Dell™ PowerConnect™ 35xx Systems User’s Guide w w w. d e l l . c o m | s u p p o r t . d e l l .
Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A CAUTION indicates potential damage to hardware or loss of data if instructions are not followed. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. ____________________ Information in this document is subject to change without notice. © 2007–2008 Dell Inc. All rights reserved.
Contents 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . System Description. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PowerConnect 3524 . . PowerConnect 3524P . PowerConnect 3548 . . PowerConnect 3548P . Stacking Overview . 11 . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 11 12 12 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2 Hardware Description Port Description . . . . . . . . . . . . . . . . . . . . . . . . . . 27 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 . . . . . . . . 27 . . . . . . . . . . . . . . . . 28 28 29 29 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 PowerConnect 3524 Port Description . . . . . . . . . . . The back panel contains an RPS connector, console port, and power connector.. . .
4 Configuring PowerConnect 3524/P and 3548/P . . . . . . . . . 49 Configuration Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 Booting the Switch . Initial Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 50 Advanced Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 . . . . . . . . . . . 54 56 56 . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 . . . . .
Using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Command Mode Overview . User EXEC Mode . . . . . . Privileged EXEC Mode . . . Global Configuration Mode . 6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring System Information Defining General Switch Information . 77 . . . . . . . . . . . . . . . . . . . . . 78 .
Configuring Domain Name Systems Defining Default Domains . . . . . . Mapping Domain Host . . . . . . . Defining ARP Settings . . . . . . . Running Cable Diagnostics . . . . . . . . . . . . . . . . . . . 154 157 159 162 . . . . . . . . . . . . . . . . . . . . . . . . . . 165 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165 167 . . . . . . . . . . . . . . . . . . . . . . .
Copying Files . . . . . Managing Device Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring Advanced Settings . . . . . . . . . . . . . . . . . . . . . . . . Configuring General Settings . 7 . . . . . . . . . . . . . . . . . . . . . . Configuring Switch Information. Configuring Network Security . . . . . . . . . . . . . . . . . . . . . . . . . 261 . . . . . . . . . . . 262 268 271 273 . . . . . . . . . . . . . . . . . . . . .
Configuring Multiple Spanning Tree Defining MSTP Interface Settings . Configuring VLANs . . . . . . . . . . . . . . . . . . . . 343 347 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 352 357 359 362 364 367 369 . . . . . . . . . . . . . . . . . . . . . . . . . . . 374 Defining VLAN Membership . . . . . Defining VLAN Ports Settings. . . . . Defining VLAN LAGs Settings. . . . . Binding MAC Address to VLANs . .
Viewing the RMON History Table . Defining Device RMON Events . . Viewing the RMON Events Log . . Defining RMON Device Alarms . . Viewing Charts . . . . . . . . . . . . . . . . . . . . . 425 428 430 431 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 436 437 438 440 . . . . . . . . . . . . . . . . . . . 441 . . . . . . . . . . . . .
Introduction Dell™ PowerConnect™ 3524/3548 and PowerConnect 3524P/3548P are stackable, advanced multi-layer devices. PowerConnect units can function either as stand-alone, multi-layer, switching devices or stackable devices with up to eight stacking members. This User Guide contains the information needed for installing, configuring, and maintaining the device. System Description PowerConnect 3524/3548 and PowerConnect 3524P/3548P combine versatility with minimal management.
PowerConnect 3548 The PowerConnect 3548 provides 48 10/100Mbps ports plus two SFP ports, and two Copper ports which can be used to forward traffic in a stand-alone device, or as stacking ports when the device is stacked. The device also provides one RS-232 console port. The PowerConnect 3548 is a stackable device, but also functions as a stand-alone device.
Understanding the Stack Topology The PowerConnect 35xx series systems operates in a Ring topology. A stacked Ring topology is where all devices in the stack are connected to each other forming a circle. Each device in the stack accepts data and sends it to the device to which it is attached. The packet continues through the stack until it reaches its destination. The system discovers the optimal path on which to send traffic. Figure 1-3.
The device units are shipped with a default Unit ID of the stand-alone unit. If the device is operating as a stand-alone unit, all stacking LEDs are off. Once the user selects a different Unit ID, it is not erased, and remains valid, even if the unit is reset. Unit ID 1 and Unit ID 2 are reserved for Master enabled units. Unit IDs 3 to 8 can be defined for stack members. When the Master unit boots or when inserting or removing a stack member, the Master unit initiates a stacking discovering process.
Each port in the stack has a specific Unit ID, port type, and port number, which are part of both the configuration commands and the configuration files.
Figure 1-4. PowerConnect 3548/P replaces PowerConnect 3548/P Same Configuration • Same Configuration Same Configuration If a PowerConnect 3548/P replaces PowerConnect 3524/P, the first 3548/P 24 FE ports receive the 3524/P 24 FE port configuration. The GE port configurations remain the same. The remaining ports receive the default port configuration. Figure 1-5.
Figure 1-6. PowerConnect 3548/P port replaces PowerConect 3524/P Port Same Configuration Same Configuration Switching from the Stack Master to the Backup Stack Master The Backup Master replaces the Stack Master if the following events occur: • The Stack Master fails or is removed from the stack. • Links from the Stack Master to the stacking members fails. • A soft switchover is performed with either via web interface or the CLI.
• PDAs • Audio and video remote monitoring For more information about Power over Ethernet, see "Managing Power over Ethernet". Head of Line Blocking Prevention Head of Line (HOL) blocking results in traffic delays and frame loss caused by traffic competing for the same egress port resources. To prevent HOL blocking the device queues packets, and the packets at the head of the queue are forwarded before packets at the end of the queue. Flow Control Support (IEEE 802.
The PowerConnect 35xx series systems enhances auto negotiation by providing port advertisement. Port advertisement allows the system administrator to configure the port speeds that are advertised. For more information on auto-negotiation, see "Defining Port Configuration" or "Defining LAG Parameters." Voice VLAN Voice VLAN allows network administrators to enhance VoIP service by configuring ports to carry IP voice traffic from IP phones on a specific VLAN.
VLAN-aware MAC-based Switching The device always performs VLAN-aware bridging. Classic bridging(IEEE802.1D) is not performed, where frames are forwarded based only on their destination MAC address. However, a similar functionality can be configured for untagged frames. Frames addressed to a destination MAC address that is not associated with any port are flooded to all ports of the relevant VLAN.
VLAN Supported Features VLAN Support VLANs are collections of switching ports that comprise a single broadcast domain. Packets are classified as belonging to a VLAN based on either the VLAN tag or based on a combination of the ingress port and packet contents. Packets sharing common attributes can be grouped in the same VLAN. For more information, see "Configuring VLANs." Port Based Virtual LANs (VLANs) Port-based VLANs classify incoming packets to VLANs based on their ingress port.
Fast Link STP can take up to 30-60 seconds to converge. During this time, STP detects possible loops, allowing time for status changes to propagate and for relevant devices to respond. 30-60 seconds is considered too long of a response time for many applications. The Fast Link option bypasses this delay, and can be used in network topologies where forwarding loops do not occur. For more information enabling Fast Link for ports and LAGs, see "Defining STP Port Settings" or "Defining Static Addresses.
BootP and DHCP Clients DHCP enables additional setup parameters to be received from a network server upon system startup. DHCP service is an on-going process. DHCP is an extension to BootP. For more information on DHCP, see "Defining DHCP IPv4 Interface Parameters." Quality of Service Features Class Of Service 802.1p Support The IEEE 802.1p signaling technique is an OSI Layer 2 standard for marking and prioritizing network traffic at the data link/MAC sub-layer. 802.
TFTP Trivial File Transfer Protocol The device supports boot image, software, and configuration upload/download via TFTP. Remote Monitoring Remote Monitoring (RMON) is an extension to SNMP, which provides comprehensive network traffic monitoring capabilities (as opposed to SNMP which allows network device management and monitoring). RMON is a standard MIB that defines current and historical MAC-layer statistics and control objects, allowing real-time information to be captured across the entire network.
802.1ab (LLDP-MED) The Link Layer Discovery Protocol (LLDP) allows network managers to troubleshoot and enhance network management by discovering and maintaining network topologies over multi-vendor environments. LLDP discovers network neighbors by standardizing methods for network devices to advertise themselves to other systems, and to store discovered information. The multiple advertisement sets are sent in the packet Type Length Value (TLV) field.
SSH Secure Shell (SSH) is a protocol that provides a secure, remote connection to a device. SSH version 2 is currently supported. The SSH server feature enables an SSH client to establish a secure, encrypted connection with a device. This connection provides functionality that is similar to an inbound telnet connection. SSH uses RSA and DSA Public Key cryptography for device connections and authentication. TACACS+ TACACS+ provides centralized security for validation of users accessing the device.
Hardware Description Port Description PowerConnect 3524 Port Description The Dell™ PowerConnect™ 3524 device is configured with the following ports: • 24 Fast Ethernet ports — RJ-45 ports designated as 10/100Base-T ports • 2 Fiber ports — Designated as 1000Base-X SFP ports • 2 Gigabit ports — Designated as 1000Base-T ports • Console port — RS-232 based port The following figure illustrates the PowerConnect 3524 front panel. Figure 2-1.
There are two buttons on the front panel. The Stack ID button is used to select the unit number. The second button is the Reset Button which is used to manually reset the device. The Reset button does not extend beyond the unit’s front panel surface, so reset by pressing it accidentally is prevented. On the front panel are all the device LEDs. The following figure illustrates the PowerConnect 3524 back: Figure 2-2.
The front panel contains 48 RJ-45 ports number 1-48. The upper row of ports is marked by odd numbers 1-47, and the lower row of ports is marked with even numbers 2-48. In addition, the front panel also contains ports G1 - G2 which are fiber ports and ports G3- G4 which are copper ports. Ports G3- G4 can either be used as stacking ports, or used to forward network traffic in a stand-alone device. There are two buttons on the front panel. The Stack ID button is used to select the unit number.
Physical Dimensions The PowerConnect 3524/P and PowerConnect 3548/P devices have the following physical dimensions: PoE Model: • Width — 440 mm (17.32 inch) • Depth — 387 mm (15.236 inch) • Height — 43.2 mm (1.7 inch) Non-PoE Device: • Width — 440 mm (17.32 inch) • Depth — 257 mm (10.118 inch) • Height — 43.2 mm (1.7 inch) LED Definitions The front panel contains light emitting diodes (LED) that indicate the status of links, power supplies, fans, and system diagnostics.
The following figure illustrates the 100 Base-T LEDs. Figure 2-7. RJ-45 1000 BaseT LED The RJ-45 LED indications for PowerConnect 3524 and PowerConnect 3548 are described in the following table: Table 2-1. PowerConnect 3524 and PowerConnect 3548 RJ-45 100BaseT LED Indications LED Color Description Link/Activity/Speed Green Static The port is running at 100 Mbs. Green Flashing The port is either transmitting or receiving data at 100 Mbps. Amber Static The port is running at 10 Mbs.
The RJ-45 LED indications for PowerConnect 3524P and PowerConnect 3548P are described in the following table: Table 2-2. LED PowerConnect 3524P and PowerConnect 3548P RJ-45 Copper based 100BaseT LED Indications Color Description Speed/Link/Act Green Static The port is currently linked at 100 Mbps. Green Flashing The ports is currently operating at 100 Mbps. FDX OFF The port is currently operating at 10 Mbps or is not linked.
SFP LEDs The SFP ports each have one LED marked as LNK/ACT. On the PowerConnect 3524/P and PowerConnect 3548/P devices, the LEDs are located between ports and are round in shape. The following figures illustrate the LEDs on each device. Figure 2-8. SFP Port LEDs The SFP port LED indications are described in the following table: Table 2-4. SFP Port LED Indications LED Color Description Link/Activity Green Static A link is established.
The following table describes the system LED indications. Table 2-5. System LED Indicators LED Color Description Power Supply (PWR) Green Static The switch is turned on. OFF The switch is turned off. Green Static The RPS is currently operating. Red Static The RPS failed. OFF The redundant power supply is not plugged in. Green Static The RPS is currently operating. OFF The redundant power supply has failed or is not plugged in.
The Stacking LEDs are numbered 1- 8. Each stacking unit has one stacking LED lit, indicating its Unit ID number. If either Stacking LED 1 or 2 is lit, it indicates that the device is either the Stack Master or Backup Master. Table 2-6. Stacking LED Indications LED Color Description All Stacking LEDs OFF The switch is currently a stand-alone device. Stacking LED 1-8 (S1-S8) Green Static The device is designated as Stacking Unit N. OFF The device is not designated as Stacking Unit N.
Figure 2-11. Power Connection When the device is connected to a different power source, the probability of failure in the event of a power outage decreases. Stack ID Button The device front panel contains a Stack ID button used to manually select the Unit ID for the Stack Master and members. The Stack Master and members must be selected within 15 seconds of booting the device. If the Stack Master is not selected within 15 seconds, the device is booted in stand-alone mode.
Reset Button The PowerConnect 3524/P and PowerConnect 3548/P switches have a reset button, located on the front panel, for manual reset of the device. If the Master device is reset, the entire stack is reset. If only a member unit is reset, the remain stacking members are not reset. The single reset circuit of the switch is activated by power-up or low-voltage conditions. Ventilation System The PowerConnect 3524/P and PowerConnect 3548/P switches with the PoE feature have five built-in fans.
Hardware Description
Installing the PowerConnect 3524/P and PowerConnect 3548/P Site Preparation The Dell™ PowerConnect™ 3524 /P and PowerConnect 3548/P devices can be mounted in a standard 48.26-am (19-inch) equipment rack, placed on a tabletop or mounted on a wall. Before installing the unit, verify that the chosen location for installation meets the following site requirements: • Power — The unit is installed near an easily accessible 100-240 VAC, 50-60 Hz outlet.
• Rack-mount kit for rack installation or wall mounting kit • Documentation CD • Product Information Guide Unpacking the Device NOTE: Before unpacking the device, inspect the package and immediately report any evidence of damage. 1 Place the box on a clean flat surface. 2 Open the box or remove the box top. 3 Carefully remove the device from the box and place it on a secure and clean surface. 4 Remove all packing material. 5 Inspect the device and accessories for damage. Report any damage immediately.
1 Place the supplied rack-mounting bracket on one side of the device, ensuring that the mounting holes on the device line up to the mounting holes on the rack-mounting bracket. The following figure illustrates where to mount the brackets. Figure 3-1. Bracket Installation for Rack Mounting 2 Insert the supplied screws into the rack-mounting holes and tighten with a screwdriver. 3 Repeat the process for the rack-mounting bracket on the other side of the device. 4 Insert the unit into the 48.
Installing the Device on a Wall 1 Place the supplied wall-mounting bracket on one side of the device, ensuring that the mounting holes on the device line up to the mounting holes on the rack-mounting bracket. The following figure illustrates where to mount the brackets. Figure 3-2. Bracket Installation for Mounting on a Wall 2 Insert the supplied screws into the rack-mounting holes and tighten with a screwdriver. 3 Repeat the process for the wall-mounting bracket on the other side of the device.
Figure 3-3. Mounting a Device on a Wall Drilled Holes Wall Drilled Holes Front Panel Connecting to a Terminal 1 Connect an RS-232 crossover cable to the ASCII terminal or the serial connector of a desktop system running terminal emulation software. 2 Connect the female DB-9 connector at the other end of the cable to the device serial port connector.
Connecting a Device to a Power Supply Connect the supplied AC power cable to the AC power connector on the back panel. NOTE: Do not connect the power cable to a grounded AC outlet at this time. Connect the device to a power source in the steps detailed in "Starting and Configuring the Device" on page 47. Figure 3-4.
Stacking PowerConnect 35xx Series Systems Switches Each PowerConnect 35xx series systems stack contains a single Master unit, and may have a Master Backup unit, while the remaining units are considered stacking Members. PowerConnect 35xx series systems switches use the RJ-45 Gigabit Ethernet ports (G3 and G4) for stacking. This enables added stacking capabilities to the devices without adding additional device accessories.
Figure 3-6. Stacking Configuration and Identification Panel Each stack device has a unique identifying unit ID that defines the unit’s position and function in the stack. If the device is a stand-alone unit, the Stack LED is not illuminated. The default setting is stand-alone. The unit ID is manually configured by using the Stack ID button. The unit ID is indicated by the Stack ID LEDs. Unit ID 1 and 2 are reserved for the Master and Backup Master unit, and unit ID 3 to 8 are for Member units.
6 Selection Process — To advance the stacking ID LED number, continue pressing the Stack ID button. When LED 8 is flashing, pressing the Stack ID button results in the device being configured as a stand-alone. Pressing the Stack ID button again advances the Stack ID to 1. Unit 1 and Unit 2 are master-enabled units. See "Stacking Overview" on page 12 master-election process. 7 End selection process — The unit ID selection process is completed when the 15-second flashing period has transpired.
3 Set the data rate to 9600 baud. 4 Set the data format to 8 data bits, 1 stop bit, and no parity. 5 Set flow control to none. 6 Under Properties, select VT100 for Emulation mode. 7 Select Terminal keys for Function, Arrow, and Ctrl keys. Ensure that the setting is for Terminal keys (not Windows keys). CAUTION: When using HyperTerminal with Microsoft® Windows® 2000,ensure that you have Windows 2000 Service Pack 2 or later installed.
Configuring PowerConnect 3524/P and 3548/P Configuration Procedures After all the device external connections are completed, a terminal is connected to the device to monitor the boot and other procedures. The order of installation and configuration procedures is illustrated in the following figure: NOTE: Before proceeding, read the release notes for this product. Download the release notes from support.dell.com. Figure 4-1.
Booting the Switch When the power is turned on with the local terminal already connected, the switch goes through power-on self-test (POST). POST runs every time the device is initialized and checks hardware components to determine if the device is fully operational before completely booting. If a critical problem is detected, the program flow stops. If POST passes successfully, a valid executable image is loaded into RAM. POST messages are displayed on the terminal and indicate test success or failure.
• Device IP address • Default Gateway IP address The following is displayed: Welcome to Dell Easy Setup Wizard The Setup Wizard guides you through the initial switch configuration, and gets you up and running as quickly as possible. You can skip the setup wizard, and enter CLI mode to manually configure the switch. The system will prompt you with a default answer; by pressing enter, you accept the default.
Enter [Y] to continue the Setup Wizard. The following is displayed: To setup the SNMP management account you must specify the management system IP address and the "community string" or password that the particular management system uses to access the switch. The wizard automatically assigns the highest access level [Privilege Level 15] to this account. You can use Dell Network Manager or CLI to change this setting, and to add additional management systems.
Wizard Step 3 The following is displayed: Next, an IP address is setup. The IP address is defined on the default VLAN (VLAN #1), of which all ports are members. This is the IP address you use to access the CLI, Web interface, or SNMP interface for the switch.To setup an IP address: Please enter the IP address of the device (A.B.C.D):[1.1.1.1] Please enter the IP subnet mask (A.B.C.D or nn): [255.255.255.0] Enter the IP address and IP subnet mask, for example 1.1.1.1 as the IP address and 255.255.255.
Enter [Y] to complete the Setup Wizard. The following is displayed: Configuring SNMP management interface Configuring user account...... Configuring IP and subnet...... Thank you for using Dell Easy Setup Wizard. You will now enter CLI mode. Wizard Step 6 The CLI prompt is displayed.
• Assigning Dynamic IP Addresses (on a VLAN): console# configure console(config)# interface ethernet vlan 1 console(config-if)# ip address dhcp hostname device console(config-if)# exit console(config)# The interface receives the IP address automatically. 3 To verify the IP address, enter the show ip interface command at the system prompt as shown in the following example. console# show ip interface IP Address I/F Type ------------- ------ ------- 100.1.1.
Receiving an IP Address From a BOOTP Server The standard BOOTP protocol is supported and enables the device to automatically download its IP host configuration from any standard BOOTP server in the network. In this case, the device acts as a BOOTP client. To retrieve an IP address from a BOOTP server: 1 Select and connect any port to a BOOTP server or subnet containing such a server, to retrieve the IP address.
Configuring Security Passwords The security passwords can be configured for the following services: • Terminal • Telnet • SSH • HTTP • HTTPS NOTE: Passwords are user-defined. NOTE: When creating a user name, the default priority is 1, which allows access but not configuration rights. A priority of 15 must be set to enable access and configuration rights to the device. Although user names can be assigned privilege level 15 without a password, it is recommended to always assign a password.
console(config-line)# enable authentication default console(config-line)# password bob • When initially logging onto a device through a Telnet session, enter bob at the password prompt. • When changing a device mode to enable, enter bob.
Configuring Login Banners You can define 3 types of login banners: • Message-of-the-Day Banner: Displayed when the user is connected to the device, before the user has logged in. • Login Banner: Displayed after the Message-of-the-Day Banner, and before the user has logged in. • Exec Banner: Displayed after successful login (in all privileged levels and in all authentication methods).
Ryan board, based on PPC8247 128 MByte SDRAM. I-Cache 16 KB. D-Cache 16 KB. Cache Enabled. Autoboot in 2 seconds - press RETURN or Esc. to abort and enter prom. 2 When the auto-boot message appears, press to get the Startup menu. The Startup menu procedures can be done using the ASCII terminal or Windows HyperTerminal.
Flash size is: 16M 01-Jan-xxxx 01:01:07 %CDB-I-LOADCONFIG: Loading running configuration. 01-Jan-xxxx 01:01:07 %CDB-I-LOADCONFIG: Loading startup configuration. Device configuration: CPLD revision: 1.01 Slot 1 - PowerConnect 35xx HW Rev. 1.1 ------------------------------------- Unit Standalone -- -----------------------------------Tapi Version: v1.3.3.1 Core Version: v1.3.3.
Erase FLASH File - option[2] In some cases, the device configuration must be erased. If the configuration is erased, all parameters configured via CLI, EWS or SNMP must be reconfigured. To erase the device configuration: 1 From the Startup menu, press [2] within two seconds to erase flash file. The following message is displayed: Warning! About to erase a Flash file. Are you sure (Y/N)? y 2 Press Y. The following message is displayed. Write Flash file name (Up to 8 characters, Enter for none.
Software Download Through TFTP Server This section contains instructions for downloading device software (system and boot images) through a TFTP server. The TFTP server must be configured before downloading the software. System Image Download The device boots and runs when decompressing the system image from the flash memory area where a copy of the system image is stored. When a new image is downloaded, it is saved in the other area allocated for the other system image copy.
