Management Software AT-S95 Web Browser Interface User’s Guide AT-8000GS Series Stackable Gigabit Ethernet Switches Version 1.0.1 613-001021 Rev.
Copyright © 2008 Allied Telesis, Inc. All rights reserved. No part of this publication may be reproduced without prior written permission from Allied Telesis, Inc. Allied Telesis is a trademark of Allied Telesis, Inc. Microsoft and Internet Explorer are registered trademarks of Microsoft Corporation. Netscape Navigator is a registered trademark of Netscape Communications Corporation.
Contents Preface.................................................................................................................................... 7 Web Browser Interface User’s Guide Overview .............................................................................. 7 Intended Audience........................................................................................................................... 8 Document Conventions ........................................................................
Configuring DHCP Snooping ................................................................................................ 68 Defining DHCP Snooping General Properties .........................................................................................68 Defining DHCP Snooping on VLANs .......................................................................................................70 Defining Trusted Interfaces.......................................................................................
Defining SNMP Views............................................................................................................................143 Defining Notification Recipients .............................................................................................................145 Defining Notification Filters ....................................................................................................................149 Configuring Power Over Ethernet ....................................
Spanning Tree Defaults ............................................................................................................194 Address Table Defaults.............................................................................................................194 VLAN Defaults ..........................................................................................................................194 Trunking Defaults.....................................................................................
Preface Web Browser Interface User’s Guide Overview Preface This guide contains instructions on how to configure an AT-S95 Series Layer 2+ Gigabit Ethernet Switch using the interface in the Embedded Management System (EWS). The Embedded Management System enables configuring, monitoring, and troubleshooting of network devices remotely via a web browser. The web pages are easy-to-use and easy-to-navigate.
Preface Intended Audience • Section 16, “Managing Stacking” — Provides information for stacking, including a stacking overview. • Appendix A, “Downloading Software with CLI” — Provides information for downloading system files using the Command Line Interface. Appendix B, “System Defaults” — Provides lists of the device’s default values. • Intended Audience This guide is intended for network administrators familiar with IT concepts and terminology.
Getting Started Starting the Application Section 1. Getting Started This section provides an introduction to the Web Browser Interface, and includes the following topics: • • • • Starting the Application User Interface Components Resetting the Device Starting the Application Starting the Application This section contains information for starting the application. The login information is configured with a default user name and password. The default password is friend; the default user name is manager.
Getting Started Starting the Application Figure 2: System General Page Page 10
Getting Started Using the Web Browser Interface Using the Web Browser Interface This section provides general information about the interface, and describes the following topics: • • • • Viewing the Device Representation User Interface Components Using the Management Buttons Adding, Modifying and Deleting Information Viewing the Device Representation Zoom Views provide a graphical representation of the device ports.
Getting Started Using the Web Browser Interface User Interface Components The System General Page example shows the interface components. Figure 4: System General Page The following table lists the interface components with their corresponding numbers: Table 1: Interface Components Comp on en t Des cription 1 Menu The Menu provides easy navigation through the main management software features. In addition, the Menu provides general navigation options.
Getting Started Using the Web Browser Interface Using the Management Buttons Management buttons provide an easy method of configuring device information, and include the following: Table 2: Butto n Configuration Management Buttons Bu t to n Na me D escr ip tio n Add Opens a page which creates new configuration entries. Create Opens a page which creates new configuration entries. Modify Modifies the configuration settings.
Getting Started Using the Web Browser Interface Adding, Modifying and Deleting Information The WBI contains and tables for configuring devices. User-defined information can be added, modified or deleted in specific WBI pages. To add information to tables or WBI pages: 1. Open a WBI page. 2. Click Add. An Add page opens, for example, the Add Local User Page: Figure 5: 3. 4. Add Local User Page Define the fields. Click Apply. The configuration information is saved, and the device is updated.
Getting Started Logging Out 4. Define the fields. 5. Click Apply. The fields are modified, and the information is saved to the device. To delete information in tables or WBI pages: 1. 2. 3. Open the WBI page. Select a table row. Click Delete. The information is deleted, and the device is updated. Saving Configurations User-defined information can be saved for permanent use or until next update, not just for the current session.
Getting Started Resetting the Device Resetting the Device The Reset option enables resetting the device from a remote location. Note Save all changes to the Running Configuration file before resetting the device. This prevents the current device configuration from being lost. See also "System Utilities". To reset the device: 1. In the System General Page, click Reset. You are prompted to confirm. 2. Click OK. The device is reset. Resetting the device ends the web browser management session.
Defining System Information Section 2. Defining System Information The contains general device information, including system name and its IP addressing, administrator and passwords information, Dynamic Host Configuration Protocol (DHCP) configuration and MAC Address Aging Time. To define the general system information: 1. Click System > General. The opens: Figure 8: System General Page The comprises two sections: Administration and DHCP Configuration.
Defining System Information • Default Gateway — The IP address of a router for remote management of the device. The address must be entered in the format: xxx.xxx.xxx.xxx. The default value is 0.0.0.0. Note Packets are forwarded to the default IP when frames are sent to a remote network via the default gateway. The configured IP address must belong to the same subnet as one of the IP interfaces.
Configuring System Time Section 3. Configuring System Time The System Time Page provides information for configuring system time parameters, including: • • • Setting the System Clock Configuring SNTP Configuring Daylight Saving Time Setting the System Clock The System Time Page contains fields for defining system time parameters for both the local hardware clock and the external SNTP clock.
Configuring System Time The Clock Source and System Time sections of the System Time Page contain the following fields: • Clock Source — The source used to set the system clock. The possible field values are: – – • • • Local Settings — Indicates that the clock is set locally. SNTP — Indicates that the system time is set via an SNTP server. System Time — Sets the local clock time. The field format is HH:MM:SS. For example: 21:15:03. System Date — Sets the system date.
Configuring System Time Broadcast Time Information Broadcast information is used when the server IP address is unknown. When a broadcast message is sent from an SNTP server, the SNTP client listens for the response. The SNTP client neither sends time information requests nor receives responses from the Broadcast server. Message Digest 5 (MD5) Authentication safeguards device synchronization paths to SNTP servers. MD5 is an algorithm that produces a 128-bit hash.
Configuring System Time – • • • • 2. 3. 4. Time — The time at which DST begins. The field format is HH:MM. For example: 05:30. To — Indicates the time that DST ends in countries other than the USA and Europe, in the format Day/Month/ Year in one field and HH:MM in another. For example, if DST ends on March 23, 2008 at midnight, the two fields should be 23/Mar/08 and 00:00. The possible field values are: – – – – Date — The date on which DST ends. The possible field range is 1-31.
Configuring System Time • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • Canada — From the first Sunday in April until the last Sunday of October. Daylight Saving Time is usually regulated by provincial and territorial governments. Exceptions may exist in certain municipalities. Cuba — From the last Sunday of March to the last Sunday of October. Cyprus — From the last weekend of March until the last weekend of October.
Configuring System Time • • • Turkey — From the last weekend of March until the last weekend of October. United Kingdom — From the last weekend of March until the last weekend of October. United States of America — From the second Sunday in March at 02:00 to the first Sunday in November at 02:00.
Configuring Device Security Section 4. Configuring Device Security This section describes setting security parameters for ports, device management methods, users, and servers.
Configuring Device Security Configuring Management Security Configuring Management Security This section provides information for configuring device management security, device authentication methods, users and passwords. This section includes the following topics: • • • • Defining Access Profiles Defining Profile Rules Defining Authentication Profiles Mapping Authentication Profiles Defining Access Profiles Access profiles are profiles and rules for accessing the device.
Configuring Device Security Configuring Management Security Figure 10: Access Profile Page The Access Profile Page contains a table listing the currently defined profiles and their active status: • • Access Profile Name — The name of the profile. The access profile name can contain up to 32 characters. Current Active Access Profile — Indicates if the profile is currently active. The possible field values are: – – 2. Checked — The access profile is currently active.
Configuring Device Security Configuring Management Security Figure 11: Add Access Profile Page The Add Access Profile Page contains the following fields: • • • Access Profile Name — Defines the name of a new access profile. Rule Priority — Defines the rule priority. When the packet is matched to a rule, user groups are either granted permission or denied device management access. The rule number is essential to matching packets to rules, as packets are matched on a first-fit basis.
Configuring Device Security Configuring Management Security • Action — Defines the action attached to the access rule. The possible field values are: – – 3. 4. 5. Permit — Permits access to the device. Deny — Denies access to the device. This is the default. Define the fields. Click Apply. The access profile is saved and the device is updated. Click Save Config on the menu to save the changes permanently.
Configuring Device Security Configuring Management Security Defining Profile Rules Access profiles can contain up to 128 rules that determine which users can manage the device module, and by which methods. Users can also be blocked from accessing the device. Rules are composed of filters including: • • • • • • Rule Priority Interface Management Method IP Address Prefix Length Forwarding Action To define profile rules: 1. Click Mgmt.
Configuring Device Security Configuring Management Security • Management Method — Defines the management method for which the rule is defined. Users with this access profile can access the device using the management method selected. The possible field values are: – – • • • Telnet — Assigns Telnet access to the rule. If selected, users accessing the device using Telnet meeting access profile criteria are permitted or denied access to the device. – Secure Telnet (SSH) — Assigns SSH access to the rule.
