Dell™ PowerConnect™ 6200 Series User’s Guide Model PC6224, PC6248, PC6224P, PC6248P, and PC6224F w w w. d e l l . c o m | s u p p o r t . d e l l .
Notes, Cautions, and Warnings A NOTE indicates important information that helps you make better use of your computer. A CAUTION indicates potential damage to hardware or loss of data if instructions are not followed. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. ____________________ Information in this document is subject to change without notice. © 2011 Dell Inc. All rights reserved.
Contents 1 Introduction System Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Switching Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 MAC Address Supported Features . IPv4 Routing Features . . . . . . . . IPv6 Routing Features . . . . . . . . IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Device Management Buttons . Check Boxes . . . . . . . . . Defining Fields . . . . . . . . . . . . . . . . . . . . . . . . 44 45 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 46 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Power Connection 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Hardware Description Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Front Panel . Rear Panel 55 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 Console (RS-232) Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 Physical Dimensions . . . . . . . . . . . . . . .
Advanced Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . CLI Basics . . . . . . . . . . . . . . . . . . . . . . . 6200 Series CLI Reference Guide . . . . . . . . . . . Security Management and Password Configuration . Software Download and Reboot . . . . . . . . . . . . 87 88 91 . . . . . . . . . . . . . . . . . . . . . . . . 94 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 . . . . . . . . . . . . . . . . . . . . . . . . . . .
Time Zone Configuration . . Summer Time Configuration Clock Detail . . . . . . . . . Reset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122 123 125 126 Configuring SNTP Settings . . . . . . . . . . . . . . . . . . . . . . . . . . 127 SNTP Global Settings . SNTP Authentication . SNTP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128 129 132 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Authorization Network RADIUS Telnet Server . . . . . . . . . . Denial of Service . . . . . . . . Captive Portal . . . . . . . . . . . . . . . . . . . . . 191 191 193 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . CP Global Configuration . . . . . CP Configuration . . . . . . . . . CP Web Customization . . . . . . Local User . . . . . . . . . . . . . User Group . . . . . . . . . . . .
Defining Stacking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Synchronizing the Running Configuration between the Master and Standby Units . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring Stacking . . . . . . . . . . . . . . . . . . . . . . . . . Trap Manager . . 249 . . . . 249 250 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262 Trap Flags . . . . .
ACL Bind Configuration . Configuring Ports . . . . . . . . . . . . . . . . . . . . . . . . . . 316 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319 Global Parameters . . . . . . Port Configuration. . . . . . . Protected Port Configuration . LAG Configuration. . . . . . . Storm Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319 321 324 326 329 . . . . . . . . . . . . . . . . . . . . . . . . . 332 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
LAG Hash Configuration LAG Hash Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 390 391 Managing Multicast Support . . . . . . . . . . . . . . . . . . . . . . . . . 393 . . . . . . . . . . . . . . . . . . . . . . 393 394 398 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399 Multicast Global Parameters Bridge Multicast Group . . . . Bridge Multicast Forward. . . . . . . . . . . . . . . . . . . . . . . . . .
DAI Statistics DHCP Snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 447 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 448 DHCP Snooping Configuration . . . . . . . . . DHCP Snooping Interface Configuration . . . . DHCP Snooping VLAN Configuration . . . . . . DHCP Snooping Persistent Configuration . . . DHCP Snooping Static Bindings Configuration . DHCP Snooping Dynamic Bindings Summary . DHCP Snooping Statistics . . . . . . . . . . . DHCP Relay . . . . . . . .
9 Configuring Routing Overview . ARP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 501 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 502 . . . . . . . . . . . . . . . . . . . . . . . . . 502 504 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 507 ARP Create . . . . . . . ARP Table Configuration IP . . . . . . . . . . . . . . . . . . . . . . . . . IP Configuration . . . . . . IP Statistics . . . . . . . .
Router Discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Router Discovery Configuration Router Discovery Status . . . . Router. 573 . . . . . . . . . . . . . . . . . . . . . 573 575 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 576 . . . . . . . . . . . . . . . . . . . . . Route Table . . . . . . . . . . . . Best Routes Table . . . . . . . . . Route Entry Configuration. . . . . Configured Routes . . . . . . . . Route Preferences Configuration .
Prefix Delegation Configuration . . DHCPv6 Pool Summary . . . . . . . DHCPv6 Interface Configuration . . DHCPv6 Server Bindings Summary . DHCPv6 Statistics . . . . . . . . . . OSPFv3 . . . . . . . . . . . . . . . . . . . 630 631 632 636 637 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 639 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Service Detailed Statistics Class of Service . . . . . . . . . . . . . . . . . . . . . . . . 701 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 703 Mapping Table Configuration . Interface Configuration . . . . Interface Queue Configuration Auto VoIP . . . . . . . . . . . . . . . . . . . . . . . 703 707 708 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 711 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
MLD Routing Interface Source List Information MLD Traffic . . . . . . . . . . . . . . . . . . . MLD Proxy Configuration . . . . . . . . . . . . MLD Proxy Configuration Summary . . . . . . Interface Membership Information . . . . . . . Interface Membership Information—Detailed . Protocol Independent Multicast . . . . . . . . . . . . . . 759 760 762 763 764 766 . . . . . . . . . . . . . . . . . . . . . . . 767 PIM Global Configuration . . . PIM Global Status . . . . . . . PIM Interface Configuration .
1 Introduction This section describes the switch user-configurable features. For a list of all features, see the software version release notes. NOTE: Before proceeding, read the release notes for this product. Release notes are provided with the firmware available on the Dell Support website, support.dell.com. The Dell™ PowerConnect™ 6200 series are standalone Layer 2 and 3 switches that extend the Dell PowerConnect LAN switching product range.
System Features sFlow sFlow is the standard for monitoring high-speed switched and routed networks. sFlow Version 5 technology is built into network equipment and gives complete visibility into network activity, enabling effective management and control of network resources. CDP Interoperability Allows the PowerConnect switch to interoperate with Cisco™ devices running CDP.
Software Download Software download enables storage of backup firmware images. For information about downloading the software, see "Software Download and Reboot." Trivial File Transfer Protocol (TFTP) The PowerConnect 6200 Series switches support boot image, firmware, and configuration upload or download through TFTP.
Configurable CX-4/Stacking Modules This feature allows the stacking and CX-4 plug-in modules to be configured to either role (Ethernet or Stacking). By default, the module will function according to its module ID. Upon changing the role of a module, a reboot will be required for the change to take effect. Non-stop Forwarding This feature enables a stack to continue forwarding packets when the stack management unit fails due to a power failure, hardware failure, or software fault.
Switching Features IPv6 Access Control Lists An IPv6 ACL consists of a set of rules which are matched sequentially against a packet. When a packet meets the match criteria of a rule, the specified rule action (Permit/Deny) is taken and the additional rules are not checked for a match. Access Control List (ACL) Outbound Support This feature enables binding an ACL (IP, MAC, or IPv6) in outbound direction on physical, LAG, and VLAN interfaces.
IGMP Snooping Internet Group Management Protocol (IGMP) Snooping is a feature that allows a switch to forward multicast traffic intelligently on the switch. Multicast IP traffic is traffic that is destined to a host group. Host groups are identified by class D IP addresses, which range from 224.0.0.0 to 239.255.255.255. Based on the IGMP query and report messages, the switch forwards traffic only to the ports that request the multicast traffic.
Port-Based Features Jumbo Frames Support Jumbo frames enable transporting data in fewer frames to ensure less overhead, lower processing time, and fewer interrupts. Auto-MDI/MDIX Support The switch supports auto-detection between crossed and straight-through cables. Media-Dependent Interface (MDI) is the standard wiring for end stations, and the standard wiring for hubs and switches is known as Media-Dependent Interface with Crossover (MDIX).
Alternate Store and Forward (ASF) The Alternate Store and Forward (ASF) feature reduces latency for large packets. When ASF is enabled, the memory management unit (MMU) can forward a packet to the egress port before it has been entirely received on the Cell Buffer Pool (CBP) memory. AFS, which is also known as cut-through mode, is configurable through the command-line interface.
GVRP Support GARP VLAN Registration Protocol (GVRP) provides IEEE 802.1Q-compliant VLAN pruning and dynamic VLAN creation on 802.1Q trunk ports. When GVRP is enabled, the switch registers and propagates VLAN membership on all ports that are part of the active spanning tree protocol topology. For information about configuring GVRP, see "GVRP Parameters.
Spanning Tree Protocol Features Spanning Tree Now Supports IEEE 802.1Q-2005 This version of the IEEE Multiple Spanning Tree Protocol corrects problems associated with the previous version, provides for faster transition-to-forwarding, and incorporates new features for a port (restricted role and restricted TCN). Spanning Tree Enhancements • Loop Guard — This feature prevents a port from erroneously transitioning from blocking state to forwarding when the port stops receiving BPDUs.
Spanning Tree Root Guard Spanning Tree Root Guard is used to prevent the root of a Spanning Tree instance from changing unexpectedly. The priority of a Bridge ID can be set to zero but another Bridge ID with a lower mac address could also set its priority to zero and take over root. Bridge Protocol Data Unit Guard Spanning Tree BPDU Guard is used to disable the port in case a new device tries to enter the already existing topology of STP.
Voice VLAN The Voice VLAN feature enables switch ports to carry voice traffic with defined priority. The priority level enables the separation of voice and data traffic coming onto the port. For information about configuring Voice VLAN, see "Configuring Voice VLAN.
Routing Features VLAN Routing The PowerConnect 6200 Series software supports VLAN routing. You can also configure the software to allow traffic on a VLAN to be treated as if the VLAN were a router port. Routing Information Protocol (RIP) The route configuration and route preference features have the following changes: • You can configure static reject routes (see Static Reject Routes). • The default values for route preferences have changed.
IP Interface Configuration IP interface configuration includes the ability to configure the bandwidth, Destination Unreachable messages, and ICMP Redirect messages. IP Helper Provides the ability to relay various protocols to servers on a different subnet. VRRP Route Interface Tracking Extends the capability of the Virtual Router Redundancy Protocol (VRRP) to allow tracking of specific route/interface IP state within the router that can alter the priority level of a virtual router for a VRRP group.
MAC Multicast Support Multicast service is a limited broadcast service that allows one-to-many and many-to-many connections. In Layer 2 multicast services, a single frame addressed to a specific multicast address is received, and copies of the frame to be transmitted on each relevant port are created. For information about configuring MAC Multicast Support, see "Managing Multicast Support.
DHCPv6 DHCPv6 incorporates the notion of the “stateless” server, where DHCPv6 is not used for IP address assignment to a client, rather it only provides other networking information such as DNS, Network Time Protocol (NTP), and/or Session Initiation Protocol (SIP) information. OSPFv3 OSPFv3 provides a routing protocol for IPv6 networking. OSPFv3 is a new routing component based on the OSPF version 2 component. In dual stack IPv6, you can configure and use both OSPF and OSPFv3 components.