5 Enter the copy tftp://{tftp address}/{file name} image command to copy a new system image to the device. When the new image is downloaded, it is saved in the area allocated for the other copy of system image (image-2, as given in the example). The following is an example of the information that appears: console# copy tftp://176.215.31.3/file1.ros image Accessing file ‘file1’ on 176.215.31.3Ö Loading file1 from 176.215.31.
Boot Image Download Loading a new boot image from the TFTP server and programming it into the flash updates the boot image. The boot image is loaded when the device is powered on. A user has no control over the boot image copies. To download a boot image through the TFTP server: 1 Ensure that an IP address is configured on one of the device ports and pings can be sent to a TFTP server. 2 Ensure that the file to be downloaded is saved on the TFTP server (the rfb file).
Port Default Settings The general information for configuring the device ports includes the short description of the auto-negotiation mechanism and the default settings for switching ports. Auto-Negotiation Auto-negotiation enables automatic detection of speed, duplex mode and flow control on all switching 10/100/1000BaseT ports. Auto-negotiation is enabled per port by default.
Switching Port Default Settings The following table gives the port default settings. Table 4-1.
Configuring PowerConnect 3524/P and 3548/P
Using Dell OpenManage Switch Administrator This section provides an introduction to the Dell™ OpenManage™ Switch Administrator user interface. Starting the Application NOTE: Before starting the application the IP address must be defined. For more information, see Initial Configuration. 1 Open a web browser. 2 Enter the device’s IP address in the address bar and press . 3 When the Log In window displays, enter a user name and password. NOTE: Passwords are both case sensitive and alpha-numeric.
Figure 5-1. Switch Administrator Components 4 1 2 3 Table 5-1 lists the interface components with their corresponding numbers. Table 5-1. Interface Components Component Description 1 The tree view contains a list of the different device features. The branches in the tree view can be expanded to view all the components under a specific feature, or retracted to hide the feature's components.
Device Representation The home page contains a graphical representation of the device front panel. Figure 5-2. Dell PowerConnect™ Device Port Indicators The port coloring indicates if a specific port is currently active. Ports can be the following colors: Table 5-2. PowerConnect Port and Stacking Indicators Component Description Port Indicators Green The port is currently enabled. Red An error has occurred on the port. Blue The port is currently disabled.
Using the Switch Administrator Buttons This section describes the buttons found on the OpenManage Switch Administrator interface. Interface buttons are divided into the following categories: Information Buttons Information buttons provide access to online support and online help, as well as information about the OpenManage Switch Administrator interfaces. Table 5-3. Information Buttons Button Description Support Opens the Dell Support page at support.dell.
Field Definitions Fields which are user-defined can contain between 1 -159 characters, unless otherwise noted on the OpenManage Switch Administrator web page. All letters or characters can be used, except the following: • \ • / • : • * • ? • < • > • | Accessing the Device Through the CLI You can manage the device over a direct connection to the Terminal port or via a Telnet connection.
Telnet Connection Telnet is a terminal emulation TCP/IP protocol. RS-232 terminals can be virtually connected to the local device through a TCP/IP protocol network. Telnet is an alternative to a local login terminal where a remote login is required. The device supports up to four simultaneous Telnet sessions to manage the device. All CLI commands can be used over a telnet session. To start a Telnet session: 1 Select Start→ Run. The Run window opens.
User EXEC Mode After logging into the device, the EXEC command mode is enabled. The user-level prompt consists of the host name followed by the angle bracket (>). For example: console> NOTE: The default host name is console unless it has been modified during initial configuration. The User EXEC commands permit connecting to remote devices, changing terminal settings on a temporary basis, performing basic tests, and listing system information.
Global Configuration Mode Global Configuration commands apply to system features, rather than a specific protocol or interface. To access Global Configuration mode, at the Privileged EXEC Mode prompt, type the configure command and press . The Global Configuration mode displays as the device host name followed by (config) and the pound sign #. console(config)# To list the Global Configuration commands, enter a question mark at the command prompt.
Configuring System Information This section provides information This page provides links for defining system parameters including security features, downloading switch software, and resetting the switch. To open the System page, Click a link below to access on-line help for the indicated screen. Click System in the tree view. Figure 6-1.
• "Managing Management Security" on page 170 • "Configuring LLDP and MED" on page 205 • "Defining SNMP Parameters" on page 219 • "Managing Files" on page 246 • "Configuring Advanced Settings" on page 259 Defining General Switch Information The General page contains links to pages that allow network managers to configure switch parameters.
Figure 6-2. Asset The Asset page contains the following fields: • System Name (0-159 Characters) — Defines the user-defined device name. • System Contact (0-159 Characters) — Indicates the name of the contact person. • System Location (0-159 Characters) — The location where the system is currently running. • MAC Address — Indicates the device MAC address. • Sys Object ID — The vendor's authoritative identification of the network management subsystem contained in the entity.
• Unit No. — Indicates the unit number for which the device asset information is displayed. • Service Tag — The service reference number used when servicing the device. • Asset Tag (0-16 Characters) — Indicates the user-defined device reference. • Serial No. — The device serial number. Defining System Information 1 Open the Asset page. 2 Define the relevant fields. 3 Click Apply Changes. The system parameters are defined, and the device is updated.
The following is an example of defining the device host name, system contact and device location as well as setting the time and date of the system clock using the CLI commands: console(config)# hostname dell dell (config)# snmp-server contact Dell_Tech_Supp dell (config)# snmp-server location New_York dell (config)# exit Console(config)# snmp-server host 10.1.1.
Main Power Supply Status: OK Fan 1 Status: NOT OPERATIONAL Fan 2 Status: NOT OPERATIONAL Temperature (Celsius): 30 Temperature Sensor Status: OK The following is an example of displaying system information for a stacked devices using the CLI commands: console# show system id Unit Serial number Asset tag Service tag ---- ------------- --------- ----------- 1 893658972 mkt-1 89788978 2 893658973 mkt-2 89788979 3 893658974 mkt-3 89788980 4 893658975 mkt-4 89788981 5 893658976
Unit Main Power Supply Redundant Power Supply ---- ----------------- ---------------------- 1 OK 2 OK 3 OK 4 OK 5 OK OK 6 OK OK 7 OK OK 8 OK OK Unit Fan1 Fan2 Fan3 Fan4 Fan5 ---- ---- ---- ---- ---- ---- 1 OK OK 2 OK OK 3 OK OK 4 OK OK 5 OK OK OK OK OK 6 OK OK OK OK OK 7 OK OK OK OK OK 8 OK OK OK OK OK Unit Temperature (Celsius) Temperature Sensor Status ---- -------------------- ------------------------- 1 30 OK 2 30 OK 3
Defining System Time Settings The Time Synchronization page contains fields for defining system time parameters for both the local hardware clock, and the external SNTP clock. If the system time is kept using an external SNTP clock, and the external SNTP clock fails, and the system time reverts to the local hardware clock. Daylight Savings Time can be enabled on the device.
• Ireland — Last weekend of March until the last weekend of October. • Israel — Varies year-to-year. • Italy — Last weekend of March until the last weekend of October. • Japan — Japan does not operate Daylight Saving Time. • Jordan — Last weekend of March until the last weekend of October. • Latvia — Last weekend of March until the last weekend of October. • Lebanon — Last weekend of March until the last weekend of October.
For more information on SNTP, see "Configuring SNTP Settings" on page 104. To open the Time Synchronization page, click System → General → Time Synchronization in the tree view. Figure 6-3. Time Synchronization The Time Synchronization page contains the following fields: • Clock Source — The source used to set the system clock. The possible field values: – Local — Specifies that the system time is not set by an external source. – SNTP — Specifies that the system time is set via an SNTP server.
There are two types of daylight settings, either by a specific date in a particular year or a recurring setting irrespective of the year. For a specific setting in a particular year complete the Daylight Savings area, and for a recurring setting, complete the Recurring area. • Daylight Savings — Enables the Daylight Savings Time (DST) on the device based on the device’s location. The possible field values are: – USA — The device switches to DST at 2 a.m.
• • From — Defines the time that DST begins each year. For example, DST begins locally every second Sunday in April at 5:00 am. The possible field values are: – Day — The day of the week from which DST begins every year. The possible field range is Sunday-Saturday. – Week — The week within the month from which DST begins every year. The possible field range is 1-5. – Month — The month of the year in which DST begins every year. The possible field range is Jan.-Dec.
The following steps must be completed before setting the summer clock: 1 Configure the summer time. 2 Define the time zone. 3 Set the clock. For example: console(config)# clock summer-time recurring usa console(config)# clock time zone 2 zone TMZ2 console(config)# clock set 10:00:00 apr 15 2004 Table 6-2. CLI Clock Setting CLI Commands Description clock source sntp Configures an external time source for the system clock.
Viewing System Health Information The System Health page displays physical device information, including information about the device’s power and ventilation sources. To open the System Health page, click System→ General→ Health in the tree view. Figure 6-4. System Health The System Health page contains the following fields: • Unit No. — Indicates the unit number for which the device health information is displayed. • Power Supply Status — The device has two power supplies.
Table 6-3. Celsius Celsius to Fahrenheit Conversion Table Fahrenheit 0 32 5 41 10 50 15 59 20 68 25 77 30 86 35 95 40 104 Viewing System Health Information Using the CLI Commands The following table summarizes the equivalent CLI commands for viewing fields displayed on the System Health page. Table 6-4. System Health CLI Command CLI Command Description show system [unit unit] Displays system information. The following is an example of the system health CLI command.
Fan1 Fan2 Fan3 Fan4 Fan5 1 OK OK OK OK Unit Temperature (Celsius) Temperature Sensor Status 1 27 OK Unit Up time 1 00,09:30:36 Managing Power over Ethernet Power over Ethernet (PoE) provides power to devices over existing LAN cabling, without updating or modifying the network infrastructure. Power over Ethernet removes the necessity of placing network devices next to power sources.
Figure 6-5.
Global The Power over Ethernet Global Settings section contains the following fields: • Power Status — Indicates the inline power source status. – On — Indicates that the power supply unit is functioning. – Off — Indicates that the power supply unit is not functioning. – Faulty — Indicates that the power supply unit is functioning, but an error has occurred. For example, a power overload or a short circuit. • Nominal Power — Indicates the actual amount of power the device can supply.
• • – Test — Indicates the powered device is being tested. For example, a powered device is tested to confirm it is receiving power from the power supply. – Other Fault — – Unknown — Power Priority Level — Determines the port priority if the power supply is low. The port power priority is used if the power supply is low. The field default is low.
Defining PoE Settings 1 Open the Power Over Ethernet page. 2 Define the fields. 3 Click Apply Changes. PoE settings are defined, and the device is updated. Displaying PoE Settings for All Ports 1 Open the Power Over Ethernet page. 2 Click Show All. The Power Over Ethernet Table opens. Figure 6-6. Power Over Ethernet Table Managing PoE Using the CLI Commands The following table summarizes the equivalent CLI commands for viewing fields displayed on the Power Over Ethernet page. Table 6-5.
The following is an example of the PoE CLI commands.
Viewing Version Information The Versions page contains information about the hardware and software versions currently running. To open the Versions page, click System → General → Versions in the tree view. Figure 6-7. Versions The Versions page contains the following fields: 98 • Unit No. — Indicates the unit number for which the device versions are displayed. • Software Version — The current software version running on the device. • Boot Version — The current Boot version running on the device.
Displaying Device Versions Using the CLI The following table summarizes the equivalent CLI commands for viewing fields displayed in the Versions page. Table 6-6. Versions CLI Commands CLI Command Description show version Displays system version information. The following is an example of the CLI commands: console> show version Unit SW version Boot version HW version ------------------- ------------------- ------------------- ----1 1.0.0.8 1.0.0.02 00.00.
Switching Between Stack Masters 1 Open the Stack Management page. 2 Check the Switch Stack Control from Unit 1 to Unit 2 check box. 3 Click Apply Changes. A confirmation message displays. 4 Click OK. The device is reset. After the device is reset, a prompt for a user name and password displays. Managing Stacks Using the CLI Commands The following table summarizes the equivalent CLI commands for viewing fields displayed in the Stack Management page. Table 6-7.
Resetting the Device 1 Open the Reset page. 2 Select a unit in the Reset Unit Number field. 3 Click Apply Changes. A confirmation message displays. 4 Click OK. The device is reset. After the device is reset, a prompt for a user name and password is displayed. 5 Enter a user name and password to reconnect to the Web Interface. Resetting the Device Using the CLI The following table summarizes the equivalent CLI commands for performing a reset of the device via the CLI: Table 6-8.
Time sources are established by Stratums. Stratums define the accuracy of the reference clock. The higher the stratum (where zero is the highest), the more accurate the clock. The switch receives time from stratum 1 and above. The following is an example of stratums: • Stratum 0 — Indicates a real time clock is used as the time source, for example, a GPS system. • Stratum 1 — Indicates that a server that is directly linked to a Stratum 0 time source is used.
The device retrieves synchronization information, either by actively requesting information or at every poll interval. If Unicast, Anycast and Broadcast polling are enabled, the information is retrieved in this order: • Information from servers defined on the device is preferred. If Unicast polling is not enabled or if no servers are defined on the device, the device accepts time information from any SNTP server that responds.
The SNTP Global Settings page contains the following fields: • Poll Interval (60-86400) — Defines the interval (in seconds) at which the SNTP server is polled for Unicast information. By default, the poll interval is 1024 seconds. • Receive Broadcast Servers Updates — Listens to the SNTP servers for Broadcast server time information on the selected interfaces, when enabled. • Receive Anycast Servers Updates — Polls the SNTP server for Anycast server time information, when enabled.
Defining SNTP Authentication Methods The SNTP Authentication page enables SNTP authentication between the device and an SNTP server. The means by which the SNTP server is authenticated is also selected in the SNTP Authentication page. Click System → SNTP → Authentication in the tree view to open the SNTP Authentication page. Figure 6-11.
Adding an SNTP Authentication Key 1 Open the SNTP Authentication page. 2 Click Add. The Add Authentication Key page opens. Figure 6-12. Add Authentication Key 3 Define the fields. 4 Click Apply Changes. The SNMP authentication key is added, and the device is updated. Displaying the Authentication Key Table 1 Open the SNTP Authentication page. 2 Click Show All. The Authentication Key Table opens. Figure 6-13.
Deleting the Authentication Key 1 Open the SNTP Authentication page. 2 Click Show All. The Authentication Key Table opens. 3 Select an Authentication Key Table entry. 4 Select the Remove check box. 5 Click Apply Changes. The entry is removed, and the device is updated. Defining SNTP Authentication Settings Using CLI Commands The following table summarizes the equivalent CLI commands for setting fields displayed in the SNTP Authentication page. Table 6-10.
Figure 6-14. SNTP Servers The SNTP Servers page contains the following fields: • SNTP Server — Select a user-defined SNTP server IP address. Up to eight SNTP servers can be defined. • Poll Interval — Polls the selected SNTP Server for system time information, when enabled. • Encryption Key ID — Indicates the Key Identification used to communicate between the SNTP server and device. The range is 1 - 4294967295. • Preference — The SNTP server providing SNTP system time information.
• Offset (msec) — Timestamp difference between the device local clock and the acquired time from the SNTP server. • Delay (msec) — The amount of time it takes to reach the SNTP server. • Remove — Removes a specific SNTP server from the SNTP Servers list. – Checked — Removes the selected SNTP server. – Unchecked — Maintains the SNTP server in the configuration. This is the default value.
3 Define the fields. 4 Click Apply Changes. The SNTP Server is added, and the device is updated. Displaying the SNTP Server Table 1 Open the SNTP Servers page. 2 Click Show All. The SNTP Servers Table opens. Figure 6-16. SNTP Servers Table Modifying an SNTP Server 1 Open the SNTP Servers page. 2 Click Show All. The SNTP Servers Table opens. 3 Select an SNTP Server entry. 4 Modify the relevant fields. 5 Click Apply Changes. The SNTP Server information is updated.
Defining SNTP Servers Settings Using CLI Commands The following table summarizes the equivalent CLI commands for setting fields displayed in the SNTP Server page. Table 6-11. SNTP Server CLI Commands CLI Command Description sntp server ipv4-address|ipv6address|hostname [poll] [key keyid] Configures the device to use SNTP to request and accept SNTP traffic from a server. The following is an example of the CLI commands: Console(config)# sntp server 100.1.1.
The SNTP Broadcast Interface Table page contains the following fields: • Unit No. — Indicates the stacking member on which the SNTP interface is enabled. Interface — Contains an interface list on which SNTP can be enabled: • • Receive Servers Updates — Enables or disables SNTP on the specific interface. – Enable — Enables the interface to receive updates from the SNTP server. – Disable — Interface does not receive updates from the SNTP server.
The following is an example of the CLI commands for displaying SNTP interfaces: console# show sntp configuration Polling interval: 7200 seconds. MD5 Authentication keys: 8, 9 Authentication is required for synchronization. Trusted Keys: 8,9 Unicast Clients Polling: Enabled. Server Polling Encryption Key ----------- -------- --------------- 176.1.1.8 Enabled 9 176.1.8.
Defining Global Log Parameters The System Logs enable viewing device events in real time, and recording the events for later usage. System Logs record and manage events and report errors or informational messages. Event messages have a unique format, as per the System Logs protocol recommended message format for all error reporting.
The Logs - Global Parameters page contains fields for defining which events are recorded to which logs. It contains fields for enabling logs globally, and fields for defining log parameters. The Severity log messages are listed from the highest severity to the lowest. To open the Logs - Global Parameters page, click System → Logs → Global Parameters in the tree view. Figure 6-19.
• Log Management Access Events — Enables or disables generating logs when the device is accessed using a management method. For example, each time the device is accessed using SSH, a device log is generated. • Severity — Displays the severity logs. The following are the severity log levels. When a severity level is selected, all severity level choices above the selection are selected automatically. – Emergency — The highest warning level.
Table 6-14. Global Log Parameters CLI Commands CLI Command Description logging on Enables error message logging. logging {ipv4-address | ipv6-address | hostname} Logs messages to a syslog server. For a list of the Severity levels, [port port] [severity level] [facility facility] see "Log Severity Levels" on page 117. [description text] logging console level Limits messages logged to the console based on severity.
Viewing the RAM Log Table The RAM Log Table contains information about log entries kept in RAM, including the time the log was entered, the log severity, and a description of the log. To open the RAM Log Table, click System → Logs → RAM Log in the tree view. Figure 6-20. RAM Log Table The RAM Log Table contains the following fields: • Log Index — The log number in the RAM Log Table. • Log Time — Indicates the time at which the log was entered into the RAM Log Table.
The following is an example of the CLI commands: console# show logging Logging is enabled. Console Logging: Level info. Console Messages: 0 Dropped. Buffer Logging: Level info. Buffer Messages: 124 Logged, 124 Displayed, 200 Max. File Logging: Level error. File Messages: 164 Logged, 126 Dropped.
Viewing the Log File Table The Log File Table contains information about log entries saved to the Log File in FLASH, including the time the log was entered, the log severity, and a description of the log message. To open the Log File Table, click System → Logs → Log File in the tree view. Figure 6-21. Log File Table The Log File Table contains the following fields: • Log Index — The log number in the Log File Table. • Log Time — Indicates the time at which the log was entered in the Log File Table.
The following is an example of the CLI commands: console# show logging file Logging is enabled. Console Logging: Level info. Console Messages: 0 Dropped. Buffer Logging: Level info. Buffer Messages: 62 Logged, 62 Displayed, 200 Max. File Logging: Level debug. File Messages: 11 Logged, 51 Dropped. SysLog server 12.1.1.2 Logging: warning. Messages: 14 Dropped. SysLog server 1.1.1.1 Logging: info. Messages: 0 Dropped.
Figure 6-22. Login History The Login History page contains the following fields: • User Name — Contains a user-defined device user name list. • Login History — Indicates if the Login History logs are enabled. • Login Time — Indicates the time the selected user logged on to the device. • User Name — Indicates the user that logged on to the device. • Protocol — Indicates the means by which the user logged on to the device.
Displaying the Device Login History Using CLI Commands The following table summarizes the equivalent CLI commands for viewing and setting fields displayed in the Login History page. Table 6-17. Log File Table CLI Commands CLI Command Description show users login-history Displays password management history information.
Figure 6-23. Remote Log Server Settings The Remote Log Server Settings page contains the following fields: • Available Servers — Contains a list of servers to which logs can be sent. • UDP Port (1-65535) — The UDP port to which the logs are sent for the selected server. The possible range is 1 - 65535. The default value is 514. • Facility — Defines a user-defined application from which system logs are sent to the remote server. Only one facility can be assigned to a single server.
• • Severity to Include — The following are the available severity levels: – Emergency —The system is not functioning. – Alert — The system needs immediate attention. – Critical — The system is in a critical state. – Error — A system error has occurred. – Warning — A system warning has occurred. – Notice — The system is functioning properly, but system notice has occurred. – Informational — Provides device information. – Debug — Provides detailed information about the log.
Defining a New Server: 1 Open the Remote Log Server Settings page. 2 Click Add. The Add a Log Server page opens. Figure 6-24. Add a Log Server The Add a Log Server page contains the additional field: – New Log Server IP Address — Defines the IP address of the new Log Server. 3 Define the fields. 4 Click Apply Changes. The server is defined and added to the Available Servers list.
Displaying the Remote Log Servers Table: 1 Open the Remote Log Server Settings page. 2 Click Show All. The Log Servers Table page opens. Figure 6-25. Log Servers Table Removing a Log Server from the Log Servers Table Page: 1 Open the Remote Log Server Settings page. 2 Click Show All. The Log Servers Table page opens. 3 Select a Log Servers Table entry. 4 Select the Remove check box to remove the server(s). 5 Click Apply Changes. The Log Servers Table entry is removed, and the device is updated.
The following is an example of the CLI commands: console> enable console# configure console(config)# logging 10.1.1.1 severity critical console(config)# end console# show logging Logging is enabled. Console Logging: Level debug. Console Messages: 5 Dropped. Buffer Logging: Level debug. Buffer Messages: 16 Logged, 16 Displayed, 200 Max. File Logging: Level error. File Messages: 0 Logged, 209 Dropped. SysLog server 31.1.1.2 Logging: error. Messages: 22 Dropped. SysLog server 5.2.2.2 Logging: info.