Configuring Device Security Configuring Management Security To modify an access rule: 1. Click Mgmt. Security > Profile Rules: The Profile Rules Page opens. 2. Click Modify. The Profiles Rules Configuration Page opens: Figure 14: Profiles Rules Configuration Page 3. 4. Define the fields. Click Apply. The profile rule is saved, and the device is updated.
Configuring Device Security Configuring Management Security Defining Authentication Profiles Authentication profiles allow network administrators to assign authentication methods for user authentication. User authentication can be performed either locally or on an external server. User authentication occurs in the order the methods are selected. If the first authentication method is not available, the next selected method is used.
Configuring Device Security Configuring Management Security 2. – RADIUS — Authenticates the user at the RADIUS server. For more information, see Defining RADIUS Server Settings. – TACACS+ — Authenticates the user at the TACACS+ server. For more information, see Defining TACACS+ Host Settings. – Local, RADIUS — Indicates that authentication first occurs locally. If authentication cannot be verified locally, the RADIUS server authenticates the management method.
Configuring Device Security Configuring Management Security 4. 5. 6. Enter the Profile Name. Using the arrows, move the method(s) from the Optional Method list to the Selected Method list. Click Apply. The authentication profile is defined. The profile is added to the profiles table and the device is updated. To modify the authentication profile settings: 1. Click Mgmt. Security > Authentication Profiles. The Authentication Profiles Page opens. 2. Click Modify.
Configuring Device Security Configuring Management Security Mapping Authentication Profiles After authentication profiles are defined, they can be applied to management access methods. For example, console users can be authenticated by Authentication Profile List 1, while Telnet users are authenticated by Authentication Profile List 2. Authentication methods are selected using arrows. The order in which the methods are selected is the order by which the authentication methods are used.
Configuring Device Security Configuring Management Security • Secure HTTP — Indicates that authentication methods are used for secure HTTP access. The possible methods are: – – – – • Local — Authentication occurs locally. RADIUS — Authenticates the user at the RADIUS server. TACACS+ — Authenticates the user at the TACACS+ server. None — Indicates that no authentication method is used for access. HTTP — Indicates that authentication methods are used for HTTP access.
Configuring Device Security Configuring Server Based Authentication Configuring Server Based Authentication Network administrators assign authentication methods for user authentication. User authentication can be performed locally, or on an external server. User authentication occurs in the order the methods are selected. If the first authentication method is not available, the next selected method is used.
Configuring Device Security Configuring Server Based Authentication The TACACS+ Page contains the following fields: • Timeout for Reply — Defines the time interval in seconds that passes before the connection between the device and the TACACS+ server times out. The field range is 1-60 seconds and the default is 10 seconds. • Key String — Defines the default key string. • Server # — Displays the server number. • Host IP Address — Displays the TACACS+ server IP address.
Configuring Device Security Configuring Server Based Authentication To modify TACACS+ server settings: 1. Click Mgmt. Protocols > TACACS+. The TACACS+ Page opens. 2. Click Modify. The TACACS+ Configuration Page opens: Figure 21: TACACS+ Configuration Page 3. 4. Define the relevant fields. Click Apply. The TACACS+ settings are modified, and the device is updated.
Configuring Device Security Configuring Server Based Authentication Configuring RADIUS Remote Authorization Dial-In User Service (RADIUS) servers provide additional security for networks. RADIUS servers provide a centralized authentication method for web access. To configure RADIUS security settings: 1. Click Mgmt. Protocols > RADIUS.
Configuring Device Security Configuring Server Based Authentication • • • • • • • Authentication Port — Identifies the authentication port. The authentication port is used to verify the RADIUS server authentication. The authenticated port default is 1812. Number of Retries — Defines the number of transmitted requests sent to the RADIUS server before a failure occurs. Possible field values are 1-10.
Configuring Device Security Configuring Server Based Authentication Figure 24: RADIUS Configuration Page 3. 4. Define the relevant fields. Click Apply. The RADIUS server settings are modified, and the device is updated.
Configuring Device Security Configuring Server Based Authentication Configuring Local Users Network administrators can define users, passwords, and access levels for users using the Local Users Page. To configure local users and passwords: 1. Click Mgmt. Security > Local Users. The Local Users Page opens: Figure 25: Local Users Page The Local Users Page displays the list of currently defined local users and contains the following fields: • User Name — Displays the user’s name.
Configuring Device Security Configuring Server Based Authentication Figure 26: Add Local User Page In addition to the fields in the Local Users Page, the Add Local User Page contains the following fields: • Password — Defines the local user password. Local user passwords can contain up to 159 characters. • Confirm Password — Verifies the password. 3. 4. Define the fields. Click Apply. The user is added to the Local Users table and the device is updated. To modify local users: 1. Click Mgmt.
Configuring Device Security Configuring Server Based Authentication Defining Line Passwords Network administrators can define line passwords in the Line Password Page. The administrator enters the new password in the Password column and then confirms it in the Confirm Password column. After the line password is defined, a management method is assigned to the password. The device can be accessed using the following methods: • • • Console Telnet Secure Telnet To define line passwords: 1. Click Mgmt.
Configuring Device Security Configuring Network Security Configuring Network Security Network security manages locked ports. Port-based authentication provides traditional 802.1x support, as well as, Guest VLANs. Guest VLANs limited network access to authorized ports. If a port is denied network access via port-based authorization, but the Guest VLAN is enabled, the port receives limited network access.
Configuring Device Security Configuring Network Security Figure 29: Port Security Page The Port Security Page displays the Zoom View of the selected stacking member’s (defined in the Unit No. field) ports. 2. In the Unit No. field, select the stacking member to display. 3. Select the ports to lock. The port indicator changes to selected. 4. Click Modify.
Configuring Device Security Configuring Network Security Figure 30: Port Security Configuration Page The Port Security Configuration Page contains the following fields: • Interface — Displays the port name. • Action On Violation— Indicates the intruder action defined for the port. Indicates the action to be applied to packets arriving on a locked port. The possible values are: – – – • • • Forward — Forwards packets from an unknown source without learning the MAC address.
Configuring Device Security Configuring Network Security Defining 802.1x Port Access The 802.1x Port Access Page allows enabling port access globally, defining the authentication method, and configuration of port roles and settings. To configure 802.1x port access parameters: 1. Click Network Security > 802.1x Port Access. The 802.1x Port Access Page opens: Figure 31: 802.1x Port Access Page The 802.1x Port Access Page contains the following fields: • Enable Port Access — Enables the 802.
Configuring Device Security Configuring Network Security The 802.1x Port Access Page also displays the Zoom View of the selected stacking member’s (defined in the Unit No. field) ports. 2. Select Enable Port Access. 3. Select the Authentication Method. 4. Define the VLAN fields 5. Click Apply. The 802.1x access is configured globally and device information is updated. To modify port based authentication settings: 1. Click Modify.
Configuring Device Security Configuring Network Security • Admin Port Control — Indicates the port state. The possible field values are: – Auto —Enables port-based authentication on the device. The interface moves between an authorized or unauthorized state based on the authentication exchange between the device and the client. – ForceAuthorized — Indicates the interface is in an authorized state without being authenticated.
Configuring Device Security Configuring Network Security Enabling Storm Control Storm control limits the amount of unknown Unicast, Multicast and Broadcast frames accepted and forwarded by the device. When Layer 2 frames are forwarded, Broadcast, and Multicast frames are flooded to all ports on the relevant VLAN. This occupies bandwidth, and loads all nodes on all ports. A Broadcast Storm is a result of an excessive amount of broadcast messages simultaneously transmitted across a network by a single port.
Configuring Device Security Configuring Network Security Figure 34: Storm Control Configuration Page The Storm Control Configuration Page contains the following fields: • Port — Indicates the port from which storm control is enabled. • Enable Broadcast Control — Indicates if forwarding Broadcast packet types is enabled on the port. The field values are: – – • Enabled — Enables storm control on the selected port. Disabled — Disables storm control on the selected port.
Configuring Device Security Defining Access Control Defining Access Control Access Control Lists (ACL) allow network managers to define classification actions and rules for specific ingress ports. Your switch supports up to 256 ACLs. Packets entering an ingress port, with an active ACL, are either admitted or denied entry. If they are denied entry, the user can disable the port. ACLs are composed of access control entries (ACEs) that are made of the filters that determine traffic classifications.
Configuring Device Security Defining Access Control The MAC Based ACL Page contains the following fields: • • • • • • • • • • • • • 2. ACL Name — Displays the specific MAC based ACLs. Remove ACL — Deletes the specified ACL. The possible field values are: – – Checked — Deletes the ACL when user clicks the Apply button. – – – Permit — Forwards packets which meet the ACL criteria. Unchecked — Maintains the ACL.
Configuring Device Security Defining Access Control Figure 36: Add MAC Based ACL Page 3. 4. 5. 6. In the ACL Name field, type a name for the ACL. Enable Rule Priority and define the ACL’s relevant fields. Click Apply. The MAC Based ACL configuration is defined and the device is updated. Click Save Config on the menu to save the changes permanently. Adding ACE Rules 1. 2. Click Network Security > MAC Based ACL. The MAC Based ACL Page opens. Click the Add ACE button. The Add MAC Based ACE Page opens.
