User Manual

ManualsBrandsNETGEAR ManualsSwitchM4100-12GF

Table Of Contents

350 East Plumeria Drive

San Jose, CA 95134

USA

April 2015

202-10967-02

M4100 Series Managed Switch

User Manual

Version 10.0.2

Summary of content (446 pages)

PAGE 1
M4100 Series Managed Switch User Manual Version 10.0.
PAGE 2
M4100 Series Managed Switch Support Thank you for selecting NETGEAR products. After installing your device, locate the serial number on the label of your product and use it to register your product at https://my.netgear.com. You must register your product before you can use NETGEAR telephone support. NETGEAR recommends registering your product through the NETGEAR website. For product updates and web support, visit http://support.netgear.com. Phone (US & Canada only): 1-888-NETGEAR.
PAGE 3
Contents Chapter 1 Get Started Available Publications and Online Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Register Your Product. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Understanding the User Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Web Management Interface Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 4
M4100 Series Managed Switch Configure the DHCP Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 Exclude an Address from the DHCP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 Configure the DHCP Pool. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 Configure the DHCP Pool Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 View DHCP Server Statistics. . . . . . . . . . . .
PAGE 5
M4100 Series Managed Switch Add a VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120 Reset VLAN Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121 Configure Internal VLAN Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122 Configure VLAN Trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123 Configure VLAN Membership . . . . . .
PAGE 6
M4100 Series Managed Switch Configure MVR. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182 Configure Advanced MVR Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183 Configure MVR Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185 Configure an MVR Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186 Configure MVR Group Membership . . . .
PAGE 7
M4100 Series Managed Switch Use the DiffServ Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242 Configure DiffServ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243 Configure the Global Diffserv Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245 Configure a DiffServ Class . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247 Configure the Class Match Criteria . . .
PAGE 8
M4100 Series Managed Switch View the Port Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306 View the Client Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309 Traffic Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310 Configure MAC Filter Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 9
M4100 Series Managed Switch View or Delete IP ACL Bindings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 366 View or Delete VLAN ACL Bindings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367 Chapter 7 Monitoring the System View Port Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370 View Detailed Port Statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 10
M4100 Series Managed Switch Use the Ping IPv6 Utility. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 422 Run Traceroute IPv4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 423 Configure Traceroute IPv6 Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 425 Appendix A Default Settings Factory Default Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 11
1. 1 Get Started This chapter provides an overview of starting your NETGEAR Managed Switch and accessing the user interface. This chapter contains the following sections: • Available Publications and Online Help • Register Your Product • Understanding the User Interfaces • Web Management Interface Overview • Use a Web Browser to Access the Switch and Log In • Using SNMP Note: For more information about the topics covered in this manual, visit the support website at support.netgear.com.
PAGE 12
M4100 Series Managed Switch Available Publications and Online Help A number of publications are available for your managed switch at downloadcenter.netgear.com, including the following publications: • M4100 Chassis Hardware Installation Guide. • M4100 Switch Module Installation Guide. • M4100 Software Setup Manual. • M4100 User Manual (this document). You can also access this document online when you are logged in to the switch. Select Help  Online Help > User Guide.
PAGE 13
M4100 Series Managed Switch Web Management Interface Overview Your managed switch contains an embedded web server and management software for managing and monitoring switch functions. The managed switch functions as a simple switches without the management software. However, you can use the management software to configure more advanced features that can improve switch efficiency and overall network performance.
PAGE 14
M4100 Series Managed Switch The web management interface menu displays. Web Interface Buttons and User-Defined Fields The following table shows the command buttons that are used throughout the screens in the web interface: Table 1. Web interface command buttons Button Function ADD Clicking the ADD button adds the new item configured in the heading row of a table. APPLY Clicking the APPLY button sends the updated configuration to the switch. Configuration changes take effect immediately.
PAGE 15
M4100 Series Managed Switch The following table describes the naming convention for all interfaces available on the switch. Table 2. Naming conventions for interfaces Interface Description Example Physical The physical ports are gigabit Ethernet interfaces and are numbered sequentially starting from one. 0/1, 0/2, 0/3, and so on Link aggregation group (LAG) LAG interfaces are logical interfaces that are used only for bridging functions.
PAGE 16
M4100 Series Managed Switch 7. Select Help  Online Help > Support. To connect to the NETGEAR support site for managed switch, click the APPLY button. Web Management Interface Device View The Device View is a Java® applet that displays the ports on the switch. This graphic provides an alternate way to navigate to configuration and monitoring options. The graphic also provides information about device ports, current configuration and status, tables, and feature components.  To use Device View: 1.
PAGE 17
M4100 Series Managed Switch 8. Click a port to see a menu that displays statistics and configuration options. You can click a menu option to access the screen that contains the configuration or monitoring options. If you click the graphic, but do not click a specific port, the main menu displays. This menu contains the same options as the navigation tabs at the top of the screen.
PAGE 18
M4100 Series Managed Switch The managed switch use both standard public MIBs for standard functionality and private MIBs that support additional switch functionality. All private MIBs begin with a “-” prefix. The main object for interface configuration is in -SWITCHING-MIB, which is a private MIB. Some interface configurations also involve objects in the public MIB, IF-MIB. SNMP is enabled by default.
PAGE 19
2.
PAGE 20
M4100 Series Managed Switch System Configuration  To do the initial system configuration: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. 5.
PAGE 21
M4100 Series Managed Switch You can use a location up to 255 characters in length. The factory default is blank. 12. Enter the System Contact, the name of the contact person for this switch. You can use a contact name up to 255 characters in length. The factory default is blank. 13. In the SNTP Mode menu, select Enable or Disable. This specifies the state of the SNTP client. The default value is Enable, and the local clock is used to get the time value. 14. Specify the address of the SNTP server.
PAGE 22
M4100 Series Managed Switch The web management interface menu displays. 7. Select System  Management  Initial Setup The Initial Setup screen displays. 8. Scroll down to display the Management VLAN Configuration section. 9. Specify the Management VLAN ID of the switch. The management VLAN is used for management of the switch. The VLAN ID can be any value from 1 to 4093. The default value is VLAN 1. 10. Select the Routing Mode Enable or Disable radio button.
PAGE 23
M4100 Series Managed Switch The Login screen displays. 5. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button. The web management interface menu displays. 7. Select System  Management  System Information. 8. Define the following fields: • System Name. Enter a name to identify this switch. You can use up to 255 alphanumeric characters. The factory default is blank. • System Location.
PAGE 24
M4100 Series Managed Switch • Service Port • Different . Some applications that can be selected in this screen require that the source interface be configured separately. In this case, the Different option is shown. By default VLAN 1 is used as the source interface. 9. Click the APPLY button. The settings are sent to the switch. Configuration changes take effect immediately. These changes are not retained across a power cycle unless you save the configuration. See Save Configuration on page 405.
PAGE 25
M4100 Series Managed Switch  To view the fan status: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. 5. Enter the user name and password.
PAGE 26
M4100 Series Managed Switch 4. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. 5. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button. The web management interface menu displays. 7. Select System  Management  System Information. The System Information screen displays. 8.
PAGE 27
M4100 Series Managed Switch 8. Scroll down to Device Status. 9. To refresh the switch information, click the REFRESH button. The following table describes the Device Status information. Table 4. Device status Field Description Firmware Version The release.version.maintenance number of the code currently running on the switch. For example, if the release was 1, the version was 2, and the maintenance number was 4, the format would be 1.2.4.
PAGE 28
M4100 Series Managed Switch View Switch Statistics  To view the switch statistics: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. 5.
PAGE 29
M4100 Series Managed Switch The following table describes Switch Statistics information. Table 5. Switch Statistics Field Description ifIndex The ifIndex of the interface table entry associated with the processor of this switch. Octets Received The total number of octets of data received by the processor excluding framing bits but including FCS octets. Packets Received Without Errors The total number of packets including broadcast packets and multicast packets received by the processor.
PAGE 30
M4100 Series Managed Switch Table 5. Switch Statistics (continued) Field Description Most VLAN Entries Ever Used The largest number of VLANs that were active on this switch since the last reboot. Static VLAN Entries The number of presently active VLAN entries on this switch that were created statically. Dynamic VLAN Entries The number of presently active VLAN entries on this switch that were created by GVRP registration.
PAGE 31
M4100 Series Managed Switch 7. Select System > Management > System CPU Status. The following information displays: • Total System Memory. The total memory of the switch in KBytes. • Available Memory. The available memory space for the switch in KBytes. • CPU Utilization Information. Memory information, task-related information, and percentage of CPU utilization per task.
PAGE 32
M4100 Series Managed Switch 5. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button. The web management interface menu displays. 7. Select System > Management > USB Device Information. 8. Click the REFRESH button to refresh the screen with the latest information. The following table describes USB Device Details information. Table 6.
PAGE 33
M4100 Series Managed Switch Table 6. USB device Information (continued) Field Description Product ID The USB flash drive device product ID. USB Memory Statistics Total Size The USB flash device storage size. Bytes Used The size of memory used on the USB flash device. Bytes Free The size of memory free on the USB flash device. USB Directory Details File Name The files stored in the USB flash drive. File Size The size of the files stored in the USB flash drive.
PAGE 34
M4100 Series Managed Switch 8. Use the Loopback ID field to select list of currently configured loopback interfaces. 9. Use the Primary IP Address field to input the primary IPv4 address for this interface in dotted decimal notation. This option is visible only when IPv4 loopback is selected. 10. Use the Primary IP Subnet Mask field to input the primary IPv4 subnet mask for this interface in dotted decimal notation. This option is visible only when IPv4 Loopback is selected.
PAGE 35
M4100 Series Managed Switch 7. Select System > Management > Management Interfaces > IPv6 Network Neighbor Table. The following table displays IPv6 Network Interface Neighbor Table information. Table 7. IPv6 Network Interface Neighbor Table Field Description IPv6 address The Ipv6 address of a neighbor switch visible to the network interface. MAC address The MAC address of a neighbor switch. IsRtr True (1) if the neighbor machine is a router, false (2) otherwise.
PAGE 36
M4100 Series Managed Switch Once you establish in-band connectivity, you can change the IP information using any of the following:  • Terminal interface through the EIA-232 port • Terminal interface through Telnet • SNMP-based management • Web-based management To configure the IPv4 management VLAN: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2.
PAGE 37
M4100 Series Managed Switch The screen displays the MAC address assigned to the VLAN routing interface and the routing interface status (up or down). These fields display information but cannot be changed. 8. From the VLAN ID list, select a VLAN. This list displays all IDs of VLANs configured on this switch. 9. In the Routing Mode field, select the option to Enable or Disable the global routing on the selected VLAN interface. 10.
PAGE 38
M4100 Series Managed Switch • Stratum 2. The time source is distanced from the stratum 1 server over a network path. For example, a stratum 2 server receives the time over a network link, through NTP, from a stratum 1 server. Information received from SNTP servers is evaluated based on the time level and server type. SNTP time definitions are assessed and determined by the following time levels: • T1. Time that the original request was sent by the client. • T2.
PAGE 39
M4100 Series Managed Switch 6. Click the Login button. The web management interface menu displays. 7. Select System  Management  System Information. The System Information screen displays. 8. Select System  Management > Time  Time Configuration, and select SNTP as the Clock Source. 9. Use Client Mode to specify the mode of operation of SNTP Client. An SNTP client can operate in one of the following modes: • Disable. SNTP is not operational.
PAGE 40
M4100 Series Managed Switch • Routing loopback interface By default, VLAN 1 is used as the source interface. 12. Use Unicast Poll Interval to specify the number of seconds between unicast poll requests expressed as a power of two when configured in unicast mode. The allowed range is 6 to 10. The default value is 6. 13. Use Broadcast Poll Interval to specify the number of seconds between broadcast poll requests expressed as a power of two when configured in broadcast mode.
PAGE 41
M4100 Series Managed Switch 4. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. 5. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button. The web management interface menu displays. 7. Select System  Management > Time  Time Configuration The Time Configuration screen displays. 8.
PAGE 42
M4100 Series Managed Switch Table 8. SNTP Global Status (continued) Field Description Last Attempt Status Specifies the status of the last SNTP request or unsolicited message for both unicast and broadcast modes. If no message was received from a server, a status of Other is displayed. These values are appropriate for all operational modes. • Other. None of the following enumeration values. • Success. The SNTP operation was successful and the system time was updated. • Request Timed Out.
PAGE 43
M4100 Series Managed Switch Configure SNTP Servers You can view and modify information for adding and modifying Simple Network Time Protocol SNTP servers.  To configure SNTP servers: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4. Enter the IP address of the switch in the web browser address field.
PAGE 44
M4100 Series Managed Switch This indicates the order in which to query the servers. A server entry with a precedence of 1 is queried before a server with a priority of 2, and so forth. If more than one server is assigned the same priority, then the requesting order follows the lexicographical ordering of the entries in this table. The allowed range is 1 to 3. The default value is 1. • Version. Enter the NTP version running on the server. The range is 1–4. The default is 4. 9. Click the ADD button. 10.
PAGE 45
M4100 Series Managed Switch Table 9. SNTP server status (continued) Field Description Last Attempt Status The status of the last SNTP request to this server. If no packet was received from this server, a status of Other is displayed. • Other. None of the following enumeration values. • Success. The SNTP operation was successful and the system time was updated. • Request Timed Out. A directed SNTP request timed out without receiving a response from the SNTP server. • Bad Date Encoded.
PAGE 46
M4100 Series Managed Switch 7. Select System  Management  Time  Summer Time Configuration. 8. Select a Summer Time radio button: • Disable. This option is used to disable Summer Time. • Recurring. This option is used to enable Recurring Summer Time. • Recurring EU. This option is used to enable Recurring EU Summer Time. • Recurring USA. This option is used to enable Recurring USA Summer Time. • Non Recurring. This option is used to configure Non Recurring Summer Time.
PAGE 47
M4100 Series Managed Switch The fields in the following table are visible only when Summer Time is Non Recurring. Table 11. Summer Time Nonrecurring Configuration Field Description Begins At The fields under this are used to configure the Start values for the date and time. • Week. This field is used to configure the start week. • Day. This field is used to configure the start day. • Month. This field is used to configure the start month. • Hours. This field is used to configure the start hours.
PAGE 48
M4100 Series Managed Switch The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button. The web management interface menu displays. 7. Select System  Management  DNS  DNS Configuration. 8. Specify whether to enable or disable the administrative status of the DNS client. • Enable. Allow the switch to send DNS queries to a DNS server to resolve a DNS domain name. The default value is Enable. • Disable.
PAGE 49
M4100 Series Managed Switch By default, VLAN 1 is used as source interface. 13. To specify the DNS server to which the switch sends DNS queries, enter an IP address in standard IPv4 dot notation in the DNS Server Address and click the ADD button. The server appears in the list. You can specify up to eight DNS servers. The precedence is set in the order created. 14. To remove a DNS server from the list, select the check box next to the server and click the DELETE button.
PAGE 50
M4100 Series Managed Switch 7. Select System  Management  DNS  Host Configuration. 8. Specify the static host name to add. Its length cannot exceed 255 characters and it is a mandatory field for the user. 9. Specify the IP address in standard IPv4 dot notation to associate with the host name. 10. Click the ADD button. The entry appears in the list. 11. To remove an entry from the static DNS table, select the check box next to the entry and click the DELETE button. 12.
PAGE 51
M4100 Series Managed Switch The Login screen displays. 5. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button. The web management interface menu displays. 7. Select System  Management  Green Ethernet > Green Ethernet Configuration. 8. Select an Auto Power Down Mode Disable or Enable radio button. The factory default is Enable.
PAGE 52
M4100 Series Managed Switch 3. Launch a web browser. 4. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. 5. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button. The web management interface menu displays. 7.
PAGE 53
M4100 Series Managed Switch Configure Port Green Mode Statistics You can configure the Port Green Mode Statistics settings.  To configure port green mode statistics: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4. Enter the IP address of the switch in the web browser address field.
PAGE 54
M4100 Series Managed Switch performing autonegotiation and saving power consumption when no link partner is present. The The default value is Disabled. 10. Use the Short Reach Admin Mode selection to enable or disable this option on the port. With short reach mode enabled, PHY is forced to operate in low power mode irrespective of the cable length. The default value is Disabled. 11. Use the EEE Admin Mode selection to enable or disable this option on the port.
PAGE 55
M4100 Series Managed Switch Table 13. Port Green Mode Statistics (continued) Field Description Tw_sys_tx Echo (uSec) Integer that indicates the remote system's Transmit Tw_sys that was used by the local system to compute the Tw_sys that it wants to request from the remote system. Tw_sys_rx (uSec) Integer that indicates the value of Tw_sys that the local system requests from the remote system.
PAGE 56
M4100 Series Managed Switch The web management interface menu displays. 7. Select System  Management  Green Ethernet Green Ethernet Summary. Click the REFRESH button to refresh the screen with the most current data from the switch. The following table describes the Green Mode Statistics Summary nonconfigurable fields. Table 14. Green Mode Statistics Summary Field Description Current Power Consumption (mWatts) Estimated power consumption by all ports in mWatts.
PAGE 57
M4100 Series Managed Switch Table 14. Green Mode Statistics Summary (continued) Field Description Energy Detect Admin Mode Enable or Disable Energy Detect Mode on the port. When this mode is enabled, when the port link is down, the PHY automatically goes down for short period of time, and then wakes up to check link pulses. This allows autonegotiation to be performed power saving consumption when no link partner is present.
PAGE 58
M4100 Series Managed Switch This is the Interval at which EEE LPI data is collected. This is a global setting and is applied to all interfaces. The range is 30 to 36000.The default value is 3600. 10. In the Max Samples to keep field, enter a value. This is a global setting and is applied to all interfaces. The range is 1 to 168.The default value is 168. 11. Click the APPLY button. The settings are sent to the switch. Configuration changes take effect immediately.
PAGE 59
M4100 Series Managed Switch The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button. The web management interface menu displays. 7. Select System > Services > DHCP Server> DHCP Server Configuration. 8. Select the Admin Mode Disable or Enable radio button. This specifies whether the DHCP service is enabled or disabled. The default value is Disable. 9.
PAGE 60
M4100 Series Managed Switch 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. 5. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button.
PAGE 61
M4100 Series Managed Switch 3. Launch a web browser. 4. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. 5. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button. The web management interface menu displays. 7. Select System > Services > DHCP Server > DHCP Pool Configuration. 8.