OSPFv3 The OSPFv3 Configuration page has been updated with the following changes: • AutoCost Reference Bandwidth field • Default Passive Setting field • Maximum Paths increased from 2 to 4 • Passive Mode field Quality of Service Features Voice VLAN The Voice VLAN feature enables switch ports to carry voice traffic with defined priority. The priority level enables the separation of voice and data traffic coming onto the port.
Multicast Features IPv4 Multicast Features Updated IPv4 Multicast Routing Support The Multicast package code has been extensively re-engineered and furnished with the following: • PIM-DM advanced to RFC 3973 • PIM-SM advanced to RFC 4601, pim-sm-bsr-05, draft-ietf-pim-mib-v2-03 • DVMRP advanced to draft-ietf-idmr-dvmrp-v3-10.txt, draft-ietf-idmr-dvmrp-mib-11.
MLD/MLDv2 (RFC2710/RFC3810) MLD is used by IPv6 systems (listeners and routers) to report their IP multicast addresses memberships to any neighboring multicast routers. The implementation of MLD v2 is backward compatible with MLD v1. MLD protocol enables the IPv6 router to discover the presence of multicast listeners, the nodes that want to receive the multicast data packets, on its directly attached interfaces.
TACACS+ TACACS+ provides centralized security for validation of users accessing the switch. TACACS+ provides a centralized user management system, while still retaining consistency with RADIUS and other authentication processes. RADIUS Client RADIUS is a client/server-based protocol in which the server maintains a user database that contains user authentication information, such as user name, password, and accounting information.
2 Using Dell™ OpenManage™ Switch Administrator The topics covered in this section include: • Setting the IP Address of the Switch • Starting the Application • Understanding the Interface • Using the Switch Administrator Buttons • Defining Fields • Accessing the Switch Through the CLI • Using the CLI Using Dell™ OpenManage™ Switch Administrator 39
Setting the IP Address of the Switch Two methods for setting the IP address are to use DHCP or to statically assign the address. See the section titled "Accessing the Switch Through the CLI" on page 45 to start the CLI. Setting DHCP on the Management Interface 1. Type enable at the console> prompt, and press . 2. At the console# prompt, type config and press . 3. At the console(config)# prompt, type ip address dhcp and press . 4. Type exit. 5.
Starting the Application 1. Open a web browser. 2. Enter the switch’s IP address (as defined in the CLI) in the address bar and press . For information about assigning an IP address to a switch, see "Configuration Overview." 3. When the Login window displays, enter a user name and password. NOTE: The switch is not configured with a default password, and you can configure the switch without entering a password when you connect to the CLI by using the console port.
Figure 2-1. Switch Administrator Components: PowerConnect 6200 Series 4 2 1 3 Table 2-1 lists the interface components with their corresponding numbers.
Table 2-1. Component Interface Components Name 1. The tree view contains a list of various device features. The branches in the tree view can be expanded to view all the components under a specific feature, or retracted to hide the feature's components. By dragging the vertical bar to the right, you can expand the tree area to view a full name of a component. 2. The device view provides information about device ports, current configuration and status, table information, and feature components.
Using the Switch Administrator Buttons Information Buttons Table 2-2. Information Buttons Button Description Support Opens the Dell Support page at support.dell.com Help Online help that contains information to assist in configuring and managing the switch. The online help pages are context sensitive. For example, if the IP Addressing page is open, the help topic for that page displays if you click Help. About Contains the version and build number and Dell copyright information.
Check Boxes Table 2-4. Check Boxes Check Box Type Description Add Hyperlink that takes you to a configuration page. Remove Removes the selected item. General selection To enable a configuration item, i.e., adjust sensitivity of log files, select match criteria for diffserv, select ACL rule parameters. Defining Fields User-defined fields can contain 1–159 characters, unless otherwise noted on the Dell OpenManage Switch Administrator Web page.
Console Connection See "Serial Cable Connection" on page 52 for a description of the required console cable. 1. Turn on the switch (or stack) and wait until the startup is complete. NOTE: If you are installing a stack of switches, connect the terminal to the Master Switch. This switch lights the Master Switch LED. When a stack is powered up for the first time, the switches elect the Master Switch, which may occupy any location in the stack.
The Privileged EXEC mode provides access to the device global configuration. For specific global configurations within the device, enter the next level, Global Configuration mode. A password is not required. The Global Configuration mode manages the device configuration on a global level. The Interface Configuration mode configures the device at the physical interface level. Interface commands, which require subcommands, have another level called the Subinterface Configuration mode.
Use the exit command to move back to a previous mode. For example, you can move from Interface Configuration mode to Global Configuration mode, and from Global Configuration mode to Privileged EXEC mode. Global Configuration Mode Global Configuration commands apply to system features, rather than to a specific protocol or interface. To access Global Configuration mode: 1. At the Privileged EXEC Mode prompt, type configure and press .
3 Cable and Port Information Overview This section describes the switch’s physical interfaces and provides information about cable connections. Stations are connected to the switch’s ports through the physical interface ports on the front panel. For each station, the appropriate mode (Half-Duplex, Full-Duplex, Auto) is set.
Ethernet Interface The switching port can connect to stations wired in standard RJ-45 Ethernet station mode. Figure 3-1.
SFP Interfaces SFP interfaces are on the console front. Figure 3-2 illustrates an SFP connector. Figure 3-2.
Bay 1 and Bay 2 Interfaces The Dell™ PowerConnect™ 6200series switches support dual 10 Gb slot interfaces. These interfaces can operate at 10 Gbps when supporting optional SFP+, CX4, XFP, and 10GBase-T modules. Figure 3-3. Bay 1 and Bay 2 PowerConnect 6200 Series 10 Gb Slots Serial Cable Connection You can use the supplied serial cable (null-modem) to connect the switch to a terminal for initial setup and configuration (You can also use a computer running terminal emulation software).
Power Connection 1. Using a 5-foot (1.5 m) standard power cable with safety ground connected, connect the power cable to the AC main socket located on the rear panel. 2. Connect the power cable to a grounded AC outlet. 3. If you are using a redundant DC power supply, such as the RPS600 or EPS470, connect the DC power cable to the DC socket located on the rear panel. 4. Confirm that the device is connected and operating correctly by examining the LEDs on the front panel.
Cable and Port Information
4 Hardware Description Overview This section contains information about device characteristics and modular hardware configurations for the PowerConnect 6200 Series.
Front Panel The PowerConnect 6224 front panels provides 24 10/100/1000M Base-T RJ-45 ports with four RJ-45/SFP combo ports that have an auto-sensing mode for speed, flow control, and duplex mode. Figure 4-1. PowerConnect 6224 with 24 10/100/1000 Base-T Ports 10/100/1000Base-T Auto-sensing Full Duplex RJ-45 Ports Combo Ports The PowerConnect 6248 front panel provides 48 10/100/1000M Base-T RJ-45 ports and four RJ-45/SFP combo ports. Figure 4-2.
The PowerConnect 6224F front panel provides 24 10/100/1000M Base-FX SFP ports and four RJ-45/SFP combo ports. Figure 4-3. PowerConnect 6224F with 24 SFP Ports SFP Ports Combo Ports The PowerConnect 6224P front panel provides 24 10/100/1000M Base-T RJ-45 ports and four RJ-45/SFP combo ports. Figure 4-4.
The PowerConnect 6248P front panel provides 44 10/100/1000 Base-T RJ-45 ports and four RJ-45/SFP combo ports. Figure 4-5. PowerConnect 6248P with 48 10/100/1000 Base-T Ports 10/100/1000Base-T Auto-sensing Full Duplex RJ-45 Ports Combo Ports • The switch automatically detects crossed and straight-through cables on RJ-45 ports. • RJ-45 ports support half- and full-duplex mode 10/100/1000 Mbps. • The pinhole reset button is on the front panel. • SFP/SFP+ ports support both SX and LX modules.
Rear Panel Each PowerConnect 6200 series switch provides an RS-232 maintenance port, on the rear. This serial connection can be used to manage an entire stack. Dual 10Gbps expansion slots are also mounted on the rear of the switch. The left slot (Bay 1) can support a plug-in Dual 10GbE XFP module, a CX4 module, or a stacking module. The right slot (Bay 2) can support a plug-in Dual 10GbE XFP module, a 10GBase-T module, or a CX4 module. Figure 4-6.
Figure 4-8. Stacking Module Figure 4-9. XFP Module Figure 4-10. 10 GbE CX4 Module Figure 4-11. 10GBase-T Module Figure 4-12.
Console (RS-232) Port The console (RS-232) port is used only for management through a serial interface. This port provides a direct connection to the switch and is used to access the CLI from a console terminal connected to an EIA/TIA-232 port. NOTE: The console port supports asynchronous data of eight data bits, one stop bit, no parity bit, and no flow control. The default baud rate is 9600 bps.
Power Supplies The 6200 series switches have one internal power supply which requires standard AC. For non-PoE switches, you can also attach a redundant DC power supply, such as the PowerConnect RPS-600. For PoE switches, you can attach a PowerConnect EPS-470. You can verify operation by observing the LEDs. See "System LEDs" for information. Ventilation System Three fans cool the PowerConnect 6224. The PowerConnect 6248 has four fans. You can verify operation by observing the LEDs.
Figure 4-13. Connecting a Stack of PowerConnect 6200 Series Switches XG1 Port XG2 Port Unit 1 Unit 2 Unit 3 Unit 4 In Figure 4-13, the stack has the following physical connections between the switches: • Unit 1 and Unit 2 are connected through the XG1 ports on each switch. • Unit 2 and Unit 3 are connected through the XG2 ports on each switch. • Unit 1 and Unit 4 are connected through the XG2 port on Unit 1 and the XG1 port on Unit 4.
LED Definitions The front panel contains light emitting diodes (LEDs) that indicate the status of links, power supplies, fans, system diagnostics, and the stack. Figure 4-14. Front Panel LEDs SFP Port LEDs Figure 4-15 illustrates the SFP port LEDs that are above each SFP port. Figure 4-15. SFP Port LEDs Table 4-1 contains SFP port LED definitions. Table 4-1. SFP Port LEDs Definitions 64 LED Color Definition LNK/ACT Solid Green The port is linked.
SFP+ Port LEDs The following table contains SFP+ port LED definitions for the PowerConnect 6200 Series switches. Table 4-2. SFP+ Port LEDs Definitions LED Color Definition LNK/ACT Solid Green The port is linked. Flashing Green The port is sending and/or receiving network traffic. Off The port is not linked. XFP Module Port LEDs The XFP connectors are on the XFP module when it is inserted in the PowerConnect 6200 Series. The following table contains XFP port LED definitions. Table 4-3.