• "Defining Default Domains" on page 157 • "Mapping Domain Host" on page 159 • "Defining ARP Settings" on page 162 Configuring the Internet Protocol Version 6 (IPv6) The device functions as an IPv6 compliant Host, as well as an IPv4 Host (also known as dual stack). This allows device operation in a pure IPv6 network as well as in a combined IPv4/IPv6 network. The primary change from IPv4 to IPv6 is the length of network addresses.
Figure 6-26. IPv4 Default Gateway The IPv4 Default Gateway page contains the following fields: • User Defined — The device’s Gateway IP address. • Active — Indicates if the Gateway is active. • Remove User Defined — Removes the default gateway. The possible field values are: – Checked — Removes the selected default gateway. – Unchecked — Maintains the default gateway. Selecting a Device’s IPv4 Gateway 1 Open the IPv4 Default Gateway page. 2 Type an IP address in the User Defined field.
Defining a Device’s IPv4 Gateway Using the CLI Commands The following table summarizes the equivalent CLI commands for setting fields displayed in the Default Gateway page . Table 6-19. Default Gateway CLI Commands CLI Command Description ip default-gateway ip-address Defines a default gateway. no ip default-gateway Removes a default gateway. The following is an example of the CLI commands: console(config)# ip default-gateway 196.210.10.
The IP Interface Parameters page contains the following parameters: • IP Address — The interface IP address. • Prefix Length — The number of bits that comprise the IP address prefix. • Interface — The interface type for which the IP address is defined. Select Port, LAG, or VLAN. • Type — Indicates whether or not the IP address was configured statically. • Remove — Removes the interface from the IP Address drop-down menu. – Checked — Removes the selected interface.
3 Modify the interface type. 4 Click Apply Changes. The parameters are modified, and the device is updated. Deleting IPv4 Addresses 1 Open the IPv4 Interface Parameters page. 2 Click Show All. The Interface Parameters Table page opens. Figure 6-29. IPv4 Interface Parameter Table 3 Select an IP address and select the Remove check box. 4 Click Apply Changes. The selected IP address is deleted, and the device is updated.
The following is an example of the CLI commands: console(config)# interface vlan 1 console(config-if)# ip address 92.168.1.123 255.255.255.0 console(config-if)# no ip address 92.168.1.123 console(config-if)# end console# show ip interface vlan 1 Gateway IP Address Activity status --------------------------------------192.168.1.1 IP address Active Interface Type ------------------------------------------------192.168.1.
The DHCP IP Interface page contains the following fields: • Interface — The DHCP client interface. Click the option button next to Port, LAG, or VLAN and select the DHCP client interface. • Host Name — The system name as written in a DHCP Server log. This field can contain up to 20 characters. • Remove — When selected, removes DHCP clients. – Checked — Removes the selected DHCP client. – Unchecked — Maintains the selected DHCP client. Adding DHCP Clients 1 Open the DHCP IPv4 Interface page.
Deleting a DHCP IPv4 Interface 1 Open the DHCP IPv4 Interface page. 2 Click Show All. The DHCP IPv4 Interface Table opens. Figure 6-32. DHCP IPv4 Interface Table 3 Select a DHCP client entry. 4 Select the Remove check box. 5 Click Apply Changes. The selected entry is deleted, and the device is updated. Defining DHCP IPv4 Interfaces Using CLI Commands The following table summarizes the equivalent CLI commands for defining DHCP clients. Table 6-21.
Defining IPv6 Interfaces The system supports IPv6 hosts. The IPv6 Interface page contains fields for defining IPv6 interfaces. To open the IPv6 Interface page, click System→ IP Addressing→ IPv6 Interface in the tree view. Figure 6-33. IPv6 Interface • Interface — The IPv6 interface that has been selected for configuration. • Remove — When selected, removes the IPv6 attributes of the interface.
• Autoconfiguration — Specifies whether IPv6 address assignment on an interface is done by stateless autoconfiguration. When enabled, the router solicitation ND procedure is initiated (to discover a router in order to assign an IP address to the interface based on prefixes received with RA messages). When autoconfiguration is disabled, no automatic assignment of IPv6 Global Unicast addresses is performed, and existing automatically assigned IPv6 Global Unicast addresses are removed from the interface.
• • • IPv6 Address Origin Type — Defines the type of configurable static IPv6 address for an interface. The possible values are: – Dyanmic — Indicates the IP address was received from RA. – Static — Indicates the IP address was configured by the user. – System — Indicates the IP address was generated by the system. DAD Status — Displays the Duplicate Address Detection (DAD) Status which is the process of verifying and assuring an inserted IPv6 address is unique.
Adding an IPv6 Address to the Current Interface 1 Open the IPv6 Interface page. 2 Click Add IPv6 Address. The Add IPv6 Address page opens. Figure 6-35. Add IPv6 Address 3 Complete the fields on the page. 4 Click Apply Changes. The new address is added, and the device is updated. Modifying IPv6 Interface Parameters 1 Open the IPv6 Interface page. 2 Select an interface in the Interface drop-down menu. 3 Modify the required fields. 4 Click Apply Changes.
Defining IPv6 Interfaces Using CLI Commands The following table summarizes the equivalent CLI commands for setting fields displayed in the IPv6 Interface page. Table 6-22. IPv6 Interface CLI Commands CLI Command Description ipv6 enable [no-autoconfig] Enables IPv6 processing on an interface. ipv6 address autoconfig Enables automatic configuration of IPv6 addresses using stateless auto-configuration on an interface.
The following is an example of the CLI commands: console# show ipv6 interface vlan 1 Number of ND DAD attempts: 1 MTU size: 1500 Stateless Address Autoconfiguration state: enabled ICMP unreachable message state: enabled MLD version: 2 IP addresses Type ------------------------ ------ DAD State ----------- fe80::232:87ff:fe08:1700 linklayer Active ff02::1 linklayer N/A ff02::1:ff08:1700 linklayer N/A console(config)# ipv6 icmp error-interval ICMP errors rate limiting console(config)# ipv6 icmp er
To open the IPv6 Default Gateway page, click System→ IP Addressing→ IPv6 Default Gateway in the tree view. Figure 6-36. IPv6 Default Gateway • Default Gateway IP Address — Displays the Link Local IPv6 address of the default gateway. • Interface — Specifies the outgoing interface through which the default gateway can be reached. Interface refers to any Port/LAG/VLAN and/or Tunnel. • Type — Specifies the means by which the default gateway was configured.
• • State — Displays the default gateway status. The possible field values are: – Incomplete — Indicates that address resolution is in progress and the link-layer address of the default gateway has not yet been determined. – Reachable — Indicates that the default gateway is known to have been reachable recently (within tens of seconds ago).
Defining IPv6 Default Gateway Parameters Using CLI Commands The following table summarizes the equivalent CLI commands for setting fields displayed in the IPv6 Default Gateway page. Table 6-23. IPv6 Default Gateway CLI Commands CLI Command Description ipv6 default-gateway ipv6address Defines an IPv6 default gateway. Defining IPv6 ISATAP Tunnels The IPv6 ISATAP Tunnel Page defines the tunneling process on the device, which encapsulates IPv6 packets in IPv4 packets for delivery across an IPv4 network.
To open the IPv6 ISATAP Tunnel page, click System→ IP Addressing→ IPv6 ISATAP Tunnel in the tree view. Figure 6-38. • ISATAP Status — Specifies the status of ISATAP on the device. The possible field values are: – Enable — ISATAP is enabled on the device. – Disable — ISATAP is disabled on the device. This is the default value. • IPv4 Address — Specifies the local (source) IPv4 address of a tunnel interface.
Defining IPv6 ISATAP Tunnel Parameters Using CLI Commands The following table summarizes the equivalent CLI commands for setting fields displayed in the IPv6 ISATAP Tunnel page. Table 6-24. IPv6 Default Gateway CLI Commands CLI Command Description interface tunnel number Enters tunnel interface configuration mode. tunnel mode ipv6ip {isatap} Configures an IPv6 transition mechanism global support mode.
Defining IPv6 Neighbors The IPv6 Neighbors Page contains information for defining IPv6 Neighbors which is similar to the functionality of the IPv4 Address Resolution Protocol (ARP). IPv6 Neighbors enables detecting Link Local addresses within the same subnet, and includes a database for maintaining reachability information about the active neighbors paths. The device supports a total of up to 256 neighbors obtained either statically or dynamically.
• • Type — Displays the type of the neighbor discovery cache information entry. The possible field values are: – Static — Shows static neighbor discovery cache entries. If an entry for the specified IPv6 address already exists in the neighbor discovery cache—as learned through the IPv6 neighbor discovery process—you can convert the entry to a static entry. – Dynamic — Shows dynamic neighbor discovery cache entries. Remove — When selected, removes the neighbor from the list.
3 Complete the fields on the page. 4 Click Apply Changes. The new neighbor is added, and the device is updated. Modifying Neighbor Parameters 1 Open the IPv6 Neighbors page. 2 Select an IP address in the IPv6 Address drop-down menu. 3 Modify the required fields. 4 Click Apply Changes. The parameters are modified, and the device is updated. Deleting Neighbors 1 Open the IPv6 Neighbors page. 2 Click Show All. The IPv6 Neighbors Table opens. Figure 6-41.
3 Select the Remove check box in the desired entry. Alternatively, select the desired value in the Clear Table field. The possible filed values are: – Static Only — Clears the the IPv6 Neighbor Table static entries. – Dynamic Only — Clears the IPv6 Neighbor Table dynamic entries. – All Dynamic and Static — Clears the IPv6 Neighbor Table static and dynamic address entries. – None — Does not clear any entries. 4 Click Apply Changes. The selected neighbors are deleted, and the device is updated.
Viewing the IPv6 Routes Table The IPv6 Routes Table stores information about IPv6 destination prefixes and how they are reached, either directly or indirectly. The routing table is used to determine the next-hop address and the interface used for forwarding. Each dynamic entry also has an associated invalidation timer value (extracted from Router Advertisements) used to delete entries that are no longer advertised.
Viewing IPv6 Routes Table Parameters Using CLI Commands The following table summarizes the equivalent CLI commands for setting fields displayed in the IPv6 Routes Table page. Table 6-26. IPv6 Default Gateway CLI Commands CLI Command Description traceroute {ipv4-address | hostname} [size packet_size] [ttl Discovers the routes that IPv4 packets will max-ttl] [count packet_count] [timeout time_out] [source actually take when traveling to their destination.
Configuring Domain Name Systems Domain Name System (DNS) converts user-defined domain names into IP addresses. Each time a domain name is assigned the DNS service translates the name into a numeric IP address. For example, www.ipexample.com is translated into 192.87.56.2. DNS servers maintain domain name databases and their corresponding IP addresses. The Domain Naming System (DNS) page contains fields for enabling and activating specific DNS servers.
When defining a new DNS server, the following additional parameters are available: • • • Supported IP Format — Specifies the IP format supported by the server. The possible values are: – IPv6 — IP version 6 is supported. – IPv4 — IP version 4 is supported. IPv6 Address Type — When the server supports IPv6 (see previous parameter), this specifies the type of static address supported.
Displaying the DNS Servers Table 1 Open the Domain Naming System (DNS) page. 2 Click Show All. The DNS Server Table opens. Figure 6-45. DNS Server Table Removing DNS Servers 1 Open the Domain Naming System (DNS) page. 2 Click Show All. The DNS Server Table page opens. 3 Select a DNS Server Table entry. 4 Select the Remove checkbox. 5 Click Apply Changes. The selected DNS server is deleted, and the device is updated.
Configuring DNS Servers Using the CLI Commands The following table summarizes the CLI commands for configuring device system information. Table 6-27. DNS Server CLI Commands CLI Command Description ip name-server server-address Sets the available name servers. Up to eight name servers can be set. no ip name-server server-address Removes a name server. ip domain-name name Defines a default domain name that the software uses to complete unqualified host names.
The Default Domain Name page contains the following fields: • Default Domain Name (1-158 characters) — Contains a user-defined default domain name. When defined, the default domain name is applied to all unqualified host names. • Type — The IP address type. The possible field values are: – Dynamic — The IP address is created dynamically. – Static — The IP address is a static IP address. – Remove — Removes the default domain name. – Checked — Removes the selected domain name.
Mapping Domain Host The Host Name Mapping page provides parameters for assigning IP addresses to static host names. On this page, one IP address per host can be assigned. To open the Host Name Mapping page, click System → IP Addressing → Host Name Mapping in the tree view. Figure 6-47. Host Name Mapping The Host Name Mapping page contains the following fields: • Host Name — Contains a Host Name list. Host Names are defined in the Add Host Name Mapping page. Each host provides one IP address.
When defining a new host name mapping, the following additional parameters are available: • • • Supported IP Format — Specifies the IP format supported by the host. The possible values are: – IPv6 — IP version 6 is supported. – IPv4 — IP version 4 is supported. IPv6 Address Type — When the host supports IPv6 (see previous parameter), this specifies the type of static address supported.
Displaying the Hosts Name Mapping Table 1 Open the Host Name Mapping page. 2 Click Show All. The Hosts Name Mapping Table page opens. Figure 6-49. Hosts Name Mapping Table Removing Host Name from IP Address Mapping 1 Open the Host Name Mapping page. 2 Click Show All. 3 The Host Mapping Table page opens. 4 Select a Host Name Mapping Table entry. 5 Check the Remove checkbox. 6 Click Apply Changes. The Host Mapping Table entry is deleted, and the device is updated.
The following is an example of the CLI commands: console(config)# ip host accounting.abc.com 176.10.23.1 Defining ARP Settings The Address Resolution Protocol (ARP) converts IP addresses into physical addresses, and maps the IP address to a MAC address. ARP allows a host to communicate with other hosts only when the IP address of its neighbors is known. To open the ARP Settings page, click System → IP Addressing → ARP in the tree view. Figure 6-50.
The ARP Settings page contains the following fields: • • • Global Settings — Select this option to activate the fields for ARP global settings. • ARP Entry Age Out (1-40000000) — For all devices, the amount of time (seconds) that passes between ARP requests about an ARP table entry. After this period, the entry is deleted from the table. The range is 1 - 40000000 seconds. The default value is 60000 seconds. • Clear ARP Table Entries — The type of ARP entries that are cleared on all devices.
Deleting ARP Table Entry 1 Open the ARP Settings page 2 Click Show All. The ARP Table page opens. 3 Select a table entry. 4 Select the Remove check box. 5 Click Apply Changes. The selected ARP Table entry is deleted, and the device is updated. Configuring ARP Using the CLI Commands The following table summarizes the equivalent CLI commands for setting fields displayed in the ARP Settings page. Table 6-30.
Running Cable Diagnostics The Diagnostics page contains links to pages for performing virtual cable tests on copper and fiber optic cables. To open the Diagnostics page, click System→ Diagnostics in the tree view. This section contians the following topics: • "Viewing Copper Cable Diagnostics" on page 165 • "Viewing Optical Transceiver Diagnostics" on page 167 Viewing Copper Cable Diagnostics The Integrated Cable Test for Copper Cables page contains fields for performing tests on copper cables.
The Integrated Cable Test for Copper Cables page contains the following fields: • Port — The port to which the cable is connected. • Test Result — The cable test results. The possible field values are: – No Cable — There is no cable connected to the port. – Open Cable — The cable is connected on only one side. – Short Cable — A short has occurred in the cable. – OK — The cable passed the test. • Cable Fault Distance — The distance from the port where the cable error occurred.
In addition to the fields in the Integrated Cable Test for Copper Cables page, the Integrated Cable Test Results Table contains the following field: • Unit No. — The stacking member unit for which the cable is displayed. Performing Copper Cable Tests Using CLI Commands The following table contains the CLI commands for performing copper cable tests. Table 6-31. Copper Cable Test CLI Commands CLI Command Description test copper-port tdr interface Performs VCT tests.
Figure 6-53. Optical Transceiver Diagnostics The Optical Transceiver Diagnostics page contains the following fields: • Port — The port number on which the cable is tested. • Temperature — The temperature (C) at which the cable is operating. • Voltage — The voltage at which the cable is operating. • Current — The current at which the cable is operating. • Output Power — The rate at which the output power is transmitted. • Input Power — The rate at which the input power is transmitted.
Figure 6-54. Optical Transceiver Diagnostics Table In addition to the fields in the Optical Transceiver Diagnostics page, the Optical Transceiver Diagnostics Table contains the following field: • Unit No. — The unit number for which the cable is displayed. • N/A — Not Available, N/S - Not Supported, W - Warning, E - Error Performing Fiber Optic Cable Tests Using CLI Commands The following table contains the CLI command for performing fiber optic cable tests. Table 6-32.
Managing Management Security The Management Security page provides access to security pages that contain fields for setting security parameters for device management methods, user authentication databases and servers. To open the Management Security page, click System→ Management Security in the tree view.
To open the Access Profiles page, click System → Management Security → Access Profiles in the tree view. Figure 6-55. Access Profiles The Access Profiles page contains following fields: • Access Profile — User-defined Access Profile lists. The Access Profile list contains a default value of Console Only. When this access profile is selected, active management of the device is performed using the console connection only. • Current Active Access Profile — The access profile that is currently active.
Adding an Access Profile Rules act as filters for determining rule priority, the device management method, interface type, source IP address and network mask, and the device management access action. Users can be blocked or permitted management access. Rule priority sets the order in which the rules are implemented. Assigning an access profile to an interface denies access via other interfaces. If an access profile is not assigned to any interface, the device can be accessed by all interfaces.
• Management Method — The management method for which the access profile is defined. Users with this access profile are denied or permitted access to the device from the selected management method (line). The possible field values are: – All — Assigns all management methods to the rule. – Telnet — Assigns Telnet access to the rule. If selected, users accessing the device using Telnet meeting access profile criteria are permitted or denied access to the device.
3 Define the Access Profile Name field. 4 Define the relevant fields. 5 Click Apply Changes. The new Access Profile is added, and the device is updated. Adding Rules to Access Profile The first rule must be defined to beginning matching traffic to access profiles. 1 Open the Access Profile page. 2 Click Add Rule to Profile. The Add an Access Profile Rule page opens. Figure 6-57. Add an Access Profile Rule 3 Complete the fields. 4 Click Apply Changes.
Viewing the Profile Rules Table The order in which rules appear in the Profile Rules Table is important. Packets are matched to the first rule which meets the rule criteria. 1 Open the Access Profiles page. 2 Click Show All. The Profile Rules Table page opens. Figure 6-58. Profile Rules Table Removing a Rule 1 Open the Access Profiles page. 2 Click Show All. The Profile Rules Table page opens. 3 Select a rule. 4 Select the Remove check box. 5 Click Apply Changes.
Defining Access Profiles Using CLI Commands The following table summarizes the equivalent CLI commands for setting fields displayed in the Access Profiles page. Table 6-33. Access Profiles CLI Commands CLI Command Description management access-list name Defines an access-list for management, and enters the access-list context for configuration. permit [ethernet interface-number | vlan vlan-id | port-channel number] [service service] Sets port permitting conditions for the management access list.
The following is an example of the CLI commands: console(config)# management access-list mlist console(config-macl)# permit ethernet 1/e1 console(config-macl)# permit ethernet 1/e2 console(config-macl)# deny ethernet 1/e3 console(config-macl)# deny ethernet 1/e4 console(config-macl)# exit console(config)# management access-class mlist console(config)# exit console# show management access-list mlist ----permit ethernet 1/e1 permit ethernet 1/e2 deny ethernet 1/e3 deny ethernet 1/e4 ! (Note: all other access
If an error occurs during the authentication, the next selected method is used. To open the Authentication Profiles page, click System → Management Security → Authentication Profiles in the tree view. Figure 6-59. Authentication Profiles The Authentication Profiles page contains the following fields: • Authentication Profile Name — User-defined authentication profile lists to which user-defined authentication profiles are added. The options are Network Default and Console Default.
Selecting an Authentication Profile: 1 Open the Authentication Profiles page. 2 Select a profile in the Authentication Profile Name field. 3 Select the authentication method using the navigation arrows. The authentication occurs in the order the authentication methods are listed. 4 Click Apply Changes. The user authentication profile is updated to the device. Adding an Authentication Profile: 1 Open the Authentication Profiles page. 2 Click Add. The Add Authentication Profile page opens. Figure 6-60.
Displaying the Authentication Profiles Table: 1 Open the Authentication Profiles page. 2 Click Show All. The Authentication Profiles Table page opens. Figure 6-61. Authentication Profiles Table Deleting an Authentication Profile: 1 Open the Authentication Profiles page. 2 Click Show All. The Authentication Profiles Table page opens. 3 Select an authentication profile. 4 Select the Remove check box. 5 Click Apply Changes. The selected authenticating profile is deleted.
The following is an example of the CLI commands: console(config)# aaa authentication login default radius local enable none console(config)# no aaa authentication login default Selecting Authentication Profiles After Authentication Profiles are defined, the Authentication Profiles can be applied to Management Access methods. For example, console users can be authenticated by Authentication Method List 1, while Telnet users are authenticated by Authentication Method List 2.
The Select Authentication page contains the following fields: • Console — Authentication profiles used to authenticate console users. • Telnet — Authentication profiles used to authenticate Telnet users. • Secure Telnet (SSH) — Authentication profiles used to authenticate Secure Shell (SSH) users. SSH provides clients with secure and encrypted remote connections to a device. • Secure HTTP and HTTP — Authentication method used for Secure HTTP access and HTTP access, respectively.
Assigning Secure HTTP Sessions an Authentication Sequence 1 Open the Select Authentication page. 2 Select an authentication sequence in the Secure HTTP field. 3 Click Apply Changes. Secure HTTP sessions are assigned an authentication sequence. Assigning Access Authentication Profiles or Sequences Using CLI Commands The following table summarizes the equivalent CLI commands for setting fields displayed in the Select Authentication page. Table 6-35.
Network_Default : Local Enable Authentication Method Lists ---------------------------------Console_Default : Enable None Network_Default : Enable Line Login Method List Enable Method List ---- ----------------- ------------------ Console Default Default Telnet Default Default SSH Default Default http : Local https : Local dot1x : Managing Passwords Password management provides increased network security and improved password control.