PAGE 62
M4100 Series Managed Switch The following table describes the DHCP Pool Configuration fields. Table 16. DHCP Pool configuration Field Description Pool Name* For a user with read/write permission, this field shows names of all the existing pools along with an additional option Create. When you select Create the Pool Name list displays. For a user with read-only permission, this list shows only the names of the existing pools.
PAGE 63
M4100 Series Managed Switch Table 16. DHCP Pool configuration (continued) Field Description Lease Time Can be selected as Infinite to specify the lease time as Infinite, or as Specified Duration and enter a specific lease period. In the case of dynamic binding infinite implies a lease period of 60 days. In the case of manual binding, Infinite implies indefinite lease period. The default value is Specified Duration. Days The number of days of the lease period.
PAGE 64
M4100 Series Managed Switch The default IP address of the switch is 169.254.100.100. The Login screen displays. 5. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button. The web management interface menu displays. 7. Select System > Services > DHCP Server > DHCP Pool Options. 8. In the Pool Name field, select the Pool Name. 9.
PAGE 65
M4100 Series Managed Switch The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button. The web management interface menu displays. 7. Select System > Services > DHCP Server > DHCP Server Statistics. The following table describes the DHCP Server Statistics fields. Table 17. DHCP server statistics Field Description Automatic Bindings Specifies the number of Automatic Bindings on the DHCP server.
PAGE 66
M4100 Series Managed Switch Table 17. DHCP server statistics (continued) Field Description DHCPACK Specifies the number of DHCPACK messages sent by the DHCP server. DHCPNAK Specifies the number of DHCPNAK messages sent by the DHCP server. View DHCP Bindings Information  To view the DHCP Bindings information: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2.
PAGE 67
M4100 Series Managed Switch The following table describes the DHCP Bindings Information fields. Table 18. DHCP Bindings Information Field Description IP Address Specifies the Client's IP Address. Hardware Address Specifies the Client's Hardware Address. Lease Time Left Specifies the Lease time left in Days, Hours and Minutes (dd:hh:mm). format. Type Specifies the Type of Binding: Dynamic or Manual. View DHCP Conflicts Information  To view the DHCP conflicts information: 1.
PAGE 68
M4100 Series Managed Switch • Specific Address Conflict to specify a dynamic binding. The following table describes the DHCP Conflicts Information fields. Table 19. DHCP conflicts information Field Description IP Address Specifies the IP Address of the host as recorded on the DHCP server. Detection Method Specifies the manner in which the IP address of the hosts were found on the DHCP server.
PAGE 69
M4100 Series Managed Switch 7. Select System > Services > DHCP Relay. 8. Use Maximum Hop Count to enter the maximum number of hops a client request can take before being discarded. The range is 1 to 16. The default value is 4. 9. Select the Admin Mode Disable or Enable radio button. When you select Enable, DHCP requests are forwarded to the IP address you entered in the Server Address on the UDP Relay Global Configuration screen. 10. Use Minimum Wait Time to enter a Minimum Wait Time in seconds.
PAGE 70
M4100 Series Managed Switch Configure a DHCP L2 Relay VLAN  To configure a DHCP L2 Relay VLAN: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. 5.
PAGE 71
M4100 Series Managed Switch Configure the DHCP L2 Relay Interface  To configure the DHCP L2 Relay Interface: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. 5.
PAGE 72
M4100 Series Managed Switch View DHCP L2 Relay Interface Statistics  To view the DHCP L2 Relay Interface Statistics: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays.
PAGE 73
M4100 Series Managed Switch The following table describes the DHCP L2 Relay Interface Statistics fields. Table 21. DHCP L2 Relay Interface Statistics Field Description Interface The interface from which the DHCP messages are received. UntrustedServerMsgsWithOpt82 The number of DHCP messages with option82 received from an untrusted server. UntrustedClientMsgsWithOpt82 The number of DHCP messages with option82 received from an untrusted client.
PAGE 74
M4100 Series Managed Switch 7. Select System > Services > UDP Relay> UDP Relay Global Configuration. 8. Use Admin Mode to enable or disable the UDP Relay on the switch. The default value is Disable. 9. Use Server Address to specify the UDP relay server address in x.x.x.x format. 10. Use UDP Port to specify the UDP Destination Port. These ports are supported: • DefaultSet. Relay UDP port 0 packets. This is specified if no UDP port is selected when you are creating the Relay server. • dhcp.
PAGE 75
M4100 Series Managed Switch Configure the UDP Relay Interface  To configure the UDP Relay Interface: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. 5.
PAGE 76
M4100 Series Managed Switch • rip. Relay RIP UDP port 520 packets. • tacacs. Relay TACACS UDP port 49 packet. • tftp. Relay TFTP UDP port 69 packets. • time. Relay time service UDP port 37 packets. • Other. If this option is selected, the UDP Port Other Value is enabled. This option permits you to enter your own UDP port in UDP Port Other Value. 11. Use UDP Port Other Value to specify UDP Destination Port that lies between 0 and 65535. 12.
PAGE 77
M4100 Series Managed Switch 7. Select System > PoE > Basic > PoE Configuration. The Unit Selection list displays the current PoE unit. 8. To change the PoE unit, select another unit from the menu. 9. To set the System Usage Threshold, enter a number from 1 to 99. This sets the threshold level at which a trap is sent if consumed power is greater than the threshold power. 10.
PAGE 78
M4100 Series Managed Switch Table 22. PoE Configuration (continued) Field Description Power Status Indicates the power status. Total Power (Main AC) Displays the total power provided by the MAIN AC power source. Total Power (RPS) Displays the total power provided by the redundant power source. Power Source Current source of system power (Main AC or RPS). Threshold Power System can power up one port, if consumed power is less than this power.
PAGE 79
M4100 Series Managed Switch The Unit list displays the current PoE unit. 8. To change the PoE unit, select another unit from the menu. 9. In the System Usage Threshold field, enter a number from 1 to 99. This sets the threshold level at which a trap is sent if consumed power is greater than the threshold power. 10. Select the Power Management Mode Dynamic or Static radio button. This setting describes or controls the power management algorithm used by the PSE to deliver power to the requesting PDs.
PAGE 80
M4100 Series Managed Switch The following table describes the PoE Configuration nonconfigurable fields. Table 23. Advanced PoE Configuration Field Description Units Displays the Current PoE Unit. You can change the PoE Unit by selecting another unit ID listed here. Firmware Version Version of the PoE controller's FW image. Power Status Indicates the power status. Total Power (Main AC) Displays the total power provided by the MAIN AC power source.
PAGE 81
M4100 Series Managed Switch 7. Select System > PoE > Advanced > PoE Port Configuration. 8. For Admin Mode, select Enable or Disable to determine the ability of the port to deliver power. 9. Use Port Priority to determine which ports can deliver power when the total power delivered by the system crosses a specific threshold. If the switch is not able to supply power to all connected devices, priority is used to determine which ports can supply power.
PAGE 82
M4100 Series Managed Switch 12. Select the Power Limit to define the maximum power in watts that can be delivered by a port. 13. The Detection Type describes a PD detection mechanism performed by the PSE port. • pre-ieee. Only legacy detection is done. • ieee. 4 Point Resistive Detection is done. • auto. 4 Point Resistive Detection followed by Legacy Detection is done.
PAGE 83
M4100 Series Managed Switch Table 24. PoE Port Configuration (continued) Field Description Status The status is the operational status of the port PD detection. • Disabled. No power being delivered. • DeliveringPower. Power is being drawn by the device. • Fault. Indicates a problem with the port. • Test. The port is in test mode. • otherFault. The port is idle due to an error condition. • Searching. The port is not in one of the above states.
PAGE 84
M4100 Series Managed Switch 6. Click the Login button. The web management interface menu displays. 7. Select System  SNMP  SNMP V1/V2  Community Configuration. 8. In the Community Name list, select an existing community name or select Create to create a new one. A valid entry is a case-sensitive string of up to 16 characters. 9. To denote a range of IP addresses that SNMP clients can use to access this device, complete the Client Address field and the Client IP Mask field.
PAGE 85
M4100 Series Managed Switch The default IP address of the switch is 169.254.100.100. The Login screen displays. 5. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button. The web management interface menu displays. 7. Select System  SNMP  SNMP V1/V2  Trap Configuration. This screen displays an entry for every active trap receiver. 8.
PAGE 86
M4100 Series Managed Switch • Status. Select the receiver's status from the menu: - Enable. Send traps to the receiver. - Disable. Do not send traps to the receiver. 10. To modify information about an existing SNMP recipient, select the check box next to the recipient, change the desired fields, and then click the APPLY button. Configuration changes take effect immediately. 11. To delete a recipient, select the check box next to the recipient and click the DELETE button.
PAGE 87
M4100 Series Managed Switch 9. Use Link Up/Down to enable or disable activation of link status traps by selecting the corresponding radio button. The factory default is enabled. 10. Use Multiple Users to enable or disable activation of multiple user traps by selecting the corresponding radio button. The factory default is enabled. This trap is triggered when the same user ID is logged in to the switch more than once at the same time either through Telnet or the serial port. 11.
PAGE 88
M4100 Series Managed Switch 7. Select System  SNMP  SNMP V1/V2  Supported MIBs. In the Name field, the screen displays the RFC number if applicable and the name of the MIB. Configure SNMP v3 Settings for a User  To configure SNMP v3 settings for a user: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4.
PAGE 89
M4100 Series Managed Switch The default IP address of the switch is 169.254.100.100. The Login screen displays. 5. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button. The web management interface menu displays. 7. Select System  SNMP  SNMP V3  User Configuration. 8. Use User Name to specify the user account to be configured. 9. Select the SNMP v3 Access Mode.
PAGE 90
M4100 Series Managed Switch LLDP Overview The IEEE 802.1AB-defined standard, Link Layer Discovery Protocol (LLDP), allows stations on an 802 LAN to advertise major capabilities and physical descriptions. This information is viewed by a network manager to identify system topology and detect bad configurations on the LAN. LLDP is a one-way protocol; there are no request/response sequences.
PAGE 91
M4100 Series Managed Switch 7. Select System  LLDP  Global Configuration. 8. Use Transmit Interval to specify the interval in seconds to transmit LLDP frames. The range is from 5 to 32768 secs. The default value is 30 seconds. 9. Use Transmit Hold Multiplier to specify the multiplier on Transmit Interval to assign TTL. The range is from 2 to 10 secs.The default value is 4. 10. Use Re-Initialization Delay to specify the delay before re-initialization. The range is from 1 to 10 secs.
PAGE 92
M4100 Series Managed Switch 7. Select System  LLDP  Interface Configuration. 8. Use Go To Port to enter the Port in unit/slot/port format and click the Go button. The entry corresponding to the specified port is selected. 9. Use Port to specify the list of ports on which LLDP - 802.1AB can be configured. 10. Link Status indicates whether the Link is up or down. 11. Use Transmit to specify the LLDP - 802.1AB transmit mode for the selected interface. 12. Use Receive to specify the LLDP - 802.
PAGE 93
M4100 Series Managed Switch 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. 5. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button.
PAGE 94
M4100 Series Managed Switch Table 25. LLDP statistics (continued) Field Description Total Deletes Specifies the number of times the complete set of information advertised by a particular MAC Service Access Point (MSAP) was deleted from tables associated with the remote systems.
PAGE 95
M4100 Series Managed Switch View LLDP Local Device Information  To view LLDP local device information: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. 5.
PAGE 96
M4100 Series Managed Switch Table 26. LLDP Local Device Information Field Description Port ID Subtype The string that describes the source of the port identifier. Port ID The string that describes the source of the port identifier. System Name The system name of the local system. System Description The description of the selected port associated with the local system. Port Description The description of the selected port associated with the local system.
PAGE 97
M4100 Series Managed Switch 7. Select System  LLDP  Remote Device Information. 8. Use Interface to select the local ports that can receive LLDP frames. The following table describes the LLDP Remote Device Information fields. Table 27. LLDP remote device information Field Description Remote ID The Remote ID. Chassis ID The chassis component associated with the remote system. Chassis ID Subtype The source of the chassis identifier. Port ID The port component associated with the remote system.
PAGE 98
M4100 Series Managed Switch View LLDP Remote Device Inventory  To view LLDP remote device inventory: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. 5.
PAGE 99
M4100 Series Managed Switch Configure LLDP-MED Global Settings You can specify LLDP-MED parameters that are applied to the switch.  To configure LLDP-MED global settings: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4. Enter the IP address of the switch in the web browser address field.
PAGE 100
M4100 Series Managed Switch 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. 5. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button.
PAGE 101
M4100 Series Managed Switch The following values are available: • MED Capabilities. Transmit the capabilities TLV in LLDP frames. • Network Policy. Transmit the network policy TLV in LLDP frames. • Location Identification. Transmit the location TLV in LLDP frames. • Extended Power via MDI - PSE. Transmit the extended PSE TLV in LLDP frames. • Extended Power via MDI - PD. Transmit the extended PD TLV in LLDP frames. • Inventory Information. To transmit the inventory TLV in LLDP frames.
PAGE 102
M4100 Series Managed Switch 8. Use Interface to select the ports on which LLDP-MED frames can be transmitted. The following table describes the LLDP-MED Local Device Information fields. Table 29. LLDP-MED local device information Field Description Network Policy Information: Specifies if the network policy TLV is present in the LLDP frames. Media Application Type The application type.
PAGE 103
M4100 Series Managed Switch Table 29. LLDP-MED local device information (continued) Field Description Hardware Revision The hardware version. Firmware Revision The Firmware version. Software Revision The Software version. Serial Number The serial number. Manufacturer Name The manufacturers name. Model Name The model name. Asset ID The asset ID. Location Information: Specifies if the location TLV is present in LLDP frames. Sub Type The type of location information.
PAGE 104
M4100 Series Managed Switch 8. Use Interface to select the ports on which LLDP-MED is enabled. The following table describes the LLDP-MED Remote Device Information fields. Table 30. LLDP-MED remote device information Field Description Capability Information: Specifies the supported and enabled capabilities that were received in MED TLV on this port. Supported Capabilities Specifies supported capabilities that were received in MED TLV on this port.
PAGE 105
M4100 Series Managed Switch Table 30. LLDP-MED remote device information (continued) Field Description Media Application Type The application type. Types of applications are unknown, voicesignaling, guestvoice, guestvoicesignalling, softphonevoice, videoconferencing, streammingvideo, and vidoesignalling. Each application type that is received has the VLAN ID, priority, DSCP, tagged bit status, and unknown bit status. A port can receive one or many such application types.
PAGE 106
M4100 Series Managed Switch Table 30. LLDP-MED remote device information (continued) Field Description Required The remote port's PD power requirement. Source The remote port's PD power source. Priority The remote port's PD power priority. View LLDP-MED Remote Device Inventory  To view LLDP-MED remote device inventory: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2.
PAGE 107
M4100 Series Managed Switch Table 31. LLDP-MED remote device inventory Field Definition MAC Address The MAC address associated with the remote system. System Model The model name of the remote device. Software Revision The software version of the remote device. ISDP Settings Overview You can configure ISDP global settings and the ISDP interface. Configure ISDP Global Settings  To configure ISDP global settings: 1. Prepare your computer with a static IP address in the 169.254.100.
PAGE 108
M4100 Series Managed Switch 8. Use Admin Mode to specify whether the ISDP service is to be Enabled or Disabled. The default value is Enabled. 9. Use Timer to specify the period of time between sending new ISDP packets. The range is 5 to 254 seconds. The default value is 30 seconds. 10. Use Hold Time to specify the hold time for ISDP packets that the switch transmits. The hold time specifies how long a receiving device should store information sent in the ISDP packet before discarding it.
PAGE 109
M4100 Series Managed Switch 6. Click the Login button. The web management interface menu displays. 7. Select System  ISDP  Advanced  Global Configuration. 8. Select the Admin Mode Enable radio button. The default value is Enable. 9. In the Timer field, specify the period of time between sending new ISDP packets. The range is 5 to 254 seconds. The default value is 30 seconds. 10. In the Hold Time field, specify the hold time for ISDP packets that the switch transmits.
PAGE 110
M4100 Series Managed Switch Configure the ISDP Interface  To configure the ISDP Interface: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. 5.
PAGE 111
M4100 Series Managed Switch View ISDP Neighbors  To view ISDP neighbors: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. 5. Enter the user name and password.
PAGE 112
M4100 Series Managed Switch Table 34. ISDP Neighbor Field Description Capability Displays the capability of the neighbor. These are supported: • Router • Trans Bridge • Source Route • Switch • Host • IGMP • Repeater Platform Display the model type of the neighbor. 0 to 32 Port ID Display the port ID of the neighbor. Hold Time Displays the hold time for ISDP packets that the neighbor transmits. Advertisement Version Displays the ISDP version sending from the neighbor.
PAGE 113
M4100 Series Managed Switch 7. Select System  ISDP  Advanced  Statistics. The following table describes the ISDP Statistics fields. Table 35. ISDP statistics Field Description ISDP Packets Received Displays the ISDP packets received including ISDPv1 and ISDPv2 packets. ISDP Packets Transmitted Displays the ISDP packets transmitted including ISDPv1 and ISDPv2 packets. ISDPv1 Packets Received Displays the ISDPv1 packets received.
PAGE 114
M4100 Series Managed Switch Configure Timers You can configure global timer settings and set up timer schedules. Configure the Global Timer Settings  To configure the timer global settings: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4. Enter the IP address of the switch in the web browser address field.
PAGE 115
M4100 Series Managed Switch Configure the Timer Schedule  To configure the timer schedule: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. 5.
PAGE 116
M4100 Series Managed Switch 10. Use the Recurrence Pattern to show with what period the event repeats. If recurrence is not needed (a timer schedule should be triggered just once), then set Date Stop as equal to Date Start. The following recurrence values are available: • Daily. The timer schedule works with daily recurrence. The Every WeekDay selection means that the schedule is triggered every day from Monday to Friday.
PAGE 117
3.
PAGE 118
M4100 Series Managed Switch VLAN Overview Adding Virtual LAN (VLAN) support to a Layer 2 switch offers some of the benefits of both bridging and routing. Like a bridge, a VLAN switch forwards traffic based on the Layer 2 header, which is fast, and like a router, it partitions the network into logical segments, which provides better administration, security, and management of multicast traffic. By default, all ports on the switch are in the same broadcast domain.