Figure 4-16. 10/100/1000 Base-T Port LEDs Port 1 Link/Duplex/Activity LEDs Speed LEDs Port 2 Link/Activity Duplex The following table contains 10/100/1000 Base-T port LED definitions. Table 4-4. 10/100/1000 Base-T Port Definitions (6224, 6248, and 6224F) LED Color Definition Link/Activity Green The port is operating at 1000 Mbps. Amber The port is operating at 10/100 Mbps. Solid Link but no activity. Blinking Link and activity. Off No link. Green Full-duplex mode.
Table 4-5. 10/100/1000 Base-T Port Definitions (6224P and 6248P) LED Color Definition Green Blinking The port is operating at transitional mode. The PoE powered device is being detected, or is faulty. Amber Solid An overload or short has occurred on the powered device. Amber Blinking The powered device power conception exceeds the predefined power allotment. Off No powered device is detected.
Table 4-6. System LED Definitions LED PWR FAN Temp Color Definition Off Redundant Power Supply is not present. Green Power Supply is operating correctly. Red Power Supply has failed. Green Fans are operating correctly. Red One or more fans have failed. Green System temperature is below threshold limit. Red System temperature has exceeded threshold limit.
Table 4-7. Stacking LED Definitions LED 3/9 4/10 5/11 6/12 Color Definition Off The unit is not the 2nd or 8th switch in the stack. Green The unit is the 3rd or 9th switch in the stack. Off The unit is not the 3rd or 9th switch in the stack. Green The unit is the 4th or 10th switch in the stack. Off The unit is not the 4th or 10th switch in the stack. Green The unit is the 5th or 11th switch in the stack. Off The unit is not the 5th or 11th switch in the stack.
Hardware Description
5 Configuring Dell PowerConnect Overview This chapter describes the initial switch configuration. Topics covered include: • Starting the CLI • General Configuration Information • Booting the Switch • Configuration Overview • Advanced Configuration • Software Download and Reboot • Boot Menu Functions • Sample Configuration Process After completing all external connections, connect a terminal to the switch to monitor the boot process and other procedures.
Starting the CLI To begin running the CLI, perform the following steps: NOTE: The following steps are for use on the console line only. 1. Start the switch and wait until the startup procedure is complete. The Easy Setup Wizard welcome message now displays. NOTE: If you are using the autoconfig feature, do not use the Easy Setup Wizard. 2. Configure the switch using the Easy Setup Wizard and enter the necessary commands to complete the required tasks. 3.
Figure 5-1.
General Configuration Information The PowerConnect 6200 Series switches are delivered with binary files containing the switch operating system and ASCII configuration files that are used to define the relationship of the switch to its network environment. The configuration process consists of adjusting the ASCII configuration files so that each switch fits into its unique network topology.
Booting the Switch When the power is turned on with the local terminal already connected, the switch goes through Power On Self Test (POST). POST runs every time the switch is initialized and checks hardware components to determine if the switch is fully operational before completely booting. If a critical problem is detected, the program flow stops. If POST passes successfully, a valid executable image is loaded into RAM. POST messages are displayed on the terminal and indicate test success or failure.
file descriptors in use: 0 # of different files in use: 0 # of descriptors for deleted files: # of obsolete descriptors: 0 0 current volume configuration: - volume label: NO LABEL ; (in boot sector: - volume Id: 0x0 - total number of sectors: - bytes per sector: 61,076 512 - # of sectors per cluster: 4 - # of reserved sectors: - FAT entry size: 1 FAT16 - # of sectors per FAT copy: - # of FAT table copies: - # of hidden sectors: 60 2 4 - first cluster is in sector # 136 - Update last ac
Boot Menu 3.2.0.1 Select an option. If no selection in 10 seconds then operational code will start. 1 - Start operational code. 2 - Start Boot Menu. Select (1, 2):2 Boot Menu Version: 3.2.0.
Uncompressing..... Target Name: vxTarget Attached IPv4 interface to motetsec unit 0 Adding 70447 symbols for standalone. CPU: Broadcom SBC8548. Processor #0. Memory Size: 0x20000000. BSP version 2.0/2. Created: May 26 2009, 13:11:31 ED&R Policy Mode: deployed WDB Comm Type: WDB_COMM_END WDB: Ready. remLib: Not initialized. remLib: Not initialized.
- total number of sectors: - bytes per sector: 124,408 512 - # of sectors per cluster: 4 - # of reserved sectors: - FAT entry size: 1 FAT16 - # of sectors per FAT copy: - # of FAT table copies: 122 2 - # of hidden sectors: 8 - first cluster is in sector # 260 - Update last access date for open-read-close = FALSE - directory structure: VFAT - file name format: 8-bit (extended-ASCII) - root dir start sector: 245 - # of sectors per root: 15 - max # of entries in root: 240 FAT handler inf
<186> JAN 01 00:00:15 0.0.0.0-1 UNKN[536870176]: bootos.c(218) 1 % Event(0xaaaaaaaa) Instantiating RamCP: as rawFs, device = 0x20001 Formatting RamCP: for DOSFS Instantiating RamCP: as rawFs, device = 0x20001 Formatting...OK. (Unit 1 - Waiting to select management unit)> Applying Global configuration, please wait ... Applying Interface configuration, please wait ... console> After the switch boots successfully, a prompt appears and you can use the local terminal to begin configuring the switch.
Configuration Overview Before configuring the switch, obtain the following information from the network administrator: • Is the network setup for the autoconfig feature? If the network is setup for autoconfig, manual configuration of the switch is not necessary (skip the procedures in this section).
• Sets up the SNMP community string to be used by the SNMP manager at a given IP address. You may choose to skip this step if SNMP management is not used for this switch. If it is configured, the default access level is set to the highest available access for the SNMP management interface. Initially only SNMPv1/2c is activated. SNMPv3 is disabled until you return to configure security access for SNMPv3 (for example, engine ID, view, etc.). The SNMP community string may include spaces.
Figure 5-2.
Example of an Easy Setup Wizard Session This section describes an Easy Setup Wizard session. See the state diagram (Figure 5-2) for the general flow. The values used by the following session are examples only. Please request the actual values from your network adminstrator(s): • IP address for the management VLAN is 192.168.2.1:255.255.255.0. • The user name is admin, and password is password. • The network management system IP address is 192.168.2.1. • The default gateway is 192.168.1.1.
The system is not setup for SNMP management by default. To manage the switch using SNMP (required for Dell Network Manager) you can: o Set up the initial SNMP version 2 account now. o Return later and setup other SNMP accounts. (For more information on setting up an SNMP version 1 or 3 account, see the user documentation).
Next, an IP address is setup. The IP address is defined on the default VLAN (VLAN #1), of which all ports are members. This is the IP address you use to access the CLI, Web interface, or SNMP interface for the switch. Optionally you may request that the system automatically retrieve an IP address from the network via DHCP (this requires that you have a DHCP server running on the network). To setup an IP address: Please enter the IP address of the device (A.B.C.
Advanced Configuration CLI Basics The help command in the User EXEC mode and privileged EXEC mode displays the keyboard short cuts. Following is the sample display of the help command: Console>help HELP: Special keys: DEL, BS .... delete previous character Ctrl-A .... go to beginning of line Ctrl-E .... go to end of line Ctrl-F .... go forward one character Ctrl-B .... go backward one character Ctrl-D .... delete current character Ctrl-U, X .. delete to beginning of line Ctrl-K ....
Context Sensitive Help Use the ? command to get context sensitive help in the CLI. It can be used to get the list of possible subcommands or to list possible commands starting with some partially entered commands. The ? command when specified on an empty line provides the list of commands possible for the given level in the command tree. The ? can also be used within a command input to return the list of parameters that are required to fully complete the command.
When you first log in, the CLI enters the root of the command hierarchy. To go to a different level of the command hierarchy, enter commands such as configure, which causes the CLI to enter the config sub tree. To go back to the previous level in the command hierarchy, use the exit command.
The following is an example for changing the port description on port 1/ g1 using CLI commands: console(config)#interface ethernet 1/g1 console(config-if-1/g1)#description 100 Retrieving an IP Address From a DHCP Server When using the DHCP protocol to retrieve an IP address, the switch acts as a DHCP client. To retrieve an IP address from a DHCP server, perform the following steps: 1.
Interface IP Address IP Mask Bcast CastFwd ---------- --------------- --------------- -------- -------vlan1 192.168.10.10 255.255.255.0 Disable Disable vlan2 0.0.0.0 0.0.0.0 Enable Disable loopback2 0.0.0.0 0.0.0.0 Disable Disable Review Copy Security Management and Password Configuration System security is handled through the AAA (Authentication, Authorization, and Accounting) mechanism that manages user access rights, privileges, and management methods.
Configuring an Initial Console Password To configure an initial console password, enter the following commands: console(config)#aaa authentication login default line console(config)#aaa authentication enable default line console(config)#line console console(config-line)#login authentication default console(config-line)#enable authentication default console(config-line)#password secret123 • When initially logging on to a switch through a console session, enter secret123 at the password prompt.
Configuring an Initial HTTPS Password To configure an initial HTTPS password, enter the following commands: console(config)#ip https authentication local NOTE: You should generate a new crypto certificate each time you upgrade (install a new version of) the control software application on the switch. Enter the following commands once when configuring to use an HTTPS session over a console, a Telnet, or an SSH session. NOTE: In the Web browser enable SSL 2.0 or greater for the page content to appear.
Software Download and Reboot Software Download Through XModem This section contains instructions for downloading switch software (system and boot images) using XModem, which is a data transfer protocol for updating back-up configuration files. NOTE: You must be connected to the serial console interface when doing this because xmodem download won’t work elsewhere. To download a software image file using XModem: Specify the source file path to begin the transfer process.
The following is an example of the information that appears: console>show version Image Descriptions image1 : default image image2 : Images currently available on Flash -------------------------------------------------------------------unit image1 image2 current-active next-active -------------------------------------------------------------------1 7.10.19.22 7.16.23.35 image2 image2 4. Enter the command copy tftp://{tftp address}/{file name} image to copy a new system image to the switch.
5. Select the image for the next boot by entering the boot system command. After this command, enter the command show version to verify that the copy indicated as a parameter in the boot system command is selected for the next boot. The following is an example of the information that appears: console#boot system image2 Activating image image2 ..
Update Bootcode Use the update bootcode command to update the bootcode on all switches. For each switch, the bootcode is extracted from the next-active image and programmed to flash. To update the bootcode for one switch, specify the unit in the command (as shown in the following example). To show the boot code that’s on a switch, use the show boot-version command. The version number shows during the boot process. 1. Enter the following command: console#update bootcode Update bootcode and reset (Y/N)? 2.
