U SER G UIDE User Manual ES-2026 Advanced Smart FE Switch ES-2026P Advanced Smart FE PoE Switch ES-2024G Advanced Smart GE Switch ES-2024GP Advanced Smart GE PoE Switch
U SER M ANUAL ES-2000 Series ES-2026 ADVANCED SMART 26-PORT FE SWITCH Layer 2 Advanced Smart Switch with 24 10/100BASE-TX (RJ-45) Ports, and 2 Gigabit Combination Ports (RJ-45/SFP) ES-2026P ADVANCED SMART 26-PORT FE POE SWITCH Layer 2 Advanced Smart Switch with 24 10/100BASE-TX (RJ-45) PoE Ports, and 2 Gigabit Combination Ports (RJ-45/SFP) ES-2024G ADVANCED SMART 24-PORT GE SWITCH Layer 2 Advanced Smart Switch with 24 10/100/1000BASE-T (RJ-45) Ports, and 4 Gigabit Shared Ports (SFP) ES-2024GP ADVANCED SM
ABOUT THIS GUIDE ES-2000 Series PURPOSE This guide gives specific information on how to operate and use the management functions of the switch. AUDIENCE The guide is intended for use by network administrators who are responsible for operating and maintaining network equipment; consequently, it assumes a basic working knowledge of general switch functions, the Internet Protocol (IP), and Simple Network Management Protocol (SNMP).
ABOUT THIS GUIDE ES-2000 Series REVISION HISTORY This section summarizes the changes in each revision of this guide. JUNE 2011 REVISION This is the fifth version of this guide. This guide is valid for software release v1.2.0.12. It includes information on the following changes to the web pages or command line interface: ◆ Updated descriptive text for port security (see "Configuring Port Security" on page 187. JANUARY 2011 REVISION This is the fourth version of this guide.
ABOUT THIS GUIDE ES-2000 Series ◆ Updated the Parameter list in "Configuring LLDP Interface Attributes" on page 208. ◆ Added the section "Configuring LLDP Interface Civic-Address" on page 211. ◆ Updated the Parameter list in "Displaying LLDP Remote Port Information" on page 216. ◆ Updated Table 26, "Supported Notification Messages," on page 236. ◆ Updated information in "Setting the Switch’s IP Address (IP Version 4)" on page 271.
ABOUT THIS GUIDE ES-2000 Series ◆ Updated Figure 118 on page 203. ◆ Updated Figure 124 on page 215. ◆ Added additional information about the parameters displayed for remote devices (see "Displaying LLDP Remote Port Information" on page 216). ◆ Updated Figure 127 on page 221. ◆ Updated Figure 130 on page 225. ◆ Removed the default IP address pool for switch clustering (see "Configuring General Settings for Clusters" on page 261).
CONTENTS ES-2000 Series SECTION I SECTION II ABOUT THIS GUIDE 3 CONTENTS 7 FIGURES 13 TABLES 19 GETTING STARTED 21 1 INTRODUCTION 23 Key Features 23 Description of Software Features 24 System Defaults 28 2 INITIAL SWITCH CONFIGURATION 31 WEB CONFIGURATION 33 3 USING THE WEB INTERFACE 35 Navigating the Web Browser Interface 35 Home Page 35 Configuration Options 36 Panel Display 37 Showing Status Information 38 Main Menu 39 4 BASIC MANAGEMENT TASKS 47 Displaying System
CONTENTS ES-2000 Series Setting The Start-Up File 55 Showing System Files 56 Setting the System Clock 57 Setting the Time Manually 57 Setting the SNTP Polling Interval 58 Specifying SNTP Time Servers 59 Setting the Time Zone 60 Displaying CPU Utilization 61 Displaying Memory Utilization 62 Resetting the System 63 5 INTERFACE CONFIGURATION Port Configuration 65 65 Configuring by Port List 65 Configuring by Port Range 68 Displaying Connection Status 68 Configuring Local Port Mirro
CONTENTS ES-2000 Series 8 SPANNING TREE ALGORITHM 107 Overview 107 Configuring Global Settings for STA 108 Displaying Global Settings for STA 112 Configuring Interface Settings for STA 113 Displaying Interface Settings for STA 116 9 RATE LIMIT CONFIGURATION 119 10 STORM CONTROL CONFIGURATION 123 11 CLASS OF SERVICE 125 Layer 2 Queue Settings 125 Setting the Default Priority for Interfaces 125 Selecting the Queue Mode 126 Mapping CoS Values to Egress Queues 129 Layer 3/4 Priority S
CONTENTS ES-2000 Series Configuring HTTPS 172 Configuring Global Settings for HTTPS 172 Replacing the Default Secure-site Certificate 173 Access Control Lists 175 Showing TCAM Utilization 175 Setting the ACL Name and Type 177 Configuring a Standard IPv4 ACL 178 Configuring an Extended IPv4 ACL 179 Configuring a MAC ACL 182 Binding a Port to an Access Control List 184 Filtering IP Addresses for Management Access 185 Configuring Port Security 187 Configuring 802.
CONTENTS ES-2000 Series Configuring SNMPv3 Groups 236 Setting Community Access Strings 240 Configuring Local SNMPv3 Users 241 Configuring Remote SNMPv3 Users 243 Specifying Trap Managers 245 Remote Monitoring 250 Configuring RMON Alarms 250 Configuring RMON Events 253 Configuring RMON History Samples 255 Configuring RMON Statistical Samples 258 Switch Clustering 261 Configuring General Settings for Clusters 261 Cluster Member Configuration 263 Managing Cluster Members 264 16 IP
CONTENTS ES-2000 Series Management Features 298 Standards 298 Management Information Bases 299 B TROUBLESHOOTING 301 Problems Accessing the Management Interface 301 Using System Logs 302 C LICENSE INFORMATION 303 The GNU General Public License 303 GLOSSARY 307 INDEX 313 – 12 –
FIGURES ES-2000 Series Figure 1: Home Page 35 Figure 2: Front Panel Indicators 37 Figure 3: Displaying Configuration Settings or Status Information 38 Figure 4: System Information 48 Figure 5: General Switch Information 49 Figure 6: Configuring Support for Jumbo Frames 50 Figure 7: Displaying Bridge Extension Configuration 52 Figure 8: Copy Firmware 54 Figure 9: Saving the Running Configuration 55 Figure 10: Setting Start-Up Files 56 Figure 11: Displaying System Files 56 Figure 12: Man
FIGURES ES-2000 Series Figure 32: Configuring Dynamic Trunks 80 Figure 33: Configuring the LACP Aggregator Admin Key 82 Figure 34: Enabling LACP on a Port 83 Figure 35: Configuring LACP Parameters on a Port 84 Figure 36: Configuring Connection Parameters for a Dynamic Trunk 84 Figure 37: Showing Connection Parameters for Dynamic Trunks 85 Figure 38: Showing Members of Dynamic Trunks 85 Figure 39: Displaying LACP Port Counters 86 Figure 40: Displaying LACP Port Internal Information 88 Figu
FIGURES ES-2000 Series Figure 68: Setting the Queue Mode (Strict and WRR) 129 Figure 69: Mapping CoS Values to Egress Queues 131 Figure 70: Showing CoS Values to Egress Queue Mapping 131 Figure 71: Setting the Trust Mode 133 Figure 72: Configuring DSCP to DSCP Internal Mapping 135 Figure 73: Showing DSCP to DSCP Internal Mapping 135 Figure 74: Configuring CoS to DSCP Internal Mapping 137 Figure 75: Showing CoS to DSCP Internal Mapping 138 Figure 76: Configuring a Class Map 141 Figure 77:
FIGURES ES-2000 Series Figure 104: Configuring an Extended IPv4 ACL 181 Figure 105: Configuring a MAC ACL 183 Figure 106: Binding a Port to an ACL 184 Figure 107: Creating an IP Address Filter for Management Access 186 Figure 108: Showing IP Addresses Authorized for Management Access 186 Figure 109: Setting the Maximum Address Count for Port Security 188 Figure 110: Configuring the Status and Response for Port Security 189 Figure 111: Configuring Port Security 190 Figure 112: Configuring Gl
FIGURES ES-2000 Series Figure 140: Creating an SNMP Group 239 Figure 141: Showing SNMP Groups 239 Figure 142: Setting Community Access Strings 240 Figure 143: Showing Community Access Strings 241 Figure 144: Configuring Local SNMPv3 Users 242 Figure 145: Showing Local SNMPv3 Users 243 Figure 146: Configuring Remote SNMPv3 Users 245 Figure 147: Showing Remote SNMPv3 Users 245 Figure 148: Configuring Trap Managers (SNMPv1) 248 Figure 149: Configuring Trap Managers (SNMPv2c) 249 Figure 150
FIGURES ES-2000 Series Figure 176: Showing Current Interfaces Attached a Multicast Router 282 Figure 177: Assigning an Interface to a Multicast Service 283 Figure 178: Showing Static Interfaces Assigned to a Multicast Service 283 Figure 179: Showing Current Interfaces Assigned to a Multicast Service 284 Figure 180: Configuring IGMP Snooping on an Interface 288 Figure 181: Showing Interface Settings for IGMP Snooping 288 Figure 182: Showing Multicast Groups Learned by IGMP Snooping 289 Figure
TABLES ES-2000 Series Table 1: Key Features 23 Table 2: System Defaults 28 Table 3: Web Page Configuration Buttons 36 Table 4: Switch Main Menu 39 Table 5: Port Statistics 71 Table 6: LACP Port Counters 85 Table 7: LACP Internal Configuration Information 87 Table 8: LACP Internal Configuration Information 88 Table 9: Recommended STA Path Cost Range 115 Table 10: Default STA Path Costs 115 Table 11: Effective Rate Limit 120 Table 12: IEEE 802.
TABLES ES-2000 Series – 20 –
SECTION I ES-2000 Series GETTING STARTED This section provides an overview of the switch, and introduces some basic concepts about network switches. It also describes the basic settings required to access the management interface.
SECTION I | Getting Started ES-2000 Series – 22 –
1 INTRODUCTION ES-2000 Series This switch provides a broad range of features for Layer 2 switching. It includes a management agent that allows you to configure the features listed in this manual. The default configuration can be used for most of the features provided by this switch. However, there are many options that you should configure to maximize the switch’s performance for your particular network environment.
CHAPTER 1 | Introduction Description of Software Features ES-2000 Series Table 1: Key Features (Continued) Feature Description Link Layer Discovery Protocol Used to discover basic information about neighboring devices Multicast Filtering Supports IGMP snooping and query DESCRIPTION OF SOFTWARE FEATURES The switch provides a wide range of advanced performance enhancing features. Flow control eliminates the loss of packets due to bottlenecks caused by port saturation.
CHAPTER 1 | Introduction Description of Software Features ES-2000 Series PORT CONFIGURATION You can manually configure the speed and duplex mode, and flow control used on specific ports, or use auto-negotiation to detect the connection settings used by the attached device. Use the full-duplex mode on ports whenever possible to double the throughput of switch connections.
CHAPTER 1 | Introduction Description of Software Features ES-2000 Series IEEE 802.1D BRIDGE The switch supports IEEE 802.1D transparent bridging. The address table facilitates data switching by learning addresses, and then filtering or forwarding traffic based on this information. The address table supports up to 8K addresses. STORE-AND-FORWARD The switch copies each frame into its memory before forwarding them to SWITCHING another port.
CHAPTER 1 | Introduction Description of Software Features ES-2000 Series ◆ Provide data security by restricting all traffic to the originating VLAN, except where a connection is explicitly defined via the switch's routing service. TRAFFIC This switch prioritizes each packet based on the required level of service, PRIORITIZATION using four priority queues with strict priority, Weighted Round Robin (WRR) scheduling, or a combination of strict and weighted queuing. It uses IEEE 802.1p and 802.
CHAPTER 1 | Introduction System Defaults ES-2000 Series SYSTEM DEFAULTS The switch’s system defaults are provided in the configuration file “Factory_Default_Config.cfg.” To reset the switch defaults, this file should be set as the startup configuration file. The following table lists some of the basic system defaults. Table 2: System Defaults Function Parameter Default Authentication RADIUS Authentication Disabled TACACS+ Authentication Disabled 802.
CHAPTER 1 | Introduction System Defaults ES-2000 Series Table 2: System Defaults (Continued) Function Parameter Default Virtual LANs Default VLAN 1 PVID 1 Acceptable Frame Type All Ingress Filtering Disabled Switchport Mode (Egress Mode) Access Traffic Prioritization Ingress Port Priority 0 Queue Mode Strict-WRR Queue Weight Queue: 0 1 2 3 Weight: 1 2 4 6 Class of Service Enabled IP Precedence Priority Disabled IP DSCP Priority Disabled Management VLAN VLAN 1 IP Address 192.
CHAPTER 1 | Introduction System Defaults ES-2000 Series – 30 –
2 INITIAL SWITCH CONFIGURATION ES-2000 Series This chapter includes information on connecting to the switch and basic configuration procedures. To make use of the management features of your switch, you must first configure it with an IP address that is compatible with the network in which it is being installed. This should be done before you permanently install the switch in the network. Follow this procedure: 1. Place the switch close to the PC that you intend to use for configuration.
CHAPTER 2 | Initial Switch Configuration ES-2000 Series – 32 –
SECTION II ES-2000 Series WEB CONFIGURATION This section describes the basic switch features, along with a detailed description of how to configure each feature via a web browser.
SECTION II | Web Configuration ES-2000 Series – 34 –
3 USING THE WEB INTERFACE ES-2000 Series This switch provides an embedded HTTP web agent. Using a web browser you can configure the switch and view statistics to monitor network activity. The web agent can be accessed by any computer on the network using a standard web browser (Internet Explorer 5.0 or above, Netscape 6.2 or above, or Mozilla Firefox 2.0.0.0 or above). NAVIGATING THE WEB BROWSER INTERFACE To access the web-browser interface you must first enter a user name and password.
CHAPTER 3 | Using the Web Interface Navigating the Web Browser Interface ES-2000 Series NOTE: This manual covers the ES-2026 and ES-2026P Fast Ethernet switches, and the ES-2024G and ES-2024GP Gigabit Ethernet switches. Other than the difference in port types supported by the Fast Ethernet and Gigabit Ethernet switches, and support for PoE (ES-2026P, ES-2024GP), there are no other significant differences. Therefore nearly all of the screen display examples are based on the ES-2026.
CHAPTER 3 | Using the Web Interface Navigating the Web Browser Interface ES-2000 Series PANEL DISPLAY The web agent displays an image of the switch’s ports. The Mode can be set to display different information for the ports, including Active (i.e., up or down), Duplex (i.e., half or full duplex), or Flow Control (i.e., with or without flow control).
CHAPTER 3 | Using the Web Interface Navigating the Web Browser Interface ES-2000 Series SHOWING STATUS There are various web pages which display configuration settings or the INFORMATION status of specified processes. Many of these pages will not display any information unless the switch is properly configured, and in some cases the interface to which a command applies is up.
CHAPTER 3 | Using the Web Interface Navigating the Web Browser Interface ES-2000 Series MAIN MENU Using the onboard web agent, you can define system parameters, manage and control the switch, and all its ports, or monitor network conditions. The following table briefly describes the selections available from this program.