PAGE 119
M4100 Series Managed Switch 7. Select Switching VLAN  Basic  VLAN Configuration. 8. Specify the Reset Configuration setting. If you select this check box and click the APPLY button, all VLAN configuration parameters are reset to their factory default values. Also, all VLANs except for the default VLAN are deleted. The factory default values are as follows: • All ports are assigned to the default VLAN of 1. • All ports are configured with a PVID of 1.
PAGE 120
M4100 Series Managed Switch The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button. The web management interface menu displays. 7. Select Switching VLAN  Basic  VLAN Configuration. 8. Use Internal VLAN Allocation Base to specify the VLAN allocation base for the routing interface. The default base of the internal VLAN is 1 to 4093. 9.
PAGE 121
M4100 Series Managed Switch The web management interface menu displays. 7. Select Switching VLAN  Basic  VLAN Configuration. 8. Use VLAN ID to specify the VLAN Identifier for the new VLAN. The range of the VLAN ID is 1 to 4093. 9. Use the optional VLAN Name field to specify a name for the VLAN. It can be up to 32 alphanumeric characters long, including blanks. The default is blank. VLAN ID 1 always has a name of Default. 10. To add a new VLAN to the switch, click the ADD button. 11.
PAGE 122
M4100 Series Managed Switch The default IP address of the switch is 169.254.100.100. The Login screen displays. 5. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button. The web management interface menu displays. 7. Select Switching VLAN  Advanced  VLAN Configuration. 8. Select or clear the Reset Configuration check box.
PAGE 123
M4100 Series Managed Switch 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. 5. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button.
PAGE 124
M4100 Series Managed Switch 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. 5. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button.
PAGE 125
M4100 Series Managed Switch This is the access VLAN for the port, and is valid only when the port switchport mode is Access. 11. Select from the menu to configure the Native VLAN ID. This is the native VLAN for the port, and is valid only when the port switchport mode is Trunk. 12. Configure the Trunk Allowed VLANs, the set of VLANs of which the port can be a member when configured in Trunk mode. By default, this list contains all possible VLANs, even if they are not yet created.
PAGE 126
M4100 Series Managed Switch 6. Click the Login button. The web management interface menu displays. 7. Select Switching VLAN  Advanced  VLAN Membership. 8. Use VLAN ID to select the VLAN ID. 9. Use Group Operation to select all the ports and configure them: • Untag All. Select all the ports on which all frames transmitted for this VLAN are untagged. All the ports are included in the VLAN. • Tag All. Select the ports on which all frames transmitted for this VLAN are tagged.
PAGE 127
M4100 Series Managed Switch Table 38. VLAN Membership Field Definition VLAN Name The name for the VLAN that you selected. It can be up to 32 alphanumeric characters long, including blanks. VLAN ID 1 always has a name of Default. VLAN Type The type of the VLAN you selected. The VLAN type: • Default (VLAN ID = 1). Always present • Static. A VLAN you configured • Dynamic.
PAGE 128
M4100 Series Managed Switch The following table describes the nonconfigurable information displayed on the screen. Table 39. Advanced VLAN Status Field Definition VLAN ID The VLAN Identifier (VID) of the VLAN. The range of the VLAN ID is 1 to 4093. VLAN Name The name of the VLAN. VLAN ID 1 is always named `Default`. VLAN Type The type of the VLAN you selected. The VLAN type: • Default (VLAN ID = 1). Always present • Static. A VLAN you configured • Dynamic.
PAGE 129
M4100 Series Managed Switch The web management interface menu displays. 7. Select Switching VLAN  Advanced  Port PVID Configuration. 8. Click ALL to display information for all physical ports and LAGs. 9. Select the check box next to the interfaces to configure. You can select multiple interfaces to apply the same setting to the selected interfaces. Select the check box in the heading row to apply the same settings to all interfaces. 10. Use Interface to select the interface. 11.
PAGE 130
M4100 Series Managed Switch Configure a MAC-Based VLAN Group The MAC-based VLAN feature allows incoming untagged packets to be assigned to a VLAN and thus classifies traffic based on the source MAC address of the packet. You define MAC to VLAN mapping by configuring an entry in the MAC to VLAN table. An entry is specified through a source MAC address and the desired VLAN ID.
PAGE 131
M4100 Series Managed Switch 9. Use VLAN ID to specify a VLAN ID in the range of 1 to 4093. 10. To add a MAC address to VLAN mapping, click the ADD button. 11. To delete a MAC address to VLAN mapping, click the DELETE button. Configure a Protocol-Based VLAN Group You can use a protocol-based VLAN to define filtering criteria for untagged packets. By default, if you do not configure any port- (IEEE 802.1Q) or protocol-based VLANs, untagged packets are assigned to VLAN 1.
PAGE 132
M4100 Series Managed Switch 7. Select Switching VLAN  Advanced  Protocol Based VLAN Group Configuration. 8. Use Group Name to assign a name to a new group. You can enter up to 16 characters. 9. Use Protocol(s) to select the protocols to be associated with the group. There are three configurable protocols: IP, IPX, ARP. • IP. IP is a network layer protocol that provides a connectionless service for the delivery of data. • ARP.
PAGE 133
M4100 Series Managed Switch 3. Launch a web browser. 4. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. 5. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button. The web management interface menu displays. 7. Select Switching VLAN  Advanced  Protocol Based VLAN Group Membership. 8.
PAGE 134
M4100 Series Managed Switch Configure an IP Subnet–Based VLAN IP Subnet to VLAN mapping is defined by configuring an entry in the IP Subnet to VLAN table. An entry is specified through a source IP address, network mask, and the desired VLAN ID. The IP subnet to VLAN configurations are shared across all ports of the device.  To configure an IP subnet–based VLAN: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2.
PAGE 135
M4100 Series Managed Switch Configure Port DVLAN  To configure port DVLAN: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. 5. Enter the user name and password.
PAGE 136
M4100 Series Managed Switch Configure a Voice VLAN You can configure the parameters for a voice VLAN. Only a user with Read/Write access privileges can change the data on this screen.  To configure a voice VLAN: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4.
PAGE 137
M4100 Series Managed Switch • Disable. The default value. • None. Allow the IP phone to use its own configuration to send untagged voice traffic. • VLAN ID. Configure the phone to send tagged voice traffic. • dot1p. Configure voice VLAN 802.1p priority tagging for voice traffic. When this is selected, enter the dot1p value in the Value field. • Untagged. Configure the phone to send untagged voice traffic. 11. Use Value to enter the VLAN ID or dot1p value.
PAGE 138
M4100 Series Managed Switch 7. Select Switching VLAN  Advanced  GARP Switch Configuration. 8. Select the GVRP Mode Disable or Enable radio button. This sets the GARP VLAN Registration Protocol administrative mode for the switch. The factory default is Disable. 9. Select the GMRP Mode Disable or Enable radio button. This sets the GARP Multicast Registration Protocol administrative mode for the switch. The factory default is Disable.
PAGE 139
M4100 Series Managed Switch 7. Select Switching VLAN  Advanced  GARP Port Configuration. 8. Use the Interface check boxes to select the physical interface. 9. In the Port GVRP Mode field, select Disable or Enable. This specifies the GARP VLAN Registration Protocol administrative mode for the port. If you select Disable, the protocol is not active and the join time, leave time, and leave all time have no effect. The factory default is Disable. 10. In the Port GMRP Mode field, select Disable or Enable.
PAGE 140
M4100 Series Managed Switch factory default is 1000 centiseconds (10 seconds). An instance of this timer exists for each GARP participant for each port. Auto-VoIP Overview The Auto-VoIP feature enables manual and auto assignment of VoIP phone traffic to a special VLAN (such as, voice VLAN), allowing the assignment of special QoS parameters to that traffic, giving it high priority services. Configure Protocol-Based Port Settings  To configure protocol-based port settings: 1.
PAGE 141
M4100 Series Managed Switch 8. Use Prioritization Type to specify the type of prioritization. It can be Traffic Class or Remark. 9. Use Class Value to specify the CoS tag value to be reassigned for packets received on the voice VLAN when Remark CoS is enabled. 10. Click the APPLY button. The settings are sent to the switch. Configuration changes take effect immediately. These changes are not retained across a power cycle unless you save the configuration. See Save Configuration on page 405.
PAGE 142
M4100 Series Managed Switch The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button. The web management interface menu displays. 7. Select Switching > Auto-VoIP > OUI-based Properties. 8. In the Auto-VoIP VLAN ID field, specify the VoIP VLAN ID on the switch. The range is 1 to 4093. A VLAN ID value of 0 implies that there is no Auto-VoIP VLAN configured. VLAN ID default value is 2. 9.
PAGE 143
M4100 Series Managed Switch 6. Click the Login button. The web management interface menu displays. 7. Select Switching > Auto-VoIP > OUI-based Port Settings. The screen displays the current operational status of the interface. 8. Use the Interface check boxes to select the interface. 9. In the Auto VoIP Mode menu, select Enable or Disable. This sets the AutoVoIP mode on the selected interface. The default value is Enable. 10. In the Go To Interface field, type the number of an interface. 11.
PAGE 144
M4100 Series Managed Switch The Login screen displays. 5. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button. The web management interface menu displays. 7. Select Switching > Auto-VoIP > OUI-based OUI Table. 8. Use Telephony OUI(s) to select the VoIP OUI prefix to be added in the format AA:BB:CC. Up to 128 OUIs can be configured. 9.
PAGE 145
M4100 Series Managed Switch Your settings are saved. View the Auto-VoIP Status  To display the Auto-VoIP status: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. 5.
PAGE 146
M4100 Series Managed Switch modifications in the working but not the end effect (chief among the effects is the rapid transitioning of the port to Forwarding). The difference between the RSTP and the traditional STP (IEEE 802.1D) is the ability to configure and recognize full-duplex connectivity and ports that are connected to end stations, resulting in rapid transitioning of the port to Forwarding state and the suppression of Topology Change Notification.
PAGE 147
M4100 Series Managed Switch 7. Select Switching > STP > Basic  STP Configuration. 8. Select the Spanning Tree Admin Mode Disable or Enable radio button. This specifies whether spanning tree operation is enabled on the switch. 9. Use Force Protocol Version to specify the Force Protocol Version parameter for the switch. The options are IEEE 802.1d, IEEE 802.1w, and IEEE 802.1s. 10. In the Configuration Name field, specify an identifier used to identify the configuration currently being used.
PAGE 148
M4100 Series Managed Switch connected to hosts that typically drop BPDUs. If an operational edge port receives a BPDU, it immediately loses its operational status. In that case, if BPDU filtering is enabled on this port then the BPDUs received on this port are dropped. The following table describes the nonconfigurable information displayed on the screen. Table 42. STP Configuration Field Description Configuration Digest Key Identifier used to identify the configuration currently being used.
PAGE 149
M4100 Series Managed Switch 7. Select Switching > STP > Advanced  STP Configuration. 8. Select the Spanning Tree Admin Mode Disable or Enable radio button. This specifies whether spanning tree operation is enabled on the switch. 9. Select a Force Protocol Version radio button. This specifies the Force Protocol Version parameter for the switch. The options are IEEE 802.1d, IEEE 802.1w, and IEEE 802.1s. 10.
PAGE 150
M4100 Series Managed Switch BPDU, it immediately loses its operational status. In that case, if BPDU filtering is enabled on this port, and the BPDUs received on this port are dropped. The following table describes the nonconfigurable information displayed on the screen. Table 43. Advanced STP Configuration Field Description Configuration Digest Key Identifier used to identify the configuration currently being used.
PAGE 151
M4100 Series Managed Switch 7. Select Switching > STP > Advanced  CST Configuration. 8. Specify values for CST in the appropriate fields: • Bridge Priority. When switches or bridges are running STP, each is assigned a priority. After exchanging BPDUs, the switch with the lowest priority value becomes the root bridge. Specify the bridge priority value for the Common and Internal Spanning Tree (CST). The valid range is 0–61440. The bridge priority is a multiple of 4096.
PAGE 152
M4100 Series Managed Switch • Spanning Tree Maximum Hops. Specifies the maximum number of bridge hops the information for a particular CST instance can travel before being discarded. The valid range is 1–127. • Spanning Tree Tx Hold Count. Configures the maximum number of BPDUs the bridge is allowed to send within the hello time window. The default value is 6. The following table describes the nonconfigurable information displayed on the screen. Table 44.
PAGE 153
M4100 Series Managed Switch The default IP address of the switch is 169.254.100.100. The Login screen displays. 5. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button. The web management interface menu displays. 7. Select Switching > STP > Advanced  CST Port Configuration. 8.
PAGE 154
M4100 Series Managed Switch This setting configures the BPDU flood, which floods the BPDU traffic arriving on this port when STP is disabled on this port. 15. In the Auto Edge field select Disable or Enable. This configures the auto edge mode of a port, which allows the port to become an edge port if it does not see BPDUs for some duration. 16. In the Root Guard field, select Disable or Enable.
PAGE 155
M4100 Series Managed Switch 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. 5. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button.
PAGE 156
M4100 Series Managed Switch Table 46. CST port status (continued) Field Description Designated Bridge Bridge identifier of the bridge with the designated port. It is made up using the bridge priority and the base MAC address of the bridge. Designated Port Port Identifier on the designated bridge that offers the lowest cost to the LAN. It is made up from the port priority and the interface number of the port.
PAGE 157
M4100 Series Managed Switch 6. Click the Login button. The web management interface menu displays. 7. Select Switching > STP > Advanced  MST Configuration. 8. To add an MST instance, configure the MST values and click the ADD button: • MST ID. Specify the ID of the MST to create. Valid values for this are between 1 and 4094. • Priority. Specifiy the bridge priority value for the MST. When switches or bridges are running STP, each is assigned a priority.
PAGE 158
M4100 Series Managed Switch Table 47. MST Configuration (continued) Field Description Topology Change The value of the topology change parameter for the switch, indicating if a topology change is in progress on any port assigned to the selected MST instance. It takes a value if True or False. Designated Root The bridge identifier of the root bridge. It is made up from the bridge priority and the base MAC address of the bridge Root Path Cost Path cost to the designated root for this MST instance.
PAGE 159
M4100 Series Managed Switch 7. Select Switching  STP  Advanced  MST Port Status. Note: If no MST instances were configured on the switch, the screen displays a No MSTs Available message and does not display the fields shown in the field description table that follows. 8. Use MST ID to select one MST instance from existing MST instances. 9. Use Interface to select one of the physical or port channel interfaces associated with VLANs associated with the selected MST instance. 10.
PAGE 160
M4100 Series Managed Switch The following table describes the read-only MST port configuration information displayed on the Spanning Tree MST Configuration screen. Table 48. MST Port Status Field Description Auto Calculated Port Path Cost Displays whether the path cost is automatically calculated (Enabled) or not (Disabled). Path cost is calculated based on the link speed of the port if the configured value for Port path cost is zero.
PAGE 161
M4100 Series Managed Switch The Login screen displays. 5. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button. The web management interface menu displays. 7. Select Switching  STP  Advanced  STP Statistics. The following table describes the information available on the STP Statistics screen. Table 49.
PAGE 162
M4100 Series Managed Switch Configure Multicast You can configure bridge multicast forwarding and manage MFBD and IGMP snooping. Configure Bridge Multicast Forwarding When you create a VLAN, a default multicast forwarding option is assigned. You can use the Global Multicast Mode setting to set all VLANs currently configured on the switch to a selected forwarding mode.
PAGE 163
M4100 Series Managed Switch • Forward Unregistered: If a packet is received from a VLAN with a multicast destination address and no ports in the VLAN are registered to receive multicast packets for that address, then the packet is flooded to all ports in the VLAN. The responsibility for accepting or dropping the packets belongs to the hosts. If a multicast packet is received and there are ports registered to receive it, the packet is sent only to the registered ports.
PAGE 164
M4100 Series Managed Switch 7. Select Switching > Multicast > MFDB  MFDB Table. 8. Use Search by MAC Address to enter a MAC address whose MFDB table entry you want displayed. Enter six two-digit hexadecimal numbers separated by colons, for example 00:01:23:43:45:67. Then click the GO button. If the address exists, that entry is displayed. An exact match is required. The following table describes the nonconfigurable information displayed on the screen. Table 50.
PAGE 165
M4100 Series Managed Switch The default IP address of the switch is 169.254.100.100. The Login screen displays. 5. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button. The web management interface menu displays. 7. Select Switching > Multicast > MFDB  MFDB Statistics.
PAGE 166
M4100 Series Managed Switch Allowing switches to snoop IGMP packets is a creative effort to solve this problem. The switch uses the information in the IGMP packets as they are being forwarded throughout the network to determine which segments should receive packets directed to the group address. Configure IGMP Snooping Interface Settings You can configure IGMP snooping settings on specific interfaces.  To configure IGMP snooping interface settings: 1.
PAGE 167
M4100 Series Managed Switch 8. Use the Interface check boxes to select the interface. 9. In the Admin Mode field, select Enable or Disable. This specifies interface mode for the selected interface for IGMP snooping for the switch. The default is Disable. 10. In the Group Membership Interval field, specify the amount of time you want the switch to wait for a report for a particular group on a particular interface before it deletes that interface from the group. Enter a value between 1 and 3600 seconds.
PAGE 168
M4100 Series Managed Switch The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button. The web management interface menu displays. 7. Select Switching Multicast  IGMP Snooping  IGMP VLAN Configuration. 8. To enable IGMP snooping on a VLAN, enter the VLAN ID in the appropriate field and configure the IGMP snooping values: • For Admin Mode, select Enable or Disable for IGMP snooping for the specified VLAN ID.
PAGE 169
M4100 Series Managed Switch needed only when you want to make sure that the multicast router always receives IGMP packets from the switch in a complex network.  To configure IGMP snooping for a multicast router: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4.
PAGE 170
M4100 Series Managed Switch  To configure IGMP snooping for a multicast router VLAN: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. 5.
PAGE 171
M4100 Series Managed Switch  To configure IGMP snooping querier: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. 5. Enter the user name and password.
PAGE 172
M4100 Series Managed Switch The querier expiry interval must be a value in the range of 60 and 300. The default value is 125. Table 51. IGMP Snooping Querier Configuration Field Description VLAN IDs Enabled For IGMP Snooping Querier Displays VLAN IDs enabled for IGMP snooping querier. IGMP Snooping Querier VLAN Configuration You can configure IGMP queriers for use with VLANs on the network.  To configure IGMP queriers for use with VLANs: 1. Prepare your computer with a static IP address in the 169.