The Boot menu displays and contains the following configuration functions: 1 - Start operational code 2 - Change baud rate 3 - Retrieve event log using XMODEM 4 - Load new operational code using XMODEM 5 - Display operational code vital product data 6 - Abort boot code update 7 - Update boot code 8 - Delete backup image 9 - Reset the system 10 - Restore configuration to factory defaults (delete config files) 11 - Activate Backup Image 12 - Password Recovery Procedure 13 - Reformat and rest
Change the Baud Rate Use option 2 to change the baud rate of the serial interface. To change the baud rate from the Boot menu: 1. On the Boot menu, select 2 and press . The following prompt displays: [Boot Menu]2 Select baud rate: 1 - 1200 2 - 2400 3 - 4800 4 - 9600 5 - 19200 6 - 38400 7 - 57600 8 - 115200 0 - no change NOTE: The selected baud rate takes effect immediately. 2. The boot process resumes.
Load New Operational Code Using XMODEM Use option 4 when a new software version must be downloaded to replace corrupted files, update, or upgrade the system software. To download software from the Boot menu: 1. On the Boot menu, select 4 and press . The following prompt displays: [Boot Menu] 4 Ready to receive the file with XMODEM/CRC.... Ready to RECEIVE File xcode.bin in binary mode Send several Control-X characters to cancel before transfer starts. 2.
Operational Code Offset........................0x74 (116) Operational Code FLASH flag....................1 Operational Code CRC...........................0x9B4D Boot Code Version..............................1 Boot Code Size.................................0x100000 (1048576) Boot Code Offset...............................0x7ec0bc (8306876) Boot Code FLASH flag...........................0 Boot Code CRC..................................
Wrote 0x20000 bytes. Wrote 0x30000 bytes. Wrote 0x40000 bytes. Wrote 0x50000 bytes. Wrote 0x60000 bytes. Wrote 0x70000 bytes. Wrote 0x80000 bytes. Wrote 0x90000 bytes. Wrote 0xa0000 bytes. Wrote 0xb0000 bytes. Wrote 0xc0000 bytes. Wrote 0xd0000 bytes. Wrote 0xe0000 bytes. Wrote 0xf0000 bytes. Wrote 0x100000 bytes. Validating Flash.....Passed Flash update completed. 2. The boot process resumes. Delete Backup Image Use option 8 to delete the backup image from the flash memory.
Reset the System Use option 9 to reboot and reset the system to its default setting. User action is confirmed with a Y/N question before executing the command. To reset the system from the Boot menu: 1. On the Boot menu, select 9 and press . The following prompt displays: [Boot Menu] 9 Are you SURE you want to reset the system? (y/n):y 2. The boot process starts over.
Password Recovery Procedure Use option 12 when a password is lost. This allows the switch to boot one time without prompting for a console password. Note that the enable password is not prompted for in this mode. To recover a lost password for the local terminal only: 1. From the Boot menu, select 12 and press . The password is deleted. 2. The boot process resumes. 3. To ensure switch security, reconfigure passwords for applicable management methods.
Sample Configuration Process This section provides the basic steps required to establish a remote network management connection with the switch. This section does not explain the various configurations available on the switch or the relevant commands. This section also describes accessing a switch for the first time with the default configuration and definitions.
Figure 5-3. HyperTerminal Properties Window NOTE: 9600 is the default baud rate for a new switch. The switch may have another baud rate. If using the default baud rate does not result in viewing the switch terminal, try another baud rate. 3. Use F2F null modem cable to connect the workstation to the switch. If you are configuring a stack, connect the workstation to the Master Switch. 4. Connect the switch power cord and power up the switch. The system begins the boot process.
current volume configuration: - volume label: NO LABEL ; (in boot sector: - volume Id: 0x0 - total number of sectors: - bytes per sector: ) 124,408 512 - # of sectors per cluster: 4 - # of reserved sectors: - FAT entry size: 1 FAT16 - # of sectors per FAT copy: - # of FAT table copies: - # of hidden sectors: 122 2 8 - first cluster is in sector # 260 - Update last access date for open-read-close = FALSE - directory structure: VFAT - file name format: 8-bit (extended-ASCII) - root dir sta
1 - Start operational code. 2 - Start Boot Menu. Select (1, 2): Operational Code Date: Tue May 26 14:12:20 2009 Uncompressing..... Target Name: vxTarget Attached IPv4 interface to motetsec unit 0 Adding 70447 symbols for standalone. CPU: Broadcom SBC8548. Processor #0. Memory Size: 0x20000000. BSP version 2.0/2. Created: May 26 2009, 13:11:31 ED&R Policy Mode: deployed WDB Comm Type: WDB_COMM_END WDB: Ready. remLib: Not initialized. remLib: Not initialized.
# of descriptors for deleted files: # of obsolete descriptors: 0 0 current volume configuration: - volume label: NO LABEL ; (in boot sector: - volume Id: 0x0 - total number of sectors: - bytes per sector: ) 124,408 512 - # of sectors per cluster: 4 - # of reserved sectors: - FAT entry size: 1 FAT16 - # of sectors per FAT copy: - # of FAT table copies: - # of hidden sectors: 122 2 8 - first cluster is in sector # 260 - Update last access date for open-read-close = FALSE - directory structu
PCI unit 0: Dev 0xb624, Rev 0x12, Chip BCM56624_B1, Driver BCM56624_B0 SOC unit 0 attached to PCI device BCM56624_B1 Adding BCM transport pointers Configuring CPUTRANS TX Configuring CPUTRANS RX st_state(0) = 0x0 st_state(1) = 0x2 <186> JAN 01 00:00:15 0.0.0.0-1 UNKN[536870176]: bootos.c(218) 1 % Event(0xaaaaaaaa) Instantiating RamCP: as rawFs, device = 0x20001 Formatting RamCP: for DOSFS Instantiating RamCP: as rawFs, device = 0x20001 Formatting...OK.
Device Default Settings To return to device default settings use delete startup-config command at the privileged mode prompt (#), and reboot the device. Once device reloads – it is set with the default settings. console> console>enable console#delete startup-config Startup file was deleted console#reload Management switch has unsaved changes. Are you sure you want to continue? (y/n) y Configuration Not Saved! Are you sure you want to reload the stack? (y/n) y Reloading all switches..
4. Enable DHCP on the management interface. a. Enter the config command at the console to enter the Configuration mode as follows: console#config b. Use the following command to set the IP address to DHCP and return to Privileged Exec mode: console(config)#ip address dhcp console(config)#exit 5. If the management station is a member of a remote network, and is not directly connected to the interface, configure a static route.
console(config)#crypto certificate generate key_generate Generating RSA private key, 1024 bit long modulus console(config)#ip https server 8. Define a user name and password to allow access for a local user—console, Telnet, or Web Server, for example. The enable password for console, telnet, and SSH is tommy123, bobby123, and jones123, respectively. In this example, the user name is Dell, the password is Dell1234, and the privilege level is 15.
The switch is now configured and can be managed through the different options such as Telnet, Web browser interface, and others. Configuring Secure Management Access (HTTPS) When managing the switch securely through the standard Web browser, the SSL (Secure Socket Layer) security protocol is used. To manage the switch securely through the standard Web browser, perform the following: 1.
6 Configuring System Information Overview Use the menus listed on the System page to define the switch’s relationship to its environment. To display the System page, click System in the tree view.
Defining General Device Information The General menu page contains links to pages that allow you to configure device parameters. Use this page to access the following features: • Asset • System Health • Versions • System Resources • Time Zone Configuration • Summer Time Configuration • Clock Detail • Reset Asset Use the Asset page fields to configure and view general device information. To display the Asset page, click System →General →Asset in the tree view. Figure 6-1.
The Asset page contains the following fields: • System Name (0 – 255 characters) — Use to assign device system name. • System Contact (0 – 255 characters) — Use to assign the contact person’s name. • System Location (0 – 255 characters) — Use to specify a system location. • Banner motd (message of the day) — Enter the message that appears on the GUI banner (if enabled). • Banner motd acknowledge — Enable to display the GUI banner motd in the GUI banner.
• System Management Commands • SNMP Commands • Clock Commands The following table summarizes the equivalent CLI commands you use to configure device information. Table 6-1. Device Configuration Commands CLI Command Description asset-tag Use to specify the switch asset tag. banner motd Controls the display of message-of-the-day banners. banner motd acknowledge Use to require that a banner be acknowledged by the user.
• • Power Supply Status — Displays the power supply status. – — The power supply is operating normally. – — The power supply is not operating normally. – Not Present — The power supply is currently not present. Temperature — Displays the temperature at which the device is currently running. Viewing System Health Information Using CLI Commands For information about the CLI commands that perform this function, see the System Management Commands chapter in the CLI Reference Guide.
• Current-Active — Displays the currently active software image. • Next-Active — Displays the software image which will be loaded the next time the switch is rebooted. Displaying Device Versions Using CLI Commands For information about the CLI commands that perform this function, see the System Management Commands chapter in the CLI Reference Guide: The following table summarizes the equivalent CLI commands you use to display device versions information. Table 6-3.
Figure 6-4. System Resources The System Resources page contains the following fields: • Total Memory — Displays the total memory present on the switch. • Available Memory — Displays the available memory (Free for allocation) present on the switch. • Task Name — Name of the active task running on the switch.
Displaying System Resources Using CLI Commands For information about the CLI commands that perform this function, see the System Management Commands chapter in the CLI Reference Guide. The following table summarizes the equivalent CLI commands you use to display system resources information. Table 6-4. System Resources Commands CLI Command Description show memory cpu Checks the total and available RAM space on the switch.
The time zone settings are modified, and the device is updated. Configuring Time Zone Settings Using CLI Commands For information about the CLI commands that perform this function, see the Clock Commands chapter in the CLI Reference Guide. The following table summarizes the equivalent CLI commands you use to configure time zone settings. Table 6-5. Time Zone Settings Commands CLI Command Description clock timezone Sets the offset to Coordinated Universal Time.
• Location — This field displays only when the Recurring check box is selected. The summer time configuration is predefined for the United States and European Union. To set the summer time for a location other than the USA or EU, select None. • Start Week — Select the starting week number. This field displays only when the Recurring check box is selected. • Start Day — Select the starting day number. This field displays only when the Recurring check box is selected.
Table 6-6. Summer Time Parameters Commands CLI Command Description clock summer-time recurring Sets the summertime offset to UTC recursively every year. clock summer-time date Sets the summertime offset to UTC. no clock summer-time Resets the recurring summertime configuration. Clock Detail Use the Clock Detail page to set the time and date or view information about the current time, time zone, and summer time settings.
Table 6-7. Clock Detail Commands CLI Command Description clock set Sets the current date and time. show clock Displays the time and date of the system clock. Reset Use the Reset page to reset the device. To display the Reset page, click System →General →Reset in the tree view. Figure 6-8. Reset The Reset page contains the following fields: • Reset Unit No. — Use to select the device in the stack that needs to be reset. Resetting the Device 1. Open the Reset page. 2. Click Reset Unit No. 3.
