SS2R24G4i/SS2R48G4i SS2R24G4i, SS2R48G4i Layer 2/Layer4 Managed Fast Ethernet Switch USER MANUAL Version 1.
SS2R24G4i/SS2R48G4i Trademarks Copyright ©2009 Amer.com. Contents subject to change without prior notice. Copyright Statement No part of this publication may be reproduced in any form or by any means or used to make any derivative such as translation, transformation, or adaptation without permission, as stipulated by the United States Copyright Act of 1976. Technical Support Contact www.amer.com/support support@amer.com info@amer.
SS2R24G4i/SS2R48G4i Caution Circuit devices are sensitive to static electricity, which can damage their delicate electronics. Dry weather conditions or walking across a carpeted floor may cause you to acquire a static electrical charge. To protect your device, always z Touch the metal chassis of your computer to ground the static electrical charge before you pick up the circuit device. z Pick up the device by holding it on the left and right edges only.
SS2R24G4i/SS2R48G4i Preface SS2R24/48G4i switch is a high performance Ethernet switch which has wire-speed Layer 2 switching capacity. The switch can seamlessly support various network interfaces from 10Mb, 100Mb, 1000Mb Ethernets. We strongly recommend you to read through this manual carefully before installation and configuration to avoid possible damage to the switch and malfunction.
SS2R24G4i/SS2R48G4i CONTENTS Chapter 1 Switch Overview _______________________________ 1 1.1 BRIEF INTRODUCTION ________________________________________ 1 1.1.1 Overview ________________________________________________ 1 1.1.2 Features and Benefits ______________________________________ 2 1.1.3 Main Features ____________________________________________ 3 1.2 TECHNICAL SPECIFICATIONS ____________________________________ 4 1.3 PHYSICAL SPECIFICATIONS _____________________________________ 5 1.
SS2R24G4i/SS2R48G4i 4.1.1 Out-of-band Management __________________________________ 20 4.1.2 In-band Management _____________________________________ 23 4.2 MANAGEMENT INTERFACE _____________________________________ 26 4.2.1 CLI Interface ____________________________________________ 27 4.2.2 Web Interfac ____________________________________________ 32 Chapter 5 Basic Switch Configuration_______________________ 34 5.1 BASIC SWITCH CONFIGURATION COMMANDS _______________________ 34 5.1.
SS2R24G4i/SS2R48G4i 5.6.3 System Log Configuration Example __________________________ 64 5.6.4 System Log troubleshooting ________________________________ 64 5.7 CLASSIFIED CONFIGURATION __________________________________ 66 5.7.1 Introduction of Classified Configuration _______________________ 66 5.7.2 Configure the Classified Configuration ________________________ 66 5.8 PORT ISOLATION___________________________________________ 66 5.8.
SS2R24G4i/SS2R48G4i 9.1 INTRODUCTION TO VLAN_____________________________________ 86 9.2 VLAN CONFIGURATION ______________________________________ 87 9.2.1 VLAN Configuration Task List _______________________________ 87 9.2.2 Typical VLAN Application ___________________________________ 89 9.3 DOT1Q-TUNNEL CONFIGURATION _______________________________ 90 9.3.1 Dot1q-tunnel Introduction _________________________________ 90 9.3.2 Configuration Task Sequence Of Dot1q-Tunnel __________________ 91 9.3.
SS2R24G4i/SS2R48G4i 13.1 DCSCM INTRODUCTION ___________________________________ 111 13.2 DCSCM CONFIGURATION __________________________________ 111 13.2.1 DCSCM Configuration Task Sequence _______________________ 111 13.3 DCSCM TYPICAL EXAMPLES _________________________________ 114 13.4 DCSCM TROUBLESHOOTING ________________________________ 115 13.4.1 DCSCM Debug and Monitor Command ______________________ 115 13.4.2 11.4.2 DCSCM Troubleshooting ___________________________ 116 Chapter 14 802.
SS2R24G4i/SS2R48G4i 17.1 INTRODUCTION TO PORT CHANNEL ____________________________ 149 17.2 PORT CHANNEL CONFIGURATION ______________________________ 150 17.2.1 Port Channel Debug and Monitor Command __________________ 150 17.3 PORT CHANNEL EXAMPLE ___________________________________ 151 17.4 PORT CHANNEL TROUBLESHOOTING ____________________________ 153 17.4.1 Debug and Monitor Command ____________________________ 153 17.4.
SS2R24G4i/SS2R48G4i 22.1.1 QoS Terms____________________________________________ 174 22.1.2 QoS Implementation ____________________________________ 175 22.1.3 Basic QoS Model _______________________________________ 175 22.2 QOS CONFIGURATION _____________________________________ 176 22.2.1 QoS Configuration Task List ______________________________ 176 22.3 QOS EXAMPLE __________________________________________ 179 22.4 QOS TROUBLESHOOTING ___________________________________ 181 22.4.
SS2R24G4i/SS2R48G4i Chapter 1 Switch Overview 1.1 Brief Introduction Fig 1-1 SS2R24G4i switch Fig 1-2 SS2R48G4i switch 1.1.1 Overview The SS2R24/48G4i switch Intelligent Stackable Secure Ethernet Access Switch can not only be utilized in large-scale enterprise networks,campus networks and metropolitan area networks as access equipment, but also can meet the demand for network of medium-scale office environment.
SS2R24G4i/SS2R48G4i of switch has unique network access functions and flexible management of network, including MAC binding/filtering, limiting the total number of Mac addresses, IEEE802.1Q VLAN, PVLAN, IEEE802.1x access authentication, QoS, ACL, bandwidth control, IEEE802.3ad TRUNK, IGMP Snooping, broadcast storm control, IEEE802.1d/w spanning tree, port mirroring and so on. 1.1.
SS2R24G4i/SS2R48G4i TRUNK The switch supports IEEE802.3ad standard TRUNK. It can also realize link redundancy and traffic load balance. IGMP Snooping The switch supports multicast applications which are based on IGMP Snooping mechanism, and as a result, it can realize all kinds of multicast services, diminish the network traffic and meet the requirement of multicast services like multimedia playing, remote teaching and entertainment.
SS2R24G4i/SS2R48G4i Can update the firmware using TFTP/FTP. Can be fixed in a standard 19-inch frame. 1.2 Technical specifications Protocols and Standards IEEE802.3 10BASE-T Ethernet IEEE802.3u 100BASE-TX/FX Fast Ethernet IEEE802.3x Flow control IEEE802.1x access control IEEE802.1D/w Spanning Tree IEEE802.1p Class of Service IEEE802.1Q VLAN IEEE802.
SS2R24G4i/SS2R48G4i 1.3 Physical Specifications SS2R24G4I/SS2R48G4I SS2R48G4I/52C 2.25KG 3KG 440×171.2×43 440×229×44 weight Dimension (mm) Operating Temperature Storage Temperature Relative humidity AC Power Input 0°C~50°C -40°C~70°C 10%~90%,with no condensate 100~240VAC,50~60Hz Power Consumption Mean Time Before Failure 30W Max 80,000 Hours Table1-1 SS2R24/48G4i switch switch physical specification 1.4 Product appearance 1.4.
SS2R24G4i/SS2R48G4i Fig 1-5 SS2R24G4i back panel view Fig 1-6 SS2R48G4i back panel view 1.4.3 Status LEDs The LEDs of SS2R24/48G4i switch switch include PWR, DIAG, Link/Act and 1000M. The LEDs are located on the front panel for easy viewing and shown below Fig 1-7 SS2R24G4i switch LEDs Description of LEDs LED Sstate Description Link/ACT Blink The port is successfully linked and is sending /receiving data right now. Off The state of the port is down.
SS2R24G4i/SS2R48G4i DIAG Green,blink The program is initializing. On The program has been initialized successfully. yellow,blink The initialization of the program has failed. Table1-2 Description of LEDs in SS2R24G4i/SS2R48G4i Switch SS2R48G4iswitch does not have the 1000M LED. The Link/ACT LED of its 100M port is above the corresponding port, while the Link/ACT iLED of its 1000M port is on the right of the corresponding port.
SS2R24G4i/SS2R48G4i Chapter 2 Hardware Installation 2.1 Installation Notice To ensure the proper operation of SS2R24/48G4i switch and your physical security, please read carefully the following installation guide. 2.1.1 Environmental Requirements The switch must be installed in a clean area. Otherwise, the switch may be damaged by electrostatic adherence. Maintain the temperature within 0 to 50 °C and the humidity within 5% to 95%, non-condensing.
SS2R24G4i/SS2R48G4i NH3 0.05 0.15 Cl2 0.01 0.3 Table 2-2 Environmental Requirements Particles 2.1.1.2 Temperature and Humidity As the switch is designed to no fan, it’s physical heat-away ,the site should still maintain a desirable temperature and humidity. High-humidity conditions can cause electrical resistance degradation or even electric leakage, degradation of mechanical properties and corrosion of internal components.
SS2R24G4i/SS2R48G4i Improper power supply system grounding, extreme fluctuation of the input source and transients (or spikes) can result in larger error rate, or even hardware damage! 2.1.1.4 Preventing Electrostatic Discharge Damage Static electric discharges can cause damage to internal circuits, even the entire switch.
SS2R24G4i/SS2R48G4i installation materials and tools are prepared. And make sure the installation site is well prepared. During the installation, users must use the brackets and screws provided in the accessory kit. Users should use the proper tools to perform the installation. Users should always wear antistatic uniform and ESD wrist straps. Users should use standard cables and connecters. After the installation, users should clean the site.