Configuring Device Security Defining Access Control Figure 37: Add MAC Based ACE Page 3. 4. 5. Define the fields. Click Apply. The MAC Based ACE rule is defined and the device is updated. Click Save Config on the menu to save the changes permanently. To modify the MAC Based ACL configuration: 1. Click Network Security > MAC Based ACL. The MAC Based ACL Page opens. 2. Click Modify.
Configuring Device Security Defining Access Control 3. 4. 5. Define the fields. Click Apply. The MAC Based ACL configuration is defined, and the device is updated. Click Save Config on the menu to save the changes permanently.
Configuring Device Security Defining Access Control Defining IP Based ACL The IP Based ACL Page contains information for defining IP Based ACLs, including defining the ACEs defined for IP Based ACLs. 1. Click Network Security > IP Based ACL. The IP Based ACL Page opens. Figure 39: IP Based ACL Page The IP Based ACL Page contains the following fields: • • • • ACL Name — Displays the specific IP based ACLs. Remove ACL — Deletes the specified ACL.
Configuring Device Security Defining Access Control – TCP — Transmission Control Protocol (TCP). Enables two hosts to communicate and exchange data streams. TCP guarantees packet delivery, and guarantees packets are transmitted and received in the order they are sent. – EGP — Exterior Gateway Protocol (EGP). Permits the exchange of routing information between two neighboring gateway hosts in an autonomous systems network. – IGP — Interior Gateway Protocol (IGP).
Configuring Device Security Defining Access Control • Destination – – • IP Address — Matches the destination port IP address to which packets are addressed to the ACE. Mask — Defines the destination IP address wildcard mask. Wildcard masks specify which bits are used and which bits are ignored. A wild card mask of 255.255.255.255 indicates that no bit is important. A wildcard of 0.0.0.0 indicates that all the bits are important. For example, if the destination IP address 149.36.184.
Configuring Device Security Defining Access Control Figure 40: Add IP Based ACL Page In addition to the IP Based ACL Page, the Add IP Based ACL Page contains the following fields: • Match QoS — Enables or disables the ACL classification to identify flows based on QoS values, such as DSCP or IP Precedence. The possible field values are: – Checked — Enables identification of flows based on QoS values. Selecting this option makes the Match DSCP and Match IP Precedence fields available. – 3. 4. 5.
Configuring Device Security Defining Access Control Adding ACE Rules 1. 2. Click Network Security > IP Based ACL. The IP Based ACL Page opens. Click the Add ACE button. The Add IP Based ACE Page page opens. Figure 41: Add IP Based ACE Page 3. 4. 5. Define the fields. Click Apply. The IP Based ACE rule is defined and the device is updated. Click Save Config on the menu to save the changes permanently. To modify the IP Based ACL configuration: 1. Click Network Security > IP Based ACL.
Configuring Device Security Defining Access Control Figure 42: IP Based ACL Configuration Page 3. 4. 5. Define the fields. Click Apply. The IP Based ACL configuration is defined, and the device is updated. Click Save Config on the menu to save the changes permanently.
Configuring Device Security Defining Access Control Defining ACL Binding When an ACL is bound to an interface, all the ACE rules that have been defined are applied to the selected interface. Whenever an ACL is assigned on an interface, flows from that ingress interface that do not match the ACL are matched to the default rule, which is Drop unmatched packets. 1. Click Network Security > ACL Binding.
Configuring Device Security Defining Access Control Figure 44: ACL Binding Configuration The ACL Binding Configuration contains the following fields: • Interface — Choose the interface to which the ACL is bound. The possible values are: – – • 3. 4. 5. Port — Port associated with the ACL. Trunk — Trunk associated with the ACL. Select IP Based ACL or MAC Based ACL — Choose the ACL which is bound to the interface. Define the fields. Click Apply. ACL binding is defined, and the device is updated.
Configuring DHCP Snooping Section 5. Configuring DHCP Snooping DHCP Snooping expands network security by providing an extra layer of security between untrusted interfaces and DHCP servers. By enabling DHCP Snooping network administrators can identify between trusted interfaces connected to end-users or DHCP Servers, and untrusted interface located beyond the network firewall. DHCP Snooping filters untrusted messages.
Configuring DHCP Snooping Figure 45: DHCP Snooping General Page The DHCP Snooping General Page contains the following fields: • • Enable DHCP Snooping Status — Indicates if DHCP Snooping is enabled on the device. The possible field values are: – – Checked — Enables DHCP Snooping on the device. – Enable — If DHCP Option 82 with data insertion is enabled, the DHCP relay agent or DHCP Snooping switch can insert information into the DHCP DISCOVER message.
Configuring DHCP Snooping • DHCP Option 82 Insertion — DHCP Option 82 attaches authentication messages to the packets sent to DHCP Server via TCP/IP network. The option permits network administrators to limit address allocation to authorized hosts only. This permits network administrators to limit address allocation authorized hosts. The possible field values are: – – 2. 3. 4. Enable — Enables DHCP Option 82 Insertion on the device. Disable — Disables DHCP Option 82 Insertion on the device.
Configuring DHCP Snooping Defining Trusted Interfaces The Trusted Interfaces Page allows network manager to define Trusted interfaces. Trusted interfaces are connected to DHCP servers, switches, or hosts which do not require DHCP packet filtering. Trusted interfaces receive packets only from within the network or the network firewall, and are allowed to respond to DHCP requests. Packets sent from an interface outside the network, or from beyond the network firewall, are blocked by trusted interfaces.
Configuring DHCP Snooping 2. 3. From the global Interface field, define the specific port or trunk. In the table, select an interface and click Modify. The Trusted Configuration page opens. Figure 48: Trusted Configuration Page 4. • Edit the following field: Trusted Status — Indicates whether the interface is a Trusted Interface. – – 5. 6. Enable — Interface is in trusted mode. Disable — Interface is in untrusted mode. Click Apply.
Configuring DHCP Snooping Binding Addresses to the DHCP Snooping Database The Binding Database Page contains parameters for querying and adding IP addresses to the DHCP Snooping Database. To bind addresses to the DHCP Snooping database: 1. Click DHCP Snooping > Binding Database. The Binding Database Page opens: Figure 49: Binding Database Page 2. Define any of the following fields as a query filter: Query Parameters • MAC Address — Indicates the MAC addresses recorded in the DHCP Database.
Configuring DHCP Snooping Query Results The Query Results table contains the following fields: • • • • • MAC Address — Indicates the MAC address found during the query. VLAN ID — Displays the VLAN ID to which the IP address is attached in the DHCP Snooping Database. IP Address — Indicates the IP address found during the query. Interface — Indicates the specific interface connected to the address found during the query. Type — Displays the IP address binding type.
Configuring Ports Setting Ports Configurations Section 6. Configuring Ports Port Configuration includes the following procedures for configuring ports and trunks on the device. • • Setting Ports Configurations Aggregating Ports Setting Ports Configurations This section contains the following topics: • • Defining Port Settings Configuring Port Mirroring Defining Port Settings The Port Settings Page contains fields for defining port parameters. To define port general settings: 1.
Configuring Ports Setting Ports Configurations 3. Click Modify. The Port Setting Configuration Page opens: Figure 52: Port Setting Configuration Page The Port Setting Configuration Page contains the following fields: • Port— Lists the names of configured ports. • Description — Provides a user-defined port description. • Port Type — Indicates the type of port.
Configuring Ports Setting Ports Configurations • • • • • • • • • • Admin Status — Displays the link operational status. The possible field values are: – – Up — Indicates that the port is currently operating. – – Up — Indicates the port is currently operating. Down — Indicates that the port is currently not operating. Current Port Status — Indicates whether the port is currently operational or non-operational. The possible field values are: Down — Indicates the port is currently not operating.
Configuring Ports Setting Ports Configurations • Admin Advertisement — Defines the auto negotiation setting the port advertises. The possible field values are: – – – – – – • • • 100 Half — Indicates that the port advertises for a 100 Mbps speed port and half duplex mode setting. 100 Full — Indicates that the port advertises for a 100 Mbps speed port and full duplex mode setting. 1000 Full — Indicates that the port advertises for a 1000 Mbps speed port and full duplex mode setting.
Configuring Ports Setting Ports Configurations Configuring Port Mirroring Port mirroring monitors and mirrors network traffic by forwarding copies of incoming and outgoing packets from one port to a monitoring port. Port mirroring can be used as a diagnostic tool as well as a debugging feature. Port mirroring also enables device performance monitoring.
Configuring Ports Setting Ports Configurations • Status — Indicates if the port is currently monitored. The possible field values are: – – 2. Active — Indicates the port is currently monitored. Ready — Indicates the port is not currently monitored. Click Add. The Add Port Mirroring Page opens: Figure 54: Add Port Mirroring Page The Add Port Mirroring Page contains the following fields: • Unit Number— Displays the stacking member for which the port is defined.
Configuring Ports Setting Ports Configurations 3. 4. 5. Define the Type field. Click Apply. The Port mirroring is modified, and the device is updated. Click Save Config on the menu to permanently save the change.