To open the Password Management page, click System → Management Security → Password Management in the tree view. Figure 6-63. Password Management The Password Management page contains the following fields: • Password Minimum Length (8-64) — Indicates the minimum password length, when checked. For example, the administrator can define that all passwords must have a minimum of 10 characters.
Password Management Using CLI Commands The following table summarizes the equivalent CLI commands for setting fields displayed in the Password Management page. Table 6-36. Password Management Using CLI Commands CLI Command Description password min-length length Defines the minimum password length. password history number Defines the amount of times a password is changed, before the password can be reused.
Line Password Aging Password Expiry date Lockout ------- -------- ----------- ------- Telnet - - - SSH - - - Console - - - console # show users accounts Username Privilege Password Aging Password Expiry Date Lockout -------- --------- -------- ----------- ------- nim 15 39 18-Feb-2005 Displaying Active Users The Active Users page displays information about active users on the device.
Displaying Active Users Using CLI Commands The following table summarizes the equivalent CLI commands for viewing active users connected to the device. Table 6-37. Active Users CLI Commands CLI Command Description show users Displays information about active users. The following example shows an example of the CLI command: console> show users 188 Username Protocol Location ---------- ---------- --------- Bob Serial John SSH 172.16.0.1 Robert HTTP 172.16.0.8 Betty Telnet 172.16.1.
Defining the Local User Databases The Local User Database page contains fields for defining users, passwords and access levels. To open the Local User Database page, click System → Management Security → Local User Database in the tree view. Figure 6-65. Local User Database The Local User Database page contains the following fields: • User Name — List of users. • Access Level — User access level. The lowest user access level is 1 and 15 is the highest user access level.
• Lockout Status — Indicates whether the user currently has access (status Usable), or whether the user is locked out due to too many failed authentication attempts since the user last logged in successfully (status Locked). • Reactivate Suspended User — Reactivate the specified user’s access rights. Access rights can be suspended after unsuccessfully attempting to login. • – Checked — Reactivate the specified user’s access rights. – Unchecked — Maintain the specified user’s access suspension.
Displaying the Local User Table: 1 Open the Local User Database page. 2 Click Show All. The Local User Table opens. Figure 6-67. Local User Table Reactivating a Suspended User: 1 Open the Local User Database page. 2 Select a User Name entry. 3 Select the Reactivate Suspended User check box. 4 Click Apply Changes. The user access rights are reactivated, and the device is updated. You can also reactivate suspended users from the Local User Table. Deleting Users: 1 Open the Local User Database page.
The following is an example of the CLI commands: console(config)# username bob password lee level 15 console# set username bob active Defining Line Passwords The Line Password page contains fields for defining line passwords for management methods. To open the Line Password page, click System → Management Security → Line Passwords in the tree view. Figure 6-68.
The Line Password page contains the following fields: • Line Password/Telnet Line Password/Secure Telnet Line Password — Password settings for Console, Telnet, or Secure Telnet session, respectively. • Password — The line password for accessing the device. • Confirm Password — Confirms the new line password. The password appears in the ***** format, for security reasons.
Assigning Line Passwords Using CLI Commands The following table summarizes the equivalent CLI commands for setting fields displayed in the Line Password page. Table 6-39. Line Password CLI Commands CLI Command Description password password [encrypted] Indicates a password on a line. The following is an example of the CLI commands: console(config-line)# password dell Defining Enable Passwords The Enable Password page sets a local password to control access to Normal and Privilege levels.
• Confirm Password — Confirms the password. The password appears in the ***** format, for security reasons. • Aging (1-365) — Indicates the amount of time in days that elapses before a password is aged out. – Checked — Password ages out after the specified number of days. – Unchecked — Password does not expire. • Expiry Date — Indicates the expiration date of the enable password.
Defining TACACS+ Settings The devices provide Terminal Access Controller Access Control System (TACACS+) client support. TACACS+ provides centralized security for validation of users accessing the device. TACACS+ provides a centralized user-management system, while still retaining consistency with RADIUS and other authentication processes. TACACS+ provides the following services: • Authentication — Provides authentication during login and via user names and user-defined passwords.
The TACACS+ Settings page contains the following fields: • Host IP Address — Indicates the TACACS+ Server IP address. • Priority (0-65535) — Indicates the order in which the TACACS+ servers are used. The default is 0. • Source IP Address — The device source IP address used for the TACACS+ session between the device and the TACACS+ server. • Key String (1-128 Characters) — Defines the authentication and encryption key for TACACS+ communications between the device and the TACACS+ server.
Figure 6-71. Add TACACS+ Host 3 Define the fields. 4 Click Apply Changes. The TACACS+ server is added, and the device is updated. Displaying the TACACS+ Table 1 Open the TACACS+ Settings page. 2 Click Show All. The TACACS+ Table opens. Figure 6-72. TACACS+ Table Removing a TACACS+ Server 1 Open the TACACS+ Table page. 2 Click Show All. The TACACS+ Table opens. 3 Select a TACACS+ Table entry.
4 Select the Remove check box. 5 Click Apply Changes. The TACACS+ server is removed, and the device is updated. Defining TACACS+ Settings Using CLI Commands The following table summarizes the equivalent CLI commands for setting fields displayed in theTACACS+ Settings page. Table 6-41. TACACS+ CLI Commands CLI Command Description tacacs-server host {ip-address | hostIndicates a TACACS+ host.
The following is an example of the CLI commands: console# show tacacs Device Configuration IP address Status Port Single Connection TimeOut Source IP Priority ----------- --------- ---- ---------- -------- --------- --------- 12.1.1.2 Not 49 Yes 1 12.1.1.1 1 Connected Global values ----------------TimeOut : 5 Device Configuration -------------------Source IP : 0.0.0.
Figure 6-73. RADIUS Settings The RADIUS Settings page contains the following pages: • IP Address — The list of Authentication Server IP addresses. • Priority (0-65535) — The server priority. The possible values are 0-65535, where 0 is the highest value. This is used to configure the order in which servers are queried. • Authentication Port (0-65535) — Identifies the authentication port. The authentication port is used to verify the RADIUS server authentication.
• Dead Time (0-2000) — Indicates the amount of time (in minutes) that a RADIUS server is bypassed for service requests. The range is 0-2000. • Key String (0-128 Characters) — The Key string used for authenticating and encrypting all RADIUS communications between the device and the RADIUS server. This key is encrypted. • Source IP Address — Indicates the source IP address that is used for communication with RADIUS servers. • Usage Type — Indicates the server usage type.
Adding a RADIUS Server: 1 Open the RADIUS Settings page. 2 Click Add. The Add RADIUS Server page opens. Figure 6-74. Add RADIUS Server 3 Define the fields. 4 Click Apply Changes. The new RADIUS server is added, and the device is updated. Displaying the RADIUS Server List: 1 Open the RADIUS Settings page. 2 Click Show All. The RADIUS Servers List opens. Figure 6-75.
Removing a RADIUS Server 1 Open the RADIUS Settings page. 2 Click Show All. The RADIUS Servers List opens. 3 Select a RADIUS Servers List entry. 4 Select the Remove check box. 5 Click Apply Changes. The RADIUS server is removed, and the device is updated. Defining RADIUS Servers Using CLI Commands The following table summarizes the equivalent CLI commands for defining fields displayed on the RADIUS Settings page. Table 6-42.
The following is an example of CLI commands: Console(config)# radius-server timeout 5 Console(config)# radius-server retransmit 5 Console(config)# radius-server deadtime 10 Console(config)# radius-server key dell-server Console(config)# radius-server host 196.210.100.1 auth-port 127 timeout 20 Console# show radius-servers IP address Auth Acct TimeOut Retransmit Deadtime -------- ---- ---- ------ --------- ------- 172.16.1.1 172.16.1.
LLDP Media Endpoint Discovery (LLDP-MED) increases network flexibility by allowing different IP systems to co-exist on a single network LLDP. Provides detailed network topology information, including what device are located on the network, and where the devices are located. For example, what IP phone is connect to what port, what software is running on what switch, and with port is connected to what PC.
Defining LLDP Properties The LLDP Properties page contains fields for configuring LLDP. To open the LLDP Properties page, click System → LLDP-MED → LLDP Properties in the tree view. Figure 6-76. • LLDP Properties Enable LLDP — Indicates if LLDP is enabled on the device. The possible field values are: – Checked — Indicates that LLDP is enabled on the device. – Unchecked — Indicates that LLDP is disabled on the device. This is the default value.
Configuring LLDP Using CLI Commands Table 6-43. LLDP Properties CLI Commands CLI Command Description lldp enable (global) Enables enable Link Layer Discovery Protocol. lldp hold-multiplier number Specifies the time that the receiving device should hold a Link Layer Discovery Protocol (LLDP) packet before discarding it. lldp reinit-delay Seconds Specifies the minimum time an LLDP port will wait before reinitializing. lldp tx-delay Seconds Specifies the delay between successive LLDP frame tr.
Figure 6-77. Port Settings • Port — Contains a list of ports on which LLDP is enabled. • State — Indicates the port type on which LLDP is enabled. The possible field values are: • – Tx Only — Enables transmitting LLDP packets only. – Rx Only — Enables receiving LLDP packets only. – Tx & Rx — Enables transmitting and receiving LLDP packets. This is the default value. – Disable — Indicates that LLDP is disabled on the port.
• Tx Optional TLVs — Contains a list of optional TLVs advertised by the port. For the complete list, see the Available TLVs field. • Management IP Address — Indicates the management IP address that is advertised from the interface. – Use Default — Specifies the way TLVs are included: – Checked — Only mandatory TLVs are used by default; they are Chassis subtype (MAC address), Port subtype (port number), and TTL (time-to-leave equal to 120s).
Defining LLDP MED Network Policy The MED Network Policy page contains fields for configuring LLDP. To open the MED Network Policy page, click System → LLDP-MED → MED Network Policy in the tree view. Figure 6-79. MED Network Policy The MED Network Policy page contains the following fields: • Network Policy Number — Displays the network policy number. • Application — Displays the application for which the network policy is defined.
• VLAN Type — Indicates the VLAN type for which the network policy is defined. The possible field values are: – Tagged — Indicates the network policy is defined for tagged VLANs. – Untagged — Indicates the network policy is defined for untagged VLANs. • User Priority — Defines the priority assigned to the network application. The range is 0-7. • DSCP Value — Defines the DSCP value assigned to the network policy. The range is 0-63. Adding an MED Network Policy 1 Open the MED Network Policy page.
Defining LLDP MED Port Settings The MED Port Settings contains parameters for assigning LLDP network policies to specific ports. To open the MED Port Settings page, click System → LLDP-MED → Port Settings in the tree view. The MED Port Settings opens. Figure 6-82. MED Port Settings The MED Port Settings page contains the following fields: • Port — Displays the port on which LLDP-MED is enabled or disabled. • Enable LLDP-MED — Indicates if LLDP-MED is enabled on the selected port.
• Tx Optional TLVs/Available TLVs — Contains a list of available TLVs that can be advertised by the port. The possible field values are: – Network Policy — Advertises the network policy attached to the port. – Location — Advertises the port’s location. – PoE-PSE — Indicates if the connected media is a PoE or PSE (Power Sourcing Equipment) device. • Network Policy/Available Network Policy — Contains a list of network policies that can be assigned to a port.
Figure 6-83. Details Advertise Information Page The Details Advertise Information page contains the following fields: • Port — The port for which detailed information is displayed. • Auto-Negotiation Status — The auto-negotiation status of the port. The possible field values are: – Enabled — Auto-negotiation is enabled on the port. – Disabled — Auto-negotiation is disabled on the port. • Advertised Capabilities — The port capabilities advertised for the port.
• Device ID — The device ID advertised, for example, the device MAC address. • Device Type — The type of device. • LLDP MED Capabilities — The TLV that is advertised by the port. • LLDP MED Device Type — Indicates whether a sender is a network connectivity device or an endpoint device. • Power Type — The port’s power type. • Power Source — The port’s power source. • Power Priority — The port’s power priority. • Power Value — The port’s power value, in Watts.
Displaying the MED Port Settings Table 1 Open the MED Port Settings page. 2 Click Show All. The MED Port Settings Table opens. Figure 6-84. MED Port Settings Table Viewing the LLDP Neighbors Information The Neighbors Information page contains information received from neighboring device LLDP advertisements. To open the Neighbors Information page, click System → LLDP-MED → Neighbors Information in the tree view. Figure 6-85.
Removing a Port From the Table 1 Open the Neighbors Information page. 2 Check the Remove checkbox of each port to be removed. 3 Click Apply Changes. The ports are removed. Clearing the Table 1 Open the Neighbors Information page. 2 Click Clear Neighbors Table. The table is cleared. Viewing the Details of the LLDP MED Information Advertised by a Neighbor Device 1 Open the Neighbors Information page. 2 Click the Details button next to the desired entry.
For information on the fields, refer to the Details Advertise Information page above. Table 6-45.
The switch supports SNMP notification filters based on Object IDs (OID). OIDs are used by the system to manage switch features. SNMP v3 supports the following features: • Security • Feature Access Control • Traps Authentication or Privacy Keys are modified in the User Security Model (USM). SNMPv3 can be enabled on if the Local Engine ID is enabled.
The SNMP Global Parameters page contains the following fields: • • Local Engine ID (10-64 Hex Characters) — Indicates the local device engine ID. The field value is a hexadecimal string. Each byte in hexadecimal character strings is two hexadecimal digits. Each byte can be separated by a period or a colon. The Engine ID must be defined before SNMPv3 is enabled. – For stand-alone devices select a default Engine ID that is comprised of Enterprise number and the default MAC address.
Enabling SNMP Notifications Using CLI Commands The following table summarizes the equivalent CLI commands for viewing fields displayed in the SNMP Global Parameters page. Table 6-46.
Version 1,2 notifications Target Address Type Community Version Udp Port Filter To name Sec Retries ------- ---- --------- ------- ---- ------ --- ------- Version 3 notifications Target Address Type Username Security Udp Level Port Filter To name Sec Retries -------- ---- --------- -------- ---- ------ --- ------- System Contact: Robert System Location: Marketing Defining SNMP View Settings SNMP Views provide access or block access to device features or feature aspects.
Figure 6-88. SNMPv3 View Settings The SNMPv3 View Settings page contains the following fields: • View Name — Contains a list of user-defined views. The view name can contain a maximum of 30 alphanumeric characters. • New Object ID Subtree — Indicates the device feature OID included or excluded in the selected SNMP view. • 224 – Selected from List — Select the device feature OID by using the Up and Down buttons to scroll through a list of all device OIDs. – Insert — Specify the device feature OID.
Adding a View 1 Open the SNMPv3 View Settings page. 2 Click Add. The Add A View page opens. Figure 6-89. Add A View 3 Define the field. 4 Click Apply Changes. The SNMP View is added, and the device is updated. Displaying the View Table 1 Open the SNMPv3 View Settings page. 2 Click Show All. The View Table page opens. Figure 6-90.
Defining SNMPv3 Views Using CLI Commands The following table summarizes the equivalent CLI commands for defining fields displayed in the SNMPv3 View Settings page. Table 6-47. SNMP View CLI Commands CLI Command Description snmp-server view view-name oid-tree {included | excluded} Creates or updates a view entry. show snmp views [viewname] Displays the configuration of views.
Defining SNMP Access Control The Access Control page provides information for creating SNMP groups, and assigning SNMP access control privileges to SNMP groups. Groups allow network managers to assign access rights to specific device features, or features aspects. To open the Access Control Group page, click System → SNMP → Access Control in the tree view. Figure 6-91.
• • Security Level — The security level attached to the group. Security levels apply to SNMPv3 only. The possible field values are: – No Authentication — Neither the Authentication nor the Privacy security levels are assigned to the group. – Authentication — Authenticates SNMP messages, and ensures the SNMP messages origin is authenticated. – Privacy — Encrypts SNMP message. Operation — Defines the group access rights.
Displaying the Access Table 1 Open the Access Control Group page. 2 Click Show All. The Access Table opens. Figure 6-93. Access Table Removing SNMP Groups 1 Open the Access Control Group page. 2 Click Show All. The Access Table opens. 3 Select a SNMP group. 4 Check the Remove checkbox. 5 Click Apply Changes. The SNMP group is deleted, and the device is updated.
Assigning SNMP User Security The SNMPv3 User Security Model (USM) page enables assigning system users to SNMP groups, as well as defining the user authentication method. To open the SNMPv3 User Security Model (USM) page, click System → SNMP → User Security Model in the tree view. Figure 6-94. SNMPv3 User Security Model (USM) The SNMPv3 User Security Model (USM) page contains the following fields: 230 • User Name — Contains a list of user-defined user names.
• Authentication Method — The authentication method used to authenticate users. The possible field values are: – None — No user authentication is used. – MD5 Password — Indicates that HMAC-MD5-96 password is used for authentication. The user should enter a password. – SHA Password — Users are authenticated using the HMAC-SHA-96 authentication level. The user should enter a password. – MD5 Key— Users are authenticated using the HMAC-MD5 algorithm.
Adding Users to a Group 1 Open the SNMPv3 User Security Model (USM) page. 2 Click Add. The Add SNMPv3 User Name page opens. Figure 6-95. Add SNMPv3 User Name 3 Define the relevant fields. 4 Click Apply Changes. The user is added to the group, and the device is updated. Displaying the User Security Model Table 1 Open the SNMPv3 User Security Model (USM) page. 2 Click Show All. The User Security Model Table opens. Figure 6-96.
Deleting an User Security Model Table Entry 1 Open the SNMPv3 User Security Model (USM) page. 2 Click Show All. The User Security Model Table opens. 3 Select a User Security Model Table entry. 4 Check the Remove checkbox. 5 Click Apply Changes. The User Security Model Table entry is deleted, and the device is updated. Defining SNMPv3 Users Using CLI Commands The following table summarizes the equivalent CLI commands for defining fields displayed in the SNMPv3 User Security Model (USM) page. Table 6-49.
Defining SNMP Communities Access rights are managed by defining communities on the SNMP Community page. When the community names are changed, access rights are also changed. SNMP Communities are defined only for SNMP v1 and SNMP v2. To open the SNMP Community page, click System → SNMP → Communities in the tree view. Figure 6-97. SNMP Community The SNMP Community page contains the following fields: 234 • SNMP Management Station — The management station IP address for which the SNMP community is defined.
• Basic — Enables SNMP Basic mode for a selected community. The possible field values are: – Access Mode — Defines the access rights of the community. The possible field values are: Read-Only — Management access is restricted to read-only, and changes cannot be made to the community. Read-Write — Management access is read-write and changes can be made to the device configuration, but not to the community.
Defining a New Community 1 Open the SNMP Community page. 2 Click Add. The Add SNMP Community page opens. Figure 6-98. Add SNMP Community 3 Complete the relevant fields. 4 Click Apply Changes. The new community is saved, and the device is updated.
Deleting Communities 1 Open the SNMP Community page. 2 Click Show All. The Community Table page opens. Figure 6-99. Community Table 3 Select a community and check the Remove check box. 4 Click Apply Changes. The community entry is deleted, and the device is updated. Configuring Communities Using CLI Commands The following table summarizes the equivalent CLI commands for viewing fields displayed in the SNMP Community. Table 6-50.
Defining SNMP Notification Filters The Notification Filter page permits filtering traps based on OIDs. Each OID is linked to a device feature or a feature aspect. The Notification Filter page also allows network managers to filter notifications. To open the Notification Filter page, click System → SNMP → Notification Filters in the tree view. Figure 6-100.
Adding SNMP Filters 1 Open the Notification Filter page. 2 Click Add. The Add Filter page opens. Figure 6-101. Add Filter 3 Define the relevant fields. 4 Click Apply Changes. The new filter is added, and the device is updated. Displaying the Filter Table 1 Open the Notification Filter page. 2 Click Show All. The Filter Table opens. Figure 6-102.
Removing a Filter 1 Open the Notification Filter page. 2 Click Show All. The Filter Table opens. 3 Select a Filter Table entry. 4 Check the Remove checkbox. The filter entry is deleted, and the device is updated. Configuring Notification Filters Using CLI Commands The following table summarizes equivalent CLI commands for defining fields displayed in the Notification Filter page. Table 6-51.
To open the Notification Recipients page, click System → SNMP → Notification Recipient in the tree view. Figure 6-103. Notification Recipients The Notification Recipients page contains the following fields: • Recipient IP — Indicates the IP address to whom the traps are sent. • Notification Type — The notification sent. The possible field values are: – Trap — Traps are sent. – Inform — Informs are sent.
SNMPv1,2 SNMP versions 1 and 2 are enabled for the selected recipient. Define the following fields for SNMPv1 and SNMPv2: • Community String (1-20 Characters) — Identifies the community string of the trap manager. • Notification Version — Determines the trap type. The possible field values are: – SNMP V1 — SNMP Version 1 traps are sent. – SNMP V2 — SNMP Version 2 traps are sent. SNMPv3 SNMPv3 is used to send and receive traps.
• • IPv6 Address Type — When the recipient supports IPv6 (see previous parameter), this specifies the type of static address supported. The possible values are: – Link Local — A Link Local address that is non-routable and used for communication on the same network only. – Global — A globally unique IPv6 address; visible and reachable from different subnets. Link Local Interface — When the server supports an IPv6 Link Local address (see previous parameter), this specifies the the Link Local interface.
Displaying Notification Recipients Tables 1 Open Notification Recipients page. 2 Click Show All. The Notification Recipients Tables page opens. Figure 6-105. Notification Recipients Tables Deleting Notification Recipients 1 Open Notification Recipients page. 2 Click Show All. The Notification Recipients Tables page opens. 3 Select a notification recipient in either the SNMPV1,2 Notification Recipient or SNMPv3 Notification Recipient Tables. 4 Check the Remove checkbox. 5 Click Apply Changes.
Configuring SNMP Notification Recipients Using CLI Commands The following table summarizes the equivalent CLI commands for viewing fields displayed in the Notification Recipients page. Table 6-52. SNMP Community CLI Commands CLI Command Description snmp-server host {ipaddress | hostname} Creates or updates a notification community-string [traps | informs] [1 | 2] recipient receiving notifications in [udp-port port] [filter filtername] SNMP version 1 or 2.
