MAGNUM 6K FAMILY OF SWITCHES Managed Network Software (MNS) MNS-6K-SECURE 14.1.4 and MNS-6K 4.1.
Preface This guide describes how to use the Command Line Interface (CLI) for the Magnum 6K family of switches. For the Web Management Interface please refer to the Web Management Guide. Some simple guidelines which will be useful for configuring and using the Magnum 6K family of switches If you need information on a specific command in the CLI, type the command name after you type the word “help” (help ) or just type [Enter].
Trademarks GarrettCom Inc. reserves the right to change specifications, performance characteristics and/or model offerings without notice. GarrettCom, Magnum, S-Ring, Link-Loss-Learn, Converter Switch, Convenient Switch and Personal Switch are trademarks and Personal Hub is a registered trademark of GarrettCom, Inc. NEBS is a registered trademark of Telcordia Technologies. UL is a registered trademark of Underwriters Laboratories. Ethernet is a trademark of Xerox Corporation.
Table of Contents 1 – Conventions Followed ............................................................... 19 Flow of the User Guide .......................................................... 21 2 – Getting Started ............................................................................ 23 Before starting .......................................................................... 23 MNS-6K Software Updates ....................................................... 24 Console connection ....................
Upgrading to MNS-6K-SECURE ......................................... 36 List of commands in this chapter .......................................... 37 3 – IP Address and System Information..................................... 39 IP Addressing ............................................................................... 39 Importance of an IP address .................................................. 39 DHCP and bootp ........................................................................
Configuring IPv6 ...................................................................... 74 List of commands in this chapter .......................................... 75 5 – DHCP Server ..................................................................77 Modes of Operation ................................................................ 78 Technical Details ...................................................................... 79 DHCP Discovery ...............................................................
8 – Access Using RADIUS ................................................. 106 RADIUS ..................................................................................... 106 802.1x .......................................................................................106 Configuring 802.1x.................................................................109 List of commands in this chapter ........................................114 9 – Access Using TACACS+ ..............................................
Using STP ................................................................................148 List of commands in this chapter ........................................158 13 – Rapid Spanning Tree Protocol (RSTP) ...................... 159 RSTP concepts ........................................................................... 159 Transition from STP to RSTP .............................................160 Configuring RSTP ..................................................................
Configuring QoS ....................................................................208 List of commands in this chapter ........................................213 18 – IGMP ........................................................................... 214 IGMP concepts .......................................................................... 214 IGMP-L2 .................................................................................218 Configuring IGMP .....................................................
System Events .........................................................................272 MAC Address Table ..............................................................277 List of commands in this chapter ........................................278 APPENDIX 1 - Command listing by Chapter .................. 281 Chapter 2 – Getting Started..................................................281 Chapter 3 – IP Address and System Information .............282 Chapter 4 – IPv6 ....................................
Using Mozilla Firefox (ver. 3.x) ...........................................329 Using Internet Explorer (ver 7.x) ........................................333 Using Other Browsers ...........................................................334 APPENDIX 5 – Updating MNS-6K Software.................... 335 1. Getting Started ...................................................... 336 Selecting the proper version .....................................337 Downloading the MNS-6K software ......................
List of Figures FIGURE 1 - HyperTerminal screen showing the serial settings ................................................................. 25 FIGURE 2 - Prompt indicating the switch model number as well as mode of operation – note the commands to switch between the levels is not shown here. ............................................................. 26 FIGURE 3 – As the switch tries to determine its mode of operation and its IP address, it may assign and release the IP address a number of times.
FIGURE 24 - Changing telnet access – note in this case, the enable command was repeated without any effect to the switch ................................................................................................................ 42 FIGURE 25 - Reviewing the console parameters – note telnet is enabled .................................................. 43 FIGURE 26 - Example of a telnet session .............................................................................................
FIGURE 46 – displaying configuration for different modules. Note – multiple modules can be specified on the command line ..................................................................................................... 64 FIGURE 47 – Hide or display system passwords .................................................................................... 65 FIGURE 48 – Erasing configuration without erasing the IP address .......................................................
FIGURE 70 – securing the network using port access ............................................................................ 113 FIGURE 71 – Flow chart describing the interaction between local users and TACACS authorization .......................................................................................................................... 117 FIGURE 72 – TACACS packet format .............................................................................................
FIGURE 94 – More than one S-Ring pair can be selected and more than one S-Ring can be defined per switch. Note – the mP62 as well as the ES42 switches support LLL and can participate in S-Ring as an access switch .................................................................................. 180 FIGURE 95 – Activating S-Ring on the switch .................................................................................... 182 FIGURE 96 – S-Ring configuration commands for root switch .....................
FIGURE 112 – The network for the ‘show lacp’ command listed below .................................................. 203 FIGURE 113 – LACP information over a network ............................................................................. 204 FIGURE 114 – ToS and DSCP ......................................................................................................... 206 FIGURE 115 - IP Precedence ToS Field in an IP Packet Header.........................................................
FIGURE 136 – Predefined conditions for the relay ................................................................................ 257 FIGURE 137 – Setting up the external electrical relay and alerts .......................................................... 260 FIGURE 138 – setting SMTP to receive SNMP trap information via email ......................................... 265 FIGURE 139 – Optimizing serial connection (shown for Hyper Terminal on Windows XP).
FIGURE 163 – Make sure to select the Xmodem protocol and the proper directory where the configuration is saved. Click on Receive. This starts the file transfer. ......................................... 345 FIGURE 164 – Status window for Xmodem (using HyperTerminal under Windows XP) .................... 346 FIGURE 165 – Message which shows the completion of the file transfer (from ‘saveconf’ command) ........ 346 FIGURE 166 – Example of saveconf command for tftp..............................................
1 Chapter 1 – Conventions Followed Conventions followed in the manual… T o best use this document, please review some of the conventions followed in the manual, including screen captures, interactions and commands with the switch, etc. Box shows interaction with the switch command line or screen captures from the switch or computer for clarity Commands typed by a user will be shown in a different color and this font Switch prompt – shown in Bold font, with a “# or >” at the end.
M A G N U M j 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Related Topics Related topics show that GarrettCom strongly recommends reading about those topics. You may choose to skip those if you already have prior detailed knowledge on those subjects. Tool box – Necessary software and hardware components needed (or recommended to have) as a prerequisite. These include serial ports on a computer, serial cables, TFTP or FTP software, serial terminal emulation software etc.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Flow of the User Guide The manual is designed to guide the user through a sequence of events. Chapter 1 – this chapter Chapter 2 is the basic setup as required by the Magnum 6K family of switches. After completing Chapter 2, the configuration can be done using the web interface. Chapter 2 is perhaps the most critical chapter in what needs to be done by the network administrator once the switch is received.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Chapter 12 shows how STP can be setup and used. Today, RSTP is preferred over STP. Chapter 13 shows how RSTP is setup and used as well as how RSTP can be used with legacy devices which support STP only. Chapter 14 focuses on S-Ring™ and setup of S-Ring. Chapter 15 talks about dual homing and how dual homing can be used to bring resiliency to edge devices.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E 2 Chapter 2 – Getting Started First few simple steps … T his section explains how the GarrettCom Magnum 6K family of switches can be setup using the console port on the switch. Some of the functionality includes setting up the IP address of the switch, securing the switch with a user name and password, setting up VLAN’s and more.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E and a PC is networked to the switch, the switch’s command line interface (CLI) can be accessed via telnet. To manage the switch through in-band (networked) access (e.g. telnet, or Web Browser Interface), you should configure the switch with an IP address and subnet mask compatible with your network. You should also change the manager password to control access privileges from the console.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Once the switch is configured with an IP address, the Command Line Interface (or CLI) is also accessible using telnet as well as the serial port. Access to the switch can be either through the console interface or remotely over the network. The Command Line Interface (CLI) enables local or remote unit installation and maintenance.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E The switch has three modes of operation – Operator (least privilege), Manager and Configuration. The prompts for the switches change as the switch changes modes from Operator to Manager to Configuration. The prompts are shown in Figure 2 below, with a brief explanation of what the different prompts indicate.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Should a situation arise when there are multiple new switches powered up at the same time, there could be a situation of duplicate IP addresses. In this situation, only one Magnum switch will be assigned the IP address of 192.168.1.2 and netmask of 255.255.255.0. The other switches will not be assigned an IP address till the static IP address of 192.168.1.2 is freed up or reassigned. This situation may not be prevalent in all cases.
M A G N U M • • • • • • • • • 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Power on the switch Once the login prompt appears, login as manager using default password (manager) Configure the IP address, network mask and default gateway as per the IP addressing scheme for your network Set the Manager Password (recommended–refer to next section) Save the settings (without saving, the changes made will be lost) Power off the switch (or a software reboot as discussed below) Power on the switch – lo
M A G N U M 6 K S W I T C H E S , Version MAC Address IP Address Subnet Mask Gateway Address CLI Mode System Name System Description System Contact System Location System ObjectId : : : : : : : : : : : M N S - 6 K U S E R G U I D E Magnum 6K25 build 14.1 Jul 28 2008 07:51:45 00:20:06:25:b7:e0 192.168.1.150 255.255.255.0 192.168.1.10 Manager Magnum6K25 25 Port Modular Ethernet Switch support@garrettcom.com Fremont, CA 1.3.6.1.4.1.553.12.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E command is shown below in Figure 6 Magnum6K25> enable manager Password: ******* Magnum6K25# FIGURE 7 - Switching users and privilege levels. Note the prompt changes with the new privilege level. Operator Privileges Operator privileges allow views of the current configurations but do not allow changes to the configuration. A ">" character delimits the Operator-level prompt.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Magnum6K25# user Magnum6K25(user)## add user=peter level=2 Enter User Password:****** Confirm New Password:****** Magnum6K25(user)## FIGURE 8 - Adding a user with Manager level privilege In this example, user ‘peter’ was added with Manager privilege.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Magnum6K25(user)## FIGURE 11 - Changing the privilege levels for a user In this example, user ‘peter’ was modified to Operator privileges. Modifying Access Privileges User access allows the network administrators to control as to who has read and write access and for which set of command groups.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Magnum6K25(user)## useraccess user=peter group=vlan,user,system type=read enable Access rules set for Read Operation. Groups: All Command Groups.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Help Typing the ‘help’ command lists the commands you can execute at the current privilege level.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E show active-vlan show address-table show age show alarm show arp show auth show backpressure show bootmode --more-- FIGURE 16 - Options for the ‘show’ command Context help Other ways to display help, specifically, with reference to a command or a set of commands, use the TAB key.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Magnum6K25> se password timeout vlan Magnum6K25> set FIGURE 19 - Listing commands options – note the command was not completed and the TAB key completed the command. Exiting To exit from the CLI interface and terminate the console session use the ‘logout’ command. The logout command will prompt you to ensure that the logout was not mistakenly typed. Syntax logout Magnum6K25# logout Logging out from the current session...
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Saving current configuration Configuration saved Saving current event logs Event logs saved Magnum6K25# FIGURE 21 – Upgrading to MNS-6K-SECURE After the license key is entered – please use the save command to save the key in flash memory. It is recommended to preserve the information for future use.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Syntax - listing all commands available at the privilege level Syntax - options for a command Syntax - listing commands starting with the character Syntax logout – logout from the CLI session Syntax useraccess user= service= - defines the services available to the user to access the device for modifying the configuration Syntax useracces
3 Chapter 3 – IP Address and System Information First simple steps to follow… T his section explains how the Magnum 6K family of switches can be setup using other automatic methods such as bootp and DHCP. Besides this, other parameters required for proper operation of the switch in a network are discussed. j IP Addressing It is assumed that the user has familiarity with IP addresses, classes of IP addresses and related netmask schemes (e.g. class A, Class B and Class C addressing).
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E To verify the IP address settings, the ‘show ipconfig’ command can be used. Magnum6K25> show ipconfig IP Address : 192.168.1.150 Subnet Mask : 255.255.255.0 Default Gateway : 192.168.1.10 Magnum6K25> FIGURE 22 - Checking the IP settings Besides manually assigning IP addresses, there are other means to assign an IP address automatically. The two most common procedures are using DHCP and bootp.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E ht: is the “hardware type”. For the Magnum 6K family of switches, set this to ether (for Ethernet). This tag must precede the “ha” tag. ha: is the “hardware address”. Use the switch’s 12-digit MAC address ip: is the IP address to be assigned to the switch sm: is the subnet mask of the subnet in which the switch is installed Configuring Auto/DHCP/Bootp/Manual By default, the switch is configured for ‘auto’.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E switch is put on a network and the specific configurations are loaded from a centralized BootP server Magnum6K25# set bootmode type=dhcp Save Configuration and Restart System Magnum6K25# set bootmode type=auto Save Configuration and Restart System Magnum6K25# set bootmode type=bootp bootimg=enable bootcfg=disable Network application image download is enabled. Network application config download is disabled.
M A G N U M 6 K S W I T C H E S , M N S - 6 K Magnum6K25# show console Console/Serial Link Inbound Telnet Enabled Outbound Telnet Enabled Web Console Enabled SNMP Enabled Terminal Type Screen Refresh Interval (sec) : 3 Baud Rate Flow Control Session Inactivity Time (min) Magnum6K25# U S E R G U I D E : Yes : Yes : Yes : Yes : VT100 : 38400 : None : 10 FIGURE 25 - Reviewing the console parameters – note telnet is enabled Users can telnet to a remote host from the Magnum 6K family of switches.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Magnum6K25# user Magnum6K25(user)## useraccess user=peter service=telnet enable Telnet Access Enabled. Magnum6K25(user)## exit Magnum6K25# show session Current Sessions: SL # Session Id Connection 1 1 163.10.10.14 2 2 163.11.11.15 3 3 163.12.12.16 Magnum6K25# kill session id=3 Session Terminated.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E strong algorithms such as blowfish, 3DES, IDEA etc.). Encryption provides confidentiality and integrity of data. . The goal of SSH was to replace the earlier rlogin, Telnet and rsh protocols, which did not provide strong authentication or guarantee confidentiality. In 1995, Tatu Ylönen, a researcher at Helsinki University of Technology, Finland, designed the first version of the protocol (now called SSH-1).
M A G N U M • • 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E The user authentication layer (RFC 4252). This layer handles client authentication and provides a number of authentication methods. Authentication is client-driven, a fact commonly misunderstood by users; when one is prompted for a password, it may be the SSH client prompting, not the server. The server merely responds to client's authentication requests.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Magnum6K25 (access)## ssh ? ssh : Enables or Disables the SSH ssh keygen : Generate Security Keys. ssh port= : Set TCP/IP Port Usage ssh ssh port= Magnum6K25 (access)## show ssh SSH is disabled Magnum6K25 (access)## ssh keygen SSH Key Generation Started. This will take several minutes to complete. Upon completion, the keys will be saved to flash memory.