Configuring Ports Aggregating Ports Aggregating Ports Link Aggregation optimizes port usage by linking a group of ports together to form a single trunk. Aggregating ports multiplies the bandwidth between the devices, increases port flexibility, and provides link redundancy. The device supports both static trunks and Link Aggregation Control Protocol (LACP) trunks. LACP trunks negotiate aggregating port links with other LACP ports located on a different device.
Configuring Ports Aggregating Ports Figure 56: Trunk Settings Page The Trunk Settings Page displays information about the currently defined trunks and contains the following fields: • Trunk — Displays the trunk name. • Description — Displays the user-defined trunk name and/or description. • Type — Indicates the type of trunk defined by the first port assigned to the trunk. For example, 100-Copper, or 100-Fiber. • Status — Indicates if the trunk is currently linked.
Configuring Ports Aggregating Ports – • 2. Disable — LACP is disabled on the trunk. PVE — Enables a port to be a Private VLAN Edge (PVE) port. When a port is defined as PVE, it bypasses the Forwarding Database (FDB), and forwards all Unicast, Multicast and Broadcast traffic to an uplink (except MAC-to-me packets). Uplinks can be a port or GE port. Traffic from the uplink is distributed to all interfaces. Click Modify.
Configuring Ports Aggregating Ports • Current Status — Indicates whether the trunk is currently operational or non-operational. The possible field values are: – – • • • • • • • • • • • • Up — Indicates the trunk is currently operating. Down — Indicates the trunk is currently not operating. Reactivate Suspended — Reactivates suspended trunks. The possible field values are: – – Checked — Reactivates the selected suspended trunk.
Configuring Ports Aggregating Ports • 3. 4. PVE — Enables a port to be a Private VLAN Edge (PVE) port. When a port is defined as PVE, it bypasses the Forwarding Database (FDB), and forwards all Unicast, Multicast and Broadcast traffic to an uplink (except MAC-to-me packets). Uplinks can be a port or GE port. Traffic from the uplink is distributed to all interfaces. Modify the fields. Click Apply. The Trunk settings are saved and the device is updated.
Configuring Ports Aggregating Ports Figure 59: Port Trunking Configuration Page In addition to the fields in the The Port Trunking Page, the Port Trunking Configuration Page contains the following additional field: • • Unit Number — Displays the stacking member for which the port trunking parameters are defined. LACP — Indicates if LACP is enabled on the trunk. The possible field values are: – – Checked — Enables LACP on the trunk. 4. Unchecked — Disables LACP on the trunk.
Configuring Ports Aggregating Ports Configuring LACP Trunk ports can contain different media types if the ports are operating at the same speed. Aggregated links can be set up manually or automatically established by enabling Link Aggregation Control Protocol (LACP) on the relevant links. Aggregate ports can be linked into link-aggregation port-groups. Each group is comprised of ports with the same speed. The LACP Page contains fields for configuring LACP trunks. To configure LACP for trunks: 1.
Configuring Ports Aggregating Ports Figure 61: LACP Configuration Page 3. 4. Define the fields. Click Apply. The LACP settings are saved and the device is updated.
Configuring Interfaces Section 7. Configuring Interfaces This section contains information on configuring the interfaces of the device. This section describes the following topics: • • • Defining MAC Addresses Configuring VLANs Defining MAC Based Groups Defining MAC Addresses The MAC Address Page contains parameters for querying information in the Static MAC Address Table and the Dynamic MAC Address Table, in addition to viewing and configuring Unicast addresses.
Configuring Interfaces The MAC Address Page contains the following fields: • View Static — Displays the static addresses assigned to the ports on the device. • View Dynamic — Displays the dynamic addresses learned on the ports on the device. • View MAC Addresses on Interface — Displays the port’s or trunk’s dynamic or static MAC addresses. • View MAC Addresses for VLAN — Displays the static or dynamic addresses learned on the tagged and untagged ports of a specific VLAN.
Configuring Interfaces To delete all MAC addresses: 1. Click Layer 2 > MAC Address. The MAC Address Page opens. 2. Click Delete in the Delete All MAC Addresses section of the MAC Address Page. All addresses are cleared from the Dynamic MAC Address Table and the device begins to learn new addresses as packets arrive on the ports. To view or remove static MAC addresses: 1. Click Layer 2 > MAC Address. The MAC Address Page opens. 2. Click View.
Configuring Interfaces Configuring VLANs Configuring VLANs This section describes how to create and configure Virtual LANs (VLANs). VLANs are logical subgroups with a Local Area Network (LAN) which combine user stations and network devices into a single unit, regardless of the physical LAN segment to which they are attached. VLANs allow network traffic to flow more efficiently within subgroups.
Configuring Interfaces Configuring VLANs Defining VLAN Properties The VLAN Page provides information and global parameters for configuring and working with VLANs. To configure a VLAN: 1. Click Layer 2 > VLAN. The VLAN Page opens: Figure 65: VLAN Page The VLAN Page is divided into two sections. The first section contains the following fields: • VLAN ID — Defines the VLAN ID. Possible VLAN IDs are 1-4095, in which “1” is reserved for the default VLAN, and “4095” is reserved as the “discard” VLAN.
Configuring Interfaces Configuring VLANs • 2. Interface Status — Indicates the interface’s membership status in the VLAN. The possible field values are: – Tagged — Indicates the interface is a tagged member of a VLAN. All packets forwarded by the interface are tagged. The packets contain VLAN information. – Untagged — Indicates the interface is an untagged VLAN member. Packets forwarded by the interface are untagged. In the default VLAN, this is the default value for all interfaces.
Configuring Interfaces Configuring VLANs Defining VLAN Interface Settings The VLAN Interface Page contains fields for managing ports that are part of a VLAN. To define a VLAN interface: 1. Click Layer 2 > VLAN Interface. The VLAN Interface Page opens: Figure 68: VLAN Interface Page The VLAN Interface Page displays the VLAN interface information for a selected Port/Unit or Trunk: • • • Select the interfaces displayed in the table.
Configuring Interfaces Configuring VLANs • • PVID — Port Default VLAN ID. Assigns a VLAN ID to untagged packets. The possible values are 1-4094. VLAN 4095 is defined as per standard and industry practice as the Discard VLAN. Packets classified to the Discard VLAN are dropped. Frame Type — Specifies the packet type accepted on the port. The possible field values are: – – • • 2. 3. Admit Tag Only — Only tagged packets are accepted on the port.
Configuring Interfaces Configuring VLANs Defining GVRP The GVRP Page enables users to configure GARP VLAN Registration Protocol (GVRP) on the device. GVRP is specifically provided for automatic distribution of VLAN membership information among VLAN-aware bridges. GVRP allows VLAN-aware bridges to automatically learn VLANs to bridge ports mapping, without having to individually configure each bridge and register VLAN membership.
Configuring Interfaces Configuring VLANs • • • • Select the interfaces displayed in the table. – – Ports of Unit — Specifies the port and stacking member for which the GVRP settings are displayed. – – Enable — Enables GVRP on the interface. Trunk — Specifies the trunk for which the GVRP settings are displayed. Interface — Displays the port or trunk name on which GVRP is enabled. The possible field values are: GVRP State — Indicates if GVRP is enabled on the port.
Configuring Interfaces Defining MAC Based Groups Defining MAC Based Groups The MAC Based Groups Page allows network managers to group VLANs based on the VLAN MAC address, and to map protocol groups to VLANs. For these purposes, the page contains two tables: • • MAC-Based Groups table Mapping Group table To define MAC Based Groups: 1. Click Layer 2 > MAC Based Groups.
Configuring Interfaces Defining MAC Based Groups • • 2. Group ID — Defines the protocol group ID to which the interface is added. VLAN ID — Attaches the interface to a user-defined VLAN ID. VLAN group ports can be attached to a VLAN ID. The possible field range is 1-4093, and 4095 (4094 is not available for configuration). Below the MAC-Based Group table, click the Add button.
Configuring Interfaces Defining MAC Based Groups To add a mapped group: 1. 2. Click Layer 2 > MAC Based Groups. The MAC Based Groups Page opens: Below the Mapping Group table, click the Add button. The Add MAC Address Group Mappings Page opens: Figure 75: Add MAC Address Group Mappings Page In addition to the fields in the MAC Based Groups Page, the Add MAC Address Group Mappings Page contains the following additional fields: • Group Type – Indicates the VLAN Group to which interfaces are mapped.
Configuring System Logs Section 8. Configuring System Logs This section provides information for managing system logs. System logs enable viewing device events in real time and recording the events for later usage. System Logs record and manage events, and report errors and informational messages.
Configuring System Logs Seve rity Le vel De scrip tio n Mess ag e Informational 6 Provides device information. Provides device information. Debug 7 Provides detailed information about the log. If a Debug error occurs, contact Customer Tech Support. Provides detailed information about the log. If a Debug error occurs, contact Customer Tech Support. The Event Log Page page contains fields for defining which events are recorded to which logs.
Configuring System Logs • • • IP Address — Displays the defined IP address of the syslog server. Minimum Severity — Indicates the defined minimum severity level. Description — Provides additional information about the syslog server. Clearing Event Logs To clear all events from the log: 1. Click System > Event Log. The Event Log Page opens: 2. Click Clear Logs. The stored logs are cleared. If logging is enabled, the system begins to log new events. Adding Log Servers To add a log server: 1.