PAGE 173
M4100 Series Managed Switch • VLAN ID. Specifies the VLAN ID for which the IGMP snooping querier is to be enabled. • Querier Election Participate Mode. Enable or disable querier participate mode. • • Disabled. Upon seeing another querier of the same version in the VLAN, the snooping querier moves to the non-querier state. • Enabled. The snooping querier participates in querier election, in which the least IP address operates as the querier in that VLAN. The other querier moves to non-querier state.
PAGE 174
M4100 Series Managed Switch Configure MLD Snooping You can configure the parameters for MLD snooping, which is used to build forwarding lists for multicast traffic. Note that only a user with Read/Write access privileges can change the data on this screen.  To configure MLD snooping: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3.
PAGE 175
M4100 Series Managed Switch Table 53. MLD Snooping Configuration Field Definition Interfaces Enabled for MLD Snooping A list of all the interfaces currently enabled for MLD snooping. VLAN Ids Enabled For MLD Snooping Displays VLAN IDs enabled for MLD snooping. Configure MLD Snooping for an Interface  To configure MLD snooping for an interface: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2.
PAGE 176
M4100 Series Managed Switch The Interface field display all physical, VLAN, and LAG interfaces. 8. Select an interface. 9. In the Admin Mode list, select Disable or Enable. This is the interface mode for the selected interface for MLD snooping for the switch. The default is Disable. 10. In the Group Membership Interval (secs) field, specify the amount of time you want the switch to wait for a report for a particular group on a particular interface before it deletes that interface from the group.
PAGE 177
M4100 Series Managed Switch 6. Click the Login button. The web management interface menu displays. 7. Select Switching Multicast  MLD Snooping  MLD VLAN Configuration. 8. Select VLAN ID check boxes for VLAN IDs for which MLD snooping is enabled. 9. In the Admin Mode list, select Enable to enable MLD snooping for the specified VLAN ID. 10. Use Fast Leave Admin Mode to enable or disable the MLD snooping Fast Leave Mode for the specified VLAN ID. 11.
PAGE 178
M4100 Series Managed Switch The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button. The web management interface menu displays. 7. Select Switching Multicast  MLD Snooping  Multicast Router Configuration. 8. Select the interface. 9. In the Multicast Router list, select Enable or Disable for the selected interface. Configure a Multicast Router VLAN  To configure a multicast router VLAN: 1.
PAGE 179
M4100 Series Managed Switch 7. Select Switching Multicast  MLD Snooping  Multicast Router VLAN Configuration. 8. Select the interface. 9. In the VLAN ID list, select the VLAN ID. 10. In the Multicast Router list, select Enable or Disable. This enables or disables the multicast router for the VLAN ID. Configure the MLD Snooping Querier You can configure the parameters for the MLD snooping querier. Only a user with Read/Write access privileges can change the data on this screen.
PAGE 180
M4100 Series Managed Switch 7. Select Switching Multicast  MLD Snooping  Querier Configuration. 8. Select the Querier Admin Mode Disable or Enable radio button. This specifies the administrative mode for MLD snooping for the switch. The default is Disable. 9. In the Querier Address field, specify the snooping querier address to be used as source address in periodic MLD queries. This address is used when no address is configured on the VLAN on which query is being sent.
PAGE 181
M4100 Series Managed Switch 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. 5. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button.
PAGE 182
M4100 Series Managed Switch The following table describes the nonconfigurable information displayed on the screen. Table 55. MLD Snooping Querier VLAN Configuration Field Description Operational State Specifies the operational state of the MLD snooping querier on a VLAN. It can be in any of the following states: • Querier: The snooping switch is the querier in the VLAN. The snooping switch sends out periodic queries with a time interval equal to the configured querier query interval.
PAGE 183
M4100 Series Managed Switch The web management interface menu displays. 7. Select Switching > MVR > Basic > MVR Configuration. 8. Select the MVR Running Enable or Disable radio button. The factory default is Disable. 9. In the MVR multicast field, specify the VLAN on which MVR multicast data is received. All source ports belong to this VLAN. The value can be set in a range of 1 to 4093. The default value is 1. The following table describes the nonconfigurable information displayed on the screen. Table 56.
PAGE 184
M4100 Series Managed Switch 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. 5. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button.
PAGE 185
M4100 Series Managed Switch 13. Click the APPLY button. The updated configuration is sent to the switch. Configuration changes take effect immediately. The following table describes the nonconfigurable information displayed on the screen. Table 57. MVR Configuration Field Definition MVR Max Multicast Groups Displays the maximum number of multicast groups that MVR supports. MVR Current Multicast Groups Displays current number of the MVR groups allocated.
PAGE 186
M4100 Series Managed Switch It is a service option helping user to create multiple MVR groups through the single click of the ADD button. If the field is empty, then clicking the button creates only one new group. The field is displayed as empty for each particular group. The range is from 1 to 256. 10. To add a new MVR group, click the ADD button. 11. To delete a selected MVR group, click the DELETE button. The following table describes the nonconfigurable information displayed on the screen. Table 58.
PAGE 187
M4100 Series Managed Switch 7. Select Switching > MVR > Advanced > MVR Interface Configuration. The Status field displays the status for each port. 8. Select Interface check boxes for the interface. 9. In the Admin Mode list, select Enable or Disable. This enables or disables MVR on a port. The factory default is Disable. 10. In the Type list, select receiver or sourcet. This sets the MVR port as a receiver or source port. The default port type is none. 11.
PAGE 188
M4100 Series Managed Switch The default IP address of the switch is 169.254.100.100. The Login screen displays. 5. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button. The web management interface menu displays. 7. Select Switching > MVR > Advanced > MVR Group Membership. 8. In the Group IP list, specify the IP multicast address of the MVR group. 9.
PAGE 189
M4100 Series Managed Switch 7. Select Switching > MVR > Advanced > MVR Statistics. 8. Click the REFRESH button to refresh the screen to show the latest MVR statistics. The following table describes the nonconfigurable information displayed on the screen. Table 59. MVR Statistics Field Definition IGMP Query Received Displays the number of received IGMP queries. IGMP Report V1 Received Displays the number of received IGMP reports V1.
PAGE 190
M4100 Series Managed Switch View the MAC Address Table This table contains information about unicast entries for which the switch has forwarding or filtering information. This information is used by the transparent bridging function in determining how to propagate a received frame.  To view the MAC Address Table: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2.
PAGE 191
M4100 Series Managed Switch 7. Select Switching > Address Table > Advanced  Address Table. 8. Use Search By to search by MAC address, VLAN ID, or port. • Searched by MAC Address. Select MAC address and enter the 6-byte hexadecimal MAC address in two-digit groups separated by colons, for example, 01:23:45:67:89:AB. Then click the Go button. If the address exists, that entry is displayed as the first entry followed by the remaining (greater) MAC addresses. An exact match is required.
PAGE 192
M4100 Series Managed Switch The following table describes the nonconfigurable information displayed on the screen. Table 60. MAC Address Table Field Description Total MAC Address Displaying the number of total MAC addresses learned or configured. MAC Address A unicast MAC address for which the switch has forwarding or filtering information. The format is a 6 byte MAC address that is separated by colons, for example, 01:23:45:67:89:AB. VLAN ID The VLAN ID associated with the MAC address.
PAGE 193
M4100 Series Managed Switch 7. Select Switching > Address Table> Advanced  Dynamic Addresses. 8. Use Address Aging Timeout (seconds) to specify the time-out period in seconds for aging out dynamically learned forwarding information. 802.1D-1990 recommends a default of 300 seconds. The value can be specified as any number between 10 and 1000000 seconds. The factory default is 300. Configure a Static MAC Address  To configure a MAC address: 1. Prepare your computer with a static IP address in the 169.
PAGE 194
M4100 Series Managed Switch 8. Use Interface to select the physical interface or LAG. 9. Use the Static MAC Address to input the MAC address. 10. Select the VLAN ID associated with the MAC address. 11. To add a new static MAC address to the switch, click the ADD button. 12. To delete a static MAC address from the switch, click the DELETE button. Configure Port Settings You can configure the physical interfaces on the switch.  To configure port settings: 1.
PAGE 195
M4100 Series Managed Switch 9. Use STP Mode to select the Spanning Tree Protocol administrative mode for the port or LAG. The possible values are as follows: • Enable -Select this to enable the Spanning Tree Protocol for this port. • Disable -Select this to disable the Spanning Tree Protocol for this port. 10. Use the Admin Mode menu to select the port control administration state. You must select Enable if you want the port to participate in the network. The factory default is enabled. 11.
PAGE 196
M4100 Series Managed Switch Enter a Port Description  To specify a port description: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. 5.
PAGE 197
M4100 Series Managed Switch The following table describes the nonconfigurable information displayed on the screen. Table 62. Port Description Field Description Port Selects the interface. MAC Address Displays the physical address of the specified interface. PortList Bit Offset Displays the bit offset value that corresponds to the port when the MIB object type PortList is used to manage in SNMP. ifIndex Displays the interface index associated with the port.
PAGE 198
M4100 Series Managed Switch The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button. The web management interface menu displays. 7. Select Switching LAG  LAG Configuration. 8. Use LAG Name to enter the name you want assigned to the LAG. You can enter any string of up to 15 alphanumeric characters. A valid name must be specified for you to create the LAG. 9. Use the list to enable or disable Admin Mode.
PAGE 199
M4100 Series Managed Switch 11. Use STP Mode to enable or disable the Spanning Tree Protocol administrative mode associated with the LAG. The possible values are as follows: • Disable — Spanning tree is disabled for this LAG. • Enable — Spanning tree is enabled for this LAG. 12. Use Static Mode to select enable or disable. When the LAG is enabled, it does not transmit or process received LACPDUs, for example, the member ports do not transmit LACPDUs and all the LACPDUs it can receive are dropped.
PAGE 200
M4100 Series Managed Switch The default IP address of the switch is 169.254.100.100. The Login screen displays. 5. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button. The web management interface menu displays. 7. Select Switching LAG  LAG Membership. 8. Use LAG ID to select the identification of the LAG. 9. Use LAG Name to enter the name you want assigned to the LAG.
PAGE 201
M4100 Series Managed Switch When the LAG is enabled, it does not transmit or process received LACPDUs, for example, the member ports do not transmit LACPDUs and all the LACPDUs it can receive are dropped. The factory default is Disable. 15. Use Hash Mode to select the load-balancing mode used on a port channel (LAG). Traffic is balanced on a port channel (LAG) by selecting one of the links in the channel over which to transmit specific packets.
PAGE 202
4.
PAGE 203
M4100 Series Managed Switch Manage the Routing Table The Routing Table collects routes from multiple sources: static routes and local routes. The Routing Table can use multiple routes to the same destination from multiple sources. The Routing Table lists all routes. Configure Basic Routes  To configure basic routes: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2.
PAGE 204
M4100 Series Managed Switch 11. Next Hop IP Address displays the outgoing router IP address to use when forwarding traffic to the next router (if any) in the path toward the destination. The next router is always one of the adjacent neighbors or the IP address of the local interface for a directly attached network. 12. Preference displays an integer value from 1 to 255. You can specify the preference value (sometimes called administrative distance) of an individual static route.
PAGE 205
M4100 Series Managed Switch Configure Advanced Routes  To configure advanced routes: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. 5.
PAGE 206
M4100 Series Managed Switch • Preference displays an integer value from (1 to 255). You can specify the preference value (sometimes called administrative distance) of an individual static route. Among routes to the same destination, the route with the lowest preference value is the route entered into the forwarding database. By specifying the preference of a static route, the user controls whether a static route is more or less preferred than routes from dynamic routing protocols.
PAGE 207
M4100 Series Managed Switch Table 65. Route Configuration, Learned Routes Table Field Description Preference The preference is an integer value from 0 to 255. You can specify the preference value (sometimes called administrative distance) of an individual static route. Among routes to the same destination, the route with the lowest preference value is the route entered into the forwarding database.
PAGE 208
M4100 Series Managed Switch 7. Select Routing Routing Table  Advanced  Route Preferences. 8. Use Static to specify the static route preference value in the router. The default value is 1. The range is 1 to 255. Configure IP Settings You can configure routing parameters for the switch, as opposed to an interface.  To change the IP configuration: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2.
PAGE 209
M4100 Series Managed Switch 7. Select Routing  IP  Basic  IP Configuration. The screen displays the default time to live, the maximum next hops, and the maximum routes. 8. Select the Routing Mode Enable or Disable radio button. You must enable routing for the switch before you can route through any of the interfaces. The default value is disable. 9. Select the ICMP Echo Replies Enable or Disable radio button. If ICMP echo replies are enabled, then only the router can send ECHO replies.
PAGE 210
M4100 Series Managed Switch 15. Click the APPLY button. The settings are sent to the switch. Configuration changes take effect immediately. These changes are not retained across a power cycle unless you save the configuration. See Save Configuration on page 405. View IP Statistics The statistics reported on this screen are as specified in RFC 1213.  To view IP statistics: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2.
PAGE 211
M4100 Series Managed Switch 7. click Routing IP Basic  Statistics. The following table describes the nonconfigurable information displayed on the screen. Table 66. IP statistics Field Description IpInReceives The total number of input datagrams received from interfaces, including those received in error.
PAGE 212
M4100 Series Managed Switch Table 66. IP statistics (continued) Field Description IpForwDatagrams The number of input datagrams for which this entity was not their final IP destination, as a result of which an attempt was made to find a route to forward them to that final destination. In entities that do not act as IP gateways, this counter includes only those packets that were source-routed through this entity, and the source-route option processing was successful.
PAGE 213
M4100 Series Managed Switch Table 66. IP statistics (continued) Field Description IpFragCreates The number of IP datagram fragments that were generated as a result of fragmentation at this entity. IpRoutingDiscards The number of routing entries that were discarded even though they are valid. One possible reason for discarding such an entry could be to free up buffer space for other routing entries. IcmpInMsgs The total number of ICMP messages that the entity received.
PAGE 214
M4100 Series Managed Switch Table 66. IP statistics (continued) Field Description IcmpOutEchoReps The number of ICMP Echo Reply messages sent. IcmpOutTimestamps The number of ICMP Timestamp (request) messages. IcmpOutTimestampReps The number of ICMP Timestamp Reply messages sent. IcmpOutAddrMasks The number of ICMP Address Mask Request messages sent. Configure Advanced IP Settings You can configure routing parameters for the switch as opposed to an interface.
PAGE 215
M4100 Series Managed Switch 8. Select the Routing Mode Enable or Disable radio button. You must enable routing for the switch before you can route through any of the interfaces. The default value is disabled. 9. Select the ICMP Echo Replies Enable or Disable radio button. If ICMP echo replies are enabled, then only the router can send ECHO replies. By default ICMP echo replies are sent for echo requests. 10. Select the ICMP Redirects Enable or Disable radio button.
PAGE 216
M4100 Series Managed Switch The following table describes the nonconfigurable information displayed on the screen. Table 67. IP Configuration Field Description Default Time to Live The default value inserted into the Time-To-Live field of the IP header of datagrams originated by the switch, if a TTL value is not supplied by the transport layer protocol. Maximum Next Hops The maximum number of hops supported by the switch. This is a compile-time constant.
PAGE 217
M4100 Series Managed Switch The following table describes the nonconfigurable information displayed on the screen. Table 68. IP statistics Field Description IpInReceives The total number of input datagrams received from interfaces, including those received in error.
PAGE 218
M4100 Series Managed Switch Table 68. IP statistics (continued) Field Description IpInDiscards The number of input IP datagrams for which no problems were encountered to prevent their continued processing, but that were discarded (such as for lack of buffer space). Note that this counter does not include any datagrams discarded while awaiting reassembly. IpInDelivers The total number of input datagrams successfully delivered to IP user protocols (including ICMP).
PAGE 219
M4100 Series Managed Switch Table 68. IP statistics (continued) Field Description IcmpInErrors The number of ICMP messages that the entity received but determined as having ICMP-specific errors (bad ICMP checksums, bad length, and so on). IcmpInDestUnreachs The number of ICMP Destination Unreachable messages received. IcmpInTimeExcds The number of ICMP Time Exceeded messages received. IcmpInParmProbs The number of ICMP Parameter Problem messages received.
PAGE 220
M4100 Series Managed Switch Table 68. IP statistics (continued) Field Description IcmpOutAddrMasks The number of ICMP Address Mask Request messages sent. IcmpOutAddrMaskReps The number of ICMP Address Mask Reply messages sent. Configure an IP Interface You can update IP interface data for this switch.  To configure an IP Interface: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2.
PAGE 221
M4100 Series Managed Switch The entry corresponding to the specified interface is selected. 9. Use Port to select the interface. 10. Use Description to enter the description for the interface. 11. Use IP Address Configuration Method to enter the method by which an IP address is configured on the interface. There are three methods: None, Manual, and DHCP. By default the method is None. Method None should be used to reset the DHCP method.
PAGE 222
M4100 Series Managed Switch 23. Use IP MTU to specify the maximum size of IP packets sent on an interface. The valid range is 68 bytes to the link MTU. The default value is 0. A value of 0 indicates that the IP MTU is unconfigured. When the IP MTU is unconfigured, the router uses the link MTU as the IP MTU. The IP MTU is the maximum frame size minus the length of the Layer 2 header. To delete the IP address from the selected interface, click the DELETE button.
PAGE 223
M4100 Series Managed Switch 7. Select Routing IP  Advanced  Secondary IP. The screen displays the VLAN ID and primary IP address for this interface. 8. In the Routing Interface list, select the interface. 9. In the Secondary IP Address field, add a secondary IP address to the selected interface. 10. In the Secondary IP Subnet Mask field, enter the subnet mask for the interface.
PAGE 224
M4100 Series Managed Switch Use the VLAN Static Routing Wizard The VLAN Static Routing Wizard creates a VLAN, adds selected ports to the VLAN. The VLAN Wizard gives the user the option to add the selected ports as a link aggregation groups (LAGs). The wizard does the following:  • Creates a VLAN and generates a unique name for VLAN. • Adds selected ports to the newly created VLAN and removes selected ports from the default VLAN.
PAGE 225
M4100 Series Managed Switch The range of the VLAN ID is 1 to 4093. 9. Use Ports to display selectable physical ports and LAGs (if any). Selected ports are added to the routing VLAN. Each port has three modes: • T (Tagged). Select the ports on which all frames transmitted for this VLAN are tagged. The ports that are selected are included in the VLAN. • U (Untagged). Select the ports on which all frames transmitted for this VLAN are untagged. The ports that are selected are included in the VLAN.