CHAPTER 3 | Using the Web Interface Navigating the Web Browser Interface ES-2000 Series Table 4: Switch Main Menu (Continued) Menu Description Page Trunk Static 78 Configure Trunk Creates a trunk, specifying port members Configure General 78 78 Show Information Displays trunk connection settings 78 Configure Configures trunk connection settings 78 Dynamic Configure Aggregator 80 Configures administration key for specific LACP groups Configure Aggregation Port 80 78 Configure 78 General
CHAPTER 3 | Using the Web Interface Navigating the Web Browser Interface ES-2000 Series Table 4: Switch Main Menu (Continued) Menu Description Page MAC Address 101 Static 101 Add Configures static entries in the address table 101 Show Displays static entries in the address table 101 Configure Aging Sets timeout for dynamically learned entries 103 Show Dynamic MAC Displays dynamic entries in the address table 104 Clear Dynamic MAC Removes any learned entries from the forwarding database
CHAPTER 3 | Using the Web Interface Navigating the Web Browser Interface ES-2000 Series Table 4: Switch Main Menu (Continued) Menu Description Page DiffServ 139 Configure Class 140 Add Creates a class map for a type of traffic 140 Show Shows configured class maps 140 Modify Modifies the name of a class map 140 Add Rule Configures the criteria used to classify ingress traffic 140 Show Rule Shows the traffic classification rules for a class map 140 Configure Policy 143 Add Creates a
CHAPTER 3 | Using the Web Interface Navigating the Web Browser Interface ES-2000 Series Table 4: Switch Main Menu (Continued) Menu Description Page Secure HTTP 172 Configure Global Enables HTTPs, and specifies the UDP port to use 172 Copy Certificate Replaces the default secure-site certificate 173 Access Control Lists 175 HTTPS ACL Configure ACL 177 Show TCAM Shows utilization parameters for TCAM 175 Add Adds an ACL based on IP or MAC address filtering 177 Show Shows the name and t
CHAPTER 3 | Using the Web Interface Navigating the Web Browser Interface ES-2000 Series Table 4: Switch Main Menu (Continued) Menu Description Page Show CA-Type Shows the location of the device attached to an interface 211 Modify CA-Type Modifies the location of the device attached to an interface 211 Show Local Device Information 214 General Displays general information about the local device 214 Port/Trunk Displays information about each interface 214 Show Remote Device Information 216
CHAPTER 3 | Using the Web Interface Navigating the Web Browser Interface ES-2000 Series Table 4: Switch Main Menu (Continued) Menu Show SNMPv3 Remote User Description Page Shows SNMPv3 users set from a remote device 241 Configure Trap 245 Add Configures trap managers to receive messages on key events that 245 occur this switch Show Shows configured trap managers 245 Remote Monitoring 250 Alarm Sets threshold bounds for a monitored variable 250 Event Creates a response event for an alarm
CHAPTER 3 | Using the Web Interface Navigating the Web Browser Interface ES-2000 Series Table 4: Switch Main Menu (Continued) Menu Description Page Multicast 275 IGMP Snooping General 276 Enables multicast filtering; configures parameters for multicast snooping Multicast Router 277 280 Add Static Multicast Router Assigns ports that are attached to a neighboring multicast router 280 Show Static Multicast Router Displays ports statically configured as attached to a neighboring multicast router
4 BASIC MANAGEMENT TASKS ES-2000 Series This chapter describes the following topics: ◆ Displaying System Information – Provides basic system description, including contact information. ◆ Displaying Switch Hardware/Software Versions – Shows the hardware version, power status, and firmware versions ◆ Configuring Support for Jumbo Frames – Enables support for jumbo frames. ◆ Displaying Bridge Extension Capabilities – Shows the bridge extension parameters.
CHAPTER 4 | Basic Management Tasks Displaying Switch Hardware/Software Versions ES-2000 Series ◆ System Up Time – Length of time the management agent has been up. ◆ System Name – Name assigned to the switch system. ◆ System Location – Specifies the system location. ◆ System Contact – Administrator responsible for the system. WEB INTERFACE To configure general system information: 1. Click System, General. 2. Specify the system name, location, and contact information for the system administrator.
CHAPTER 4 | Basic Management Tasks Displaying Switch Hardware/Software Versions ES-2000 Series ◆ Internal Power Status – Displays the status of the internal power supply. Management Software Information ◆ Role – Shows that this switch is operating as Master or Slave. ◆ EPLD Version – Version number of EEPROM Programmable Logic Device. ◆ Loader Version – Version number of loader code. ◆ Diagnostics Code Version – Version of Power-On Self-Test (POST) and boot code.
CHAPTER 4 | Basic Management Tasks Configuring Support for Jumbo Frames ES-2000 Series CONFIGURING SUPPORT FOR JUMBO FRAMES Use the System > Capability page to configure support for jumbo frames. The switch provides more efficient throughput for large sequential data transfers by supporting jumbo frames up to 10240 bytes for Gigabit Ethernet. Compared to standard Ethernet frames that run only up to 1.
CHAPTER 4 | Basic Management Tasks Displaying Bridge Extension Capabilities ES-2000 Series DISPLAYING BRIDGE EXTENSION CAPABILITIES Use the System > Capability page to display settings based on the Bridge MIB. The Bridge MIB includes extensions for managed devices that support Multicast Filtering, Traffic Classes, and Virtual LANs. You can access these extensions to display default settings for the key variables.
CHAPTER 4 | Basic Management Tasks Managing System Files ES-2000 Series WEB INTERFACE To view Bridge Extension information: 1. Click System, then Capability. Figure 7: Displaying Bridge Extension Configuration MANAGING SYSTEM FILES This section describes how to upgrade the switch operating software or configuration files, and set the system start-up files. COPYING FILES VIA Use the System > File (Copy) page to upload/download firmware or HTTP configuration settings using HTTP.
CHAPTER 4 | Basic Management Tasks Managing System Files ES-2000 Series ■ HTTP Download – Copies a file from the switch to a management station ◆ File Type – Specify Operation Code, Config File, or Loader. ◆ File Name – The file name should not contain slashes (\ or /), the leading letter of the file name should not be a period (.), and the maximum length for file names is 31 characters for files on the switch. (Valid characters: A-Z, a-z, 0-9, “.
CHAPTER 4 | Basic Management Tasks Managing System Files ES-2000 Series Figure 8: Copy Firmware If you replaced a file currently used for startup and want to start using the new file, reboot the system via the System > Reset menu. SAVING THE RUNNING Use the System > File (Copy) page to save the current configuration CONFIGURATION TO A settings to a local file on the switch. The configuration settings are not LOCAL FILE automatically saved by the system for subsequent use when the switch is rebooted.
CHAPTER 4 | Basic Management Tasks Managing System Files ES-2000 Series WEB INTERFACE To save the running configuration file: 1. Click System, then File. 2. Select Copy from the Action list. 3. Select Running-Config from the Copy Type list. 4. Select the current startup file on the switch to overwrite or specify a new file name. 5. Then click Apply.
CHAPTER 4 | Basic Management Tasks Managing System Files ES-2000 Series Figure 10: Setting Start-Up Files To start using the new firmware or configuration settings, reboot the system via the System > Reset menu. SHOWING SYSTEM Use the System > File (Show) page to show the files in the system FILES directory, or to delete a file. NOTE: Files designated for start-up, and the Factory_Default_Config.cfg file, cannot be deleted. WEB INTERFACE To show the system files: 1. Click System, then File. 2.
CHAPTER 4 | Basic Management Tasks Setting the System Clock ES-2000 Series SETTING THE SYSTEM CLOCK Simple Network Time Protocol (SNTP) allows the switch to set its internal clock based on periodic updates from a time server (SNTP or NTP). Maintaining an accurate time on the switch enables the system log to record meaningful dates and times for event entries. You can also manually set the clock.
CHAPTER 4 | Basic Management Tasks Setting the System Clock ES-2000 Series Figure 12: Manually Setting the System Clock SETTING THE SNTP Use the System > Time (Configure General - SNTP) page to set the polling POLLING INTERVAL interval at which the switch will query the specified time servers. PARAMETERS The following parameters are displayed: ◆ Current Time – Shows the current time set on the switch.
CHAPTER 4 | Basic Management Tasks Setting the System Clock ES-2000 Series Figure 13: Setting the Polling Interval for SNTP SPECIFYING SNTP Use the System > Time (Configure Time Server) page to specify the IP TIME SERVERS address for up to three SNTP time servers. PARAMETERS The following parameters are displayed: ◆ SNTP Server IP Address – Sets the IP address for up to three time servers.
CHAPTER 4 | Basic Management Tasks Setting the System Clock ES-2000 Series SETTING THE TIME Use the System > Time (Configure Time Server) page to set the time zone. ZONE SNTP uses Coordinated Universal Time (or UTC, formerly Greenwich Mean Time, or GMT) based on the time at the Earth’s prime meridian, zero degrees longitude, which passes through Greenwich, England.
CHAPTER 4 | Basic Management Tasks Displaying CPU Utilization ES-2000 Series Figure 15: Setting the Time Zone DISPLAYING CPU UTILIZATION Use the System > CPU Utilization page to display information on CPU utilization. PARAMETERS The following parameters are displayed: ◆ Time Interval – The interval at which to update the displayed utilization rate. (Options: 1, 5, 10, 30, 60 seconds; Default: 1 second) ◆ CPU Utilization – CPU utilization over specified interval.
CHAPTER 4 | Basic Management Tasks Displaying Memory Utilization ES-2000 Series WEB INTERFACE To display CPU utilization: 1. Click System, then CPU Utilization. 2. Change the update interval if required. Note that the interval is changed as soon as a new setting is selected. Figure 16: Displaying CPU Utilization DISPLAYING MEMORY UTILIZATION Use the System > Memory Status page to display memory utilization parameters.
CHAPTER 4 | Basic Management Tasks Resetting the System ES-2000 Series WEB INTERFACE To display memory utilization: 1. Click System, then Memory Status. Figure 17: Displaying Memory Utilization RESETTING THE SYSTEM Use the System > Reset menu to restart the switch immediately. COMMAND USAGE ◆ This command resets the entire system. ◆ To retain all configuration information stored in non-volatile memory, click the Save button prior to resetting the system.
CHAPTER 4 | Basic Management Tasks Resetting the System ES-2000 Series WEB INTERFACE To restart the switch: 1. Click System, then Reset. 2. Click the Reset button. 3. When prompted, confirm that you want reset the switch.
5 INTERFACE CONFIGURATION ES-2000 Series This chapter describes the following topics: ◆ Port Configuration – Configures connection settings, including autonegotiation, or manual setting of speed, duplex mode, and flow control. ◆ Local Port Mirroring – Sets the source and target ports for mirroring on the local switch. ◆ Displaying Statistics – Shows Interface, Etherlike, and RMON port statistics in table or chart form. ◆ Cable Test – Tests the cable attached to a port.
CHAPTER 5 | Interface Configuration Port Configuration ES-2000 Series ◆ The Speed/Duplex mode is fixed at 1000full on the Gigabit SFP ports. When auto-negotiation is enabled, the only attributes which can be advertised include flow control and symmetric pause frames. PARAMETERS These parameters are displayed: ◆ Port – Port identifier. ◆ Type – Indicates the port type. (100Base-TX, 1000Base-T, 100Base SFP, 1000Base SFP) ◆ Name – Allows you to label an interface.
CHAPTER 5 | Interface Configuration Port Configuration ES-2000 Series operation and IEEE 802.3-2005 (formally IEEE 802.3x) for fullduplex operation. Avoid using flow control on a port connected to a hub unless it is actually required to solve a problem. Otherwise back pressure jamming signals may degrade overall performance for the segment attached to the hub.
CHAPTER 5 | Interface Configuration Port Configuration ES-2000 Series CONFIGURING BY Use the Interface > Port > General (Configure by Port Range) page to PORT RANGE enable/disable an interface, set auto-negotiation and the interface capabilities to advertise, or manually fix the speed, duplex mode, and flow control. For more information on command usage and a description of the parameters, refer to "Configuring by Port List" on page 65. WEB INTERFACE To configure port connection parameters: 1.
CHAPTER 5 | Interface Configuration Port Configuration ES-2000 Series ◆ Admin – Shows if the port is enabled or disabled. ◆ Oper Status – Indicates if the link is Up or Down. ◆ Media Type – Media type used. (Options: RJ-45 – Copper-Forced; Combination – Copper-Forced, SFP-Forced, or SFP-Preferred-Auto; Default: RJ-45 – Copper-Forced; Combination – SFP-Preferred-Auto) ◆ Autonegotiation – Shows if auto-negotiation is enabled or disabled.
CHAPTER 5 | Interface Configuration Port Configuration ES-2000 Series COMMAND USAGE ◆ Traffic can be mirrored from one or more source ports to a destination port on the same switch (local port mirroring as described in this section). ◆ Monitor port speed should match or exceed source port speed, otherwise traffic may be dropped from the monitor port. PARAMETERS These parameters are displayed: ◆ Source Port – The port whose traffic will be monitored.
CHAPTER 5 | Interface Configuration Port Configuration ES-2000 Series To display the configured mirror sessions: 1. Click Interface, Port, Mirror. 2. Select Show from the Action List. Figure 24: Displaying Local Port Mirror Sessions SHOWING PORT OR Use the Interface > Port/Trunk > Statistics or Chart page to display TRUNK STATISTICS standard statistics on network traffic from the Interfaces Group and Ethernet-like MIBs, as well as a detailed breakdown of traffic based on the RMON MIB.
CHAPTER 5 | Interface Configuration Port Configuration ES-2000 Series Table 5: Port Statistics (Continued) Parameter Description Received Unicast Packets The number of subnetwork-unicast packets delivered to a higher-layer protocol. Transmitted Unicast Packets The total number of packets that higher-level protocols requested be transmitted to a subnetwork-unicast address, including those that were discarded or not sent.
CHAPTER 5 | Interface Configuration Port Configuration ES-2000 Series Table 5: Port Statistics (Continued) Parameter Description Internal MAC Receive Errors A count of frames for which reception on a particular interface fails due to an internal MAC sublayer receive error. Internal MAC Transmit Errors A count of frames for which transmission on a particular interface fails due to an internal MAC sublayer transmit error.
CHAPTER 5 | Interface Configuration Port Configuration ES-2000 Series WEB INTERFACE To show a list of port statistics: 1. Click Interface, Port, Statistics. 2. Select the statistics mode to display (Interface, Etherlike, RMON or Utilization). 3. Select a port from the drop-down list. 4. Use the Refresh button at the bottom of the page if you need to update the screen.
CHAPTER 5 | Interface Configuration Port Configuration ES-2000 Series To show a chart of port statistics: 1. Click Interface, Port, Chart. 2. Select the statistics mode to display (Interface, Etherlike, RMON or All). 3. If Interface, Etherlike, RMON statistics mode is chosen, select a port from the drop-down list. If All (ports) statistics mode is chosen, select the statistics type to display.
CHAPTER 5 | Interface Configuration Port Configuration ES-2000 Series ◆ Potential conditions which may be listed by the diagnostics include: ■ OK: Correctly terminated pair ■ Open: Open pair, no link partner ■ Short: Shorted pair ■ ■ ◆ Not Supported: This message is displayed for any Fast Ethernet ports that are linked up, or for any Gigabit Ethernet ports linked up at a speed lower than 1000 Mbps. Impedance mismatch: Terminating impedance is not in the reference range.
CHAPTER 5 | Interface Configuration Trunk Configuration ES-2000 Series WEB INTERFACE To test the cable attached to a port: 1. Click Interface, Port, Cable Test. 2. Click Test for any port to start the cable test. Figure 27: Performing Cable Tests TRUNK CONFIGURATION This section describes how to configure static and dynamic trunks. You can create multiple links between devices that work as one virtual, aggregate link.
CHAPTER 5 | Interface Configuration Trunk Configuration ES-2000 Series the web interface to specify the trunk on the devices at both ends. When using a port trunk, take note of the following points: ◆ Finish configuring port trunks before you connect the corresponding network cables between switches to avoid creating a loop. ◆ You can create up to 12 trunks on a switch, with up to eight ports per trunk. ◆ The ports at both ends of a connection must be configured as trunk ports.