Managing Files Use the File Management page to manage device software, the image file, and the configuration files. Files can be downloaded or uploaded via a TFTP server. The management file structure consists of the following files: • Startup Configuration File — Contains the commands required to configure device at startup or after reboot. The startup configuration file is created by copying the configuration commands from the Running Configuration file or an Image file.
Downloading Files The File Download from Server page contains fields for downloading system image and Configuration files from the TFTP server or HTTP client to the device. To open the File Download from Server page, click System → File Management → File Download in the tree view. Figure 6-106.
The File Download from Server page contains the following fields: • • • Supported IP Format — Specifies the IP format supported by the server. The possible values are: – IPv6 — IP version 6 is supported. – IPv4 — IP version 4 is supported. IPv6 Address Type — When the server supports IPv6 (see previous parameter), this specifies the type of static address supported. The possible values are: – Link Local — A Link Local address that is non-routable and used for communication on the same network only.
Configuration Download • Server IP Address — The TFTP Server IP Address from which the configuration files are downloaded. • Source File Name (1-64 characters) — Indicates the configuration files to be downloaded. • Destination File — The destination file to which the configuration file is downloaded. The possible field values are: – Running Configuration — Downloads commands into the Running Configuration file. – Startup Configuration — Downloads the Startup Configuration file, and overwrites it.
Uploading Files The File Upload to Server page contains fields for uploading the software to the TFTP server from the device. The Image file can also be uploaded from the File Upload to Server page. To open the File Upload to Server page, click System → File Management → File Upload in the tree view. Figure 6-107.
The File Upload to Server page contains the following fields: • • • Supported IP Format — Specifies the IP format supported by the server. The possible values are: – IPv6 — IP version 6 is supported. – IPv4 — IP version 4 is supported. IPv6 Address Type — When the server supports IPv6 (see previous parameter), this specifies the type of static address supported. The possible values are: – Link Local — A Link Local address that is non-routable and used for communication on the same network only.
Configuration Upload • TFTP Server IP Address — The TFTP Server IP Address to which the Configuration file is uploaded. • Destination File Name (1-64 Characters) — Indicates the Configuration file path to which the file is uploaded. • Transfer File Name — The software file to which the configuration is uploaded. The possible field values are: – Running Configuration — Uploads the Running Configuration file. – Startup Configuration — Uploads the Startup Configuration file.
The following is an example of the CLI commands: console# copy image tftp://10.6.6.64/uploaded.
The Active Images page contains the following fields: • Unit No. — The unit number for which the Image file is selected. • Active Image — The Image file which is currently active on the unit. • After Reset — The Image file which is active on the unit after the device is reset. The possible field values are: – Image 1 — Activates Image file 1 after the device is reset. – Image 2 — Activates Image file 2 after the device is reset. Selecting an Image File 1 Open the Active Images page.
Copying Files Files can be copied and deleted from the Copy Files page. To open the Copy Files page, click System → File Management → Copy Files in the tree view. Figure 6-109. Copy Files The Copy Files page contains the following fields: • • • Copy Master Firmware — Indicates the firmware file to copy. The possible field values are: – Source — Copies the current Stacking Master’s Software Image file or Boot Code file. – Destination Unit — Specifies the stacking member to upload the file.
Copying Files 1 Open the Copy Files page. 2 Define the Source and Destination fields. 3 Click Apply Changes. The file is copied, and the device is updated. Restoring Company Factory Default Settings 1 Open the Copy Files page. 2 Click Restore Configuration Factory Defaults. 3 Click Apply Changes. The company factory default settings are restored, and the device is updated.
Managing Device Files The Files on File System page provides information about files currently stored on the system, including file names, file sizes, files modifications, and file permissions. The files system permits managing up to five files, with a maximum size of 0.5 MB per file. To open the Files on File System page, click System→ File Management→ File System in the tree view. Figure 6-110.
Managing Files Using CLI Commands The following table summarizes the equivalent CLI commands for managing system files. Table 6-57. Copy Files CLI Commands CLI Command Description dir Display list of files on a flash file system The following is an example of the CLI commands: console# dir Directory of flash: File Name Permission Flash Size Data Size Modified -------------- ------ ------ ------ -------------------- 3.
Configuring Advanced Settings Use Advanced Settings to set miscellaneous global attributes of the switch. The changes to these attributes are applied only after the switch is reset. Click a link below to access on-line help for the indicated screen. Click System → Advanced Settings in the tree view to open the Advanced Settings page. The the Advanced Settings page contains a link for configuring general settings.
Viewing RAM Log Entries Counter Using the CLI Commands The following table summarizes the equivalent CLI commands for setting fields displayed in the General Settings page. Table 6-58. General Settings CLI Commands CLI Command Description logging buffered size number Sets the number of syslog messages stored in the internal buffer (RAM).
Configuring Switch Information This section provides all system operation and general information for configuring network security, ports, Address tables, GARP, VLANs, Spanning Tree, Port Aggregation, and Multicast Support.
Port Based Authentication Port based authentication enables authenticating system users on a per-port basis via an external server. Only authenticated and approved system users can transmit and receive data. Ports are authenticated via the RADIUS server using the Extensible Authentication Protocol (EAP). Port Authentication includes: • Authenticators — Specifies the device port which is authenticated before permitting system access.
• Multiple Session Mode — Enables only the authorized host for multiple-session access to the port. • Guest VLANs — Provides limited network access authorized to ports. If a port is denied network access via port based authorization, but the Guest VLAN is enabled, the port receives limited network access. For example, a network administrator can use Guest VLANs to deny network access via port based authentication, but grant Internet access to unauthorized users.
The Port Based Authentication page contains the following fields: • • • • Port Based Authentication State — Permits port based authentication on the device. The possible field values are: – Enable — Enables port based authentication on the device. – Disable — Disables port based authentication on the device. Authentication Method — Indicates the Authentication method used. The possible field values are: – None — Indicates that no authentication method is used to authenticate the port.
• • • Dynamic VLAN Assignment — Indicates whether dynamic VLAN assignment is enabled for this port. This feature allows network administrators to automatically assign users to VLANs during the RADIUS server authentication. When a user is authenticated by the RADIUS server, the user is automatically joined to the VLAN configured on a RADIUS server. – Port Lock and Port Monitor should be disabled when DVA is enabled.
• Supplicant Timeout (1-65535) — Indicates the amount of time that lapses before EAP requests are resent to the supplicant. The field value is in seconds. The field default is 30 seconds. • Max EAP Requests (1-10) — Indicates that total amount of EAP requests sent. If a response is not received after the defined period, the authentication process is restarted. The field default is 2 retries. Displaying the Port Based Authentication Table 1 Open the Port Based Authentication page. 2 Click Show All.
Enabling Port Based Authentication Using the CLI Commands The following table summarizes the equivalent CLI commands for enabling the port based authentication as displayed in the Port Based Authentication table. Table 7-1. Port Authentication CLI Commands CLI Command Description aaa authentication dot1x default method1 [method2.] Specifies one or more authentication, authorization, and accounting (AAA) methods for use on interfaces running IEEE 802.1X.
The following is an example of the CLI commands: Console# show dot1x Interface Admin Mode Oper Mode Reauth Control Reauth Period Username --------- ---------- ---------- -------- ------ -------- 1/e1 Auto Authorized Ena 3600 Bob 1/e2 Auto Authorized Ena 3600 John 1/e3 Auto Unauthorized Ena 3600 Clark 1/e4 Force-auth Authorized 3600 n/a Dis Configuring Advanced Port Based Authentication The Multiple Hosts page provides information for defining advanced port based authentica
The Multiple Hosts page contains the following fields: • Port — The port number for which Advanced Port Based Authentication is enabled. • Host Authentication — Defines the host authentication type. The possible fields are: • • – Single — Enables a single authorized host for single-session access to the system. – Multiple Host — Enables a single host to authorize multiple hosts for single-session access to the system.
Displaying the Multiple Hosts Table 1 Open the Multiple Hosts page. 2 Click Show All. The Multiple Hosts Table opens. Figure 7-4. Multiple Hosts Table The Multiple Hosts Table displays the following additional field: • Unit No. — Selects a stacking member. Enabling Multiple Hosts Using the CLI Commands The following table summarizes the equivalent CLI commands for enabling the advanced port based authentication as displayed in the Multiple Hosts page. Table 7-2.
Authenticating Users The Authenticated Users page displays user port access lists. The User Access Lists are defined in the Add User Name page. To open the Authenticated Users page, click Switch → Network Security → Authenticated Users. Figure 7-5. Authenticated Users The Authenticated Users page contains the following fields: • User Name — List of users authorized via the RADIUS Server. • Port — The port number(s) used for authentication, per user name.
Displaying the Authenticated Users Table 1 Open the Authenticated Users page. 2 Click Show All. The Authenticated Users Table opens. Figure 7-6. Authenticated Users Table Authenticating Users Using the CLI Commands The following table summarizes the equivalent CLI commands for authenticating users as displayed in the Authenticated Users page. Table 7-3. Add User Name CLI Commands CLI Command Description show dot1x users [username username] Displays 802.1X users for the device.
Configuring Port Security Network security can be enhanced by limiting access on a specific port only to users with specific MAC addresses. The MAC addresses can be dynamically learned, up to that point, or they can be statically configured. Locked port security monitors both received and learned packets that are received on specific ports. Access to the locked port is limited to users with specific MAC addresses.
The Port Security page contains the following fields: • Interface — The selected interface type on which Locked Port is enabled. – Port — The selected interface type is a port. – LAG — The selected interface type is a LAG. • Current Port Status — The currently configured Port status. • Set Port — The port is either locked or unlocked. The possible field values are: • – Unlocked — Unlocks Port. This is the default value. – Locked — Locks Port. Learning Mode — Defines the locked port type.
Displaying the Port Security Table 1 Open the Port Security page. 2 Click Show All. The Port Security Table opens. Locked Ports are defined in the Port Security Table. Figure 7-8. Port Security Table The Port Security Table contains the additional following fields: • Unit No. — Specifies the stacking unit for which locked port information is displayed. • Copy Parameters from — The port from which parameters will be copied and assigned to the selected unit number.
Configuring Locked Port Security with CLI Commands The following table summarizes the equivalent CLI commands for configuring Locked Port security as displayed in the Port Security page. Table 7-4. Port Security CLI Commands CLI Command Description shutdown Disables interfaces. set interface active {ethernet interface | port- Reactivates an interface that is shutdown due to channel port-channel-number} port security reasons. port security learning {disabled | dynamic} Defines the locked port type.
Defining IP based ACLs Access Control Lists (ACL), which are comprised of Access Control Entries (ACE), allow network managers to define classification actions and rules for specific ingress ports. Packets entering an ingress port, with an active ACL, are either admitted or denied entry and the ingress port is disabled. If they are denied entry, the user can disable the port.
• ACL Name — User-defined ACLs. • New ACE Priority — ACE priority that determines which ACE is matched to a packet based on a first-match basis. • Protocol — Enables creating an ACE based on a specific protocol. The possible field values are: – IP — Internet Protocol (IP). Specifies the format of packets and their addressing method. IP addresses packets and forwards the packets to the correct port. – ICMP — Internet Control Message Protocol (ICMP).
– IPIP — IP over IP (IPIP). Encapsulates IP packets to create tunnels between two routers. This ensure that IPIP tunnel appears as a single interface, rather than several separate interfaces. IPIP enables tunnel intranets occur the internet, and provides an alternative to source routing. – PIM — Matches the packet to Protocol Independent Multicast (PIM). – L2TP — Matches the packet to Internet Protocol (L2IP). – ISIS — Intermediate System - Intermediate System (ISIS).
• Match IP Precedence — Indicates matching ip-precedence with the packet ip-precedence value. IP Precendence enables marking frames that exceed CIR threshold. In a congested network, frames containing a higher are discarded before frames with a lower DP. • Action — Indicates the ACL forwarding action. The possible field values are: – Permit — Forwards packets which meet the ACL criteria. – Deny — Drops packets which meet the ACL criteria.
3 Define the relevant fields. 4 Click Apply Changes. The IP based protocol is defined, and the device is updated. Displaying the ACEs Associated with IP based ACLs 1 Open the Network Security - IP Based ACL page. 2 Click Show All. The ACEs Associated with IP-ACL opens. Figure 7-11. ACEs Associated with IP-ACL Removing an IP based ACL 1 Open the Network Security - IP Based ACL page. 2 Click Show All. The ACEs Associated with IP-ACL Table opens. 3 Check the Remove ACL checkbox. 4 Click Apply Changes.
Configuring IP Based ACLs with CLI Commands The following table summarizes the equivalent CLI commands for configuring IP Based ACLs. Table 7-5. IP Based ACL CLI Commands CLI Command Description ip access-list access-list-name To define an IPv4 access list and to place the device in IPv4 access list configuration mode, use the ipv4 access-list command in global configuration mode. To remove the access list, use the no form of this command.
Defining MAC Based Access Control Lists The Network Security - MAC Based ACL page allows a MAC- based ACL to be defined. ACEs can be added only if the ACL is not bound to an interface. To define MAC Based ACLs, click Switch → Network Security → MAC Based ACL. • Network Security - MAC Based ACL • ACL Name — Displays the user-defined MAC based ACLs. • New ACE Priority — Indicates the ACE priority, which determines which ACE is matched to a packet on a first-match basis.
• CoS — Indicates the CoS values by which the packets are filtered. • Cos Mask — Indicates the CoS Mask by which the packets are filtered. • Ethertype — Indicates the Ethertype packet by which the packets are filtered. • Action — Indicates the ACL forwarding action. Possible field values are: – Permit — Forwards packets which meet the ACL criteria. – Deny — Drops packets which meet the ACL criteria.
3 Define the relevant fields. 4 Click Apply Changes. The MAC based protocol is defined, and the device is updated. Displaying the ACEs Associated with MAC based ACLs 1 Open the Network Security - MAC Based ACL page. 2 Click Show All. The ACEs Associated with MAC Based ACL opens. Removing a MAC based ACL 1 Open the Network Security - MAC Based ACL page. 2 Click Show All. The ACEs Associated with MAC-ACL Table opens. 3 Check the Remove ACL checkbox. 4 Click Apply Changes.
Configuring MAC Based ACLs with CLI Commands The following table summarizes the equivalent CLI commands for configuring MAC Based ACLs. Table 7-6. MAC Based ACL CLI Commands CLI Command Description mac access-list access-list-name To define a Layer 2 access list and to place the device in MAC access list configuration mode, use the mac access-list command in global configuration mode. To remove the access list, use the no form of this command.
3 In the Bind ACL to an Interface field, select a port or LAG. 4 Click Apply Changes. The ACL is bound to the interface. Displaying the ACL Bindings Table: 1 Open the Network Security - ACL Binding page. 2 Click Show All. The ACL Bindings Table opens. Figure 7-14. ACL Bindings Table Copying ACL Parameters Between Interfaces 1 Open the Network Security - ACL Binding page. 2 Click Show All. The ACL Bindings Table opens.
Configuring ACL Bindings with CLI Commands The following table summarizes the equivalent CLI commands for configuring ACL Bindings. Table 7-7. ACL Bindings CLI Commands CLI Command Description service-acl input acl-name To control access to an interface, use the service-acl command in interface configuration mode. To remove the access control, use the no form of this command.
This section contians the following topics: • "Defining DHCP Snooping Global Parameters" on page 289 • "Defining DHCP Snooping on VLANs" on page 291 • "Defining Trusted Interfaces" on page 292 • "Adding Interfaces to the DHCP Snooping Database" on page 294 Defining DHCP Snooping Global Parameters The DHCP Snooping Global Parameters page contains parameters for enabling and configuring DHCP Snooping on the device.
• • Save Binding Database to File — Indicates if the DHCP Snooping Database is saved to file. The possible field values are: – Enable — Enables saving the database to file. This is the default value. – Disable — Disables saving the database to file. Save Binding Database Internal — Indicates how often the DHCP Snooping Database is updated. The possible field range is 600 – 86400 seconds. The field default is 1200 seconds.
The following is an example of some of the CLI commands: Console# show ip dhcp snooping DHCP snooping is enabled DHCP snooping is configured on following VLANs: 2, 7-18 DHCP snooping database: enabled Option 82 on untrusted port is allowed Verification of hwaddr field is enabled Interface Trusted ----------- ----------- 1/1 yes 1/2 yes Defining DHCP Snooping on VLANs The DHCP Snooping VLAN Settings Page allows network managers to enable DHCP Snooping on VLANs.
Defining DHCP Snooping on VLANS 1 Open the DHCP Snooping VLAN Settings page. 2 Click Add and Remove to add/remove VLAN IDs to or from the Enabled VLAN list. 3 Click Apply Changes. Configuring DHCP Snooping on VLANs with CLI Commands The following table summarizes the equivalent CLI commands for configuring DHCP Snooping on VLANs . Table 7-9.
Displaying the Trusted Interfaces Table: 1 Open the Trusted Interfaces page. 2 Click Show All. The Trusted Interfaces Table opens. Figure 7-18. Trusted Interfaces Table Copying Trusted Interfaces Settings Between Interfaces 1 Open the Trusted Interfaces page. 2 Click Show All. The Trusted Interfaces Table opens. 3 In the Unit and Copy from fields, select a Port or LAG from which you want to copy settings. 4 In the table, check the Copy to checkbox for each entry to which you want to copy the settings.
Configuring DHCP Snooping Trusted Interfaces with CLI Commands The following table summarizes the equivalent CLI commands for configuring DHCP Snooping Trusted Interfaces. Table 7-10. DHCP Snooping Trusted Interfaces CLI Commands CLI Command Description ip dhcp snooping trust Use the ip dhcp snooping trust interface configuration command to configure a port as trusted for DHCP snooping purposes. Use the no form of this command to return to the default setting.
Querying the Database 1 Open the Binding Database page. 2 Select the following categories: – MAC Address — Indicates the MAC addresses recorded in the DHCP Snooping Database. – IP Address — Indicates the IP addresses recorded in the DHCP Snooping Database. – VLAN — Indicates the VLANs recorded in the DHCP Snooping Database. – Interface — Contains a list of interfaces recorded in the DHCP Snooping Database. The possible field values are: Port and LAG.
Binding a DHCP Snooping Database 1 Open the Binding Database page. 2 Click Add. The Bind DHCP Snooping page opens. Figure 7-20. Bind DHCP Snooping Page 3 Define the fields. 4 Click Apply Changes. Configuring DHCP Snooping Binding Database with CLI Commands The following table summarizes the equivalent CLI commands for configuring DHCP Snooping Binding Database . Table 7-11.
The following is an example of some of the CLI commands: Console# show ip dhcp snooping binding Update frequency: 1200 Total number of binding: 2 Mac Address IP Address Lease (sec) Type VLAN Interface ----------- ----------- ----------- -------- -------- ------- 0060.704C.73FF 10.1.8.1 7983 snooping 3 1/21 0060.704C.7BC1 10.1.8.
Figure 7-21. Port Configuration The Port Configuration page contains the following fields: • Port — The port number for which port parameters are defined. • Description (0 - 64 Characters) — A brief interface description, such as Ethernet. • Port Type — The type of port. • Admin Status — Enables or disables traffic forwarding through the port. • 298 – Up — Traffic is enabled through the port. – Down — Traffic is disabled through the port.
• • Reactivate Suspended Port — Reactivates a port if the port has been disabled through the locked port security option. – Checked — Reactivates the port. – Unchecked — Maintains the port’s operational status. Operational Status — Indicates the port operational status. Possible field values are: Suspended — The port is currently active, and is not receiving or transmitting traffic. Active — The port is currently active and is receiving and transmitting traffic.
• Current Advertisement — The port advertises its speed to its neighbor port to start the negotiation process. The possible field values are those specified in the Admin Advertisement field. • Neighbor Advertisement — Indicates the neighboring port’s advertisement settings. The field values are identical to the Admin Advertisement field values. • Back Pressure — Back Pressure mode is used with Half Duplex mode to disable ports from receiving messages. Back Pressure is not supported in OOB ports.
Defining Port Parameters 1 Open the Port Configuration page. 2 Select a port in the Port Field. 3 Define the available fields in the dialog. 4 Click Apply Changes. The port parameters are saved to the device. Displaying and Modifying Multiple Port Configurations 1 Open the Port Configuration page. 2 Click Show All. The Port Configuration Table opens. Figure 7-22. Port Configuration Table 3 Define the available fields for the relevant port. 4 Click Apply Changes.
Configuring Ports with CLI Commands The following table summarizes the equivalent CLI commands for configuring ports as displayed in the Port Configuration page. Table 7-12. Port Configuration CLI Commands CLI Command Description interface ethernet interface Enters the interface configuration mode to configure an ethernet type interface. description string Adds a description to an interface configuration. shutdown Disables interfaces that are part of the currently set context.
The following is an example of the CLI commands: console(config)# interface ethernet 1/e3 console(config-if)# description "RD SW#3" console(config-if)# shutdown console(config-if)# no shutdown console(config-if)# speed 100 console(config-if)# duplex full console(config-if)# negotiation console(config-if)# back-pressure console(config-if)# flowcontrol on console(config-if)# mdix auto console(config-if)# end console# show interfaces configuration ethernet 1/e3 Port Type Duplex Speed Neg Flow Control Adm
Defining LAG Parameters The Ports - LAG Configuration page contains fields for configuring parameters for configured LAGs. The device supports up to fifteen LAGs per system. For information about Link Aggregated Groups (LAG) and assigning ports to LAGs, see Aggregating Ports. To open the Ports - LAG Configuration page, click Switch → Ports → LAG Configuration in the tree view. Figure 7-23. Ports - LAG Configuration The Ports - LAG Configuration page contains the following fields: • LAG — The LAG number.
• LAG Type — The port types that comprise the LAG. • Admin Status — Enables or disables the selected LAG. – Up — Traffic is enabled through the LAG. – Down — Traffic is disabled through the LAG. • Current Status — Indicates if the LAG is currently operating. • Admin Speed — The configured speed at which the LAG is operating. The possible field values are: – 10M — Indicates the LAG is currently operating at 10 Mbps. – 100M — Indicates the LAG is currently operating at 100 Mbps.
• Current Flow Control — The current Flow Control setting. • Private VLAN Edge (PVE)— Indicates the Private VLAN Edge (PVE) group to which the LAG is configured. A port defined as PVE is protected by an uplink, so that it is isolated from other ports within the same VLAN. The uplink must be a GE port or LAG. Defining LAG Parameters 1 Open the Ports - LAG Configuration page. 2 Select a LAG in the LAG field. 3 Define the fields. 4 Click Apply Changes. The LAG parameters are saved to the device.