SS2R24G4i/SS2R48G4i z RJ-45 pin Table 2-4 The required tools and utilities 2.3 Hardware Installation 2.3.1 Installing the Switch Please mount SS2R24/48G4i switch on the 19’’ rack as below Fig 2-1 SS2R24/48G4i switch Rack-mounting 1. Attach the 2 brackets on the SS2R24/48G4i switch with screws provided in the accessory kit. 2. Put the bracket-mounted switch smoothly into a standard 19’’ rack. Fasten the SS2R24/48G4i switch to the rack with the screws provided.
SS2R24G4i/SS2R48G4i listed below Fig 2-2 Connecting Console to SS2R24/48G4i switch 1. Find the console cable provided in the accessory kit. Attach the Mini-USB end to console port of the switch. 2. Connect the other side of the console cable to a character terminal (PC). 3. Power on the switch and the character terminal. Configure the switch through the character terminal. Caution! Please use the console cable and the console commutator of the switch.Don’t insert in error to avoid break. 2.3.
SS2R24G4i/SS2R48G4i 14
SS2R24G4i/SS2R48G4i Chapter 3 Setup Configuration Setup configuration refers to the initial operation to the switch after the user purchases the switch. For first-time users of the SS2R24/48G4i switch, this chapter provides a very practical instruction. When using the CLI (command line interface), the user can type setup under admin mode to enter the Setup configuration interface. 3.
SS2R24G4i/SS2R48G4i 3.3.2 Configuring Vlan1 Interface Select “1” in the Setup main menu and press Enter to start configuring the Vlan1 interface Config Interface-Vlan1 [0] Config interface-Vlan1 IP address [1] Config interface-Vlan1 status [2] Exit Selection number Select “0” in the Vlan1 interface configuration menu and press Enter, the following screen appears Please input interface-Vlan1 IP address (A.B.C.
SS2R24G4i/SS2R48G4i 3.3.4 Configuring Web Server Select “3” in the Setup main menu and press Enter to start configuring the Web server, the follow appears Configure web server [0] Add webuser [1] Config web server status [2] Exit Selection number Select “0” in the Web server configuration menu and press Enter, the following screen appears Please input the new web user name Note the valid username length is 1 to 16 characters.
SS2R24G4i/SS2R48G4i Please input the read-write access community string[private] Note the valid length for a read-write access community string is 1 to 255 characters, the default value is “private”. When a valid read-write access community string is entered, pressing Enter returns you to the SNMP configuration menu.
SS2R24G4i/SS2R48G4i Selecting “6” in the Setup main menu exits the Setup configuration mode and saves the configurations made. This is equivalent to running the Write command. For instance, if under the Setup configuration mode, the user sets a Telnet user and enables Telnet service, and selects “5” to exit Setup main menu. He/She will be able to configure the switch through Telnet from a terminal. When exiting the Setup configuration mode, the CLI configuration interface appears.
SS2R24G4i/SS2R48G4i Chapter 4 Switch Management 4.1 Management Options After purchasing the switch, the user needs to configure the switch for network management. SS2R24/48G4i switch provides two management options in-band management and out-of-band management. 4.1.1 Out-of-band Management Out-of-band management is the management through Console interface. Generally, the user will use out-of-band management for the initial switch configuration, or when in-band management is not available.
SS2R24G4i/SS2R48G4i Open the HyperTerminal included in Windows after the connection established. 1) Click Start menu - All Programs – Accessories – Communication - HyperTerminal. 2)Type a name for opening HyperTerminal, such as “Switch_A”. Fig 4-2 Opening HyperTerminal 3)In the “Connecting with” drop-list, select the RS-232 serial port used by the PC, e.g. COM1, and click “OK”.
SS2R24G4i/SS2R48G4i Fig 4-4 Opening HyperTerminal Step 3 Entering switch CLI interface Power on the switch. The following appears in the HyperTerminal windows, that is the CLI configuration mode for Testing RAM... 67,108,864 RAM OK. Initializing... Booting...... Starting at 0x10000... Current time is MON JAN 01 00 00 00 2001 SS2R24G4I Series Switch Operating System SoftWare Version RS-5200-28_1.2.17.0 NOS Version NOS_5.1.35.47 Copyright (C) 2001-2007 AMER. COM http //www.amer.
SS2R24G4i/SS2R48G4i 4.1.2 In-band Management In-band management refers to the management by logging into the switch using Telnet. In-band management enables the function of managing the switch for some devices attached to the switch. In the case when in-band management fails due to switch configuration changes, out-of-band management can be used for configuring and managing the switch. 4.1.2.
SS2R24G4i/SS2R48G4i below. Before in-band management, the switch must be configured with an IP address by out-of-band management (i.e. Console mode), The configuration commands (All switch configuration prompts are assumed to be “switch” hereafter if not otherwise specified) Switch> Switch>en Switch#config Switch(Config)#interface vlan 1 Switch(Config-If-Vlan1)#ip address 10.1.128.251 255.255.255.
SS2R24G4i/SS2R48G4i Fig 4-7 Telnet Configuration Interface 4.1.2.2 Management via HTTP To manage the switch via HTTP, the following conditions should be meet 1) Switch has an IP address configured; 2) The host IP address and the switch’s VLAN interface IP address is in the same network segment. 3) If not 2), Telnet client can connect to an IP address of the switch via other devices, such as a router.
SS2R24G4i/SS2R48G4i Fig 4-8 Run HTTP Protocol Step 3 Logon to the switch To logon to the HTTP configuration interface, valid login user name and password are required; otherwise the switch will reject HTTP access. This is a method to protect the switch from the unauthorized access.
SS2R24G4i/SS2R48G4i 4.2.1 CLI Interface CLI interface is familiar to most users. As aforementioned, out-of-band management and Telnet login are all performed through CLI interface to manage the switch. CLI Interface is supported by Shell program, which consists of a set of configuration commands. Those commands are categorized according to their functions in switch configuration and management. Each category represents a different configuration mode.
SS2R24G4i/SS2R48G4i 4.2.1.1.2 Admin Mode When enable command is used under User Mode,To Admin Mode sees the following In user entry system, if as Admin user, it is defaulted to Admin Mode. Admin Mode prompt “Switch#” can be entered under the User Mode by running the enable command and entering corresponding access levels admin user password, if a password has been set. Or, when exit command is run under Global Mode, it will also return to the Admin Mode.
SS2R24G4i/SS2R48G4i related settings such as duplex mode, speed, etc. command under Global Mode. return to Global Mode. 4.2.1.1.5 VLAVLAN Mode Using the vlan command under Global Mode can enter the corresponding VLAN Mode. Under VLAN Mode the user can configure all member ports of the corresponding VLAN. Run the exit command to exit the VLAN Mode to Global Mode 4.2.1.1.
SS2R24G4i/SS2R48G4i parameter; {enum1 | … | enumN } indicates a mandatory parameter that should be selected from the parameter set enum1~enumN; and the square bracket ([ ]) in [option] indicate an optional parameter. There may be combinations of “< >“, “{ }” and “[ ]” in the command line, such as [],{enum1 | enum2}, [option1 [option2]], etc. Here are examples for some actual configuration commands z show version, no parameters required.
SS2R24G4i/SS2R48G4i Right “→” The cursor moves one character to the right. entered command. Ctrl +p The same as Up key “↑”. Ctrl +n The same as Down key “↓”. Ctrl +b The same as Left key “←”. Ctrl +f The same as Right key “→”. Ctrl +z Return to the Admin Mode directly from the other configuration modes ( except User Mode). Ctrl +c Break the ongoing command process, such as ping or other command execution.
SS2R24G4i/SS2R48G4i 4.2.1.5.1 Returned Information success All commands entered through keyboards undergo syntax check by the Shell. Nothing will be returned if the user entered a correct command under corresponding modes and the execution is successful. 4.2.1.5.2 Returned Information Returned Information error error Output error message Explanation Unrecognized command or illegal parameter! The entered command does not exist, or there is error in parameter scope, type or format.
SS2R24G4i/SS2R48G4i configuration interface. The bottom left part of the Web configuration interface is the main menu, with which users can configure, control and maintain the switch, monitor ports and so on. The bottom right part is used to display information and to interact with users. When the users click the upper part or the bottom left part, the bottom right part will show the configuration interface of the corresponding menu(submenu), then, the users can configure the switch as they want to.
SS2R24G4i/SS2R48G4i Chapter 5 Basic Switch Configuration 5.1 Basic Switch Configuration Commands Basic switch configuration includes commands for entering and exiting the admin mode, commands for entering and exiting interface mode, for configuring and displaying the switch clock, for displaying the version information of the switch system, etc. Caution !! By default, the host name of a switch and the command line prompt is the same as the type of the switch.
SS2R24G4i/SS2R48G4i Command exit Function to quit from the current mode quit and return the previous mode. By this command, users being in global mode will return to admin configuration mode; users being admin mode will return to user mode. Command mode All Modes 5.1.4 help Command help Function Output brief description of the command interpreter help system. Command mode All Modes 5.1.
SS2R24G4i/SS2R48G4i Command reload Function Warm reset the switch. Command mode Admin Mode set default Command set default Function Reset the switch to factory settings. Command mode Admin Mode 5.1.9 setup Command setup Function Enter the Setup Mode of the switch. Command mode Admin Mode 5.1.10 language Command language {chinese|english} Function Set the language for displaying the help information. Parameter Chinese for Chinese display; English for English display.