CHAPTER 5 | Interface Configuration Trunk Configuration ES-2000 Series PARAMETERS These parameters are displayed: ◆ Trunk ID – Trunk identifier. (Range: 1-12) ◆ Trunk Member Port List – The ports assigned to a trunk. WEB INTERFACE To create a static trunk: 1. Click Interface, Trunk, Static. 2. Select Configure Trunk from the Step list. 3. Enter a trunk identifier, and click Add. 4. Mark the ports assigned to each trunk. 5. Click Apply.
CHAPTER 5 | Interface Configuration Trunk Configuration ES-2000 Series Figure 30: Configuring Connection Parameters for a Static Trunk To show the static trunks configured on the switch: 1. Click Interface, Trunk, Static. 2. Select Configure General from the Step list. 3. Select Show Information from the Action list.
CHAPTER 5 | Interface Configuration Trunk Configuration ES-2000 Series ◆ If the target switch has also enabled LACP on the connected ports, the trunk will be activated automatically. ◆ A trunk formed with another switch using LACP will automatically be assigned the next available trunk ID. ◆ If more than eight ports attached to the same target switch have LACP enabled, the additional ports will be placed in standby mode, and will only be enabled if one of the active links fails.
CHAPTER 5 | Interface Configuration Trunk Configuration ES-2000 Series other switches during LAG negotiations. (Range: 0-65535; Default: 32768) System priority is combined with the switch’s MAC address to form the LAG identifier. This identifier is used to indicate a specific LAG during LACP negotiations with other systems. ◆ Port Priority – If a link goes down, LACP port priority is used to select a backup link.
CHAPTER 5 | Interface Configuration Trunk Configuration ES-2000 Series To enable LACP for a port: 1. Click Interface, Trunk, Dynamic. 2. Select Configure Aggregation Port from the Step list. 3. Select Configure from the Action list. 4. Click General. 5. Enable LACP on the required ports. 6. Click Apply. Figure 34: Enabling LACP on a Port To configure LACP parameters for group members: 1. Click Interface, Trunk, Dynamic. 2. Select Configure Aggregation Port from the Step list. 3.
CHAPTER 5 | Interface Configuration Trunk Configuration ES-2000 Series Figure 35: Configuring LACP Parameters on a Port To configure the connection parameters for a dynamic trunk: 1. Click Interface, Trunk, Dynamic. 2. Select Configure Trunk from the Step list. 3. Select Configure from the Action list. 4. Modify the required interface settings. (Refer to "Configuring by Port List" on page 65 for a description of the parameters.) 5. Click Apply.
CHAPTER 5 | Interface Configuration Trunk Configuration ES-2000 Series To show the connection parameters for a dynamic trunk: 1. Click Interface, Trunk, Dynamic. 2. Select Configure Trunk from the Step list. 3. Select Show from the Action list. Figure 37: Showing Connection Parameters for Dynamic Trunks To show the port members of dynamic trunks: 1. Click Interface, Trunk, Dynamic. 2. Select Configure General from the Step list. 3. Select Show Member from the Action list.
CHAPTER 5 | Interface Configuration Trunk Configuration ES-2000 Series Table 6: LACP Port Counters (Continued) Parameter Description Marker Unknown Pkts Number of frames received that either (1) Carry the Slow Protocols Ethernet Type value, but contain an unknown PDU, or (2) are addressed to the Slow Protocols group MAC Address, but do not carry the Slow Protocols Ethernet Type.
CHAPTER 5 | Interface Configuration Trunk Configuration ES-2000 Series DISPLAYING LACP Use the Interface > Trunk > Dynamic (Configure Aggregation Port - Show SETTINGS AND STATUS Information - Internal) page to display the configuration settings and FOR THE LOCAL SIDE operational state for the local side of a link aggregation.
CHAPTER 5 | Interface Configuration Trunk Configuration ES-2000 Series Figure 40: Displaying LACP Port Internal Information DISPLAYING LACP Use the Interface > Trunk > Dynamic (Configure Aggregation Port - Show SETTINGS AND STATUS Information - Neighbors) page to display the configuration settings and FOR THE REMOTE SIDE operational state for the remote side of a link aggregation.
CHAPTER 5 | Interface Configuration Trunk Configuration ES-2000 Series WEB INTERFACE To display LACP settings and status for the remote side: 1. Click Interface, Trunk, Dynamic. 2. Select Configure Aggregation Port from the Step list. 3. Select Show Information from the Action list. 4. Click Internal. 5. Select a group member from the Port list.
CHAPTER 5 | Interface Configuration Trunk Configuration ES-2000 Series COMMAND USAGE ◆ Traffic can be mirrored from one or more source trunks to a destination port on the same switch. ◆ Monitor port speed should match or exceed source trunk speed, otherwise traffic may be dropped from the monitor port. PARAMETERS These parameters are displayed: ◆ Source Trunk – The trunk whose traffic will be monitored. (Range: 1-12) ◆ Target Port – The port that will mirror the traffic on the source trunk.
CHAPTER 5 | Interface Configuration Saving Power ES-2000 Series To display the configured mirror sessions: 1. Click Interface, Trunk, Mirror. 2. Select Show from the Action List. Figure 44: Displaying Trunk Mirror Sessions SAVING POWER Use the Interface > Green Ethernet page to enable power savings mode on the selected port. COMMAND USAGE ◆ IEEE 802.3 defines the Ethernet standard and subsequent power requirements based on cable connections operating at 100 meters.
CHAPTER 5 | Interface Configuration Saving Power ES-2000 Series analyzes cable length to determine whether or not it can reduce the signal amplitude used on a particular link. NOTE: Power savings can only be implemented on Gigabit Ethernet ports when using twisted-pair cabling. Power-savings mode on a active link only works when connection speed is 1 Gbps, and line length is less than 60 meters.
6 VLAN CONFIGURATION ES-2000 Series IEEE 802.1Q VLANS In large networks, routers are used to isolate broadcast traffic for each subnet into separate domains. This switch provides a similar service at Layer 2 by using VLANs to organize any group of network nodes into separate broadcast domains. VLANs confine broadcast traffic to the originating group, and can eliminate broadcast storms in large networks. This also provides a more secure and cleaner network environment. An IEEE 802.
CHAPTER 6 | VLAN Configuration IEEE 802.1Q VLANs ES-2000 Series network devices or the host at the other end of the connection supports VLANs. Then assign ports on the other VLAN-aware network devices along the path that will carry this traffic to the same VLAN(s).
CHAPTER 6 | VLAN Configuration IEEE 802.1Q VLANs ES-2000 Series Ports can be assigned to multiple tagged or untagged VLANs. Each port on the switch is therefore capable of passing tagged or untagged frames. When forwarding a frame from this switch along a path that contains any VLAN-aware devices, the switch should include VLAN tags.
CHAPTER 6 | VLAN Configuration IEEE 802.1Q VLANs ES-2000 Series Figure 47: Creating Static VLANs ADDING STATIC Use the VLAN > Static (Modify VLAN and Member Ports, Edit Member by MEMBERS TO VLANS Interface, or Edit Member by Interface Range) pages to configure port members for the selected VLAN index, interface, or a range of interfaces.
CHAPTER 6 | VLAN Configuration IEEE 802.1Q VLANs ES-2000 Series tagged frames that identify the source VLAN. Note that frames belonging to the port’s default VLAN (i.e., associated with the PVID) are also transmitted as tagged frames. ◆ PVID – VLAN ID assigned to untagged frames received on the interface. (Default: 1) When using Access mode, and an interface is assigned to a new VLAN, its PVID is automatically set to the identifier for that VLAN.
CHAPTER 6 | VLAN Configuration IEEE 802.1Q VLANs ES-2000 Series Edit Member by Interface All parameters are the same as those described under the preceding section for Modify VLAN and Member Ports. Edit Member by Interface Range All parameters are the same as those described under the earlier section for Modify VLAN and Member Ports, except for the items shown below. ◆ Port Range – Displays a list of ports. (ES-2026/P: 1-26, ES-2024G/P: 1-24) ◆ Trunk Range – Displays a list of ports.
CHAPTER 6 | VLAN Configuration IEEE 802.1Q VLANs ES-2000 Series To configure static members by interface: 1. Click VLAN, Static. 2. Select Edit Member by Interface from the Action list. 3. Select a port or trunk configure. 4. Modify the settings for any interface as required. 5. Click Apply. Figure 49: Configuring Static VLAN Members by Interface To configure static members by interface range: 1. Click VLAN, Static. 2. Select Edit Member by Interface Range from the Action list. 3.
CHAPTER 6 | VLAN Configuration IEEE 802.
7 ADDRESS TABLE SETTINGS ES-2000 Series Switches store the addresses for all known devices. This information is used to pass traffic directly between the inbound and outbound ports. All the addresses learned by monitoring traffic are stored in the dynamic address table. You can also manually configure static addresses that are bound to a specific port. This chapter describes the following topics: ◆ Static MAC Addresses – Configures static entries in the address table.
CHAPTER 7 | Address Table Settings Setting Static Addresses ES-2000 Series ◆ Interface – Port or trunk associated with the device assigned a static address. ◆ MAC Address – Physical address of a device mapped to this interface. Enter an address in the form of xx-xx-xx-xx-xx-xx or xxxxxxxxxxxx. ◆ Static Status – Sets the time to retain the specified address. ■ Delete-on-reset - Assignment lasts until the switch is reset. ■ Permanent - Assignment is permanent. (This is the default.
CHAPTER 7 | Address Table Settings Changing the Aging Time ES-2000 Series CHANGING THE AGING TIME Use the MAC Address > Dynamic (Configure Aging) page to set the aging time for entries in the dynamic address table. The aging time is used to age out dynamically learned forwarding information. PARAMETERS These parameters are displayed: ◆ Aging Status – Enables/disables the function. ◆ Aging Time – The time after which a learned entry is discarded.
CHAPTER 7 | Address Table Settings Displaying the Dynamic Address Table ES-2000 Series DISPLAYING THE DYNAMIC ADDRESS TABLE Use the MAC Address > Dynamic (Show Dynamic MAC) page to display the MAC addresses learned by monitoring the source address for traffic entering the switch. When the destination address for inbound traffic is found in the database, the packets intended for that address are forwarded directly to the associated port. Otherwise, the traffic is flooded to all ports.
CHAPTER 7 | Address Table Settings Clearing the Dynamic Address Table ES-2000 Series Figure 54: Displaying the Dynamic MAC Address Table CLEARING THE DYNAMIC ADDRESS TABLE Use the MAC Address > Dynamic (Clear Dynamic MAC) page to remove any learned entries from the forwarding database. PARAMETERS These parameters are displayed: ◆ Clear by – All entries can be cleared; or you can clear the entries for a specific MAC address, all the entries in a VLAN, or all the entries associated with a port or trunk.
CHAPTER 7 | Address Table Settings Clearing the Dynamic Address Table ES-2000 Series Figure 55: Clearing Entries in the Dynamic MAC Address Table – 106 –
8 SPANNING TREE ALGORITHM ES-2000 Series This chapter describes the following basic topics: ◆ Global Settings for STA – Configures global bridge settings for STP, RSTP and MSTP. ◆ Interface Settings for STA – Configures interface settings for STA, including priority, path cost, link type, and designation as an edge port. OVERVIEW The Spanning Tree Algorithm (STA) can be used to detect and disable network loops, and to provide backup links between switches, bridges or routers.
CHAPTER 8 | Spanning Tree Algorithm Configuring Global Settings for STA ES-2000 Series Figure 56: STP Root Ports and Designated Ports Designated Root x x x Designated Bridge x Designated Port Root Port x Once a stable network topology has been established, all bridges listen for Hello BPDUs (Bridge Protocol Data Units) transmitted from the Root Bridge. If a bridge does not get a Hello BPDU after a predefined interval (Maximum Age), the bridge assumes that the link to the Root Bridge is down.
CHAPTER 8 | Spanning Tree Algorithm Configuring Global Settings for STA ES-2000 Series PARAMETERS These parameters are displayed: Basic Configuration of Global Settings ◆ Spanning Tree Status – Enables/disables STA on this switch. (Default: Enabled) ◆ Spanning Tree Type – Specifies the type of spanning tree used on this switch: ◆ ■ STP: Spanning Tree Protocol (IEEE 802.1D); i.e., when this option is selected, the switch will use RSTP set to STP forced compatibility mode).
CHAPTER 8 | Spanning Tree Algorithm Configuring Global Settings for STA ES-2000 Series ◆ ◆ Maximum Age – The maximum time (in seconds) a device can wait without receiving a configuration message before attempting to reconfigure. All device ports (except for designated ports) should receive configuration messages at regular intervals. Any port that ages out STA information (provided in the last configuration message) becomes the designated port for the attached LAN.
CHAPTER 8 | Spanning Tree Algorithm Configuring Global Settings for STA ES-2000 Series Figure 57: Configuring Global Settings for STA (STP) Figure 58: Configuring Global Settings for STA (RSTP) – 111 –
CHAPTER 8 | Spanning Tree Algorithm Displaying Global Settings for STA ES-2000 Series DISPLAYING GLOBAL SETTINGS FOR STA Use the Spanning Tree > STA (Configure Global - Show Information) page to display a summary of the current bridge STA information that applies to the entire switch.
CHAPTER 8 | Spanning Tree Algorithm Configuring Interface Settings for STA ES-2000 Series WEB INTERFACE To display global STA settings: 1. Click Spanning Tree, STA. 2. Select Configure Global from the Step list. 3. Select Show Information from the Action list.
CHAPTER 8 | Spanning Tree Algorithm Configuring Interface Settings for STA ES-2000 Series ■ ■ Disabled – Disables the Edge Port setting. Auto – The port will be automatically configured as an edge port if the edge delay time expires without receiving any RSTP BPDU. Note that edge delay time (802.1D-2004 17.20.4) equals the protocol migration time if a port's link type is point-to-point (which is 3 seconds as defined in IEEE 802.3D-2004 17.20.
CHAPTER 8 | Spanning Tree Algorithm Configuring Interface Settings for STA ES-2000 Series path cost recommended by the IEEE 8021w standard exceeds 65,535, the default is set to 65,535. Table 9: Recommended STA Path Cost Range Port Type IEEE 802.1D-1998 IEEE 802.1w-2001 Ethernet 50-600 200,000-20,000,000 Fast Ethernet 10-60 20,000-2,000,000 Gigabit Ethernet 3-10 2,000-200,000 Table 10: Default STA Path Costs ◆ Port Type Short Path Cost (IEEE 802.1D-1998) Long Path Cost (802.
CHAPTER 8 | Spanning Tree Algorithm Displaying Interface Settings for STA ES-2000 Series Figure 60: Configuring Interface Settings for STA DISPLAYING INTERFACE SETTINGS FOR STA Use the Spanning Tree > STA (Configure Interface - Show Information) page to display the current status of ports or trunks in the Spanning Tree. PARAMETERS These parameters are displayed: ◆ Spanning Tree – Shows if STA has been enabled on this interface.
CHAPTER 8 | Spanning Tree Algorithm Displaying Interface Settings for STA ES-2000 Series ◆ Forward Transitions – The number of times this port has transitioned from the Learning state to the Forwarding state. ◆ Designated Cost – The cost for a packet to travel from this port to the root in the current Spanning Tree configuration. The slower the media, the higher the cost.
CHAPTER 8 | Spanning Tree Algorithm Displaying Interface Settings for STA ES-2000 Series R A x Backup port receives more useful BPDUs from the same bridge and is therefore not selected as the designated port. R D B WEB INTERFACE To display interface settings for STA: 1. Click Spanning Tree, STA. 2. Select Configure Interface from the Step list. 3. Select Show Information from the Action list.