PAGE 226
M4100 Series Managed Switch 7. Select Routing VLAN VLAN Routing. The screen displays the port interface and MAC address assigned to the VLAN for routing. 8. Use IP Address to enter the IP address to be configured for the VLAN routing interface. 9. Use Subnet Mask to enter the subnet mask to be configured for the VLAN routing interface. 10. To add the VLAN routing Interface specified in the VLAN ID field to the switch configuration, click the ADD button. 11.
PAGE 227
M4100 Series Managed Switch information seen on the network, periodically refreshed to determine if an address still exists, or removed from the cache if the entry has not been identified as a sender of an ARP packet during the course of an ageout interval, usually specified through configuration. Display ARP Cache Entries  To display the ARP cache entries: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2.
PAGE 228
M4100 Series Managed Switch Configure the Static ARP Cache  To configure the static ARP cache: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. 5.
PAGE 229
M4100 Series Managed Switch The following table describes the nonconfigurable information displayed on the screen. Table 70. ARP Cache Field Description Port The associated Unit/Slot/Port of the connection IP Address Displays the IP address. It must be the IP address of a device on a subnet attached to one of the switch's existing routing interfaces. MAC Address The unicast MAC address of the device.
PAGE 230
M4100 Series Managed Switch 7. Select Routing ARP  Advanced  ARP Table Configuration. 8. To configure the ARP Table, do the following: • Use Age Time to enter the value for the switch to use for the ARP entry ageout time. You must enter a valid integer, which represents the number of seconds it takes for an ARP entry to age out. The range for this field is 15 to 21600 seconds. The default value for Age Time is 1200 seconds.
PAGE 231
M4100 Series Managed Switch This appears only if the user selects Specific Dynamic/Gateway Entry or Specific Static Entry in the Remove from Table list. The following table describes the nonconfigurable information displayed on the screen. Table 71. ARP Table Configuration Field Description Total Entry Count Total number of entries in the ARP table. Peak Total Entries Highest value reached by Total Entry Count. This counter value is restarted whenever the ARP Table Cache Size value is changed.
PAGE 232
M4100 Series Managed Switch 7. Select Routing Router Discovery. 8. Select the Interface check box for the router interface. 9. Use Advertise Mode to select Enable or Disable. If you select Enable, router advertisements are transmitted from the selected interface. 10. Use Advertise Address to select Enable or Disable. If you select Enable, router advertisements are transmitted from the selected interface. 11.
PAGE 233
5.
PAGE 234
M4100 Series Managed Switch QoS Overview You can configure Quality of Service (QoS) settings on the switch. In a typical switch, each physical port consists of one or more queues for transmitting packets on the attached network. Multiple queues per port are often provided to give preference to certain packets over others based on user-defined criteria.
PAGE 235
M4100 Series Managed Switch Configure CoS  To configure CoS: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. 5. Enter the user name and password.
PAGE 236
M4100 Series Managed Switch The default value is untrusted. 12. Click the APPLY button. The updated configuration is sent to the switch. Map 802.1p Priorities to Queues  To map 802.1p priorities to queues: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4.
PAGE 237
M4100 Series Managed Switch The values in each list represent the traffic class. The traffic class is the hardware queue for a port. Higher traffic class values indicate a higher queue position. Before traffic in a lower queue is sent, it must wait for traffic in higher queues to be sent. 10. Click the APPLY button. Your changes are applied to the system. Map IP DSCP Values to Queues You can specify the internal traffic class to map to the corresponding DSCP value.  To map DSCP values to queues: 1.
PAGE 238
M4100 Series Managed Switch 7. Select QoS  CoS  Advanced  IP DSCP to Queue Mapping. The IP DSCP field displays an IP DSCP value from 0 to 63. 8. For each DSCP value, specify which internal traffic class to map to the corresponding IP DSCP value. The queue number depends on the specific hardware. 9. Click the APPLY button. Your settings are applied to the system. Configure CoS Settings for an Interface You can apply an interface shaping rate to all interfaces or to a specific interface.
PAGE 239
M4100 Series Managed Switch 6. Click the Login button. The web management interface menu displays. 7. Select QoS  CoS > Advanced > CoS Interface Configuration. 8. Use Interface to specify all CoS configurable interfaces. 9. Use Interface Trust Mode to specify whether to trust a particular packet marking at ingress. Interface Trust Mode can be only one of the following: • untrusted • trust dot1p • trust ip-dscp The default value is trust dot1p. 10.
PAGE 240
M4100 Series Managed Switch The configuration process is simplified by allowing each CoS queue parameter to be configured globally or per port. A global configuration change is automatically applied to all ports in the system.  To configure an interface queue: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4.
PAGE 241
M4100 Series Managed Switch valid range is 0 to 100 in increments of 1. The value 0 means no guaranteed minimum. The sum of individual Minimum Bandwidth values for all queues in the selected interface cannot exceed the defined maximum (100). • Use Scheduler Type to specify the type of scheduling used for this queue. Options are Weighted and Strict. Defining on a per-queue basis allows the user to create the desired service characteristics for different types of traffic. • Weighted.
PAGE 242
M4100 Series Managed Switch DiffServ Wizard Overview You can use the DiffServ Wizard to enable DiffServ on the switch by creating a traffic class, adding the traffic class to a policy, and then adding the policy to the ports selected on DiffServ Wizard screen. The DiffServ Wizard does the following: • Creates a DiffServ Class and defines match criteria used as a filter to determine if incoming traffic meets the requirements to be a member of the class.
PAGE 243
M4100 Series Managed Switch The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button. The web management interface menu displays. 7. Select QoS DiffServ  DiffServ Wizard. 8. Use Traffic Type to define the DiffServ Class. The traffic type options are VOIP, HTTP, FTP, Telnet, and Every. The ports that can be configured to support a DiffServ policy display. The DiffServ policy is added to the selected ports. 9.
PAGE 244
M4100 Series Managed Switch Packet processing begins by testing the match criteria for a packet. The all class type option defines that each match criteria within a class must evaluate to true for a packet to match that class. The any class type option specifies that at least one match criteria must evaluate to true for a packet to match that class. Classes are tested in the order in which they were added to the policy. A policy is applied to a packet when a class match within that policy is found.
PAGE 245
M4100 Series Managed Switch Table 72. DiffServ Configuration Field Description DiffServ Admin Mode The options mode for DiffServ. The default value is Enable. While disabled, the DiffServ configuration is retained when saved and can be changed, but it is not activated. When enabled, Diffserv services are activated. Class table Displays the number of configured DiffServ classes out of the total allowed on the switch.
PAGE 246
M4100 Series Managed Switch The Login screen displays. 5. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button. The web management interface menu displays. 7. Select QoS  DiffServ  Advanced  Diffserv Configuration. 8. Select the DiffServ Admin Mode Disable or Enable radio button: • Enable. Differentiated services are active. • Disable.
PAGE 247
M4100 Series Managed Switch Table 73. Diffserv Configuration Field Description Policy Attributes table Displays the number of configured policy attributes (attached to the policy class instances) out of the total allowed on the switch. Service table Displays the number of configured services (attached to the policies on specified interfaces) out of the total allowed on the switch. Configure a DiffServ Class You can add a new DiffServ class name or rename or delete an existing class.
PAGE 248
M4100 Series Managed Switch The switch supports only the Class Type value All, which means all the various match criteria defined for the class should be satisfied for a packet match. All signifies the logical AND of all the match criteria. You can select a class type only when you are creating a new class. After you create the class, this becomes a nonconfigurable field displaying the configured class type. 9.
PAGE 249
M4100 Series Managed Switch 7. Select QoS  DiffServ  Advanced  Class Configuration. 8. Click the class name for an existing class. The class configuration fields display. 9. Class Name. Displays the name for the configured DiffServ class. 10. Class Type. Displays the DiffServ class type. Options: All You can select a class type only when you are creating a new class. After you create the class, this becomes a nonconfigurable field displaying the class type that you selected. 11.
PAGE 250
M4100 Series Managed Switch • Destination MAC Address. This is the destination MAC address specified as six 2-digit hexadecimal numbers separated by colons. • Destination MAC Mask. This is a bit mask in the same format as MAC address indicating which parts of the destination MAC address to use for matching against packet content. • Protocol Type. This lists the keywords for the Layer 4 protocols from which one can be selected. The list includes 'other' as an option for the remaining values.
PAGE 251
M4100 Series Managed Switch  To configure a DiffServ class: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. 5. Enter the user name and password.
PAGE 252
M4100 Series Managed Switch Configure the DiffServ Class Match Criteria 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. 5. Enter the user name and password.
PAGE 253
M4100 Series Managed Switch 8. Click the class name for an existing class to go to the IPv6 DiffServ Class Configuration section of the screen. 9. Specify the Class Name. Displays the name for the configured DiffServ class. The Class Type field displays the DiffServ class type. You can only select the class type when you are creating a new class. After you create a class, this becomes a nonconfigurable field displaying the class type you specified. 10.
PAGE 254
M4100 Series Managed Switch • Destination L4 Port. This lists the keywords for the known destination Layer 4 ports from which one can be selected. The list includes other as an option for the unnamed ports. • Flow Label. This is a 20-bit number that is unique to an IPv6 packet, used by end stations to signify Quality of Service handling in routers. Flow Label can be specified in the range of 0 to 1048575. • IP DSCP. This lists the keywords for the known DSCP values from which one can be selected.
PAGE 255
M4100 Series Managed Switch 7. Select QoS  DiffServ  Advanced  Policy Configuration. 8. Use Policy Name to uniquely identify a policy using a case-sensitive alphanumeric string from 1 to 31 characters. 9. Select a Member Class. 10. The Member Class list includes all DiffServ classes currently defined as members of the specified policy. This list is automatically updated as a new class is added to or removed from the policy.
PAGE 256
M4100 Series Managed Switch 9. Select the queue to which packets of this policy class are assigned. This is an integer value in the range 0 to 7. 10. Configure the policy attributes: • Drop. Select the Drop radio button. This flag indicates that the policy attribute is defined to drop every inbound packet. • Mark VLAN CoS. This is an integer value in the range from 0 to 7 for setting the VLAN priority. • Mark IP Precedence. This is an IP Precedence value in the range from 0 to 7. • Mark IP DSCP.
PAGE 257
M4100 Series Managed Switch • Committed Rate. This value is specified in the range 1 to 4294967295 kilobits per second (Kbps). • Committed Burst Size. This value is specified in the range 1 to 128 KBytes. The committed burst size is used to determine the amount of conforming traffic allowed. • Conform Action. This lists the actions to be taken on conforming packets according to the policing metrics, from which one can be selected. The default is send. • Violate Action.
PAGE 258
M4100 Series Managed Switch 3. Launch a web browser. 4. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. 5. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button. The web management interface menu displays. 7. Select QoS  DiffServ  Advanced  Service Interface Configuration. 8.
PAGE 259
M4100 Series Managed Switch interface and direction and hence the attached policy (if any). Highlighting a member class name displays the statistical information for the policy class instance for the specified interface and direction.  To view service statistics: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4.
PAGE 260
M4100 Series Managed Switch The following table describes the information available on the Service Statistics screen. Table 76. Service Statistics Field Description Interface List of all valid slot number and port number combinations in the system with a DiffServ policy currently attached in In direction. Direction List of the traffic direction of interface as In. Only shows the direction(s) for which a DiffServ policy is currently attached.
PAGE 261
6.
PAGE 262
M4100 Series Managed Switch Management Security Settings You can configure the login password, Remote Authorization Dial-In User Service (RADIUS) settings, Terminal Access Controller Access Control System (TACACS) settings, and authentication lists. Configure Users By default, two user accounts exist: • admin, with read/write privileges • guest, with read only privileges By default, both of these accounts do not have passwords. The names are not case-sensitive.
PAGE 263
M4100 Series Managed Switch 7. Select Security Management Security  Local User  User Management. The screen displays the users and their lockout status. 8. If you are creating a new user, in the User Name field, type the name for a new user. You can enter data in this field only when you are creating a new account. User names are up to eight characters in length and are not case-sensitive.
PAGE 264
M4100 Series Managed Switch 4. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. 5. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button. The web management interface menu displays. 7. Select Security Management Security  Local User  User Password Configuration. 8.
PAGE 265
M4100 Series Managed Switch 4. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. 5. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button. The web management interface menu displays. 7. Select Security Management Security  Enable Password. 8. Use Password to specify a password.
PAGE 266
M4100 Series Managed Switch 7. Select Security Management Security  Line Password. 8. Use Console Password to enter the console password. Passwords are a maximum of 64 alphanumeric characters. 9. Use Confirm Console Password to enter the password again to confirm that you entered it correctly. 10. Use Telnet Password to enter the Telnet password. Passwords are a maximum of 64 alphanumeric characters. 11. Use Confirm Telnet Password to enter the password again to confirm that you entered it correctly.
PAGE 267
M4100 Series Managed Switch 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. 5. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button.
PAGE 268
M4100 Series Managed Switch The valid range is 1 – 30. The default value is 5. Give consideration to maximum delay time when configuring RADIUS maximum retransmits and RADIUS time-outs. If multiple RADIUS servers are configured, the maximum retransmit value on each is exhausted before the next server is attempted. A retransmit does not occur until the configured time-out value on that server has passed without a response from the RADIUS server.
PAGE 269
M4100 Series Managed Switch 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. 5. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button.
PAGE 270
M4100 Series Managed Switch 10. To remove the selected server from the configuration, click the DELETE button. This button is only available to users with Read/Write permission. 11. Click the APPLY button. Your settings are saved. 12. To reset the authentication server and RADIUS statistics to their default values, click the Clear Counters button. The following table describes the RADIUS server statistics available on the screen. Table 78.
PAGE 271
M4100 Series Managed Switch Configure a RADIUS Accounting Server You can view and configure various settings for one or more RADIUS accounting servers on the network.  To configure a RADIUS accounting server:, 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4.
PAGE 272
M4100 Series Managed Switch 13. From the Accounting Mode list, enable or disable the RADIUS accounting mode. 14. To delete a configured RADIUS accounting server, click the DELETE button. To clear the accounting server statistics, click the CLEAR COUNTERS button. The following table describes RADIUS accounting server statistics available on the screen. Table 79.
PAGE 273
M4100 Series Managed Switch The TACACS protocol ensures network security through encrypted protocol exchanges between the device and TACACS server. Configure Global TACACS Settings You can view or change the TACACS settings for communication between the switch and the TACACS server you configure through the inband management port.  To configure global TACACS settings: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2.
PAGE 274
M4100 Series Managed Switch Configure TACACS Server Settings You can configure up to five TACACS servers with which the switch can communicate.  To configure a TACACS server: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4. Enter the IP address of the switch in the web browser address field.
PAGE 275
M4100 Series Managed Switch 13. To add a new server to the switch, click the ADD button. This button is available only to users with read/write permission. 14. To delete the selected server from the configuration, click the DELETE button. 15. Click the APPLY button. Your settings are saved. Set Up a Login Authentication List You can configure login lists. A login list specifies the authentication method(s) to be used to validate switch or port access for the users associated with the list.
PAGE 276
M4100 Series Managed Switch 8. If you are creating a new login list, complete the List Name field. The list name can be up to 15 alphanumeric characters long and is not case-sensitive. 9. For each of the lists, select the methods in the order they will appear in the authentication login list. If you select a method that does not time out as the first method, such as 'local', no other method is tried, even if you specified more than one method.
PAGE 277
M4100 Series Managed Switch The Login screen displays. 5. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button. The web management interface menu displays. 7. Select Security  Management Security > Authentication List  Enable Authentication List. 8. If you are creating a new list, type the name in the List Name field.
PAGE 278
M4100 Series Managed Switch Configure a Dot1x Authentication List You can configure a dot1x list. A dot1x list specifies the authentication method(s) used to validate port access for the users associated with the list. Only one dot1x method can be supported. The default list is: dot1xList.  To configure a dot1x authentication list: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2.
PAGE 279
M4100 Series Managed Switch Configure an HTTP Authentication List You can configure an HTTP list. An HTTP list specifies the authentication method(s) used to validate the switch or port access through HTTP.  To configure an HTTP authentication list: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4.
PAGE 280
M4100 Series Managed Switch HTTPS Authentication List You can configure an HTTPS list. A login list specifies the authentication method(s) used to validate the switch or port access through HTTPS for the users associated with the list. The default list is: httpsList.  To configure an HTTPS authentication list: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2.
PAGE 281
M4100 Series Managed Switch View Login Sessions  To view login sessions: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. 5. Enter the user name and password.
PAGE 282
M4100 Series Managed Switch Configure Management Access You can configure HTTP and Secure HTTP access to the managed switch’s management interface. Configure HTTP Server Settings To access the switch over a web page, you must first configure it with IP information (IP address, subnet mask, and default gateway).
PAGE 283
M4100 Series Managed Switch The Authentication List field displays the authentication list that HTTP is using. 8. Select the HTTP Access Disable or Enable radio button. This specifies whether the switch can be accessed from a web browser. If you choose to enable web mode, you can manage the switch from a web browser. The factory default is enabled. 9. Select the Java Mode Disable or Enable radio button.
PAGE 284
M4100 Series Managed Switch The Login screen displays. 5. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button. The web management interface menu displays. 7. Select Security  Access > HTTPS  HTTPS Configuration. 8. Select the HTTPS Admin Mode Disable or Enable radio button. This specifies the administrative mode of secure HTTP.
PAGE 285
M4100 Series Managed Switch 14. Use Maximum Number of HTTPS Sessions to set the maximum allowable number of HTTPS sessions. The value must be in the range of 0 to 16. The default value is 16. The currently configured value is shown when the screen is displayed. Manage Certificates You can generate or delete certificates.  To manage certificates: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2.
PAGE 286
M4100 Series Managed Switch • Delete Certificates. Delete the corresponding certificate files, if present. Download a Certificate You can transfer a certificate file to the switch. For the web server on the switch to accept HTTPS connections from a management station, the web server needs a public key certificate. You can generate a certificate externally (for example, off-line) and download it to the switch.
PAGE 287
M4100 Series Managed Switch • SSL Server Certificate PEM File. SSL Server Certificate file (PEM Encoded) • SSL DH Weak Encryption Parameter PEM File. SSL Diffie-Hellman Weak Encryption Parameter file (PEM Encoded) • SSL DH Strong Encryption Parameter PEM File. SSL Diffie-Hellman Strong Encryption Parameter file (PEM Encoded) 9. In the Transfer Mode menu, specify the protocol to use to transfer the file: • TFTP. Trivial File Transfer Protocol • SFTP. Secure File Transfer Protocol • SCP.