SS2R24G4i/SS2R48G4i 5.1.13 show cpu usage Command show cpu usage Function To display the CPU usage rate of the switch Command Mode Admin Mode. show tech-support Command show tech-support Function To collect tech-support information. Command Mode Admin Mode. 5.2 Monitor and Debug Command When the users configures the switch, they will need to verify whether the configurations are correct and the switch is operating as expected, and in network failure, the users will also need to diagnostic the problem.
SS2R24G4i/SS2R48G4i as described earlier in the In-band management section. As a Telnet server, SS2R24/48G4i switch switch allows up to 5 telnet client TCP connections. And as Telnet client, using telnet command under Admin Mode allows the user to login to the other remote hosts. SS2R24/48G4i switch switch can only establish TCP connection to one remote host. If a connection to another remote host is desired, the current TCP connection must be dropped. 5.2.2.2 Telnet Configuration Task List 1.
SS2R24G4i/SS2R48G4i Command Explanation Admin Mode telnet [] [] Login to a remote host with the Telnet client included in the switch. 5.2.2.3 Commands for Telnet 5.2.2.3.
SS2R24G4i/SS2R48G4i disables the Telnet function in the switch. Default Telnet server function is enabled by default. Command mode Global Mode 5.2.2.3.5 telnet-server securityip Command telnet-server securityip no telnet-server securityip Function Configure the secure IP address of Telnet client allowed to login to the switch; the “no telnet-server securityip “ command deletes the authorized Telnet secure address.
SS2R24G4i/SS2R48G4i 1. SSH Server Configuration Command Explanation Global Mode Enable SSH function on the switch; the ssh-server enable no ssh-server enable “no ssh-server enable” disables SSH function. ssh-user password {0|7} no ssh-user command Configure the username and password of SSH client software for logging on the switch; the “no ssh-user “ command deletes the username.
SS2R24G4i/SS2R48G4i Function Configure the username and password of SSH client software for logging on the switch; the “no ssh-user “ command deletes the username. Parameter is SSH client username. It can’t exceed 16 characters; is SSH client password. It can’t exceed 8 characters; 0|7 stand for unencrypted password and encrypted password. Command mode Global Mode Default There are no SSH username and password by default. 5.2.3.3.
SS2R24G4i/SS2R48G4i the SSH client side,enable function of debug information in console Command mode Admin Mode Relative Command ssh-user 5.2.3.4 SSH Server Configure Example Scenario 1 Requirement Enable SSH server on the switch, and run SSH2.0 client software such as Secure shell client and putty on the terminal. Log on the switch by using the username and password from the client. Configure the IP address, add SSH user and enable SSH service on the switch. SSH2.
SS2R24G4i/SS2R48G4i 5.2.4 Traceroute Command traceroute { | host }[hops ] [timeout ] Function This command is used to test the gateways passed by packets on their way from sending equipment to destination equipment, in order to check whether the network can be reached and to locate the fault of network. Parameters is the IP address of the destination host, in dotted-decimal format; is the host name of the remote host.
SS2R24G4i/SS2R48G4i Command show flash Function Display the document in the flash Command Mode Admin Mode 5.2.5.5 show history Command show history Function Display the recent user input history command Command Mode Admin Mode 5.2.5.6 show memory Command show memory Function Display the contents in the memory Command Mode Admin Mode 5.2.5.7 show rom Command show rom Function Display enable document and bulk Command Mode Admin Mode 5.2.5.
SS2R24G4i/SS2R48G4i the switch 5.2.5.11 show tcp Command show tcp Function Display the current TCP connection status established to the switch. Command mode Admin Mode 5.2.5.12 show udp Command show udp Function Display the current UDP connection status established to the switch. Command mode Admin Mode 5.2.5.13 show telnet login Command show telnet login Function Display Telnet user information that links with the switch 5.2.5.
SS2R24G4i/SS2R48G4i The IP address of SS2R24/48G4i switch switch is set on the VLAN interface. The VLAN with an IP address is called management VLAN. All the in-band management of the switch is done through management VLAN.SS2R24/48G4i switch switch only allows one VLAN interface, so, to change the ID of the management VLAN, the original VLAN interface should be deleted first, and then create a new VLAN interface.
SS2R24G4i/SS2R48G4i 5.4 SNMP Configuration 5.4.1 Introduction To SNMP SNMP (Simple Network Management Protocol) is a standard network management protocol widely used in computer network management. SNMP is an evolving protocol.
SS2R24G4i/SS2R48G4i 5.4.2 Introduction to MIB The network management information accessed by NMS is well defined and organized in a Management Information Base (MIB). MIB is pre-defined information which can be accessed by network management protocols. It is in layered and structured form. The pre-defined management information can be obtained from monitored network devices. ISO ASN.1 defines a tree structure for MID. Each MIB organizes all the available information with this tree structure.
SS2R24G4i/SS2R48G4i 5.4.3 Introduction to RMON RMON is the most important expansion of the standard SNMP. RMON is a set of MIB definitions, used to define standard network monitor functions and interfaces, enabling the communication between SNMP management terminals and remote monitors. RMON provides a highly efficient method to monitor actions inside the subnets. MID of RMON consists of 10 groups.
SS2R24G4i/SS2R48G4i 2. Configure SNMP community string Command Explanation snmp-server community {ro|rw} no snmp-server community Configure the community string for the switch; the “no snmp-server community “ command deletes the configured community string. 3.
SS2R24G4i/SS2R48G4i 8. Configuring TRAP Command Explanation snmp-server enable traps no snmp-server enable traps Enable the switch to send Trap message. This command is used for SNMP v1/v2/v3. snmp-server host {v1|v2c|{v3 {NoauthNopriv|AuthNopriv|AuthPriv}}} no snmp-server host {v1|v2c|{v3 {NoauthNopriv|AuthNopriv |AuthPriv}}} Set the host IPv4/IPv6 address which is used to receive SNMP Trap information.
SS2R24G4i/SS2R48G4i Switch (Config)#snmp-server user tester DCNGroup encrypted auth md5 hello Switch (Config)#snmp-server group DCNGroup AuthPriv read max write max notify max Switch (Config)#snmp-server view max 1 include Scenario 4 NMS wants to receive the v3Trap messages sent by the switch. The configuration on the switch is listed below Switch(config)#snmp-server enable Switch(config)#snmp-server host 10.1.1.2 v3 AuthPriv tester Switch(config)#snmp-server enable traps 5.4.6 SNMP Troubleshooting 5.4.6.
SS2R24G4i/SS2R48G4i maximum packet size Maximum length of SNMP packets. no such name errors Number of packets requesting non-existent MIB objects. bad values errors Number of “Bad_values” error SNMP packets. general errors Number of “General_errors” error SNMP packets. response PDUs Number of response packets sent. trap PDUs Number of Trap packets sent. 5.4.6.1.2 show snmp status Command show snmp status Function Display SNMP configuration information.
SS2R24G4i/SS2R48G4i 5.4.6.1.4 show snmp user Command show snmp user Function Display the user information commands Command Mode Admin Mode Displayed Information Explanation User name User name Engine ID Engine ID Priv Protocol Employed encryption algorithm Auth Protocol Employed identification algorithm Row status User state 5.4.6.1.
SS2R24G4i/SS2R48G4i 5.4.6.1.7 show snmp mib Command show snmp mib Function Display all MIB supported by the switch Command Mode Admin Mode 5.4.6.1.8 debug snmp packet Command debug snmp packet no debug snmp packet Function Enable the SNMP debugging; the “no debug snmp packet” command disables the debugging function Command Mode Admin Mode 5.4.6.2 SNMP Troubleshooting When users configure the SNMP, the SNMP server may fail to run properly due to physical connection failure and wrong configuration, etc.
SS2R24G4i/SS2R48G4i 5.5.1 BootROM Upgrade There are two methods for BootROM upgrade TFTP and FTP, which can be selected at BootROM command settings. The upgrade procedures are listed below Step 1 A PC is used as the console for the switch. A console cable is used to connect PC to the management port on the switch. The PC should have FTP/TFTP server software installed and has the img file required for the upgrade. Step 2 Press “ctrl+b” on switch boot up until the switch enters BootROM monitor mode.
SS2R24G4i/SS2R48G4i Loading... entry = 0x10010 size = 0x1077f8 Step 5 Execute “write nos.img” in BootROM mode. The following saves the system update image file. [Boot] writeimg Programming... Program OK. Step 6 After successful upgrade, execute “run” command in BootROM mode to return to CLI configuration interface. 5.5.2 FTP/TFTP Upgrade 5.5.2.
SS2R24G4i/SS2R48G4i authentication or permission-based file access authorization. It ensures correct data transmission by sending and acknowledging mechanism and retransmission of time-out packets. The advantage of TFTP over FTP is that it is a simple and low overhead file transfer service. SS2R24/48G4i switch switch can operate as either FTP/TFTP client or server.
SS2R24G4i/SS2R48G4i The configurations of SS2R24/48G4i switch switch as FTP and TFTP clients are almost the same, so the configuration procedures for FTP and TFTP are described together in this manual. 5.5.2.2.1 FTP/TFTP Configuration Task List 1. FTP/TFTP client configuration Upload/download the configuration file or system file. (1) For FTP client, server file list can be checked. 2.
SS2R24G4i/SS2R48G4i (3)Modify FTP server connection idle time Command Explanation Global Mode ftp-server timeout no ftp-server timeout set connection idle time。 3.TFTP server configuration(1)Start TFTP server Command Explanation Global Mode tftp-server enable no tftp-server enable Start TFTP server, the “no ftp-server enable” command shuts down TFTP server and prevents TFTP user from logging in.