9 RATE LIMIT CONFIGURATION ES-2000 Series Use the Traffic > Rate Limit page to apply rate limiting to ingress or egress ports. This function allows the network manager to control the maximum rate for traffic received or transmitted on an interface. Rate limiting is configured on interfaces at the edge of a network to limit traffic into or out of the network. Packets that exceed the acceptable amount of traffic are dropped. Rate limiting can be applied to individual ports.
CHAPTER 9 | Rate Limit Configuration ES-2000 Series Table 11: Effective Rate Limit Packet Size Rate Limit Packets Received 64 bytes 64 kbit/s 100 128 kbit/s 200 256 kbit/s 400 512 kbit/s 800 1024 kbit/s 1600 2048 kbit/s 3105 64 kbit/s 100 128 kbit/s 100 256 kbit/s 300 512 kbit/s 500 1024 kbit/s 900 2048 kbit/s 1800 64 kbit/s 100 128 kbit/s 100 256 kbit/s 100 512 kbit/s 200 1024 kbit/s 300 2048 kbit/s 500 128 bytes 512 bytes PARAMETERS These parameters are displayed
CHAPTER 9 | Rate Limit Configuration ES-2000 Series WEB INTERFACE To configure rate limits: 1. Click Traffic, Rate Limit. 2. Enable the Rate Limit Status for the required ports. 3. Set the rate limit for the individual ports,. 4. Click Apply.
CHAPTER 9 | Rate Limit Configuration ES-2000 Series – 122 –
10 STORM CONTROL CONFIGURATION ES-2000 Series Use the Traffic > Storm Control page to configure broadcast, multicast, and unknown unicast storm control thresholds. Traffic storms may occur when a device on your network is malfunctioning, or if application programs are not well designed or properly configured. If there is too much traffic on your network, performance can be severely degraded or everything can come to complete halt.
CHAPTER 10 | Storm Control Configuration ES-2000 Series ◆ Rate – Threshold level as a rate; i.e., kilobits per second. (Range: 64-100000 Kbps for Fast Ethernet ports, 64-1000000 Kbps for Gigabit Ethernet ports) NOTE: Only one rate is supported for all traffic types on an interface. WEB INTERFACE To configure broadcast storm control: 1. Click Traffic, Storm Control. 2. Set the Status field to enable or disable storm control. 3.
11 CLASS OF SERVICE ES-2000 Series Class of Service (CoS) allows you to specify which data packets have greater precedence when traffic is buffered in the switch due to congestion. This switch supports CoS with four priority queues for each port. Data packets in a port’s high-priority queue will be transmitted before those in the lower-priority queues. You can set the default priority for each interface, and configure the mapping of frame priority tags to the switch’s priority queues.
CHAPTER 11 | Class of Service Layer 2 Queue Settings ES-2000 Series ◆ If the output port is an untagged member of the associated VLAN, these frames are stripped of all VLAN tags prior to transmission. PARAMETERS These parameters are displayed: ◆ Interface – Displays a list of ports or trunks. ◆ CoS – The priority that is assigned to untagged frames received on the specified interface. (Range: 0-7; Default: 0) WEB INTERFACE To configure the queue mode: 1. Click Traffic, Priority, Default Priority. 2.
CHAPTER 11 | Class of Service Layer 2 Queue Settings ES-2000 Series The basic WRR algorithm uses a relative weight for each queue that determines the percentage of service time the switch services each queue before moving on to the next queue. This prevents the head-ofline blocking that can occur with strict priority queuing.
CHAPTER 11 | Class of Service Layer 2 Queue Settings ES-2000 Series ◆ Strict Mode – If “Strict and WRR” mode is selected, then a combination of strict service is used for the high priority queues and weighted service for the remaining queues. Use this parameter to specify the queues assigned to use strict priority when using the strictweighted queuing mode. (Default: Strict and WRR mode, with Queue 3 using strict mode) ◆ Weight – Sets a weight for each queue which is used by the SDWRR scheduler.
CHAPTER 11 | Class of Service Layer 2 Queue Settings ES-2000 Series Figure 68: Setting the Queue Mode (Strict and WRR) MAPPING COS VALUES Use the Traffic > Priority > PHB to Queue page to specify the hardware TO EGRESS QUEUES output queues to use based on the internal per-hop behavior value. (For more information on exact manner in which the ingress priority tags are mapped to egress queues for internal processing, see "Mapping CoS Priorities to Internal DSCP Values" on page 136).
CHAPTER 11 | Class of Service Layer 2 Queue Settings ES-2000 Series The priority levels recommended in the IEEE 802.1p standard for various network applications are shown in Table 13. However, priority levels can be mapped to the switch’s output queues in any way that benefits application traffic for the network.
CHAPTER 11 | Class of Service Layer 2 Queue Settings ES-2000 Series WEB INTERFACE To map internal PHB to hardware queues: 1. Click Traffic, Priority, PHB to Queue. 2. Select Add from the Action list. 3. Map an internal PHB to a hardware queue. Depending on how an ingress packet is processed internally based on its CoS value, and the assigned output queue, the mapping done on this page can effectively determine the service priority for different traffic classes. 4. Click Apply.
CHAPTER 11 | Class of Service Layer 3/4 Priority Settings ES-2000 Series LAYER 3/4 PRIORITY SETTINGS Mapping Layer 3/4 Priorities to CoS Values The switch supports several common methods of prioritizing layer 3/4 traffic to meet application requirements. Traffic priorities can be specified in the IP header of a frame, using the priority bits in the Type of Service (ToS) octet, or the number of the TCP/UDP port.
CHAPTER 11 | Class of Service Layer 3/4 Priority Settings ES-2000 Series PARAMETERS These parameters are displayed: ◆ Interface – Specifies a port or trunk. ◆ Trust Mode ■ DSCP – Maps layer 3/4 priorities using Differentiated Services Code Point values. (This is the default setting.) ■ CoS – Maps layer 3/4 priorities using Class of Service values. WEB INTERFACE To configure the trust mode: 1. Click Traffic, Priority, Trust Mode. 2. Select the interface type to display (Port or Trunk). 3.
CHAPTER 11 | Class of Service Layer 3/4 Priority Settings ES-2000 Series ◆ This map is only used when the priority mapping mode is set to DSCP (see page 132), and the ingress packet type is IPv4. ◆ Two QoS domains can have different DSCP definitions, so the DSCP-toPHB/Drop Precedence mutation map can be used to modify one set of DSCP values to match the definition of another domain.
CHAPTER 11 | Class of Service Layer 3/4 Priority Settings ES-2000 Series WEB INTERFACE To map DSCP values to internal PHB/drop precedence: 1. Click Traffic, Priority, DSCP to DSCP. 2. Select Add from the Action list. 3. Set the PHB and drop precedence for any DSCP value. 4. Click Apply. Figure 72: Configuring DSCP to DSCP Internal Mapping To show the DSCP to internal PHB/drop precedence map: 1. Click Traffic, Priority, DSCP to DSCP. 2. Select Show from the Action list.
CHAPTER 11 | Class of Service Layer 3/4 Priority Settings ES-2000 Series MAPPING COS Use the Traffic > Priority > CoS to DSCP page to maps CoS/CFI values in PRIORITIES TO incoming packets to per-hop behavior and drop precedence values for INTERNAL DSCP priority processing. VALUES COMMAND USAGE ◆ The default mapping of CoS to PHB values is shown in Table 16 on page 137. ◆ Enter up to eight CoS/CFI paired values, per-hop behavior and drop precedence. ◆ If a packet arrives with a 802.
CHAPTER 11 | Class of Service Layer 3/4 Priority Settings ES-2000 Series Table 16: Default Mapping of CoS/CFI to Internal PHB/Drop Precedence 0 1 0 (0,0) (0,0) 1 (1,0) (1,0) 2 (2,0) (2,0) 3 (3,0) (3,0) 4 (4,0) (4,0) 5 (5,0) (5,0) 6 (6,0) (6,0) 7 (7,0) (7,0) CoS CFI WEB INTERFACE To map CoS/CFI values to internal PHB/drop precedence: 1. Click Traffic, Priority, CoS to DSCP. 2. Select Add from the Action list. 3.
CHAPTER 11 | Class of Service Layer 3/4 Priority Settings ES-2000 Series To show the CoS/CFI to internal PHB/drop precedence map: 1. Click Traffic, Priority, CoS to DSCP. 2. Select Show from the Action list. 3. Select an interface.
12 QUALITY OF SERVICE ES-2000 Series This chapter describes the following tasks required to apply QoS policies: Class Map – Creates a map which identifies a specific class of traffic. Policy Map – Sets the boundary parameters used for monitoring inbound traffic, and the action to take for conforming and non-conforming traffic. Binding to a Port – Applies a policy map to an ingress port.
CHAPTER 12 | Quality of Service Configuring a Class Map ES-2000 Series COMMAND USAGE To create a service policy for a specific category or ingress traffic, follow these steps: 1. Use the Configure Class (Add) page to designate a class name for a specific category of traffic. 2. Use the Configure Class (Add Rule) page to edit the rules for each class which specify a type of traffic based on an access list, a DSCP or IP Precedence value, or a VLAN. 3.
CHAPTER 12 | Quality of Service Configuring a Class Map ES-2000 Series Add Rule ◆ Class Name – Name of the class map. ◆ Type – Only one match command is permitted per class map, so the match-any field refers to the criteria specified by the lone match command. ◆ ACL – Name of an access control list. Any type of ACL can be specified, including standard or extended IP ACLs and MAC ACLs. ◆ IP DSCP – A DSCP value. (Range: 0-63) ◆ IP Precedence – An IP Precedence value.
CHAPTER 12 | Quality of Service Configuring a Class Map ES-2000 Series To show the configured class maps: 1. Click Traffic, DiffServ. 2. Select Configure Class from the Step list. 3. Select Show from the Action list. Figure 77: Showing Class Maps To edit the rules for a class map: 1. Click Traffic, DiffServ. 2. Select Configure Class from the Step list. 3. Select Add Rule from the Action list. 4. Select the name of a class map. 5.
CHAPTER 12 | Quality of Service Creating QoS Policies ES-2000 Series To show the rules for a class map: 1. Click Traffic, DiffServ. 2. Select Configure Class from the Step list. 3. Select Show Rule from the Action list. Figure 79: Showing the Rules for a Class Map CREATING QOS POLICIES Use the Traffic > DiffServ (Configure Policy) page to create a policy map that can be attached to multiple interfaces.
CHAPTER 12 | Quality of Service Creating QoS Policies ES-2000 Series Policing is based on a token bucket, where bucket depth (that is, the maximum burst before the bucket overflows) is specified by the “burst” field (BC), and the average rate tokens are removed from the bucket is specified by the “rate” option (CIR). Action may be taken for traffic conforming to the maximum throughput, or exceeding the maximum throughput.
CHAPTER 12 | Quality of Service Creating QoS Policies ES-2000 Series ■ ■ if Te(t)-B ≥ 0, the packets is yellow and Te is decremented by B down to the minimum value of 0, else the packet is red and neither Tc nor Te is decremented.
CHAPTER 12 | Quality of Service Creating QoS Policies ES-2000 Series respectively. The maximum size of the token bucket P is BP and the maximum size of the token bucket C is BC. The token buckets P and C are initially (at time 0) full, that is, the token count Tp(0) = BP and the token count Tc(0) = BC. Thereafter, the token count Tp is incremented by one PIR times per second up to BP and the token count Tc is incremented by one CIR times per second up to BC.
CHAPTER 12 | Quality of Service Creating QoS Policies ES-2000 Series PARAMETERS These parameters are displayed: Add ◆ Policy Name – Name of policy map. (Range: 1-16 characters) ◆ Description – A brief description of a policy map. (Range: 1-256 characters) Add Rule ◆ Policy Name – Name of policy map. ◆ Class Name – Name of a class map that defines a traffic classification upon which a policy can act. ◆ Action – This attribute is used to set an internal QoS value in hardware for matching packets.
CHAPTER 12 | Quality of Service Creating QoS Policies ES-2000 Series ■ Committed Information Rate (CIR) – Rate in kilobits per second. (Range: 64-10000000 kbps at a granularity of 64 kbps or maximum port speed, whichever is lower) The rate cannot exceed the configured interface speed. ■ Committed Burst Size (BC) – Burst in bytes. (Range: 400016000000 at a granularity of 4k bytes) The burst size cannot exceed 16 Mbytes.
CHAPTER 12 | Quality of Service Creating QoS Policies ES-2000 Series The burst size cannot exceed 16 Mbytes. ■ Conform – Specifies that traffic conforming to the maximum rate (CIR) will be transmitted without any change to the DSCP service level. ■ ■ ■ ■ Transmit – Transmits in-conformance traffic without any change to the DSCP service level.
CHAPTER 12 | Quality of Service Creating QoS Policies ES-2000 Series ■ Committed Burst Size (BC) – Burst in bytes. (Range: 4000-16000000 at a granularity of 4k bytes) The burst size cannot exceed 16 Mbytes. ■ Peak Burst Size (BP) – Burst size in bytes. (Range: 400016000000 at a granularity of 4k bytes) The burst size cannot exceed 16 Mbytes. ■ Conform – Specifies that traffic conforming to the maximum rate (CIR) will be transmitted without any change to the DSCP service level.
CHAPTER 12 | Quality of Service Creating QoS Policies ES-2000 Series Figure 80: Configuring a Policy Map To show the configured policy maps: 1. Click Traffic, DiffServ. 2. Select Configure Policy from the Step list. 3. Select Show from the Action list. Figure 81: Showing Policy Maps To edit the rules for a policy map: 1. Click Traffic, DiffServ. 2. Select Configure Policy from the Step list. 3. Select Add Rule from the Action list. 4. Select the name of a policy map. 5.
CHAPTER 12 | Quality of Service Creating QoS Policies ES-2000 Series Figure 82: Adding Rules to a Policy Map To show the rules for a policy map: 1. Click Traffic, DiffServ. 2. Select Configure Policy from the Step list. 3. Select Show Rule from the Action list.
CHAPTER 12 | Quality of Service Attaching a Policy Map to a Port ES-2000 Series ATTACHING A POLICY MAP TO A PORT Use the Traffic > DiffServ (Configure Interface) page to bind a policy map to an ingress port. COMMAND USAGE ◆ First define a class map, define a policy map, and bind the service policy to the required interface. ◆ Only one policy map can be bound to an interface. ◆ The switch does not allow a policy map to be bound to an interface for egress traffic.
CHAPTER 12 | Quality of Service Attaching a Policy Map to a Port ES-2000 Series – 154 –
13 VOIP TRAFFIC CONFIGURATION ES-2000 Series This chapter covers the following topics: ◆ Global Settings – Enables VOIP globally, sets the Voice VLAN, and the aging time for attached ports. ◆ Telephony OUI List – Configures the list of phones to be treated as VOIP devices based on the specified Organization Unit Identifier (OUI).
CHAPTER 13 | VoIP Traffic Configuration Configuring VoIP Traffic ES-2000 Series COMMAND USAGE All ports are set to VLAN access mode by default. Prior to enabling VoIP for a port (by setting the VoIP mode to Auto or Manual as described below), first set the VLAN membership mode to hybrid (see "Adding Static Members to VLANs" on page 96). PARAMETERS These parameters are displayed: ◆ Auto Detection Status – Enables the automatic detection of VoIP traffic on switch ports.
