation that is accessible through the General Configuration screen.
GARP Configuration Menu Screen Menu Descriptions Refer to Table 8-1 for a functional definition of each menu item. Table 8-1 GARP Configuration Menu Screen Menu Item Descriptions Menu Item Screen Function GARP CONFIGURATION Used to enable/disable GVRP and GMRP on the switch and set each port to operate as a GVRP- or GMRP-aware port so it can send/receive frames from other GVRP- or GMRP-aware devices.
GARP Configuration Screen 8.2 GARP CONFIGURATION SCREEN When to Use To enable ports on the switch as GMRP- and GVRP-aware ports. The ports can be enabled one by one or all at the same time for GMRP and GVRP. How to Access Use the arrow keys to highlight the GARP CONFIGURATION menu item on the GARP Configuration Menu screen and press ENTER. The GARP Configuration screen, Figure 8-2, displays.
GARP Configuration Screen Field Descriptions Refer to Table 8-2 for a functional description of each screen field. Table 8-2 GARP Configuration Screen Field Descriptions Use this field… To… Port # (Read-Only) See the number of front panel interfaces. GMRP (Toggle) Set the port to operate as a GMRP-aware port. The setting is only valid if the GMRP Protocol field near the bottom of the screen is set to Enable. The GMRP field setting toggles between Y (yes) and N (no). The default is “Y”.
GARP Configuration Screen Table 8-2 GARP Configuration Screen Field Descriptions (Continued) Use this field… To… Set All Ports (Selectable) Set all ports to the same setting by selecting one of the following: GMRP Enable All – Sets all ports as GMRP-aware ports. All ports are set to Y under GMRP. GMRP Disable All – Sets all ports as not GMRP-aware ports. All ports are set to N under GMRP. GVRP Enable All – Sets all ports as GVRP-aware ports. All ports are set to Y under GVRP.
GARP Configuration Screen 8.2.1 Setting a Port to Operate Using GMRP or GVRP To set a port to be a GMRP- or GVRP-aware port. Proceed as follows: NOTE: Only ports set as hybrid ports may be configured as GVRP ports. To set a port to the hybrid mode of operation, refer to Section 7.4. 1. Use the arrow keys to highlight the GMRP or GVRP field of the port. 2. Press the SPACE bar to choose Y (yes). 3. Repeat steps 1 and 2 above to set the GMRP and GVRP of ports as necessary. 4.
GMRP Configuration Screen 8.3 GMRP CONFIGURATION SCREEN When to Use To set the GMRP operation mode of each port. How to Access Use the arrow keys to highlight the GMRP CONFIGURATION menu item on the GARP Configuration Menu screen and press ENTER. The GMRP Configuration screen, Figure 8-3, displays.
GMRP Configuration Screen Field Descriptions Refer to Table 8-3 for a functional description of each screen field. Table 8-3 GMRP Configuration Screen Field Descriptions Use this field… To… Port # (Read-Only) See the number of the front panel interfaces. Mode (Selectable) Select one of the following four modes of operation. Use GMRP Filter Unreg – Do not forward frames out this port that have an unregistered multicast address.
GMRP Configuration Screen 8.3.2 Setting a Mode for All Ports The modes of operation are the same as the ones described in Section 8.3.1, except that all ports are affected. To set all the ports to operate in one mode, proceed as follows: 1. Use the arrow keys to highlight the Set All Ports field. 2. Press the SPACE bar to select one of the following modes of operation: • Use GMRP Filter Unreg • Forward All Groups • Filter All Groups • Use GMRP Forward Unreg 3. Press ENTER. 4.
9 Layer 3 Extensions Menu Screens This chapter describes the Layer 3 Extensions Menu screen and the IGMP/VLAN Configuration screen (Section 9.2). Screen Navigation Path Password > Device Menu > Device Configuration Menu > Layer 3 Extensions Menu 9.1 LAYER 3 EXTENSIONS MENU SCREEN NOTE: The Layer 3 Extensions Menu screen is not available when the device is in SecureFast mode. Section 4.2.9 provides instructions for setting the operational mode. When to Use To access the IGMP/VLAN Configuration screen.
Layer 3 Extensions Menu Screen Screen Example Figure 9-1 Layer 3 Extensions Menu Screen IGMP/VLAN CONFIGURATION EXIT RETURN 2504_103w Menu Descriptions Refer to Table 9-1 for a functional description of each menu item (at this time there is only one menu item). Table 9-1 Layer 3 Extensions Menu Screen Menu Item Descriptions Menu Item Screen Function IGMP/VLAN CONFIGURATION Used to enable or disable IGMP (Internet Group Management Protocol) on selected VLANs. For details, refer to Section 9.2.
IGMP/VLAN Configuration Screen 9.2 IGMP/VLAN CONFIGURATION SCREEN When to Use The IGMP/VLAN Configuration screen, Figure 9-2, is used to enable or disable IGMP (Internet Group Management Protocol, RFC 2236) on selected VLANs, or globally on all VLANs that are available. IGMP provides a solution for handling multicast streams in layer 2 switching devices. IGMP is for hosts on multi-access networks to inform locally attached switches of their Multicast group membership information.
IGMP/VLAN Configuration Screen How to Access Use the arrow keys to highlight the IGMP/VLAN CONFIGURATION menu item in the Layer 3 Extensions Menu screen and press ENTER. The IGMP/VLAN Configuration screen, Figure 9-2, displays. Screen Example Figure 9-2 IGMP/VLAN Configuration Screen Statistics ------Querier Address: xxx.xxx.xxx.
IGMP/VLAN Configuration Screen Table 9-2 IGMP/VLAN Configuration Screen Field Descriptions Use this field… To… IGMP Version (Toggle) See the current configured IGMP version running on the VLAN selected in the VLAN ID field (version 1 or 2). The default is version 2. The IGMP Version field can be toggled to configure the switch in either version 1 or 2 to match the router configuration. For IGMP to function correctly, all switches on a LAN must be configured to run the same version of IGMP.
IGMP/VLAN Configuration Screen Table 9-2 IGMP/VLAN Configuration Screen Field Descriptions (Continued) Use this field… To… Last Member Query Interval (Modifiable) Modify the leave latency of the network.The Last Member Query Interval is the Max Response Time inserted into Group-Specific Queries sent in response to Leave Group messages, and is also the amount of time between Group-Specific Query messages. This value may be tuned to modify the leave latency of the network.