SS2R24G4i/SS2R48G4i At present, the system log of the switch can be outputted through five directions( aka log channels ) z Output log information to local console through Console port. z Output log information to remote Telnet terminal or Dumb terminal, which helps remote maintenance. z Allocate log buffer of proper size inside the switch to record log information. z Configure loghost.
SS2R24G4i/SS2R48G4i log message can be actually sent out through the output channel. 5.6.2 Configuring The System Log 5.6.2.1 The Task Sequence of Configuring The System Log 1. Set the global log switch 2. Set the output channel of the console. 3. Set the output channel of the user’s terminal 4. Set the output channel of the log buffer 5. Set the output channel of the log host 6. Display the information of the log channel 7. Set the filter items of the log output channel. 1.
SS2R24G4i/SS2R48G4i 5.Set the output channel of the log host Command Description Privileged configuration mode logging ] no logging [ facility Open the output channel of the log host. Prefixing the command with a “no” will disable this function. 6.Display the information of the log channel Command Description Privileged configuration mode show channel [console monitor | logbuff | loghost ] | Display the information of the log channel 7.
SS2R24G4i/SS2R48G4i 5.6.4.1.1 show channel Command show channel [console | monitor | logbuff | loghost ] Function To display brief information of the log channel. Parameters console the output channel of log is console; monitor the output channel of log is the user’s terminal; logbuff the output channel of log is the log buffer; loghost the output channel of log is the log host. Command Mode Privileged configuration mode.
SS2R24G4i/SS2R48G4i 5.7 Classified Configuration 5.7.1 Introduction of Classified Configuration In order to effectively protect the network, the switch allows users to log on as different identities to configure it, allows different password for those identities, and allows those identities to use different rights. when configuring the switch. Right now, DCN switch provides visitor and admin as configuration levels.
SS2R24G4i/SS2R48G4i Port isolation is aimed at meeting the user’s demand showed below The topologic structure of the switches is illustrated in the picture above. The demand is that, once the configuration port on switch1 is isolated, the e0/0/1 and e0/0/2 on switch1 are not connected, while both of which can be connected to the uplink port e0/0/25. That is all the downlink ports can not connect to each other, but a downlink port can be connected to a specified uplink port.
SS2R24G4i/SS2R48G4i Chapter 6 Cluster Configuration 6.1 Introduction to cluster network management Cluster network management is an in-band configuration management. Unlike CLI, SNMP and Web Config which implement a direct management of the target switches through a management workstation, cluster network management implements a direct management of the target switches (member switches) through an intermediate switch (commander switch). A commander switch can manage multiple member switches.
SS2R24G4i/SS2R48G4i 4. 1) Enable or disable joining the cluster automatically 2) Set holdtime of heartbeat of the cluster 3) Set interval of sending heartbeat packets among the switches of the cluster 4) Clear the list of candidate switches discovered by the commander switch Configure attributes of the cluster in the candidate switch 1) 5.
SS2R24G4i/SS2R48G4i Global Mode Set interval of sending cluster register packet cluster register timer no cluster register timer 5. Remote cluster network management Command Explanation Admin Mode rcommand member In the commander switch, this command is used to configure and manage member switches. rcommand commander In the member switch, this command is used to configure the member switch itself.
SS2R24G4i/SS2R48G4i Chapter 7 Port Configuration 7.1 Port Introduction Fig 7-1 Ports on SS2R24G4i The ports on SS2R24G4i switch are showed in the above picture. SS2R24G4i provides 24+2+2 ports, 24 of wich are 10/100Base-TX ethernet interfaces with fixed configuration, 2 of which are 1000Base-TX/1000Base-FX single/multi mode interfaces, the other 2 of which are 1000Base-TX stack interfaces. On the panel of SS2R24G4I, each port is marked with a port ID.
SS2R24G4i/SS2R48G4i 4) Configure port cable types 5) Configure port speed and duplex mode 6) Configure bandwidth control 7) Configure traffic control 8) Enable/Disable port loopback function 9) Configure Combo port mode 3. Set the packet suppression function 1. Enter the Ethernet port configuration mode Command Explanation Interface Mode interface ethernet Enters the network port configuration mode. 2.
SS2R24G4i/SS2R48G4i 3.Set the packet suppression function Command Explanation Port configuration mode packet-suppression {broadcast|brmc|brmcdlf|all} no packet-suppression Enable the packet suppresntion function of the switch, and set the max data traffic allowed to pass. The “no packet-suppression” command is used to cancel the packet suppression function. 7.2.2 VLAN Interface Configuration 7.2.2.1 VLAN Interface Configuration Task List 1. Enter VLAN Mode 2.
SS2R24G4i/SS2R48G4i 7.2.3.1 Introduction to Port Mirroring Port mirroring refers to the duplication of data frames sent/received on a port to another port. The duplicated port is referred to as mirror source port and the duplicating port is referred to as mirror destination port. A protocol analyzer (such as Sniffer) or RMON monitoring instrument is often attached to the mirror destination port to monitor and manage the network and diagnostic.
SS2R24G4i/SS2R48G4i 7.2.3.4 Device Mirroring Troubleshooting 7.2.3.4.1 show monitor Command show monitor Function To display the source and destination port information of the image. Command Mode Admin Mode Display information Explanation session number Session number of the image Source ports Source ports of the image RX The image in the receiving direction of the port. TX The image in the transmitting direction of the port.
SS2R24G4i/SS2R48G4i 7.3 Port Configuration Example Fig 7-2 Port Configuration Example Use default VLAN1 since VLAN is not configured on all of the switches.
SS2R24G4i/SS2R48G4i 7.4 Port Troubleshooting 7.4.1 Monitor and Debug Command 7.4.1.1 clear counters ethernet Command clear counters [ethernet ] Function Clear counters information on Ethernet interface Parameters is the port ID of Ethernet Command Mode Admin Mode Default Do not delete the counters information on Ethernet interface 7.4.1.
SS2R24G4i/SS2R48G4i Chapter 8 MAC Table Configuration 8.1 Introduction to MAC Table MAC table is a table identifies the mapping relationship between destination MAC addresses and switch ports. MAC addresses can be categorized as static MAC addresses and dynamic MAC addresses.
SS2R24G4i/SS2R48G4i added to the MAC table. 4. Now the MAC table has two dynamic entries, MAC address 00-01-11-11-11-11 - port 5 and 00-01-33-33-33-33 -port 12. 5. After the communication between PC1 and PC3, the switch does not receive any message sent from PC1 and PC3. And the MAC address mapping entries in the MAC table are deleted after 300 seconds. The 300 seconds here is the default aging time for MAC address entry in SS2R24/48G4i switch. Aging time can be modified in the switch. 8.1.
SS2R24G4i/SS2R48G4i frame. When VLANs are configured, the switch will forward unicast frame within the same VLAN. If the destination MAC address is found in the MAC table but belonging to different VLANs, the switch can only broadcast the unicast frame in the VLAN it belongs to. 8.2 Commands for MAC address table configuration 8.2.
SS2R24G4i/SS2R48G4i Command Mode Global mode Default no filtering entries 8.2.4 clear mac-address-table dynamic Command clear mac-address-table dynamic [address ] [vlan ] [interface {[ethernet|port-channel] }] Function Deletes dynamic address entries Parameter MAC address to be deleted; name of the port transmitting the MAC data packet; receives vlan number of the MAC data packet. Command Mode Admin mode Default None 8.
SS2R24G4i/SS2R48G4i 8.4.2 Troubleshooting Using the show mac-address-table command, a port is found to be failed to learn the MAC of a device connected to it. Possible reasons z The connected cable is broken. z Spanning Tree is enabled and the port is in “discarding” status; or the device is just connected to the port and Spanning Tree is still under calculation, wait until the Spanning Tree calculation finishes, and the port will learn the MAC address.
SS2R24G4i/SS2R48G4i 1. Enable MAC address binding function for the ports Command Explanation Interface Mode Enable address binding function;the” no switchport port-security command disables the MAC address binding function switchport port-security no switchport port-security 2. MAC Lock the MAC addresses for a port Command Explanation Interface Mode Lock the port. After locking the port, no MAC address can be learnt. “no switchport port-security lock” resume the MAC address learning.
SS2R24G4i/SS2R48G4i 8.5.1.3 MAC Address Binding Troubleshooting 8.5.1.3.1 MAC Address Binding Monitor and Debug Comman 8.5.1.3.2 show port-security Command show port-security Function Display the secure MAC addresses of the port. Command mode Admin Mode Parameter stands for the port to be displayed.
SS2R24G4i/SS2R48G4i 8.5.1.3.4 show port-security address Command show port-security address [interface ] Function Display the secure MAC addresses of the port. Command mode Admin Mode Parameter stands for the port to be displayed.
SS2R24G4i/SS2R48G4i Chapter 9 VLAN Configuration 9.1 Introduction to VLAN VLAN (Virtual Local Area Network) is a technology that divides the logical addresses of devices within the network to separate network segments basing on functions, applications or management requirements. By this way, virtual workgroups can be formed regardless of the physical location of the devices. IEEE announced IEEE 802.
SS2R24G4i/SS2R48G4i 9.2 VLAN Configuration 9.2.1 VLAN Configuration Task List 1. Creating or deleting VLAN 2. Specifying or deleting name of VLAN 3. Assigning Switch ports for VLAN 4. Set The Switch Port Type 5. Set Trunk port 6. Set Access port 7. Enable/Disable VLAN ingress rules on ports 8. Configure Private VLAN 9. Set Private VLAN association 1. Creating or deleting VLAN Command Explanation Global Mode vlan no vlan Create/delete VLAN or enter VLAN Mode 2.