Configuring System Logs • 4. 5. Facility — Defines an application from which system logs are sent to the remote server. Only one facility can be assigned to a single server. If a second facility level is assigned, the first facility is overridden. All applications defined for a device utilize the same facility on a server. The field default is Local 7. The possible field values are Local 0 - Local 7. Define the fields. Click Apply. The Log server is defined and the device is updated.
Configuring System Logs Figure 80: View Flash Log Page The View Flash Log Page and View Temporary Log Page list the following information: • Log Index —The log index number. • Log Time — The date and time that the log was entered. • Severity — The severity of the event for which the log entry was created. • Description — The event details. To clear memory logs: 1. Click Clear Logs. Logs are removed from the table. 2. Click Close. The Event Log Page is displayed.
Configuring Spanning Tree Configuring Classic Spanning Tree Section 9. Configuring Spanning Tree Spanning Tree Protocol (STP) provides tree topography for any arrangement of bridges. STP also provides a single path between end stations on a network, eliminating loops. Loops occur when alternate routes exist between hosts. Loops in an extended network can cause bridges to forward traffic indefinitely, resulting in increased traffic and reducing network efficiency.
Configuring Spanning Tree Configuring Classic Spanning Tree Defining STP Properties The Spanning Tree Page contains parameters for enabling and configuring STP on the device. To enable STP on the device: 1. Click Layer 2 > Spanning Tree. The Spanning Tree Page opens: Figure 81: Spanning Tree Page The STP General section of the Spanning Tree Page contains the following fields: • Spanning Tree State — Indicates whether STP is enabled on the device.
Configuring Spanning Tree Configuring Classic Spanning Tree • Path Cost Default Values — Specifies the method used to assign default path cost to STP ports. The possible field values are: – – Short — Specifies 1 through 65,535 range for port path cost. Long — Specifies 1 through 200,000,000 range for port path cost. This is the default value. The Bridge Settings section of the Spanning Tree Page contains the following fields: • Priority — Specifies the bridge priority value.
Configuring Spanning Tree Configuring Classic Spanning Tree Defining STP Interfaces Network administrators can assign STP settings to a specific interface (port or trunk) using the STP Interface Configuration Page. The Global trunks section displays the STP information for Link Aggregated Groups. To assign STP settings to an interface (port or trunk): 1. Click Layer 2 > Spanning Tree. The Spanning Tree Page opens. 2. Click Configure.
Configuring Spanning Tree Configuring Classic Spanning Tree • • • Port Fast — Indicates if Fast Link is enabled on the port. If Fast Link mode is enabled for a port, the Port State is automatically placed in the Forwarding state when the port link is up. Fast Link optimizes the STP protocol convergence. STP convergence can take 30-60 seconds in large networks. The possible values are: – – – Enable — Port Fast is enabled. – Disabled — Indicates that STP is currently disabled on the port.
Configuring Spanning Tree Configuring Classic Spanning Tree Figure 83: Spanning Tree Configuration Page In addition to the STP Interface Configuration Page, the port-level Spanning Tree Configuration Page contains the following fields: • Default Path Cost — Select if the default path cost of the port is automatically set by the port speed and the default path cost method. 5. Select Enable in the STP field. 6. Define the Port Fast, Enable Root Guard, Path Cost, Default Path Cost, and Priority fields. 7.
Configuring Spanning Tree Configuring Rapid Spanning Tree Configuring Rapid Spanning Tree While Classic STP prevents Layer 2 forwarding loops in a general network topology, convergence can take between 30-60 seconds. This time may delay detecting possible loops and propagating status topology changes. Rapid Spanning Tree Protocol (RSTP) detects and uses network topologies that allow a faster STP convergence without creating forwarding loops. To define RSTP on the device: 1. Click Layer 2 > RSTP.
Configuring Spanning Tree Configuring Rapid Spanning Tree • • • • • Mode — Displays the current STP mode. The STP mode is selected in the Spanning Tree Page. The possible field values are: – – STP — Classic STP is enabled on the device. – – Enable — Enables the device to establish point-to-point links. – Auto — Device automatically determines the state. Rapid STP — Rapid STP is enabled on the device.
Configuring Spanning Tree Configuring Multiple Spanning Tree Configuring Multiple Spanning Tree Multiple Spanning Tree Protocol (MSTP) provides differing load balancing scenarios. For example, while port A is blocked in one STP instance, the same port can be placed in the Forwarding state in another STP instance.
Configuring Spanning Tree Configuring Multiple Spanning Tree The MSTP Page contains the following fields: • Region Name — User-defined STP region name. • Revision — An unsigned 16-bit number that identifies the revision of the current MSTP configuration. The revision number is required as part of the MSTP configuration. The possible field range is 0-65535. • Max Hops — Specifies the total number of hops that occur in a specific region before the BPDU is discarded.
Configuring Spanning Tree Configuring Multiple Spanning Tree The MSTP Interface Settings Page contains the following fields: • Instance ID — Lists the MSTP instances configured on the device. The possible field range is 1-16. • Interface — Displays the specific interface for this page’s MSTP setting. The possible field values are: • • • • – – Port of Unit — Specifies the port for which the MSTP settings are displayed. – – Enabled — Indicates that STP is enabled on the port.
Configuring Spanning Tree Configuring Multiple Spanning Tree 3. 4. 5. 6. Define the fields. Click Apply. MSTP is defined for the selected interface. Click Save Config on the menu, to save changes permanently. To view the MSTP configurations of all interfaces, click Interface Table. The MSTP Interface Table is displayed. In the MSTP Interface Table, administrators can modify the Interface Priority and Path Cost of any interface.
Configuring Spanning Tree Configuring Multiple Spanning Tree Defining MSTP Instance Mappings Network administrators can assign MSTP mapping to a specific instance (port or trunk) using the MSTP Instance Mapping Page. To define MSTP interface mapping: 1. Click Layer 2 > MSTP. The MSTP Page opens. 2. Click Configure next to the Configure Instance Mapping option.
Configuring Spanning Tree Configuring Multiple Spanning Tree Defining MSTP Instance Settings MSTP maps VLANs into STP instances. Packets assigned to various VLANs are transmitted along different paths within Multiple Spanning Tree Regions (MST Regions). Regions are one or more Multiple Spanning Tree bridges by which frames can be transmitted. In configuring MSTP, the MST region to which the device belongs is defined. A configuration consists of the name, revision, and VLANs that belong to an instance.
Configuring Spanning Tree Configuring Multiple Spanning Tree 3. 4. 5. Define the fields. Click Apply. MSTP is defined for the selected instance, and the device is updated. The MSTP Page is displayed. Click Save Config on the menu, to save changes permanently.
Configuring Multicast Forwarding Section 10. Configuring Multicast Forwarding Multicast forwarding allows a single packet to be forwarded to multiple destinations. Layer 2 Multicast service is based on a Layer 2 switch receiving a single packet addressed to a specific multicast address. Multicast forwarding creates copies of the packet, and transmits the packets to the relevant ports.
Configuring Multicast Forwarding Configuring IGMP Snooping When IGMP Snooping is enabled globally, all IGMP packets are forwarded to the CPU. The CPU analyzes the incoming packets and determines: • • • Which ports want to join which Multicast groups. Which ports have Multicast routers generating IGMP queries. Which routing protocols are forwarding packets and Multicast traffic. Ports requesting to join a specific Multicast group issue an IGMP report, specifying that Multicast group is accepting members.
Configuring Multicast Forwarding • IGMP Snooping Status — Indicates if IGMP snooping is enabled on the VLAN. The possible field values are: – – • • • • • • • • 2. Enable — Enables IGMP Snooping on the VLAN. Disable — Disables IGMP Snooping on the VLAN. IGMP Querier Status — Indicates if the specific VLAN can operate as an IGMP Querier. The possible field values are: – – Enable — Enables IGMP Querying on the VLAN. – – IGMPv2 — Indicates that IGMP version 2 is enabled on the device.
Configuring Multicast Forwarding Figure 92: IGMP Configuration Page In addition to the IGMP Page, the IGMP Configuration Page contains the following field: • Immediate Leave — Host immediately times out after requesting to leave the IGMP group and not receiving a Join message from another station. – – 3. 4. 5. Checked — Host immediately times out. Unchecked — Host times out as specified in the Leave Timeout field. Define the fields. Select Reset as Default to use the default value. Click Apply.
Configuring Multicast Forwarding Figure 93: Multicast Group Page The Multicast Group Page contains the following fields: • Enable Bridge Multicast Filtering — Indicates if bridge Multicast filtering is enabled on the device. The possible field values are: – – • • • Checked — Enables Multicast filtering on the device. Unchecked — Disables Multicast filtering on the device. If Multicast filtering is disabled, Multicast frames are flooded to all ports in the relevant VLAN. Disabled is the default value.