CHAPTER 13 | VoIP Traffic Configuration Configuring Telephony OUI ES-2000 Series CONFIGURING TELEPHONY OUI VoIP devices attached to the switch can be identified by the manufacturer’s Organizational Unique Identifier (OUI) in the source MAC address of received packets. OUI numbers are assigned to manufacturers and form the first three octets of device MAC addresses. The MAC OUI numbers for VoIP equipment can be configured on the switch so that traffic from these devices is recognized as VoIP.
CHAPTER 13 | VoIP Traffic Configuration Configuring VoIP Traffic Ports ES-2000 Series Figure 86: Configuring an OUI Telephony List To show the MAC OUI numbers used for VoIP equipment: 1. Click Traffic, VoIP. 2. Select Configure OUI from the Step list. 3. Select Show from the Action list.
CHAPTER 13 | VoIP Traffic Configuration Configuring VoIP Traffic Ports ES-2000 Series ■ ■ ■ None – The Voice VLAN feature is disabled on the port. The port will not detect VoIP traffic or be added to the Voice VLAN. Auto – The port will be added as a tagged member to the Voice VLAN when VoIP traffic is detected on the port. You must select a method for detecting VoIP traffic, either OUI or 802.1ab (LLDP). When OUI is selected, be sure to configure the MAC address ranges in the Telephony OUI list.
CHAPTER 13 | VoIP Traffic Configuration Configuring VoIP Traffic Ports ES-2000 Series Figure 88: Configuring Port Settings for a Voice VLAN – 160 –
14 SECURITY MEASURES ES-2000 Series You can configure this switch to authenticate users logging into the system for management access using local or remote authentication methods. Port-based authentication using IEEE 802.1X can also be configured to control either management access to the uplink ports or client access to the data ports. This switch provides secure network management access using the following options: ◆ AAA – Use local or remote authentication to specify authentication servers.
CHAPTER 14 | Security Measures Configuring Local/Remote Logon Authentication ES-2000 Series CONFIGURING LOCAL/REMOTE LOGON AUTHENTICATION Use the Security > AAA > System Authentication page to specify local or remote authentication. Local authentication restricts management access based on user names and passwords manually configured on the switch. Remote authentication uses a remote access authentication server based on RADIUS or TACACS+ protocols to verify management access.
CHAPTER 14 | Security Measures Configuring Remote Logon Authentication Servers ES-2000 Series Figure 89: Configuring the Authentication Sequence CONFIGURING REMOTE LOGON AUTHENTICATION SERVERS Use the Security > AAA > Server page to configure the message exchange parameters for RADIUS or TACACS+ remote access authentication servers.
CHAPTER 14 | Security Measures Configuring Remote Logon Authentication Servers ES-2000 Series server and client that have been encrypted using MD5 (Message-Digest 5), TLS (Transport Layer Security), or TTLS (Tunneled Transport Layer Security). PARAMETERS These parameters are displayed: ◆ ◆ RADIUS ■ Global – Provides globally applicable RADIUS settings. ■ Server Index – Specifies one of five RADIUS servers that may be configured. The switch attempts authentication using the listed sequence of servers.
CHAPTER 14 | Security Measures Configuring Remote Logon Authentication Servers ES-2000 Series ■ ■ ■ ■ Authentication Timeout – The number of seconds the switch waits for a reply from the RADIUS server before it resends the request. (Range: 1-65535; Default: 5) Set Key – Mark this box to set or modify the encryption key. Authentication Key – Encryption key used to authenticate logon access for client. Do not use blank spaces in the string.
CHAPTER 14 | Security Measures Configuring User Accounts ES-2000 Series Figure 92: Configuring Remote Authentication Server (TACACS+) CONFIGURING USER ACCOUNTS Use the Security > User Accounts page to control management access to the switch based on manually configured user names and passwords. COMMAND USAGE ◆ The default guest name is “guest” with the password “guest.” The default administrator name is “admin” with the password “admin.
CHAPTER 14 | Security Measures Configuring User Accounts ES-2000 Series ◆ Password – Specifies the user password. (Range: 0-8 characters plain text, 32 encrypted, case sensitive) ◆ Confirm Password – Re-type the string entered in the previous field to ensure no errors were made. The switch will not change the password if these two fields do not match. WEB INTERFACE To configure user accounts: 1. Click Security, User Accounts. 2. Select Add from the Action list. 3.
CHAPTER 14 | Security Measures Network Access ES-2000 Series NETWORK ACCESS The Network Access pages are used to enable aging for secure addresses stored in the MAC address table (using 802.1X), and to assign a host to the VLANs specified for that specific device on a RADIUS server (see "Configuring 802.1X Port Authentication" on page 189). COMMAND USAGE ◆ When Dynamic VLAN is enabled on a port, the 802.
CHAPTER 14 | Security Measures Network Access ES-2000 Series WEB INTERFACE To configure aging status for secure addresses stored in the MAC address table by 802.1X: 1. Click Security, Network Access. 2. Select Configure Global from the Step list. 3. Enable or disable aging for secure addresses. 4. Click Apply. Figure 95: Configuring Global Settings for Network Access CONFIGURING Use the Security > Network Access (Configure Interface) page to enable NETWORK ACCESS dynamic VLAN assignments.
CHAPTER 14 | Security Measures Network Access ES-2000 Series WEB INTERFACE To configure dynamic VLAN assignment on switch ports: 1. Click Security, Network Access. 2. Select Configure Interface from the Step list. 3. Set the dynamic VLAN status. 4. Click Apply. Figure 96: Configuring Interface Settings for Network Access DISPLAYING SECURE Use the Security > Network Access (Show Information) page to display the MAC ADDRESS authenticated MAC addresses stored in the secure MAC address table.
CHAPTER 14 | Security Measures Network Access ES-2000 Series ■ Time – The time when the MAC address was last authenticated. ■ Attribute – Indicates a static or dynamic address. WEB INTERFACE To display the authenticated MAC addresses stored in the secure MAC address table: 1. Click Security, Network Access. 2. Select Show Information from the Step list. 3. Use the sort key to display addresses based MAC address, interface, or attribute. 4.
CHAPTER 14 | Security Measures Configuring HTTPS ES-2000 Series CONFIGURING HTTPS You can configure the switch to enable the Secure Hypertext Transfer Protocol (HTTPS) over the Secure Socket Layer (SSL), providing secure access (i.e., an encrypted connection) to the switch’s web interface. CONFIGURING GLOBAL Use the Security > HTTPS (Configure Global) page to enable or disable SETTINGS FOR HTTPS HTTPS and specify the UDP port used for this service.
CHAPTER 14 | Security Measures Configuring HTTPS ES-2000 Series PARAMETERS These parameters are displayed: ◆ HTTPS Status – Allows you to enable/disable the HTTPS server feature on the switch. (Default: Disabled) ◆ HTTPS Port – Specifies the UDP port number used for HTTPS connection to the switch’s web interface. (Default: Port 443) The HTTPS port number cannot be set to 80. WEB INTERFACE To configure HTTPS: 1. Click Security, HTTPS. 2. Select Configure Global from the Step list. 3.
CHAPTER 14 | Security Measures Configuring HTTPS ES-2000 Series When you have obtained these, place them on your TFTP server and transfer them to the switch to replace the default (unrecognized) certificate with an authorized one. NOTE: The switch must be reset for the new certificate to be activated. To reset the switch, see "Resetting the System" on page 63. PARAMETERS These parameters are displayed: ◆ TFTP Server IP Address – IP address of TFTP server which contains the certificate file.
CHAPTER 14 | Security Measures Access Control Lists ES-2000 Series Figure 99: Downloading the Secure-Site Certificate ACCESS CONTROL LISTS Access Control Lists (ACL) provide packet filtering for IPv4 frames (based on address, protocol, Layer 4 protocol port number or TCP control code), or any frames (based on MAC address or Ethernet type). To filter incoming packets, first create an access list, add the required rules, and then bind the list to a specific port.
CHAPTER 14 | Security Measures Access Control Lists ES-2000 Series For example, when binding an ACL to a port, each rule in an ACL will use two PCEs; and when setting an IP Source Guard filter rule for a port, the system will also use two PCEs. PARAMETERS These parameters are displayed: ◆ Total Policy Control Entries – The number policy control entries in use. ◆ Free Policy Control Entries – The number of policy control entries available for use.
CHAPTER 14 | Security Measures Access Control Lists ES-2000 Series SETTING THE ACL Use the Security > ACL (Configure ACL - Add) page to create an ACL. NAME AND TYPE PARAMETERS These parameters are displayed: ◆ ACL Name – Name of the ACL. (Maximum length: 15 characters) ◆ Type – The following filter modes are supported: ■ IP Standard: IPv4 ACL mode filters packets based on the source IPv4 address.
CHAPTER 14 | Security Measures Access Control Lists ES-2000 Series To show a list of ACLs: 1. Click Security, ACL. 2. Select Configure ACL from the Step list. 3. Select Show from the Action list. Figure 102: Showing a List of ACLs CONFIGURING A Use the Security > ACL (Configure ACL - Add Rule - IP Standard) page to STANDARD IPV4 ACL configure a Standard IPv4 ACL. PARAMETERS These parameters are displayed: ◆ Type – Selects the type of ACLs to show in the Name list.
CHAPTER 14 | Security Measures Access Control Lists ES-2000 Series WEB INTERFACE To add rules to a Standard IP ACL: 1. Click Security, ACL. 2. Select Configure ACL from the Step list. 3. Select Add Rule from the Action list. 4. Select IP Standard from the Type list. 5. Select the name of an ACL from the Name list. 6. Specify the action (i.e., Permit or Deny). 7. Select the address type (Any, Host, or IP). 8. If you select “Host,” enter a specific address.
CHAPTER 14 | Security Measures Access Control Lists ES-2000 Series ◆ Source/Destination Address Type – Specifies the source or destination IP address. Use “Any” to include all possible addresses, “Host” to specify a specific host address in the Address field, or “IP” to specify a range of addresses with the Address and Subnet Mask fields. (Options: Any, Host, IP; Default: Any) ◆ Source/Destination IP Address – Source or destination IP address.
CHAPTER 14 | Security Measures Access Control Lists ES-2000 Series WEB INTERFACE To add rules to an Extended IP ACL: 1. Click Security, ACL. 2. Select Configure ACL from the Step list. 3. Select Add Rule from the Action list. 4. Select IP Extended from the Type list. 5. Select the name of an ACL from the Name list. 6. Specify the action (i.e., Permit or Deny). 7. Select the address type (Any, Host, or IP). 8. If you select “Host,” enter a specific address.
CHAPTER 14 | Security Measures Access Control Lists ES-2000 Series CONFIGURING A MAC Use the Security > ACL (Configure ACL - Add Rule - MAC) page to ACL configure a MAC ACL based on hardware addresses, packet format, and Ethernet type. PARAMETERS These parameters are displayed: ◆ Type – Selects the type of ACLs to show in the Name list. ◆ Name – Shows the names of ACLs matching the selected type. ◆ Action – An ACL can contain any combination of permit or deny rules.
CHAPTER 14 | Security Measures Access Control Lists ES-2000 Series WEB INTERFACE To add rules to a MAC ACL: 1. Click Security, ACL. 2. Select Configure ACL from the Step list. 3. Select Add Rule from the Action list. 4. Select MAC from the Type list. 5. Select the name of an ACL from the Name list. 6. Specify the action (i.e., Permit or Deny). 7. Select the address type (Any, Host, or MAC). 8. If you select “Host,” enter a specific address (e.g., 11-22-33-44-55- 66).
CHAPTER 14 | Security Measures Access Control Lists ES-2000 Series BINDING A PORT TO AN After configuring ACLs, use the Security > ACL (Configure Interface) page ACCESS CONTROL to bind the ports that need to filter traffic to the appropriate ACLs. You can LIST assign one IP access list and one MAC access list to any port. COMMAND USAGE ◆ This switch supports ACLs for ingress filtering only. ◆ You only bind one ACL to any port for ingress filtering.
CHAPTER 14 | Security Measures Filtering IP Addresses for Management Access ES-2000 Series FILTERING IP ADDRESSES FOR MANAGEMENT ACCESS Use the Security > IP Filter page to create a list of up to 15 IP addresses or IP address groups that are allowed management access to the switch through the web interface or SNMP. COMMAND USAGE ◆ The management interfaces are open to all IP addresses by default. Once you add an entry to a filter list, access to that interface is restricted to the specified addresses.
CHAPTER 14 | Security Measures Filtering IP Addresses for Management Access ES-2000 Series WEB INTERFACE To create a list of IP addresses authorized for management access: 1. Click Security, IP Filter. 2. Select Add from the Action list. 3. Select the management interface to filter (Web, SNMP). 4. Enter the IP addresses or range of addresses that are allowed management access to an interface. 5.
CHAPTER 14 | Security Measures Configuring Port Security ES-2000 Series CONFIGURING PORT SECURITY Use the Security > Port Security page to configure the maximum number of device MAC addresses that can be learned by a switch port, stored in the address table, and authorized to access the network. When port security is enabled on a port, the switch stops learning new MAC addresses on the specified port when it has reached a configured maximum number.
CHAPTER 14 | Security Measures Configuring Port Security ES-2000 Series ■ None: No action should be taken. (This is the default.) ■ Trap: Send an SNMP trap message. ■ Shutdown: Disable the port. ■ Trap and Shutdown: Send an SNMP trap message and disable the port. ◆ Security Status – Enables or disables port security on the port. (Default: Disabled) ◆ Max MAC Count – The maximum number of MAC addresses that can be learned on a port.
CHAPTER 14 | Security Measures Configuring 802.1X Port Authentication ES-2000 Series To enable port security: 1. Click Security, Port Security. 2. Set the action to take when an invalid address is detected on a port. 3. Mark the check box in the Security Status column to enable security. 4. Click Apply. Figure 110: Configuring the Status and Response for Port Security CONFIGURING 802.
CHAPTER 14 | Security Measures Configuring 802.1X Port Authentication ES-2000 Series client responds to the appropriate method with its credentials, such as a password or certificate. The RADIUS server verifies the client credentials and responds with an accept or reject packet. If authentication is successful, the switch allows the client to access the network. Otherwise, non-EAP traffic on the port is blocked.
CHAPTER 14 | Security Measures Configuring 802.1X Port Authentication ES-2000 Series CONFIGURING 802.1X Use the Security > Port Authentication (Configure Global) page to GLOBAL SETTINGS configure IEEE 802.1X port authentication. The 802.1X protocol must be enabled globally for the switch system before port settings are active. PARAMETERS These parameters are displayed: ◆ Port Authentication Status – Sets the global setting for 802.1X.
CHAPTER 14 | Security Measures Configuring 802.1X Port Authentication ES-2000 Series Figure 112: Configuring Global Settings for 802.1X Port Authentication CONFIGURING PORT Use the Security > Port Authentication (Configure Interface – AUTHENTICATOR Authenticator) page to configure 802.1X port settings for the switch as the SETTINGS FOR 802.1X local authenticator. When 802.1X is enabled, you need to configure the parameters for the authentication process that runs between the client and the switch (i.e.
CHAPTER 14 | Security Measures Configuring 802.1X Port Authentication ES-2000 Series ◆ Authorized – Displays the 802.1X authorization status of connected clients. ■ Yes – Connected client is authorized. ■ No – Connected client is not authorized. ◆ Supplicant – Indicates the MAC address of a connected client. ◆ Control Mode – Sets the authentication mode to one of the following options: ■ ◆ Auto – Requires a dot1x-aware client to be authorized by the authentication server.
CHAPTER 14 | Security Measures Configuring 802.1X Port Authentication ES-2000 Series This command attribute sets the timeout for EAP-request frames other than EAP-request/identity frames. If dot1x authentication is enabled on a port, the switch will initiate authentication when the port link state comes up. It will send an EAP-request/identity frame to the client to request its identity, followed by one or more requests for authentication information.