SS2R24G4i/SS2R48G4i 5. Set Trunk port Command Explanation Interface Mode Set/delete VLAN allowed to be crossed by Trunk. The “no” command restores the default setting. switchport trunk allowed vlan {|all} no switchport trunk allowed vlan switchport trunk native vlan no switchport trunk native vlan Set/delete PVID for Trunk port. 6.Set Access port Command Explanation Interface Mode Add the current port to specified VLAN the specified VLANs.
SS2R24G4i/SS2R48G4i 9.2.2 Typical VLAN Application Scenario VLAN100 VLAN2 Workstation VLAN200 Workstation IBM PC Desktop PC IBM PC Desktop PC Switch A Trunk Link Switch B VLAN200 Desktop PC VLAN100 IBM PC VLAN2 IBM PC Workstation Workstation Desktop PC Fig 9-2 Typical VLAN Application Topology The existing LAN is required to be partitioned to 3 VLANs due to security and application requirements. The three VLANs are VLAN2, VLAN100 and VLAN200.
SS2R24G4i/SS2R48G4i Connect the Trunk ports of both switches for a Trunk link to convey the cross-switch VLAN traffic; connect all network devices to the other ports of corresponding VLANs. In this example, port 1 and port 24 is spared and can be used for management port or for other purposes.
SS2R24G4i/SS2R48G4i metropolitan area network using layer-3 switch as backbone equipment. As shown in Fig 5-4, after being enabled on the user port, dot1q-tunnel assigns each user an SPVLAN identification (SPVID). Here the identification of user is 3. Same SPVID should be assigned for the same network user on different PEs. When packet reaches PE1 from CE1, it carries the VLAN tag 200-300 of the user internal network.
SS2R24G4i/SS2R48G4i 2. Configure the type of protocol (TPID) of the port Command Explanation Port mode Configure the type of protocol on the ports. dot1q-tunnel tpid {8100|9100|9200} 3.Set the dot1q-tunnel type of the port Command Explanation Interface configuraiton mode switchport dot1q-tunnel mode {customer |uplink} no switchport dot1q-tunnel Set the dot1q-tunnel type of the port 9.3.
SS2R24G4i/SS2R48G4i SS2R48G4I (Config-Vlan3)#switchport interface ethernet 0/0/1 SS2R48G4I (Config-Vlan3)#exit SS2R48G4I (Config)#dot1q-tunnel enable SS2R48G4I (Config)#interface ethernet 0/0/1 SS2R48G4I (Config-Ethernet0/0/1)#switchport dot1q-tunnel mode customer SS2R48G4I (Config-Ethernet0/0/1)#exit SS2R48G4I (Config)#interface ethernet 0/0/10 SS2R48G4I (Config-Ethernet0/0/10)#switchport mode trunk SS2R48G4I (Config-Ethernet0/0/10)#switchport dot1q-tunnel mode uplink SS2R48G4I (Config-Ethernet0/0/10)#exi
SS2R24G4i/SS2R48G4i In SS2R24/48G4i switch, 1000bps network ports can support Protocol VLAN fucntion unconditionally, while the 100bps wthernet ports have to be set tgo trunk ports to use the function. 9.4.2 Protocol VLAN Configuration Task Sequence Enable Protocol VLAN Configure the protocol list entries 1. 2. 1. Enable Protocol VLAN Command Explanation Global configuration mode protocol-vlan enable no protocol-vlan enable Enable/disable Protocol VLAN 2.
SS2R24G4i/SS2R48G4i for the VLAN to display status information, valid length is 1 to 11 characters.
SS2R24G4i/SS2R48G4i Chapter 10 RSTP CONFIGURATION 10.1 INTRODUCTION TO RSTP RSTP is the abbreviation of Rapid Spanning Tree Protocol, which may block the redundant paths in exchanging network through rapid spanning tree algorithm and establish non-loop tree network. The rapid spanning tree algorithm adopted by RSTP is a distributed algorithm. It operates on all bridges of a Bridged-LAN, and is responsible for calculating a simple and interconnected active topology.
SS2R24G4i/SS2R48G4i 10.2 RSTP CONFIGURATION 10.2.1 RSTP CONFIGURATION TASK SEQUENCE 1. startup RSTP and configure running mode Command Explanation Global configuration mode and Port configuration mode Startup RSTP,the “no spanning-tree” command close RSTP function.
SS2R24G4i/SS2R48G4i spanning-tree forward-time
SS2R24G4i/SS2R48G4i Elevating the port priority of the port 0/0/1 of switch 4 to 160 while that of the port 0/0/3 of switch 4 is still the defaulted 128, will make the port 0/0/2 of switch 5 be the root port.
SS2R24G4i/SS2R48G4i 10.4 RSTP Troubleshooting 10.4.1 Monitor and Debug Command 10.4.1.
SS2R24G4i/SS2R48G4i no debug stp {all|basic | in | out} Function to open RSTP debug information. Use the “no debug stp {all | basic | in | out}” command to close RSTP debug information. Parameter ”all” means all debug information switch; basic table express as basic debug information switch; fsm table express as the limited status debug switch; in and out respective express as the debug switch of input packet and output packet。 Command mode Admin mode 10.4.
SS2R24G4i/SS2R48G4i Chapter 11 IGMP Snooping 11.1 Introduction to IGMP Snooping IGMP (Internet Group Management Protocol) is a protocol used in IP multicast. IGMP is used by multicast enabled network device (such as a router) for host membership query, and by hosts that are joining a multicast group to inform the router to accept packets of a certain multicast address. All those operations are done through IGMP message exchange. The router will use a multicast address (224.0.0.
SS2R24G4i/SS2R48G4i {group | source } No ip igmp snooping vlan < vlan-id > limit snooping can join and the max number of sources each group can have.” No ip igmp snooping vlan < vlan-id > limit ” will reset it to default value. Ip igmp snooping vlan l2-general-querier No ip igmp snooping vlan l2-general-querier Set this vlan to a layer 2 general queirer. It is recommended that each segment should configure a layer 2 general queirer.
SS2R24G4i/SS2R48G4i tatic-group interface {[ethernet|port-channel] 11.3 IGMP Snooping Examples Scenario 1 IGMP Snooping function Fig 11-1 Enabling IGMP Snooping function Example As shown in the above figure, a VLAN 100 is configured in the switch and includes ports 1, 2, 6, 10 and 12. Four hosts are connected to port 2, 6, 10, 12 respectively and the multicast router is connected to port 1.
SS2R24G4i/SS2R48G4i one connected to port 10 orders program2 and the other one connected to port 12 orders program 3 IGMP Snooping listening result The multicast table built by IGMP Snooping in VLAN 100 indicates ports 1, 2, 6, 10 in Group1 and ports 1, 12 in Group3. All the four hosts can receive the program of their choice ports 2, 6, 10 will not receive the traffic of program 2,3and port 12 will not receive the traffic of program 1,2.
SS2R24G4i/SS2R48G4i Multicast Configuration The same as scenario 1. IGMP Snooping listening result Similar to scenario 1. 11.4 IGMP SnoopingIGMP Snooping Troubleshooting 11.4.1 IGMP Snooping Monitor and Debug Command 11.4.1.
SS2R24G4i/SS2R48G4i Igmp snooping mrouter port keep-alive time The keep-alive time vlan of the vlan Igmp snooping query-suppression time The query-suppression l2-general-querier IGMP Snooping Connect Group Membership The group membership of the vlan , that is the corresponding relationship between the port and(S,G). Igmp snooping vlan 1 mrouter port The mrouter port of the vlan, including static and dynamic. time of the vlan as a 11.4.1.
SS2R24G4i/SS2R48G4i Chapter 12 Multicast VLAN Configuration 12.1 Multicast VLAN Introduction Based on the current multicast programordering method, when users in different VLANs order programs, each VLAN will copy a multicast stream within itself. This method will waste lots of bandwidth.
SS2R24G4i/SS2R48G4i the IGMP Snooping function globally. 12.3 Multicast VLAN Examples SWITCHB SWITCHA PC1 Work Station PC2 Fig 2-12-1 The function configuration of multicast VLAN As showed in the picture above, multicast server connects to a 3-layer switch switchA via port 0/0/1,and the port 0/0/1 belongs to the vlan10 of the switch. 3-lay switch switchA connects to 2-layer switch switchB via port . Vlan 20 is a multicast vlan.
SS2R24G4i/SS2R48G4i switchA (config)# interface ethernet switchA (Config-Ethernet )switchport mode trunk switchB#config switchB (config)#vlan 100 switchB (config-vlan100)#switchport access ethernet switchB (config-vlan100)exit switchB#config switchB (config)#vlan 101 switchB (config-vlan101)#switchport access ethernet switchB (config-vlan101)exit switchB (config)# interface ethernet switchB (Config-Ethernet )#switchport mode trunk switchB (Config-Ethernet )#exit switchB (config)#vlan 20 switchB (config-vla
SS2R24G4i/SS2R48G4i Chapter 13 DCSCM Configuraion 13.1 DCSCM Introduction DCSCM(security control multicast)technology includes three respects multicast source controllabillity, multicast users controllabillity and the service-priority-oriented multicast policy.