M A G N U M 6 K S W I T C H E S , Boot Mode Inactivity Timeout(min) Address Age Interval(min) Inbound Telnet Enabled Web Agent Enabled SSH Server enabled Modbus Server Enabled Time Zone Day Light Time Rule System UpTime : : : : : : : : : : M N S - 6 K U S E R G U I D E manual 500 300 Yes Yes Yes Yes GMT-08hours:00minutes None 0 Days 0 Hours 2 Mins 31 Secs ML2400# FIGURE 28 – setting up ssh – since telnet sends the information in clear text, make sure that telnet is disabled to secure the switch.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Magnum6K25# show dns DNS Server Address : 0.0.0.0 Domain Name : Not Set DNS Status : Disabled. Magnum6K25# set dns server=192.168.5.254 domain=customer-domain.com Domain Name Server Set. Magnum6K25# show dns DNS Server Address : 192.168.5.254 Domain Name : customer-domain.com DNS Status : Disabled. Magnum6K25# set dns enable DNS enabled. Magnum6K25# show dns DNS Server Address : 192.168.5.254 Domain Name : customer-domain.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Setting serial port parameters To be compliant with IT or other policies the console parameters can be changed from the CLI interface. This is best done by setting the IP address and then telnet over to the switch. Once connected using telnet, the serial parameters can be changed. If you are using the serial port, remember to set the VT-100 emulation software properties to match the new settings.
M A G N U M 6 K S W I T C H E S , System Contact System Location System ObjectId Magnum6K25# M N S - 6 K U S E R G U I D E : support@garrettcom.com : Fremont, CA : 1.3.6.1.4.1.553.12.6 FIGURE 31 - System parameters using the show setup command.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Magnum6K25# snmp Magnum6K25(snmp)## setvar ? setvar : Configures system name, contact or location Usage: setvar [sysname|syscontact|syslocation]= Magnum6K25(snmp)## setvar syslocation=Fremont System variable(s) set successfully Magnum6K25(snmp)## exit Magnum6K25# FIGURE 33 - Setting the system name, system location and system contact information Date and time It may be necessary to set the day, time or the time zone manually.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Syntax set timeformat format=<12|24> Syntax set daylight country=< country name> Magnum6K25# set daylight ? set daylight : Sets the day light location Usage set daylight country= Magnum6K25# set daylight country=USA Success in setting daylight savings to the given location/country USA Magnum6K25# show daylight Daylight savings location name : USA Magnum6K25# FIGURE 35 - Setting the system daylight saving time See Appendix 3 for add
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Syntax sntp [enable|disable] For example, to set the SNTP server to be 204.65.129.201 2 (with a time out of 3 seconds and a number of retries set to 3 times); allowing the synchronization to be ever 5 hours, the following commands are used Magnum6K25# sntp Magnum6K25(sntp)## setsntp server=204.65.129.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E To upgrade to MNS-6K 4.x or MNS-6K-SECURE 14.x, make sure the switch is first upgraded to version 3.7 or higher Once the configuration is saved – the saved configuration can be loaded to restore back the settings. At this time the configuration parameter saved or loaded are not in a human readable format.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Syntax show ftp- display the current ftp operation mode With MNS-6K additional capabilities have been added to save and load configurations.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E This can also perform the task of exporting a configuration file or uploading a new image to the switch [host=] [ip=] [file=] – parameters associated with tftp server for proper communications with the server Syntax xmodem [type=] – upload and download information using xmodem command and console connection Where - different xmodem file transfer operat
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E object or in a newer format as an ASCII (readable) file. The new format is preferred by GarrettCom and GarrettCom recommends all configuration files be saved in the new format. GarrettCom recommends saving the configuration in the old format only if there are multiple Magnum 6K family of switches on the network and they all run different versions of MNS-6K.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E # of Magnum 6K switch configurations. As such, this script # provides insights into the configuration of Magnum 6K switch's # settings. GarrettCom recommends that modifications of this # file and the commands should be verified by the User in a # test environment prior to use in a "live" production network.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E System portion of the file only. GarrettCom recommends editing the “script” file (see below) Note 2 – File names cannot have special characters such as *#!@$^&* space and control characters. Script files Script file is a file containing a set of CLI commands which are used to configure the switch.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E # System Manager - This area configures System related # # information. # ########################################################## set bootmode type=manual ipconfig ip=192.168.5.5 mask=0.0.0.0 dgw=0.0.0.0 set timeout=10 access telnet enable snmp enable web=enable exit ########################################################## # User Accounts - This area configures user accounts for # # accessing this system.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E ==================================================================== 1 server 192.168.5.2 -****** 2 ----3 ----4 ----5 ----6 ----7 ----8 ----9 ----10 ----Magnum6K25(access)## FIGURE 42 – Creating host entries on MNS-6K Syntax more - enable or disable the scrolling of lines one page at a time Example Magnum6K25# more show CLI Display paging enabled. Magnum6K25# more disable CLI Display paging disabled.
M A G N U M gvrp snmp web tacacs auth igmp smtp 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E GVRP settings SNMP settings Web and SSL/TLS settings TACACS+ settings 802.1x Settings IGMP Settings SMTP settings If the module name is not specified the whole configuration is displayed. Magnum6K25# show config [HARDWARE] type=Magnum6K25 slotB=8 Port TP Module ########################################################## # System Manager - This area configures System related # # information.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E deftrapcomm=public authtrap=disable com2sec_count=0 group_count=0 view_count=1 view1_name=all view1_type=included view1_subtree=.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Magnum6K25# set secrets hide Secrets will be hidden. Magnum6K25# set secrets show Secrets will be visible. Magnum6K25# FIGURE 47 – Hide or display system passwords Erasing configuration To erase the configuration and reset the configurations to factory default, you can use the command ‘kill config’. This command is a “hidden command” i.e. the on-line help and other help functions normally do not display this command.
M A G N U M 6 K smtp S W I T C H E S , M N S - 6 K U S E R G U I D E SMTP settings If the module name is not specified the whole configuration is erased. For example, ‘kill config save=system’ preserves the system IP address, netmask and default gateway. Magnum6K25# kill config save=system Do you want to erase the configuration? [ 'Y' or 'N'] Y Successfully erased configuration...Please reboot.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E List of commands in this chapter Syntax set bootmode type= [bootimg=] [bootcfg=[] – assign the boot mode for the switch Where - where dhcp – look only for DHCP servers on the network for the IP address. Disable bootp or other modes bootp – look only for bootp servers on the network.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Syntax set serial [baud=] [data=<5|6|7|8>] [parity=] [stop=<1|1.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Where - different ftp operations [type=] – optional type field. This is useful to specify whether a log file or host file is uploaded or downloaded.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Where - different xmodem file transfer operations – get a file from the server or put the information on the server [type=] – optional type field. This is useful to specify whether a log file or host file is uploaded or downloaded.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Syntax show timezone – shows the system timezone Syntax show date – shows the system date Syntax show uptime – shows the amount of time the switch has been operational 71
4 Chapter 4 – IPv6 Next generation IP addressing T his section explains how the access to the GarrettCom Magnum MNS-6K can setup using IPv6 instead of IPv4 addressing described earlier. IPv6 provides a much larger address space and is required today by many. IPv6 is available in MNS-6K-SECURE version only. j Assumptions It is assumed here that the user is familiar with IP addressing schemes and has other supplemental material on IPv6, configuration, routing, setup and other items related to IPv6.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E incremental, with few or no critical interdependencies. Most of today's internet uses IPv4, which is now nearly twenty years old. IPv4 has been remarkably resilient in spite of its age, but it is beginning to have problems. Most importantly, there is a growing shortage of IPv4 addresses, which are needed by all new machines added to the Internet.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E used as an identifier for the node. A single interface may be assigned multiple IPv6 addresses of any type. There are three types of IPv6 addresses. These are unicast, anycast, and multicast. Unicast addresses identify a single interface. Anycast addresses identify a set of interfaces such that a packet sent to an anycast address will be delivered to one member of the set.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Magnum6K25# ipconfig ip=fe80::220:6ff:fe25:ed80 mask=ffff:ffff:ffff:ffff:: Action Parameter Missing. "add" assumed. IPv6 Parameters Set. Magnum6K25# show ipv6 IPv6 Address : fe80::220:6ff:fe25:ed80 mask : ffff:ffff:ffff:ffff:: Magnum6K25# show ipconfig IP Address Subnet Mask Gateway Address IPv6 Address IPv6 Gateway : : : : : 192.168.5.5 255.255.255.0 192.168.5.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R 76 G U I D E
5 Chapter 5 – DHCP Server Access to other devices on the network…. T his feature is available in MNS-6K-SECURE only. This section explains how DHCP services can be provided for devices on the network. MNS-6K can provide DHCP services. Network administrators use Dynamic Host Configuration Protocol (DHCP) servers to administer IP addresses and other configuration information to IP devices on the network.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E As described earlier, the Dynamic Host Configuration Protocol (DHCP) automates the assignment of IP addresses, subnet masks, default gateway, DNS servers and other IP parameters. When a DHCP configured machine boots up or regains connectivity after a power outage or network outage, the DHCP client sends a query requesting necessary information from a DHCP server.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E intervention. Most administrators prefer to use static IP addresses (which are allocated out for such purposes) instead of using the manual mode. Allocating specific IP address for specific networks or VLANs also aids in securing the network. Firewall rules or access rules can be written and designed for specific address ranges, which are allocated out by the DHCP server.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E The client broadcasts on the physical subnet to find available servers. Network administrators can configure a local router to forward DHCP packets to a DHCP server on a different subnet. This client-implementation creates a UDP packet with the broadcast destination of 255.255.255.255 or subnet broadcast address. A client can also request its last-known IP address.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E acknowledgement to the client. The system as a whole expects the client to configure its network interface with the supplied options. DHCP Information The client sends a request to the DHCP server: either to request more information than the server sent with the original DHCP ACK; or to repeat data for a particular application. Such queries do not cause the DHCP server to refresh the IP expiry time in its database.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Syntax - reserve-ip ip= [mac=] - reserve a specific IP address for a device Syntax - clear-reserveip ip= - clear the reverse IP assigned Syntax - show dhcpsrv - display the DHCP server configuration, leases as well as status DHCP Services are available for the default VLAN only.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Gateway : 192.168.10.1 Lease time : 8 Hours Magnum6K25(dhcpserver)## dhcpsrv stop The Server takes few seconds to Stop................................. Magnum6K25(dhcpserver)## exit Magnum6K25# FIGURE 51 – Setting up DHCP Server on MNS-6K-SECURE List of commands in this chapter Syntax - dhcpsrv - start or stop the DHCP server.
6 Chapter 6 – SNTP Server Synchronizing the time…. A j fter discussing how to setup an SNTP client in an earlier chapter, it is important to figure out where the synchronizing server or the clock synchronization information comes from. This chapter discusses the details on how a Magnum switch can be setup as a SNTP server. SNTP - prerequisites It is assumed here that the user is familiar with issues on why time synchronization is needed between systems on a network.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Time or Temps Atomique International (TAI) by inserting leap seconds at intervals of about 18 months. UTC time is disseminated by various means, including radio and satellite navigation systems, telephone modems and portable clocks. In 1981 the time synchronization technology was documented in the now historic Internet Engineering Note series as IEN-173. The first specification of a public protocol developed from it appeared in RFC-778.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Stratum 2 devices will peer with other Stratum 2 devices to provide more stable and robust time for all devices in the peer group. Stratum 2 devices normally act as servers for Stratum 3 NTP requests. Stratum 3 These devices employ exactly the same NTP functions of peering and data sampling as Stratum 2, and can themselves act as servers for lower strata, potentially up to 16 levels.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E MNS-6K-SECURE Implementation Syntax sntpserver – enter the SNTP Server configuration mode Syntax sntpsrv - Start or stop the SNTP Services Syntax show sntpsrv – display the status of SNTP server The usage of the commands are shown below.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E List of commands in this chapter Syntax sntpserver – enter the SNTP Server configuration mode Syntax sntpsrv - Start or stop the SNTP Services Syntax show sntpsrv – display the status of SNTP server 88
7 Chapter 7 – Access Considerations Securing the switch access…. T his section explains how the access to the GarrettCom Magnum MNS-6K can be secured. Further security considerations are also covered such as securing access by IP address or MAC address. j Securing access It is assumed here that the user is familiar with issues concerning security as well as securing access for users and computers on a network.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Port Security The port security feature can be used to block computers from accessing the network by requiring the port to validate the MAC address against a known list of MAC addresses. This port security feature is provided on an Ethernet, Fast Ethernet, or Gigabit Ethernet port. In case of a security violation, the port can be configured to go into the disable mode or drop mode.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Magnum6K25(port-security)## FIGURE 56 – Port security configuration mode From the port-security configuration mode, the switch can be configured to: 1) Auto-learn the MAC addresses 2) Specify individual MAC addresses to allow access to the network 3) Validate or change the settings The commands for doing the above actions are: Syntax allow mac= port= Syntax learn port= Sy
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Note 1: There is a limitation of 200 MAC addresses per port and 500 MAC addresses per Switch for Port Security. Note 2: All the commands listed above have to be executed under the port-security configuration mode. Syntax clear
M A G N U M 6 K 11 12 13 14 15 16 S W I T C H E S , ENABLE ENABLE ENABLE ENABLE ENABLE ENABLE M N S - 6 K NONE NONE NONE NONE NONE NONE U S E R NONE NONE NONE NONE NONE NONE G U I D E DISABLE DISABLE DISABLE DISABLE DISABLE DISABLE 0 0 0 0 0 0 Not Configured Not Configured Not Configured Not Configured Not Configured Not Configured Magnum6K25(port-security)## FIGURE 60 – Viewing port security settings on a switch. On port 9, learning is enabled.
M A G N U M 6 K 11 13 S W I T C H E S , M N S - 6 K ENABLE NONE ENABLE NONE U S E R NONE NONE G U I D E ENABLE DISABLE 0 0 00:07:50:ef:31:40 00:e0:29:22:15:85 00:03:47:ca:ac:45 00:30:48:70:71:23 00:c1:00:7f:ec:00 00:c1:00:7f:ec:00 00:c1:00:7f:ec:00 FIGURE 62 – Allowing specific MAC address on specific ports.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E 9) (Optional step) Set the notification to notify the management station on security breach attempts (Use command ‘signal port’ to make a log entry or send a trap) Magnum6K25# port-security Magnum6K25(port-security)## ps enable Port Security is already enabled Magnum6K25(port-security)## learn port=11 enable Port Learning Enabled on selected port(s) Magnum6K25(port-security)## show port-security PORT -------9 STATE SIGNAL ---------- ----
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Once port security is setup, it is important to manage the log and review the log often. If the signals are sent to the trap receiver, the traps should also be reviewed for intrusion and other infractions. Syslog and Logs Logs are available on MNS-6K as well as MNS-6K-SECURE. Syslog functionality is a feature of MNS-6K-SECURE. All events occurring on the Magnum 6K family of switches are logged.