3 Define the available fields for the relevant LAGs. 4 Click Apply Changes. The LAG parameters are saved to the device. Configuring LAGs with CLI Commands The following table summarizes the equivalent CLI commands for configuring LAGs as displayed in the Ports - LAG Configuration page. Table 7-13. LAG Configuration CLI Commands CLI Command Description interface port-channel port-channel- Enters the interface configuration mode of a specific number port-channel.
The following is an example of the CLI commands: console(config)# interface port-channel 2 console(config-if)# no negotiation console(config-if)# speed 100 console(config-if)# flowcontrol on console(config-if)# exit console(config)# interface port-channel 3 console(config-if)# shutdown console(config-if)# exit console(config)# interface port-channel 4 console(config-if)# back-pressure console(config-if)# description p4 console(config-if)# end console# show interfaces port-channel Channel Ports ---------
The Storm Control page provides fields for enabling and configuring Storm Control. To open the Storm Control page, click Switch → Ports → Storm Control in the tree view. Figure 7-25. Storm Control The Storm Control page contains the following fields: • Port — The port from which storm control is enabled. • Broadcast Control — Enables or disables forwarding Broadcast packet types on the specific interface. • • – Enable — Enables Broadcast packet types to be forwarded.
Modifying Storm Control Port Parameters 1 Open the Storm Control page. 2 Modify the fields. 3 Click Apply Changes The Storm Control port parameters are saved to the device. Displaying the Port Parameters Table 1 Open the Storm Control page. 2 Click Show All. The Storm Control Settings Table opens. Figure 7-26. Storm Control Settings Table In addition to the fields in the Storm Control page, the Storm Control Settings Table contains the following additional fields: • Unit No.
4 Check the Copy to check box to define the interfaces to which the storm control definitions are copied, or click Select All to copy the definitions to all ports. 5 Click Apply Changes. The parameters are copied to the selected ports in the Storm Control Settings Table, and the device is updated. Configuring Storm Control with CLI Commands The following table summarizes the equivalent CLI commands for configuring Storm Control as displayed on the Storm Control page. Table 7-14.
Defining Port Mirroring Sessions Port mirroring does the following: • Monitors and mirrors network traffic by forwarding copies of incoming and outgoing packets from one port to a monitoring port. • Can be used as a diagnostic tool and/or a debugging feature. • Enables device performance and monitoring. Port mirroring is configured by selecting a specific port to copy all packets, and different ports from which the packets are copied.
To open the Port Mirroring page, click Switch → Ports → Port Mirroring in the tree view. When a port is set to be a target port for a port-mirroring session, all normal operations on it are suspended. This includes Spanning Tree and LACP. Figure 7-27. Port Mirroring The Port Mirroring page contains the following fields: • Destination Port — The port number to which port traffic is copied. • Transmit Packets — Defines the how the packets are mirrored.
• Status — Indicates if the port is currently monitored (Active) or not monitored (Ready). • Remove — Removes the port mirroring session. The possible field values are: – Checked — Removes the selected port mirroring sessions. – Unchecked — Maintains the port mirroring session. Adding a Port Mirroring Session 1 Open the Port Mirroring page. 2 Click Add. The Add Source Port page opens. Figure 7-28. Add Source Port 3 Define the Source Port and the Type fields. 4 Click Apply Changes.
The following is an example of the CLI commands: console(config)# interface ethernet 1/e1 console(config-if)# port monitor 1/e2 console (config-if)# end console# show ports monitor Source Port Destination Port Type Status VLAN Tagging ----------- ---------------- ------------ ------- ------------ 1/e2 1/e1 RX, TX Active No Configuring Address Tables MAC addresses are stored in either the Static Address or the Dynamic Address databases.
Figure 7-29. Static MAC Address The Static MAC Address page contains the following fields: • Interface — The specific port or LAG to which the static MAC address is applied. • MAC Address — The MAC addresses listed in the current static addresses list. • VLAN ID — The VLAN ID attached to the MAC. • VLAN Name — User-defined VLAN name. • Status — MAC address status. Possible values are: – Secure — Used for defining static MAC Addresses for Locked ports.
Adding a Static MAC Address 1 Open the Static MAC Address page. 2 Click Add. The Add Static MAC Address page opens. Figure 7-30. Add Static MAC Address 3 Complete the fields. 4 Click Apply Changes. The new static address is added to the Static MAC Address Table, and the device is updated. Modifying a Static Address Setting in the Static MAC Address Table 1 Open the Static MAC Address page. 2 Select an interface. 3 Modify the fields. 4 Click Apply Changes.
4 Select a table entry. 5 Select the Remove check box. 6 Click Apply Changes. The selected static address is deleted, and the device is updated. Configuring Static Address Parameters Using CLI Commands The following table summarizes the equivalent CLI commands for configuring static address parameters as displayed in the Static MAC Address page. Table 7-16.
To open the Dynamic Address Table page, click Switch → Address Tables → Dynamic MAC Address in the tree view. Figure 7-32. Dynamic Address Table The Dynamic Address Table page contain the following fields: • Address Aging (10-3825) — Specifies the amount of time (in seconds) the MAC Address remains in the Dynamic Address Table before it is timed out if no traffic from the source is detected. The default value is 300 seconds. • Clear Table — Clears the Dynamic Address table.
• VLAN ID — The VLAN ID for which the table is queried. • Address Table Sort Key — Specifies the means by which the Dynamic Address Table is sorted. The address table can be sorted by Address, VLAN or Interface. Redefining the Aging Time 1 Open the Dynamic Address Table. 2 Define the Address Aging field. 3 Click Apply Changes. The aging time is modified, and the device is updated. Querying the Dynamic Address Table 1 Open the Dynamic Address Table.
The following is an example of the CLI commands: console (config)# bridge aging-time 250 console (config)# end console# show bridge address-table Aging time is 250 sec vlan mac address port type ---- ----------- ---- ---- 1 00:60:70:4C:73:FF 1/e8 dynamic 1 00:60:70:8C:73:FF 1/e8 dynamic 200 00:10:0D:48:37:FF 1/e8 static Configuring GARP Generic Attribute Registration Protocol (GARP) is a general-purpose protocol that registers any network connectivity or membership-style information.
Defining GARP Timers The GARP Timers page contains fields for enabling GARP on the device. To open the GARP Timers page, click Switch → GARP → GARP Timers in the tree view. Figure 7-33. GARP Timers The GARP Timers page contains the following fields: • Interface — Determines if enabled on a port or on a LAG.. • GARP Join Timer (10 - 2147483640) — Time, in milliseconds, that Protocol Data Units (PDU) are transmitted. The default value is 200 msec.
Copying Parameters in the GARP Timers Table 1 Open the GARP Timers page. 2 Click Show All. The GARP Timers Table opens. Figure 7-34. GARP Timers Table 3 Select the interface in the Copy Parameters from field from either the Port or LAG drop-down menu. The definitions for this interface are copied to the selected interfaces. See step 4.
Defining GARP Timers Using CLI Commands This table summarizes the equivalent CLI commands for defining GARP timers as displayed in the GARP Timers page. Table 7-18. GARP Timer CLI Commands CLI Command Description garp timer {join | leave | leaveall} Adjusts the GARP application join, timer_value leave, and leaveall GARP timer values.
Configuring the Spanning Tree Protocol Spanning Tree Protocol (STP) provides tree topography for any bridge arrangement. STP eliminates loops by providing one path between end stations on a network. Loops occur when alternate routes exist between hosts. Loops in an extended network can cause bridges to forward traffic indefinitely, resulting in increased traffic and reducing network efficiency.
Figure 7-35. Spanning Tree Global Settings The Spanning Tree Global Settings page contains the following fields: • • 326 Spanning Tree State — Enables or disables Spanning Tree on the device. The possible field values are: – Enable — Enables Spanning Tree. – Disable — Disables Spanning Tree. STP Operation Mode — Indicates the STP mode by which STP is enabled on the device. The possible field values are: – Classic STP — Enables Classic STP on the device. This is the default value.
• • BPDU Handling — Determines how Bridge Protocol Data Unit (BPDU) packets are managed when STP is disabled on the port/ device. BPDUs are used to transmit spanning tree information. The possible field values are: – Filtering — Filters BPDU packets when spanning tree is disabled on an interface. This is the default value. – Flooding — Floods BPDU packets when spanning tree is disabled on an interface. Path Cost Default Values — Specifies the method used to assign default path costs to STP ports.
• Root Path Cost — The cost of the path from this bridge to the root. • Topology Changes Counts — Specifies the total amount of STP state changes that have occurred. • Last Topology Change — Indicates the amount of time that has elapsed since the bridge was initialized or reset, and the last topographic change occurred. The time is displayed in a D/H/M/S format, for example, 2D/5H/10M/4S. Defining STP Global Parameters 1 Open the page. 2 Select Enable in the Spanning Tree State field.
Table 7-19. STP Global Parameter CLI Commands (continued) CLI Command Description show spanning-tree [ethernet interface | portDisplays spanning tree configuration. channel port-channel-number] [instance instance-id] show spanning-tree [detail] [active | blockedports] [instance instance-id] Displays detailed spanning tree information on active or blocked ports. show spanning-tree mst-configuration Displays spanning tree MST configuration identifier.
Name State Prio.Nbr Cost Sts Role PortFast Type ---- ----- ------- ---- --- ---- ------- ---- 1/e2 enabled 128.2 100 DSBL Dsbl No P2p Intr 1/e3 enabled 128.3 100 DSBL Dsbl No P2p Intr 1/e4 enabled 128.4 100 DSBL Dsbl No P2p Intr 1/e5 enabled 128.5 19 FRW Desg Yes P2p Intr 1/e6 enabled 128.6 100 DSBL Dsbl No P2p Intr 1/e7 enabled 128.7 100 DSBL Dsbl No P2p Intr 1/e8 enabled 128.8 100 DSBL Dsbl No P2p Intr 1/e9 enabled 128.
Name State Prio.Nbr Cost Sts Role PortFast Type ---- ----- ------- ---- --- ---- ------- ---- 1/e5 enabled 128.2 19 FRW Desg Yes P2p Intr 1/e7 enabled 128.7 19 DSCR Altn No P2p Bound (STP) 1/e11 enabled 128.11 19 FRW Desg Yes P2p Intr 1/e15 enabled 128.15 19 FRW Desg No P2p Intr 1/e22 enabled 128.22 19 FRW Desg Yes P2p Intr Defining STP Port Settings Use the STP Port Settings page to assign STP properties to individual ports.
The STP Port Settings page contains the following fields: • Select a Port — Specifies the port number on which STP settings are to be to modified. • STP — Enables or disables STP on the port. The possible field values are: • • • • • 332 – Enable — Indicates that STP is enabled on the port. – Disable — Indicates that STP is disabled on the port. Fast Link — Enables Fast Link mode for the port.
• Path Cost (1-200000000) — The port contribution to the root path cost. The path cost is adjusted to a higher or lower value, and is used to forward traffic when a path being rerouted. • Default Path Cost — Indicates if the device uses the default path cost. The possible field values are: – Checked — Device uses the default path cost. – Unchecked — Device uses path cost defined in the Path Cost field above. • Priority — Priority value of the port.
Displaying the STP Port Table 1 Open the Spanning Tree Port Settings page. 2 Click Show All. The STP Port Table opens. Figure 7-37. STP Port Table Defining STP Port Settings Using CLI Commands The following table summarizes the equivalent CLI commands for defining STP port parameters as displayed in the STP Port Settings page. Table 7-20. STP Port Settings CLI Commands CLI Command Description spanning-tree disable Disables spanning tree on a specific port.
The following is an example of the CLI commands: console> enable console# configure Console(config)# interface ethernet 1/e1 Console(config-if)# spanning-tree disable Console(config-if)# spanning-tree cost 35000 Console(config-if)# spanning-tree port-priority 96 Console(config-if)# spanning-tree portfast Console(config-if)# exit Console(config)# exit Console# show spanning-tree ethernet 1/e15 Port 1/e15 enabled State: forwarding Role: designated Port id: 128.
Defining STP LAG Settings Use the STP LAG Settings page to assign STP aggregating ports parameters. To open the STP LAG Settings page, click Switch → Spanning Tree → LAG Settings in the tree view. Figure 7-38. STP LAG Settings The Spanning Tree LAG Settings page contains the following fields: • Select a LAG — The LAG number for which you want to modify STP settings. • STP — Enables or disables STP on the LAG. The possible field values are: • 336 – Enable — Indicates that STP is enabled on the LAG.
• • • Root Guard — Prevents devices outside the network core from being assigned the spanning tree root. – Checked — Root guard is enabled on the port. – Unchecked — Root guard is disabled on the port. LAG State — Current STP state of a LAG. If enabled, the LAG state determines what forwarding action is taken on traffic. If the bridge discovers a malfunctioning LAG, the LAG is placed in the Broken state. Possible LAG states are: – Disabled — STP is currently disabled on the LAG.
• Designated Port ID — The ID of the selected interface. • Designated Cost — Cost of the port participating in the STP topology. Ports with a lower cost are less likely to be blocked if STP detects loops. • Forward Transitions — Number of times the LAG State has changed from the Forwarding state to a Blocking state. Modifying the LAG STP Parameters 1 Open the Spanning Tree LAG Settings page. 2 Select a LAG from the Select a LAG drop-down menu. 3 Modify the fields as desired. 4 Click Apply Changes.
Defining STP LAG Settings Using CLI Commands The following table contains the CLI commands for defining STP LAG settings. Table 7-21. STP LAG Settings CLI Commands CLI Command Description spanning-tree Enables spanning tree. spanning-tree disable Disables spanning tree on a specific LAG. spanning-tree cost cost Configures the spanning tree cost contribution of a LAG. spanning-tree guard root Enables root guard on all spanning tree instances on the interface.
Figure 7-40. Rapid Spanning Tree (RSTP) The Spanning Tree RSTP page contains the following fields: • Interface — Port or LAG for which you can view and edit RSTP settings. • State — Disables RSTP state of the selected interface. • Role—Indicates the port role assigned by the STP algorithm in order to provide STP paths. The possible field values are: • 340 – Root—Provides the lowest cost path to forward packets to root switch.
• • Fast Link Operational Status — Indicates if Fast Link is enabled or disabled for the port or LAG. If Fast Link is enabled for an interface, the interface is automatically placed in the forwarding state. The possible field values are: – Enable — Fast Link is enabled. – Disable — Fast Link is disabled. – Auto — Fast Link mode is enabled a few seconds after the interface becomes active.
Displaying the Rapid Spanning Tree (RSTP) Table 1 Open the Rapid Spanning Tree (RSTP) page. 2 Click Show All. The Rapid Spanning Tree (RSTP) Table opens. Figure 7-41. Rapid Spanning Tree (RSTP) Table Defining Rapid STP Parameters Using CLI Commands The following table summarizes the equivalent CLI commands for defining Rapid STP parameters as displayed in the Rapid Spanning Tree (RSTP). Table 7-22.
Configuring Multiple Spanning Tree MSTP operation maps VLANs into STP instances. Multiple Spanning Tree provides differing load balancing scenario. For example, while port A is blocked in one STP instance, the same port is placed in the Forwarding State in another STP instance. In addition, packets assigned to various VLANs are transmitted along different paths within Multiple Spanning Trees Regions (MST Regions). Regions are one or more Multiple Spanning Tree bridges by which frames can be transmitted.
The MSTP Settings page contains the following fields: 344 • Region Name (1-32 Characters) — Indicates user-defined MSTP region name. • Revision (0-65535) — Defines unsigned 16-bit number that identifies the current MST configuration revision. The revision number is required as part of the MST configuration. The possible field range is 0-65535. • Max Hops (1-40) — Defines the total number of hops that occur in a specific region before the BPDU is discarded.
Displaying the MSTP VLAN to Instance Mapping Table 1 Open the Spanning Tree MSTP Settings page. 2 Click Show All to open the MSTP VLAN to Instance Mapping Table. Figure 7-43. MSTP VLAN to Instance Mapping Table Defining MST Instances Using CLI Commands The following table summarizes the equivalent CLI commands for defining MST instance groups as displayed in the Spanning Tree MSTP Settings page. Table 7-23.
Table 7-23. MSTP Instances CLI Commands (continued) CLI Command Description spanning-tree mst instance-id cost cost Sets the path cost of the port for MST calculations exit Exits the MST region configuration mode and applies configuration changes. abort Exits the MST region configuration mode without applying configuration changes. show {current | pending} Displays the current or pending MST region configuration.
Defining MSTP Interface Settings The MSTP Interface Settings page contains parameters assigning MSTP settings to specific interfaces. To open the MSTP Interface Settings page, click Switch → Spanning Tree → MSTP Interface Settings in the tree view. Figure 7-44. MSTP Interface Settings The MSTP Interface Settings page contains the following fields: • Instance ID — Lists the MSTP instances configured on the device. Possible field range is 0-15.
• Role — Indicates the port role assigned by the STP algorithm in order to provide to STP paths. The possible field values are: – Root — Provides the lowest cost path to forward packets to root device. – Designated — Indicates the port or LAG via which the designated device is attached to the LAN. – Alternate — Provides an alternate path to the root device from the root interface. – Backup — Provides a backup path to the designated port path toward the Spanning Tree leaves.
Viewing the MSTP Interface Table 1 Open the MSTP Interface Settings page. 2 Click Show All. The MSTP Interface Table page opens. Figure 7-45. MSTP Interface Table Defining MSTP Interfaces Using CLI Commands The following table summarizes the equivalent CLI commands for defining MSTP interfaces as displayed in the Spanning Tree MSTP Interface Settings page. Table 7-24.
The following is an example of the CLI commands: console# show spanning-tree mst-configuration Gathering information ..........
Configuring VLANs VLANs are logical subgroups with a LAN created via software, rather than defining a hardware solution. VLANs combine user stations and network devices into a single unit, regardless of the physical LAN segment to which they are attached. VLANs allow network traffic to flow more efficiently within subgroups. VLANs managed through software reduce the amount of time network changes, additions, and moves are implemented. Click a link below to access on-line help for the indicated screen.
Defining VLAN Membership The VLAN Membership page contains fields for defining VLAN groups. The device supports the mapping of 4094 VLAN IDs to 256 VLANs. All ports must have a defined PVID. If no other value is configured the default VLAN PVID is used. VLAN ID #1 is the default VLAN, and cannot be deleted from the system. To open the VLAN Membership page, click Switch→ VLAN→ VLAN Membership in the tree view. Figure 7-46.
• • Authentication Not Required — Indicates whether unauthorized users can access a VLAN. The possible field values are: – Enable — Enables unauthorized users to use a VLAN. – Disable — Prevents unauthorized users from using a VLAN. Remove VLAN — Indicates whether to removes the VLAN from the VLAN Membership Table. – Checked — Removes the VLAN. – Unchecked — Maintains the VLAN in the VLAN Membership Table. Adding New VLANs 1 Open theVLAN Membership page. 2 Click Add.
VLAN Port Membership Table The VLAN Port Membership Table contains a Port Table for assigning ports to VLANs. Ports are assigned to a VLAN by toggling through the Port Control settings. Ports can have the following values: Table 7-25. VLAN Port Membership Table Port Control Definition T The interface is a member of a VLAN. All packets forwarded by the interface are tagged. The packets contain VLAN information. U The interface is a VLAN member. Packets forwarded by the interface are untagged.
Defining VLAN Membership Groups Using CLI Commands The following table summarizes the equivalent CLI commands for defining VLAN membership groups as displayed in the VLAN Membership page. Table 7-26. VLAN Membership Group CLI Commands CLI Command Description vlan database Enters the VLAN configuration mode. vlan {vlan-range} Creates a VLAN. name string Adds a name to a VLAN.
Table 7-27. Port-to-VLAN Group Assignments CLI Commands (continued) CLI Command Description switchport trunk native vlan vlan-id Defines the port as a member of the specified VLAN, and the VLAN ID as the port default VLAN ID (PVID). switchport general allowed vlan add vlan-list [tagged | untagged] Adds or removes VLANs for a port in general mode. switchport general pvid vlan-id Configures the PVID when the interface is in general mode.
Defining VLAN Ports Settings The VLAN Port Settings page contains fields for managing ports that are part of a VLAN. The port default VLAN ID (PVID) is configured on the VLAN Port Settings page. All untagged packets arriving to the device are tagged by the ports PVID. To open the VLAN Port Settings page, click Switch → VLAN → Port Settings in the tree view. Figure 7-48. VLAN Port Settings The VLAN Port Settings page contains the following fields: • Port — The port number included in the VLAN.
• Dynamic — Assigns a port to a VLAN based on the host source MAC address connected to the port. – Checked — The port may be registered in a dynamic VLAN. – Unchecked — The port is not allowed to register in a dynamic VLAN. • PVID (1-4095) — Assigns a VLAN ID to untagged packets. The possible values are 1-4095. VLAN 4095 is defined as per standard and industry practice as the Discard VLAN. Packets classified to the Discard VLAN are dropped. • Frame Type — Packet type accepted on the port.
Displaying the VLAN Port Table 1 Open the VLAN Port Settings page. 2 Click Show All. The VLAN Port Table opens. Figure 7-49. VLAN Port Table Defining VLAN LAGs Settings The VLAN LAG Settings page provides parameters for managing LAGs that are part of a VLAN. VLANs can either be composed of individual ports or of LAGs. Untagged packets entering the device are tagged with the LAGs ID specified by the PVID. To open the VLAN LAG Settings page, click Switch → VLAN → LAG Settings in the tree view. Figure 7-50.
The VLAN LAG Settings page contains the following fields: • LAG — The LAG number included in the VLAN. • LAG VLAN Mode — The LAG VLAN mode. Possible values are: • – Customer — The LAG belongs to VLANs. When LAGs are in Customer mode, the added tag provides a VLAN ID to each customer, ensuring private and segregated network traffic. – General — The LAG belongs to VLANs, and each VLAN is user-defined as tagged or untagged (full 802.1Q mode). – Access — The LAG belongs to a single, untagged VLAN.