IGMP/VLAN Configuration Procedure Table 9-2 IGMP/VLAN Configuration Screen Field Descriptions (Continued) Use this field… To… IGMP State (Selectable) See the current state of the VLAN indicated in the VLAN ID field, which can be modified. Use the SPACE bar to step through the choices: ENABLED, DISABLED, ENABLE ALL, DISABLE ALL. The commands ENABLED and DISABLED will act only on the VLAN whose ID is in the VLAN ID field.
IGMP/VLAN Configuration Procedure 7. Use the arrow keys to highlight the remaining fields: Query Interval, Query Response Time, Interface Robustness, and Last Member Query Interval. Enter the desired numbers in each field. If ALL was chosen as the VLAN ID, this version change will affect all VLANs seen by the device. 8. Use the arrow keys to highlight the SAVE command and press the ENTER key to save the information in all the fields that were changed. The screen can now be exited.
10 Device Statistics Menu Screens This chapter describes how to use the Device Statistics Menu screen and the following screens that may be selected from its menu: • Switch Statistics screen (Section 10.2) • Interface Statistics screen (Section 10.3) • RMON Statistics screen (Section 10.4) The HSIM/VHSIM Statistics screen may be selected in the Device Statistics Menu screen when an HSIM or VHSIM is installed in the SmartSwitch device.
Device Statistics Menu Screen 10.1 DEVICE STATISTICS MENU SCREEN When to Use To obtain switch statistics about frame traffic through each interface to view operating statistics about each port. NOTE: The SWITCH STATISTICS menu item on the Device Statistics Menu screen does not display if the operational mode of the device is set to SECURE FAST VLAN. This screen can only be used when the device is configured to operate as an 802.1Q switch. Section 4.2.9 describes how to set the operational mode.
Device Statistics Menu Screen Menu Descriptions Refer to Table 10-1 for a functional description of each menu item. Table 10-1 Device Statistics Menu Screen Menu Item Descriptions Menu Item Screen Function SWITCH STATISTICS Lists the number of frames received, transmitted, filtered, and forwarded by each switch port. For details, refer to Section 10.2. INTERFACE STATISTICS Provides the MIB-II statistics for each switched interface, on an interface-by-interface basis.
Switch Statistics Screen 10.2 SWITCH STATISTICS SCREEN When to Use To obtain switch statistics about the number of frames received, transmitted, filtered, and forwarded by each switch port. NOTE: The Switch Statistics screen is not available if the operational mode of the device is set to SECURE FAST VLAN. This screen can only be used when the device is configured to operate as an 802.1Q switch. Section 4.2.9 describes how to set the operational mode.
Switch Statistics Screen Field Descriptions Refer to Table 10-2 for a functional description of each screen field. Table 10-2 Switch Statistics Screen Field Descriptions Use this field… To… Port # (Read-Only) Identify the port number. The total number of ports is dependent on the number of fixed10/100-Mbps front panel ports and the optional HSIM or VHSIM installed. Frames Rcvd (Read-Only) See the number of frames received by the interface since the last power-up or reset.
Interface Statistics Screen 10.3 INTERFACE STATISTICS SCREEN When to Use To obtain the MIB-II statistics of all the switch interfaces with the exception of an installed HSIM or VHSIM. NOTE: Enterasys Networks HSIMs that support FDDI or WAN gather their own statistics, and may be viewed via the Local Management screens of the applicable HSIM. Refer to your HSIM documentation for information on how to access these screens.
Interface Statistics Screen Table 10-3 Interface Statistics Screen Field Descriptions Use this field… To… Interface (Read-Only) See the Interface number for which statistics are currently being displayed. Figure 10-3 shows the Interface field displaying 1. This represents Port 1 of the device. To view other interface statistics, refer to Section 10.3.1. Name (Read-Only) See the type of interface for which statistics are being displayed.
Interface Statistics Screen Table 10-3 Interface Statistics Screen Field Descriptions (Continued) Use this field… To… OutErrors (Read-Only) See the total number of outbound frames discarded because they contained errors. This field represents the total number of errored frames, regardless of the cause of the error. OutQLen (Read-Only) See the length of the frames queue. The field represents the total number of frames that can be contained in queue.
RMON Statistics Screen 10.4 RMON STATISTICS SCREEN When to Use To obtain RMON statistics for each interface, on an interface-by-interface basis. NOTE: The RMON Statistics screen provides statistics for all front panel Ethernet Interfaces, and any Ethernet HSIM/VHSIM installed in the SmartSwitch device. How to Access Use the arrow keys to highlight the RMON STATISTICS field on the Device Statistics Menu screen and press ENTER. The RMON Statistics screen, Figure 10-4, displays.
RMON Statistics Screen Field Descriptions Refer to Table 10-4 for a functional description of each screen field. Table 10-4 RMON Statistics Screen Field Descriptions Use this field… To… RMON Index (Read-Only) See the current Ethernet interface for which statistics are being shown. The SmartSwitch device has an embedded RMON agent that gathers statistics for each interface on the device. Data Source (Read-Only) See the source of the statistics data that is currently being displayed on the screen.
RMON Statistics Screen Table 10-4 RMON Statistics Screen Field Descriptions (Continued) Use this field… To… Multicast Pkts (Read-Only) See the total number of good frames received that were directed to a multicast address. The value of this field does not include frames directed to the broadcast address. CRC Align Errors (Read-Only) See the number of frames with bad Cyclic Redundancy Checks (CRC) received from the network.
RMON Statistics Screen Table 10-4 RMON Statistics Screen Field Descriptions (Continued) Use this field… To… 65 – 127 Octets (Read-Only) See the total number of frames, including bad frames, received that were between 65 and 127 bytes in length (excluding framing bits, but including FCS bytes). 128 – 255 Octets (Read-Only) See the total number of frames, including bad frames, received that were between 128 and 255 bytes in length (excluding framing bits, but including FCS bytes).
11 Network Tools Screens This chapter describes the Net Tools Help screen and how to use it and the Network Tools commands to access and manage network devices. An example of each command is also included. Screen Navigation Path Password > Device Menu > Network Tools 11.1 NETWORK TOOLS When to Use To access and manage network devices using the Network Tools command set.
Network Tools Screen Example Figure 11-1 Network Tools Help Screen Welcome to Network Tools -> help Commands Available to the User: Built in Commands: arp netstat show bridge ping traceroute defroute reset soft_reset cdp atm_stp_state stpStandby dynamic_egress telnet loopback_detect gigabit_port_mode stpPort radius link_trap arp_learn vrrpPort lg_frame_admin SPECIAL: done, quit, or exit - Exit from the Network Tools. For help with a specific command, type 'help '.