M A G N U M 6 K S W I T C H E S , Code 0 1 2 3 4 5 6 7 M N S - 6 K U S E R G U I D E Description Emergency (or Fatal) system is unusable – called “fatal” in show log command Alert: action must be taken immediately Critical: critical conditions Error: error conditions Warning: warning conditions Notice: normal but significant condition – called “note” in show log command Informational: informational messages Debug: debug-level messages The above categories are defined for MNS as fatal (or Emergency)
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E The ‘show log’ command displays the log information and the ‘clear log’ command clears the log entries.
M A G N U M Note Note Note Note Note Note Note Note Note Note Note 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E 06-23-2007 05:59:02 P.M SNTP:SNTP Client Started 06-23-2007 05:59:09 P.M SNTP:SNTP Time Synchronized 06-23-2007 05:59:10 P.M SNTP:SNTP Time Synchronized 06-23-2007 05:59:36 P.M CLI:Session Started from Telnet: 192.168.5.2 06-23-2007 05:59:39 P.M SNTP:SNTP Time Synchronized 06-23-2007 05:59:40 P.M SNTP:SNTP Time Synchronized 06-23-2007 05:59:49 P.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Server Added Magnum6K25 (syslog)## show syslog SysLog Status: Disabled Server ID: 1 SysLog Server Host : 192.168.5.2 Server Logging : Disabled Log Events : Default Server ID: 2 SysLog Server Host : 192.168.5.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Server Enabled Magnum6K25 (syslog)## show syslog SysLog Status: Disabled Server ID: 2 SysLog Server Host : 192.168.5.98 Server Logging : Enabled Log Events : warn Local Log Events : Default Magnum6K25 (syslog)## syslog enable SysLog Enabled Magnum6K25 (syslog)## show syslog SysLog Status: Enabled Server ID: 2 SysLog Server Host : 192.168.5.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E attempts. This provides a chronological entry of all intrusions attempted on a specific port. The event log records events as single-line entries listed in chronological order, and serves as a tool for isolating problems. Each event log entry is composed of four fields Severity – the level of severity (see below) Date – date the event occurred on. See Chapter 3 on setting the date and time on the switch Time – time the event occurred on.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E deny – deny specified services for specified IP addresses – IP addresses can be individual stations, a group of stations or subnets.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Syntax configure port-security – sets the port authorization based on MAC addresses Syntax port-security – configure port security settings Syntax allow mac= port= - specify a specific MAC address or MAC address list Syntax learn port= - learn MAC addresses connected to the Magnum 6K switch Syntax show port-security – display port security settings Syntax action port=
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Syntax deny ip= mask= service= - deny specific IP address or range of IP addresses Syntax remove ip= mask= - delete a specific IP address from the access or trusted host list Syntax removeall – remove all IP addresses of trusted hosts Syntax show ip-access – display all trusted hosts Syntax clear
8 Chapter 8 – Access Using RADIUS Using a RADIUS server to authenticate access…. T his feature is available in MNS-6K-SECURE only. The IEEE 802.1x standard, Port Based Network Access Control, defines a mechanism for port-based network access control that makes use of the physical access characteristics of IEEE 802 LAN infrastructure. It provides a means of authenticating and authorizing devices attached to LAN ports that have point-to-point connection characteristics.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E received from the supplicant to a suitable authentication server. This allows the verification of user credentials to determine the consequent port authorization state. It is important to note that the authenticator’s functionality is independent of the actual authentication method. It effectively acts as a pass-through for the authentication exchange. 802.
M A G N U M 6 K S W I T C H E S , EAPOL M N S - 6 K U S E R G U I D E EAP over RADIUS 802.1x Switch X Port Connected Y \ ] ` Access Blocked EAP Request Id Z [ EAP Request EAP Response EAP Success RADIUS Access Request RADIUS Access Challenge ^ RADIUS Access Request _ RADIUS Access Accept Access Allowed FIGURE 69 – 802.1x authentication details 1. The supplicant (laptop/host) is initially blocked from accessing the network.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E The Magnum MNS-6K software implements the 802.1x authenticator. It fully conforms to the standards as described in IEEE 802.1x, implementing all the state machines needed for portbased authentication. The Magnum MNS-6K Software authenticator supports both EAPOL and EAP over RADIUS to communicate to a standard 802.1x supplicant and RADIUS authentication server.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E maxreq – [optional] The maximum number of times the authenticator will retransmit an EAP Request packet to the Supplicant before it times out the authentication session. Its default value is 2. It can be set to any integer value from 1 to 10.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E This command is not necessary, however is shown for completeness in case there was a RADIUS server defined and a previously set authentication scheme Magnum6K25(auth)## auth disable 802.1X Authenticator is disabled. Magnum6K25(auth)## authserver ip=192.168.1.239 secret=secret Successfully set RADIUS Authentication Server parameter(s) Magnum6K25(auth)##auth enable Enable the authentication 802.1X Authenticator is enabled.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Magnum6K25(auth)## show-port backend Port Supp Timeout Server Timeout Max Request (sec) (sec) ================================================= 1 30 30 2 The authenticator waits for the 2 45 60 5 supplicant to respond back for 45 3 30 30 2 seconds; the authenticator waits for 4 30 30 2 60 seconds for the backend 5 30 30 2 RADIUS server to respond back 6 30 30 2 and the authenticator will 7 30 30 2 retransmit an EAP request packet 8 30 30
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Magnum6K25(auth)## show-port reauth Port Reauth Status Reauth Period (sec) ================================================= 1 Enabled 300 2 Enabled 3600 3 Enabled 3600 4 Enabled 3600 5 Enabled 3600 6 Enabled 3600 7 Enabled 3600 8 Enabled 3600 9 Enabled 3600 10 Enabled 3600 11 Enabled 3600 12 Enabled 3600 13 Enabled 3600 14 Enabled 3600 15 Enabled 3600 16 Enabled 3600 See HFigure 47H for meaning of these statistics.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E List of commands in this chapter Syntax auth - configuration mode to configure the 802.1x parameters Syntax show auth - show the 802.1x configuration or port status Syntax authserver [ip=] [udp=] [secret=] - define the RADIUS server – use UDP socket number if the RADIUS authentication is on port other than 1812 Syntax auth - enables or disables the 802.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Syntax reauth port= [status=] [period=<10-86400>] set values on how the authenticator (Magnum 6K switch) does the re-authentication with the supplicant or PC port – [mandatory] – ports to be configured status – [optional] This enables/disables re-authentication period – [optional] this is the re-authentication period in seconds.
9 Chapter 9 – Access Using TACACS+ Using a TACACS+ server to authenticate access…. T his feature is available in MNS-6K-SECURE. TACACS+, short for Terminal Access Controller Access Control System, protocol provides access control for routers, network access servers and other networked computing devices via one or more centralized servers. TACACS+ provides separate authentication, authorization and accounting services.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E TACACS+ Flow TACACS works in conjunction with the local user list on the MNS-6K software (operating system.) Please refer to User Management for adding users on the MNS-6K software. The process of authentication as well as authorization is shown in the flow chart below.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E is authentication where the user is verified against the network user database. The second stage is authorization, where it is determined whether the user has operator access or manager privileges. TACACS+ Packet Packet encryption is a supported and is a configurable option for the Magnum MNS-6K software.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Syntax tacplus [ order=] - enable or disable TACACS authentication, specifying the order in which the server or local database is looked up where “tac,local” implies, first the TACAS+ server, then local logins on the device. Default order is Local then TACACS+ server.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E ================================================ 1 10.21.1.170 49 Enabled secret 2 10.21.1.123 49 Enabled some 3 ----4 ----5 ----Magnum6K25(user)## tacserver delete id=2 TACACS+ server is deleted. Magnum6K25(user)## show tacplus servers ID TACACS+ Server Port Encrypt Key ================================================ 1 10.21.1.170 49 Enabled secret 2 ----3 ----4 ----5 ----Magnum6K25(user)## tacplus enable TACACS+ is enabled.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E [key=] – [optional for add, mandatory with encrypt] when encryption is enabled, the secret shared key string must be supplied [mgrlevel=] and [oprlevel=] – [optional] specifies the manager and operator level as defined on the TACACS+ server for the respective level of login 121
10 Chapter 10 – Port Mirroring and Setup Setup the ports for network speeds, performance as well as for monitoring…. T his section explains how individual characteristics of a port on the GarrettCom Magnum 6K family of switches are setup. For monitoring a specific port, the traffic on a port can be mirrored on another port and viewed by protocol analyzers. Other setup includes automatically setting up broadcast storm prevention thresholds.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E The set of commands show how port 11 is mirrored on port 13. Any traffic on port 11 is also sent on port 13.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E speed – specifically sets the speed to be 10 or 100Mbps. Note – this works only with 10/100 ports – with 10Mbps ports, the option is ignored. No error is shown. See speed settings section below. flow – sets up flow control on the port.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E with the 802.3u standard, then the port configuration on the switch must be manually set to match the port configuration on the other device.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E where xonlimit can be from 3 to 30, default value is 4 xofflimit from 3 to 127, default value is 6 Syntax show flowcontrol Back Pressure Back Pressure is for half duplex operations and the controls provided indicates the number of buffers allowed for incoming traffic before a xon/xoff message is sent. Disabled (default) – The port will not use back pressure based flow control mechanisms. Enabled – The port uses 802.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Magnum6K25# device Magnum6K25(device)## show flowcontrol XOnLimit : 4 XOffLimit : 6 Magnum6K25(device)## flowcontrol xonlimit=10 xofflimit=15 XOn Limit set successfully XOff Limit set successfully Magnum6K25(device)## show flowcontrol XOnLimit : 10 XOffLimit : 15 Magnum6K25(device)## show backpressure Rx Buffer Threshold : 28 Magnum6K25(device)## backpressure rxthreshold=45 Rx Buffer Threshold set successfully Magnum6K25(device)## show ba
M A G N U M 6 K S W I T C H E S , Port Back Pressure Port Events Notify M N S - 6 K U S E R G U I D E : Disable : log,trap,alarm Magnum6K25(device)## setport port=11 flow=enable bp=enable Magnum6K25(device)## show port Keys: E = Enable D = Disable H = Half Duplex F = Full Duplex M = Multiple VLAN's NA = Not Applicable LI = Listening LE = Learning F = Forwarding B = Blocking Port Name Status Dplx Media Link Speed Part Auto Vlan GVRP STP ----------------------------------------------------------------
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E programs (including some network games) are used. Storms can reduce network performance and cause bridges, routers, workstations, servers and PC's to slow down or even crash. Preventing broadcast storms The Magnum 6K family of switches is capable of detecting and limiting storms on each port. A network administrator can also set the maximum rate of broadcast packets (frames) that are permitted from a particular interface.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E 13 Enabled 19531 0 NO 14 Enabled 19531 0 NO 15 Enabled 19531 0 NO 16 Enabled 19531 0 NO Magnum6K25(device)## rate-threshold port=11 rate=3500 Broadcast Rate Threshold set Magnum6K25(device)## show broadcast-protect ====================================================================== PORT | STATUS | THRESHOLD (frms/sec) | CURR RATE (frms/sec) | ACTIVE ====================================================================== 9 Enabled 19531
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Syntax flowcontrol xonlimit= xofflimit= - configure flow control buffers Syntax show flowcontrol – display flow control buffers Syntax backpressure rxthreshold= - configure backpressure buffers Syntax show backpressure – display backpressure buffers Syntax broadcast-protect - protect switch from broadcast storms Syntax rate-threshold port= rate= - change the allowed broadc
11 Chapter 11 – VLAN Create separate network segments (collision domains) across Magnum 6K family of switches….. S hort for virtual LAN (VLAN), a VLAN creates separate collision domains or network segments that can span multiple Magnum 6K family of switches. A VLAN is a group of ports designated by the switch as belonging to the same broadcast domain. The IEEE 802.1Q specification establishes a standard method for inserting VLAN membership information into Ethernet frames.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E A group of network users (ports) assigned to a VLAN form a broadcast domain. Packets are forwarded only between ports that are designated for the same VLAN. Cross-domain broadcast traffic in the switch is eliminated and bandwidth is saved by not allowing packets to flood out on all ports. For many reasons a port may be configured to belong to multiple VLANs.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R Segment 1 G U I D E Segment 2 Router Router or L3-switch VLAN 1 VLAN 2 MNS-6K-SECURE supports up to 256 VLANs. FIGURE 80 – routing between different VLANs is performed using a router such as a Magnum DX device or a Layer 3 switch (L3-switch) MNS-6K supports up to 32 VLANs per switch. MNS-6K-SECURE supports up to 256 VLANs per switch.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Syntax add id= [name=] port= [forbid=] [] Disabling Management on VLAN Use the option when creating a VLAN as shown in the add id command above.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E have access to that information. No one else can access that VLAN. Similarly, if another switch had video surveillance equipment on VLAN 20 then only ports with access to VLAN 20 can have access to the video surveillance information. Finally, one port can belong to multiple VLANs – so depending on the function and use, different VLANs information can be shared across a port. Such a port is said to be in promiscuous mode for private VLANs.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E 1. A word of caution – when TAG VLAN filtering is enabled, there can be serious connectivity repercussions – the only way to recover from that it is to reload the switch without saving the configuration or by modifying the configuration from the console (serial) port 2. There can be either TAG VLAN on MSN-6K or Port VLAN. Both VLANs cannot coexit at the same time 3. There can only be one default VLAN for the switch.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E VLAN ID: 30 Name : marketing Status : Active ======================== PORT | STATUS ======================== 14 | DOWN Magnum6K25(port-vlan)## stop vlan=all If VLANs are already active you may have to stop VLANs to execute commands such as delete VLAN. The command here is used as an example to show how VLANs can be stopped. . All active VLAN's stopped.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R Tag based vlan Added Successfully. Vlan id :20 Vlan name : sales Ports :14-16 G U I D E Intentionally done to show the effect of adding a duplicate VLAN. Magnum6K25(tag-vlan)## add id=20 name=marketing port=14-16 ERROR: Duplicate Vlan Id Magnum6K25(tag-vlan)## add id=30 name=marketing port=14-16 Tag based vlan Added Successfully.