CHAPTER 14 | Security Measures Configuring 802.1X Port Authentication ES-2000 Series WEB INTERFACE To configure port authenticator settings for 802.1X: 1. Click Security, Port Authentication. 2. Select Configure Interface from the Step list. 3. Click Authenticator. 4. Modify the authentication settings for each port as required. 5. Click Apply Figure 113: Configuring Interface Settings for 802.
CHAPTER 14 | Security Measures Configuring 802.1X Port Authentication ES-2000 Series CONFIGURING PORT Use the Security > Port Authentication (Configure Interface – Supplicant) SUPPLICANT SETTINGS page to configure 802.1X port settings for supplicant requests issued from FOR 802.1X a port to an authenticator on another device. When 802.1X is enabled and the control mode is set to Force-Authorized (see "Configuring Port Authenticator Settings for 802.
CHAPTER 14 | Security Measures Configuring 802.1X Port Authentication ES-2000 Series ◆ Maximum Start – The maximum number of times that a port supplicant will send an EAP start frame to the client before assuming that the client is 802.1X unaware. (Range: 1-65535; Default: 3) ◆ Authenticated – Shows whether or not the supplicant has been authenticated. WEB INTERFACE To configure port authenticator settings for 802.1X: 1. Click Security, Port Authentication. 2.
CHAPTER 14 | Security Measures Configuring 802.1X Port Authentication ES-2000 Series DISPLAYING 802.1X Use the Security > Port Authentication (Show Statistics) page to display STATISTICS statistics for dot1x protocol exchanges for any port. PARAMETERS These parameters are displayed: Table 18: 802.1X Statistics Parameter Description Authenticator Rx EAPOL Start The number of EAPOL Start frames that have been received by this Authenticator.
CHAPTER 14 | Security Measures Configuring 802.1X Port Authentication ES-2000 Series Table 18: 802.1X Statistics (Continued) Parameter Description Tx EAPOL Start The number of EAPOL Start frames that have been transmitted by this Supplicant. Tx EAPOL Logoff The number of EAPOL Logoff frames that have been transmitted by this Supplicant. Tx EAP Req/Id The number of EAP Req/Id frames that have been transmitted by this Supplicant.
CHAPTER 14 | Security Measures Configuring 802.1X Port Authentication ES-2000 Series To display port supplicant statistics for 802.1X: 1. Click Security, Port Authentication. 2. Select Show Statistics from the Step list. 3. Click Supplicant. Figure 116: Showing Statistics for 802.
15 BASIC ADMINISTRATION PROTOCOLS ES-2000 Series This chapter describes basic administration tasks including: ◆ Event Logging – Sets conditions for logging event messages to system memory or flash memory, configures conditions for sending trap messages to remote log servers, and configures trap reporting to remote hosts using Simple Mail Transfer Protocol (SMTP).
CHAPTER 15 | Basic Administration Protocols Configuring Event Logging ES-2000 Series PARAMETERS These parameters are displayed: ◆ System Log Status – Enables/disables the logging of debug or error messages to the logging process. (Default: Enabled) ◆ Flash Level – Limits log messages saved to the switch’s permanent flash memory for all levels up to the specified level. For example, if level 3 is specified, all messages from level 0 to level 3 will be logged to flash.
CHAPTER 15 | Basic Administration Protocols Configuring Event Logging ES-2000 Series 3. Enable or disable system logging, set the level of event messages to be logged to flash memory and RAM. 4. Click Apply. Figure 117: Configuring Settings for System Memory Logs To show the error messages logged to system or flash memory: 1. Click Administration, Log, System. 2. Select Show Logs from the Step list. 3.
CHAPTER 15 | Basic Administration Protocols Configuring Event Logging ES-2000 Series REMOTE LOG Use the Administration > Log > Remote page to send log messages to CONFIGURATION syslog servers or other management stations. You can also limit the event messages sent to only those messages below a specified level. PARAMETERS These parameters are displayed: ◆ Remote Log Status – Enables/disables the logging of debug or error messages to the remote logging process.
CHAPTER 15 | Basic Administration Protocols Link Layer Discovery Protocol ES-2000 Series WEB INTERFACE To configure the logging of error messages to remote servers: 1. Click Administration, Log, Remote. 2. Enable remote logging, specify the facility type to use for the syslog messages. and enter the IP address of the remote servers. 3. Click Apply.
CHAPTER 15 | Basic Administration Protocols Link Layer Discovery Protocol ES-2000 Series SETTING LLDP TIMING Use the Administration > LLDP (Configure Global) page to set attributes for ATTRIBUTES general functions such as globally enabling LLDP on the switch, setting the message ageout time, and setting the frequency for broadcasting general advertisements or reports about changes in the LLDP MIB. PARAMETERS These parameters are displayed: ◆ LLDP – Enables LLDP globally on the switch.
CHAPTER 15 | Basic Administration Protocols Link Layer Discovery Protocol ES-2000 Series time of a notification are included in the transmission. An SNMP agent should therefore periodically check the value of lldpStatsRemTableLastChangeTime to detect any lldpRemTablesChange notification-events missed due to throttling or transmission loss. ◆ MED Fast Start Count – Configures the amount of LLDP MED Fast Start LLDPDUs to transmit during the activation process of the LLDPMED Fast Start mechanism.
CHAPTER 15 | Basic Administration Protocols Link Layer Discovery Protocol ES-2000 Series CONFIGURING LLDP Use the Administration > LLDP (Configure Interface – Configure General) INTERFACE page to specify the message attributes for individual interfaces, including ATTRIBUTES whether messages are transmitted, received, or both transmitted and received, whether SNMP notifications are sent, and the type of information advertised.
CHAPTER 15 | Basic Administration Protocols Link Layer Discovery Protocol ES-2000 Series Every management address TLV that reports an address that is accessible on a port and protocol VLAN through the particular port should be accompanied by a port and protocol VLAN TLV that indicates the VLAN identifier (VID) associated with the management address reported by this TLV.
CHAPTER 15 | Basic Administration Protocols Link Layer Discovery Protocol ES-2000 Series ■ ■ ◆ ◆ MAC/PHY Configuration/Status – The MAC/PHY configuration and status which includes information about auto-negotiation support/capabilities, and operational Multistation Access Unit (MAU) type.
CHAPTER 15 | Basic Administration Protocols Link Layer Discovery Protocol ES-2000 Series WEB INTERFACE To configure LLDP interface attributes: 1. Click Administration, LLDP. 2. Select Configure Interface from the Step list. 3. Select Configure General from the Action list. 4. Select an interface from the Port or Trunk list. 5. Set the LLDP transmit/receive mode, specify whether or not to send SNMP trap messages, and select the information to advertise in LLDP messages. 6. Click Apply.
CHAPTER 15 | Basic Administration Protocols Link Layer Discovery Protocol ES-2000 Series RFC 4776. The following table describes some of the CA type numbers and provides examples.
CHAPTER 15 | Basic Administration Protocols Link Layer Discovery Protocol ES-2000 Series Figure 122: Configuring the Civic Address for an LLDP Interface To show the physical location of the attached device: 1. Click Administration, LLDP. 2. Select Configure Interface from the Step list. 3. Select Show CA-Type from the Action list. 4. Select an interface from the Port or Trunk list.
CHAPTER 15 | Basic Administration Protocols Link Layer Discovery Protocol ES-2000 Series DISPLAYING LLDP Use the Administration > LLDP (Show Local Device Information) page to LOCAL DEVICE display information about the switch, such as its MAC address, chassis ID, INFORMATION management IP address, and port information. PARAMETERS These parameters are displayed: Global Settings ◆ Chassis Type – Identifies the chassis containing the IEEE 802 LAN entity associated with the transmitting LLDP agent.
CHAPTER 15 | Basic Administration Protocols Link Layer Discovery Protocol ES-2000 Series Table 22: System Capabilities (Continued) ID Basis Reference DOCSIS cable device IETF RFC 2669 and IETF RFC 2670 End Station Only IETF RFC 2011 ◆ System Capabilities Enabled – The primary function(s) of the system which are currently enabled. Refer to the preceding table. ◆ Management Address – The management address protocol packet includes the IPv4 address of the switch.
CHAPTER 15 | Basic Administration Protocols Link Layer Discovery Protocol ES-2000 Series Figure 125: Displaying Local Device Information for LLDP (Port) DISPLAYING LLDP Use the Administration > LLDP (Show Remote Device Information) page to REMOTE PORT display information about devices connected directly to the switch’s ports INFORMATION which are advertising information through LLDP, or to display detailed information about an LLDP-enabled device connected to a specific port on the local switch.
CHAPTER 15 | Basic Administration Protocols Link Layer Discovery Protocol ES-2000 Series ◆ System Description – A textual description of the network entity. ◆ Port Type – Indicates the basis for the identifier that is listed in the Port ID field.
CHAPTER 15 | Basic Administration Protocols Link Layer Discovery Protocol ES-2000 Series ◆ Remote VLAN Name List – VLAN names associated with a port. ◆ Remote Protocol Identity List – Information about particular protocols that are accessible through a port. This object represents an arbitrary local integer value used by this agent to identify a particular protocol identity, and an octet string used to identify the protocols associated with a port of the remote system. Port Details – 802.
CHAPTER 15 | Basic Administration Protocols Link Layer Discovery Protocol ES-2000 Series Port Details – 802.3 Extension Power Information ◆ Remote Power Class – The port Class of the given port associated with the remote system (PSE – Power Sourcing Equipment or PD – Powered Device). ◆ Remote Power MDI Status – Shows whether MDI power is enabled on the given port associated with the remote system.
CHAPTER 15 | Basic Administration Protocols Link Layer Discovery Protocol ES-2000 Series WEB INTERFACE To display LLDP information for a remote port: 1. Click Administration, LLDP. 2. Select Show Remote Device Information from the Step list. 3. Select Port, Port Details, Trunk, or Trunk Details.
CHAPTER 15 | Basic Administration Protocols Link Layer Discovery Protocol ES-2000 Series Figure 127: Displaying Remote Device Information for LLDP (Port Details) DISPLAYING DEVICE Use the Administration > LLDP (Show Device Statistics) page to display STATISTICS statistics for LLDP-capable devices attached to the switch, and for LLDP protocol messages transmitted or received on all local interfaces.
CHAPTER 15 | Basic Administration Protocols Link Layer Discovery Protocol ES-2000 Series ◆ New Neighbor Entries Count – The number of LLDP neighbors for which the remote TTL has not yet expired. ◆ Neighbor Entries Deleted Count – The number of LLDP neighbors which have been removed from the LLDP remote systems MIB for any reason. ◆ Neighbor Entries Dropped Count – The number of times which the remote database on this switch dropped an LLDPDU because of insufficient resources.
CHAPTER 15 | Basic Administration Protocols Link Layer Discovery Protocol ES-2000 Series WEB INTERFACE To display statistics for LLDP-capable devices attached to the switch: 1. Click Administration, LLDP. 2. Select Show Device Statistics from the Step list. 3. Select General, Port, or Trunk.
CHAPTER 15 | Basic Administration Protocols Power over Ethernet ES-2000 Series POWER OVER ETHERNET The switch can provide DC power to a wide range of connected devices, eliminating the need for an additional power source and cutting down on the amount of cables attached to each device. Once configured to supply power, an automatic detection process is initialized by the switch that is authenticated by a PoE signature from the connected device.
CHAPTER 15 | Basic Administration Protocols Power over Ethernet ES-2000 Series DISPLAYING THE Use the Administration > PoE (Configure Global) page to display the SWITCH’S OVERALL maximum PoE power budget for the switch (power available to all Fast POE POWER BUDGET Ethernet ports). The maximum power budget is fixed at the maximum available setting, which prevents overload conditions at the power source.
CHAPTER 15 | Basic Administration Protocols Power over Ethernet ES-2000 Series SETTING THE PORT Use the Administration > PoE (Configure Interface) page to set the POE POWER BUDGET maximum power provided to a port. COMMAND USAGE ◆ The switch only provides power to the Fast Ethernet ports. It can supply up to 30W of power to the first six ports (based on the IEEE 802.3at draft), up to 15.4W to 12 ports (based on IEEE 802.3af). or up to 7.5 to 24 ports (based on IEEE 802.3af).
CHAPTER 15 | Basic Administration Protocols Simple Network Management Protocol ES-2000 Series ◆ Power Consumption – Current power consumption on a port. WEB INTERFACE To set the PoE power budget for a port: 1. Click Administration, PoE. 2. Select Configure Interface from the Step list. 3. Enable PoE power on selected ports. Set the priority and the power budget. 4. Click Apply.
CHAPTER 15 | Basic Administration Protocols Simple Network Management Protocol ES-2000 Series Access to the onboard agent from clients using SNMP v1 and v2c is controlled by community strings. To communicate with the switch, the management station must first submit a valid community string for authentication.
CHAPTER 15 | Basic Administration Protocols Simple Network Management Protocol ES-2000 Series COMMAND USAGE Configuring SNMPv1/2c Management Access To configure SNMPv1 or v2c management access to the switch, follow these steps: 1. Use the Administration > SNMP (Configure Global) page to enable SNMP on the switch, and to enable trap messages. 2. Use the Administration > SNMP (Configure User - Add Community) page to configure the community strings authorized for management access. 3.
CHAPTER 15 | Basic Administration Protocols Simple Network Management Protocol ES-2000 Series CONFIGURING GLOBAL Use the Administration > SNMP (Configure Global) page to enable SNMPv3 SETTINGS FOR SNMP service for all management clients (i.e., versions 1, 2c, 3), and to enable trap messages. PARAMETERS These parameters are displayed: ◆ Agent Status – Enables SNMP on the switch.
CHAPTER 15 | Basic Administration Protocols Simple Network Management Protocol ES-2000 Series SETTING THE LOCAL Use the Administration > SNMP (Configure Engine - Set Engine ID) page to ENGINE ID change the local engine ID. An SNMPv3 engine is an independent SNMP agent that resides on the switch. This engine protects against message replay, delay, and redirection. The engine ID is also used in combination with user passwords to generate the security keys for authenticating and encrypting SNMPv3 packets.
CHAPTER 15 | Basic Administration Protocols Simple Network Management Protocol ES-2000 Series SPECIFYING A REMOTE Use the Administration > SNMP (Configure Engine - Add Remote Engine) ENGINE ID page to configure a engine ID for a remote management station. To allow management access from an SNMPv3 user on a remote device, you must first specify the engine identifier for the SNMP agent on the remote device where the user resides.
CHAPTER 15 | Basic Administration Protocols Simple Network Management Protocol ES-2000 Series To show the remote SNMP engine IDs: 1. Click Administration, SNMP. 2. Select Configure Engine from the Step list. 3. Select Show Remote Engine from the Action list. Figure 135: Showing Remote Engine IDs for SNMP SETTING SNMPV3 Use the Administration > SNMP (Configure View) page to configure VIEWS SNMPv3 views which are used to restrict user access to specified portions of the MIB tree.
CHAPTER 15 | Basic Administration Protocols Simple Network Management Protocol ES-2000 Series WEB INTERFACE To configure an SNMP view of the switch’s MIB database: 1. Click Administration, SNMP. 2. Select Configure View from the Step list. 3. Select Add View from the Action list. 4. Enter a view name and specify the initial OID subtree in the switch’s MIB database to be included or excluded in the view. Use the Add OID Subtree page to add additional object identifier branches to the view. 5.
CHAPTER 15 | Basic Administration Protocols Simple Network Management Protocol ES-2000 Series To add an object identifier to an existing SNMP view of the switch’s MIB database: 1. Click Administration, SNMP. 2. Select Configure View from the Step list. 3. Select Add OID Subtree from the Action list. 4. Select a view name from the list of existing views, and specify an additional OID subtree in the switch’s MIB database to be included or excluded in the view. 5.