Network Tools There are two categories of commands in the command set. • Built-in Commands – Allow the user to access and manage network devices. The commands are arp, bridge, defroute, netstat, ping, reset, show, traceroute, soft_reset, telnet, link_trap, cdp, loopback_detect, arp_learn, atm_stp_state, gigabit_port_mode (only appears if a gigabit interface module is installed), vrrpPort, stpStandby, stpPort, lg_frame_admin, dynamic_egress, and radius.
Built-in Commands 11.2 BUILT-IN COMMANDS The built-in commands listed in this section activate functions on the LM managed device or devices being accessed through Network Tools. arp Description: Provides access to the ARP (Address Resolution Protocol) cache, enabling you to view cache data, delete entries, or add a static route. Super-user access is required to delete an entry or add a static route.
Built-in Commands arp (Continued) Example: -> arp-a #interface #30 #30 #30 #30 Network Address 122.144.40.111 122.144.48.109 122.144.52.68 122.144.21.43 Physical Address 00.00.0e.12.3c.04 00.00.0e.13.3d.14 00.00.0e.12.3c.04 00.00.0e.03.1d.3c Media Type 3(dynamic) 3(dynamic) 3(dynamic) 3(dynamic) -> arp-d 1 122.144.52.68 -> arp-s 1 22.44.2.3 00:00:0e:1d:3c -> arp-f bridge Description: Allows the bridge interface to be enabled or disabled at the user’s request, either one at a time or all at once.
Built-in Commands defroute Description: Allows the user, in the syntax order shown below, to view, set, or delete the default IP route to a managed device through the specified interface. Syntax: defroute defroute [interface number] [IP address] defroute delete [interface number] [IP address] Options: None Example: -> defroute # Default route is 147.152.42.32 on interface 2 -> defroute 2 147.152.42.32 # Default route is 147.152.42.
Built-in Commands netstat (Continued) Example: -> netstat -i Interface + Description MTU #1 (ethernet 0x0e #2 (ethernet 0x0f #3 (ethernet 0x10 #4 (ethernet 0x11 Speed Admin Oper MAC Addr - csmacd) 1514 10000000 up up 0x00 0x00 0x1d 0x07 0x50 - csmacd) 1514 10000000 up up 0x00 0x00 0x1d 0x07 0x50 - csmacd) 1514 10000000 up up 0x00 0x00 0x1d 0x07 0x50 - csmacd) 1514 10000000 up up 0x00 0x00 0x1d 0x07 0x50 -> netstat -r Destination Next-hop # Default Route # 134.141.0.0 # 134.141.0.
Built-in Commands reset Description: Initiates a hardware reset of the device. The reset command initializes the CPU processor, runs the onboard diagnostics, and restarts the software image, which restores the user configuration settings from NVRAM. The user will be queried to confirm the reset command to ensure against unwanted resets. NOTE: The Network Tools connection to the device will be terminated upon execution of this command.
Built-in Commands show (Continued) Example: -> show Appletalk interfaces # Interface # 1 # 2 AdminStatus enabled disabled OperStatus enabled disabled MTU 1500 1500 Forwarding enabled disabled Framing ethernet ethernet > show IP ARP # Interface MediaType #3 3(dynamic) #4 3(dynamic) # Number of valid entries: Physical|Address 00:00:1d:04:40:5d 08:00:20:0e:d8:31 2 NetworkAddress 123.456.40.1 123.456.40.
Built-in Commands soft_reset Description: Restarts the software image, which restores the user configuration settings from NVRAM. The user will be queried to confirm the reset command to ensure against unwanted resets. TIP: The Network Tools connection to the device will be terminated upon execution of this command.
Built-in Commands link_trap Description: Allows link traps to be enabled or disabled when specifying a single port, or simultaneously when specifying “all” or no ports. When one or all ports are specified to enable, disable, or find their status, their current condition is displayed.
Built-in Commands cdp Description: Allows management of Cabletron Discovery Protocol (CDP) on this module. The user may enable, disable, or see the current status of CDP.
Built-in Commands arp_learn Description: Used to set (normal or limited) how the ARP cache entry will be affected under different conditions as described in Options below. The command can also be used to display its current setting. Syntax: arp_learn [normal | limited | status] Options: normal – Changes the ARP cache entry for a given IP Address, if the source address (SA) in the entry does not match that of any received IP Packet.
Built-in Commands atm_stp_state NOTE: The atm_stp_state command is only available if an HSIM-A6DP or VHSIM-A6DP is installed in the device. This command allows the user to enable, disable, or check the current status of the Spanning Tree Algorithm on all ATM interfaces. Description: Allows the user to enable, disable, or check the status of the Spanning Tree Algorithm on all ATM interfaces. The user must specify the STATE option as enable, disable, or status.
Built-in Commands gigabit_port_mode (Continued) Example: -> gigabit_port_mode status gigabit_port_mode is redundant -> gigabit_port_mode active This will reset board and cause loss of persistent objects except IP Address and Subnet: Are you *SURE* ? vrrpPort Description: Enables the user to choose the Virtual Router Redundancy Protocol (VRRP) Port(s), front panel Ethernet or Fast Ethernet ports. When the link on a VRRP Port goes down or up, the database is purged.
Built-in Commands vrrpPort (Continued) Options: get – displays a list of all port numbers of VRRP Ports currently set. set port# – sets a specific port as a VRRP Port. set all – sets all front panel as VRRP Ports. unset port# – terminates the VRRP setting on a specific port. unset all – terminates the VRRP setting on all front panel ports. NOTE: Setting the VRRP Port(s) to 0 will disable this application. Example: -> vrrpPort get VRRP Port is set to 0. -> vrrpPort set 1 VRRP Port is set to 1.
Built-in Commands stpStandby (Continued) Example: -> stpStandby status Disabled. -> stpStandby enable -> stpStandby status Enabled. -> stpStandby disable -> stpStandby status Disabled. -> stpPort Description: Used to enable, disable, or show which spanning tree ports on the physical ports are enabled. This command does not apply to virtual interfaces such as ATM. To enable, disable, or view the status of ATM ports, use the atm_stp_state command.
Built-in Commands stpPort (Continued) Example: -> stpPort status The following ports are STP ENABLED: 1 2 3 4 5 6 7 8 9 11 12 13 14 15 16 17 18 19 10 20 21 -> stpPort enable 1 Enabling STP on Port 2. -> stpPort disable 2 Disabling STP from Port 2. lg_frame_admin Description: Enables the changing of large frame support on a per port basis. This enables the user to determine if large frames can be forwarded out a particular port.