PAGE 288
M4100 Series Managed Switch 7. Select Security  Access > SSH  SSH Configuration. 8. Select the SSH Admin Mode Disable or Enable radio button. The currently configured value is displayed. The default value is Disable. 9. Select the SSH Version 1 Disable or Enable radio button. The currently configured value is shown when the screen is displayed. The default value is Enable. 10. Select the SSH Version 2 Disable or Enable radio button. The currently configured value is displayed.
PAGE 289
M4100 Series Managed Switch Manage Host Keys You can generate or delete RSA and DSA keys.  To manage Host Keys: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. 5.
PAGE 290
M4100 Series Managed Switch • Delete RSA Keys. Select this option to delete the corresponding RSA key file, if it is present. 9. Select a DSA Keys Management radio button: • None. This is the default selection. • Generate DSA Keys. Select this option to begin generating the DSA host keys. To generate SSH key files, SSH must be administratively disabled and there can be no active SSH sessions. • Delete DSA Keys. Select this option to delete the corresponding DSA key file, if it is present. 10.
PAGE 291
M4100 Series Managed Switch 7. Select Security  Access > SSH  Host Keys Download. 8. In the File Type menu, specify the type of file to transfer: • SSH-1 RSA Key File. SSH-1 Rivest-Shamir-Adleman (RSA) Key file • SSH-2 RSA Key PEM File. SSH-2 Rivest-Shamir-Adleman (RSA) Key file (PEM Encoded) • SSH-2 DSA Key PEM File. SSH-2 Digital Signature Algorithm (DSA) Key file (PEM Encoded) 9. In the Transfer Mode menu, specify the protocol to use to transfer the file: • TFTP.
PAGE 292
M4100 Series Managed Switch Manage Telnet You can configure a Telnet authentication list and manage outbound and inbound Telnet. Configure a Telnet Authentication List You can select the login and make the authentication list available. The login list specifies the authentication method(s) used to validate switch or port access for the users associated with the list. The enable list specifies the authentication method(s) used to validate privileged EXEC access for the users associated with the list.
PAGE 293
M4100 Series Managed Switch 8. In the Login Authentication List menu, specify which authentication list to use login through Telnet. The default value is networkList. 9. In the Enable Authentication List menu, specify which authentication list you are using when going into the privileged EXEC mode. The default value is enableNetList. Configure Inbound Telnet You can regulate new Telnet sessions.
PAGE 294
M4100 Series Managed Switch The Current Number of Sessions field displays the number of current sessions. 8. In the Inbound Telnet section, select the Allow New Telnet Sessions Disable or Enable radio button. The default value is Enable. 9. In the Session Timeout field, specify how many minutes of inactivity can occur on a Telnet session before the session is logged off. You can enter any number from 1 to 160. The factory default is 5. 10.
PAGE 295
M4100 Series Managed Switch The default IP address of the switch is 169.254.100.100. The Login screen displays. 5. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button. The web management interface menu displays. 7. Select Security  Access > Telnet. The Current Number of Sessions field displays the number of current sessions. 8.
PAGE 296
M4100 Series Managed Switch 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. 5. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button.
PAGE 297
M4100 Series Managed Switch The following table describes the nonconfigurable information displayed on the screen. Table 82. Console Port Field Description Character Size (bits) The number of bits in a character. This is always 8. Flow Control Whether hardware flow control is enabled or disabled. It is always disabled. Stop Bits The number of stop bits per character. It is always 1. Parity The parity method used on the serial port. It is always None.
PAGE 298
M4100 Series Managed Switch 8. In the Denial of Service Min TCP Header Size field, specify the Min TCP Hdr Size allowed. If DoS TCP fragment is enabled, the switch drops these packets: • First TCP fragments with a TCP payload: IP_Payload_Length - IP_Header_Size < Min_TCP_Header_Size. • Its range is 0 to 255. The default value is 20. 9. Use Denial of Service ICMPv4 to enable ICMPv4 DoS prevention.
PAGE 299
M4100 Series Managed Switch 13. Use Denial of Service First Fragment to enable first fragment DoS prevention. First fragment DoS prevention causes the switch to check DoS options on first fragment IP packets when switch are receiving fragmented IP packets. Otherwise, the switch ignores the first fragment IP packages.The factory default is disabled. 14. Use Denial of Service ICMP Fragment to enabling ICMP fragment DoS prevention.
PAGE 300
M4100 Series Managed Switch 24. Use Denial of Service UDP Port to enable UDP Port DoS prevention. This causes the switch to drop packets with UDP source port equal to UDP destination port. The factory default is disabled. Port Authentication Overview In port-based authentication, when 802.1X is enabled globally and on the port, successful authentication of any one supplicant attached to the port results in all users being able to use the port without restrictions.
PAGE 301
M4100 Series Managed Switch 7. Select Security  Port Authentication  Basic  802.1X Configuration. The Authentication List field displays the authentication list that is used by 802.1X. 8. Select the Administrative Mode Disable or Enable radio button. This enables or disables e 802.1X administrative mode on the switch. • Enable. 802.1X is permitted on the switch. Note: If 802.1X is enabled, authentication is performed by a RADIUS server.
PAGE 302
M4100 Series Managed Switch Configure 802.1X Settings You can enable or disable port access control on the system.  To configure 801.1X settings: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.
PAGE 303
M4100 Series Managed Switch The default value is Disable. The feature monitors the dot1x authentication process and helps in diagnosis of the authentication failure cases. 12. In the Users list, select the user name that uses the selected login list for 802.1x port security. 13. In the Login list, select the login list to apply to the specified user. All configured login lists are displayed. Configure 802.
PAGE 304
M4100 Series Managed Switch You can select multiple check boxes to apply the same settings to the selected ports, or select the check box in the heading row to apply the same settings to all ports. 9. For the selected port(s), specify the following settings: • Control Mode. This selector lists the options for control mode. The control mode is set only if the link status of the port is link up. The options are as follows: - force unauthorized.
PAGE 305
M4100 Series Managed Switch value is 0. Changing the value does not change the configuration until the Submit button is clicked. Enter 0 to clear the unauthenticated VLAN ID on the interface. • Supplicant Timeout. This input field allows the user to enter the supplicant time-out for the selected port. The supplicant time-out is the value, in seconds, of the timer used by the authenticator state machine on this port to time-out the supplicant.
PAGE 306
M4100 Series Managed Switch This button is only clickable if the control mode is auto. Otherwise, it is grayed out. When this button is clicked, the action is immediate. Clicking the APPLY button is not required for the action to occur. View the Port Summary You can view information about the port access control settings on a specific port.  To view the port summary: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2.
PAGE 307
M4100 Series Managed Switch The following table describes the fields on the Port Summary screen. Table 83. Port summary Field Description Port Specifies the port whose settings are displayed in the current table row. Control Mode This field indicates the configured control mode for the port. Possible values are as follows: • Force Unauthorized: The authenticator port access entity (PAE) unconditionally sets the controlled port to unauthorized.
PAGE 308
M4100 Series Managed Switch Table 83. Port summary Field Description Authenticator PAE State This field displays the current state of the authenticator PAE state machine. Possible values are as follows: • Initialize • Disconnected • Connecting • Authenticating • Authenticated • Aborting • Held • ForceAuthorized • ForceUnauthorized. Backend State This field displays the current state of the backend authentication state machine.
PAGE 309
M4100 Series Managed Switch Table 83. Port summary Field Description Session Termination Action This field displays termination action set by the RADIUS server for the selected port. This field is displayed only when the port control mode of the selected port is not MAC-based. Possible values are as follows: • Default • Reauthenticate If the termination action is default then at the end of the session, the client details are initialized. Otherwise, re-authentication is attempted.
PAGE 310
M4100 Series Managed Switch The following table describes the nonconfigurable information displayed on the screen. Table 84. Client summary Field Description Port The port to be displayed. User Name This field displays the user name representing the identity of the supplicant device. Supplicant Mac Address This field displays supplicant's device MAC address. Session Time This field displays the time since the supplicant as logged, in seconds.
PAGE 311
M4100 Series Managed Switch 5. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button. The web management interface menu displays. 7. Select Security  Traffic Control > MAC Filter  MAC Filter Configuration. 8. In the MAC Filter list, select Create Filter. This is the list of MAC address and VLAN ID pairings for all configured filters.
PAGE 312
M4100 Series Managed Switch 12. Use Destination Port Members to list the ports to be included in the outbound filter. Packets with the MAC address and VLAN ID you selected is transmitted only out of ports that are in the list. Destination ports can be included only in the multicast filter. 13. To delete a configured MAC filter, select it from the menu, and then click the DELETE button. 14. Click the APPLY button. Your settings are applied to the system.
PAGE 313
M4100 Series Managed Switch Table 85. MAC Filter Summary User Manual (continued) Field Description Source Port Members A list of ports to be used for filtering inbound packets. Destination Port Members A list of ports to be used for filtering outbound packets. Configure the Global Port Security Mode Use the port security feature to lock one or more ports on the system. When a port is locked, only packets with an allowable source MAC addresses can be forwarded. All other packets are discarded.
PAGE 314
M4100 Series Managed Switch The Port Security Violations table shows information about violations that occurred on ports that are enabled for port security. The following table describes the fields in the Port Security violations table. Table 86. Port Security Configuration Field Description Port Displays the physical interface. Last Violation MAC Displays the source MAC address of the last packet that was discarded at a locked port.
PAGE 315
M4100 Series Managed Switch 7. Select Security  Traffic Control > Port Security  Interface Configuration. 8. Port. Selects the interface to be configured. 9. Select the check box next to the port or LAG to configure. Select multiple check boxes to apply the same setting to all selected interfaces. Select the check box in the heading row to apply the same settings to all interfaces. 10. Specify the following settings: • Security Mode.
PAGE 316
M4100 Series Managed Switch The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button. The web management interface menu displays. 7. Select Security  Traffic Control > Port Security  Dynamic MAC Address. 8. To convert a dynamically learned MAC address to a statically locked address, select the Convert Dynamic Address to Static check box.
PAGE 317
M4100 Series Managed Switch 6. Click the Login button. The web management interface menu displays. 7. Select Security  Traffic Control> Port Security  Static MAC Address. 8. In the Interface list, select the physical interface. 9. To add MAC addresses, enter them in the Static MAC Address field. 10. In the VLAN ID menu, select the VLAN ID corresponding to the MAC address being added. 11. To add a new static MAC address to the switch, click the ADD button. 12.
PAGE 318
M4100 Series Managed Switch 7. Select Security  Traffic Control > Private Group  Private Group Configuration. 8. In the Group Name field, enter the private group name. The name can be up to 24 bytes of non-blank characters. 9. In the optional Group ID field, specify the private group identifier. The range of group ID is 1 to 192. 10. In the Group Mode menu, select isolated or community.
PAGE 319
M4100 Series Managed Switch 7. Select Security  Traffic Control > Private Group  Private Group Membership. 8. In the Group ID menu, select the group. 9. In the Port List menu, select the ports for this private group. The port list displays when at least one group is configured. Table 87. Private Group Membership Field Description Group Name This field identifies the name for the private group you selected. It can be up to 24 non-blank characters long.
PAGE 320
M4100 Series Managed Switch The Login screen displays. 5. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button. The web management interface menu displays. 7. Select Security  Traffic Control  Protected Ports. 8. In the Group ID list, select a group of protected ports that can be combined into a logical group.
PAGE 321
M4100 Series Managed Switch Private VLAN Overview A private VLAN contains switch ports that cannot communicate with each other, but can access another network. These ports are called private ports. Each private VLAN contains one or more private ports and a single uplink port or uplink aggregation group. Note that all traffic between private ports is blocked at all layers, not just Layer 2 traffic, but also traffic such as FTP, HTTP, and Telnet.
PAGE 322
M4100 Series Managed Switch Configure the Private VLAN Association  To configure the private VLAN association: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. 5.
PAGE 323
M4100 Series Managed Switch The following table describes the nonconfigurable information displayed on the screen. Table 88. Private VLAN Association Configuration Field Description Isolated VLAN Displays the isolated VLAN associated with the selected primary VLAN. Community VLAN(s) Displays the list of community VLAN(s) associated with the selected primary VLAN. Configure the Private VLAN Port Mode  To configure the private VLAN port mode: 1.
PAGE 324
M4100 Series Managed Switch 7. Select Security  Traffic Control > Private VLAN> Private VLAN Port Mode Configuration. 8. Use the Interface check boxes to select the physical or LAG interface. 9. Use Switch Port Mode to select the switch port mode. The factory default is 'General'. • General: Sets port in General mode. • Host: Sets port in Host mode. Used for private VLAN configuration. • Promiscuous: Sets port in Promiscuous mode. Used for private VLAN configuration. 10. Click the APPLY button.
PAGE 325
M4100 Series Managed Switch 6. Click the Login button. The web management interface menu displays. 7. Select Security  Traffic Control > Private VLAN > Private VLAN Host Interface Configuration. The Interface field displays the selected physical or LAG interface. The Operational VLANs fields display the operational VLANs. 8. Use Host Primary VLAN to set the primary VLAN ID for Host Association mode. The range of the VLAN ID is 2–4093. 9.
PAGE 326
M4100 Series Managed Switch The default IP address of the switch is 169.254.100.100. The Login screen displays. 5. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button. The web management interface menu displays. 7. Select Security  Traffic Control > Private VLAN > Private VLAN Promiscuous Interface Configuration. 8. Select the physical or LAG interface. 9.
PAGE 327
M4100 Series Managed Switch The changes are applied to the system. Configuration changes take effect immediately. Storm Control Overview A broadcast storm is the result of an excessive number of broadcast messages simultaneously transmitted across a network by a single port. Forwarded message responses can overload network resources and/or cause the network to time out.
PAGE 328
M4100 Series Managed Switch The following four controls provide an easy way to enable or disable each type of packets to be rate-limited on every port in a global fashion. The effective storm control state of each port can be viewed by going to the port configuration screen. • Global Flow Control (IEEE 802.3x) Mode. Select Disable or Enable. The factory default is Disable. • Select the Broadcast Storm Control All Disable or Enable radio button.
PAGE 329
M4100 Series Managed Switch 7. Select Security >Traffic Control > Storm Control > Storm Control Interface Configuration. The following table describes the nonconfigurable information displayed on the screen. Table 89. Storm control interface configuration Field Description Flow Control Enable or disable IEEE 802.3x flow control by selecting the corresponding line on the menu. Flow control helps to prevent data loss when the port cannot keep up with the number of frames being switched.
PAGE 330
M4100 Series Managed Switch Table 89. Storm control interface configuration Field Description Unicast Storm Recovery Level Type Specify the unicast storm recovery level as a percentage of link speed or as packets per second. Unicast Storm Recovery Level Specify the threshold at which storm control activates. The factory default is 5 percent of port speed for pps type. Control DHCP Snooping Settings You can configure the DHCP snooping settings.
PAGE 331
M4100 Series Managed Switch 9. Use MAC Address Validation to enable or disable the validation of sender MAC address for DHCP snooping. The factory default is enabled. 10. For DHCP snooping VLAN configuration, use VLAN ID to enter the VLAN for which the DHCP snooping mode is to be enabled. 11. Use DHCP Snooping Mode to enable or disable the DHCP snooping feature for the entered VLAN. The factory default is disabled. 12. Click the APPLY button. The settings are sent to the switch.
PAGE 332
M4100 Series Managed Switch 8. Select the interface for which data is to be configured. 9. In the Trust Mode menu, select Enable or Disable. If trust mode is enabled, the DHCP snooping application considers the port as trusted. The factory default is disabled. 10. In the Logging Invalid Packets menu select Enable or Disable. If this feature is enabled, DHCP snooping application logs invalid packets on this interface. The factory default is disabled. 11.
PAGE 333
M4100 Series Managed Switch The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button. The web management interface menu displays. 7. Select Security  Control > DHCP Snooping  Binding Configuration. 8. Select the interface to add a binding into the DHCP snooping database. 9. Use MAC Address to specify the MAC address for the binding entry to be added. This is the key to the binding database. 10.
PAGE 334
M4100 Series Managed Switch The web management interface menu displays. 7. Select Security  Control > DHCP Snooping  Binding Configuration. 8. The Interface field displays the interface to which a binding entry is associated in the DHCP snooping database. 9. Use MAC Address to display the MAC address for the binding in the binding database. 10. Use VLAN ID to display the VLAN for the binding entry in the binding database. The range of the VLAN ID is 1 to 4093. 11. Specify the IP Address.
PAGE 335
M4100 Series Managed Switch 7. Select Security  Control > DHCP Snooping  Persistent Configuration. 8. Use Store to select the local store or remote store. Selecting Local disables the remote fields like Remote File Name and Remote IP address. 9. Use Remote IP Address to configure the remote IP address on which the snooping database is stored when Remote is selected. 10. Use Remote File Name to configure the remote file name to store the database when remote is selected. 11.
PAGE 336
M4100 Series Managed Switch 7. click Security  Control > DHCP Snooping  Statistics. Click CLEAR to clear all interfaces statistics. Click the REFRESH button to refresh the data on the screen with the latest statistics. The following table describes the nonconfigurable information displayed on the screen. Table 90. DHCP Snooping Statistics Field Description Interface The untrusted and snooping enabled interface for which statistics are to be displayed.
PAGE 337
M4100 Series Managed Switch 5. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button. The web management interface menu displays. 7. Select Security  Control > IP Source Guard  Interface Configuration. 8. Select an Interface to enable IPSG. 9. In the IPSG Mode menu, select Enable or Disable. This enables or disables validation of the sender IP address on this interface.
PAGE 338
M4100 Series Managed Switch 4. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. 5. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button. The web management interface menu displays. 7. Select Security  Control > IP Source Guard  Binding Configuration.To con 8.
PAGE 339
M4100 Series Managed Switch Configure Dynamic ARP Inspection  To configure dynamic ARP inspection: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. 5.
PAGE 340
M4100 Series Managed Switch Configure Dynamic ARC Inspection  To configure dynamic ARC inspection: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. 5.
PAGE 341
M4100 Series Managed Switch 12. Use Static Flag to determine whether the ARP packet needs validation using the DHCP snooping database in case ARP ACL rules don't match. If the flag is enabled, then the ARP packet is validated by the ARP ACL rules only. If the flag is disabled, then the ARP packet needs further validation using the DHCP snooping entries. The factory default is Disable. Configure a Dynamic ARC Inspection Interface  To configure a dynamic ARC inspection interface: 1.