Configuring SNTP Settings The device supports the Simple Network Time Protocol (SNTP). SNTP assures accurate network device clock time synchronization up to the millisecond. Time synchronization is performed by a network SNTP server. The device operates only as an SNTP client and cannot provide time services to other systems. Time sources are established by Stratums. Stratums define the accuracy of the reference clock. The higher the stratum (where zero is the highest), the more accurate the clock.
• If more than one Unicast device responds, synchronization information is preferred from the device with the lowest stratum. • If the servers have the same stratum, synchronization information is accepted from the SNTP server that responded first. MD5 (Message Digest 5) Authentication safeguards device synchronization paths to SNTP servers. MD5 is an algorithm that produces a 128-bit hash. MD5 is a variation of MD4, and increases MD4 security.
• Receive Broadcast Servers Update — If enabled, listens to the SNTP servers for Broadcast server time information on the selected interfaces. The device is synchronized whenever an SNTP packet is received, even if synchronization was not requested. • Receive Unicast Servers Update — If enabled, polls the SNTP servers defined on the device for Unicast server time information. Defining SNTP Global Parameters 1. Open the SNTP Global Settings page. 2. Define the fields as needed. 3. Click Apply Changes.
Figure 6-10. SNTP Authentication The SNTP Authentication page contains the following fields: • SNTP Authentication — If enabled, requires authenticating an SNTP session between the device and an SNTP server. • Authentication — Type of authentication. System supports MD5 only. • Encryption Key ID — Contains a list of user-defined key IDs used to authenticate the SNTP server and device. Possible field values are 1–4294767295.
Figure 6-11. Add Authentication Key 3. Define the fields as needed. 4. Click Apply Changes. The SNTP authentication key is added, and the device is updated. Displaying the Authentication Key Table 1. Open the SNTP Authentication page. 2. Click Show All. The Authentication Key Table page displays: Figure 6-12. Authentication Key Table Removing an Authentication Key 1. Open the SNTP Authentication page. 2. Click Show All. The Authentication Key Table page displays. 3.
Defining SNTP Authentication Settings Using CLI Commands For information about the CLI commands that perform this function, see the Clock Commands chapter in the CLI Reference Guide. The following table summarizes the equivalent CLI commands you use to define SNTP authentication settings. Table 6-9. SNTP Authentication Settings Commands CLI Command Description sntp authenticate Use to require server authentication for received Network Time protocol (NTP) traffic.
• Priority (1–8) — Specifies the priority of this server entry in determining the sequence of servers to which SNTP requests are sent. Values are 1 to 8, and the default is 1. Servers with lowest numbers have priority. • Status — Displays the operating SNTP server status. The possible field values are: – Up — The SNTP server is currently operating normally. – Down — Indicates that a SNTP server is currently not available. For example, the SNTP server is currently not connected or is currently down.
Figure 6-15. SNTP Servers Table Modifying an SNTP Server 1. Open the SNTP Servers page. 2. Click Show All. The SNTP Servers Table opens. 3. Click Edit next to the SNTP Server entry you wish to modify. 4. Modify the relevant fields. 5. Click Apply Changes. The SNTP server information is updated. Removing the SNTP Server 1. Open the SNTP Servers page. 2. Click Show All. The SNTP Servers Table opens. 3. Select an SNTP Server entry. 4. Check the Remove check box. 5. Click Apply Changes.
Table 6-10. SNTP Servers Commands CLI Command Description show sntp configuration Displays the SNTP configuration. show sntp status Displays the SNTP status. sntp server Configures the SNTP server to use SNTP to request and accept NTP traffic from it. Managing Logs The switch may generate messages in response to events, faults, or errors occurring on the platform as well as changes in configuration or other occurrences.
• RAM Log Table • Log File • Remote Log Server Settings Global Settings Use the Global Settings page to enable logs globally, and to define log parameters. The Severity log messages are listed from the highest severity to the lowest. To display the Global Settings page, click System →Logs →Global Settings in the tree view. Figure 6-16. Global Settings The Global Settings page contains the following fields: • Logging — Enables device global logs for Cache, File, and Server Logs.
• Emergency — The highest level warning level. If the device is down or not functioning properly, an emergency log is saved to the device. • Alert — The second highest warning level. An alert log is saved if there is a serious device malfunction, such as all device features being down. • Critical — The third highest warning level. A critical log is saved if a critical device malfunction occurs, for example, two device ports are not functioning, while the rest of the device ports remain functional.
RAM Log Table Use the RAM Log Table page to view information about specific RAM (cache) log entries, including the time the log was entered, the log severity, and a description of the log. To display the RAM Log Table, click System →Logs →RAM Log in the tree view. Figure 6-17. RAM Log Table The RAM Log Table contains the following fields: • Log Index — Indicates the Log Number within the Log RAM Table. • Severity — The log severity.
Table 6-12. Log Information Commands CLI Command Description clear logging Use to clear messages from the logging buffer. show logging Displays the state of logging and the syslog messages stored in the internal buffer. Log File The Log File contains information about specific log entries, including the time the log was entered, the log severity, and a description of the log. To display the Log File, click System →Logs →Log File in the tree view. Figure 6-18.
Removing Log Information Using CLI Commands For information about the CLI commands that perform this function, see the Syslog Commands chapter in the CLI Reference Guide. The following table summarizes the equivalent CLI commands you use to remove log information. Table 6-13. Log File Commands CLI Command Description clear logging file Use to clear messages from the logging file. show logging file Displays the state of logging and the syslog messages stored in the logging file.
The Remote Log Server Settings page contains the following fields: • Log Server — Server to which logs can be sent. • UDP Port (1–65535) — Sets the UDP port from which the logs are sent. The default value is 514. • Facility — A user-defined application from which system logs are sent to the remote server. Only one facility can be assigned to a single server. If a second facility level is assigned, the first facility level is overridden.
Figure 6-20. Add Remote Log Server Settings 3. Complete the fields in the dialog and click Apply Changes. The Remote Log Server Settings page displays the server in the Log Server list only after you go back to the Remote Log Server Settings page. Viewing/Removing a Log Server 1. Open the Remote Log Server Settings page. 2. Click Show All to display the Remote Log Servers Table page. Figure 6-21. Show All Log Servers 3. To remove a server, check the corresponding Remove check box. 4.
The server is removed, and the device is updated. Working with Remote Server Logs Using CLI Commands For information about the CLI commands that perform this function, see the Syslog Commands chapter in the CLI Reference Guide. The following table summarizes the equivalent CLI commands you use to work with remote server logs. Table 6-14. Remote Server Logs Commands CLI Command Description logging facility Use to set the facility for logging messages.
Domain Name Server (DNS) The Domain Name System converts user-defined domain names into IP addresses. Each time a domain name is assigned, this service translates the name into a numeric IP address. Domain Name System servers maintain domain name databases and their corresponding IP addresses. Use the Domain Name Server (DNS) page to enable and activate specific DNS servers. To display the Domain Name Server page, click System →IP Addressing →Domain Name Server in the tree view. Figure 6-22.
Figure 6-23. Add DNS Server 3. Define the relevant fields. 4. Click Apply Changes. The new DNS server is defined, and the device is updated. Configuring DNS Servers Using CLI Commands For information about the CLI commands that perform this function, see the IP Addressing Commands chapter in the CLI Reference Guide. The following table summarizes the equivalent CLI commands you use to configure DNS servers. Table 6-15.
The Default Domain Name page contains the following field: • Default Domain Name (0–255 characters) — Contains the user-defined default domain name. When configured, the default domain name is applied to all unqualified host names. Defining DNS Domain Names Using CLI Commands For information about the CLI commands that perform this function, see the IP Addressing Commands chapter in the CLI Reference Guide. The following table summarizes the equivalent CLI commands you use to define DNS domain names.
Adding Host Domain Names 1. Open the Host Name Mapping page. 2. Click Add. The Add Static Host Name Mapping page displays: Figure 6-26. Add Static Host Name Mapping 3. Define the relevant fields. 4. Click Apply Changes. The IP address is mapped to the host name, and the device is updated. Displaying the Static Host Name Mapping Table 1. Open the Host Name Mapping page. 2. Click Show All. The Static Host Name Mapping Table displays: Figure 6-27.
3. Select a Host Name Mapping Table entry. 4. Check the Remove check box. 5. Click Apply Changes. The Host Name Mapping Table entry is removed, and the device is updated. Mapping an IP Address to Domain Host Names Using CLI Commands For information about the CLI commands that perform this function, see the IP Addressing Commands chapter in the CLI Reference Guide. The following table summarizes the equivalent CLI commands you use. Table 6-17.
Click Clear All Entries to remove all Host Name IP Mapping entries from the table. Viewing Dynamic Host Entries Using CLI Commands For information about the CLI commands that perform this function, see the IP Addressing Commands chapter in the CLI Reference Guide. The following table summarizes the equivalent CLI commands you use. Table 6-18. Dynamic Host Entries Commands CLI Command Description show hosts Displays dynamic host entries that the switch has learned.
Viewing the ARP Table Using CLI Commands For information about the CLI commands that perform this function, see the IP Addressing Commands chapter in the CLI Reference Guide. The following table summarizes the equivalent CLI commands you use. Table 6-19. ARP Table Commands CLI Command Description show arp switch Use to display the entries in the ARP table. IPv6 Management Features The PowerConnect 6200 Series switch software includes several enhancements to the IPv6 management feature.
• IPv6 Stateless Address AutoConfig Mode — Enable or disable IPv6 auto address configuration on the interface. When IPv6 AutoConfig Mode is enabled, automatic IPv6 address configuration and gateway configuration is allowed by processing the Router Advertisements received on the management interface. • DHCPv6 Client DUID — This is a read-only field that contains a unique ID generated from the MAC address when the DHCPv6 client is enabled. To get the value for this field, set the network protocol to DHCP.
Table 6-20. Ipv6 Management Information Commands CLI Command Description ipv6 address Use to display the entries in the ARP table. ipv6 enable Enables IPv6 on the management interface. ipv6 gateway Configures an IPv6 gateway for the management interface. Running Cable Diagnostics Use the Diagnostics menu page to perform virtual cable tests for copper and fiber optics cables. To display the Diagnostics page, click System →Diagnostics in the tree view.
Figure 6-32. Integrated Cable Test for Copper Cables The Integrated Cable Test for Copper Cables page contains the following fields: • Interface — The interface to which the cable is connected. • Test Result — The cable test results. Possible values are: – No Cable — There is not a cable connected to the port. – Open Cable — The cable is open. – Short Cable — A short has occurred in the cable. – OK — The cable passed the test. – Fiber Cable — A fiber cable is connected to the port.