Built-in Commands lg_frame_admin (Continued) Options: set – Sets the size of transmitted frames for a port or a group of ports. status – Causes the display of the current settings for one port or a group of ports (e.g., 1– 15). LARGE – Sets the port to allow all valid large frames to be transmitted out the port. FRAG_IF_POSS – This is a special setting. Sets the port, so that all large IP frames that can be fragmented will be fragmented before being transmitted out the port.
Built-in Commands dynamic_egress Description: Allows the dynamic egress control function to be enabled, disabled, or the status viewed to see if the function is enabled or disabled. The command requires a corresponding VID. The dynamic egress control function allows or disallows VLANs to be dynamically added to the dynamic Port VLAN Lists of a port.þ The default is that no dynamic Port VLAN Lists will be modified.þThe lists are modified based on the inbound traffic on a port.
Built-in Commands dynamic_egress (Continued) Example: -> dynamic_egress status 1 Dynamic Egress Disabled for VLAN ID 0x0001 -> dynamic_egress enable 1 Dynamic Egress Enabled for VLAN ID 0x0001 -> dynamic_egress disable 1 Dynamic Egress Disabled for VLAN ID 0x0001 radius Description: Used to enable, disable, and configure the radius function. Radius authentication is only used when the client has been properly configured and enabled.
Built-in Commands radius (Continued) Options: radius Shows Radius help radius status Shows all Radius client settings radius [enable | disable] Enables or disables the Radius Client radius prim_ip Shows the primary Radius server’s IP, in decimal-dotted format radius sec_ip Shows the secondary Radius server’s IP, in decimal-dotted format radius timeout Shows Radius server timeout in seconds radius retry Shows number of Radius server retries radius
Built-in Commands radius (Continued) Options: (Continued) radius prim_secret Sets the primary Radius server’s shared secret. radius sec_secret Sets the secondary Radius server’s shared secret. NOTE: The secret is NOT encrypted in transit; if this command is sent via TELNET then the secret may be compromised. For maximum security, it is recommend to use a 16 to 32 character string for the shared secret code. For security reasons, the entered code appears as asterisks (*) on the screen.
Example 7, Dynamic Egress and Aging Time radius (Continued) Example: (Continued) NOTE: The following shows examples of when three, seven, and 32 characters are entered as the secret code (16 to 32 characters are recommended).
Example 8, Using Dynamic Egress to Control Traffic The dynamic Port VLAN List is a temporary list used in the dynamic egress function to keep track of the VLANs and the associated users that reside off a dynamic-egress enabled port. 11.4 EXAMPLE 8, USING DYNAMIC EGRESS TO CONTROL TRAFFIC In this simple example (Figure 11-2), assume that there are four ports on the SmartSwitch device attached to PCs supporting both protocols AppleTalk (809B and 80F3) and IP. Two PCs support IP only.
Special Commands With the above configuration, an AppleTalk frame received on any port will be classified into VLAN 2 (the AppleTalk VLAN), and the Port VLAN List of that port is updated to include VLAN 2. For instance, if Port 1 or 2 is connected to a new AppleTalk user, the AppleTalk frames received on that port are dynamically associated with VLAN 2 and VLAN 2 is added to the Port VLAN List of that port. The Port VLAN List contains a list of all VLANs whose frames can be transmitted out that port.
12 VLAN Operation and Network Applications NOTE: It is recommended to read this chapter to gain an understanding of VLANs before configuring the switch. This chapter provides the following information: • Definition of VLANs (Section 12.1) • Types of VLANs (Section 12.2) • Benefits and Restrictions (Section 12.3) of VLANs • VLAN Terms (Section 12.4) • VLAN Operation (Section 12.5) • Configuration Process (Section 12.6) • VLAN Switch Operation (Section 12.7) • VLAN Configuration (Section 12.
Defining VLANs The creation of VLANs allows users located in separate areas or connected to separate ports to belong to a single VLAN group. Users that are assigned to such a group will send and receive broadcast and multicast traffic as though they were all connected to a common network. VLAN-aware switches isolate broadcast, multicast, and unknown traffic received from VLAN groups, so that traffic from stations in a VLAN are confined to that VLAN.
Types of VLANs In this example, the Sales and Finance workstations have been placed on two separate VLANs. In a plain Ethernet environment, the entire network is a broadcast domain, and the SmartSwitches follow the IEEE 802.1D bridging specification to send data between stations.
Benefits and Restrictions 12.2.3 Other VLAN Strategies VLANs may also be created by a variety of addressing schemes, including the recognition of groups of MAC addresses or types of traffic. One of the best-known VLAN-like schemes is the use of IP Subnets to divide networks into smaller subnetworks. 12.3 BENEFITS AND RESTRICTIONS The primary benefit of the 802.1Q VLAN technology is that it provides localization of traffic.
VLAN Terms Tag Header (VLAN Tag) Four bytes of data inserted in a frame that identifies the VLAN/frame classification. The Tag Header is inserted into the frame directly after the Source MAC address field. Twelve bits of the Tag Header represent the VLAN ID. The remaining bits are other control information. Tagged Frame A data frame that contains a Tag Header. A VLAN-aware device can add the Tag Header to any frame it transmits. Untagged Frame A data frame that does not have a Tag Header.
VLAN Operation Generic Attribute Registration Protocol (GARP) GARP is a protocol used to propagate state information throughout a switched network. GARP VLAN Registration Protocol (GVRP) A GARP application used to dynamically create VLANs across a switched network. GARP Multicast Registration Protocol (GMRP) A GARP application that functions in a similar fashion as GVRP, except that GMRP registers multicast addresses on ports to control the flooding of multicast frames. 12.
Configuration Process 12.6 CONFIGURATION PROCESS Before a VLAN can operate, steps must be performed to configure the switch to establish and configure a VLAN. Cabletron Systems VLAN-aware SmartSwitches default to operate in the 802.1Q VLAN mode. However, further configuration is necessary to establish multiple logical networks. NOTE: The actual steps involved in VLAN configuration using Local Management are presented in Section 12.8.
VLAN Switch Operation 12.7 VLAN SWITCH OPERATION IEEE 802.1Q VLAN switches act on the classification of frames into VLANs. Sometimes, VLAN classification is based on tags in the headers of data frames. These VLAN tags are added to data frames by the switch as the frames are transmitted out certain ports, and are later used to make forwarding decisions by the switch and other VLAN-aware switches.