SS2R24G4i/SS2R48G4i [no] ip multicast source-control(necessary) Enable the source control globally, the “[no] ip multicast source-control” command will disable the source control globally. What calls for attention is that after the global source control is enabled, all the multicast messages will be dumped by default. All the souce control configuration can only be done after it is enabled globally, and only when all the configured rules has been disabled, can the souce control be disabled globally.
SS2R24G4i/SS2R48G4i Command Explantation Global configuration mode [no] ip destination-control(necessary) multicast Enable the destination globally. The” no ip multicast destination-contro” command will disable the destination control globally.Only after the desination control is enabled globally, all of the other configurations can take effect. The next step is to configure the destination control rules, which is also similar to that ofsource control except that it uses ACL ID from 6000 to 7999.
SS2R24G4i/SS2R48G4i [no] ip multicast destination-control access-group <6000-7999> To configure the rule used in source control to specified source IP address/MASK, prefixing the command with “NO” will cancel the configuration. 3. Configuration of mulicast policy mulicast policy satisfies the demand of special users by designating priority for specified multicast data.
SS2R24G4i/SS2R48G4i Server 210.1.1.1 is sending important multicast data in the group 239.1.2.3 上, we can configure as follows on its access switch Switch(Config)#ip multicast policy 210.1.1.1 0.0.0.0 239.1.2.3 0.0.0.
SS2R24G4i/SS2R48G4i Parameters detail whether display detailed information. interface name,like Ethernet 0/0/1or ethernet 0/0/1。 Default Settings None. Command Mode Admin Mode 13.4.1.
SS2R24G4i/SS2R48G4i Chapter 14 802.1x Configuration 14.1 Introduction to 802.1x IEEE 802.1x is a port-based network access management method, which authenticates and manages the accessing devices on the physical access level of the LAN device. The physical access level here are the ports of the switch. If the users’ devices connected to such ports can be authenticated, access to resources in the LAN is allowed; otherwise, access will be denied, which is essentially the same as disconnecting physically.
SS2R24G4i/SS2R48G4i In the IEEE 802.1x application environment, SS2R24/48G4i switch is used as the access management unit, and the user connection device is the device with 802.1x client software. An authenticating server usually reside in the Carrier’s AAA center and usually is a Radius server. the difference between user access, MAC-based IEEE 802.1x authentication is implemented in SS2R24/48G4i switch for better security and management.
SS2R24G4i/SS2R48G4i command function aaa-accounting {enable|disable} update dot1x enable no dot1x enable dot1x privateclient enable no dot1x privateclient enable dot1x user free-resource no dot1x user free-resource disables the accounting Enables/disables accounting update Enables the 802.1x function in the switch and ports; the "no dot1x enable" command disables the 802.1x function. Enable the switch to force the client software adopts AMER.COM private 802.
SS2R24G4i/SS2R48G4i Set the max number of the users allowed to access by specified port, applied to ports using userbased access control mode; the “ no dot1x max-user userbased ” command is used to reset the default value allowing 10 users at most. dot1x max-user userbased no dot1x max-user userbased 3) Configure expanded 802.
SS2R24G4i/SS2R48G4i dot1x max-req no dot1x max-req Sets the number of EAP request/MD5 frame to be sent before the switch re-initials authentication on no supplicant response, the “no dot1x max-req” command restores the default setting. dot1x re-authentication no dot1x re-authentication Enables periodical supplicant authentication; the “no dot1x re-authentication” command disables this function.
SS2R24G4i/SS2R48G4i radius-server accounting host [[port {}] [primary]] no radius-server accounting host Specifies the IP address or IPv6 address and listening port number for RADIUS accounting server; the “no radius-server authentication host “ command deletes the RADIUS server 3) Configure RADIUS Service parameters.
SS2R24G4i/SS2R48G4i The computer is connected to the port 0/0/2 of the switch, and the IEEE802.1 authentication function is enabled on the port, which adopts MAC-address-based authentication as the access method by default. The IP address of the switch is 10.1.1.2, and all the ports other than port 0/0/2 are connected to RADIUS authentication server, the IP address of which is 10.1.1.3. By default the authentication and cost-counting ports are port 1812 and port 1813. The IEEE802.
SS2R24G4i/SS2R48G4i authentication server[X].Host IP .Udp Port .Is Primary .Is Server Dead .Socket No Displays the authentication server number and corresponding IP address, UDP port number, Primary server or not, down or not, and socket number. accounting server sum The number of accounting servers. accounting server[X].Host IP .Udp Port .Is Primary .Is Server Dead .
SS2R24G4i/SS2R48G4i displayed. Command mode Admin Mode Displayed information Explanation Global 802.1x Parameters Global 802.
SS2R24G4i/SS2R48G4i Parameters send represents sending packets; receiverepresents receiving packets; all represents receiving and sending packets; is the name of interface. 14.4.1.
SS2R24G4i/SS2R48G4i Command Mode Admin Mode Parameters pkt-send represents the detail of sending packets; pkt-receive represen the details of receiving packets; internal represents internal details; userbased represents the user-based information; all represents all the detailed informations; is the name of interface. 14.4.1.
SS2R24G4i/SS2R48G4i Chapter 15 ACL Configuration 15.1 Introduction to ACL ACL (Access Control List) is an IP packet filtering mechanism employed in switches, providing network traffic control by granting or denying access through the switches, effectively safeguarding the security of networks. The user can lay down a set of rules according to some information specific to packets, each rule describes the action for a packet with certain information matched “permit” or “deny”.
SS2R24G4i/SS2R48G4i rules, from the first rule to the first matched rule; the rest of the rules will not be processed. z Global default action applies only to IP packets in the incoming direction on the ports. For nonincoming IP packets and all outgoing packets, the default forward action is “permit”. z Global default action applies only when packet flirter is enabled on a port and no ACL is bound to that port, or no binding ACL matches.
SS2R24G4i/SS2R48G4i (1) Create the name of the time range (2) Configure periodic time range (3) Configure absolute time range 4. Bind access-list to a specific direction of the specified port. 1.
SS2R24G4i/SS2R48G4i access-list {deny | permit} {eigrp | gre | igrp | ipinip | ip | } {{ } | any-source | {host-source }} {{ } | any-destination | {host-destination }} [precedence ] [tos ][time-range] Creates a numbered IP extended IP access rule for other specific IP protocol or all IP protocols; if the numbered extended access-list of specified number does not exist, then an access-list will be created using this nu
SS2R24G4i/SS2R48G4i [no] {deny | permit} icmp {{ } | any-source | {host-source }} {{ } | any-destination | {host-destination }} [ []] [precedence ] [tos ][time-range] Creates an extended name-based ICMP IP access rule; the “no” form command deletes this name-based extended IP access rule [no] {deny | permit} igmp {{ } | any-source | {host-source }} {{ } | any-destin
SS2R24G4i/SS2R48G4i access-list {deny|permit} {any-source-mac|{host-source-mac }|{ }} no access-list Creates a numbered standard MAC access-list, if the access-list already exists, then a rule will add to the current access-list; the “no access-list “ command deletes a numbered standard MAC access-list.
SS2R24G4i/SS2R48G4i [no]{deny|permit}{any-source-mac|{host-source-mac}|{}}{any-destination-mac|{ho st-destination-mac}|{}} [untagged-eth2 [ethertype [protocol-mask]]] Creates an extended name-based MAC access rule matching untagged ethernet 2 frame; the “no” form command deletes this name-based extended MAC access rule [no]{deny|permit}{any-source-mac|{host-source-mac }|{}} {any-destination-mac|{host-destinati
SS2R24G4i/SS2R48G4i access-list{deny|permit}{any-source-mac | {host-source-mac}|{}} {any-destination-mac|{host-destination-mac }|{}}icmp {{}|any-source | {host-source}} {{}|any-destination | {host-destination}}[ []] [precedence ] [tos ][time-range] Creates a numbered mac-icmp extended mac-ip acc
SS2R24G4i/SS2R48G4i access-list{deny|permit}{any-source-mac | {host-source-mac}|{}} {any-destination-mac|{host-destination-mac }|{}} {eigrp|gre|igrp|ip|ipinip|ospf|{}} {{}|any-source | {host-source}} {{}|any-destination | {host-destination}} [precedence ] [tos ][time-range] Creates a numbered extended m
SS2R24G4i/SS2R48G4i [no]{deny|permit}{any-source-mac|{host-source-mac }|{}} {any-destination-mac|{host-destination-mac }|{}}igmp {{}|any-source | {host-source}} {{}|any-destination | {host-destination }} [] [precedence ] [tos ][time-range] Creates an extended name-based MAC-IGMP access rule; the “no” form comma
SS2R24G4i/SS2R48G4i Quit extended name-based MAC-IP access mode Exit 2. Configuring packet filtering function (1)Enable global packet filtering function Command Explanation Global Mode Firewall enable Enables global filtering function packet Firewall disable disables global filtering function packet (2)Configure default action Command Explanation Global Mode Firewall default permit Sets default action to “permit” Firewall default deny Sets default action to “deny” 3.
SS2R24G4i/SS2R48G4i [no]absolute-periodic{Monday|Tu esday|Wednesday|Thursday|Frid ay|Saturday|Sunday} to{Monday|Tuesday|Wednesday|T hursday|Friday|Saturday | Sunday} stop the function of the time range in the week [no]periodic{{Monday+Tuesday+ Wednesday+Thursday+Friday+Sa turday+Sunday}|daily|weekdays | weekend} to (3)Configure absolute time range Command Explanation Global Mode Absolute start[en d ] Configure a
SS2R24G4i/SS2R48G4i The configuration steps are listed below 0.0.0.255 any-destination d-port 21 Switch(Config)#firewall enable Switch(Config)#firewall default permit Switch(Config)#access-list 110 deny tcp 10.0.0.0 Switch(Config)#interface ethernet 0/0/10 Switch(Config-Ethernet0/0/10)#ip access-group 110 in Switch(Config-Ethernet0/0/10)#exit Switch(Config)#exit Configuration result Switch#show firewall Firewall is enabled. Firewall default rule is to permit any packet.