CHAPTER 15 | Basic Administration Protocols Simple Network Management Protocol ES-2000 Series CONFIGURING Use the Administration > SNMP (Configure Group) page to add an SNMPv3 SNMPV3 GROUPS group which can be used to set the access policy for its assigned users, restricting them to specific read, write, and notify views. You can use the pre-defined default groups or create new groups to map a set of SNMP users to SNMP views.
CHAPTER 15 | Basic Administration Protocols Simple Network Management Protocol ES-2000 Series Table 26: Supported Notification Messages (Continued) Model Level Group coldStart 1.3.6.1.6.3.1.1.5.1 A coldStart trap signifies that the SNMPv2 entity, acting in an agent role, is reinitializing itself and that its configuration may have been altered. warmStart 1.3.6.1.6.3.1.1.5.
CHAPTER 15 | Basic Administration Protocols Simple Network Management Protocol ES-2000 Series Table 26: Supported Notification Messages (Continued) Model Level Group swAtcBcastStormAlarmFireTrap 1.3.6.1.4.1.572.17389.12000.2.1.0.70 When broadcast traffic is detected as a storm, this trap is fired. swAtcBcastStormAlarmClearTrap 1.3.6.1.4.1.572.17389.12000.2.1.0.71 When a broadcast storm is detected as normal traffic, this trap is fired. swAtcBcastStormTcApplyTrap 1.3.6.1.4.1.572.17389.12000.2.1.0.
CHAPTER 15 | Basic Administration Protocols Simple Network Management Protocol ES-2000 Series WEB INTERFACE To configure an SNMP group: 1. Click Administration, SNMP. 2. Select Configure Group from the Step list. 3. Select Add from the Action list. 4. Enter a group name, assign a security model and level, and then select read, write, and notify views. 5. Click Apply Figure 140: Creating an SNMP Group To show SNMP groups: 1. Click Administration, SNMP. 2. Select Configure Group from the Step list. 3.
CHAPTER 15 | Basic Administration Protocols Simple Network Management Protocol ES-2000 Series SETTING COMMUNITY Use the Administration > SNMP (Configure User - Add Community) page to ACCESS STRINGS configure up to five community strings authorized for management access by clients using SNMP v1 and v2c. For security reasons, you should consider removing the default strings.
CHAPTER 15 | Basic Administration Protocols Simple Network Management Protocol ES-2000 Series To show the community access strings: 1. Click Administration, SNMP. 2. Select Configure User from the Step list. 3. Select Show Community from the Action list.
CHAPTER 15 | Basic Administration Protocols Simple Network Management Protocol ES-2000 Series ◆ Authentication Protocol – The method used for user authentication. (Options: MD5, SHA; Default: MD5) ◆ Authentication Password – A minimum of eight plain text characters is required. ◆ Privacy Protocol – The encryption algorithm use for data privacy; only 56-bit DES is currently available. ◆ Privacy Password – A minimum of eight plain text characters is required.
CHAPTER 15 | Basic Administration Protocols Simple Network Management Protocol ES-2000 Series To show local SNMPv3 users: 1. Click Administration, SNMP. 2. Select Configure User from the Step list. 3. Select Show SNMPv3 Local User from the Action list. Figure 145: Showing Local SNMPv3 Users CONFIGURING REMOTE Use the Administration > SNMP (Configure User - Add SNMPv3 Remote SNMPV3 USERS User) page to identify the source of SNMPv3 inform messages sent from the local switch.
CHAPTER 15 | Basic Administration Protocols Simple Network Management Protocol ES-2000 Series ■ ■ ■ noAuthNoPriv – There is no authentication or encryption used in SNMP communications. (This is the default security level.) AuthNoPriv – SNMP communications use authentication, but the data is not encrypted. AuthPriv – SNMP communications use both authentication and encryption. ◆ Authentication Protocol – The method used for user authentication.
CHAPTER 15 | Basic Administration Protocols Simple Network Management Protocol ES-2000 Series Figure 146: Configuring Remote SNMPv3 Users To show remote SNMPv3 users: 1. Click Administration, SNMP. 2. Select Configure User from the Step list. 3. Select Show SNMPv3 Remote User from the Action list. Figure 147: Showing Remote SNMPv3 Users SPECIFYING TRAP Use the Administration > SNMP (Configure Trap) page to specify the host MANAGERS devices to be sent traps and the types of traps to send.
CHAPTER 15 | Basic Administration Protocols Simple Network Management Protocol ES-2000 Series Traps are therefore not as reliable as inform messages, which include a request for acknowledgement of receipt. Informs can be used to ensure that critical information is received by the host. However, note that informs consume more system resources because they must be kept in memory until a response is received. Informs also add to network traffic.
CHAPTER 15 | Basic Administration Protocols Simple Network Management Protocol ES-2000 Series ◆ Version – Specifies whether to send notifications as SNMP v1, v2c, or v3 traps. ◆ Notification Type ■ ■ Traps – Notifications are sent as trap messages. Inform – Notifications are sent as inform messages. Note that this option is only available for version 2c and 3 hosts. (Default: traps are used) ■ ■ ◆ Timeout – The number of seconds to wait for an acknowledgment before resending an inform message.
CHAPTER 15 | Basic Administration Protocols Simple Network Management Protocol ES-2000 Series ◆ Local User Name – The name of a local user which is used to identify the source of SNMPv3 trap messages sent from the local switch. (Range: 1-32 characters) If an account for the specified user has not been created (page 241), one will be automatically generated. ◆ Remote User Name – The name of a remote user which is used to identify the source of SNMPv3 inform messages sent from the local switch.
CHAPTER 15 | Basic Administration Protocols Simple Network Management Protocol ES-2000 Series Figure 149: Configuring Trap Managers (SNMPv2c) Figure 150: Configuring Trap Managers (SNMPv3) – 249 –
CHAPTER 15 | Basic Administration Protocols Remote Monitoring ES-2000 Series To show configured trap managers: 1. Click Administration, SNMP. 2. Select Configure Trap from the Step list. 3. Select Show from the Action list. Figure 151: Showing Trap Managers REMOTE MONITORING Remote Monitoring allows a remote device to collect information or respond to specified events on an independent basis.
CHAPTER 15 | Basic Administration Protocols Remote Monitoring ES-2000 Series value crosses the opposite bounding threshold and then back across the trigger threshold. COMMAND USAGE ◆ If an alarm is already defined for an index, the entry must be deleted before any changes can be made. PARAMETERS These parameters are displayed: ◆ Index – Index to this entry. (Range: 1-65535) ◆ Variable – The object identifier of the MIB variable to be sampled. Only variables of the type etherStatsEntry.n.
CHAPTER 15 | Basic Administration Protocols Remote Monitoring ES-2000 Series threshold. If there is no corresponding entry in the event control table, then no event will be generated. (Range: 1-65535) ◆ Owner – Name of the person who created this entry. (Range: 1-127 characters) WEB INTERFACE To configure an RMON alarm: 1. Click Administration, RMON. 2. Select Configure Global from the Step list. 3. Select Add from the Action list. 4. Click Alarm. 5.
CHAPTER 15 | Basic Administration Protocols Remote Monitoring ES-2000 Series Figure 153: Showing Configured RMON Alarms CONFIGURING RMON Use the Administration > RMON (Configure Global - Add - Event) page to EVENTS set the action to take when an alarm is triggered. The response can include logging the alarm or sending a message to a trap manager. Alarms and corresponding events provide a way of immediately responding to critical network problems.
CHAPTER 15 | Basic Administration Protocols Remote Monitoring ES-2000 Series ◆ Community – A password-like community string sent with the trap operation to SNMP v1 and v2c hosts. Although the community string can be set on this configuration page, it is recommended that it be defined on the SNMP trap configuration page (see "Setting Community Access Strings" on page 240) prior to configuring it here. (Range: 1-127 characters) ◆ Description – A comment that describes this event.
CHAPTER 15 | Basic Administration Protocols Remote Monitoring ES-2000 Series To show configured RMON events: 1. Click Administration, RMON. 2. Select Configure Global from the Step list. 3. Select Show from the Action list. 4. Click Event. Figure 155: Showing Configured RMON Events CONFIGURING RMON Use the Administration > RMON (Configure Interface - Add - History) page HISTORY SAMPLES to collect statistics on a physical interface to monitor network utilization, packet types, and errors.
CHAPTER 15 | Basic Administration Protocols Remote Monitoring ES-2000 Series ◆ Interval - The polling interval. (Range: 1-3600 seconds; Default: 1800 seconds) ◆ Buckets - The number of buckets requested for this entry. (Range: 1-65536; Default: 50) The number of buckets granted are displayed on the Show page. ◆ Owner - Name of the person who created this entry. (Range: 1-127 characters) WEB INTERFACE To periodically sample statistics on a port: 1. Click Administration, RMON. 2.
CHAPTER 15 | Basic Administration Protocols Remote Monitoring ES-2000 Series To show configured RMON history samples: 1. Click Administration, RMON. 2. Select Configure Interface from the Step list. 3. Select Show from the Action list. 4. Select a port from the list. 5. Click History. Figure 157: Showing Configured RMON History Samples To show collected RMON history samples: 1. Click Administration, RMON. 2. Select Configure Interface from the Step list. 3. Select Show Details from the Action list. 4.
CHAPTER 15 | Basic Administration Protocols Remote Monitoring ES-2000 Series Figure 158: Showing Collected RMON History Samples CONFIGURING RMON Use the Administration > RMON (Configure Interface - Add - Statistics) STATISTICAL SAMPLES page to collect statistics on a port, which can subsequently be used to monitor the network for common errors and overall traffic rates. COMMAND USAGE ◆ If statistics collection is already enabled on an interface, the entry must be deleted before any changes can be made.
CHAPTER 15 | Basic Administration Protocols Remote Monitoring ES-2000 Series WEB INTERFACE To enable regular sampling of statistics on a port: 1. Click Administration, RMON. 2. Select Configure Interface from the Step list. 3. Select Add from the Action list. 4. Click Statistics. 5. Select a port from the list as the data source. 6. Enter an index number, and the name of the owner for this entry 7.
CHAPTER 15 | Basic Administration Protocols Remote Monitoring ES-2000 Series Figure 160: Showing Configured RMON Statistical Samples To show collected RMON statistical samples: 1. Click Administration, RMON. 2. Select Configure Interface from the Step list. 3. Select Show Details from the Action list. 4. Select a port from the list. 5. Click Statistics.
CHAPTER 15 | Basic Administration Protocols Switch Clustering ES-2000 Series SWITCH CLUSTERING Switch clustering is a method of grouping switches together to enable centralized management through a single unit. Switches that support clustering can be grouped together regardless of physical location or switch type, as long as they are connected to the same local network. COMMAND USAGE ◆ A switch cluster has a “Commander” unit that is used to manage all other “Member” switches in the cluster.
CHAPTER 15 | Basic Administration Protocols Switch Clustering ES-2000 Series PARAMETERS These parameters are displayed: ◆ Cluster Status – Enables or disables clustering on the switch. (Default: Disabled) ◆ Commander Status – Enables or disables the switch as a cluster Commander. (Default: Disabled) ◆ IP Pool – An “internal” IP address pool that is used to assign IP addresses to Member switches in the cluster. Internal cluster IP addresses are in the form 10.x.x.member-ID.
CHAPTER 15 | Basic Administration Protocols Switch Clustering ES-2000 Series CLUSTER MEMBER Use the Administration > Cluster (Configure Member - Add) page to add CONFIGURATION Candidate switches to the cluster as Members. PARAMETERS These parameters are displayed: ◆ Member ID – Specify a Member ID number for the selected Candidate switch. (Range: 1-36) ◆ MAC Address – Select a discovered switch MAC address from the Candidate Table, or enter a specific MAC address of a known switch.
CHAPTER 15 | Basic Administration Protocols Switch Clustering ES-2000 Series To show the cluster members: 1. Click Administration, Cluster. 2. Select Configure Member from the Step list. 3. Select Show from the Action list. Figure 164: Showing Cluster Members To show cluster candidates: 1. Click Administration, Cluster. 2. Select Configure Member from the Step list. 3. Select Show Candidate from the Action list.
CHAPTER 15 | Basic Administration Protocols Switch Clustering ES-2000 Series IP Address – The internal cluster IP address assigned to the Member switch. MAC Address – The MAC address of the Member switch. Description – The system description string of the Member switch. Operate – Remotely manage a cluster member. WEB INTERFACE To manage a cluster member: 1. Click Administration, Cluster. 2. Select Show Member from the Step list. 3. Select an entry from the Cluster Member List. 4. Click Operate.
CHAPTER 15 | Basic Administration Protocols Switch Clustering ES-2000 Series – 266 –
16 IP CONFIGURATION ES-2000 Series This chapter describes how to configure an IP interface for management access to the switch over the network. You can manually configure a specific IP address or direct the switch to obtain an address from a BOOTP or DHCP server when it is powered on. This chapter provides information on network functions including: ◆ Ping – Sends ping message to another node on the network. ◆ Address Resolution Protocol – Specifies the timeout for ARP cache entries.
CHAPTER 16 | IP Configuration Address Resolution Protocol ES-2000 Series ■ ■ Destination unreachable - The gateway for this destination indicates that the destination is unreachable. Network or host unreachable - The gateway found no corresponding entry in the route table. WEB INTERFACE To ping another device on the network: 1. Click IP, General, Ping. 2. Specify the target device and ping parameters. 3. Click Apply.
CHAPTER 16 | IP Configuration Address Resolution Protocol ES-2000 Series If there is no entry for an IP address in the ARP cache, the switch will broadcast an ARP request packet to all devices on the network. The ARP request contains the following fields similar to that shown in this example: Table 27: Address Resolution Protocol destination IP address 10.1.0.19 destination MAC address ? source IP address 10.1.0.
CHAPTER 16 | IP Configuration Address Resolution Protocol ES-2000 Series WEB INTERFACE To configure the timeout for the ARP cache or to enable Proxy ARP for a VLAN (i.e., IP subnetwork): 1. Click IP, ARP. 2. Select Configure General from the Step List. 3. Set the timeout to a suitable value for the ARP cache. 4. Click Apply. Figure 168: Setting the ARP Timeout DISPLAYING ARP Use the IP > ARP (Show Information) page to display dynamic or local ENTRIES entries in the ARP cache.
CHAPTER 16 | IP Configuration Setting the Switch’s IP Address (IP Version 4) ES-2000 Series SETTING THE SWITCH’S IP ADDRESS (IP VERSION 4) Use the System > IP page to configure an IPv4 address for management access over the network. You can direct the device to obtain an address from a BOOTP or DHCP server, or manually configure a static IP address. Valid IP addresses consist of four decimal numbers, 0 to 255, separated by periods. Anything other than this format will not be accepted.
CHAPTER 16 | IP Configuration Setting the Switch’s IP Address (IP Version 4) ES-2000 Series WEB INTERFACE To set a static address for the switch: 1. Click System, IP. 2. Select the VLAN through which the management station is attached, set the IP Address Mode to “Static,” enter the IP address, subnet mask and gateway. 3. Click Apply. Figure 170: Configuring a Static IPv4 Address To obtain an dynamic address through DHCP/BOOTP for the switch: 1. Click System, IP. 2.
CHAPTER 16 | IP Configuration Setting the Switch’s IP Address (IP Version 4) ES-2000 Series Figure 171: Configuring a Dynamic IPv4 Address NOTE: The switch will also broadcast a request for IP configuration settings on each power reset. NOTE: When using DHCP, you may lose the management connection if the IP address assigned by the DHCP server has changed. To resolve this kind of problem, ask your network administrator to configure a static binding for your switch’s MAC address on the DHCP server.