2. Click Show All. 3. Select the desired unit from the drop-down menu. The web page displays the Integrated Cable Test Results Table page showing the results of previous tests for every port on the selected unit. Figure 6-33. Integrated Cable Test Results Table Optical Transceiver Diagnostics Use the Optical Transceiver Diagnostics page to perform tests on Fiber Optic cables. To display the Optical Transceiver Diagnostics page, click System →Diagnostics →Optical Transceiver Diagnostics in the tree view.
Figure 6-34. Optical Transceiver Diagnostics The Optical Transceiver Diagnostics page contains the following fields: • Interface — The port IP address on which the cable is tested. • Temperature — The temperature (C) at which the cable is operating. • Voltage — The voltage at which the cable is operating. • Current — The current at which the cable is operating. • Output Power — The rate at which the output power is transmitted. • Input Power — The rate at which the input power is transmitted.
Figure 6-35. Optical Transceiver Diagnostics Table The test runs and displays the Optical Transceiver Diagnostics Table page. Performing Fiber Optic Cable Tests Using CLI Commands For information about the CLI commands that perform this function, see the PHY Diagnostics Commands chapter in the CLI Reference Guide. The following table summarizes the equivalent CLI commands you use to perform cable tests. Table 6-21.
Managing Device Security Use the Management Security menu page to set management security parameters for port, user, and server security. To display the Management Security page, click System →Management Security in the tree view.
Figure 6-36. Access Profile The Access Profile page contains the following fields: • Access Profile — Shows the Access Profile. • Current Active Access Profile — Shows profile that is activated. • Set Active Access Profile — Activates the access profile. • Remove Profile — When checked, removes an access profile from the Access Profile list. NOTE: Assigning an access profile to an interface implies that access through other interfaces is denied.
Figure 6-37. Profile Rules Table Adding an Access Profile 1. Open the Access Profile page. 2. Click Add Profile. The Add an Access Profile page displays. Figure 6-38. Add an Access Profile 3. Enter the profile name in the Access Profile Name text box. 4.
Management Method — Select from the dropdown box. The policy is restricted by the management chosen. Interface — Choose the check box for the interface if the policy should have a rule based on the interface. Interface can be a physical interface, a LAG, or a VLAN. Source IP Address — Select the Source IP Address check box if the policy should have a rule based on the IP address of the client sending the management traffic. Fill in the source IP address and mask details in the fields provided.
Figure 6-39. Add An Access Profile Rule 3. Complete the fields in the dialog: Management Method — Select from the dropdown box. The policy is restricted by the management chosen. Interface — Choose the check box for the interface if the policy should have a rule based on the interface. Interface can be a physical interface, a LAG, or a VLAN. Source IP — Select the Source IP Address check box if the policy should have a rule based on the IP address of the client originating the management traffic.
Removing a Rule 1. Open the Access Profile page. 2. Click Show All to display the Profile Rules Table page. 3. Select a rule. 4. Check the Remove check box. 5. Click Apply Changes. The rule is removed, and the device is updated. Defining Access Profiles Using CLI Commands For information about the CLI commands that perform this function, see the Management ACL Commands chapter in the CLI Reference Guide. The following table summarizes the equivalent CLI commands you use to define access profiles.
Figure 6-40. Authentication Profiles The Authentication Profiles page contains the following fields: Authentication Profile Name Displays lists to which user-defined authentication profiles are added. Use the radio buttons to apply the authentication profile to govern either Login or Enable part of the switch’s operations, and to select one of two available lists: • Login — Allows you to login to the switch. Options are defaultList, networkList and any user-defined login authentication profiles.
NOTE: User authentication occurs in the order the methods are selected. If an error occurs during the authentication, the next selected method is used. For example, if Local then RADIUS options are selected, the user is authenticated first locally and then through an external RADIUS server. • Selected Methods — The selected authentication method. • Remove — Removes the selected profile. Adding an Authentication Profile 1. Open the Authentication Profiles page. 2.
The user authentication profile is updated to the device. Removing an Authentication Profiles Entry 1. Open the Authentication Profiles page. 2. Click Show All. The Authentication Profiles Table opens. Figure 6-42. Authentication Profiles Table 3. Check the Remove check box next to the profile to be removed. 4. Click Apply Changes. The entry is removed.
Select Authentication After authentication profiles are defined, you can apply them to management access methods. For example, console users can be authenticated by Authentication Profile List 1, while Telnet users are authenticated by Authentication Profile List 2. To display the Select Authentication page, click System →Management Security →Select Authentication in the tree view. Figure 6-43.
– TACACS+ — Authentication occurs at the TACACS+ server. – Local, None — Authentication first occurs locally. – RADIUS, None — Authentication first occurs at the RADIUS server. If authentication cannot be verified, no authentication method is used. Authentication cannot be verified if the remote server cannot be contacted to verify the user. If the remote server can be contacted, then the response from the remote server is always honored.
The following example shows an entry in the FreeRADIUS /etc/raddb/users file that allows a user (name: admin) to log onto the switch with read/write privileges, which is equivalent to privilege level 15.
2. Under HTTP, select an authentication method in the Optional Methods field and click the right arrow button. The selected authentication method moves to the Selected Methods field. 3. Repeat until the desired authentication sequence is displayed in the Selected Methods field. 4. Click Apply Changes. HTTP sessions are assigned the authentication sequence.
• Preventing frequent password reuse • Locking out users out after failed login attempts To display the Password Management page, click System →Management Security →Password Management in the tree view. Figure 6-44. Password Management The Password Management page contains the following fields: • Password Minimum Length (8–64) — Indicates the minimum password length, when checked. For example, the administrator can define that all line passwords must have at least 10 characters.
3. Click Apply Changes. The password constraints are defined, and the device is updated. Defining Password Constraints Using CLI Commands For information about the CLI commands that perform this function, see the Password Management Commands chapter in the CLI Reference Guide. The following table summarizes the equivalent CLI commands you use. Table 6-25.
Figure 6-45. Local User Database The Local User Database page contains the following fields: • User Name — List of users. • Access Level — User access level. The lowest user access level is 1 (readonly), and 15 (readwrite) is the highest. To suspend a user’s access, set level to 0 (only a level 15 user has this ability). • Password (8– 64 characters) — User-defined password. • Confirm Password — Confirms the user-defined password.
Figure 6-46. Add a New User 3. Complete the fields. 4. Click Apply Changes. The new user is defined, and the device is updated. NOTE: You can define as many as eight local users on the device. Displaying Users on the Local User Database 1. Open the Local User Database page. 2. Click Show All to display the Local User Table page. All members of the local user database are displayed. Figure 6-47. Local User Table Removing Users From the Local User Database 1. Open the Local User Database page. 2.
Assigning Users With CLI Commands For information about the CLI commands that perform this function, see the AAA Commands chapter in the CLI Reference Guide. The following table summarizes the equivalent CLI commands you use. Table 6-26. Users Commands CLI Command Description password Specifies a user password username Establishes a username-based authentication system. show user accounts Displays information about the local user database.
3. Define the Line Password field for the type of session you use to connect to the device. 4. Confirm the Line Password. 5. Click Apply Changes. The line password for the type of session is defined, and the device is updated. Assigning Line Passwords Using CLI Commands For information about the CLI commands that perform this function, see the AAA Commands chapter in the CLI Reference Guide. The following table summarizes the equivalent CLI commands you use. Table 6-27.
3. Confirm the Enable password. 4. Click Apply Changes. The Enable password is set. Defining Enable Passwords Using CLI Commands For information about the CLI commands that perform this function, see the AAA Commands chapter in the CLI Reference Guide. The following table summarizes the equivalent CLI commands you use. Table 6-28. Enable Passwords Commands CLI Command Description enable password Sets a local password to control access to the normal level.
Figure 6-50. TACACS+ Settings The TACACS+ Settings page contains the following fields: • Host Name / IP Address — Specifies the TACACS+ Server. • Priority (0–65535) — Specifies the order in which the TACACS+ servers are used. The default is 0. • Authentication Port (0–65535) — The port number through which the TACACS+ session occurs. The default is port 49.
• Timeout for Reply (1–30) — Enter the global user configuration time that passes before the connection between the device and the TACACS+ times out. Defining TACACS+ Parameters 1. Open the TACACS+ Settings page. 2. Define the fields as needed. 3. Click Apply Changes. The TACACS+ settings are updated to the device. Adding a TACACS+ Server 1. Open the TACACS+ Settings page. 2. Click Add. The Add TACACS+ Host page displays. Figure 6-51. Add TACACS+ Host 3. Define the fields as needed. 4.
Figure 6-52. TACACS+ Servers Table Removing a TACACS+ Server from the TACACS+ Servers List 1. Open the TACACS+ Settings page. 2. Click Show All. The TACACS+ Servers Table opens. 3. Select a TACACS+ Servers Table entry. 4. Select the Remove check box. 5. Click Apply Changes. The TACACS+ server is removed, and the device is updated. Configuring TACACS+ Servers Using CLI Commands For information about the CLI commands that perform this function, see the TACACS+ Commands chapter in the CLI Reference Guide.
RADIUS Global Configuration The Remote Authorization Dial-In User Service (RADIUS) client on the PowerConnect 6200 Series switch supports multiple, named RADIUS servers. The RADIUS authentication and accounting server groups can contain one or more configured authentication servers that share the same RADIUS server name. If you configure multiple RADIUS servers with the same RADIUS Server Name, designate one server as the primary and the other(s) as the backup server(s).
• Configured Authentication Servers — The number of RADIUS authentication servers configured on the system. The value can range from 0 to 32. • Configured Accounting Servers — The number of RADIUS accounting servers configured on the system. The value can range from 0 to 32. • Named Authentication Server Groups — The number of authentication server groups configured on the system.
Table 6-30. RADIUS Global Commands CLI Command Description radius-server attribute Sets the network access server (NAS) IP address for the RADIUS server. radius-server retransmit Specifies the number of times the software searches the list of RADIUS server hosts. radius-server timeout Sets the interval for which a switch waits for a server host to reply. show radius-servers Displays the RADIUS server settings.
• Port — Identifies the authentication port the server uses to verify the RADIUS server authentication. The port is a UDP port, and the valid range is 1-65535. The default port for RADIUS authentication is 1812. • Secret — Shared secret text string used for authenticating and encrypting all RADIUS communications between the device and the RADIUS server. This secret must match the RADIUS encryption. • Apply — The Secret will only be applied if this box is checked.
Figure 6-55. Add RADIUS Server 3. Enter an IP address and name for the RADIUS server to add. 4. Click Apply Changes. The new RADIUS server is added, and the device is updated. Viewing RADIUS Server Status and Removing a Named Server 1. Open the RADIUS Server Configuration page. 2. Click Show All. The RADIUS Named Server Status page displays. Figure 6-56. RADIUS Server Status 3. To remove a named server, select the check box in the Remove column. 4. Click Apply Changes.