SS2R24G4i/SS2R48G4i Switch(Config-Ethernet0/0/10)#exit Switch(Config)#exit Configuration result Switch#show firewall Firewall is enabled. Firewall default rule is to permit any packet. Switch #show access-lists access-list 1100(used 1 time(s)) access-list 1100 deny 00-12-11-23-00-00 00-00-00-00-FF-FF any-destination-mac untagged-802.3 access-list 1100 deny 00-12-11-23-00-00 00-00-00-00-FF-FF any-destination-mac tagged-802.
SS2R24G4i/SS2R48G4i Switch#show access-lists access-list 3110(used 1 time(s)) access-list 3110 deny 00-12-11-23-00-00 00-00-00-00-FF-FF any-destination-mac 0.0.0.255 any-destination d-port 21 Switch #show access-group interface name Ethernet0/0/10 MAC-IP Ingress access-list used is 3110. 15.5 ACL Troubleshooting 15.5.1 Monitor And Debug Command 15.5.1.
SS2R24G4i/SS2R48G4i Parameters ,Interface name Default None Command Mode Admin mode Displayed information Explanation interface name Ethernet0/0/2 Tying situation on port Ethernet0/0/2 IP Ingress access-list used is 111 No. 111 numeric expansion ACL tied to entrance of port Ethernet0/0/2 interface name Ethernet0/0/1 Tying situation on port Ethernet0/0/1 IP Ingress access-list used is 10 No. 10 standard expansion ACL tied to entrance of port Ethernet0/0/1 15.5.1.
SS2R24G4i/SS2R48G4i & & The number of ACL that can be binded successfully is dependent on the content of binded ACL and the limitation of hardware resource; If there are some rules including the same filtering information but conflicting behavior in the access-list, it can not be binded to the port, and will cause an error prompt. For example configure permit tcp any-source any-destination and deny tcp any-source any-destination at the same time.
SS2R24G4i/SS2R48G4i Chapter 16 AM Configuration 16.1 AM Introduction AM(access management) compares the information of the received data message ( source IP address or source IP + source MAC ) with the configured hardware address pool, if founds a match, forwards the message, if not, dumps it. 16.2 AM pool AM pool is an address list, each entry of this address list corresponds with a user. Each entry contains address information and its corresponding port.
SS2R24G4i/SS2R48G4i Command Explanation Physical interface configuration mode am port Enable or disable the AM function of a physical interface. no am port Configure IP address on a physical interface. The “no am ip-pool [] ” command will delete all the configured IP addresses on the interface.
SS2R24G4i/SS2R48G4i Switch(Config)#interface ethernet 0/0/1 Switch(Config-Ethernet0/0/1)#am port Switch(Config-Ethernet0/0/1)#am ip-pool 10.1.1.1 8 Switch(Config-Ethernet0/0/1)#exit Switch(Config)#exit Configuration result Switch#show am Global AM is enabled Interface Ethernet0/0/1 am is enable Interface Ethernet0/0/1 am ip-pool 10.1.1.1 8 USER_CONFIG Scenario 2 The configuration demand of the user is that the port 10 of the switch connects to the 10.1.1.
SS2R24G4i/SS2R48G4i 16.5.1.1 show am Command show am [interface ] Function Display the address entries configured on the current switch. Parameters interfaceName name of the physical interface Command Mode Global configuration mode Default Setting None Displayed information Explanation Global AM is enabled AM is enabled am mac-ip-pool 00-00-00-00-00-13 100.1.1.2 USER_CONFIG Only the users whose source MAC = 00-00-00-00-00-13 and source IP=100.1.1.2 can pass, this is configured by users.
SS2R24G4i/SS2R48G4i Chapter 17 Port Channel Configuration 17.1 Introduction to Port Channel To understand Port Channel, Port Group should be introduced first. Port Group is a group of physical ports in the configuration level; only physical ports in the Port Group can take part in link aggregation and become a member port of a Port Channel. Logically, Port Group is not a port but a port sequence.
SS2R24G4i/SS2R48G4i z All Ports are of the same type z All ports are Access ports and belong to the same VLAN or are all Trunk ports. z If the ports are Trunk ports, then their “Allowed VLAN” and “Native VLAN” property should also be the same. If Port Channel is configured manually or dynamically on SS2R24/48G4i switch switch, the system will automatically set the port with the smallest number to be Master Port of the Port Channel.
SS2R24G4i/SS2R48G4i 17.3 Port Channel Example Scenario 1 Configuring Port Channel in LACP. S1 S2 Fig 17-2 Configuring Port Channel in LACP Example The switches in the description below are all SS2R24/48G4i switch switch and as shown in the figure, ports 1, 2, 3 of Switch1 are access ports that belong to vlan1. Add those three ports to group1 in active mode. Ports 6, 7, 8 of Switch2 are trunk ports that also belong to vlan1,and allow all. Add these three ports to group2 in passive mode.
SS2R24G4i/SS2R48G4i Scenario 2 Configuring Port Channel in ON mode. S1 S2 Fig 17-3 Configuring Port Channel in ON mode Example As shown in the figure, ports 1, 2, 3 of Switch1 are access ports that belong to vlan1. Add those three port to group1 in “on” mode.
SS2R24G4i/SS2R48G4i are ungrouped and re-aggregate with port 3 to form port-channel 1. (It should be noted that whenever a new port joins in an aggregated port group, the group will be ungrouped first and re-aggregated to form a new group.) Now all four ports in both SwitchA and SwitchB are aggregated in “on” mode and become an aggregated port respectively. 17.4 Port Channel Troubleshooting 17.4.1 Debug and Monitor Command 17.4.1.
SS2R24G4i/SS2R48G4i speed_type Port speed type 10Gbps. 10Mbps, 100Mbps, 1,000Mbps and duplex_type Port duplex mode port_type Port VLAN property mux_state Status of port binding status machine rcvm_state Status of port receiving status machine prm_state Status of port sending status machine full-duplex and half-duplex access port or trunk port 3. Display load balance information for port-group 1. 4.Display member port information for port-group 1.
SS2R24G4i/SS2R48G4i Command debug lacp no debug lacp Function Enables the LACP debug function “no debug lacp” command disables this debug function. Command mode Admin Mode Default LACP debug information is disabled by default. 17.4.2 Port Channel Channel Troubleshooting If problems occur when configuring port aggregation, please first check the following for causes. z Ensure all ports in a port group have the same properties, i.e.
SS2R24G4i/SS2R48G4i Chapter 18 DHCP Configuration 18.1 Introduction to DHCP DHCP [RFC2131] is the acronym for Dynamic Host Configuration Protocol. It is a protocol that assigns IP address dynamically from the address pool as well as other network configuration parameters such as default gateway, DNS server, and default route and host image file position within the network. DHCP is the enhanced version of BootP.
SS2R24G4i/SS2R48G4i supports not only dynamic IP address assignment, but also manual IP address binding (i.e. specify a specific IP address to a specified MAC address or specified device ID over a long period. The differences and relations between dynamic IP address allocation and manual IP address binding are 1) IP address obtained dynamically can be different every time; manually bound IP address will be the same all the time.
SS2R24G4i/SS2R48G4i dns-server [address1[address2[…address8]]] no dns-server Configures DNS server for DHCP clients Configures Domain name for DHCP domain-name no domain-name clients; the “no domain-name” command deletes the domain name.
SS2R24G4i/SS2R48G4i Global Mode Enables logging for DHCP address to detect address conflicts ip dhcp conflict logging no ip dhcp conflict logging Admin Mode clear ip dhcp conflict
Deletes a single address conflict record or all conflict records 4.SS2R24G4i/SS2R48G4i Switch(dhcp-A-config)#netbios-name-server 10.16.1.209 Switch(dhcp-A-config)#netbios-node-type H-node Switch(dhcp-A-config)#exit Switch(Config)#ip dhcp excluded-address 10.16.1.200 10.16.1.210 Switch(Config)#ip dhcp pool B Switch(dhcp-B-config)#network 10.16.2.0 24 Switch(dhcp-B-config)#lease 1 Switch(dhcp-B-config)#default-route 10.16.2.200 10.16.2.201 Switch(dhcp-B-config)#dns-server 10.16.2.202 Switch(dhcp-B-config)#option 72 ip 10.16.2.
SS2R24G4i/SS2R48G4i Command clear ip dhcp conflict {
| all } Function Deletes an address present in the address conflict log. Parameters is the IP address that has a conflict record; all stands for all addresses that have conflict records. Command mode Admin Mode Relative Command ip dhcp conflict logging,show ip dhcp conflict 18.3.1.3 clear ip dhcp server statistics Command clear ip dhcp server statistics Function Deletes the statistics for DHCP server, clears the DHCP server count.SS2R24G4i/SS2R48G4i Memory usage using rate of EMS memory Address pools Number of configured. DHCP address pools Database agents Number of database agents. Automatic bindings Number of automatically Manual bindings Number of addresses bound manually Conflict bindings Number of conflicting addresses Expiried bindings Number of addresses whose leases are expired Malformed message Number of error messages.