M A G N U M 14 15 16 | | | 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E UNTAGGED | DOWN UNTAGGED | DOWN UNTAGGED | DOWN VLAN ID: 30 Name : marketing Status : Pending ---------------------------------------------------PORT | MODE | STATUS ---------------------------------------------------14 | UNTAGGED | DOWN 15 | UNTAGGED | DOWN 16 | UNTAGGED | DOWN Magnum6K25(tag-vlan)## start vlan=all Enable filtering on the ports required.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E ----------------------------------------------PORT | MODE | STATUS ----------------------------------------------14 | UNTAGGED | DOWN 15 | UNTAGGED | DOWN 16 | UNTAGGED | DOWN VLAN ID: 20 Name : sales Status : Active ----------------------------------------------PORT | MODE | STATUS ----------------------------------------------14 | UNTAGGED | DOWN 15 | UNTAGGED | DOWN 16 | UNTAGGED | DOWN VLAN ID: 30 Name : marketing Status : Active ----
M A G N U M 2| 3| 4| 5| 6| 7| 8| 9| 10 | 11 | 12 | 13 | 14 | 15 | 16 | 6 K S W I T C H E S , UNTAGGED | UNTAGGED | UNTAGGED | UNTAGGED | UNTAGGED | UNTAGGED | UNTAGGED | UNTAGGED | UNTAGGED | UNTAGGED | UNTAGGED | UNTAGGED | UNTAGGED | UNTAGGED | UNTAGGED | M N S - 6 K U S E R G U I D E DOWN DOWN DOWN DOWN DOWN DOWN DOWN DOWN DOWN DOWN DOWN DOWN DOWN DOWN DOWN VLAN ID: 10 Name : mkt Status : Active ----------------------------------------------PORT | MODE | STATUS ----------------------------------
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R Port 1 Default ID : 1 Filter Status : DISABLED. VLAN Memberships: Vlan: 1 Status: Active UNTAGGED Port 2 Default ID : 1 Filter Status : DISABLED. VLAN Memberships: Vlan: 1 Status: Active UNTAGGED Port 13 Default ID : 1 Filter Status : DISABLED. VLAN Memberships: Vlan: 1 Status: Active UNTAGGED Port 14 Default ID : 1 Filter Status : ENABLED.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R Magnum6K25(tag-vlan)## show-port VLAN Port Status. Port 1 Default ID : 1 Filter Status : DISABLED. VLAN Memberships: Vlan: 1 Status: Active UNTAGGED Port 2 Default ID : 1 Filter Status : DISABLED. VLAN Memberships: Vlan: 1 Status: Active UNTAGGED Port 13 Default ID : 1 Filter Status : DISABLED. VLAN Memberships: Vlan: 1 Status: Active UNTAGGED Port 14 Default ID : 1 Filter Status : ENABLED.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E VLAN Port Status. Port 14 Default ID : 1 Filter Status : ENABLED. VLAN Memberships: Vlan: 1 Status: Active UNTAGGED Vlan: 10 Status: Active TAGGED Vlan: 20 Status: Active TAGGED Vlan: 30 Status: Active TAGGED In the above example, "show-port" command provides a perspective on which VLANs are associated with which ports, whether the VLANs are active, tagged or untagged.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Syntax set-port port= tagging id= status= defines whether the outgoing packets from a port will be tagged or untagged.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E 12 Chapter 12 – Spanning Tree Protocol (STP) Create and manage alternate paths to the network S panning Tree Protocol was designed to avoid loops in an Ethernet network. An Ethernet network using switches can have redundant paths – this may however cause loops and to prevent the loops MNS-6K software uses spanning tree protocol. As a manager of the MNS-6K software, controlling n which span the traffic traverses is necessary.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Variable or Attribute Default Value STP capabilities Disabled reconfiguring general operation priority 32768 Bridge maximum age 20 seconds Hello time 2 seconds Forward delay 15 seconds Reconfiguring per-port STP path cost 0 Priority 32768 Mode Normal Monitoring of STP Not Available Root Port Not set Figure 82 – STP default values – refer to next section “Using STP” for more detailed explanation on the variables 1.
M A G N U M 6 K S W I T C H E S , Bridge ID Bridge Priority Bridge Forward Delay Bridge Hello Time Bridge Max Age Root Port Root Path Cost Designated Root Designated Root Priority Root Bridge Forward Delay Root Bridge Hello Time Root Bridge Max Age M N S - 6 K : : : : : : : : : : : : U S E R G U I D E 80:00:00:20:06:25:ed:80 32768 15 2 20 0 0 80:00:00:20:06:25:ed:80 32768 15 2 20 RSTP CONFIGURATION ----------------Rapid STP/STP Enabled(Global) : NO Magnum6K25# FIGURE 83 – Viewing STP configuration
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Designated Root: shows the MAC address of the bridge in the network elected or designated as the root bridge. Normally when STP is not enabled the switch designates itself as the root switch Designated Root Priority: shows the designated root bridge’s priority. Default value is 32768 Root Bridge Forward Delay: indicates the designated root bridge’s forward delay.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Priority: STP uses this to determine which ports are used for forwarding. Lower the number means higher priority. Value ranges from 0 to 255. Default is 128 Path Cost: This is the assigned port cost value used for the switch to determine the forwarding points. Values range from 1 to 65535 State: indicates the STP state of individual ports. Values can be Listening, Learning, Forwarding, Blocking and Disabled. Des.
M A G N U M 6 K S W I T C H E S , M N S - 6 K STP CONFIGURATION ----------------Spanning Tree Enabled(Global) Spanning Tree Enabled(Ports) Protocol Bridge ID Bridge Priority Bridge Forward Delay Bridge Hello Time Bridge Max Age Root Port Root Path Cost Designated Root Designated Root Priority Root Bridge Forward Delay Root Bridge Hello Time Root Bridge Max Age U S E R G U I D E : YES : YES, 9,10,11,12,13,14,15,16 : Normal STP : 80:00:00:20:06:25:ed:80 : 32768 : 15 : 2 : 20 : 0 : 0 : 80:00:00:20:06:25
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Priority: specifies the switch (bridge) priority value. This value is used along with the switch MAC address to determine which switch in the network is the root device. Lower values mean higher priority. Value ranges from 0 to 65535. Default value is 32768 Cost: A path cost is assigned to individual ports for the switch to determine which ports are the forwarding points.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E STP Port Configuration -----------------------------------------------------------------------------------------------------------------------Port# Type Priority Path Cost State Des. Bridge Des.
M A G N U M 14 15 16 6 K S W I T C H E S , TP(10/100) 128 TP(10/100) 128 TP(10/100) 128 M N S - 6 K 100 100 100 U S E R G U I D E Disabled Disabled Disabled 80:00:00:20:06:25:ed:80 80:00:00:20:06:25:ed:80 80:00:00:20:06:25:ed:80 80:0e 80:0f 80:10 Magnum6K25(stp)## priority value=15535 Successfully set the bridge priority Magnum6K25(stp)## show stp config STP CONFIGURATION ----------------Spanning Tree Enabled(Global) Spanning Tree Enabled(Ports) Protocol Bridge ID Bridge Priority Bridge Forward
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Setting cost for STP...Successfully set the path cost for port 13 Magnum6K25(stp)## show stp ports STP Port Configuration -----------------------------------------------------------------------------------------------------------------------Port# Type Priority Path Cost State Des. Bridge Des.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Magnum6K25(stp)## show stp config STP CONFIGURATION ----------------Spanning Tree Enabled(Global) Spanning Tree Enabled(Ports) Protocol Bridge ID Bridge Priority Bridge Forward Delay Bridge Hello Time Bridge Max Age Root Port Root Path Cost Designated Root Designated Root Priority Root Bridge Forward Delay Root Bridge Hello Time Root Bridge Max Age : YES : YES, 9,10,11,12,13,14,15,16 : Normal STP : 80:00:00:20:06:25:ed:80 : 15535 : 15 :
M A G N U M 6 K S W I T C H E S , M N S - 6 K RSTP CONFIGURATION ----------------Rapid STP/STP Enabled(Global) U S E R G U I D E : NO Magnum6K25(stp)## FIGURE 86 – Configuring STP parameters List of commands in this chapter Syntax show stp - regardless of whether STP is enabled or disabled (default) this command lists the switch’s full STP configuration, including general settings and port settings Syntax stp – STP Configuration mode Syntax stp - Start (Enable) or
13 Chapter 13 – Rapid Spanning Tree Protocol (RSTP) Create and manage alternate paths to the network R apid Spanning Tree Protocol (RTSP), like STP, was designed to avoid loops in an Ethernet network. Rapid Spanning Tree Protocol (RSTP) (IEEE 802.1w) is an evolution of the Spanning Tree Protocol (STP) (802.1d standard) and provides for faster spanning tree convergence after a topology change. j RSTP concepts The IEEE 802.
M A G N U M 6 K • • • S W I T C H E S , M N S - 6 K U S E R G U I D E STP relays configuration messages received on the root port going out of its designated ports. If an STP switch (bridge) fails to receive a message from its neighbor it cannot be sure where along the path to the root a failure occurred. RSTP switches (bridges) generate their own configuration messages, even if they fail to receive one from the root bridge.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Even though RSTP interoperates with STP, RSTP is so much more efficient at establishing the network path and the network convergence in case of a failure is very fast. For this reason, GarrettCom recommends that all your network devices be updated to support RSTP. RSTP offers convergence times typically of less than one second.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Syntax rstp - enable RSTP – by default, this is disabled and has to be manually activated Syntax port port= [status=] [migration=] [edge=] [p2p=] Example port port= p2p= off - Set the “point-to-point” value to off on all ports that are connected to shared LAN segments (i.e. connections to hubs). The default value is auto.
M A G N U M 6 K S W I T C H E S , RSTP CONFIGURATION ----------------Rapid STP/STP Enabled(Global) RSTP/STP Enabled Ports Protocol Bridge ID Bridge Priority Bridge Forward Delay Bridge Hello Time Bridge Max Age Root Port Root Path Cost Designated Root Designated Root Priority Root Bridge Forward Delay Root Bridge Hello Time Root Bridge Max Age Topology Change count Time Since topology Chg M N S - 6 K U S E R G U I D E : YES : 9,10,11,12,13,14,15,16 : Normal RSTP : 00:00:00:20:06:25:ed:89 :0 : 15 : 02
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Root Path Cost: a path cost is assigned to individual ports for the switch to determine which ports are the forwarding points. A higher cost means more loops; a lower cost means fewer loops. More loops equal more traffic and a tree which takes a long time to converge – resulting in a slower system Designated Root: shows the MAC address of the bridge in the network elected or designated as the root bridge.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Port#: indicates the port number. Value ranges from 01 to max number of ports in the switch Type: indicates the type of port – TP indicates Twisted Pair Priority: STP uses this to determine which ports are used for forwarding. Lower the number means higher priority. Value ranges from 0 to 255. Default is 128 Path Cost: This is the assigned port cost value used for the switch to determine the forwarding points.
M A G N U M 6 K S W I T C H E S , 06 TP(10/100) 07 TP(10/100) 08 TP(10/100) 09 Gigabit 10 Gigabit Magnum6K25# 128 128 128 128 128 200000 200000 2000000 20000 20000 M N S - 6 K U S E R Forwarding Discarding Disabled Forwarding Forwarding G U I D E 80:00:00:20:06:30:00:01 80:00:00:20:06:2b:0f:e1 80:00:00:20:06:2b:0f:e1 80:00:00:20:06:30:00:01 00:06 00:07 00:08 00:09 00:0a FIGURE 90 – RSTP information from a network with multiple switches.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Status: Enables or disables a port from participating in STP discovery. It’s best to only allow trunk ports to participate in STP. End stations need not participate in STP process. Forward-Delay: indicates the time duration the switch will wait from listening to learning states and from learning to forwarding states. The value ranges from 4 to 30 seconds.
M A G N U M 6 K S W I T C H E S , Root Port Root Path Cost Designated Root Designated Root Priority Root Bridge Forward Delay Root Bridge Hello Time Root Bridge Max Age Topology Change count Time Since topology Chg M N S - 6 K U S E R G U I D E :0 :0 : 00:00:00:20:06:25:ed:89 :0 : 15 : 02 : 20 :0 : 33 Magnum6K25(rstp)## show rstp ports RSTP Port Configuration ------------------------------------------------------------------------------------------------------------------Port# Type Priority Path Cos
M A G N U M 6 K S W I T C H E S , M N S - 6 K Root Bridge Max Age Topology Change count Time Since topology Chg U S E R G U I D E : 20 :0 : 100 Magnum6K25(rstp)## forceversion rstp Using forceversion the switch is now operating using RSTP. Note the “show stp config” command also indicates the switch protocol is RSTP.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Magnum6K25(rstp)## priority port=13 value=100 Magnum6K25(rstp)## show rstp ports RSTP Port Configuration ----------------------------------------------------------------------------------------------------------------Port# Type Priority Path Cost State Des. Bridge Des.
M A G N U M 16 6 K S W I T C H E S , TP(10/100) 128 2000000 M N S - 6 K U S E R G U I D E Disabled 00:10 Magnum6K25(rstp)## port port=9 status=enable Magnum6K25(rstp)## show rstp ports RSTP Port Configuration -----------------------------------------------------------------------------------------------------------------Port# Type Priority Path Cost State Des. Bridge Des.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E List of commands in this chapter Syntax set stp type= - Set the switch to support RSTP or change it back to STP.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Syntax timers forward-delay=<4-30> hello=<1-10> age=<6-160> - change the STP Forward delay, Hello timer and Aging timer values 173
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E 14 Chapter 14 – S-Ring™ and Link-Loss-Learn™ (LLL) Speed up recovery from faults in Ethernet networks S -Ring uses ring topology to provide fast recovery from faults. These are based on industry standard STP technologies. These technologies have been adapted to ring recovery applications by GarrettCom Inc. and these rings are called S-Ring.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E S-Ring and LLL concepts S-Ring is built upon networking software standards such as IEEE 802.1d Spanning Tree Protocol (STP) or Rapid Spanning Tree Protocol (RSTP) based on IEEE 802.1w. The purpose of S-Ring is to define two ports which participate in the RSTP/STP tree structure in a ring topology as opposed to a meshed topology. S-Ring running on the ring manager switch leverages this capability to recover quickly from fault situations.
M A G N U M 3. 4. 5. 6. 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E There can be multiple S-Rings on a given Magnum 6K switch. There can be multiple ring topologies in a network. Each ring has to be a separate ring. Ring of rings or overlapping rings are not supported at this time S-Ring topologies support one failure in the network.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E S-Ring with LLL RSTP STP Resiliency Fast recovery from a single point of failure. Ring Master is responsible for decision making Software Cost Licensed per ring Multiple points of failure – each connected node can be in stand-by Included in MNS-6K Hardware cost One Managed 6K per ring.
M A G N U M 6 K S W I T C H E S , ff Tra M N S - 6 K U S E R G U I D E ic DU Forwarding BP Port Blocking Port FIGURE 92 – Normal RSTP/STP operations in a series of switches. Note – this normal status is designated RING_CLOSED This normal status is designated as RING_CLOSED. Operations will continue this way indefinitely until a fault occurs. A fault anywhere in the ring will interrupt the flow of standard RSTP/STP status-checking BPDU packets, and will signal to RSTP/STP that a fault has occurred.
M N S - 6 K ffic a r T DU BP Forwarding Port U S E R G U I D E c S W I T C H E S , Traffi 6 K U BPD M A G N U M Forwarding Port X FIGURE 93 – A fault in the ring interrupts traffic.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Ring 1 Ring 2 FIGURE 94 – More than one S-Ring pair can be selected and more than one S-Ring can be defined per switch. Note – the mP62 as well as the ES42 switches support LLL and can participate in S-Ring as an access switch More than one S-Ring port-pair may be selected per ring control switch. Each port-pair will have its own separate attached ring, and each port-pair operates on faults independently.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E When the fault is cured, the re-emergence of the ring structure enables the BPDU packets to flow again between the ring’s port-pair. This is recognized by S-Ring (and RSTP/STP), and one of the ports in the ring’s port pair is changed to the blocking state. S-Ring takes the recovery action immediately, not waiting for the 30-second STP analysis. Rings are simple structures. Either one port of a pair is forwarding or both are.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E please contact GarrettCom Inc. Sales (for purchasing the S-Ring feature) or Technical Support (to obtain the 12 character key.) If the S-Ring capability was purchased along with the switch, the software license code will be included with the switch. Syntax authorize key= - activate the S-Ring capabilities.