Table 6-31. RADIUS Server Commands CLI Command Description auth-port Sets the port number for authentication requests of the designated radius server. key Sets the authentication and encryption key for all RADIUS communications between the switch and the RADIUS daemon. msgauth Enables the message authenticator attribute to be used for the RADIUS Authenticating server being configured. name Assigns a name to a RADIUS server.
• RADIUS Accounting Server Host Address — Use the drop-down menu to select the IP address of the accounting server to view or configure. Click Add to display the Add RADIUS Accounting Server page used to configure additional RADIUS servers. • Port — Identifies the authentication port the server uses to verify the RADIUS accounting server authentication. The port is a UDP port, and the valid range is 1-65535. The default port for RADIUS accounting is 1813.
Figure 6-59. RADIUS Accounting Server Status 3. To remove a named accounting server, select the check box in the Remove column. 4. Click Apply Changes. The RADIUS accounting server is removed from the list. Configuring RADIUS Accounting Server Settings Using CLI Commands For information about the CLI commands that perform this function, see the RADIUS Commands chapter in the CLI Reference Guide. The following table summarizes the equivalent CLI commands you use. Table 6-32.
Figure 6-60. RADIUS Accounting Server Statistics The RADIUS Accounting Server Statistics page contains the following fields: 188 • RADIUS Accounting Server Host Address — Use the drop-down menu to select the IP address of the RADIUS accounting server for which to display statistics. • Round Trip Time — Displays the time interval, in hundredths of a second, between the most recent Accounting-Response and the Accounting-Request that matched it from this RADIUS accounting server.
• Packets Dropped — The number of RADIUS packets received from this server on the accounting port and dropped for some other reason. Viewing RADIUS Accounting Server Statistics Using CLI Commands For information about the CLI commands that perform this function, see the RADIUS Commands chapter in the CLI Reference Guide. The following table summarizes the equivalent CLI commands you use. Table 6-33.
• Round Trip Time — The time interval, in hundredths of a second, between the most recent AccessReply/Access-Challenge and the Access-Request that matched it from this RADIUS authentication server. • Access Requests — The number of RADIUS Access-Request packets sent to this server. This number does not include retransmissions. • Access Retransmissions — The number of RADIUS Access-Request packets retransmitted to this server.
Authorization Network RADIUS In some networks, the RADIUS server is responsible for assigning traffic to a particular VLAN. From the Authorization Network RADIUS page, you can enable the switch to accept VLAN assignment by the RADIUS server. To display the Authorization Network RADIUS page, click System Management →Security → Authorization Network RADIUS in the tree view. Figure 6-62.
Figure 6-63. Telnet Server The Telnet Server page contains the following fields: • New Telnet Sessions — Controls the administrative mode for inbound telnet sessions. If you set the mode to Block, new telnet sessions are not allowed, but existing sessions are not interrupted. The default value is Allow. • Telnet Port Number — Port number on which telnet session can be initiated. This port will be used for new inbound Telnet session on the switch.
Denial of Service Denial of Service refers to the exploitation of a variety of vulnerabilities which would interrupt the service of a host or make a network unstable. Use the Denial of Service page to configure settings to help prevent denial of service attacks. To display the Denial of Service page, click System →Management Security →Denial of Service in the tree view. Figure 6-64.
– Both TCP flags SYN and FIN set • Denial of Service L4 Port — Enabling L4 Port DoS prevention causes the switch to drop packets that have the TCP/UDP source port equal to TCP/UDP destination port. • Denial of Service ICMP — Enabling ICMP DoS prevention causes the switch to drop ICMP packets that have a type set to ECHO_REQ (ping) and a size greater than the configured ICMP packet size (ICMP Pkt Size). • Denial of Service Max ICMP Pkt Size — Specify the maximum ICMP packet size to allow.
Table 6-37. Denial of Service Configuration Commands CLI Command Description dos-control sipdip Enables Source IP Address = Destination IP Address (SIP=DIP) Denial of Service protection. dos-control tcpflag Enables TCP Flag Denial of Service protections. dos-control tcpfrag Enables TCP Fragment Denial of Service protection. ip icmp echo-reply Enables or disables the generation of ICMP Echo Reply messages. ip icmp error-interval Limits the rate at which IPv4 ICMP error messages are sent.
• User Group • Interface Association • CP Status • CP Activation and Activity Status • Interface Activation Status • Interface Capability Status • Client Summary • Client Detail • CP Interface Client Status • CP Client Status CP Global Configuration From the CP Global Configuration page, you can control the administrative state of the CP feature and configure global settings that affect all captive portals configured on the switch.
– No IPv4 Address – Routing Enabled, but no IPv4 routing interface • Additional HTTP Port — HTTP traffic uses port 80, but you can configure an additional port for HTTP traffic. Enter a port number between 0-65535 (excluding ports 80, 443, and the configured switch management port). • Additional HTTP Secure Port — HTTP traffic over SSL (HTTPS) uses port 443, but you can configure an additional port for HTTPS traffic.
Figure 6-66. CP Configuration The CP Configuration page contains the following fields: • Configuration Name — If multiple CP configurations exist on the system, select the CP configuration to view or configure. Use the Add button to add a new CP configuration to the switch. • Captive Portal — Use this field to enable or disable the selected CP configuration. • Protocol Mode — Choose whether to use HTTP or HTTPS as the protocol for the portal to use during the verification process.
• RADIUS Auth Server — If the verification mode is RADIUS, click the drop-down menu and select the name of the RADIUS server used for client authentications. The switch acts as the RADIUS client and performs all RADIUS transactions on behalf of the clients. To configure RADIUS server information, go to the Management Security →RADIUS Server Configuration page. • User Group — If the Verification Mode is Local or RADIUS, assign an existing User Group to the captive portal or create a new group.
Figure 6-68. CP Summary 3. To remove a CP configuration, select the Remove option in the CP configuration row and click Apply Changes. CP Web Customization When a client connects to the access point, the user sees a Web page. The CP Web Customization page allows you to customize the appearance of that page with specific text and images. To display the CP Web Customization page, click System →Captive Portal →Web Customization.
Figure 6-69. CP Web Customization The CP Web Customization page contains the following fields: • Captive Portal ID — The drop-down menu lists each CP configured on the switch. To view information about the clients connected to the CP, select it from the list. • Branding Image — Select the name of the image file to display on the top left corner of the page. This image is used for branding purposes, such as the company logo. • Fonts — Enter the name of the font to use for all text on the CP page.
• Page Title — Enter the text to use as the page title. This is the text that identifies the page. • Separator Color — Enter the hexadecimal color code to use as the separator above and below the login area and acceptance use policy. Press the ... button for a color pick list. The sample account information is updated with the colors you choose. • Foreground Color— Enter the hexadecimal color code to use as the foreground color in the login area. Press the ... button for a color pick list.
• Welcome Title — Enter the title to display to greet the user after he or she successfully connects to the network. • Welcome Text — Enter the optional text to display to further identify the network to be access by the CP user. This message displays under the Welcome Title. Previewing and Resetting the CP Web Page To preview the custom CP Web page, click Preview. To reset the CP Web page to the default settings, click Clear.
• Password — Enter a password for the user. The password length can be from 8 to 64 characters. • User Group — Assign the user to at least one User Group. New users are assigned to the 1-Default user group by default. • Session Timeout — Enter the number of seconds a user is permitted to remain connected to the network. Once the Session Timeout value is reached, the user is logged out automatically. A value of 0 means that the user does not have a Session Timeout limit. Removing a Local User 1.
Figure 6-72. CP Local User Summary 3. To remove a configured user, select the Remove option in the appropriate row, and then click Apply Changes. Configuring Users in a Remote RADIUS Server You can use a remote RADIUS server client authorization. You must add all users to the RADIUS server. The local database does not share any information with the remote RADIUS database. The following table indicates the RADIUS attributes you use to configure authorized captive portal clients.
Figure 6-73. User Group The User Group page contains the following fields: • Group Name — The menu contains the name of all of the groups configured on the system. The Default user group is configured by default. New users are assigned to the 1-Default user group by default. To delete a user group, select the name of the group from the Group Name menu, select the Remove option, and then click Apply Changes.
Displaying the User Group Page 1. Open the User Group page. 2. Click Show All. The User Group Summary page displays: Figure 6-75. CP User Group Summary 3. To remove a configured group, select the Remove option in the appropriate row, and then click Apply Changes. Interface Association From the Interface Association page, you can associate a configured captive portal with specific interfaces. The captive portal feature only runs on the interfaces that you specify.
• CP Configuration — Lists the captive portals configured on the switch by number and name. • Interface List — Lists the interfaces available on the switch that are not currently associated with a captive portal. Use the following steps to associate one or more interfaces with a captive portal: 1. Select the desired captive portal from the CP Configuration list. 2. Select the interface or interfaces from the Interface list. To select more than one interface, hold CTRL and click multiple interfaces. 3.
Figure 6-77. CP Status The CP Status page contains the following fields: • CP Global Operational Status — Shows whether the CP feature is enabled. • CP Global Disable Reason — Indicates the reason for the CP to be disabled, which can be one of the following: – None – Administratively Disabled – No IPv4 Address – Routing Enabled, but no IPv4 routing interface • Authenticated Users — Shows the number of users currently authenticated to all captive portal instances on this switch.
CP Activation and Activity Status The CP Activation and Activity Status page provides information about each CP configured on the switch. The CP Activation and Activity Status page has a drop-down menu that contains all captive portals configured on the switch. When you select a captive portal, the activation and activity status for that portal displays. To view activation and activity information, click System →Captive Portal →Activation and Activity Status. Figure 6-78.
• Authenticated Users — Shows the number of users that successfully authenticated to this captive portal and are currently using the portal. The following buttons are available on the CP Activation and Activity page: • Block—Click Block to prevent users from gaining access to the network through the selected captive portal. • Unblock—If the Blocked Status of the selected captive portal is Blocked, click Unblock to allow access to the network through the captive portal.
Interface Capability Status The Interface Capability Status page contains information about interfaces that can have CPs associated with them. The page also contains status information for various capabilities. Specifically, this page indicates what services are provided through the CP to clients connected on this interface. The list of services is determined by the interface capabilities. To view interface activation status information, click System →Captive Portal →Interface Capability Status.
Client Summary Use the Client Summary page to view summary information about all authenticated clients that are connected through the captive portal. From this page, you can manually force the captive portal to disconnect one or more authenticated clients. The list of clients is sorted by client MAC address. To view information about the clients connected to the switch through the captive portal, click System → Captive Portal →Client Connection Status. Figure 6-81.
Figure 6-82. Client Detail The Client Detail page contains the following fields: • MAC Address — The menu lists each associated client by MAC address. To view status information for a different client, select its MAC address from the list. • Client IP Address — Identifies the IP address of the client (if applicable). • CP Configuration — Identifies the CP configuration the client is using. • Protocol — Shows the current connection protocol, which is either HTTP or HTTPS.