PAGE 342
M4100 Series Managed Switch checking. The factory default is Disable. 10. Use Rate Limit (pps) to specify rate limit value for dynamic ARP Inspection purpose. If the rate of incoming ARP packets exceeds this value for consecutive burst interval seconds, ARP packets are dropped. If this value is N/A there is no limit. The value can set to –1, which means N/A. The range of Rate Limit is 0–300. The factory default is 15 pps (packets per second). 11.
PAGE 343
M4100 Series Managed Switch Configure a Dynamic ARP Inspection ACL Rule  To configure a dynamic ARP Inspection ACL rule: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100.
PAGE 344
M4100 Series Managed Switch 4. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. 5. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button. The web management interface menu displays. 7. Select Security  Control > Dynamic ARP Inspection  DAI Statistics.
PAGE 345
M4100 Series Managed Switch Table 92. Dynamic ARP inspection statistics Field Description Bad Source MAC Number of ARP packets that were dropped by DAI because the sender MAC address in ARP packet didn't match the source MAC in Ethernet header. Bad Dest MAC Number of ARP packets that were dropped by DAI because the target MAC address in ARP reply packet didn't match the destination MAC in Ethernet header.
PAGE 346
M4100 Series Managed Switch The default IP address of the switch is 169.254.100.100. The Login screen displays. 5. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button. The web management interface menu displays. 7. Select Security  ACL > ACL Wizard. 8. Use ACL Type to specify the ACL type you are using to create the ACL.
PAGE 347
M4100 Series Managed Switch • ACL Based on Destination IPv6 L4 Port. To create an ACL based on the destination IPv6 Layer 4 port number. • ACL Based on Source IPv6 L4 Port. To create an ACL based on the source IPv6 Layer 4 port number. 9. Use Rule ID to enter a whole number in the range of 1 to 511. This number is used to identify the rule. 10. Use Action to specify what action should be taken if a packet matches the rule's criteria. The choices are permit or deny. 11.
PAGE 348
M4100 Series Managed Switch  To create a MAC ACL: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. 5. Enter the user name and password.
PAGE 349
M4100 Series Managed Switch 10. To change the name of a MAC ACL, select the check box next to the Name field, update the name, then click the APPLY button. 11. To add a new MAC ACL to the switch configuration, click the ADD button. Configure MAC Rules You can define rules for MAC-based ACLs. The access list definition includes rules that specify whether traffic matching the criteria is forwarded normally or discarded. A default 'deny all' rule is the last rule of every list.  To configure MAC rules: 1.
PAGE 350
M4100 Series Managed Switch This field cannot be set if a redirect interface is already configured for the ACL rule. This field is visible for a Permit action. 12. Use Redirect Interface to specify the specific egress interface where the matching traffic stream is forced, bypassing any forwarding decision normally performed by the device. This field cannot be set if a mirror interface is already configured for the ACL rule. 13. Use Match Every to specify an indication to match every Layer 2 MAC packet.
PAGE 351
M4100 Series Managed Switch The valid range of values is 0x0600 to 0xFFFF. 19. Use Source MAC to specify the wource MAC address to compare against an Ethernet frame. The valid format is xx:xx:xx:xx:xx:xx. 20. Use Source MAC Mask to specify the wource MAC address mask specifying which bits in the source MAC to compare against an Ethernet frame. The valid format is xx:xx:xx:xx:xx:xx. 21. Use VLAN to specify the VLAN ID to compare against an Ethernet frame. The valid range of values is 1 to 4095.
PAGE 352
M4100 Series Managed Switch The default IP address of the switch is 169.254.100.100. The Login screen displays. 5. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button. The web management interface menu displays. 7. Select Security  ACL > Basic  MAC Binding Configuration. 8. Select an existing MAC ACL from the ACL ID menu. You can select one and bind it to the interfaces you want.
PAGE 353
M4100 Series Managed Switch 11. Click the APPLY button. The settings are sent to the switch. Configuration changes take effect immediately. These changes are not retained across a power cycle unless you save the configuration. See Save Configuration on page 405. The following table describes the information displayed in the Interface Binding Status. Table 93. Interface Binding Status 324 Field Description Interface The interface of the ACL assigned.
PAGE 354
M4100 Series Managed Switch 7. Select Security  ACL > Basic  Binding Table. To delete a MAC ACL-to-interface binding, select the check box next to the interface and click the DELETE button. The following table describes the information displayed in the MAC Binding Table. Table 94. MAC Binding Table 324 Field Description Interface The interface of the ACL assigned. Direction The selected packet filtering direction for the ACL.
PAGE 355
M4100 Series Managed Switch 6. Click the Login button. The web management interface menu displays. 7. Select Security  ACL > Advanced  IP ACL. The screen displays the current size of the ACL table and the maximum size of the ACL table. The current size is equal to the number of configured IPv4 and IPv6 ACLs plus the number of configured MAC ACLs. The maximum size is 100. The Current Number of ACL displays the current number of the all ACLs configured on the switch.
PAGE 356
M4100 Series Managed Switch Note: There is an implicit deny all rule at the end of an ACL list. This means that if an ACL is applied to a packet and if none of the explicit rules match, then the final implicit “deny all” rule applies and the packet is dropped.  To configure rules for an IP ACL: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch.
PAGE 357
M4100 Series Managed Switch • Logging. When set to Enable, logging is enabled for this ACL rule (subject to resource availability in the device). If the Access List Trap flag is also enabled, this causes periodic traps to be generated indicating the number of times this rule was 'hit' during the current report interval. A fixed 5-minute report interval is used for the entire system. A trap is not issued if the ACL rule hit count is zero for the current interval. This field is visible for a Deny action.
PAGE 358
M4100 Series Managed Switch Note: To modify an existing IP extended ACL rule, click the Rule ID. The number is a hyperlink to the Extended ACL Rule Configuration screen. Configure IP Extended Rules You can configure the rules for the IP access control lists that you created. There is an implicit deny all rule at the end of an ACL list. This means that if an ACL is applied to a packet and if none of the explicit rules match, then the final implicit deny all rule applies and the packet is dropped.
PAGE 359
M4100 Series Managed Switch • Action. Specify the action to take if a packet matches the rule's criteria. The choices are permit or deny. • Logging. When set to Enable, logging is enabled for this ACL rule (subject to resource availability in the device). If the Access List Trap flag is also enabled, this causes periodic traps to be generated indicating the number of times this rule was hit during the current report interval. A fixed 5-minute report interval is used for the entire system.
PAGE 360
M4100 Series Managed Switch • Destination IP Address. Enter an IP address using dotted-decimal notation to be compared to a packet's destination IP address as a match criteria for the selected extended IP ACL rule. • Destination IP Mask. Specify the IP mask in dotted-decimal notation to be used with the destination IP address value. • Destination L4 Port. Specify the destination Layer 4 port match conditions for the selected extended IP ACL rule.
PAGE 361
M4100 Series Managed Switch Configure an IPv6 ACL An IPv6 ACL consists of a set of rules that are matched sequentially against a packet. When a packet meets the match criteria of a rule, the specified rule action (Permit/Deny) is taken and the additional rules are not checked for a match. You can specify or create rules for the IP ACL.  To configure an Pv6 ACL: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2.
PAGE 362
M4100 Series Managed Switch The following table describes the nonconfigurable information displayed on the screen. Table 95. IPv6 ACL Configuration Field Description Current Number of ACL The current number of IP ACLs configured on the switch. Maximum ACL The maximum number of IP ACLs that can be configured on the switch, depending on the hardware. Rules The number of rules associated with the IP ACL. Type The type is IPv6 ACL.
PAGE 363
M4100 Series Managed Switch The choices are permit or deny. 10. Use Logging to enable logging for this ACL rule (subject to resource availability in the device). If the Access List Trap flag is also enabled, this causes periodic traps to be generated indicating the number of times this rule was 'hit' during the current report interval. A fixed 5 minute report interval is used for the entire system. A trap is not issued if the ACL rule hit count is zero for the current interval.
PAGE 364
M4100 Series Managed Switch • Select one of the keywords from the list: DOMAIN, ECHO, FTP, FTPDATA, WWW-HTTP, SMTP, SNMP, TELNET, and TFTP. Each of these values translates into its equivalent port number, which is used as both the start and end of the port range. 18. Use Destination Prefix / Prefix Length to enter prefix combined with prefix length to be compared to a packet's destination IP address as a match criteria for the selected IPv6 ACL rule. The prefix length can be in the range 0 to 128. 19.
PAGE 365
M4100 Series Managed Switch Configure ACL Interface Bindings When an ACL is bound to an interface, all the rules that were defined are applied to the selected interface. You can to assign ACL lists to ACL priorities and interfaces.  To configure ACL interface bindings: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4.
PAGE 366
M4100 Series Managed Switch user, a sequence number that is one greater than the highest sequence number currently in use for this interface and direction is used. The valid range is 1–4294967295. 10. Click the appropriate orange bar to expose the available ports or LAGs. The Port Selection Table specifies list of all available valid interfaces for ACL mapping. All non-routing physical interfaces and interfaces participating in LAGs are listed.
PAGE 367
M4100 Series Managed Switch 6. Click the Login button. The web management interface menu displays. 7. Select Security  ACL> Advanced  Binding Table. 8. To delete an IP ACL-to-interface binding, select the check box next to the interface and click the DELETE button. The following table describes the information displayed in the IP ACL Binding Table. Table 97. IP ACL Binding Table Field Description Interface The selected interface. Direction The selected packet filtering direction for the ACL.
PAGE 368
M4100 Series Managed Switch The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button. The web management interface menu displays. 7. Select Security  ACL > Advanced  VLAN Binding Table. 8. To delete a VLAN ACL-to-interface binding, select the check box next to the interface and click the DELETE button. 9. Use ACL Type to specify the type of ACL. The valid ACL types include IP ACL, MAC ACL, and IPv6 ACL. 10.
PAGE 369
7.
PAGE 370
M4100 Series Managed Switch View Port Statistics You can view a summary of per-port traffic statistics on the switch.  To view port statistics: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100.
PAGE 371
M4100 Series Managed Switch • To refresh the screen and display the current statistics, click the REFRESH button. The following table describes the port statistics fields. Table 99. Port statistics Field Description Interface The interface of the interface table entry associated with this port on an adapter. Total Packets Received Without Errors The total number of packets received that were without errors.
PAGE 372
M4100 Series Managed Switch 7. Select Monitoring  Ports> Port Detailed Statistics. You can use the buttons at the bottom of the screen to perform the following actions: • To clear all counters, click the CLEAR button. This resets all statistics for this port to the default values. • To refresh the data on the screen and display the most current statistics, click the REFRESH button. The following table describes the detailed port information displayed on the screen.
PAGE 373
M4100 Series Managed Switch Table 100. Port Detailed Statistics screen fields (continued) Field Description Port Channel ID If the port is a member of a port channel, the port channel's interface ID and name are shown. Otherwise Disable is shown. Port Role Each MST bridge port that is enabled is assigned a port role for each spanning tree. The port role is one of the following values: Root, Designated, Alternate, Backup, Master, or Disabled.
PAGE 374
M4100 Series Managed Switch Table 100. Port Detailed Statistics screen fields (continued) Field Description Packets RX and TX 256-511 Octets The total number of packets (including bad packets) received or transmitted that were between 256 and 511 octets in length inclusive (excluding framing bits but including FCS octets).
PAGE 375
M4100 Series Managed Switch Table 100. Port Detailed Statistics screen fields (continued) Field Description Packets Received > 1518 Octets The total number of packets received that were longer than 1518 octets (excluding framing bits, but including FCS octets) and were otherwise well formed. Total Packets Received Without Errors The total number of packets received that were without errors. Unicast Packets Received The number of subnetwork-unicast packets delivered to a higher-layer protocol.
PAGE 376
M4100 Series Managed Switch Table 100. Port Detailed Statistics screen fields (continued) Field Description Total Packets Transmitted (Octets) The total number of octets of data (including those in bad packets) transmitted on the network (excluding framing bits but including FCS octets). This value can be used as a reasonable estimate of Ethernet utilization. If greater precision is desired, the etherStatsPkts and etherStatsOctets objects should be sampled before and after a common interval.
PAGE 377
M4100 Series Managed Switch Table 100. Port Detailed Statistics screen fields (continued) Field Description Total Transmit Packets Discarded The sum of single collision frames discarded, multiple collision frames discarded, and excessive frames discarded. Single Collision Frames A count of the number of successfully transmitted frames on a particular interface for which transmission is inhibited by exactly one collision.
PAGE 378
M4100 Series Managed Switch View EAP Statistics You can view information about EAP packets received on a specific port.  To view EAP statistics: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.
PAGE 379
M4100 Series Managed Switch The following table describes EAP statistics. Table 101. EAP statistics Field Description Port Selects the port to be displayed. When the selection is changed, a screen refresh occurs causing all fields to be updated for the newly selected port. All physical interfaces are valid. PAE Capabilities This displays the PAE capabilities of the selected port.
PAGE 380
M4100 Series Managed Switch 4. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. 5. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button. The web management interface menu displays. 7. Select Monitoring  Ports > Cable Test. 8.
PAGE 381
M4100 Series Managed Switch The following table describes the nonconfigurable information displayed on the Cable Test screen. Table 102. Cable test Field Description Cable Status This displays the cable status:. • Normal. The cable is working correctly. • Open. The cable is disconnected or there is a faulty connector. • Short. There is an electrical short in the cable. • Cable Test Failed. The cable status could not be determined. The cable might in fact be working.
PAGE 382
M4100 Series Managed Switch 5. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button. The web management interface menu displays. 7. Select Monitoring  Logs > Buffered Logs. A log that is disabled does not log messages. 8. To enable or disable a log, select the Disable or Enable radio button. Behavior Indicates the behavior of the log when it is full.
PAGE 383
M4100 Series Managed Switch If the system is stacked • <15>Aug 24 05:34:05 0.0.0.0-1 MSTP[2110]: mspt_api.c(318) 237 %% Interface 12 transitioned to root state on message age timer expiry. This example indicates a message with severity 7 (15 mod 8) (debug) on a system that is stacked and generated by component MSTP running in thread ID 2110 on Aug 24 05:34:05 by line 318 of file mstp_api.c. This is the 237th message logged with system IP 0.0.0.0 and task-id 1.
PAGE 384
M4100 Series Managed Switch 8. Select the Admin Mode Enable radio button. CLI command logging is enabled. Configure the Console Log This allows logging to any serial device attached to the host.  To configure the console log: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4.
PAGE 385
M4100 Series Managed Switch • Notice (5). Normal but significant conditions • Informational (6). Informational messages • Debug (7). Debug-level messages Configure the Syslog  To configure the syslog: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4.
PAGE 386
M4100 Series Managed Switch The default port is 514. 10. In the IP Address Type list, select one of the following: • IPv4 • IPv6 • DNS 11. In the Host Address field, type the address of the host configured for syslog. 12. In the Port field, type the port number on the host to which syslog messages are sent. The default port is 514. 13. In the Severity Filter list, select a severity level. A log records messages equal to or above a configured severity threshold.
PAGE 387
M4100 Series Managed Switch The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button. The web management interface menu displays. 7. Select Monitoring  Logs > Trap Logs. The screen also displays information about the traps that were sent. 8. To clear the counters, click the Clear Counters button. This resets all statistics for the trap logs to the default values.
PAGE 388
M4100 Series Managed Switch Table 103. Trap Logs (continued) Field Description System Up Time The time at which this trap occurred, expressed in days, hours, minutes and seconds, since the last reboot of the switch. Trap Information identifying the trap. Event Logs You can view the event log, which contains error messages from the system. The event log is not cleared on a system reset.  To view event logs: 1. Prepare your computer with a static IP address in the 169.254.100.
PAGE 389
M4100 Series Managed Switch You can use the buttons at the bottom of the screen to perform the following actions: • To clear the messages out of the event log, click the CLEAR button. • To refresh the screen and display the current statistics, click the REFRESH button. Table 104. Event Logs Field Description Entry The sequence number of the event. Type The type of the event. File Name The file in which the event originated. Line The line number of the event. Task Id The task ID of the event.
PAGE 390
M4100 Series Managed Switch operation log. The system operation log stores the last N messages received during system operation.  To configure persistent logs: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4. Enter the IP address of the switch in the web browser address field.
PAGE 391
M4100 Series Managed Switch • Notice (5). Normal but significant conditions • Informational (6). Informational messages • Debug (7). Debug-level messages 10. To refresh the screen, click the REFRESH button. Persistent Log Message Format The total number of messages is the number of persistent log messages displayed on the switch. <15>Aug 24 05:34:05 STK0 MSTP[2110]: mspt_api.
PAGE 392
M4100 Series Managed Switch The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button. The web management interface menu displays. 7. Select Monitoring  Mirroring > Multiple Port Mirroring. You can select items in this screen using the following methods: • Select a Unit ID (1, 2, 3, and so on) to display the physical ports of the selected unit. • Select LAG to display a list of LAGs only.
PAGE 393
M4100 Series Managed Switch 11. In the Direction menu, specify the direction of the traffic to be mirrored from the configured mirrored port(s). If the value is not configured, it is shown as None. The default value is None. The following values are available: • None — The value is not configured. • Tx and Rx — Monitors transmitted and received packets. • Tx — Monitors transmitted packets only. • Rx — Monitors received packets only.
PAGE 394
M4100 Series Managed Switch 5. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button. The web management interface menu displays. 7. Select Monitoring > Mirroring > RSPAN VLAN. The VLAN ID column lists all VLANs on the device. 8. Select the VLAN to use as the RSPAN VLAN. 9. In the Admin Mode list, select to Enable or Disable RSPAN support on the corresponding VLAN.
PAGE 395
M4100 Series Managed Switch The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button. The web management interface menu displays. 7. Select Monitoring > Mirroring > RSPAN Source Switch Configuration. 8. Select the Admin Mode True (enable) or False (disable) radio button for the selected session.
PAGE 396
M4100 Series Managed Switch 5. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button. The web management interface menu displays. 7. Select Monitoring > Mirroring > RSPAN Source Switch Configuration. 8. Select items in this screen using one of the following methods: • Select a Unit ID (1, 2, 3, and so on) to display the physical ports of the selected unit.