CHAPTER 16 | IP Configuration Setting the Switch’s IP Address (IP Version 4) ES-2000 Series – 274 –
17 MULTICAST FILTERING ES-2000 Series Multicasting is used to support real-time applications such as video conferencing or streaming audio. A multicast server does not have to establish a separate connection with each client. It merely broadcasts its service to the network, and any hosts that want to receive the multicast register with their local multicast switch/router.
CHAPTER 17 | Multicast Filtering Layer 2 IGMP (Snooping and Query) ES-2000 Series containing multicast group hosts or multicast routers/switches, instead of flooding traffic to all ports in the subnet (VLAN).
CHAPTER 17 | Multicast Filtering Layer 2 IGMP (Snooping and Query) ES-2000 Series CONFIGURING IGMP Use the Multicast > IGMP Snooping > General page to configure the switch SNOOPING AND QUERY to forward multicast traffic intelligently. Based on the IGMP query and PARAMETERS report messages, the switch forwards multicast traffic only to the ports that request it. This prevents the switch from broadcasting the traffic to all ports and possibly disrupting network performance.
CHAPTER 17 | Multicast Filtering Layer 2 IGMP (Snooping and Query) ES-2000 Series ◆ TCN Flood – Enables flooding of multicast traffic if a spanning tree topology change notification (TCN) occurs. (Default: Disabled) When a spanning tree topology change occurs, the multicast membership information learned by switch may be out of date. For example, a host linked to one port before the topology change (TC) may be moved to another port after the change.
CHAPTER 17 | Multicast Filtering Layer 2 IGMP (Snooping and Query) ES-2000 Series method of attack is launched by an intruder who takes over the role of querier, and starts overloading multicast hosts by sending a large number of group-and-source-specific queries, each with a large source list and the Maximum Response Time set to a large value. To protect against this kind of attack, routers should not forward queries. This is easier to accomplish if the query carries the Router Alert option.
CHAPTER 17 | Multicast Filtering Layer 2 IGMP (Snooping and Query) ES-2000 Series WEB INTERFACE To configure general settings for IGMP Snooping and Query: 1. Click Multicast, IGMP Snooping, General. 2. Adjust the IGMP settings as required. 3. Click Apply. Figure 173: Configuring General Settings for IGMP Snooping SPECIFYING STATIC Use the Multicast > IGMP Snooping > Multicast Router (Add) page to INTERFACES FOR A statically attach an interface to a multicast router/switch.
CHAPTER 17 | Multicast Filtering Layer 2 IGMP (Snooping and Query) ES-2000 Series WEB INTERFACE To specify a static interface attached to a multicast router: 1. Click Multicast, IGMP Snooping, Multicast Router. 2. Select Add Static Multicast Router from the Action list. 3. Select the VLAN which will forward all the corresponding multicast traffic, and select the port or trunk attached to the multicast router. 4. Click Apply.
CHAPTER 17 | Multicast Filtering Layer 2 IGMP (Snooping and Query) ES-2000 Series To show the all interfaces attached to a multicast router: 1. Click Multicast, IGMP Snooping, Multicast Router. 2. Select Current Multicast Router from the Action list. 3. Select the VLAN for which to display this information.
CHAPTER 17 | Multicast Filtering Layer 2 IGMP (Snooping and Query) ES-2000 Series WEB INTERFACE To statically assign an interface to a multicast service: 1. Click Multicast, IGMP Snooping, IGMP Member. 2. Select Add Static Member from the Action list. 3. Select the VLAN that will propagate the multicast service, specify the interface attached to a multicast service (through an IGMP-enabled switch or multicast router), and enter the multicast IP address. 4. Click Apply.
CHAPTER 17 | Multicast Filtering Layer 2 IGMP (Snooping and Query) ES-2000 Series To show the all interfaces statically or dynamically assigned to a multicast service: 1. Click Multicast, IGMP Snooping, IGMP Member. 2. Select Show Current Member from the Action list. 3. Select the VLAN for which to display this information.
CHAPTER 17 | Multicast Filtering Layer 2 IGMP (Snooping and Query) ES-2000 Series Multicast Router Discovery uses the following three message types to discover multicast routers: ◆ Multicast Router Advertisement – Advertisements are sent by routers to advertise that IP multicast forwarding is enabled. These messages are sent unsolicited periodically on all router interfaces on which multicast forwarding is enabled.
CHAPTER 17 | Multicast Filtering Layer 2 IGMP (Snooping and Query) ES-2000 Series PARAMETERS These parameters are displayed: ◆ VLAN – ID of configured VLANs. (Range: 1-4093) ◆ IGMP Snooping Status – When enabled, the switch will monitor network traffic on the indicated VLAN interface to determine which hosts want to receive multicast traffic. This is referred to as IGMP Snooping.
CHAPTER 17 | Multicast Filtering Layer 2 IGMP (Snooping and Query) ES-2000 Series ◆ Interface Version – Sets the protocol version for compatibility with other devices on the network. This is the IGMP Version the switch uses to send snooping reports. (Range: 1-2; Default: 2) This attribute configures the IGMP report/query version used by IGMP snooping. Versions 1 - 2 are supported, and version 2 is backward compatible, so the switch can operate with other devices using either Version 1 or 2.
CHAPTER 17 | Multicast Filtering Layer 2 IGMP (Snooping and Query) ES-2000 Series WEB INTERFACE To configure IGMP snooping on a VLAN: 1. Click Multicast, IGMP Snooping, Interface. 2. Select Configure from the Action list. 3. Select the VLAN to configure and update the required parameters. 4. Click Apply. Figure 180: Configuring IGMP Snooping on an Interface To show the interface settings for IGMP snooping: 1. Click Multicast, IGMP Snooping, Interface. 2. Select Show from the Action list.
CHAPTER 17 | Multicast Filtering Layer 2 IGMP (Snooping and Query) ES-2000 Series DISPLAYING Use the Multicast > IGMP Snooping > Forwarding Entry page to display the MULTICAST GROUPS forwarding entries learned through IGMP Snooping. DISCOVERED BY IGMP SNOOPING COMMAND USAGE To display information about multicast groups, IGMP Snooping must first be enabled on the switch (see page 277).
CHAPTER 17 | Multicast Filtering Filtering and Throttling IGMP Groups ES-2000 Series FILTERING AND THROTTLING IGMP GROUPS In certain switch applications, the administrator may want to control the multicast services that are available to end users. For example, an IP/TV service based on a specific subscription plan.
CHAPTER 17 | Multicast Filtering Filtering and Throttling IGMP Groups ES-2000 Series Figure 183: Enabling IGMP Filtering and Throttling CONFIGURING IGMP Use the Multicast > IGMP Snooping > Filter (Add) page to create an IGMP FILTER PROFILES profile and set its access mode. Then use the (Add Multicast Group Range) page to configure the multicast groups to filter.
CHAPTER 17 | Multicast Filtering Filtering and Throttling IGMP Groups ES-2000 Series WEB INTERFACE To create an IGMP filter profile and set its access mode: 1. Click Multicast, IGMP Snooping, Filter. 2. Select Configure Profile from the Step list. 3. Select Add from the Action list. 4. Enter the number for a profile, and set its access mode. 5. Click Apply. Figure 184: Creating an IGMP Filtering Profile To show the IGMP filter profiles: 1. Click Multicast, IGMP Snooping, Filter. 2.
CHAPTER 17 | Multicast Filtering Filtering and Throttling IGMP Groups ES-2000 Series 5. Click Apply. Figure 186: Adding Multicast Groups to an IGMP Filtering Profile To show the multicast groups configured for an IGMP filter profile: 1. Click Multicast, IGMP Snooping, Filter. 2. Select Configure Profile from the Step list. 3. Select Show Multicast Group Range from the Action list. 4. Select the profile for which to display this information.
CHAPTER 17 | Multicast Filtering Filtering and Throttling IGMP Groups ES-2000 Series PARAMETERS These parameters are displayed: ◆ Interface – Port or trunk identifier. An IGMP profile or throttling setting can be applied to a port or trunk. When ports are configured as trunk members, the trunk uses the settings applied to the first port member in the trunk. ◆ Profile ID – Selects an existing profile to assign to an interface.
SECTION III ES-2000 Series APPENDICES This section provides additional information and includes these items: ◆ "Software Specifications" on page 297 ◆ "Troubleshooting" on page 301 ◆ "License Information" on page 303 – 295 –
SECTION III | Appendices ES-2000 Series – 296 –
A SOFTWARE SPECIFICATIONS ES-2000 Series SOFTWARE FEATURES MANAGEMENT Local, RADIUS, TACACS+, Port Authentication (802.1X), HTTPS, Port AUTHENTICATION Security, IP Filter CLIENT ACCESS Access Control Lists (512 rules), Port Authentication (802.
APPENDIX A | Software Specifications Management Features ES-2000 Series VLAN SUPPORT Up to 256 groups; port-based, tagged (802.
APPENDIX A | Software Specifications Management Information Bases ES-2000 Series IEEE 802.1Q VLAN IEEE 802.1X Port Authentication IEEE 802.3-2005 Ethernet, Fast Ethernet, Gigabit Ethernet Link Aggregation Control Protocol (LACP) Full-duplex flow control (ISO/IEC 8802-3) IEEE 802.
APPENDIX A | Software Specifications Management Information Bases ES-2000 Series Q-Bridge MIB (RFC 2674Q) Quality of Service MIB RADIUS Authentication Client MIB (RFC 2621) RMON MIB (RFC 2819) RMON II Probe Configuration Group (RFC 2021, partial implementation) SNMP Community MIB (RFC 3584) SNMP Framework MIB (RFC 3411) SNMP-MPD MIB (RFC 3412) SNMP Target MIB, SNMP Notification MIB (RFC 3413) SNMP User-Based SM MIB (RFC 3414) SNMP View Based ACM MIB (RFC 3415) SNMPv2 IP MIB (RFC 2011) TACACS+ Authenticatio
B TROUBLESHOOTING ES-2000 Series PROBLEMS ACCESSING THE MANAGEMENT INTERFACE Table 28: Troubleshooting Chart Symptom Action Cannot connect using a web browser, or SNMP software ◆ ◆ Be sure the switch is powered up. ◆ Check that you have a valid network connection to the switch and that the port you are using has not been disabled. ◆ Be sure you have configured the VLAN interface through which the management station is connected with a valid IP address, subnet mask and default gateway.
APPENDIX B | Troubleshooting Using System Logs ES-2000 Series USING SYSTEM LOGS If a fault does occur, refer to the Installation Guide to ensure that the problem you encountered is actually caused by the switch. If the problem appears to be caused by the switch, follow these steps: 1. Enable logging. 2. Set the error messages reported to include all categories. 3. Enable SNMP. 4. Enable SNMP traps. 5. Designate the SNMP host that is to receive the error messages. 6.
C LICENSE INFORMATION ES-2000 Series This product includes copyrighted third-party software subject to the terms of the GNU General Public License (GPL), GNU Lesser General Public License (LGPL), or other related free software licenses. The GPL code used in this product is distributed WITHOUT ANY WARRANTY and is subject to the copyrights of one or more authors.
APPENDIX C | License Information The GNU General Public License ES-2000 Series GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 1. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License.
APPENDIX C | License Information The GNU General Public License ES-2000 Series b). Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c).
APPENDIX C | License Information The GNU General Public License ES-2000 Series 9. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded.
GLOSSARY ES-2000 Series ACL Access Control List. ACLs can limit network traffic and restrict access to certain users or devices by checking each packet for certain IP or MAC (i.e., Layer 2) information. ARP Address Resolution Protocol converts between IP addresses and MAC (hardware) addresses. ARP is used to locate the MAC address corresponding to a given IP address.
GLOSSARY ES-2000 Series DSCP Differentiated Services Code Point Service. DSCP uses a six-bit tag to provide for up to 64 different forwarding behaviors. Based on network policies, different kinds of traffic can be marked for different kinds of forwarding. The DSCP bits are mapped to the Class of Service categories, and then into the output queues. EAPOL Extensible Authentication Protocol over LAN.
GLOSSARY ES-2000 Series IEEE 802.3AC Defines frame extensions for VLAN tagging. IEEE 802.3X Defines Ethernet frame start/stop requests and timers used for flow control on full-duplex links. (Now incorporated in IEEE 802.3-2002) IGMP Internet Group Management Protocol. A protocol through which hosts can register with their local router for multicast services.
GLOSSARY ES-2000 Series MD5 MD5 Message-Digest is an algorithm that is used to create digital signatures. It is intended for use with 32 bit machines and is safer than the MD4 algorithm, which has been broken. MD5 is a one-way hash function, meaning that it takes a message and converts it into a fixed string of digits, also called a message digest. MIB Management Information Base. An acronym for Management Information Base.
GLOSSARY ES-2000 Series RSTP Rapid Spanning Tree Protocol. RSTP reduces the convergence time for network topology changes to about 10% of that required by the older IEEE 802.1D STP standard. SNMP Simple Network Management Protocol. The application protocol in the Internet suite of protocols which offers network management services. SNTP Simple Network Time Protocol allows a device to set its internal clock based on periodic updates from a Network Time Protocol (NTP) server.
GLOSSARY ES-2000 Series – 312 –
INDEX ES-2000 Series default mapping to internal values 136 enabling 132 layer 3/4 priorities 132 priorities, mapping to internal values 136 queue mapping 129 queue mode 126 queue weights, assigning 128 CoS/CFI to PHB/drop precedence 136 CPU status 61 utilization, showing 61 NUMERICS 802.
INDEX ES-2000 Series filtering, configuring profile 291 filtering, creating profile 291 filtering, group range 291 groups, displaying 283 Layer 2 276 query 276, 277 services, displaying 289 snooping 276 snooping & query, parameters 277 snooping, configuring 277 snooping, enabling 277 snooping, immediate leave 286 IGMP snooping configuring 284 enabling per interface 284, 286 forwarding entries 289 immediate leave, status 286 interface attached to multicast router 282 last member query count 287 last member
INDEX ES-2000 Series link type, STA 115, 117 LLDP 205 device statistics details, displaying 223 device statistics, displaying 221 display device information 214, 216 displaying remote information 216 interface attributes, configuring 208 local device information, displaying 214 message attributes 208 message statistics 221 remote information, displaying 221 remote port information, displaying 216 timing attributes, configuring 206 TLV 205, 208 TLV, 802.1 209 TLV, 802.
INDEX ES-2000 Series broadcast storm threshold 123 capabilities 66 configuring 65 duplex mode 67 flow control 67 forced selection on combo ports 66 mirroring 69 mirroring local traffic 69 multicast storm threshold 123 speed 67 statistics 71 unknown unicast storm threshold 123 power budgets port 226 port priority 226 power savings configuring 91 enabling per port 91 priority, default port ingress 125 problems, troubleshooting 301 protocol migration 115 PVID, port native VLAN 97 Q QoS 139 configuration guid
INDEX ES-2000 Series path cost 114, 117 path cost method 109 port priority 114 protocol migration 115 transmission limit 109 standards, IEEE 298 startup files creating 52 displaying 52 setting 52 static addresses, setting 101 statistics, port 71 STP 108 switch clustering, for management 261 switch settings restoring 54 saving 54 system clock setting 57 setting manually 57 setting the time zone 60 setting with SNTP 58 system logs 201 system software, downloading from server 52 T TACACS+ logon authentication
INDEX ES-2000 Series – 318 –
ES-2026 ES-2026P ES-2024G ES-2024GP E062011/ST-R05 149100000041A
JUNE/2011/ISSUE 2.