Configuring Multicast Forwarding Figure 94: Add Multicast Group Page 4. 5. 6. Select the VLAN ID. Enter the Bridge Multicast MAC Address and the Bridge Multicast IP Address. Click Apply. The new Multicast group is saved and the device is updated. To modify a multicast group: 1. Click Modify. The Multicast Group Configuration Page opens: Figure 95: Multicast Group Configuration Page 2. 3. Define the fields. Click Apply. The Multicast Group is saved and the device is updated.
Configuring Multicast Forwarding Defining Multicast Forward All Settings Multicast forwarding enables transmitting packets from either a specific multicast group to a source, or from a nonspecific source to a Multicast group. The Bridge Multicast Forward All page contains fields for attaching ports or trunks to a device that is attached to a neighboring Multicast router/switch. Once IGMP Snooping is enabled, Multicast packets are forwarded to the appropriate port or VLAN.
Configuring Multicast Forwarding 2. 3. Select interfaces to modify. Click Modify. The Multicast Forward All Configuration Page opens: Figure 97: Multicast Forward All Configuration Page 4. 5. Define the Interface Status field. Click Apply. The Multicast Forward All settings are saved and the device is updated.
Configuring SNMP Section 11. Configuring SNMP Simple Network Management Protocol (SNMP) provides a method for managing network devices. Equipment commonly managed with SNMP includes switches, routers and host computers. SNMP is typically used to configure these devices for proper operation in a network environment, as well as to monitor them to evaluate performance or detect potential problems.
Configuring SNMP the MIBs. All parameters are manageable from any SNMP management platform, except the SNMP management station IP address and community (community name and access rights). The SNMP management access to the device is disabled if no community strings exist.
Configuring SNMP Enabling SNMP The SNMP Global Page provides fields for globally enabling and configuring SNMP on the device. To enable SNMP: 1. Click SNMP > Global. The SNMP Global Page opens: Figure 98: SNMP Global Page The SNMP Global Page contains the following fields: • Local Engine ID (9-64 Hex Characters) — Displays the engine number. • Use Default — Restores default SNMP settings, using the Local Engine ID. • Enable SNMP Notifications — Indicates if SNMP traps are enabled for the device.
Configuring SNMP Defining SNMP Communities Access rights are managed by defining communities in the SNMP Community Page. When the community names are changed, access rights are also changed. SNMP communities are defined only for SNMP v1 and SNMP v2c. Note The device switch is delivered with no community strings configured. To define SNMP communities: 1. Click SNMP > Community. The SNMP Global Page opens.
Configuring SNMP SNMP Communities Basic Table The SNMP Communities Basic Table contains the following fields: • Management Station — Displays the management station IP address for which the basic SNMP community is defined. 0.0.0.0 indicates all management station IP addresses. • Community String — Defines the community name used to authenticate the management station to the device.
Configuring SNMP • • Access Mode — Defines the access rights of the community. The possible field values are: – Read Only — Management access is restricted to read-only, and changes cannot be made to the community. – Read Write — Management access is read-write and changes can be made to the device configuration, but not to the community. – SNMP Admin — User has access to all device configuration options, as well as permissions to modify the community.
Configuring SNMP Figure 101:Community Configuration Page 3. 4. Define the Basic or Advanced configuration of the community. Click Apply. The SNMP community settings are modified, and the device is updated.
Configuring SNMP Defining SNMP Groups The SNMP Group Page provides information for creating SNMP groups, and assigning SNMP access control privileges to SNMP groups. Groups allow network managers to assign access rights to specific device features, or feature aspects. To define an SNMP group: 1. Click SNMP > Groups.
Configuring SNMP – – 2. Write — Management access is read-write and changes can be made to the assigned SNMP view. Notify — Sends traps for the assigned SNMP view. Click Add. The Add Group Page opens: Figure 103:Add Group Page 3. 4. Define the Group Name, Security Level, Security Model, and Operation. Click Apply. The new SNMP group is saved. To modify an SNMP group: 1. Click SNMP > Groups. The SNMP Group Page opens. 2. Click Modify.
Configuring SNMP Defining SNMP Users The SNMP Users Page enables assigning system users to SNMP groups, as well as defining the user authentication method. To define SNMP group membership: 1. Click SNMP > Users. The SNMP Users Page opens: Figure 105:SNMP Users Page The SNMP Users Page contains the following fields: • • • User Name — Contains a list of user-defined user names. The field range is up to 30 alphanumeric characters. Group Name — Contains a list of user-defined SNMP groups.
Configuring SNMP • Authentication — Displays the method used to authenticate users. The possible field values are: – – – 2. MD5 Key — Users are authenticated using the HMAC-MD5 algorithm. SHA Key — Users are authenticated using the HMAC-SHA-96 authentication level. MD5 Password — The HMAC-MD5-96 password is used for authentication. The user should enter a password. – SHA Password — Users are authenticated using the HMAC-SHA-96 authentication level. The user should enter a password.
Configuring SNMP • • 3. 4. Authentication Key — Defines the HMAC-MD5-96 or HMAC-SHA-96 authentication level. The authentication and privacy keys are entered to define the authentication key. If only authentication is required, 16 bytes are defined. If both privacy and authentication are required, 32 bytes are defined. Each byte in hexadecimal character strings is two hexadecimal digits. Each byte can be separated by a period or a colon. This field is available if the Authentication Method is a key.
Configuring SNMP Defining SNMP Views The SNMP views provide or block access to device features or portions of features. Feature access is granted via the MIB name or MIB Object ID. To define SNMP views: 1. Click SNMP > Views. The SNMP Views Page opens: Figure 108:SNMP Views Page The SNMP Views Page contains the following fields: • • • 2. View Name — Displays the user-defined views. The view name can contain a maximum of 30 alphanumeric characters.
Configuring SNMP Figure 109:Add SNMP VIew Page 3. 4. Define the View Name field. Select the Subtree ID Tree using one of the following options: – Select from List — Select the Subtree from the list provided. Pressing the Up and Down buttons allows you to change the priority by moving the selected subtree up or down in the list. – 5. Insert — Enables a Subtree not included in the Select from List field to be entered. Click Apply. The view is defined, and the device is updated.
Configuring SNMP Defining Notification Recipients The SNMP Notify Page contains fields for defining SNMP notification recipients. the page contains information for defining filters that determine whether traps are sent to specific users, and the trap type sent. SNMP notification filters provide the following services: • • • • Identifying Management Trap Targets Trap Filtering Selecting Trap Generation Parameters Providing Access Control Checks To configure SNMP notification recipients: 1.
Configuring SNMP SNMPv1,2c Notification Recipient The SNMP v1, v2c Recipient table contains the following fields: • Recipients IP — Displays the IP address to which the traps are sent. • Notification Type — Displays the type of notification sent. The possible field values are: – – • • • Inform — Indicates that informs are sent. Community String — Displays the community string of the trap manager. Notification Version — Displays the trap type.
Configuring SNMP Figure 111: Add Notify Page 3. 4. 5. Define the relevant fields. Click Apply. The notification recipient settings are saved and the device is updated. Click Save Config on the menu to save the changes permanently. To modify notification settings: 1. 2. Click SNMP > Notify. The SNMP Notify Page opens. Select an entry from one of the tables and click Modify. The SNMP Notify Configuration Page opens.
Configuring SNMP Figure 112: SNMP Notify Configuration Page 3. 4. 5. Define the fields. Click Apply. The SNMP Notification configuration is modified, and the device is updated. Click Save Config on the menu to save the changes permanently.
Configuring SNMP Defining Notification Filters The SNMP Notification Filter Page permits filtering traps based on OIDs. Each OID is linked to a device feature or a portion of a feature. The SNMP Notification Filter Page also allows network managers to filter notifications. To configure SNMP notification filters: 1. Click SNMP > Notify. The SNMP Notify Page opens. 2. Click Configure next to Configure Notification Filters.
Configuring SNMP To add an SNMP notification filter: 1. Click the Add button. The Add SNMP Notification Filter Page opens: Figure 114: Add SNMP Notification Filter Page The Add SNMP Notification Filter Page contains the following fields: • • Filter Name — Contains a list of user-defined notification filters. Subtree ID Tree — Displays the OID for which notifications are sent or blocked. If a filter is attached to an OID, traps or informs are generated and sent to the trap recipients.
Configuring Power Over Ethernet Section 12. Configuring Power Over Ethernet This section describes configuring Power over Ethernet (PoE) for an AT-S95 device. PoE only applies to the ATS95/24POE and AT-S95/48POE device. Power-over-Ethernet (PoE) provides power to devices over existing LAN cabling, without updating or modifying the network infrastructure. Power-over-Ethernet removes the necessity of placing network devices next to power sources.
Configuring Power Over Ethernet Figure 115: Power Over Ethernet Page The Power Over Ethernet Page contains the following fields: Global PoE Configuration • Power Threshold — Indicates the percentage of power consumed before an alarm is generated. The value range is 1-99 percent; the default value is 95 percent. If maximum power available is 375 W, and the power threshold is 95%, the threshold is exceeded when the PoE devices require more than 356.25 W.
Configuring Power Over Ethernet Defining Power Over Ethernet Configuration To modify PoE port settings: 1. In the Power Over Ethernet Page Zoom View, click the port(s) to modify. The port indication changes to Port is selected. 2. Click Modify.