PAGE 397
M4100 Series Managed Switch • Tx and Rx — Specify VLAN as the source VLAN. • None — Remove the specified source VLAN. If the VLAN is configured as the source VLAN, its direction is displayed as a blank field. Configure the RSPAN Destination Switch  To configure the RSPAN destination switch: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch.
PAGE 398
M4100 Series Managed Switch The settings are sent to the switch. Configuration changes take effect immediately. These changes are not retained across a power cycle unless you save the configuration. See Save Configuration on page 405. sFlow Overview You can configure sFlow agent information, sFlow agents, sFlow receivers, and sFlow interfaces. Configure sFlow Agent Information  To configure sFlow agent information: 1. Prepare your computer with a static IP address in the 169.254.100.
PAGE 399
M4100 Series Managed Switch • • Agent Version. Uniquely identifies the version and implementation of this MIB. The version string must use the following structure: MIB Version;Organization;Software Revision where: - MIB Version: '1.3', the version of this MIB. - Organization: NETGEAR Inc. - Revision: 1.0 Agent Address. The IP address associated with this agent. 8. In the Source Interface list, select the management interface to be used for sFlow Agent.
PAGE 400
M4100 Series Managed Switch 7. Select Monitoring sFlow  Advanced  sFlow Agent. The screen displays the agent version and agent address. • • Agent Version. Uniquely identifies the version and implementation of this MIB. The version string must use the following structure: MIB Version;Organization;Software Revision where: - MIB Version: '1.3', the version of this MIB - Organization: NETGEAR Inc. - Revision: 1.0 Agent Address. The IP address associated with this agent. 8.
PAGE 401
M4100 Series Managed Switch 3. Launch a web browser. 4. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. 5. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button. The web management interface menu displays. 7. Select Monitoring sFlow  Advanced  sFlow Receiver Configuration. 8.
PAGE 402
M4100 Series Managed Switch 12. Receiver Address. The IP address of the sFlow collector. If set to 0.0.0.0 no sFlow datagrams are sent. 13. Receiver Port. The destination port for sFlow datagrams. The allowed range is (1 to 65535). 14. Click the APPLY button. Your settings are saved. Configure sFlow Interface Settings The sFlow agent collects statistical packet-based sampling of switched flows and sends them to the configured receivers. A data source configured to collect flow samples is called a sampler.
PAGE 403
M4100 Series Managed Switch 7. Select Monitoring sFlow  Advanced  sFlow Interface Configuration. The Interface field displays the interface for this flow poller and sampler. This agent supports physical ports only. 8. In the Poller Receiver Index field, specify the allowed range for the sFlow receiver associated with this counter poller. The allowed range is 1 to 8. 9.
PAGE 404
8.
PAGE 405
M4100 Series Managed Switch Save Configuration  To save the configuration: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4. Enter the IP address of the switch in the web browser address field. The default IP address of the switch is 169.254.100.100. The Login screen displays. 5. Enter the user name and password.
PAGE 406
M4100 Series Managed Switch The default IP address of the switch is 169.254.100.100. The Login screen displays. 5. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button. The web management interface menu displays. 7. Select Maintenance  Save Config  Auto Install Configuration. 8. Use Auto Install to select the start/stop auto install mode on the switch. 9.
PAGE 407
M4100 Series Managed Switch 5. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button. The web management interface menu displays. 7. Select Maintenance  Reset  Device Reboot. 8. Select a Device Reboot radio button: • Save prior to reboot saves the current configuration before the switch reboots. • Don't save prior to reboot reboots without saving. 9. Click the APPLY button.
PAGE 408
M4100 Series Managed Switch The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button. The web management interface menu displays. 7. Select Maintenance  Reset  Factory Default. 8. Select the check box and click the APPLY button. All configuration parameters are reset to their factory default values. All changes you made are lost, even if you issued a save. You are shown a confirmation screen after you click the button.
PAGE 409
M4100 Series Managed Switch 8. Select the check box. 9. Click the APPLY button. All user passwords reset to their factory default values. All changes you made are lost, even if you saved the configuration. Upload Files You can upload files from the switch. Upload a File from the Switch to the TFTP Server  To upload a file from the switch to the TFTP server: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2.
PAGE 410
M4100 Series Managed Switch • image1. Select image1 to upload image1. • image2. Select image2 to upload image2 • CLI Banner. CLI Banner when you want retrieve the CLI banner file. • Text Configuration. Specify configuration in text mode to retrieve the stored configuration. • Script File. The Script file to retrieve the stored configuration. • Error Log. The Error log to retrieve the system error (persistent) log, sometimes referred to as the event log. • Buffered Log.
PAGE 411
M4100 Series Managed Switch 17. The last row of the table is used to display information about the progress of the file transfer. Upload an HTTP File  To upload an HTTP file: 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2. Connect an Ethernet cable from an Ethernet port on your computer to an Ethernet port on the switch. 3. Launch a web browser. 4. Enter the IP address of the switch in the web browser address field.
PAGE 412
M4100 Series Managed Switch • Tech Support. Specify Tech Support to retrieve the switch information needed for troubleshooting. The factory default is Archive. 9. Use Local File Name to specify the local script file name to upload when the file type is Script File. Upload a USB File  To upload a file to USB 1. Prepare your computer with a static IP address in the 169.254.100.0 subnet, for example, 169.254.100.201. 2.
PAGE 413
M4100 Series Managed Switch 10. In the USB File name field, specify the file name and path for the file. You can enter up to 32 characters. The factory default is blank. 11. Click the APPLY button. The updated configuration is sent to the switch. Configuration changes take effect immediately. Download Files The switch supports system file downloads from a remote system to the switch by using either TFTP or HTTP. Download Files  To download a file: 1.
PAGE 414
M4100 Series Managed Switch • Archive. Specify archive (STK) code to upgrade the operational flash: • Image1. Specify the code image1 to download. • Image2. Specify the code image2 to download. • CLI Banner. Specify CLI Banner when you want a banner to be displayed before the login prompt. • Text Configuration. Specify configuration in text mode to update the switch's configuration. If the file has errors, the update is stopped. • Use Config Script to specify the script configuration file.
PAGE 415
M4100 Series Managed Switch The factory default is IPv4. 12. Use Server Address to enter the IP address of the server in accordance with the format indicated by the server address type. The factory default is the IPv4 address 0.0.0.0. 13. Use Remote File Path to enter the path of the file to download. The file path cannot include the following symbols: ' \:*?”<>| '. Up to 32 characters can be entered. The factory default is blank. 14.
PAGE 416
M4100 Series Managed Switch 7. Select Maintenance  Download  HTTP File Download. Note: To download SSH key files, SSH must be administratively disabled and there can be no active SSH sessions. Note: To download SSL PEM files, SSL must be administratively disabled and there can be no active SSH sessions. 8. Use File Type to specify what type of file to transfer: • Archive. Specify archive (STK) code to upgrade the operational flash: • Image1. Specify the code image1 to download. • Image2.
PAGE 417
M4100 Series Managed Switch • Image2. Specify the code image2 to retrieve. 10. If you are downloading an image (Archive), select the image on the switch to overwrite. This field is visible only when Archive is selected as the File Type. Note: NETGEAR recommends that you not overwrite the active image. The system displays a warning that you are trying to overwrite the active image. 11. Click BROWSE to open a file upload window to locate the file to download. 12.
PAGE 418
M4100 Series Managed Switch 7. Select Maintenance  Download  USB File Upload. 8. Use File Type to specify what type of file to upload: • Archive. Specify archive (STK) code to retrieve from the operational flash: • Text Configuration to specify configuration in text mode to retrieve the stored configuration. The factory default is Archive. 9. Use Image Name to select one of the images from the list: • Image1. Specify the code image1 to retrieve. • Image2. Specify the code image2 to retrieve. 10.
PAGE 419
M4100 Series Managed Switch The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button. The web management interface menu displays. 7. Select Maintenance  File Management  Copy. 8. Use Source Image to select the image1 or image2 as source image when copy occurs. 9. Use Destination Image to select the image1 or image2 as destination image when copy occurs.
PAGE 420
M4100 Series Managed Switch 7. Select Maintenance  File Management  Dual Image Configuration. 8. Use Unit to select the unit. 9. Use Next Active Image to make the selected image the next active image for subsequent reboots. 10. Use Image Description to specify the description for the image that you selected. 11. Click DELETE to delete the selected image from permanent storage on the switch. 12. Click the APPLY button. The updated configuration is sent to the switch.
PAGE 421
M4100 Series Managed Switch • Tx = Count, Rx = 0 Min/Max/Avg RTT = 0/0/0 msec If a reply to the ping is received, the following messages display:  • Received response for Seq Num 0 Rtt xyz usec • Received response for Seq Num 1 Rtt abc usec • Received response for Seq Num 2 Rtt def usec • Tx = Count, Rx = Count Min/Max/Avg RTT = xyz/abc/def msec. To configure the settings and ping a host on the network: 1. Prepare your computer with a static IP address in the 169.254.100.
PAGE 422
M4100 Series Managed Switch • Interval (secs). Enter the interval between ping packets in seconds. The interval you enter is not retained across a power cycle. • Datagram Size. Enter the Size of ping packet. The size you enter is not retained across a power cycle. PING displays the result after the switch sends a Ping request to the specified address. 10. Click the APPLY button.
PAGE 423
M4100 Series Managed Switch 8. Use Ping to select either global IPv6 address, host name, or link local address to ping. 9. Use IPv6 Address/Hostname to enter the IPv6 address or host name of the station you want the switch to ping. T he initial value is blank. The IPv6 address or host name you enter is not retained across a power cycle. 10. Use Datagram Size to enter the datagram size. The valid range is 48 to 2048. Results display after the switch sends a ping IPv6 request to the specified IPv6 address.
PAGE 424
M4100 Series Managed Switch The Login screen displays. 5. Enter the user name and password. The default admin user name is admin and the default admin password is blank, that is, do not enter a password. 6. Click the Login button. The web management interface menu displays. 7. Select Maintenance  Troubleshooting  Traceroute IPv4. 8. Use IP Address/Hostname to enter the IP address or host name of the station you want the switch to discover path. The initial value is blank.
PAGE 425
M4100 Series Managed Switch • Port. Enter the UDP Dest port in probe packets. The initial value is default value. The port you enter is not retained across a power cycle. • Size. Enter the size of probe packets. The initial value is default value. The size you enter is not retained across a power cycle. 10. Click the APPLY button. The traceroute initiates. The results display in the TraceRoute area.
PAGE 426
M4100 Series Managed Switch 7. Select Maintenance  Troubleshooting  Traceroute IPv6. 8. Use IPv6 Address/Hostname to enter the IPv6 address or host name of the station you want the switch to discover path. The initial value is blank. The IPv6 address or host name you enter is not retained across a power cycle. 9. Use Port to enter the UDP Dest port in probe packets. The initial value is the default value. The port you enter is not retained across a power cycle.
PAGE 427
A. A Default Settings This appendix describes the default settings for many of the NETGEAR M4100 Managed Switch software features. Factory Default Settings The following table describes the factory default settings for the switch. Table 106. Factory default settings Feature Default IP address 169.254.100.100 Subnet mask 255.255.0.0 Default gateway 0.0.0.
PAGE 428
M4100 Series Managed Switch Table 106. Factory default settings (continued) Feature Default Auto Install Enabled Auto Save Disabled sFlow Enabled ISDP Enabled (Versions 1 and 2) RMON Enabled TACACS Not configured RADIUS Not configured SSH/SSL Disabled Telnet Enabled Denial of Service Protection Disabled Dot1x Authentication (IEEE 802.
PAGE 429
M4100 Series Managed Switch Table 106. Factory default settings (continued) Feature Default MAC Table Address Aging 300 seconds (Dynamic Addresses) DHCP Layer 2 Relay Disabled Default VLAN ID 1 Default VLAN Name Default GVRP Disabled GARP Timers Leave: 60 centiseconds Leave All: 1000 centiseconds Join: 20 centiseconds Voice VLAN Disabled Guest VLAN Disabled RADIUS-assigned VLANs Disabled Double VLANs Disabled Spanning Tree Protocol (STP) Enabled STP Operation Mode IEEE 802.
PAGE 430
B. Configuration Examples This appendix contains information about how to configure the following features: • Virtual Local Area Networks • Access Control Lists • Differentiated Services (DiffServ) • 802.
PAGE 431
M4100 Series Managed Switch Virtual Local Area Networks A local area network (LAN) can generally be defined as a broadcast domain. Hubs, bridges, or switches in the same physical segment or segments connect all end node devices. End nodes can communicate with each other without the need for a router. Routers connect LANs together, routing the traffic to the appropriate port.
PAGE 432
M4100 Series Managed Switch • Packets leaving the switch are either tagged or untagged, depending on the setting for that port’s VLAN membership properties. A U for a given port means that packets leaving the switch from that port are untagged. Inversely, a T for a given port means that packets leaving the switch from that port are tagged with the VLAN ID that is associated with the port.
PAGE 433
M4100 Series Managed Switch • If an untagged packet enters port 4, the switch tags it with VLAN ID 20. The packet has access to port 5 and port 6. The outgoing packet is stripped of its tag to become an untagged packet as it leaves port 6. For port 5, the outgoing packet leaves as a tagged packet with VLAN ID 20. Access Control Lists Access control lists (ACLs) ensure that only authorized users can access specific resources while blocking off any unwarranted attempts to reach network resources.
PAGE 434
M4100 Series Managed Switch • Action: Permit • Assign Queue ID: 0 • Match Every: False • CoS: 0 • Destination MAC: 01:02:1A:BC:DE:EF • Destination MAC Mask: 00:00:00:00:FF:FF • EtherType User Value: • Source MAC: 02:02:1A:BC:DE:EF • Source MAC Mask: 00:00:00:00:FF:FF • VLAN ID: 2 For more information about MAC ACL rules, see Configure MAC Rules on page 349. 3.
PAGE 435
M4100 Series Managed Switch • Match Every: False • Source IP address: 192.168.187.0 • Source IP Mask: 255.255.255.0 For additional information about IP ACL rules, see Configure Rules for an IP ACL on page 355. 3. Click the ADD button. 4. From the IP Rules screen, create a second rule for IP ACL 1 with the following settings: • Rule ID: 2 • Action: Permit • Match Every: True 5. Click the ADD button. 6.
PAGE 436
M4100 Series Managed Switch • Integrated Services: Network resources are apportioned based on request and are reserved (resource reservation) according to network management policy (RSVP, for example). • Differentiated Services: Network resources are apportioned based on traffic classification and priority, giving preferential treatment to data with strict timing requirements. The managed switch support DiffServ.
PAGE 437
M4100 Series Managed Switch • Protocol-based • Address-based You can combine these classifiers with logical AND or OR operations to build complex MF classifiers (by specifying a class type of all or any, respectively). That is, within a single class, multiple match criteria are grouped together as an AND expression or a sequential OR expression, depending on the defined class type.
PAGE 438
M4100 Series Managed Switch packets that are either in excess of the conformance specification or are nonconformant. The DiffServ feature supports the following types of traffic policing treatments (actions): • drop. The packet is dropped. • mark cos. The 802.1p user priority bits are (re)marked and forwarded. • mark dscp. The packet DSCP is (re)marked and forwarded. • mark prec. The packet IP precedence is (re)marked and forwarded. • send: The packet is forwarded without DiffServ modification.
PAGE 439
M4100 Series Managed Switch • Destination Mask: 255.255.255.0 • Destination L4 Port: Other, and enter 4568 as the destination port value For more information, see Configure a DiffServ Class on page 247. 4. Click the APPLY button. 5. From the Policy Configuration screen, create a new policy with the following settings: • Policy Selector: Policy1 • Member Class: Class1 For more information, seeConfigure DiffServ Policy on page 254 . 6. Click the ADD button. The new policy is added. 7.
PAGE 440
M4100 Series Managed Switch 802.1X Local area networks (LANs) are often deployed in environments that permit unauthorized devices to be physically attached to the LAN infrastructure, or permit unauthorized users to attempt to access the LAN through equipment already attached. In such environments, it might be desirable to restrict access to the services offered by the LAN to those users and devices that are permitted to use those services.
PAGE 441
M4100 Series Managed Switch 1. Authenticator: A port that enforces authentication before allowing access to services available through that port. 2. Supplicant: A port that attempts to access services offered by the authenticator. Additionally, there exists a third role: 3. Authentication server: Performs the authentication function necessary to check the credentials of the supplicant on behalf of the authenticator. All three roles are required in order to complete an authentication exchange.
PAGE 442
M4100 Series Managed Switch You can configure additional settings to control access to the network through the ports. See Port Security Interface Configuration on page 287 for information about the settings. 4. Click the APPLY button. 5. From the 802.1X Configuration screen, set the Port Based Authentication State and Guest VLAN Mode to Enable, and then click the APPLY button. Ssee Port Security Configuration on page 286.
PAGE 443
M4100 Series Managed Switch A MSTP bridge can be configured to behave entirely as a RSTP bridge or a STP bridge. So, an IEEE 802.1s bridge inherently also supports IEEE 802.1w and IEEE 802.1D. The MSTP algorithm and protocol provide simple and full connectivity for frames assigned to any given VLAN throughout a bridged LAN comprising arbitrarily interconnected networking devices, each operating MSTP, STP, or RSTP.
PAGE 444
M4100 Series Managed Switch The combination of VID to FID and then FID to MSTI allocation defines a mapping of VIDs to spanning tree instances, represented by the MST Configuration Table. With this allocation we ensure that every VLAN is assigned to one and only one MSTI. The CIST is also an instance of spanning tree with a MSTID of 0. An instance might occur that has no VIDs allocated to it, but every VLAN must be allocated to one of the other instances of spanning tree.
PAGE 445
M4100 Series Managed Switch 3. From the STP Configuration screen, enable the Spanning Tree State option. See Spanning Tree Protocol Overview on page 145. 4. Use the default values for the rest of the STP configuration settings. By default, the STP Operation Mode is MSTP and the configuration name is the switch MAC address. 5.
PAGE 446
M4100 Series Managed Switch 13. Click the ADD button. In this example, assume that Switch 1 has become the root bridge for MST instance 1, and Switch 2 has become the root bridge for MST instance 2. Switch 3 has hosts in the Sales department (ports 1/0/1, 1/0/2, and 1/0/3) and in the HR department (ports 1/0/4 and 1/0/5). Switches 1 and 2 also use hosts in the Sales and Human Resources departments.