M A G N U M • • 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Same Duplex and LLL - enable The necessary commands are Syntax stp – STP Configuration mode Syntax stp - Start (Enable) or stop (Disable) STP Syntax set stp type= - set the spanning tree protocol to be IEEE 802.1d or 802.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Ports 1 and 7 Configured for sRing Operation Magnum6K25# show s-ring Magnum Ring Status: sRing Status: ENABLED Port 1 Port 2 Status 1 7 CLOSED FIGURE 96 – S-Ring configuration commands for root switch If the BPDU stream is broken, or it finds the Link-Loss-Learn signal, the system will immediately force STP to put both ports in forwarding mode.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Link-Loss-Learn Enabled. Magnum6K25(stp)## lll add port=1,2,3 Added Ports: 1,2,3 Magnum6K25(stp)##show lll Link-Loss-Learn Status: LLL Status: ENABLED LLL Enabled on Ports: 1,2,3 Magnum6K25(stp)## lll del port=2,3 Deleted Ports: 2,3 Magnum6K25(stp)## lll disable Link-Loss-Learn Disabled. FIGURE 97 – Link Loss Learn (LLL) setup.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Syntax lll add port= - enable LLL on the list of specified ports Syntax lll del port= - disable LLL on the list of specified ports Syntax show lll – display the status of LLL Syntax rstp – STP Configuration mode Syntax rstp - Start (Enable) or stop (Disable) STP Syntax set stp type= - set the spanning tree protocol to be IEEE 802.1d or 802.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E 15 Chapter 15 – Dual-Homing Fault tolerance options for edge devices D esigning and implementing high-availability Ethernet LAN topologies in networks can be challenging. Traditionally, the choices for redundancy for edge of the network devices were too limited, too expensive, and too complicated to be considered in most networks. Redundancy at the edge of the network is greatly simplified by the using dual-homing. .
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E = Active link = Standby Link FIGURE 98 – Dual-homing using ESD42 switch and Magnum 6K family of switches.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E switches upstream. With MNS-6K, the user has to define the set of ports which make up the dual-home ports.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Dual-Homing Modes There are two modes in which the dual-homing works. The first one is where the ports are “equivalent” i.e. if one port fails, the other one take over, however, if the first (failed) port recovers, the active port does not switch back. The second mode of operation is primary-secondary mode. In this mode of operation, the primary port is explicitly defined and the secondary port is explicitly defined.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Magnum6K25# dualhome ? dualhome : Configures Dual homing Usage dualhome Magnum6K25# show dualhome Dual Homing Status : DISABLED Magnum6K25# dualhome Magnum6K25(dualhome)## dualhome add port1=10 port2=11 Dual Homing Ports configured Magnum6K25(dualhome)## dualhome enable Dual Homing Enabled.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E List of commands in this chapter Syntax dualhome – enter the dual-homing configuration sub-system Syntax dualhome – enable or disable dual-homing Syntax dualhome add port1= port2= – dual-homing setup similar to that of unmanaged switches such as ESD42 OR Syntax dualhome add primary= secondary= – dual-homing setup as primary-secondary mode Syntax dualhome del – Delete the dual-homing setup Synt
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E 16 Chapter 16 – Link Aggregation Control Protocol (LACP) Increase Network throughput and reliability L ink aggregation Link Aggregation Control Protocol (LACP) is part of an IEEE specification (IEEE 802.3ad) that allows several physical ports to be grouped or bundled together to form a single logical channel. This increases the throughput across two devices and provides improved reliability. j LACP concepts The IEEE802.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E The performance is improved because the capacity of an aggregated link is higher than each individual link alone. 10Mbps or 10/100Mbps or 100Mbps ports can be grouped together to form one logical link. Instead of adding new hardware to increase speed on a trunk – one can now use LACP to incrementally increase the throughput in the network, preventing or deferring hardware upgrades.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E FIGURE 102 – Some valid LACP configurations. Should trunks be created so as to span multiple ports, a “trunk mismatch” error message is printed on the console. An example of an incorrect configuration is shown below. Switch 1 Switch 2 FIGURE 103 – an incorrect LACP connection scheme for Magnum 6K family of switches. All LACP trunk ports must be on the same module and cannot span different modules.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E between the switches and hence the LACPDU cannot be transmitted. This configuration will not work in the LACP mode. Switch 1 VLAN 10 Switch 2 VLAN 20 FIGURE 105 - In the figure above, there is no common VLAN between the two sets of ports, so packets from one VLAN to another cannot be forwarded. There should be at least one VLAN common between the two switches and the LACP port groups.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E FIGURE 106 – This configuration is similar to the previous configuration, except there is a common VLAN (VLAN 1) between the two sets of LACP ports. This is a valid configuration. Switch 1 Switch 2 Switch 3 FIGURE 107 – In the architecture above, using RSTP and LACP allows multiple switches to be configured together in a meshed redundant link architecture. First define the RSTP configuration on the switches. Then define the LACP ports.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Switch 1 Switch 2 LK/ AC T 5 6 1 0/ 10 0 5 6 P ORT 4 3 2 1 PW R 10 OR F 100 OR A LK / ACT Switch 3 P O RT 42 d ch 10/ 100 12 VDC 1 AM P 1 um E H a r d e n Se Edg e S w it 10/ 100 Ma gn 2 3 4 D Dual-Homed Edge Switch FIGURE 108 – LACP, along with RSTP/STP brings redundancy to the network core or backbone.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E S-Ring 1 S-Ring 2 FIGURE 109 – This architecture is not recommended LACP can be used for creating a reliable network between two facilities connected via a wireless bridge. As shown in the figure below, four trunk ports are connected to four wireless bridge pairs. This increases the effective throughput of the wireless connections and also increases the reliability.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Facility 1 A A A A A A A A Facility 2 FIGURE 110 – Creating a reliable infrastructure using wireless bridges (between two facilities) and LACP. “A” indicates a Wi-Fi wireless Bridge or other wireless Bridges.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E the lowest priority value has the highest priority and is designated as the primary port. If traffic analysis is required, it is recommended to mirror the primary port (and physically disconnect the other ports if all traffic needs to be captured). If multiple ports have the same priority, the first port physically connected becomes the primary port.
M A G N U M 15 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E 32768 Link Down Magnum6K25(lacp)## add port=12 Port(s) added successfully.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E The output of the LACP command in the network shown below Switch 1 Switch 2 Switch 3 FIGURE 112 – The network for the ‘show lacp’ command listed below In the figure shown above, Switch 1 has ports 11 and 15 forming the first trunk, connecting to Switch 3. Switch 1 also has ports 17 and 23 forming the second trunk on Switch 2. The ‘show lacp’ command was executed on Switch 1.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E ===================== 17 32768 Primary Port 23 32768 Member Port FIGURE 113 – LACP information over a network List of commands in this chapter Syntax lacp - enable the LACP configuration module within CLI Syntax lacp - enable or disable LACP Syntax add port= [priority=<0-65535>] – add the specified list of ports to form the logical LACP trunk. Default value for priority is 32768.
17 Chapter 17 – Quality of Service Prioritize traffic in a network Q uality of Service (QoS) refers to the capability of a network to provide different priorities to different types of traffic. Not all traffic in the network has the same priority. Being able to differentiate different types of traffic and allowing this traffic to accelerate through the network improves the overall performance of the network and provides the necessary quality of service demanded by different users and devices.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E the packet into one of the two queues, and depending on the precedence levels the queue could be rearranged to meet the QoS requirements. QoS refers to the level of preferential treatment a packet receives when it is being sent through a network. QoS allows time sensitive packets such as voice and video, to be given priority over time insensitive packets such as data.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E IP Precedence IP Precedence utilizes the three precedence bits in the IPv4 header's Type of Service (ToS) field to specify class of service for each packet. You can partition traffic in up to eight classes of service using IP precedence. The queuing technologies throughout the network can then use this signal to provide the appropriate expedited handling.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Not all packets received on a port have high priority. IGMP and BPDU packets have high priority by default. The Magnum 6K family of switches has the capability to set the priorities based on three different functions. They are Port QoS: assigns a high priority to all packets received on a port, regardless of the type of packet.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Syntax set-weight weight=<0-7> - sets the port priority weight for All the ports. Once the weight is set, all the ports will be the same weight across the switch. The valid value for weight is 0-7. A weight is a number calculated from the IP precedence setting for a packet.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Syntax show qos [type=] [port=] – displays the QoS settings Sometimes it is necessary to change the priority of the packets going out of a switch. For example, when a packet is received untagged and has to be transmitted with an addition of the 802.1p priority tag, the tag can be assigned depending on the untag value set.
M A G N U M 10 11 13 14 15 | | | | | 6 K S W I T C H E S , Port None None None None | | | | | M N S - 6 K U S E R G U I D E DOWN DOWN DOWN DOWN DOWN Magnum6K25(qos)## show qos type=port ================================ PORT | PRIORITY | STATUS ================================ 1 | None | UP 2 | None | DOWN 3 | None | DOWN 5 | None | DOWN 6 | HIGH | DOWN 7 | None | DOWN 9 | None | DOWN 10 | HIGH | DOWN 11 | None | DOWN 13 | None | DOWN 14 | None | DOWN 15 | None | DOWN Magnum6K25(qos)## setqos port
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Magnum6K25(qos)## show qos type=tag ======================================== PORT | Pri for VPT | STATUS | 76543210 | ======================================== 1 | -------| UP 2 | -------| DOWN 3 | -------| DOWN 5 | -------| DOWN 6 | -------| DOWN 7 | -------| DOWN 9 | -------| DOWN 10 | -------| DOWN 11 | LHLLLLLL | DOWN 13 | -------| DOWN 14 | -------| DOWN 15 | -------| DOWN Magnum6K25(qos)## setqos port=13 priority=high type=tag tag=5
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Magnum6K25(qos)## show qos ======================================== PORT | QOS | STATUS ======================================== 1 | None | UP 2 | None | DOWN 3 | None | DOWN 5 | None | DOWN 6 | Port | DOWN 7 | None | DOWN 9 | None | DOWN 10 | Port | DOWN 11 | Tag | DOWN 13 | Tag | DOWN 14 | None | DOWN 15 | None | DOWN FIGURE 117 – QoS configuration and setup List of commands in this chapter Syntax qos – enter the QoS configuration mod
18 Chapter 18 – IGMP Multicast traffic on a network I nternet Group Management Protocol (IGMP) is defined in RFC 1112 as the standard for IP multicasting in the Internet. It is used to establish host memberships in particular multicast groups on a single network. The mechanisms of the protocol allows a host to inform its local router, using Host Membership Reports that it wants to receive messages addressed to a specific multicast group.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E The creation of transient groups and the maintenance of group membership information is the responsibility of "multicast agents", entities that reside in internet gateways or other specialpurpose hosts. There is at least one multicast agent directly attached to every IP network or subnetwork that supports IP multicasting.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E FIGURE 118 – IGMP concepts – advantages of using IGMP • • • PCs 1 and 4, switch 2, and all of the routers are members of an IP multicast group. (The routers operate as queriers.) Switch 1 ignores IGMP traffic and does not distinguish between IP multicast group members and non-members. Thus, it is sending large amounts of unwanted multicast traffic out the ports to PCs 2 and 3.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E The next figure (below) shows a network running IP multicasting using IGMP without a multicast router. In this case, the IGMP-configured switch runs as a querier. PCs 2, 5, and 6 are members of the same IP multicast group. IGMP is configured on switches 3 and 4. Either of these switches can operate as querier because a multicast router is not present on the network.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E groups in the IP address range of 224.0.0.0 to 224.0.0.255 will always be flooded because addresses in this range are “well known” or “reserved” addresses. Thus, if IP Multicast is enabled and there is an IP multicast group within the reserved address range, traffic to that group will be flooded instead of filtered by the switch. IGMP Support - Magnum 6K family of switches support IGMP version 1 and version 2.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E traffic only goes to the ports requesting the traffic. The Magnum 6K family of switches, using IGMP-L2, can perform the similar tasks a Layer 3 device performs for IGMP. For a Layer 2 IGMP environment, all Magnum 6K family of switches have to be enabled in the IGMP-L2. This is done using the CLI command 'set igmp mode=l2' which will be described later.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E With IGMP-L2 enabled on all Magnum 6K family of switches, this situation as shown above is prevented. This is explained in the figure below. R1 R2 L2 Mode T1 L2 Mode L2 Mode T2 L2 Mode R3 R6 R4 R5 FIGURE 121 - Using IGMP-L2 on Magnum 6K family of switches, a Layer 2 network can minimize multicast traffic as shown above. Each switch has the IGMPL2 turned on. Each switch can exchange the IGMP query message and respond properly.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Since the query and the join information is exchanged between the neighboring switches, the topology does not matter. The design issue to consider is the timing difference between a topology recovery and IGMP refresh (recovery). GarrettCom Magnum 6K family of switches, connected in an S-Ring topology recovers very rapidly (sub-second recovery).
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E group del ip= - delete ports from a specific IGMP broadcast group Magnum6K25# igmp Magnum6K25(igmp)## igmp enable IGMP is enabled Magnum6K25(igmp)## show igmp IGMP State ImmediateLeave Querier Querier Interval Querier Response Interval Multicasting unknown streams : Enabled : Disabled : Enabled : 125 : 10 : Enabled Magnum6K25(igmp)## mcast disable MCAST is disabled Magnum6K25(igmp)## show igmp IGMP State ImmediateLeave Quer
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E The output of “show igmp” provide useful information. The following information is provided: IGMP State shows if IGMP is turned on (Enable) or off (Disable). Immediate Leave provides a mechanism for a particular host that wants to leave a multicast group. It disables the port (where the leave message is received) ability to transmit multicast traffic. Querier shows where the switch is acting a querier or a non-querier.
M A G N U M • • • 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Auto – lets IGMP control whether the port should or should not participate sending multicast traffic Block – manually configures the port to always block multicast traffic Forward – manually configures the port to always forward multicast traffic To set the port characteristics, use the set-port in the IGMP configuration command mode Syntax set-port port=< port|list|range> mode= - set the port characteristics.
M A G N U M 6 K S W I T C H E S , 10 11 12 13 14 15 16 M N S - 6 K U S E R Forwarding Forwarding Forwarding Auto Blocking Blocking Blocking Magnum6K25(igmp)## igmp enable IGMP is enabled Magnum6K25(igmp)## show-router RouterIp PortNo Timer -------------------------------------10.21.1.