VLAN Switch Operation 12.7.1 Receiving Frames from VLAN Ports When a switch is placed in 802.1Q Operational Mode, every frame received by the switch must belong, or be assigned, to a VLAN. Untagged Frames The switch receives a frame from Port 1 and examines the frame. The switch notices that this frame does not currently have a VLAN tag. The switch recognizes that Port 1 is a member of VLAN A and classifies the frame as such.
VLAN Configuration 12.7.2.2 Known Unicasts When a VLAN switch receives a frame with a known MAC address as its destination address, the action taken by the switch to determine how the frame is transmitted depends on the VLAN, the VLAN associated FID, and if the port identified to send the frame is enabled to do so. When a frame is received it is classified into a VLAN. The destination address is looked up in the FID associated with the VLAN.
VLAN Configuration 12.8.2 Switch Without VLANs When the switch is powered up, the switch uses its default settings to switch frames like an 802.1D switch. In this default configuration, all ports are a member of the default VLAN (VLAN 1) including the virtual Host Data Port of the switch, so any port can be used to manage the device as shown in Figure 12-3. Figure 12-3 Switch Management with Only Default VLAN 802.
VLAN Configuration Figure 12-4 shows an example of a switch configured with port 1 on the Management VLAN port and the other users belonging to VLANs A, B, and C. Figure 12-4 Switch Management with VLANs Management VLAN VLAN A VLAN A 802.1Q Switch 1 2 4 Host Data Port 3 5 6 VLAN B VLAN B VLAN C 7 Set as an 802.1Q Trunk port. 30691_61 To set up the switch shown in Figure 12-4 to establish a management VLAN on port 1, use the process described below: 1.
VLAN Configuration b. Assign the VLAN ID, 2, of the new Management VLAN to the Host Data Port. The port number will depend on the device. This port is not a physical port and will usually be one number above the maximum number physical ports on the device, including the ports on any optional interfaces installed. In this example, it will be port 8. Leave the Port Mode setting in the default value of HYBRID. For details on assigning a VLAN ID, refer to Section 7.4.2.
Summary of VLAN Local Management 12.9 SUMMARY OF VLAN LOCAL MANAGEMENT The VLAN configuration process is an extension of normal Local Management operations. A series of Local Management screens provides access to the functions and commands necessary to add, change, or delete VLANs and to assign ports to those VLANs. A switch supporting 802.1Q VLANs provides the VLAN Configuration screens as a standard part of its Local Management hierarchy when the switch is configured to operate in 802.1Q Mode.
Quick VLAN Walkthrough 12.10 QUICK VLAN WALKTHROUGH The procedures below provide a short tutorial walkthrough that presents each of the steps necessary to configure a new VLAN, assign a port to it, and check the Port VLAN List of the port. You may wish to follow this walkthrough from start to finish before attempting to configure your own VLANs. This walkthrough begins at the 802.1Q VLAN Configuration Menu screen, as follows: 1. On the 802.
Quick VLAN Walkthrough Figure 12-6 Walkthrough Stage One, Static VLAN Configuration Screen Forward Default VLAN Out All Ports: [NO] VLAN ID 2 FID 1 2 VLAN ID: 2 FID: 2 1 Admin Status VLAN Name DEFAULT VLAN TEST VLAN [Enabled] [Disabled] VLAN Name: TEST VLAN SAVE [ADD] EXIT RETURN 4046_80 It is now time to assign a port to this new VLAN. 9. Use the arrow keys to highlight the RETURN command at the bottom of the screen. Press ENTER. The 802.1Q VLAN Configuration Menu screen displays.
Quick VLAN Walkthrough 11.Use the SPACE bar to step sequentially through the previously configured VLAN ID numbers. When the number 0002 (the new VLAN ID) is displayed, the FID field updates to 0002, and the VLAN Name field updates showing the name assigned to this VLAN, TEST VLAN. 12.Use the arrow keys to highlight the SAVE command at the bottom of the screen. Press ENTER. The PVID for Port 3 is now configured to the TEST VLAN.
Quick VLAN Walkthrough 14.Use the arrow keys to highlight the SAVE command at the bottom of the screen. Press ENTER. Port 10 is now acting as a 1Q Trunk port and every VLAN is in its Port VLAN List. The frame format for every VLAN is also set to tagged. The screen should now look like Figure 12-8.
Quick VLAN Walkthrough Figure 12-9 Walkthrough Stage Four, Activating Test VLAN Forward Default VLAN Out All Ports: [NO] VLAN ID 2 FID 1 2 VLAN Name DEFAULT VLAN TEST VLAN VLAN ID: 1 FID: 2 VLAN Name: DEFAULT VLAN 1 SAVE Admin Status [Enabled] [Disabled] [ADD] EXIT RETURN 4046_83 16.Use the arrow keys to highlight the Admin Status field of VLAN ID 2, the TEST VLAN. 17.Press the SPACE bar to toggle the field to display Enabled. 18.
Quick VLAN Walkthrough This effectively completes the configuration of a single VLAN, assigning it to a port, and configuring the switch to forward the frames received on that port to be forwarded with the VLAN information included in the frame. The Port VLAN List of any port on the device can also be checked at any time using the Port Filtering Configuration screen. A list of all ports eligible to transmit frames for a given VLAN will also be listed on the VLAN Forwarding Configuration screen.
Examples Figure 12-11 Final Walkthrough Stage, Display Port 10 VLAN List and Set Its Filtering Port VLAN List VLAN ID 0001 0001 Port : [10] SAVE VLAN Name DEFAULT VLAN 1Q TRUNK Filter Using VLAN Lists: [NO] Filter All Untagged Frames: [YES] PREVIOUS NEXT EXIT RETURN 4046_84 This effectively completes the displaying of the Port VLAN List and the setting of the port filtering of all untagged frames. 12.
Example 1, Single Switch Operation Figure 12-12 Example 1, Single Switch Operation R1 802.1Q Switch 1 4 R2 2 5 B2 R3 3 6 B1 B3 30691_67 12.12.1 Solving the Problem To set up this switch, users will be assigned to two new VLANs, red stations to the Red VLAN, and blue stations to the Blue VLAN. The information below describes how the switch is configured to create these two VLANs and how users are assigned to them. 1. First, the switch is set for 802.1Q operation.