Displaying the VLAN LAG Table 1 Open the VLAN LAG Settings page. 2 Click Show All. The VLAN LAG Table opens. Figure 7-51. VLAN LAG Table 3 To change LAG settings, modify the fields for any LAGs in the table. 4 Click Apply Changes. The VLAN LAG parameters are defined, and the device is updated. Assigning LAGs to VLAN Groups Using CLI Commands The following table summarizes the equivalent CLI commands for assigning LAGs to VLAN groups as displayed in the VLAN LAG Settings page. Table 7-28.
The following is an example of the CLI commands: console(config)# interface port-channel 1 console(config-if)# switchport mode access console(config-if)# switchport access vlan 2 console(config-if)# exit console(config)# interface port-channel 2 console(config-if)# switchport mode general console(config-if)# switchport general allowed vlan add 2-3 tagged console(config-if)# switchport general pvid 2 console(config-if)# switchport general acceptable-frame-type tagged-only console(config-if)# switchport gener
To bind MAC addresses to a VLAN, ensure the VLAN ports were dynamically added, and are not static VLAN ports. To open the Bind MAC to VLAN page, click Switch→ VLAN→ Bind MAC to VLAN. Figure 7-52. Bind MAC to VLAN The Bind MAC to VLAN page contains the following fields: • MAC Address — Indicates the MAC Address which is bound to the VLAN. • Bind to VLAN — Indicates the VLAN to which the MAC address is bound. The possible values are 1-4094.
Removing a MAC to VLAN Binding: 1 Open the Bind MAC to VLAN page. 2 Click Show All. The MAC to VLAN Table opens. 3 Select the desired VLAN, or select All to see bindings for all VLANs. 4 Select the Remove checkbox next to the desired bindings. 5 Click Apply Changes. Binding MAC address to VLAN using CLI commands: The following table summarizes the equivalent CLI commands for binding MAC addresses to VLAN. Table 7-29.
Figure 7-54. • Protocol Group Protocol Value — Displays the User-defined protocol value. The options are as follows: – Protocol Value — User-defined protocol name. The possible field values are IP, IPX and ARP. – Ethernet-Based Protocol Value — The Ethernet protocol group type. • Protocol Group ID (1-65535) — The VLAN Group ID number. • Remove — Indicates whether to remove frame-to-protocol group mapping, if the protocol group to be removed is not configured on this protocol port.
3 Complete the fields on the page. 4 Click Apply Changes. The protocol group is assigned, and the device is updated. Assigning VLAN Protocol Group Settings 1 Open the Protocol Group page. 2 Complete the fields on the page. 3 Click Apply Changes. The VLAN protocol group parameters are defined, and the device is updated. Removing Protocols From the Protocol Group Table 1 Open the Protocol Group page. 2 Click Show All. The Protocol Group Table opens. Figure 7-56.
Defining VLAN Protocol Groups Using CLI Commands The following table summarizes the equivalent CLI commands for configuring Protocol Groups. Table 7-30. VLAN Protocol Groups CLI Commands CLI Command Description map protocol protocol [encapsulation] protocols-group group Maps a protocol to a protocol group. Protocol groups are used for protocolbased VLAN assignment.
• VLAN ID — Attaches the interface to a user-defined VLAN ID. The VLAN ID is defined on the Create a New VLAN page. Protocol ports can either be attached to a VLAN ID or a VLAN name. The possible values are 1-4095. VLAN 4095 is the discard VLAN. • Remove — Indicates whether to remove the selected interface from its protocol group. – Checked — Removes the selected interface. – Unchecked — Maintains the selected interface.
Displaying Protocols Assigned to Ports 1 Open the Protocol Port page. 2 Click Show All. The Protocol Based VLAN Table opens. Figure 7-59. Protocol Based VLAN Table Defining Protocol Ports Using CLI Commands The following table summarizes the equivalent CLI command for defining Protocol Ports. Table 7-31. Protocol Port CLI Commands CLI Command Description switchport general map Sets a protocol-based classification rule.
The GVRP Global Parameters page enables GVRP globally. GVRP can also be enabled on a per-interface basis. To open the GVRP Global Parameters page, click Switch → VLAN → GVRP Parameters in the tree view. Figure 7-60. GVRP Global Parameters The GVRP Global Parameters page contains the following fields: Global Parameters • GVRP Global Status — Indicates if GVRP is enabled on the device. The possible field values are: – Enable — Enables GVRP on the selected device.
• • Dynamic VLAN Creation — Indicates if Dynamic VLAN creation is enabled on the interface. The possible field values are: – Enabled — Enables Dynamic VLAN creation on the interface. – Disabled — Disables Dynamic VLAN creation on the interface. GVRP Registration — Indicates if VLAN registration through GVRP is enabled on the interface. The possible field values are: – Enabled — Enables GVRP registration on the interface. – Disabled — Disables GVRP registration on the interface.
Displaying the GVRP Port Parameters Table 1 Open the GVRP Global Parameters page. 2 Click Show All. The GVRP Port Parameters Table opens. Figure 7-61. GVRP Port Parameters Table In addition to the GVRP Global Parameters screen, the GVRP Port Parameters Table contains the following field: Copy Parameters from — The port or LAG from which parameters will be copied and assigned to other interfaces.
Table 7-32. GVRP Global Parameters CLI Commands (continued) CLI Command Description show gvrp configuration [ethernet interface| portchannel port-channel-number] Displays GVRP configuration information, including timer values, whether GVRP and dynamic VLAN creation is enabled, and which ports are running GVRP. show gvrp error-statistics [ethernet interface| portchannel port-channel-number] Displays GVRP error statistics.
Configuring Voice VLAN Voice VLAN allows network administrators enhance VoIP service by configuring ports to carry IP voice traffic from IP phones on a specific VLAN. VoIP traffic has a preconfigured OUI prefix in the source MAC address. Network Administrators can configure VLANs on which voice IP traffic is forwarded. Non-VoIP traffic is dropped from the Voice VLAN in auto Voice VLAN secure mode.
Figure 7-62. • Voice VLAN Global Parameters Voice VLAN Status — Indicates if Voice VLAN is enabled on the device. The possible field values are: – Enable — Enables Voice VLAN on the device. – Disable — Disables Voice VLAN on the device. This is the default value. • Voice VLAN ID — Defines the Voice VLAN ID number. • Class of Service — Enables adding a CoS tag to untagged packets received on the voice VLAN.
Defining Voice VLAN Global Parameters Using CLI Commands The following table summarizes the equivalent CLI command for defining Voice VLAN global parameters. Table 7-33. Voice VLAN Global Parameters CLI Commands CLI Command Description voice vlan id vlan-id To enable the voice VLAN and to configure the voice VLAN ID, use the voice vlan id command in global configuration mode. To disable the voice VLAN, enter the no form of this command.
00:0F:E2 Huawei-3COM Voice VLAN VLAN ID: 8 CoS: 6 Remark: Yes Interface Enabled Secure Activated ------ ------ ------ ------ 1/e1 Yes Yes Yes 1/e2 Yes Yes Yes 1/e3 Yes Yes Yes 1/e4 Yes Yes Yes 1/e5 No No - 1/e6 No No - 1/e7 No No - 1/e8 No No - 1/e9 No No - Defining Voice VLAN Port Settings The Voice VLAN Port Settings Page contains fields for adding ports or LAGs to voice VLAN.
• Interface — Indicates the specific port or and LAG to which the Voice VLAN settings are applied. • Voice VLAN Mode — Defines the Voice VLAN mode. The possible field values are: • – None — Disables the selected port/LAG on the Voice VLAN. – Static — Maintains the current Voice VLAN port/LAG settings. This is the default value. – Auto — Indicates that if traffic with an IP Phone MAC Address is transmitted on the port/LAG, the port/LAG joins the Voice VLAN.
The Voice VLAN Port Setting Table includes the Membership field which indicates if the Voice VLAN member is a static or dynamic member. The field value Dynamic indicates the VLAN membership was dynamically created through GARP. The field value Static indicates the VLAN membership is user-defined. 3 Select the unit number. 4 Modify the fields as desired. 5 Click Apply Changes.
Figure 7-65. • Telephony OUI(s) — Lists the OUIs currently enabled on the Voice VLAN. The following OUIs are enabled by default. – 00-01-E3 — Siemens AG phone – 00-03-6B — Cisco phone – 00-0F-E2 — H3C Aolynk – 00-60-B9 — Philips and NEC AG phone – 00-D0-1E — Pingtel phone – 00-E0-75 — Polycom/Veritel phone – 00-E0-BB — 3COM phone • Description — Provides an OUI description up to 32 characters. • Remove — Removes OUI from the Telephony OUI List.
Adding OUIs 1 Open the Voice VLAN OUI page. 2 Click Add. The Add OUI page opens. Figure 7-66. Voice VLAN Add OUI Page 3 Fill in the fields. 4 Click Apply Changes. The OUIs is added. Removing OUIs 1 Open the Voice VLAN OUI page. 2 Check the Remove checkbox next to teach OUI to be removed. 3 Click Apply Changes. The selected OUIs are removed. Restoring Default OUIs 1 Open the Voice VLAN OUI page. 2 Click Restore Default OUIs. The default OUIs are restored.
Defining Voice VLAN OUIs Using CLI Commands The following table summarizes the equivalent CLI command for defining Voice VLAN OUIs. Table 7-35. Voice VLAN OUIs CLI Commands CLI Command Description voice vlan oui-table {add mac-address-prefix [description text] | remove mac-addressprefix} To configure the voice OUI table, use the voice vlan oui-table command in global configuration mode. To return to default, use the no form of this command.
Ports in a Link Aggregated group (LAG) can contain different media types if the ports are operating at the same speed. Aggregated links can be manually or automatically configured by enabling Link Aggregation Control Protocol (LACP) on the relevant links. This section contians the following topics: • "Defining LACP Parameters" on page 383 • "Defining LAG Membership" on page 385 Defining LACP Parameters The LACP Parameters page contains fields for configuring LACP LAGs.
• LACP Port Priority (1-65535) — LACP priority value for the port. • LACP Timeout — Administrative LACP timeout. The possible field values are: – Short — Specifies a short timeout value. – Long — Specifies a long timeout value. Defining Link Aggregation Global Parameters 1 Open the LACP Parameters page. 2 Complete the LACP System Priority field. 3 Click Apply Changes. The parameters are defined, and the device is updated. Defining Link Aggregation Port Parameters 1 Open the LACP Parameters page.
Configuring LACP Parameters Using CLI Commands The following table summarizes the equivalent CLI commands for configuring LACP parameters as displayed in the LACP Parameters page. Table 7-36. LACP Parameters CLI Commands CLI Command Description lacp system-priority value Configures the system priority. lacp port-priority value Configures the priority value for physical ports. lacp timeout {long | short} Assigns an administrative LACP timeout.
Figure 7-69. LAG Membership The LAG Membership page contains the following fields: • LACP — Aggregates the port to a LAG, using LACP. • LAG — Adds a port to a LAG, and indicates the specific LAG to which the port belongs. Adding Ports to a LAG or LACP 1 Open the LAG Membership page. 2 In the LAG row (the second row), toggle the button to a specific number to aggregate or remove the port to that LAG number.
The following is an example of the CLI commands: console(config)# interface ethernet 1/e11 console(config-if)# channel-group 1 mode on Multicast Forwarding Support Multicast forwarding allows a single packet to be forwarded to multiple destinations. Layer 2 Multicast service is based on Layer 2 device receiving a single packet addressed to a specific Multicast address. Multicast forwarding creates copies of the packet, and transmits the packets to the relevant ports.
Ports requesting to join a specific Multicast group issue an IGMP report, specifying that Multicast group is accepting members. This results in the creation of the Multicast filtering database. The Global Parameters page contains fields for enabling IGMP Snooping on the device. To open the Global Parameters page, click Switch → Multicast Support → Global Parameters in the tree view. Figure 7-70.
Enabling IGMP Snooping on the device 1 Open the Global Parameters page. 2 Select Enable in the IGMP Snooping Status field. 3 Click Apply Changes. IGMP Snooping is enabled on the device. Enabling Multicast Filtering and IGMP Snooping Using CLI Commands The following table summarizes the equivalent CLI commands for enabling Multicast Filtering and IGMP Snooping as displayed on the Global Parameters page. Table 7-38.
Figure 7-71. Bridge Multicast Group The Bridge Multicast Group page contains the following fields: 390 • VLAN ID — Identifies a VLAN and contains information about the Multicast group address. • Bridge Multicast Address — Identifies the Multicast group MAC address/IP address. • Remove — Indicates whether to remove a Bridge Multicast address. – Checked — Removes the selected Bridge Multicast address. – Unchecked — Maintains the selected Bridge Multicast address.
The following table contains the IGMP port and LAG members management settings: Table 7-39. IGMP Port/LAG Members Table Control Settings Port Control Definition D The port/LAG has joined the Multicast group dynamically in the Current Row. S Attaches the port to the Multicast group as static member in the Static Row. The port/LAG has joined the Multicast group statically in the Current Row. F Forbidden. Blank The port is not attached to a Multicast group.
Defining Ports to Receive Multicast Service 1 Open the Bridge Multicast Group page. 2 Define the VLAN ID and the Bridge Multicast Address fields. 3 Toggle a port to S to join the port to the selected Multicast group. 4 Toggle a port to F to forbid adding specific Multicast addresses to a specific port. 5 Click Apply Changes. The port is assigned to the Multicast group, and the device is updated. Assigning LAGs to Receive Multicast Service 1 Open the Bridge Multicast Group page.
The following is an example of the CLI commands: Console(config-if)# bridge multicast address 0100.5e02.0203 add ethernet 1/e11,1/e12 console(config-if)# end console # show bridge multicast address-table Vlan MAC Address Type Ports ---- ----------- ----- ---------- 1 0100.5e02.0203 static 1/e11, 1/e12 19 0100.5e02.0208 static 1/e11-16 19 0100.5e02.0208 dynamic 1/e11-12 Forbidden ports for multicast addresses: Vlan MAC Address Ports ---- ----------- ---------- 1 0100.5e02.
Vlan IP Address Ports ---- ----------- ---------- 1 224-239.130|2.2.3 1/e8 19 224-239.130|2.2.8 1/e8 Assigning Multicast Forward All Parameters The Bridge Multicast Forward All page contains fields for attaching ports or LAGs to a device that is attached to a neighboring Multicast router/switch. Once IGMP Snooping is enabled, Multicast packets are forwarded to the appropriate port or VLAN.
Managing Bridge Multicast Forward All Switch/Port Control Settings Table The following table describes the controls used to set the port controls. Table 7-41. Bridge Multicast Forward All Switch/Port Control Settings Table Port Control Definition D Attaches the port to the Multicast router or switch as a dynamic port. S Attaches the port to the Multicast router or switch as a static port. F Forbidden. Blank The port is not attached to a Multicast router or switch.
The following is an example of the CLI commands: Console(config)# interface vlan 1 Console(config-if)# bridge multicast forward-all add ethernet 1/e3 Console(config-if)# end Console# show bridge multicast filtering 1 Filtering: Enabled VLAN: Forward-All Port Static Status ------- ----------------- ----------- 1/e11 Forbidden Filter 1/e12 Forward Forward(s) 1/e13 - Forward(d) IGMP Snooping The IGMP Snooping page contains fields for adding IGMP members.
• VLAN ID — Specifies the VLAN ID. • IGMP Snooping Status — Enables or disables IGMP snooping on the VLAN. • Auto Learn — Enables or disables Auto Learn on the device. • IGMP Querier Status — Enables or disables the IGMP Querier. The IGMP Querier simulates the behavior of a multicast router, allowing snooping of the layer 2 multicast domain even though there is no multicast router. • Querier IP Address — IP address of the IGMP Querier.
Configuring IGMP Snooping with CLI Commands The following table summarizes the equivalent CLI commands for configuring IGMP Snooping on the device: Table 7-43. IGMP Snooping CLI Commands CLI Command Description ip igmp snooping Enables Internet Group Membership Protocol (IGMP) snooping. ip igmp snooping mrouter learn-pimdvmrp Enables automatic learning of Multicast router ports in the context of a specific VLAN. ip igmp snooping host-time-out timeout Configures the host-time-out.
The following is an example of the CLI commands: Console> enable Console# config Console (config)# ip igmp snooping Console (config)# interface vlan 1 Console (config-if)# ip igmp snooping mrouter learn-pim-dvmrp Console (config-if)# ip igmp snooping host-time-out 300 Console (config-if)# ip igmp snooping mrouter-time-out 200 Console (config-if)# exit Console (config)# interface vlan 1 Console (config-if)# ip igmp snooping leave-time-out 60 Console (config-if)# exit Console (config)# exit Console # show ip
IGMP Snooping admin: Enabled Hosts and routers IGMP version: 2 IGMP snooping oper mode: Enabled IGMP snooping querier admin: Enabled IGMP snooping querier oper: Enabled IGMP snooping querier address admin: IGMP snooping querier address oper: 172.16.1.1 IGMP snooping querier version admin: 3 IGMP snooping querier version oper: 2 IGMP host timeout is 300 sec IGMP Immediate leave is disabled.
Unregistered Multicast Multicast frames are generally forwarded to all ports in the VLAN. If IGMP Snooping is enabled, the device learns about the existence of Multicast groups and monitors which ports have joined what Multicast group. Multicast groups can also be statically enabled. This enables the device to forward the Multicast frames (from a registered Multicast group) only to ports that are registered to that Multicast group.
Setting the Unregistered Multicast Status of an Interface 1 Open the Unregistered Multicast page. 2 Select the interface for which Unregistered Multicast needs to be set. 3 Select a status in the Status field. 4 Click Apply Changes. Unregistered Multicast status is set. Displaying the Unregistered Multicast Table 1 Open the Unregistered Multicast page. 2 Click Show All. The Unregistered Multicast Table opens. Figure 7-77.
Configuring Unregistered Multicast with CLI Commands The following table summarizes the equivalent CLI commands for configuring Unregistered Multicast on the device: Table 7-44. Unregistered Multicast CLI Commands CLI Command Description bridge multicast unregistered Configures the forwarding state of unregistered multicast addresses. show bridge multicast unregistered Displays the unregistered multicast filtering configuration.
Configuring Switch Information
Viewing Statistics The Statistic pages contains links to device information for interface, GVRP, etherlike, RMON, and device utilization. To open the Statistics page, click Statistics in the tree view. CLI commands are not available for all the Statistics pages. This section contians the following topics: • "Viewing Tables" on page 405 • "Viewing RMON Statistics" on page 420 • "Viewing Charts" on page 435 Viewing Tables The Table Views page contains links for displaying statistics in a table form.
Figure 8-1. Utilization Summary The Utilization Summary page contains the following fields: • 406 Refresh Rate—Indicates the amount of time that passes before the interface statistics are refreshed. The possible field values are: • 15 Sec — Indicates that the interface statistics are refreshed every 15 seconds. • 30 Sec — Indicates that the interface statistics are refreshed every 30 seconds. • 60 Sec — Indicates that the interface statistics are refreshed every 60 seconds.
Viewing Counter Summary The Counter Summary page contains statistics for port utilization in numeric sums as opposed to percentages. To open the Counter Summary page, click Statistics/RMON → Table Views → Counter Summary in the tree view. Figure 8-2. Counter Summary The Counter Summary page contains the following fields: • Refresh Rate — Indicates the amount of time that passes before the interface statistics are refreshed.
• Received Non Unicast Packets — Number of received non-Unicast packets on the interface. • Transmit Non Unicast Packets — Number of transmitted non-Unicast packets from the interface. • Received Errors — Number of received packets with errors on the interface. • Global System LAGs — Provides a counter summary for global system LAGs. Viewing Interface Statistics The Interface Statistics page contains statistics for both received and transmitted packets.
The Interface Statistics page contains the following fields: • Interface — Specifies whether statistics are displayed for a port or LAG. • Refresh Rate — Amount of time that passes before the interface statistics are refreshed. The possible field values are: • 15 Sec — Indicates that the interface statistics are refreshed every 15 seconds. • 30 Sec — Indicates that the interface statistics are refreshed every 30 seconds.
Viewing Interface Statistics Using the CLI Commands The following table contains the CLI commands for viewing interface statistics. Table 8-1. Interface Statistics CLI Commands CLI Command Description show interfaces counters Displays traffic seen by the physical [ethernet interface | port- interface. channel port-channel-number] The following is an example of the CLI commands.
Viewing Etherlike Statistics The Etherlike Statistics page contains interface errors statistics. To open the Etherlike Statistics page, click Statistics/RMON → Table Views → Etherlike Statistics in the tree view. Figure 8-4. Etherlike Statistics The Etherlike Statistics page contains the following fields: • Interface — Specifies whether statistics are displayed for a port or LAG. • Refresh Rate — Amount of time that passes before the interface statistics are refreshed.
• Single Collision Frames — Number of single collision frame errors received on the selected interface. • Late Collisions — Number of late collisions received on the selected interface. • Internal MAC Transmit Errors — Number of internal MAC transmit errors on the selected interface. • Oversize Packets — Number of oversize packets on the selected interface. • Received Pause Frames — Number of received paused errors on the selected interface.
The following is an example of the CLI commands.
Viewing GVRP Statistics The GVRP Statistics page contains device statistics for GVRP. To open the page, click Statistics/RMON → Table Views → GVRP Statistics in the tree view. Figure 8-5. GVRP Statistics The GVRP Statistics page contains the following fields: 414 • Interface — Specifies whether statistics are displayed for a port or LAG. • Refresh Rate — Amount of time that passes before the GVRP statistics are refreshed.
GVRP Statistics Table • Join Empty — Device GVRP Join Empty statistics. • Empty — Indicates the number of empty GVRP statistics. • Leave Empty — Device GVRP Leave Empty statistics. • Join In — Device GVRP Join In statistics. • Leave In — Device GVRP Leave in statistics. • Leave All — Device GVRP Leave all statistics. GVRP Error Statistics • Invalid Protocol ID — Device GVRP Invalid Protocol ID statistics. • Invalid Attribute Type — Device GVRP Invalid Attribute ID statistics.