SS2R24G4i/SS2R48G4i 18.3.2 DHCP Troubleshooting If the DHCP clients cannot obtain IP addresses and other network parameters, the following procedures can be followed when DHCP client hardware and cables have been verified ok. z Verify the DHCP server is running, start the related DHCP server if not running. z If the DHCP clients and servers are not in the same physical network, verify the router responsible for DHCP packet forwarding has DHCP relay function.
SS2R24G4i/SS2R48G4i Chapter 19 DHCP snooping Configuration 19.1 DHCP Snooping Introduction DHCP Snooping can effectively block attacks from fake DHCP servers.
SS2R24G4i/SS2R48G4i Ip dhcp snooping enable no Ip dhcp snooping enable Enable or disable dhcp snooping function 2.Enable the binding function of DHCP Snooping Command Explanation Global configuration mode Ip dhcp snooping binding enable no Ip dhcp snooping binding enable Enable or disable the binding function of dhcp snooping 3.
SS2R24G4i/SS2R48G4i Command Explanation Admin Mode Login on logging source {default | m_shell|sys_event|anti_attack} channel { console | logbuff | loghost | monitor } [ level { critical | debugging | notifications | warnings } [state { on | off } ] ] Please refer to the chapter on system log 非信任端口 非信任端口 19.2.2 DHCP Snooping Typical Applications Fig18-1 As showed in the above picture, Mac-AA device is the normal user,connected to the un-trusted port 0/0/1 of the DCN switch.
SS2R24G4i/SS2R48G4i switch(Config-Port-Range)# 19.3 DHCP Snooping Troubleshooting 19.3.1 Monitor and Debug Information 19.3.1.1 show ip dhcp snooping Command show ip dhcp snooping [interface [ethernet] ] Function Display the configuration information of the current dhcp snooping or display the defense action log of the specified port.
SS2R24G4i/SS2R48G4i Command logging source {default | m_shell|sys_event|anti_attack} channel { console | logbuff | loghost | monitor } [ level { critical | debugging | notifications | warnings } [state { on | off } ] ] Function The details about this command are covered in the chapter on system log; the data source of this command anti_attack records information about all kinds of denfense to network attacks, including the automatic defense action log of dhcp snooping.
SS2R24G4i/SS2R48G4i Chapter 20 Defense Against Segment Scanning 20.1 Defense Against Segment Scanning 20.1.1 Defense Against Segment Scanning Configuration Task Sequence 1. 2. 3. 4. 5. 6. 7. Enable the defense against segment scanning function Configure trusted ports Configure trusted source IP Enable the log recording function Enable the automatic recovery function Set the automatic recovery interval Set the limit of the message rate 1.
SS2R24G4i/SS2R48G4i Command Explanation Global configuration mode anti-netscan log enable no anti-netscan log enable Enable/disable the log recording function. 5. Enable the automatic recovery function Command Explanation Global configuration mode anti-netscan recovery enable no anti-netscan recovery enable Enable /disable the automatic recovery function 6.
SS2R24G4i/SS2R48G4i Chapter 21 SNTP Configuration The Network Time Protocol (NTP) is widely used for clock synchronization for global computers connected to the Internet. NTP can assess packet sending/receiving delay in the network, and estimate the computer’s clock deviation independently, so as to achieve high accuracy in network computer clocking. In most positions, NTP can provide accuracy from 1 to 50ms according to the characteristics of the synchronization source and network route.
SS2R24G4i/SS2R48G4i Command sntp timezone {add | subtract} no sntp timezone Function Set the time difference between the time zone in which the SNTP client resides and UTC. The “no sntp timezone” command cancels the time zone set and restores the default setting.
SS2R24G4i/SS2R48G4i 21.2 Typical SNTP Configuration Examples SW1 SW2 SWn Fig 21-1 Typical SNTP Configuration All SS2R24/48G4i switch switch in the autonomous zone are required to perform time synchronization, which is done through two redundant SNTP/NTP servers. For time to be synchronized, the network must be properly configured. There should be reachable route between any SS2R24/48G4i switch switch and the two SNTP/NTP servers. Example Assume the IP addresses of the SNTP/NTP servers are 10.1.1.
SS2R24G4i/SS2R48G4i Chapter 22 QoS Configuration 22.1 Introduction to QoS QoS (Quality of Service) is a set of capabilities that allow you to create differentiated services for network traffic, thereby providing better service for selected network traffic. QoS is a guarantee for service quality of consistent and predictable data transfer service to fulfill program requirements.
SS2R24G4i/SS2R48G4i according to the policing policies. Queuing Egress QoS action. Put the packets to appropriate egress queues according to the packet CoS value. Scheduling QoS egress action. Configure the weight for eight egress queues WRR (Weighted Round Robin). In Profile Traffic within the QoS policing policy range (bandwidth or burst value) is called “In Profile". Out of Profile Traffic out the QoS policing policy range (bandwidth or burst value) is called “Out of Profile". 22.1.
SS2R24G4i/SS2R48G4i replace the original higher level DSCP value in the packet; this is also called “marking down”. The following flowchart describes the operations during policing and remarking Queuing and scheduling Packets at the egress will re-map the internal DSCP value to CoS value, the queuing operation assigns packets to appropriate queues of priority according to the CoS value; while the scheduling operation performs packet forwarding according to the prioritized queue weight.
SS2R24G4i/SS2R48G4i no class-map map mode; the “no class-map ” command deletes the specified class map.
SS2R24G4i/SS2R48G4i police no police aggregate aggregate Apply a policy set to classified traffic; the “no police aggregate ” command deletes the specified policy set. 4.Apply QoS to ports Command Explanation Interface Mode mls qos trust [cos ] no mls qos trust | dscp | port priority Configure port trust; the “no mls qos trust” command disables the current trust status of the port.
SS2R24G4i/SS2R48G4i cos8> no wrr-queue cos-map [] egress queue; the “no wrr-queue cos-map[]” command restores the default setting. 6.Configure QoS mapping Command Explanation Global Mode mls qos map {cos-dscp
SS2R24G4i/SS2R48G4i Switch(config)#class-map c1 Switch(config-ClassMap)#match access-group 1 Switch(config-ClassMap)# exit Switch(config)#policy-map p1 Switch(config-PolicyMap)#class c1 Switch(config--Policy-Class)#police 10000000 4000 exceed-action drop Switch(config--Policy-Class)#exit Switch(config-PolicyMap)#exit Switch(config)#interface ethernet 0/0/2 Switch(Config-Ethernet0/0/2)#service-policy input p1 Configuration result An ACL name 1 is set to matching segment 192.168.1.0.
SS2R24G4i/SS2R48G4i assigns different IP precedences. For example, set IP precedence for packets from segment 192.168.1.0 to 5 on port ethernet 1/1. The port connecting to switch2 is a trunk port. In SwitchB, set port ethernet 1/1 that connecting to swtich1 to trust IP precedence. Thus inside the QoS domain, packets of different priorities will go to different queues and get different bandwidth.
SS2R24G4i/SS2R48G4i Parameters is the policy set name. Default N/A. Command mode Admin Mode Displayed information Explanation aggregate-policer policer1 exceed-action drop 80000 80 Not used by any policy map Configuration for this policy set. Time that the policy set is being referred to 22.4.1.3 show mls qos interface Command show mls qos interface [] [buffers | policers | queueing | statistics] Function Displays QoS configuration information on a port.
SS2R24G4i/SS2R48G4i Displayed information Explanation Ethernet1/2 Port name ClassMap Name of the Class map Classified Total data packets match this class map. In-profile Total in-profile data packets match this class map. out-profile Total out-profile data packets match this class map. 22.4.1.4 show mls qos maps Command show mls qos maps [cos-dscp | dscp-cos | dscp-mutation | policed-dscp] Function Displays mapping configuration information for QoS.
SS2R24G4i/SS2R48G4i 22.4.1.6 show policy-map Command show policy-map [] Function Display policy map of QoS. Parameter < policy-map-name> is the policy map name. Default N/A. Command mode Admin Mode Displayed information Explanation Policy Map p1 name of policy map Class map name c1 Name of the class map referred to police 16000000 8000 exceed-action drop Policy implemented 22.4.
SS2R24G4i/SS2R48G4i Chapter 23 Layer 3 Configuration SS2R24/48G4i switch switch only supports layer 2 forwarding function. But, we can configure a layer3 control port. On the interface of this port we can configure IP addresses used in communication of various IP-based control protocols. 23.1 Layer3 Interface 23.1.1 Introduction to Layer3 Interface Layer3 interface can be created on SS2R24/48G4i switch. Layer3 interface is not physical interface but a virtual interface. Layer3 interface is built on VLAN.
SS2R24G4i/SS2R48G4i will delete the default gateway address. 23.2 ARP 23.2.1 Introduction to ARP ARP (Address Resolution Protocol) is mainly used in IP address to Ethernet MAC address resolution. SS2R24/48G4i switch supports static configuration. 23.2.1.1 ARP Configuration Task Sequence 1. Configure static ARP Command Explanation arp no arp Configure a static ARP entry; the “no arp ” command deletes a static ARP entry. 23.2.
SS2R24G4i/SS2R48G4i entry. Port Physical (Layer2) interface corresponding to the ARP entry. Flag Describes whether ARP entry is dynamic or static. 23.2.2.1.2 debug arp Command debug arp no debug arp Function Enable the ARP debug function the “no debug arp” command disables this debug function. Default ARP debug is disabled by default. Command mode Admin Mode 23.2.2.