Example 1, Single Switch Operation Figure 12-13 Switch Configured for VLANs R1 802.1Q Switch 1 VLAN ID 002 R2 2 VLAN ID 003 5 VLAN ID 002 R2 4 3 B2 VLAN ID 003 6 VLAN ID 002 B3 B1 VLAN ID 003 30691_68 The switch will now classify each frame received as belonging to either the Red or Blue VLANs. Traffic from one VLAN will not be forwarded to the members of the other VLAN, and all frames transmitted by the switch will be normal, untagged Ethernet frames. 12.12.
Example 2, VLANs Across Multiple Switches frame. The switch finds the MAC address and VLAN in this table, and recognizes that the MAC address and VLAN match for R1 is located out Port 1. 6. The switch examines its VLAN configuration information and determines that the frame for Red VLAN is allowed to be forwarded out Port 1 and that it must be sent in an untagged format. 7. The switch forwards the frame out Port 1. Any other unicast transmissions between stations R1 and R2 will be handled identically. 12.
Example 2, VLANs Across Multiple Switches Figure 12-14 Example 2, VLANs Across Multiple Switches Redco Blue Industries 2 Bridge 1 User A Red VLAN 1 4 Bridge 2 3 Blue VLAN 4 Floor 4 Protocol Port Configuration Screen for VLANs Classification Rule Field 1 Floor 3 Blue Industries Port 1 2 3 4 5 6 7 8 File Server Ether II Type 0x0800 (DOD IP) Classify [NO ] [NO ] [NO ] [NO ] [NO ] [NO ] Bridge [NO ] [NO ] Port 9 10 11 12 13 3 14 15 16 Blue VLAN Classify Port [NO
Example 2, VLANs Across Multiple Switches 12.13.1 Solving the Problem To solve the problem in this example, the users are assigned to VLANs using Switch 4 and Switch 2 as shown in Figure 12-14. Redco users are assigned to the Red VLAN and Blue Industries users to the Blue VLAN. The following information shows how Switch 4 and Switch 2 are configured to create the two VLANs to isolate the users of the two companies from one another on the network using the existing infrastructure.
Example 2, VLANs Across Multiple Switches Switch 2 Switch 2 is set as follows: 1. Two VLANs are added to the list of VLANs using the Device VLAN Configuration screen and assigned to a FID. In this example they are as follows: • VLAN ID 2, FID 2, with a VLAN Name of Red • VLAN ID 3, FID 3, with a VLAN Name of Blue 2.
Example 2, VLANs Across Multiple Switches 12.13.2 Frame Handling The following describes how, when User A attempts to log on to the File Server on Bridge 4, the frames from User A are classified on Switch 4 and traverse the network. In this example, the MAC address of User A is “Y” and the MAC address for the File Server is “Z”. The following description includes illustrations to help understand how the frames flow through the network. 1.
Example 2, VLANs Across Multiple Switches The VLAN Tag Header is inserted because Switch 4, Port 4 is designated as an 802.1Q Trunk port. In this case, the Port Mode setting for Port 4 is 802.1Q Trunk and the VLAN Frame format for that VLAN is tagged.
Example 2, VLANs Across Multiple Switches 3. When Switch 2 receives the tagged frame on its Port 2, it checks the frame’s VLAN Tag Header and determines that the frame is classified as belonging to the Red VLAN, and that the frame is a broadcast frame. Switch 2 forwards the frame to all ports in the Red VLAN Forwarding List excluding Port 2, which received the frame. In this example, the only eligible port is Port 3, which connects to Bridge 4.
Example 3, 1D Trunk Connection to 802.1Q VLAN Network 12.14 EXAMPLE 3, 1D TRUNK CONNECTION TO 802.1Q VLAN NETWORK This example illustrates the use of a 1D Trunk to connect a device to a network of 802.1Q VLAN switches. In this example, a merger has taken place between the companies in the previous example, Redco and Blue Industries. The two companies have become divisions within a single corporation, Green Incorporated.
Example 3, 1D Trunk Connection to 802.1Q VLAN Network Figure 12-18 Example 3, 1D Trunk Connection to 802.1Q VLAN Network User B 2 Bridge 1 Red VLAN 1 4 Bridge 2 3 Blue VLAN 4 Floor 4 Floor 3 2 Bridge 3 1 Blue VLAN 2 Bridge 4 File Server 3 Red VLAN 4 Floor 2 Green Incorporated. 2 1 Green VLAN 1 Mail Server 3 Floor 1 User 802.1D Legacy Bridge 802.
Example 3, 1D Trunk Connection to 802.1Q VLAN Network The Green Incorporated Network Administrators want to continue to separate normal network traffic between the Blue and Red VLANs, and create a new isolated VLAN for Green, Incorporated users. All divisions in the facility are to have equal access to the Mail Server on the first floor. 12.14.1 Solving the Problem Much of the existing network configuration can remain as it was for Example 2, VLANs Across Multiple Switches.
Example 3, 1D Trunk Connection to 802.1Q VLAN Network 3. A Port VLAN ID is assigned to Port 1 using the Port Assignment screen, as follows: • Port 1, VLAN ID: 4 for the Green VLAN This setting changes the configuration of the switch, so that Port 1 is part of the Green VLAN and is set to transmit a frame type of untagged. 4. The port mode of Ports 2 and 3 are set using the Port Assignment screen: • Port 2, Port Mode: 1Q Trunk • Port 3, Port Mode: 1D Trunk Port 2 is set as an 802.
Example 3, 1D Trunk Connection to 802.1Q VLAN Network Figure 12-19 Bridge 1 Broadcasts Frames User B 2 Bridge 1 Red VLAN 1 4 Bridge 2 3 Blue VLAN 4 Floor 4 2263_18 3. Switch 2 receives the tagged Red VLAN frame on Port 2, as shown in Figure 12-20. The VLAN Tag in the frame is maintained, classifying the frame as belonging to the Red VLAN. The switch forwards the broadcast frame out all the eligible ports, Ports 3 and 4.
Example 3, 1D Trunk Connection to 802.1Q VLAN Network 4. When Switch 1 receives the tagged broadcast frame, it also examines the tag and classifies the frame as belonging to the Red VLAN. This broadcast frame is then sent to all ports eligible to receive Red VLAN frames. In this case only the 1D trunk, Port 3, is eligible, as it is considered a member of all VLANs for forwarding purposes. The VLAN Tag is stripped from the frame and the frame is transmitted out Port 3 as shown in Figure 12-21.