Configuring Power Over Ethernet – Fault — Indicates one of the following: – The powered device test has failed. For example, a port could not be enabled and cannot be used to deliver power to the powered device. – The device has detected a fault on the powered device. For example, the powered device memory could not be read. – 3. 4. 5. Test — Indicates the powered device is being tested. For example, a powered device is tested to confirm it is receiving power from the power supply.
Configuring Services Section 13. Configuring Services This section describes Quality of Service related configurations. QoS supports activating one of the following Trust settings: • • • VLAN Priority Tag DiffServ Code Point None Only packets that have a Forward action are assigned to the output queue, based on the specified classification.
Configuring Services Enabling Class of Service (CoS) The CoS Page enables configuring the CoS ports or trunks on the device. To configure CoS ports or trunks on the device: 1. Click Services > CoS. The CoS Page opens: Figure 117: CoS Page As a default the CoS Page opens displaying the port options. The fields are identical when displaying the trunk CoS. The CoS Page contains the following fields: • • Enable QoS Mode — Indicates if QoS is enabled on the device.
Configuring Services • • • • 2. 3. 4. Select the interfaces displayed in the table. – – Ports of Unit — Specifies the port and stacking member for which the CoS configuration is displayed. – – Checked — Restores the factory CoS defaults on the interface. Trunk — Specifies the trunk for which the CoS configuration is displayed. Interface — Displays the interface number. Default CoS— Determines the default CoS value for incoming packets for which a VLAN tag is not defined.
Configuring Services Configuring CoS Queueing and Scheduling The CoS Queuing & Scheduling Page provides fields for configuring CoS Priority to Egress Queues and for defining Egress Weights. The queue settings are set system-wide. To define schedule and queue settings for Quality of Service: 1. Click Services > Queuing & Scheduling.
Configuring Services Mapping CoS Values to Queues The Configure CoS Page contains fields for classifying CoS settings to traffic queues. To set CoS to queue: 1. Click Services > Queuing & Scheduling. The CoS Queuing & Scheduling Page opens: 2. In the Configure Priority to Egress Queues section, select Configure CoS. 3. Click Configure.
Configuring Services Mapping DSCP Values to Queues The Configure DSCP Page contains fields for classifying DSCP settings to traffic queues. For example, a packet with a DSCP tag value of 3 can be assigned to queue 2. To set DSCP to queues: 1. Click Services > Queuing & Scheduling. The CoS Queuing & Scheduling Page opens: 2. In the Configure Priority to Egress Queues section, select Configure DSCP. 3. Click Configure.
Configuring Services The Configure DSCP Page contains the following fields: • Restore Defaults — Restores the device factory defaults for mapping DSCP values to a forwarding queue. • DSCP In — Displays the incoming packet’s DSCP value. • Queue — Defines the traffic forwarding queue to which the DSCP priority is mapped. Four traffic priority queues are supported. 4. Modify the Queue values. 5. Click Apply. The DSCP to Queue mapping is updated. 6.
Configuring Services As a default the Bandwidth Page opens displaying the port options. The fields are identical when displaying the trunk CoS. The Bandwidth Page contains the following fields: • Select the interfaces displayed in the table. • • • – – Ports of Unit — Specifies the port and stacking member for which the bandwidth settings are displayed. – – Status — Enables or disables rate limiting for ingress interfaces. Disable is the default value.
System Utilities Section 14. System Utilities The configuration file structure involves the following configuration files: • Startup Configuration File — Contains the commands required to reconfigure the device to the same settings as when the device is powered down or rebooted. The Startup file is created by copying the configuration commands from the Running Configuration file or the Backup Configuration file.
System Utilities Restoring the Default Configuration in the System Utilities Page, the Reset to Factory Defaults function restores the Configuration file to factory defaults during device reset. When this option is not selected, the device maintains the current Configuration file. To restore the default system configuration: 1. Click Utilities > System Utilities.
System Utilities 2. 3. Select the After Reset image file. Click Apply (below the table). The factory defaults are restored, and the device is updated. The device reboots. Defining TFTP File Uploads and Downloads The File System Page contains parameters for system uploads and downloads and for copying firmware and configuration files. To define file upload and download settings: 1.
System Utilities If the TFTP Operation is Configuration, the possible values are: – – Running Configuration — Contains the configuration currently valid on the device. Starting Configuration — Contains the configuration which will be valid following system startup or reboot. Note The configuration file is copied only to the Master Unit, since this unit controls the entire stack.
System Utilities Viewing Integrated Cable Tests The Cable Test Page contains fields for performing tests on copper cables. Cable testing provides diagnostic information about where errors occurred in the cable, the last time a cable test was performed, and the type of cable error that occurred. The tests use Time Domain Reflectometry (TDR) technology to test the quality and characteristics of a copper cable attached to a port. Cables up to 120 meters long can be tested.
System Utilities • Cable Length — Indicates the approximate cable length. This test can only be performed when the port is up and operating at 1 Gbps. 2. 3. 4. Select the Unit Number, and the Port. Click Test. The cable test is performed. Click Advanced. The Cable Test Configuration Page opens, and the copper cable test results are displayed.
System Utilities Viewing Optical Transceivers The Optical Transceivers Page allows network managers to perform tests on Fiber Optic cables. Optical transceiver diagnostics can be performed only when the link is present. To view transceiver diagnostics: 1. Click Utilities > Optical Transceivers. The Optical Transceivers Page opens: Figure 128:Optical Transceivers Page The Optical Transceivers Page contains the following fields: • Unit No.
System Utilities Resetting the Device The Reset page enables the user to reset the system. Save all changes to the Running Configuration file before resetting the device. This prevents the current device configuration from being lost. To reset the device: 1. Click Utilities > Reset. The Reset Page opens. Figure 129:Reset Page 2. Select the Reset Unit No. The possible values are: 1 — Reset the Master unit. – – – 3. 4. 2 — Reset the Backup unit. Stack — Reset all stacking members. Click Reset.
Viewing Statistics Viewing Device Statistics Section 15. Viewing Statistics The device provides statistics for RMON, interfaces, and Etherlike. This section contains the following topics: • • Viewing Device Statistics Managing RMON Statistics Viewing Device Statistics This section contains the following topics: • • Viewing Interface Statistics Viewing Etherlike Statistics Viewing Interface Statistics The Interface Statistics Page contains statistics for both received and transmitted packets.
Viewing Statistics Viewing Device Statistics The Interface Statistics Page contains the following fields: • Select the interfaces displayed in the table. • – – – Unit No. — Indicates the stacking member for which the interface statistics are displayed. – – – – No Refresh — Indicates that the Interface statistics are not refreshed. Port — Specifies the port for which the interface statistics are displayed. Trunk — Specifies the trunk for which the interface statistics are displayed.
Viewing Statistics Viewing Device Statistics Viewing Etherlike Statistics The Etherlike Statistics Page displays interface statistics. To view Etherlike statistics: 1. Click Statistics > Etherlike. The Etherlike Statistics Page page opens: Figure 131:Etherlike Statistics Page The Etherlike Statistics Page contains the following fields: • Select the interfaces displayed in the table. – – – • • • Port — Specifies the port for which the Etherlike statistics are displayed.
Viewing Statistics Viewing Device Statistics • • • • • 2. Excessive Collisions — Displays the number of excessive collisions received on the selected interface. Oversize Packets — Displays the number of oversized packet errors on the selected interface. Internal MAC Receive Errors — Displays the number of internal MAC received errors on the selected interface. Received Pause Frames — Displays the number of received paused frames on the selected interface.
Viewing Statistics Managing RMON Statistics Managing RMON Statistics This section contains the following topics: • • • • Viewing RMON Statistics Configuring RMON History Configuring RMON Events Defining RMON Alarms Viewing RMON Statistics The RMON Statistics Page contains fields for viewing information about device utilization and errors that occurred on the device. The RMON Statistics Page contains statistics for both received and transmitted packets. To view RMON statistics: 1.
Viewing Statistics Managing RMON Statistics • Refresh Rate — Defines the frequency of the RMON statistics updates. The possible field values are: – – – – • • • • • • • • • • • No Refresh — Indicates that the RMON statistics are not refreshed. 15 Sec — Indicates that the RMON statistics are refreshed every 15 seconds. 30 Sec — Indicates that the RMON statistics are refreshed every 30 seconds. 60 Sec — Indicates that the RMON statistics are refreshed every 60 seconds.
Viewing Statistics Managing RMON Statistics Configuring RMON History The RMON History Page contains information about samples of data taken from ports. For example, the samples may include interface definitions or polling periods. To view RMON history information: 1. Click Statistics > RMON History. The RMON History Page opens: Figure 133:RMON History Page The RMON History Page contains the following fields: • • History Entry No. — Displays the history control entry number.
Viewing Statistics Managing RMON Statistics 2. Click Add. The Add RMON History Page opens: Figure 134:Add RMON History Page In addition to the RMON History Page, the Add RMON History Page contains the following fields: • 3. 4. Max No. of Samples to Keep — Defines the maximum number of samples that the device saves. The field range is 1-65535. The default value is 50. Define the Source Interface, Owner, Max. No. of Samples to Keep, and Sampling Interval fields. Click Apply.