M A G N U M 6 K S W I T C H E S , M N S - 6 K Querier Response Interval U S E R G U I D E : 10 Magnum6K25(igmp)## set-querier disable IGMP querier status is disabled Magnum6K25(igmp)## show igmp IGMP State ImmediateLeave Querier Querier Interval Querier Response Interval : Enabled : Disabled : Disabled : 125 : 10 Magnum6K25(igmp)## set-qi interval=127 Query interval successfully set Magnum6K25(igmp)## show igmp IGMP State ImmediateLeave Querier Querier Interval Querier Response Interval : Enabled
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E GroupIp PortNo Timer Vlanid LeavePending -----------------------------------------------------------------------------0.0.0.0 1 155 1 0 239.0.1.10 10 STATIC 0 0 239.0.1.10 11 STATIC 0 0 239.0.1.10 12 STATIC 0 0 239.0.10.10 10 STATIC 0 0 239.0.10.10 11 STATIC 0 0 239.0.10.10 12 STATIC 0 0 239.0.10.10 13 STATIC 0 0 239.0.10.10 14 STATIC 0 0 239.0.10.10 15 STATIC 0 0 Magnum6K25(igmp)## group del ip=239.0.10.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Magnum6K25(igmp)## mode normal IGMP set to Normal Mode. Magnum6K25(igmp)## exit Magnum6K25# FIGURE 126 - Setting IGMP-L2 List of commands in this chapter Syntax igmp – IGMP configuration mode Syntax igmp - enable or disable IGMP on the switch Syntax show igmp – IGMP operation status Syntax mcast - enable or disable unknown multicast streams.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E group address, 224.0.0.1. The default value is 125 seconds. The valid range can be from 60 to 127 seconds. Syntax set-qri interval= - The query response interval is the maximum amount of time that can elapse between when the querier router sends a host-query message and when it receives a response from a host. The Default value is 10 seconds. The Range can be from 2 to 270 seconds.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E 19 Chapter 19 – GVRP Generic Attribute Registration Protocol (GARP) VLAN Registration Protocol (GVRP) G j eneric Attribute Registration Protocol (GARP) and VLAN registration over GARP is called GVRP. GVRP is defined in the IEEE 802.1q and GARP in the IEEE 802.1p standards. In order to utilize the capabilities of GVRP, GarrettCom Inc. strongly recommends that the user is familiar with the concepts and capabilities of IEEE 802.1q.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E the default VLAN set to untagged and configure other static VLANs on the ports as either “Tagged or Forbid”. (“Forbid” is discussed later in this chapter.) GVRP Operations A GVRP-enabled port with a Tagged or Untagged static VLAN sends advertisements (BPDUs, or Bridge Protocol Data Units) advertising the VLAN identification (VID). Another GVRP-aware port receiving the advertisements over a link can dynamically join the advertised VLAN.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E If a static VLAN is configured on at least one port of a switch, and that port has established a link with another device, then all other ports of that switch will send advertisements for that VLAN. In the figure below, tagged VLAN ports on switch “A” and switch “C” advertise VLANs 22 and 33 to ports on other GVRP-enabled switches that can dynamically join the VLANs.
M A G N U M • • • • 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E If there is no static VLAN with the advertised VID on the receiving port, then dynamically create a VLAN with the same VID as in the advertisement, and allow that VLAN’s traffic If the switch already has a static VLAN with the same VID as in the advertisement, and the port is configured to learn for that VLAN, then the port will dynamically join the VLAN and allow that VLAN’s traffic.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E ============================================ VLAN ID | NAME | VLAN STATUS ============================================ 1 | Default VLAN | Static Active 2 | Blue | Static Active 10 | dyn10 | Dynamic Active Magnum6K25(gvrp)## FIGURE 130 – Command to check for dynamically assigned VLANs Note that port 10 must be enabled and configured to learn for it to be assigned to the dynamic VLAN.
M A G N U M 6 K configuration Learn S W I T C H E S , M N S - 6 K U S E R G U I D E Generate advertisements.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Syntax show gvrp - shows whether GVRP is disabled, along with the current settings for the maximum number of VLANs and the current Primary VLAN Syntax gvrp - enable or disable GVRP Syntax show-vlan – list all the VLANs (including dynamic VLANs) on the switch Syntax set-ports port= state= - set the state of the port to learn, block or disable for GVRP.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Magnum6K25(gvrp)## set-forbid vlan=2 forbid=11-15 Magnum6K25(gvrp)## show-forbid ============================================ VLAN ID | FORBIDDEN PORTS ============================================ 1 | None 2 | 11, 12, 13, 14, 15 FIGURE 133 – GVRP configuration example GVRP Operations Notes A dynamic VLAN must be converted to a static VLAN before it can have an IP address.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E List of commands in this chapter Syntax show gvrp - shows whether GVRP is disabled, along with the current settings for the maximum number of VLANs and the current Primary VLAN Syntax gvrp - enable or disable GVRP Syntax show-vlan – list all the VLANs (including dynamic VLANs) on the switch Syntax set-ports port= state= - set the state of the port to learn, block or disable for GVRP.
20 Chapter 20 – SNMP Managing your network using SNMP S imple Network Management Protocol (SNMP) enables management of the network. There are many software packages which provide a graphical interface and a graphical view of the network and its devices. The graphical interface and view would not be possible without SNMP. SNMP is thus the building block for network management.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Simple Network Management Protocol Version 3 (SNMPv3) – The third version of SNMP, the enhancements made to secure access, different levels of access and security. SNMP engine – A copy of SNMP that can either reside on the local or remote device SNMP group – A collection of SNMP users that belong to a common SNMP list that defines an access policy, in which object identification numbers (OIDs) are both read-accessible and writeaccessible.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Notification host – An SNMP entity to which notifications (traps and informs) are to be sent Notify view – A view name (not to exceed 64 characters) for each group that defines the list of notifications that can be sent to each user in the group Privacy – An encrypted state of the contents of an SNMP packet where they are prevented from being disclosed on a network.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E RMON MIB (RFC 1757) RMON: groups 1, 2, 3, and 9 (Statistics, Events, Alarms, and History) Version 1 traps (Warm Start, Cold Start, Link Up, Link Down, Authentication Failure, Rising Alarm, Falling Alarm) RFC 1901-1908 – SNMPv2 • RFC 1901, Introduction to Community-Based SNMPv2. SNMPv2 Working Group • RFC 1902, Structure of Management Information for Version 2 of the Simple Network Management Protocol (SNMPv2).
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Syntax community [write=] [read=] [trap=] – set the necessary community strings Syntax authtraps - enables or disables authentication traps generation Syntax traps type= ip= - add v1 traps as well as define the trap receiver Syntax show snmp – displays the SNMP configuration inform
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Syntax com2sec id= [secname=] [source=] [community=] - a part of the View based Access control model (VACM) as defined in RFC 2275. This specifies the mapping from a source/community pair to a security name.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E SNMP MANAGERS INFO -----------------SNMP TRAP STATIONS INFO ----------------------Magnum6K25# snmp Magnum6K25(snmp)## community write=private read=public SNMP Read community name successfully set SNMP Write community name successfully set Magnum6K25(snmp)## show snmp SNMP CONFIGURATION INFORMATION -----------------------------SNMP Get Community Name : public SNMP Set Community Name : private SNMP Trap Community Name : public AuthenTrapsEn
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E SNMP TRAP STATIONS INFO ----------------------Magnum6K25(snmp)## traps add type=Snmp,Rmon ip=192.168.1.2 Successfully Added.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E 6K SNMP Agent supports all (v1/v2c/v3) versions. Magnum6K25# show snmp SNMP v3 Configuration Information ============================= System Name : Magnum6K25 System Location : Fremont, CA System Contact : support@garrettcom.com Authentication Trap : Disabled Default Trap Comm.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Magnum6K25(snmpv3)## show-trap ID Trap Type Host IP Community Port ================================================================ 1 v1 10.21.1.100 --2 ----3 ----4 ----5 ----Magnum6K25(snmpv3)## show-trap id=1 Trap ID Trap Type Host IP Community Auth. Type :1 : v1 : 10.21.1.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Magnum6K25(snmpv3)## group add id=1 groupname=v1 model=v1 com2secid=1 Entry is added successfully Magnum6K25(snmpv3)## show-group ID Group Name Sec.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Magnum6K25(snmpv3)## access add id=1 accessname=v1 model=v1 level=noauth read=1 writ e=none notify=none Entry is added successfully Magnum6K25(snmpv3)## show-access ID View Name Model Level R/View W/View N/View Context Prefix ============================================================== 1 v1 v1 noauth 1 none none "" exact 2 --------3 --------4 --------5 --------6 --------7 --------8 --------9 --------10 --------Magnum6K25(snmpv3)## show-
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Magnum6K25(snmpv3)## show-user id=1 User ID User Name User Type Auth. Pass Priv. Pass Auth. Type Auth. Level Subtree :1 : jsmith : read-write something : : MD5 : auth : Magnum6K25(snmpv3)## exit Magnum6K25# show snmp SNMPv3 Configuration Information ================================== System Name System Location System Contact Authentication Trap Default Trap Comm. V3 Engine ID : Magnum6K25 : Fremont, CA : support@garrettcom.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E The following RMON communities, when defined, enable the specific RMON group as show above.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Syntax snmpv3 – enter the SNMP V3 configuration mode – note enable SNMP V3 by using the “set snmp” command which follows Syntax show active-snmp – shows the version of SNMP currently in use Syntax community [write=] [read=] [trap=] – set the necessary community strings Syntax authtraps - enables or disables authentication traps generation Syntax traps type=
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Syntax trap id= [type=] [host=] [community=] [port=<1-65534>] - define the trap and inform manager stations. The station can receive v1, v2 traps and/or inform notifications. An inform notification is an acknowledgments that a trap has been received. A user can add up to 5 stations.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Syntax statistics def-owner= def-comm=- define the RMON statistics group and the community string associated with the group Syntax alarm def-owner= def-comm= - define the RMON alarm group and the community string associated with the group Syntax event def-owner= def-comm= - define the RMON event group and the community string associated with the group Syntax show rmon
21 Chapter 21 – Miscellaneous Commands Improving productivity and manageability T here are several features built into the Magnum 6K family of switches which help with the overall productivity and manageability of the switch. These items are examined individually in this chapter. Alarm Relays In a wiring closet, it would be helpful if there was a visual indication for faults on components on the network. Normally, these would be performed by LED’s.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Event ID Event Description Signal Type 1 S-RING OPEN SUSTAINED 2 Cold Start MOMENTARY 3 Warm Start MOMENTARY 4 Link Up MOMENTARY 5 Link Down MOMENTARY 6 Authentication Failure MOMENTARY 7 RMON Rising Alarm 9 MOMENTARY 8 RMON Falling Alarm MOMENTARY 9 Intruder Alarm MOMENTARY 10 Link Loss Learn Triggered MOMENTARY 11 Broadcast Storm Detected MOMENTARY 12 STP/RSTP Reconfigured MOMENTARY FIGURE 136 – Pr
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Syntax period time=<1..10> - sets the duration of relay action for the momentary type signal. This may be needed to adjust to the behavior of the circuit or relay. Default is 3 seconds.
M A G N U M 6 K S W I T C H E S , M N S - 6 K 6 Authentication Failure 7 RMON Raising Alarm 8 RMON Falling Alarm 9 Intruder Alarm 10 Link Loss Learn Triggered 11 Broadcast Storm Detected 12 STP/RSTP Reconfigured U S E R G U I D E MOMENTARY MOMENTARY MOMENTARY MOMENTARY MOMENTARY MOMENTARY MOMENTARY Magnum6K25(alarm)## add event=2 Alarm Event(s) Added: 2 Magnum6K25(alarm)## show alarm Alarm Events Configuration -------------------------Alarm Status: DISABLED Relay Closure Time Period: 5 Seconds Event
M A G N U M 6 K S W I T C H E S , M N S - 6 K 9 Intruder Alarm 10 Link Loss Learn Triggered 11 Broadcast Storm Detected 12 STP/RSTP Reconfigured U S E R G U I D E MOMENTARY MOMENTARY MOMENTARY MOMENTARY Magnum6K25(alarm)## alarm disable Alarm system Disabled Magnum6K25(alarm)## del event=1,3,5,7 Alarm Event(s) Deleted: 1, 3, 5, 7 Magnum6K25(alarm)## show alarm Alarm Events Configuration -------------------------Alarm Status: DISABLED Relay Closure Time Period: 5 Seconds EventId Description 1 S-RING
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E sending and receiving emails, it is extremely beneficial for a network administrator to receive emails in case of faults and alerts. The Magnum 6K family of switches can be setup to send an email alert when a trap is generated. If this capability is used, please ensure that SPAM filters and other filters are not set to delete these emails. GarrettCom Inc.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E traps – [optional] this is the trap filter. If value is “all”, all traps of any type will be sent to this recipient. If value is none, no traps are sent to this recipient. Value can also be a combination of ‘S’ (SNMP), ‘R’ (RMON) and ‘E’ (ENTERPRISE). For example, trap=SR means that SNMP and RMON traps will be sent via email to the recipient.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Syntax smtp - enables or disables SMTP to send SNMP alerts by email Magnum6K25# smtp Magnum6K25(smtp)## show smtp config SMTP Global Configuration ======================================== Status : Disabled SMTP Server IP : 67.109.247.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Magnum6K25(smtp)## add id=2 email=jsmith@garrettcom.com traps=S events=CF ip=192.168.10.13 Jsmith will receive Critical and Fatal SNMP traps on a different SMTP server than the other users.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Magnum6K25# FIGURE 138 – setting SMTP to receive SNMP trap information via email Email alerts can be forwarded to be received by other devices such as Cell phones, pagers etc. Most interfaces to SMTP are already provided by the cell phone service provider or the paging service provider. Serial Connectivity When using the serial connectivity with applications such as Hyper terminal etc.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Banner Message The ability to change the banner message is available in MNS-6K-SECURE. It is recommended to change the login message or the banner to a different one so as to deter unauthorized access. Some users may inadvertently connect to the switch. It would be fair top warn them that they have accessed a secure device and it is only appropriate to terminate the connection.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Please disconnect if you are an unauthorized user. Thanks. MOTD Updated. It will be displayed at next login. Magnum6K25# show motd Motd : This is a secure device. Unauthorized access is prohibited. Please disconnect if you are an unauthorized user. Thanks. Magnum6K25# logout Logging out from the current session...[ 'Y' or 'N'] Y Connection to host lost.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Syntax !! – repeat the last command Syntax ! - repeat the “n”th command (as indicated by a show history) Syntax show history – show the last 25 commands executed – if less than 25 commands are executed, only those commands executed are shown If the user logs out or if the switch times out – the history is erased.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Magnum 6K25# set history ? set history : Set History Size Usage set history size=<1-100> Groups: All. Magnum 6K25# set history size=100 History Size is Set Magnum6K25# show history 1 2 3 4 : : : : show version show setup show serial show history Magnum6K25# !1 show version MNS-6K-Secure Ver: 14.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E $$ : $ Character $r : New Line $b : Space A few examples on how the system prompt can be setup is shown below. Magnum6K25# snmp Magnum6K25(snmp)## setvar sysname=Core System variable(s) set successfully Magnum6K25(snmp)## exit Magnum6K25# set prompt $n Core# set prompt $n$b$i Core 192.168.5.5# set prompt $n$b$i$b Core 192.168.5.5 # snmp Core 192.168.5.5 (snmp)## setvar sysname=Magnum6K25 System variable(s) set successfully Core 192.168.5.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E FIGURE 143 – Using the ping command Many devices do not respond to ping or block ping commands. Make sure that the target device does respond or the network does allow the ping packets to propagate through. FTP modes The file transfer protocol or ftp is supported on MNS. MNS supports normal ftp as well as passive ftp. Passive FTP is used by many companies today to work with firewall policies and other security policies set by companies.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E System Events All events occurring on the Magnum 6K family of switches are logged.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E The system events can be sent to a Syslog server using the Syslog capabilities in MNS-6K-SECURE. GarrettCom recommends that this capability should be used to centralize the logs. Magnum6K25# show log S -I I I A I I I I I I A A A DATE -------03-02-2005 01-01-2001 01-01-2001 01-01-2001 01-01-2001 01-01-2001 01-01-2001 03-03-2005 03-03-2005 03-03-2005 03-03-2005 03-03-2005 03-03-2005 TIME -------5:14:43 P.M 12:00:00 A.M 12:00:00 A.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Do you wish to export the event logs? [ 'Y' or 'N'] Y Successfully uploaded the event log file. Magnum6K25# FIGURE 146 – Using exportlog to export the event log information In the table below, the following acronyms are used for Severity: E=Emergency; A=Alert; C=Critical; F=Fail or Error conditions; W=Warning; N=Notice; I=Informational and D=Debug For the alerts, the events per subsystem function are listed below.