Example 4, Isolating Network Traffic According to Protocol The switch checks the Filtering Database for the MAC address of User B. User B’s MAC address is located, and Port 2 is identified as the location of User B. The frame is checked for eligibility and frame format for Port 2. Since Port 2 is a 1Q Trunk port, it is eligible to transmit frames for all VLANs. The frame is tagged and transmitted out port 2. 7. Switch 4 receives the frame on its 1Q Trunk port, Port 4, and examines the frame’s Tag.
Example 4, Isolating Network Traffic According to Protocol Figure 12-22 Example 4, Isolating Traffic According to Protocol User B 2 Bridge 1 Red VLAN 1 4 Bridge 2 3 Blue VLAN 4 Floor 4 Publications 2 2 1 3 1 3 Yellow VLAN 5 8 4 3 Gray VLAN Printer 4 5 6 7 Floor 3 2 Bridge 3 1 Blue VLAN 2 Bridge 4 File Server 3 Red VLAN 4 Floor 2 Green, Inc. 2 1 Green VLAN 1 Mail Server 3 Floor 1 User 802.1D Legacy Bridge 802.
Example 4, Isolating Network Traffic According to Protocol 12.15.1 Solving the Problem Much of the existing network configuration can remain as it was for Example 3, 1D Trunk Connection to 802.1Q VLAN Network, described in the user’s guide. However, Switch 3, Switch 5, and the devices that will make up Publication’s Gray VLAN have been added. Switch 5 will be configured to isolate all AppleTalk protocol frame traffic to the devices in the Gray VLAN and all other protocol traffic to the Yellow VLAN.
Example 4, Isolating Network Traffic According to Protocol Switch 5 Switch 5 is set as follows: 1. Two VLANs are added to the list of VLANs in the Device VLAN Configuration screen. In this example, it is set as follows: • VLAN ID 5, FID 5, with a VLAN Name of Yellow • VLAN ID 6, FID 6, with a VLAN Name of Gray 2. The Forward Default VLAN Out All Ports is set to YES using the Device VLAN Configuration screen. This adds the Default VLAN to the Port VLAN List of every switch port. 3.
Example 4, Isolating Network Traffic According to Protocol 5. The AppleTalk frames must now be restricted to Ports 2 through 8 of the Yellow VLAN. On the Protocol Ports Configuration screen, All ports except Port 1 are assigned to the AppleTalk protocol, as follows: • Port 2: YES • Port 3: YES • Port 4: YES • Port 5: YES • Port 6: YES • Port 7: YES • Port 8: YES Any AppleTalk frame received on ports 2 through 8 will be broadcast to all other ports on Switch 5 associated with the AppleTalk protocol.
Example 5, Filtering Traffic According to a Layer 4 Classification Rule 12.16 EXAMPLE 5, FILTERING TRAFFIC ACCORDING TO A LAYER 4 CLASSIFICATION RULE This example illustrates how to filter out broadcast transmissions at Layer 4 from other parts of a network. In this example, illustrated in Figure 12-23, Switches S1 and S2 have already been configured and are operating.
Example 6, Securing Sensitive Information According to Subnet 2. The VLAN Classification Configuration screen is used to configure the switch to detect and classify the incoming RIP broadcast frames on Port 25 to the Null VLAN. Since the Null VLAN is not assigned to any port, the frame is dropped (not transmitted out any port). The VLAN Classification Configuration screen is set as follows: • VID: 99 • Classification: Dest UDP Port • IP UDP Port: 520 Port 520 is a well known port number used by RIP. 12.
Example 7, Using Dynamic Egress to Control Traffic 12.17.1 Solving the Problem In this example, Switch 1 (S1) has already been configured and is operating. To isolate the Finance Department traffic, Subnet 28 will be isolated from the Engineering Department subnet 50 and other users on the company’s network (123.123.xx.xx). The following covers only those steps needed to configure the switch to solve the problem.
Example 7, Using Dynamic Egress to Control Traffic Figure 12-25 Example 7, Dynamic Egress Application PCs IP IP AppleTalk IP AppleTalk IP AppleTalk IP AppleTalk IP 123456 S1 7 Web Server 3069_106 Solving the Problem In this example, Switch 1 (S1) has already been configured with a default VLAN 0001 associated with FID 0001 as the PVID on all ports. The following additional steps are required to configure the switch to solve this problem. 1.
Example 8, Locking a MAC Address to a Port Using Classification Rules In this example, the AppleTalk traffic is routed only to AppleTalk users (ports 1, 2, 5, and 6), while IP traffic is allowed to be seen by IP users (ports 3, 4, and 7) and by IP/AppleTalk users (ports 1, 2, 5, and 6). 12.19 EXAMPLE 8, LOCKING A MAC ADDRESS TO A PORT USING CLASSIFICATION RULES The following example illustrates how to add security by “locking” an individual MAC address to a port on the SmartSwitch device.
Example 8, Locking a MAC Address to a Port Using Classification Rules 12.19.1 Solving the Problem Switch S1 needs to be configured with two 802.1Q VLANs. Since the switch, by default, already has one VLAN created (the Default VLAN), only one new VLAN will need to be created. In this example, the new VLAN will be named the Red VLAN. The objective here is to configure S1 so that when it receives a frame on Port 1 from MAC address 00.00.00.00.00.0A, the frame is classified into the Red VLAN.
Example 8, Locking a MAC Address to a Port Using Classification Rules 3.
Example 8, Locking a MAC Address to a Port Using Classification Rules For the Red VLAN and Port 2: • VID: 2 • Classification: src MAC Address • Subclassification/MAC Address: 00.00.00.00.00.0B • ADD the rule. It will display in the top half of the VLAN CLassification Configuration screen.
A Generic Attribute Registration Protocol (GARP) This appendix describes the switch operation when its ports are configured to operate under the Generic Attribute Registration Protocol (GARP) applications – GARP VLAN Registration Protocol (GVRP) and/or GARP Multicast Registration Protocol (GMRP). A.1 GARP SWITCH OPERATION Some or all ports on the switch may be activated to operate under the GARP applications, GVRP and/or GMRP.
GARP Switch Operation In Figure A-1, Switch 4, port 1 is registered as being a member of VLAN Blue and then declares this fact out all its ports (2 and 3) to Switch 1 and Switch 2. These two switches register this in the Port VLAN Lists of the ports (Switch 1, port 1 and Switch 2, port 1) that received the frames with the information.