The following is an example of the CLI commands: console# show gvrp statistics GVRP statistics: ---------------Legend: rJE : Join Empty Received rJIn : Join In Received rEmp : Empty Received rLIn : Leave In Received rLE : Leave Empty Received rLA : Leave All Received sJE : Join Empty Sent sJIn : Join In Sent sEmp : Empty Sent sLIn : Leave In Sent sLE : Leave Empty Sent sLA : Leave All Sent Port rJE rJIn rEmp rLIn rLE rLA sJE sJIn sEmp sLIn sLE sLA ---- --- ---- ---- ---- --- --- --- --- --- ---- --- --1/e1
Console# show gvrp error-statistics GVRP error statistics: ---------------Legend: INVPROT : Invalid Protocol Id INVPLEN : Invalid PDU Length INVATYP : Invalid Attribute Type INVALEN : Invalid Attribute Length INVAVAL : Invalid Attribute Value INVEVENT : Invalid Event Port INVPROT INVATYP INVAVAL INVPLEN INVALEN INVEVENT ---- ------- ------- ------- ------- ------- ------1/e1 0 0 0 0 0 0 1/e2 0 0 0 0 0 0 1/e3 0 0 0 0 0 0 1/e4 0 0 0 0 0 0 sLE : Leave Empty Sent sLA : Leave All Sent
Viewing EAP Statistics The EAP Statistics page contains information about EAP packets received on a specific port. For more information about EAP, see "Port Based Authentication". To open the EAP Statistics page, click Statistics/RMON → Table Views → EAP Statistics in the tree view. Figure 8-6. EAP Statistics The EAP Statistics page contains the following fields: • Port — Indicates the port which is polled for statistics.
• Frames Transmit — Indicates the number of EAPOL frames transmitted via the port. • Start Frames Receive — Indicates the number of EAPOL Start frames received on the port. • Log off Frames Receive — Indicates the number of EAPOL Logoff frames received on the port. • Respond ID Frames Receive — Indicates the number of EAP Resp/Id frames received on the port. • Respond Frames Receive — Indicates the number of valid EAP Response frames received on the port.
The following is an example of the CLI commands: console# show dot1x statistics ethernet 1/e1 EapolFramesRx: 11 EapolFramesTx: 12 EapolStartFramesRx: 1 EapolLogoffFramesRx: 1 EapolRespIdFramesRx: 3 EapolRespFramesRx: 6 EapolReqIdFramesTx: 3 EapolReqFramesTx: 6 InvalidEapolFramesRx: 0 EapLengthErrorFramesRx: 0 LastEapolFrameVersion: 1 LastEapolFrameSource: 0008.3b79.8787 Viewing RMON Statistics Remote Monitoring (RMON) allows network managers to view network information from a remote location.
Figure 8-7. RMON Statistics The RMON Statistics page contains the following fields: • Interface — Specifies the port or LAG for which statistics are displayed. • Refresh Rate — Amount of time that passes before the statistics are refreshed. • Received Bytes (Octets) — Number of bytes received on the selected interface. • Received Packets — Number of packets received on the selected interface.
• CRC & Align Errors — Number of CRC and Align errors that have occurred on the interface since the device was last refreshed. • Undersize Packets — Number of undersized packets (less than 64 octets) received on the interface since the device was last refreshed. • Oversize Packets — Number of oversized packets (over 1632 octets) received on the interface since the device was last refreshed.
The following is an example of the CLI commands: console# show rmon statistics ethernet 1/e1 Port 1/e1 Dropped: 8 Octets: 878128 Packets: 978 Broadcast: 7 Multicast: 1 CRC Align Errors: 0 Collisions: 0 Undersize Pkts: 0 Oversize Pkts: 0 Fragments: 0 Jabbers: 0 64 Octets: 98 65 to 127 Octets: 0 128 to 255 Octets: 0 256 to 511 Octets: 0 512 to 1023 Octets: 491 1024 to 1632 Octets: 389 Viewing RMON History Control Statistics The RMON History Control contains information about samples of data taken from ports.
The RMON History Control page contains the following fields: • History Entry No. — Entry number for the History Control page. • Source Interface — Port or LAG from which the history samples were taken. • Owner (0-20 characters) — RMON station or user that requested the RMON information. • Max No. of Samples to Keep (1-50) — Number of samples to be saved. The default value is 50. • Current No. of Samples in List — Indicates the current number of samples taken.
Viewing RMON History Control Using the CLI Commands The following table contains the CLI commands for viewing RMON History Control. Table 8-6. RMON History CLI Commands CLI Command Description rmon collection history index [owner ownername | buckets bucket-number] [interval seconds] Enables and configures RMON on an interface. show rmon collection history [ethernet interface | portchannel port-channelnumber] Displays RMON collection history statistics.
The RMON History Table page contains the following fields: Not all fields are shown in the RMON History Table in theRMON History Table figure. • History Entry No. — Specifies the entry number from the History Control page. • Owner — Indicates the RMON station or user that requested the RMON information. • Sample No. — Indicates the number of specific sample the information in the table reflects.
Viewing RMON History Control Using the CLI Commands The following table contains the CLI commands for viewing RMON history. Table 8-7. RMON History Control CLI Commands CLI Command Description show rmon history index {throughput | errors | other} [period seconds] Displays RMON Ethernet statistics history.
Defining Device RMON Events Use the RMON Events Control page to define RMON events. To open the RMON Events Control page, click Statistics/RMON→ RMON→ Events Control in the tree view. Figure 8-10. RMON Events Control The RMON Events Control page contains the following fields: 428 • Event Entry — Indicates the event. • Community — Community to which the event belongs. • Description — User-defined event description. • Type — Describes the event type.
Adding a RMON Event 1 Open the RMON Events Control page. 2 Click Add. The Add an Event Entry page opens. 3 Complete the information in the dialog and click Apply Changes. The Event Table entry is added, and the device is updated. Modifying a RMON Event 1 Open the RMON Events Control page 2 Select an entry in the Event Table. 3 Modify the fields in the dialog and click Apply Changes. The Event Table entry is modified, and the device is updated.
The following is an example of the CLI commands: console(config)# rmon event 1 log console(config)# exit console# show rmon events Index Description Type Community Owner Last Time Sent ----- ----------- -------- --------- ------- -------------- 1 Errors Log CLI Jan 18 2002 23:58:17 2 High Broadcast Log-Trap router Manager Jan 18 2002 23:59:48 Viewing the RMON Events Log The RMON Events Log page contains a list of RMON events.
Defining Device Events Using the CLI Commands The following table contains the CLI commands for defining device events. Table 8-9. Device Event Definition CLI Commands CLI Command Description show rmon log [event] Displays the RMON logging table.
Figure 8-12. RMON Alarms The RMON Alarms page contains the following fields: • Alarm Entry — Indicates a specific alarm. • Interface — Indicates the interface for which RMON statistics are displayed. • Counter Name — Indicates the selected MIB variable. • Counter Value — The value of the selected MIB variable. • Sample Type — Specifies the sampling method for the selected variable and comparing the value against the thresholds.
• Rising Event — The mechanism in which the alarms are reported including a log, a trap, or both. When a log is selected, there is no saving mechanism either in the device or in the management system. However, if the device is not being reset, it remains in the device Log table. If a trap is selected, an SNMP trap is generated and reported via the Trap mechanism. The trap can be saved using the same mechanism.
Modifying an Alarm Table Entry 1 Open the RMON Alarms page. 2 Select an entry in the Alarm Entry drop-down menu. 3 Modify the fields. 4 Click Apply Changes. The entry is modified, and the device is updated. Displaying the Alarm Table 1 Open the RMON Alarms page. 2 Click Show All. The Alarms Table opens. Deleting an Alarm Table Entry 1 Open the RMON Alarms page. 2 Select an entry in the Alarm Entry drop-down menu. 3 Check the Remove check box. 4 Click Apply Changes.
The following is an example of the CLI commands: console(config)# rmon alarm 1000 1.3.6.1.2.1.2.2.1.10.1 360000 1000000 1000000 10 20 Console# show rmon alarm-table Index OID Owner ------------------------------ ----- 11.3.6.1.2.1.2.2.1.10.1 CLI 21.3.6.1.2.1.2.2.1.10.1 Manager 31.3.6.1.2.1.2.2.1.10.9 CLI Viewing Charts The Chart page contains links for displaying statistics in a chart form. To open the page, click Statistics→ Charts in the tree view.
Viewing Port Statistics Use the Port Statistics page to open statistics in a chart form for port elements. To open the Port Statistics page, click Statistics/RMON→ Charts→ Port Statistics in the tree view. Figure 8-14. Port Statistics The Port Statistics page contains the following fields: • Unit No. — Indicates the stacking unit for which the statistics are displayed. • Interface Statistics — Selects the interface statistics to display.
Viewing Port Statistics Using the CLI Commands The following table contains the CLI commands for viewing port statistics. Table 8-11. Port Statistic CLI Commands CLI Command Description show interfaces counters [ethernet interface | port-channel portchannel-number] Displays traffic seen by the physical interface. show rmon statistics {ethernet interface | port-channel portchannel-number} Displays RMON Ethernet statistics.
The LAG Statistics page contains the following fields: • Interface Statistics — Selects the interface statistics to display. • Etherlike Statistics — Selects the Etherlike statistics to display. • RMON Statistics — Selects the RMON statistics to display. • GVRP Statistics — Selects the GVRP statistics type to display. • Refresh Rate — Amount of time that passes before the statistics are refreshed. Displaying LAG Statistics 1 Open the LAG Statistics page. 2 Select the statistic type to open.
Viewing the CPU Utilization The CPU Utilization page contains information about the system’s CPU utilization and percentage of CPU resources consumed by each stacking member. Each stacking member is assigned a color on the graph. To open the CPU Utilization page, click Statistics/RMON→ Charts→ CPU Utilization in the tree view. Figure 8-16. CPU Utilization The CPU Utilization page contains the following information: • Refresh Rate — Amount of time that passes before the statistics are refreshed.
Viewing CPU Utilization Using CLI Commands The following table summarizes the equivalent CLI commands for viewing CPU utilization. Figure 8-17. CPU Utilization CLI Commands CLI Command Description show cpu utilization To display the CPU utilization. The following is an example of the CLI commands: Console# show cpu utilization CPU utilization service is on.
Configuring Quality of Service This section provides information for defining and configuring Quality of Service (QoS) parameters. To open the Quality of Service page, click Quality of Service in the tree view. This section contians the following topics: • "Quality of Service (QoS) Overview" on page 441 • "Configuring QoS Global Settings" on page 443 Quality of Service (QoS) Overview Quality of Service (QoS) provides the ability to implement QoS and priority queuing within a network.
Table 9-1. CoS to Queue Mapping Table Default values (continued) CoS Value Forwarding Queue Values 5 q3 6 q4 7 q4 Packets arriving untagged are assigned a default VPT value, which is set on a per port basis. The assigned VPT is used to map the packet to the egress queue. DSCP values can be mapped to priority queues. The following table contains the default DSCP mapping to egress queue values: Table 9-2.
Configuring QoS Global Settings Quality of Service (QoS) provides the ability to implement QoS and priority queuing within a network. The Global Settings page contains a field for enabling or disabling QoS. It also contains a field for selecting the Trust mode. The Trust mode relies on predefined fields within the packet to determine the egress queue. In addition, the Global Settings page enables defining queues as either Strict Priority (SP) or Weighted Round Robin (WRR).
Queue Settings • Strict Priority — Indicates the system queues are SP queues, when selected. • WRR — Indicates the system queues are WRR queues, when selected. Enabling Quality of Service: 1 Open the Global Settings page. 2 Select Enable in the Quality of Service field. 3 Click Apply Changes. Class of Service is enabled on the device. Enabling the Trust Mode: 1 Open the Global Settings page. 2 Define the Trust Mode field. 3 Click Apply Changes. Trust mode is enabled on the device.
Defining QoS Interface Settings The Interface Settings page contains fields for deactivating the Trust mode, and setting the default CoS value on incoming untagged packets. To open the Interface Settings page, click Quality of Service→ QoS Parameters → Interface Settings in the tree view. Figure 9-2. Interface Settings The Interface Settings page contains the following fields: • Interface — The specific port or LAG to configure.
Assigning QoS Interfaces Using the CLI Commands The following table summarizes the equivalent CLI commands for configuring fields in the Interface Settings page. Table 9-4. QoS Interface CLI Commands CLI Command Description qos trust Enables the trust mode. no qos trust Disables Trust state on each port.
• Interface — Indicates the port or LAG that is being displayed. • Egress Shaping Rate on Selected Port — Indicates the Egress traffic limit status for the interface. – Checked — The Egress traffic limit is enabled. – Not Checked — The Egress traffic limit is disabled. • Committed Information Rate (CIR) — Defines the Egress CIR traffic limit for the interface. • Ingress Rate Limit Status — Indicates the Ingress traffic limit status for the interface.
Assigning Bandwidth Settings Using the CLI Commands The following table summarizes the equivalent CLI commands for configuring fields in the Bandwidth Settings page. Table 9-5. Bandwidth Settings CLI Commands CLI Command Description traffic-shape committed-rate [committed-burst] Set shaper on egress port. Use no form in order to disable the shaper. no traffic-shape rate-limit rate no rate-limit Limit the rate of the incoming traffic. Use the no form to disable rate limit.
The CoS to Queue page contains the following fields: • Class of Service — Specifies the CoS priority tag values, where zero is the lowest and 7 is the highest. • Queue — The queue to which the CoS priority is mapped. Four traffic priority queues are supported. • Restore Defaults — Restores the device factory defaults for mapping CoS values to an egress queue. Mapping a CoS Value to a Queue 1 Open the CoS to Queue page. 2 Select a CoS entry. 3 Define the queue number in the Queue field.
Mapping DSCP Values to Queues The DSCP to Queue page provides fields for defining egress queue to specific DSCP fields. To open the DSCP to Queue page, click Quality of Service→ QoS Mapping→ DSCP to Queue in the tree view. Figure 9-6. DSCP to Queue The DSCP to Queue page contains the following fields: 450 • DSCP In — The values of the DSCP field within the incoming packet. • Queue — The queue to which packets with the specific DSCP value is assigned.
Mapping a DSCP Value and Assigning a Priority Queue 1 Open the DSCP to Queue page. 2 Select a value in the DSCP In column. 3 Define the Queue field. 4 Click Apply Changes. The DSCP is overwritten, and the value is assigned an egress queue. Assigning DSCP Values Using the CLI Commands The following table summarizes the equivalent CLI commands for configuring fields in the DSCP to Queue page. Table 9-7.
Configuring Quality of Service
Glossary This glossary contains key technical words of interest. A B C D E F G H I L M N O P Q R S T U V W A Access Mode Specifies the method by which user access is granted to the system. Access Profiles Allows network managers to define profiles and rules for accessing the switch module. Access to management functions can be limited to user groups, which are defined by the following criteria: • Ingress interfaces • Source IP address or Source IP subnets ACL Access Control List.
Auto-negotiation Allows 10/100 Mpbs or 10/100/1000 Mbps Ethernet ports to establish for the following features: • Duplex/ Half Duplex mode • Flow Control • Speed B Back Pressure A mechanism used with Half Duplex mode that enables a port not to receive a message. Backplane The main BUS that carries information in the switch module. Backup Configuration Files Contains a backup copy of the switch module configuration.
Bridge A device that connect two networks. Bridges are hardware specific, however they are protocol independent. Bridges operate at Layer 1 and Layer 2 levels. Broadcast Domain device sets that receive broadcast frames originating from any device within a designated set. Routers bind Broadcast domains, because routers do not forward broadcast frames. Broadcasting A method of transmitting packets to all ports on a network.
D DHCP Client A device using DHCP to obtain configuration parameters, such as a network address. DHCP Snooping DHCP Snooping expands network security by providing firewall security between untrusted interfaces and DHCP servers. DSCP DiffServe Code Point (DSCP). DSCP provides a method of tagging IP packets with QoS priority information. Domain A group of computers and devices on a network that are grouped with common rules and procedures. DRAC/MC DRAC/MC.
F FFT Fast Forward Table. Provides information about forwarding routes. If a packet arrives to a device with a known route, the packet is forwarded via a route listed in the FFT. If there is not a known route, the CPU forwards the packet and updates the FFT. FIFO First In First Out. A queuing process where the first packet in the queue is the first packet out of the packet. Flapping Flapping occurs when an interfaces state is constantly changing.
I IC Integrated Circuit. Integrated Circuits are small electronic devices composed from semiconductor material. ICMP Internet Control Message Protocol. Allows gateway or destination host to communicate with a source host, for example, to report a processing error. IEEE Institute of Electrical and Electronics Engineers. An Engineering organization that develops communications and networking standards. IEEE 802.1d Used in the Spanning Tree Protocol, IEEE 802.1d supports MAC bridging to avoid network loops.
ISATAP Intra-Site Automatic Tunnel Addressing Protocol . ISATAP is an automatic overlay tunneling mechanism that uses the underlying IPv4 network as a nonbroadcast/multicast access link layer for IPv6. ISATAP is designed for transporting IPv6 packets within a site where a native IPv6 infrastructure is not yet available. L LAG Link Aggregated Group. Aggregates ports or VLANs into a single virtual port or VLAN. For more information on LAGs, see Defining LAG Membership. LAN Local Area Networks.
MAC Address Learning MAC Address Learning characterizes a learning bridge, in which the packet’s source MAC address is recorded. Packets destined for that address are forwarded only to the bridge interface on which that address is located. Packets addressed to unknown addresses are forwarded to every bridge interface. MAC Address Learning minimizes traffic on the attached LANs. MAC Layer A sub-layer of the Data Link Control (DTL) layer.
NMS Network Management System. An interface that provides a method of managing a system. Node A network connection endpoint or a common junction for multiple network lines. Nodes include: • Processors • Controllers • Workstations O OID Organizationally Unique Identifiers. Identifiers associated with a Voice VLAN. OUI Object Identifier. Used by SNMP to identify managed objects. In the SNMP Manager/ Agent network management paradigm, each managed object must have an OID to identify it.
Port Speed Indicates port speed of the port. Port speeds include: • Ethernet 10 Mbps • Fast Ethernet 100Mbps • Gigabit Ethernet 1000 Mbps Protocol A set of rules that governs how devices exchange information across networks. PVE Protocol VLAN Edge. A port can be defined as a Private VLAN Edge (PVE) port of an uplink port, so that it will be isolated from other ports within the same VLAN. Q QoS Quality of Service.
RSTP Rapid Spanning Tree Protocol. Detects and uses network topologies that allow a faster convergence of the spanning tree, without creating forwarding loops. Running Configuration File Contains all startup configuration file commands, as well as all commands entered during the current session. After the switch module is powered down or rebooted, all commands stored in the Running Configuration file are lost. S Segmentation Divides LANs into separate LAN segments for bridging.
Subnet Sub-network. Subnets are portions of a network that share a common address component. On TCP/IP networks, devices that share a prefix are part of the same subnet. For example, all devices with a prefix of 157.100.100.100 are part of the same subnet. Subnet Mask Used to mask all or part of an IP address used in a subnet address. Switch Filters and forwards packets between LAN segments. Switches support any packet protocol type. T TCP/IP Transmissions Control Protocol.
W WAN Wide Area Networks. Networks that cover a large geographical area. Wildcard Mask Specifies which IP address bits are used, and which bits are ignored. A wild switch module mask of 255.255.255.255 indicates that no bit is important. A wildcard of 0.0.0.0 indicates that all the bits are important.
Glossary
Device Feature Interaction Information The following table contains information about feature interactions Feature Feature Notes 802.1x Unauthenticated VLAN 802.1x Unauthenticated VLANs have restricted functionality with: • 802.1X Guest VLAN • Special VLAN 802.1x Unauthenticated VLAN Port 802.
Feature Feature Notes Link Aggregation No feature interaction restrictions or limitations. However, this feature has several guidelines for configuring Link Aggregation. For all the feature guidelines, see "Defining LAG Parameters". LLDP-MED No feature interaction restrictions or limitations. Locked Ports ‘Locked port functionality is restricted with: • MAC Based ACLs • Ingress Filtering Logging No feature interaction restrictions or limitations.
Feature Feature Notes SNTP Authentication No feature interaction restrictions or limitations. Spanning Tree No feature interaction restrictions or limitations. Special VLAN No feature interaction restrictions or limitations Static MAC No feature interaction restrictions or limitations Storm Control No feature interaction restrictions or limitations System Logs No feature interaction restrictions or limitations System Time Synchronization No feature interaction restrictions or limitations.
Device Feature Interaction Information
Index Numerics BootP, 454 Default settings, 256 802.1d, 21 BPDU, 327, 344, 454 802.
Index F HMAC-MD5, 231 L Failure, 12 HMAC-SHA-96, 231 L2TP, 459 Fans, 90 HMP, 457 LACP, 383 Fast link, 22, 332, 336 HOL, 18, 457 LAGs, 336, 385, 394, 459 File Transfer Protocol, 457 HTTP, 170 LCP, 341 Filtering, 358, 360, 387 HTTPS, 170 LEDs, 30 Firmware, 248 Flow Control, 66 FTP, 457 Light Emitting Diodes, 30 I ICMP, 458 IDRP, 458 Line, 178 Line Passwords, 192 Link aggregation, 383 Link Control Protocol, 341 G IEEE, 458 GARP, 321-322, 324, 457 IEEE 802.
Management Access Methods, 181 Management Information Base, 219, 460 Management methods, 173 P Rapid STP, 342, 345, 349 Passwords, 69, 195 Remote Authentication Dial In User Service, 25 PDU, 461 PING, 461 PoE, 11, 17, 92 Remote Authentication DialIn User Service, 462 Port, 29 Remote Authorization Dial-In User Service, 200 Port LEDs, 30 Reset, 128 MD5, 102, 460 Port mirroring, 312 Reset button, 37 MDI, 18, 300, 460 Ports, 71, 297, 437 MDI/MDIX, 66 Power over Ethernet, 11, 17, 92 RMON, 420,
Index Software version, 98 U W Spanning Tree Protocol, 325 UDP, 464 Warm standby, 14 SPF LEDs, 30 Warning, 114, 116 SSH, 182, 463 Understanding the interface, 69 Stack master, 12-13 Unicast, 101-102, 104 Web management system icons, 72 Stacking, 12, 34, 36 Unit failure, 12 Width, 30 Stacking discovering, 14 Unit IDs, 13 Stacking failover topology, 13 Uploading files, 250 Startup file, 246 User Data Protocol, 464 Static addresses, 318 User Security Model, 219 Storm control, 308