M A G N U M Subsystem BRIDGE BRIDGE BRIDGE BRIDGE BRIDGE CLI CLI CLI CLI DEVICE DEVICE DEVICE DEVICE DEVICE DEVICE DEVICE DEVICE DEVICE DEVICE DEVICE DEVICE DEVICE DEVICE DEVICE DEVICE DEVICE DEVICE DEVICE DEVICE DEVICE DEVICE DEVICE PRTMR PRTMR PS PS PS PS PS PS 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Description Unable to delete MAC address from FDB Unable to insert MAC address to FDB Bridge init failed for ethx Bridge enable for ethx failed Bridge MIB init is done Manager login at cons
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Subsystem Description RMON Alarm : internal error , unable to get memory RMON Alarm : internal error, unable to get memory for alarm entry RMON RMON RMON RMON RMON RMON RMON RMON RMON RMON RMON RMON RMON RMON SNMP SNMP SNMP SNMP SNMP SNMP SNMP SNMP SNMP SNMP SNMP SNMP SNMP SNMP SNMP SNMP SNTP SNTP SNTP SNTP SNTP SNTP History : internal error, unable to get memory for history control entry History : internal error, unable to get memory fo
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Subsystem Description TCP/IP Duplicate IP a.b.c.d sent from MAC address XXXXXX TCP/IP Unable to allocate memory for an ICMP packet TCP/IP IP packet from a.b.c.d , with checksum error dropped TCP/IP Bad IP fragments from a.b.c.d dropped TCP/IP UDP checksum error in the received packet a.b.c.d TCP/IP TCP checksum error in the received packet a.b.c.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Magnum6K25# show address-table Sl# MAC Address Port ----------------------------------------------------1 01:00:5e:00:00:fb 0 2 00:0c:f1:b9:d1:dc 3 3 33:33:00:00:00:02 0 4 01:00:0c:cc:cc:cc 0 5 01:00:5e:00:00:16 0 6 00:07:50:ef:31:40 3 7 00:e0:81:52:85:96 3 8 01:40:96:ff:ff:ff 0 9 01:40:96:ff:ff:00 0 10 00:40:96:33:51:81 3 Magnum6K25# FIGURE 148 – Display of the internal switching decision table Where Sl# is the sequential listing form t
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Syntax show smtp - config – displays the current SMTP global settings and recipients displays the currently configured recipients of email alerts Syntax add id=<1-5> email= [traps=] [events=] [ip=] [port=<1-65535>] id – [mandatory] the recipient ID - range from 1 to 5.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E body – [mandatory] email body Syntax server ip= [port=<1-65535>] [retry=<0-3>] – configure the global SMTP server settings ip – [mandatory] SMTP server IP address port – [mandatory] TCP port to be used for SMTP communications – default is 25 retry – [optional] specifies how many times to retry if an error occurs when sending email. Range from 0 to 3. Default is 0.
1 APPENDIX APPENDIX 1 - Command listing by Chapter A rich environment – this Appendix provides a reference to the commands by chapter Chapter 2 – Getting Started Syntax ipconfig [ip=] [mask=] [dgw=] – to set IP address on the switch Syntax save – save changes made to the configuration Syntax reboot – restart the switch – same effect as physically turning off the power Syntax show setup – show setup parameters Syntax show config – show setup parameters configured Syntax e
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Syntax useraccess groups – displays the current groups Syntax help - help for a specific command Syntax command - options for a command Syntax - listing all commands available at the privilege level Syntax - options for a command Syntax - listing commands starting with the character Syntax logout – logout from the CLI session Syntax authorize secu
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E bootcfg= - valid with type=bootp only. This option allows the switch to load the configuration file from the BootP server.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Syntax saveconf mode= [] [file=] – saves the configuration on the network using tftp, ftp or serial protocols Syntax loadconf mode= [] [file=] – loads the previously saved configuration from the network using tftp, ftp or serial protocols Syntax kill config [save=module_name] – resets the system configuration.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Syntax tftp [type=] [host=] [ip=] [file=] – upload and download information using tftp command Where - different tftp operations – get a file from the server or put the information on the server [type=] – optional type field. This is useful to specify whether a log file or host file is uploaded or downloaded.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Syntax show sysconfig – reviews settable system parameters Syntax show time – shows the system time Syntax show timezone – shows the system timezone Syntax show date – shows the system date Syntax show uptime – shows the amount of time the switch has been operational Syntax show config [module=] – displays the configuration Syntax set secrets - sets the system parameter to display or hide the passwords Syntax kill
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Syntax – addlease ip= mac= [leasetime=
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Syntax signal port= - port to monitor and signal to send in case of breach of port security Syntax ps - enable or disable port security Syntax remove mac= port= - remove a MAC address entry Syntax show log [fatal|alert|crit|error|warn|note|info|debug] – display the log Syntax clear log [fatal|alert|crit|error|warn|note|info|debug]– clear th
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Syntax clear show the 802.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E transmit – [optional] This is the transmit period, this is the time in seconds the authenticator waits to transmit another request for identification from the supplicant. Default value is 30.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Chapter 10 – Port mirroring and setup Syntax show port-mirror – display port mirror settings Syntax port-mirror - configure port mirror settings Syntax setport monitor= sniffer= - set port mirror settings Syntax prtmr - enable or disable port mirror settings Syntax device – configure device and port specific settings Syntax setport port= [name=] [sp
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Syntax start vlan= activate the VLAN configuration Syntax save save the configuration (including the VLAN configuration) Syntax edit id= [name=] port= [] - edit existing VLAN name Syntax show vlan [] display specific VLAN information Syntax set-port port= default id= sets the default VLAN id.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Syntax port port= status= - specific ports may not need to participate in STP process. These ports typically would be end-stations.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Syntax priority [port=] value=<0-255 | 0-65535> - specifies the port or switch level priority. When a port(s) are specified the priority is associated with ports and their value is 0255.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Syntax lll del port= - disable LLL on the list of specified ports Syntax show lll – display the status of LLL Syntax rstp – STP Configuration mode Syntax rstp - Start (Enable) or stop (Disable) STP Syntax set stp type= - set the spanning tree protocol to be IEEE 802.1d or 802.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E priority, the higher the priority. The port with the highest priority is the primary port (over which certain types of traffic like IGMP is transmitted) Syntax del port= - delete specified ports from the LACP membership Syntax edit port= [priority=] - edit the membership of the ports specified.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Syntax group add ip= port= vlan= - add ports to a specific IGMP broadcast group del ip= - delete ports from a specific IGMP broadcast group Syntax show-group – shows the multicast groups Syntax set-port port=< port|list|range> mode= - set the port characteristics. Block drops the unregistered multicasts.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Syntax set-forbid vlan= forbid= - sets the forbid GVRP capability on the ports specified Syntax show-forbid – display the ports with GVRP forbid capabilities Chapter 20 – SNMP Syntax snmp – enter the SNMP Configuration mode Syntax snmpv3 – enter the SNMP V3 configuration mode – note enable SNMP V3 by using the “set snmp” command which follows Syntax set snmp type= - define the version of SNMP t
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Syntax authtrap - enables or disables authentication traps generation Syntax show-authtrap - displays the current value of authentication trap status. Syntax deftrap community= - defines the default community string to be used when sending traps.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E to 5 users to be added.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Syntax smtp – configure the SNMP alerts to be sent via email Syntax show smtp - config – displays the current SMTP global settings and recipients displays the currently configured recipients of email alerts Syntax add id=<1-5> email= [traps=] [events=] [ip=] [port=<1-65535>] id – [mandatory] the recipient ID - range from 1 to 5.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E subject – [mandatory] email subject or title body – [mandatory] email body Syntax server ip= [port=<1-65535>] [retry=<0-3>] – configure the global SMTP server settings ip – [mandatory] SMTP server IP address port – [mandatory] TCP port to be used for SMTP communications – default is 25 retry – [optional] specifies how many times to retry if an error occurs when sending email. Range from 0 to 3. Default is 0.
2 APPENDIX APPENDIX 2 - Commands sorted alphabetically Command Description !! ! repeat the last command repeat the “n”th command (as indicated by a show history) options for a command opposite of Up-arrow key listing commands starting with the character listing all commands available at the privilege level every time the key is pressed, the last command is printed on the screen but not executed.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Command Description add port= [priority=<0-65535>] add the specified list of ports to form the logical LACP trunk. Default value for priority is 32768. The lower the value assigned to priority, the higher the priority. The port with the highest priority is the primary port (over which certain types of traffic like IGMP is transmitted). Requires the lacp command (module).
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Command Description clear
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Command Description del event= disables alarm action in response to the specified event ID del port= delete specified ports from the LACP membership. Requires the lacp module. delete the specific id specified. The deleted id no longer receives the traps via email.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Command Description enable engineid string= changing the privilege level Every agent has to have an engineID (name) to be able to respond to SNMPv3 messages. The default engine ID value is “6K_v3Engine”.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Command Description group id= [groupname=] [model=] [com2secid=] a part of the View based Access control model (VACM) as defined in RFC 2275. This command defines the mapping from sec model or a sec name to a group. A sec model is one of v1, v2c, or usm. On MNS-6K, up to 10 entries can be specified add ports to a specific IGMP broadcast.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Command Description lll lll add port= lll del port= loadconf mode= [] [file=] enable or disable LLL on the switch enable LLL on the list of specified ports disable LLL on the list of specified ports loading the previously saved configuration from the network using tftp, ftp or serial protocols logout mcast logout from the CLI sessi
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Command Description port-mirror port-security priority [port=] value=<0-255 | 0-65535> configure port mirror settings configure port security settings specifies the port or switch level priority. When a port(s) are specified the priority is associated with ports and their value is 0-255.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Command Description rmon enter the RMON configuration mode to setup RMON groups and communities rstp rstp enter the RSTP configuration mode enable RSTP – by default, this is disabled and has to be manually activated save saveconf mode= [] [file=] save changes made to the configuration saving the configuration on the network using tftp, ftp or serial protocols sendmail server=
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Command Description set date year=<2001-2035> month=<112> day=<1-31> [format=] sets the date and the format in which the date is displayed set daylight country=< country name> set the daylight saving time set dns [server=] [domain=
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Command Description set stp type= Set the switch to support RSTP or change it back to STP.
M A G N U M 6 K S W I T C H E S , M N S - 6 K Command U S E R G U I D E Description setport port= setting the port characteristic for an 802.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Command Description set-qi interval= The IGMP querier router periodically sends general host-query messages. These messages are sent to ask for group membership information. This is sent to the all-system multicast group address, 224.0.0.1. The default value is 125 seconds. The valid range can be from 60 to 127 seconds. depending on the type of QOS, the corresponding field has to be set.
M A G N U M 6 K S W I T C H E S , M N S - 6 K Command U S E R G U I D E Description set-untag port= The 802.1p user priority assigned to untagged priority= tag=<0-7> received packets to be transmitted as tagged from the priority queue setvar [sysname|syscontact|syslocation]= setvar [sysname|syscontact|syslocation]= set the system name, contact and location information set-weight weight=<0-7> sets the port priority weight for All the ports.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Command Description show address-table displays which mac address is associated with which port for packet switching status whether STP or RSTP is running display the version of SNMP currently in use displays the current status of Alarm system show the 802.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Command Description show host show igmp show ip-access show ipconfig show lacp display the hosts table entries IGMP operation status display all trusted hosts shows the IP parameters set in the switch show lll show log [fatal|alert|crit|error|warn|note|info|d ebug] displays the status and other relevant LACP information display the status of LLL display logs and specific types of logs show motd displays the current message set show
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Command Description show snmp show sntpsrv displays the SNMP configuration information display the status of SNTP server show ssh display ssh setting.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Command Description show-router show-stats port= displays detected IGMP-enabled router ports displays 802.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Command Description snmp snmpv3 enter the SNMP Configuration mode enter the SNMP V3 configuration mode – note enable SNMP V3 by using the “set snmp” command which follows sntp [enable|disable] sntpserver sntpsrv ssh enable or disable the SNTP services enter the SNTP Server configuration mode Start or stop the SNTP Services enable or disable the server.
M A G N U M 6 K S W I T C H E S , M N S - 6 K Command U S E R G U I D E Description start vlan= activate the VLAN configuration static vlan= convert a dynamic VLAN to a static VLAN statistics def-owner= def- define the RMON statistics group and the comm= community string associated with the group stp stp sync [hour=<0-24>] [min=<0-59>] syslog syslog tacplus [ order=] tacserver
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Command Description telnet [port=] timers forward-delay=<4-30> hello=<110> age=<6-160> telnet from the switch.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Command Description user id= [username=] [usertype=] [authpass=] [privpass=] [level=] [subtree=] useraccess user= service= for quickly adding or deleting v3 USM based security, this command adds user entries. MNS6K allows up to 5 users to be added.
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E Intentionally left blank 325
3 APPENDIX APPENDIX 3 - Daylight Savings No time like the present... Daylight Savings Time Magnum6K Switches provide a way to automatically adjust the system clock for Daylight Savings Time (DST) changes.
D A Y L I G H T S A V I N G S T I M E Australia, Belgium, Canada, Chile, Cuba, Egypt, France, Finland, Germany, Greece, Iraq, Italy, London, Namibia, Portugal, Russia, Spain, Sweden, Switzerland, Syria, USA Note – as of Release 3.