Viewing Statistics Managing RMON Statistics Viewing the RMON History Table The RMON History Table Page contains interface specific statistical network samplings. Each table entry represents all counter values compiled during a single sample. To view the RMON History Table: 1. Click Statistics > RMON History. The RMON History Page opens. 2. Click View. The RMON History Table Page opens: Figure 136:RMON History Table Page The RMON History Table Page contains the following fields: • • History Entry No.
Viewing Statistics Managing RMON Statistics • • • CRC Align Errors — Displays the number of CRC and Align errors that have occurred on the interface since the device was last refreshed. Undersize Packets — Displays the number of undersized packets (less than 64 octets) received on the interface since the device was last refreshed. Oversize Packets — Displays the number of oversized packets (over 1518 octets) received on the interface since the device was last refreshed.
Viewing Statistics Managing RMON Statistics Configuring RMON Events The RMON Events Page contains fields for defining, modifying and viewing RMON events statistics. To add an RMON event: 1. Click Statistics > RMON Events. The RMON Events Page opens: Figure 137:RMON Events Page The RMON Events Page contains the following fields: • Event Entry — Displays the event. • Community — Displays the community to which the event belongs. • Description — Displays the user-defined event description.
Viewing Statistics Managing RMON Statistics Figure 138:Add RMON Events Page 3. 4. Define the Community, Description, Type and Owner fields. Click Apply. The event entry is added and the device is updated. To modify the RMON Event entry settings: 1. Click Statistics > RMON Events. The RMON Events Page opens. 2. Click Modify. The RMON Events Configuration Page opens: Figure 139:RMON Events Configuration Page 3. 4. Select an event entry and define the fields for the entry. Click Apply.
Viewing Statistics Managing RMON Statistics Viewing the RMON Events Logs The RMON Events Logs Page contains interface specific statistical network samplings. Each table entry represents all counter values compiled during a single sample. To view the RMON Events Table: 1. Click Statistics > RMON Events. The RMON Events Page opens. 2. Click View.
Viewing Statistics Managing RMON Statistics Defining RMON Alarms The RMON Alarm Page contains fields for setting network alarms. Network alarms occur when a network problem, or event, is detected. Rising and falling thresholds generate events. To set RMON alarms: 1. Click Statistics > RMON Alarm. The RMON Alarm Page opens: Figure 141:RMON Alarm Page The RMON Alarm Page contains the following fields: • Alarm Entry — Indicates a specific alarm. • Counter Name — Displays the selected MIB variable.
Viewing Statistics Managing RMON Statistics • • • Rising Event — Displays the event that triggers the specific alarm. The possible field values are userdefined RMON events. Falling Threshold — Displays the falling counter value that triggers the falling threshold alarm. Falling Event — Displays the event that triggers the specific alarm. The possible field values are userdefined RMON events. Startup Alarm — Displays the trigger that activates the alarm generation.
Viewing Statistics Managing RMON Statistics Figure 143:Alarm Configuration Page 3. 4. Define the fields. Click Apply. The RMON alarm is saved, and the device is updated.
Managing Stacking Stacking Overview Section 16. Managing Stacking This section describes the stacking control management and includes the following topics: • • Stacking Overview Configuring Stacking Management Stacking Overview Stacking provides multiple switch management through a single point as if all stack members are a single unit. All stack members are accessed through a single IP address through which the stack is managed.
Managing Stacking Stacking Overview Stacking Chain Topology In a chain topology, there are two units that have only one neighbor. Every unit has an uplink neighbor and a downlink neighbor. The chain topology is less robust than the ring topology. A failure in the chain results in a topology change to the stack. The location of the failure determines the severity of this topology change. The chain topology also acts as a fail-safe for the ring topology.
Managing Stacking Stacking Overview Each port in the stack has a specific Unit ID, port type, and port number, which are part of both the configuration commands and the configuration files.
Managing Stacking Configuring Stacking Management Configuring Stacking Management The Stacking Page allows network managers to either reset the entire stack or a specific device. Device configuration changes that are not saved before the device is reset are not saved. If the Stacking Master is reset, the entire stack is reset. In addition, Unit IDs can be changed on the Stacking Page. To configure stack control: 1. Click Mgmt. Protocols > Stacking.
System Defaults Appendix A.
System Defaults RS-232 Port Settings RS-232 Port Settings The following table contains the RS-232 port setting defaults: Data Bits 8 Stop Bits 1 Parity None Flow Control None Baud Rate 115,200 bps Port Defaults The following are the port defaults: Auto Negotiation Enabled Auto Negotiation advertised capabilities Enabled Auto MDI/MDIX Enabled Head of Line Blocking Enabled Back Pressure Disabled Flow Control Disabled Cable Analysis Disabled Optical Transceiver Analysis Disabled Ma
System Defaults Configuration Defaults Configuration Defaults The following are the initial device configuration defaults: Default User Name manager Default Password friend System Name None Comments None BootP Enabled DHCP Disabled Security Defaults The following are the system security defaults: Locked Ports Disabled 802.
System Defaults Spanning Tree Defaults Spanning Tree Defaults The following are the spanning tree defaults: STP Enabled STP Port Disabled Rapid STP Enabled Multiple STP Disabled Fast Link Disabled Path Cost Long Address Table Defaults The following the Address Table defaults: Number of MAC Entries 8,000 MAC Address Aging Time 300 seconds VLAN-Aware MACbased Switching Enabled VLAN Defaults The following are the VLAN defaults: Possible VLANs 256 GVRP Disabled Management VLAN VLAN 1
System Defaults Trunking Defaults Trunking Defaults The following are the trunking defaults: Possible Trunks 8 Possible Ports per Trunk 8 LACP Ports/Trunk 16 Multicast Defaults The following are the Multicast defaults: IGMP Snooping Disable Maximum Multicast Groups 256 QoS Defaults The following are the QoS defaults: QoS Mode Disable Queue Mapping Cos Queue 0 2 1 1 2 1 3 2 4 3 5 3 6 4 7 4 DSCP Queue 1 0-15 2 16-31 3 32-47 4 48-63 Page 195
Downloading Software with CLI Connecting a Terminal Appendix B. Downloading Software with CLI This section describes how to download system files using the Command Line Reference (CLI), and includes the following topics: • • • Connecting a Terminal Initial Configuration Downloading Software Connecting a Terminal Before connecting a device, ensure that the device has been installed according to the instructions described in the Allied Telesis AT-S95 Installation Guide.
Downloading Software with CLI Initial Configuration Initial Configuration Before a device can download system software, the device must have an initial configuration of IP address and network mask.
Downloading Software with CLI Downloading Software To check the configuration, enter the command “show ip interface” as illustrated in the following example. Console# show ip interface Proxy ARP is disabled IP Address I/F Type Broadcast Directed ------------ ------ ------ --------- 100.101.101.101/24 vlan 1 static disable User Name A user name is used to manage the device remotely, for example through SSH, Telnet, or the Web interface.
Downloading Software with CLI Downloading Software 2. Enter the copy command to download the boot file. Console# copy tftp://172.16.101.101/file2.rfb boot Accessing file 'file2' on 172.16.101.101... Loading file1 from 172.16.101.
Downloading Software with CLI Downloading Software 5. Enter the “copy” command to download the system file. Console# copy tftp://172.16.101.101/file1.ros image Accessing file 'file1' on 172.16.101.101... Loading file1 from 172.16.101.
Downloading Software with CLI Downloading Software Stacking Member Software Download Ensure the stack has been correctly connected as described in the Allied Telesis AT-S95 Installation Guide. Downloading software to Stacking Members can be performed in the following ways: • Download the software to an individual device in the stack. In this example the software is downloaded to the device defined as Stacking Member number 3. Download the software to all devices in the stack.
Downloading Software with CLI Downloading Software 5. Enter the “copy” command to download the system file. Console# copy tftp://172.16.101.101/file1.ros unit://3/image Accessing file 'file1' on 172.16.101.101... Loading file1 from 172.16.101.
Index Index D Daylight saving time 21 Daylight Saving Time (DST) 21 Daylight Saving Time configuration broadcast time 21 DST per country 22 parameters 21 Debug 104 Default gateway 18 Delta 184 device management methods 26, 28 DHCP 18 DHCP database 73 DHCP Snooping 68, 73 General Settings 68 Option 82 68, 69 VLANs 70 DHCP snooping 69 DSCP 156, 158, 161 Dynamic Host Configuration Protocol (DHCP) 17 Symbols 802.
Index Multiple Spanning Tree Protocol (MSTP) 116 Guest VLAN 50 GVRP 99 configuration 98 GVRP configuration 98, 99 N Notice 103 Notifications 133, 146 H Host 101 HTTP 28, 37 O I Object ID 143 Offset 20, 21 Option 82 68, 69 IGMP 124 IGMPv1 and 2 124 IGMPv3 124 Informational 104 interface configuration access profiles 26 Internet Group Management Protocol (IGMP) 123 IP Addresses 17 IP Base ACL 60 J Jabbers 180 L LACP 83, 85, 87, 88 Learning mode 49 Line passwords 46 Local Engine ID 133 Login authenti
Index T RSTP 114 Rules 28 S Samples 177 Scheduling 158 Secure HTTP 28, 37 Secure Telnet 28 Secure telnet 36 security 802.