GARP Switch Operation A.1.2 GARP Multicast Registration Protocol (GMRP) GMRP functions in a similar fashion as GVRP, except that GMRP registers multicast addresses on ports. The GMRP uses the multicast address (01-80-C2-00-00-20) for controlling the flooding of multicast frames. End stations register with the port that they are connected to and tell the port which multicast frames they wish to receive. This is accomplished under control of GMRP, which is propagated in VLAN context.
B About IGMP This appendix provides information about the following: • IGMP Overview (Section B.1) • Supported Features and Functions (Section B.2) • Detecting Multicast Routers (Section B.3) B.1 IGMP OVERVIEW Internet Group Management Protocol (IGMP) is a multicast protocol used by routers. This protocol is supported by Cabletron Systems SmartSwitches when operating in the 802.1Q mode to “snoop” the IGMP frames.
Supported Features and Functions B.2 SUPPORTED FEATURES AND FUNCTIONS The following lists the features and functions supported when using IGMP: • Runs only when the switch is operating in the 802.1Q mode. • Supports multiple multicast and non-multicast routers on the same VLAN. • Supports stand alone multicast servers only if a router is present on the network. • Multicast forwarding rate is dependent on the number of ports the multicast stream is forwarded to. More ports degrade the performance.
Detecting Multicast Routers B.3 DETECTING MULTICAST ROUTERS The location of a router needs to be known in order to forward IGMP report frames back to the router. The router(s) send multicast routing protocol frames which get flooded throughout the network. By snooping on the protocols, the switch will mark ports as connected to a router. The port is put in a “forward all” mode where all multicast frames will be flooded.
Index Numerics 1D Trunk 7-13, 12-5, 12-31 1Q Trunk 7-13, 12-5, 12-24 802.1 Configuration Menu screen 6-2 802.1 Priority Configuration Menu screen 6-8 802.1Q switching setting operational mode for 4-14 802.1Q switching mode hierarchy of 3-3 802.
VLAN ID - upper part of screen (ReadOnly) 7-7 VLAN Name - lower part of screen (Modifiable) 7-8 VLAN Out All Ports (Toggle) 7-7 Display field 1-5 Distributed Chassis Management 1-5 Document conventions xix Dynamic Egress example of use 11-25 E Ethernet Interface Configuration screen config 5-5 duplex 5-5 fdx fc 5-6 hdx fc 5-6 intf 5-4 link status 5-5 port 5-4 port type 5-5 speed 5-5 Ethernet Port Configuration screen 5-7 advertised ability 5-9 auto-negotiation state 5-8 default duplex 5-8 default speed 5-8
set all ports (Selectable) 8-6 General Configuration screen 4-4 application 4-7 clear NVRAM 4-7 com 4-7 COM port 4-15 default gateway 4-6, 4-10 device date 4-6 device time 4-6, 4-7, 4-11, 4-12 IP address 4-5, 4-8 IP fragmentation 4-8 MAC address 4-5 operational mode 4-7 screen lockout time 4-6, 4-13 screen refresh time 4-6, 4-13 subnet mask 4-6, 4-9 TFTP gateway IP addr 4-6 Getting help 1-8 GMRP description of A-3 the function of A-3 GMRP Configuration screen mode (Selectable) 8-9 port# (Read-Only) 8-9 set
IP address 4-5, 4-8 IP Fragmentation 4-8 enabling/disabling of 4-18 Isolating Network Traffic According to Protocol 12-37 K Keyboard conventions 1-7 L Layer 3 Expansion Menu screen 9-1 Lists Forwarding 12-5 Port VLAN 12-5 Local Management clearing counters 3-5 exiting from 3-4 navigating the screens 3-2 paging to next or previous screen 3-5 Password screen 3-6 requirements 1-3 screen elements 1-4 Local Management screens selection of 3-4 Local management.
NEXT command how to use 3-5 Notice i NVRAM clearing of 4-17 O Operational Mode setting of 4-14 P Part number i Password screen 3-6 Port Assignment Configuration screen FID (Read-Only) 7-13 Port (Read-Only) 7-12 Port Mode (Selectable) 7-12 VLAN ID (Selectable) 7-12 VLAN Name (Read-Only) 7-13 Port Configuration Menu screen 5-1 Port Filtering Configuration screen Filter All Untagged Frames (Toggle) 7-16 Filter Using VLAN Lists (Toggle) 7-16 Port # (Selectable) 7-16 VLAN ID (Read-Only) 7-16 VLAN Name (Read-On
Last-Resort Action/Local 3-19 Last-Resort Action/remote 3-19 Radius Client 3-19 Retries 3-19 Secret 3-18 Time-out 3-19 Radius Server multiple access for 3-11 type access levels for 3-11 Rate Limiting changing/deleting port configuration for 6-48 configuration ports for 6-47 example of 6-50 more about 6-49 Rate Limiting Configuration Screen ADD 6-47 DEL MARKED 6-47 Direction 6-45, 6-46 Dropped Events 6-45 Feature 6-45 Max Rate Kbps 6-47 Max Traffic Rate 6-45 Port Number 6-45 Port Type 6-45 Priority List 6-44
GARP Configuration screen 8-4 General Configuration screen 4-4 GMRP Configuration screen 8-8 Hierarchy of 3-2 HSIM/VHSIM Configuration screen 5-12 IGMP/VLAN Configuration screen 9-3 Interface Statistics screen 10-6 Layer 3 Extensions Menu screen 9-1 navigation of 3-2 Network Tools screen 11-1 paging to next or previous 3-5 Password screen 3-6 Port Assignment Configuration screen Port Assignment Configuration screen 7-11 Port Configuration Menu screen 5-1 Port Filtering Configuration screen 7-15 Port Priorit
state 6-6 status 6-6 switch address 6-5 type of STA 6-5 Switch Statistics screen 10-4 clearing counters 10-5 frames fltrd 10-5 frames frwded 10-5 frames rcvd 10-5 frames txmtd 10-5 interface # 10-5 System Resources Information screen CPU type 4-31 current switch utilization 4-31 DRAM installed 4-31 FLASH memory installed 4-31 NVRAM installed 4-31 peak switch utilization 4-31 reset peak switch utilization 4-31 T Tag 12-5 Tag Header 12-5 Tagged frame 12-5, 12-9 Telnet connections 2-4 TFTP gateway IP addr 4-6
VLAN ID 12-4 assigning 7-14 VLAN Local Management 7-2, 12-14 VLAN name 12-4 VLAN Redirect Configuration screen destination port 5-19 frame format (selectable) 5-20 redirect errors 5-20 source VLAN 5-19 status 5-20 W Weighted Queueing Mode setting of 6-21 Index-9