4 APPENDIX APPENDIX 4 – Browser Certificates You shouldn't overestimate the I.Q. of crooks — NYT: Stuart A. Baker, General Counsel for the NSA There is no security on this earth. Only opportunity. – Douglas MacArthur Certificates Certificates are means for authenticating the validity of sites, servers or other devices user can connect to for services. These include web servers, print servers, data services and more. Normally, users encounter the certificates when they sign on to web services.
B R O W S E R C E R T I F I C A T E S Using Mozilla Firefox (ver. 3.x) Mozilla Firefox version 3.x ensures that the user validate the certificate before it allows the user to proceed to the site when the address (URL) does not match the information in the self signed certificate. FIGURE 149 – On finding a mismatch between the certificate and the accesses site, Mozilla Firefox pops the window. Note – the site was accessed using the IP address.
B R O W S E R C E R T I F I C A T E S FIGURE 150 – Mozilla Firefox tries to warn the user again about the dangers of sites with improper certificates Once the “Add Exception” button is displayed, make sure you click on it.
B R O W S E R C E R T I F I C A T E S FIGURE 151 – Firefox forces you to get the certificate before it lets you access the site Notice that the browser points out that valid sites such as banks, online web stores, government sites, secure sites etc. will not ask you to do that. Since the GarrettCom MNS6K is a self signed authenticated “site”, it is a good idea to proceed with this step and click on “Get Certificate” as shown above.
B R O W S E R C E R T I F I C A T E S FIGURE 152 – Here, you can view the certificate, permanently make an exception and confirm the exception. The locations to do those are identified in this figure The self signed certificate from GarrettCom is shown in the next figure.
B R O W S E R C E R T I F I C A T E S FIGURE 153 – Self signed certificate from GarrettCom Inc for MNS-6K Once accepted, the user does not need to go through these steps again. Using Internet Explorer (ver 7.x) Internet Explorer version 7.x provides a warning when the certificates do not match. There is no mechanism to create a permanent exception using IE 7. When the exception is pointed out by IE 7, click on Continue as shown below.
B R O W S E R C E R T I F I C A T E S FIGURE 154 – Using IE 7 Using Other Browsers There are many other browsers such as Opera, Safari which are also widely used. There are similar mechanisms built into these browsers to inspect the certificate and create an exception. Please refer to their respective documentation for help.
5 APPENDIX APPENDIX 5 – Updating MNS-6K Software Keep up to date.... The steps required to update the MNS-6K software on your Magnum switch are listed.
U P D A T I N G M N S - 6 K – S T E P 1 1 Step 1. Getting Started Decide which version to use….. T his document describes how to upgrade the MNS-6K software on a Magnum 6K switch. The methods described for updating the MNS-6K software are either locally at the console port on the Magnum 6K switch or remotely over the network using FTP or TFTP. This step involves getting ready with the necessary software and hardware tools as well as deciding on which MNS-6K software version to update to.
U P D A T I N G M N S - 6 K – S T E P 1 2) Enough disk space to store and retrieve the configuration files as well as copy software files from GarrettCom. We recommend at least 15MB of disk space for this purpose 3) Connection to the Internet. Make sure the connection does not block FTP file transfers 4) IP address of the switch that is being upgraded. Along with that, the manager level account name and password is also needed 5) Connection to the GarrettCom Magnum 6K switch.
U P D A T I N G M N S - 6 K – S T E P 1 b) If the site uses another socket number for ftp connections, use the socket number at the end of the URL. For example, if the network administrator has setup a firewall to use socket number 1684, the URL would be as follows: ftp://ftp.garrettcom.com:1684 c) NOTE - You can use any other FTP program available on the Internet, including the ‘ftp’ command available on most operating systems instead of the browser for downloading the software.
U P D A T I N G M N S - 6 K – S T E P 1 FIGURE 155 – Accessing the GarrettCom site for download. Note – if the browser does not support the login prompt, you can type in the user name and password on the URL as follows: ftp://m6kuser:m6kuser@ftp.garrettcom.com 3) After successful login, select the proper folder for downloading the proper MNS-6K software, as shown in Figure 2. Select the MNS-6K software version based on the information provided in Table 1.
U P D A T I N G M N S - 6 K – S T E P 1 FIGURE 156 – Select the proper version to use after successful login 4) Navigate to the folder MNS-6K. See Figure 3. (There are other folders with additional software, MIBs as well as additional useful information for the Magnum-6K switches which you may want to use later.) From the MNS-6K folder download the latest ‘Release Notes’ as well as the file labeled Relx.x.bin (where x.x would be the release number. For example for release 3.0, the file will be Rel3.0.
U P D A T I N G M N S - 6 K – S T E P 1 FIGURE 158 – Use the copy command to copy the files to the proper location 6) Make sure you remember where the files are stored as these files will be needed for the next step. Next steps 1) Access the GarrettCom Magnum 6K switch. The access can be over the console port using the null modem cable or through the network using telnet. This is described in step 2.
U P D A T I N G S O F T W A R E – S T E P 2 2 Step 2. Preparing to load the software Backup your existing configuration….. O nce the MNS-6K software is downloaded from the GarrettCom site, it is strongly recommended that the existing configuration of the switch is preserved before the MNS-6K software upgrade is performed. This section will show you how to save the existing configuration and prepare you for loading the configuration.
U P D A T I N G S O F T W A R E – S T E P 2 FIGURE 159 - HyperTerminal screen showing the serial settings Network Access Prerequisites - a PC (or workstation/computer) with telnet software and the IP address of the Magnum 6K switch (or DNS name associated with the switch) to be upgraded. Access the Magnum 6K switch by using the telnet command. For example, if the switch has the IP address 192.168.10.11 the command is as shown in Figure 6 below. C:> telnet 192.168.10.11 Trying …..
U P D A T I N G S O F T W A R E – S T E P 2 1) Serial file transfer capability such as X-modem or equivalent 2) TFTP server 3) FTP server As a good practice, GarrettCom recommends that you should have all these capabilities available on your local computer if you plan to upgrade additional switches as well as switches in the future.
U P D A T I N G S O F T W A R E – S T E P 2 FIGURE 162 – Invoke the “Receive File” to start the Xmodem transfer program. In the figure above the Windows XP based HyperTerminal screen is shown Once the “Receive File” is invoked (as shown in Figure above) follow the dialog to save the file in the proper directory with the proper name as shown in Figure below. FIGURE 163 – Make sure to select the Xmodem protocol and the proper directory where the configuration is saved. Click on Receive.
U P D A T I N G S O F T W A R E – S T E P 2 FIGURE 164 – Status window for Xmodem (using HyperTerminal under Windows XP) When the file transfer is completed, the window shown in Figure 10 exits and the completion message is displayed as shown in Figure 11.
U P D A T I N G S O F T W A R E – S T E P 2 This will save the file 6kconfig-10.11 to the specified IP address (192.168.10.99) in the default TFTP folder. Using FTP would be the same as Figure 12, except replace 'mode=tftp' with 'mode=ftp' In some situations (e.g. routed networks), TFTP or FTP services may be blocked. Check for network connectivity (using the ‘ping’ command). If the connectivity is OK, please contact your system or network administrator to unblock FTP or TFTP packets.
U P D A T I N G S O F T W A R E – S T E P 3 3 Step 3. Loading the MNS-6K software Load the new version of the MNS-6K image….. A T this stage, the Magnum MNS-6K software has been downloaded from the GarrettCom site, and the configuration saved. The Magnum-6K switch is now ready to upload the new MNS-6K software image. Before loading the MNS-6K software It will be necessary for the Magnum 6K switch to be reset or re-booted after the new MNS-6K software is loaded.
U P D A T I N G S O F T W A R E – S T E P 3 Serial Connection Prerequisites - make sure the directory and the file name of the MNS-6K software image downloaded in steps 1 and 2 is known. To use the serial connection to update the MNS-6K image, the command dialog is shown below: Magnum6K25# show version MNS-6K-Secure Ver: 14.
U P D A T I N G S O F T W A R E – S T E P 3 Upgrade is Successful. Please reboot Magnum 6Kxx to start the application Magnum6K25# reboot Proceed on rebooting the switch? [ 'Y' or 'N' ] Y Do you wish to save current configuration? [ 'Y' or 'N' ] Y (The switch will now reboot. After the reboot, the Magnum 6K switch may prompt you should the boot code need an update. If prompted, say “Y” to update the boot code. After the reboot and login verify the MNS-6K software was upgraded.
U P D A T I N G S O F T W A R E – S T E P 3 Magnum6K25# show version MNS-6K-Secure Ver: 14.1 Date:Jul 28 2008 Time:07:51:45 Build ID 1217245902 Magnum6K25# upgrade mode=tftp 192.168.10.99 file=Rel4.2.bin Do you wish to upgrade the image? [ 'Y' or 'N'] Y Upgrade is Successful. Please reboot Magnum 6Kxx to start the application Magnum6K25# reboot Proceed on rebooting the switch? [ 'Y' or 'N' ] Y Do you wish to save current configuration? [ 'Y' or 'N' ] Y (The switch will now reboot.
U P D A T I N G S O F T W A R E – S T E P 4 4 Step 4. (Optional Step) Restoring the configuration Optionally, restore back the original configuration and update the boot code….. A t this optional step, the original configuration has been saved, MNS-6K image copied from the www.garrettcom.com site and then onto the Magnum 6K switch and finally, if required, the configuration can be restored using the instructions in this step.
U P D A T I N G S O F T W A R E – S T E P 4 Updating boot code over the network As discussed in step 1 – selecting the proper version, with either upgrade path (to Version 2.7.1B or to Version 3.0), the boot code will be updated. At boot up time, the Magnum 6K switch identifies that there is a new version of the boot code and asks if the new boot code should be loaded11 .
U P D A T I N G S O F T W A R E – S T E P 4 Intentionally left blank 354
I N D E X Index auth, 34, 109, 110, 111, 112, 113, 114, 289 !!, 302 !, 302 Authentication, 240 802.1d, 147, 151, 159, 160, 162, 165, 172, 293 Authentication Server, 106 authenticator, 106, 108, 109, 110, 114, 115, 289, 290 802.1q, 230 802.1Q, 132, 147 Authenticator, 106 802.1w, 159, 160, 165, 175 Authoritative SNMP engine, 240 802.
I N D E X com2sec, 244, 248, 254, 299 drop mode, 90 community, 243, 253, 298, 305 DS.
I N D E X 223, 224, 227, 228, 241, 244, 249, 252, 255, 267, 281, 297, 300, 304, 307, 308, 318, 319, 322, 324 IPv4, 72, 73, 74, 207, 208, 307, 323 240, 254, 299, 315, IPv6, 72, 73, 74, 75, 78, 79, 80, 81, 87, 286, 307, 323 ISP, 106 group add, 249 Kerberos, 46 GSSAPI, 46 kill, 43, 68, 284, 308 gvrp, 236, 297 kill config, 65, 66 GVRP, 230, 232 kill session, 43, 44, 68, 284, 308 GVRP BPDUs, 230 lacp, 200, 201, 204, 295, 308 help, 34, 37, 282 history, 252, 254, 300 LACP, 22, 193, 194, 195, 196,
I N D E X prtmr, 122, 130, 291 MIB, 109, 215, 239, 244, 251, 254, 299 ps, 91, 92, 104, 288 mode, 221, 227, 229 public keys, 45 mode L2, 227 put, 56, 57, 284, 285, 307, 324 mode normal, 228 qos, 208, 213, 296 modes of operation, 25 QoS, 22, 126, 205, 206, 207, 208, 210, 213, 296 MOMENTARY, 256, 257, 258, 259, 260 quickcfg, 243, 247, 253, 298 more, 62, 70 MOTD, 266 RADIUS, 106, 107, 108, 109, 114, 289 NAS, 116 rate-threshold, 129, 130, 131, 291 NTLM, 46 rcp, 44 oldconf, 56, 57, 284, 285, 3
I N D E X save, 28, 37, 55, 65, 94, 95, 145, 237, 281, 292 RFC 2273, 242 RFC 2274, 242 saveconf, 55, 65, 68, 284 RFC 2275, 242 saveconf mode, 68, 284 RFC 3164, 96, 97, 272 script, 56, 57, 284, 285, 307, 324 RFC 3315, 77 Secure ftp, 56, 69 RFC 3396, 77 Secure Shell.
I N D E X set serial, 50, 68, 283 setport port, 123, 130, 291 set snmp, 242, 244, 253, 298 set-ports, 236, 297 set stp, 151, 161, 172, 183, 185, 186, 293, 294, 295 set-qi, 224, 226, 228, 297 setqos, 210, 211, 212 set time, 52, 68, 283 set-qri, 224, 226, 229, 297 set timeformat, 53, 68, 283 set-querier, 224, 225, 226 set timezone, 52, 68, 283 setsntp, 53, 54, 68, 283 set vlan, 134, 145, 291 setsntp server, 68, 283 set-forbid, 236, 237, 298 set-untag, 213, 296 set-leave, 225, 228, 297 setvar
I N D E X show active-snmp, 242, 244, 246, 253, 298 show log, 97, 98, 99, 104, 272, 273, 288 show active-stp, 151, 162, 167, 172, 183, 185, 186, 293, 294, 295 show motd, 266, 267, 278, 300, 318 show port, 124, 127, 130, 210, 291 show active-vlan, 138 show port-mirror, 122, 130, 291 show address-table, 277, 278 show alarm, 258, 259, 260, 300 show port-security, 91, 92, 93, 94, 95, 104, 287 show auth config, 110 show qos, 210, 211, 212, 213, 296 show auth ports, 111 show rmon, 252 show backpressu
I N D E X show-com2sec, 248 SNMPv2c, 239, 240 show-deftrap, 243, 247, 253, 299 snmpv3, 243, 247, 253, 298 show-forbid, 236, 237, 298 sntp, 54, 68 show-forceversion, 166, 168, 169, 172, 293 SNTP, 53, 54, 62, 65, 68, 84, 85, 86, 98, 99, 273, 276, 283, 287, 315, 321, 322 show-group, 223, 228, 244, 249, 254, 297, 299 sntp enable, 54 SNTP server, 84 show-port, 112, 113, 136, 142, 144, 146, 224, 228, 292, 297 sntpserver, 87, 88, 287, 321 sntpsrv, 87, 88, 287, 319, 321 show-portweight, 209, 212, 213,
I N D E X 172, 177, 182, 198, 292, 309, 323 173, 178, 183, 210, 293, 313, 174, 179, 184, 257, 294, 317, 175, 180, 185, 259, 295, 319, Telnet, 44, 45 176, 181, 186, 260, 307, 322, telnet enable, 42 tftp, 56, 58, 69, 273, 285, 323 timers, 150, 153, 157, 158, 166, 171, 173, 293, 294 ToS, 206, 207, 208, 213, 296 stp enable, 151, 154 trap, 243, 247, 254, 299 STP Path cost, 165 trigger-reauth, 113, 115, 290 Stratum, 85, 86 UDP, 109, 110, 111, 114, 116, 289 supplicant, 106, 108, 109, 110, 114, 115, 2