Figure 6-83. Interface - Client Status The Interface Client Status page contains the following fields: • Interface — The drop-down menu lists each interface on the switch. To view information about the clients connected to a CP on this interface, select it from the list. • MAC Address — Identifies the MAC address of the client. • IP Address — Identifies the IP address of the client. • CP Configuration — Identifies the captive portal the client used to access the network.
• Configuration Name — The drop-down menu lists each CP configured on the switch. To view information about the clients connected to the CP configuration, select the CP configuration name from the list. • MAC Address — Identifies the MAC address of the client. • IP Address — Identifies the IP address of the client. • Interface — Identifies the interface the client used to access the network. • Protocol — Shows the current connection protocol, which is either HTTP or HTTPS.
Table 6-39. Captive Portal Configuration Commands (continued) CLI Command Description captive-portal client deauthenticate Deauthenticates a specific captive portal client. show captive-portal client status Displays client connection details or a connection summary for connected captive portal users. show captive-portal configuration client status Displays the clients authenticated to all captive portal configurations or a to specific configuration.
Defining SNMP Parameters Simple Network Management Protocol (SNMP) provides a method for managing network devices. The device supports SNMP version 1, SNMP version 2, and SNMP version 3. NOTE: By default, SNMPv2 is automatically enabled on the device. To enable SNMPv3, a local engine ID must be defined for the device. The local engineID is by default set to the switch MAC address, however when the switch operates in a stacking mode, it is important to manually configure the local engineID for the stack.
To display the Global Parameters page, click System →SNMP →Global Parameters in the tree view. Figure 6-85. Global Parameters The Global Parameters page contains the following parameters: • Local Engine ID (6 – 32 hexadecimal characters) — Sets local SNMP engine ID. • Use Default — Configures the device to use the default SNMP EngineID. • SNMP Traps — Enables or disables the device sending SNMP notifications.
SNMP notifications are enabled, and the device is updated. Enabling Authentication Trap 1. Open the Global Parameters page. 2. Select Enable in the Authentication trap field. 3. Click Apply Changes. Authentication notifications are enabled, and the device is updated. Enabling SNMP Notifications Using CLI Commands For information about the CLI commands that perform this function, see the SNMP Commands chapter in the CLI Reference Guide.
Figure 6-86. SNMP View Settings The SNMP View Settings page contains the following fields: • View Name — Contains a list of user-defined views. A view name can contain a maximum of 30 alphanumeric characters. • OID Subtree — Specifies a valid SNMP OID string that can include meta characters like *. • View Type — Specifies whether the objectIDs in the view are included or excluded. • Remove — Check to remove displayed view type. Adding a View 1. Open the SNMP View Settings page. 2. Click Add.
3. Define the relevant fields. 4. Click Apply Changes. The SNMP view is added, and the device is updated. Displaying the View Table 1. Open the SNMP View Settings page. 2. Click Show All. The View Table page displays: Figure 6-88. View Table Removing SNMP Views 1. Open the SNMP View Settings page. 2. Click Show All. The View Table page displays. 3. Select an SNMP view. 4. Check the Remove check box. 5. Click Apply Changes. The SNMP view is removed, and the device is updated.
Table 6-41. SNMP Views Commands CLI Command Description show snmp views Displays the configuration of views. snmp-server view Creates or updates an SNMP server view entry. Access Control Group Use the Access Control Group page to view information for creating SNMP groups, and to assign SNMP access privileges. Groups allow network managers to assign access rights to specific device features or features aspects.
– auth nopriv — Authenticates SNMP messages without encrypting them. – auth priv — Authenticates SNMP messages and encrypts them. • Context Prefix (1–30) — This field permits the user to specify the context name by entering the first 1 to 30 characters of the context name. • Operation — Defines group access rights. The possible field values are: – Read — Select a view that restricts management access to viewing the contents of the agent.
Figure 6-91. Access Table Removing a Group 1. Open the Access Control Configuration page. 2. Click Show All. The Access Table opens. 3. Select a group. 4. Check Remove. 5. Click Apply Changes. The group is removed, and the device is updated. Defining SNMP Access Control Using CLI Commands For information about the CLI commands that perform this function, see the SNMP Commands chapter in the CLI Reference Guide.
Figure 6-92. SNMPv3 User Security Model (USM) The SNMPv3 User Security Model (USM) page contains the following fields: • User Name — Contains a list of user-defined user names. • Group Name — Contains a list of user-defined SNMP groups. SNMP groups are defined in the Access Control Group page. • Engine ID — Selects whether the selected user is associated to a local or to a specified remote SNMPv3 enabled device.
– des — Use a CBC-DES Symmetric Encryption Password for the authentication key. – des-key — Use an HMAC-MD5-96 Authentication Pre-generated key. • Authentication Key(MD5-16; SHA-20 HEX character pairs) — Specify the authentication key. An authentication key is defined only if the authentication method is MD5 or SHA. • Remove — Removes the specified user from the specified group when checked. Adding SNMPv3 Local Users to a Group 1. Open the SNMPv3 User Security Model page. 2. Click Add Local User.
Figure 6-94. Add Remote User 3. Define the relevant fields. 4. Click Apply Changes. 5. The user is added to the group, and the device is updated. Viewing the User Security Model Table 1. Open the SNMPv3 User Security Model (USM) page. 2. Click Show All. The User Security Model Table displays: Figure 6-95. User Security Model Table Removing a User Security Model Table Entry 1. Open the User Security Model page. 2. Click Show All. The User Security Model Table page displays. 3. Select an entry.
4. Check the Remove check box. 5. Click Apply Changes. The entry is removed, and the device is updated. Defining SNMP Users Using CLI Commands For information about the CLI commands that perform this function, see the SNMP Commands chapter in the CLI Reference Guide. The following table summarizes the equivalent CLI commands you use to define SNMP users. Table 6-43. SNMP Users Commands CLI Command Description show snmp users Displays the configuration of users.
• Community String — Contains a list of user-defined community strings that act as a password and are used to authenticate the SNMP management station to the device. A community string can contain a maximum of 20 characters. • SNMP Management Station — Contains a list of management station IP address for which community strings have been defined. • Basic — Enables SNMP Basic mode for the selected community. The possible field values are: – – Access Mode — Defines the access rights of the community.
In addition to the fields in the SNMPv1, 2 Community page, the Add SNMPv1,2 Community page contains the All (0.0.0.0) field, which indicates that the community can be used from any management station. 4. Click Apply Changes. The new community is saved, and the device is updated. Displaying Communities 1. Open the SNMPv1, 2 Community page. 2. Click Show All. The Basic and Advanced Table page displays. Figure 6-98. Basic and Advanced Table Removing Communities 1. Open the SNMPv1, 2 Community page. 2.
Configuring Communities Using CLI Commands For information about the CLI commands that perform this function, see the SNMP Commands chapter in the CLI Reference Guide. The following table summarizes the equivalent CLI commands you use to configure SNMP communities. Table 6-44. SNMP Communities Commands CLI Command Description show snmp Displays the SNMP status. snmp-server community Sets up the community access string to permit access to SNMP protocol.
– Excluded — Restricts sending OID traps or informs. – Included — Sends OID traps or informs. Adding SNMP Filters 1. Open the Notification Filter page. 2. Click Add. The Add Filter page displays: Figure 6-100. Add Filter 3. Define the relevant fields. 4. Click Apply Changes. The new filter is added, and the device is updated. Displaying the Filter Table 1. Open the Notification Filter page. 2. Click Show All.
Removing a Filter 1. Open the Notification Filter page. 2. Click Show All. The Show Notification page displays. 3. Select the Filter Table entry. 4. Check Remove. The filter entry is removed, and the device is updated. Configuring Notification Filters Using CLI Commands For information about the CLI commands that perform this function, see the SNMP Commands chapter in the CLI Reference Guide. The following table summarizes the equivalent CLI commands you use to configure notification filters. Table 6-45.
Figure 6-102. Notification Recipients The Notification Recipients page contains the following fields: • Recipient IP — Contains a user-defined list of notification recipients IP addresses. • Notification Type — The type of notification sent. The possible field values are: • • – Trap — Traps are sent. – Inform — Informs are sent. SNMPv1,2 — SNMP versions 1 or 2 are enabled for the selected recipient.
• Auth NoPriv — The packet is authenticated. • Auth Priv — The packet is both authenticated and encrypted. • UDP Port (1–65535) — UDP port used to send notifications. The default is 162. • Filter Name — Check this check box to apply a user-defined SNMP filter (selected from the dropdown menu) to notifications. • Timeout (1–300) — Amount of time (seconds) the device waits before resending informs. The default is 15 seconds.
Displaying the Notification Recipients Tables 1. Open Notification Recipients page. 2. Click Show All. The Notification Recipient Tables page opens: Figure 6-104. Notification Recipient Tables Removing Notification Recipients 1. Open the Notification Recipients page. 2. Click Show All. The Notification Recipient Tables page open. 3. Select the Remove check box for one or more notification recipients in the SNMPV1,2 Notification Recipient and/or SNMPv3 Notification Recipient Tables. 4.
Table 6-46. SNMP Notification Recipients Commands CLI Command Description show snmp Displays the SNMP status. snmp-server host Specifies the recipient of SNMP notifications. snmp-server v3-host Specifies the recipient of SNMPv3 notifications. File Management Use the File Management menu page to manage device software, the image file, and the configuration files.
The File System page contains the following fields: • File Name — A text field listing the names of the files on the file system. • Image Description — A field 0-128 characters in length that displays an image description of the file. • Size — Displays the size of the specified file in bytes. • Remove — Select to remove the specified file. • Flash Memory Details — Displays Flash Memory availability details, in terms of total bytes of memory used, and memory (in bytes) available.
• Version — The version of the current active image. • After Reset — From the menu, select the image that should be active after the next reset. • Version — Displays the version of the image after reset. Setting the Boot Image Using CLI Commands For information about the CLI command that performs this function, see the Configuration and Image File Commands chapter in the CLI Reference Guide. The following table shows the equivalent CLI command you use to configure the boot image. Table 6-48.
• SSH-1 RSA Key File — SSH-1 Rivest-Shamir-Adleman (RSA) Key File • SSH-2 RSA Key PEM File — SSH-2 Rivest-Shamir-Adleman (RSA) Key File (PEM Encoded) • SSH-2 DSA Key PEM File — SSH-2 Digital Signature Algorithm (DSA) Key File (PEM Encoded) NOTE: To download SSH key files, SSH must be administratively disabled and there can be no active SSH sessions.
Downloading Files 1. Open the File Download From Server page. 2. Verify the IP address of the server and ensure that the software image or boot file to be downloaded is available on the server. 3. Complete the Server Address and Source File Name (full path without server IP address) fields. 4. If you are downloading a configuration file, select the Destination File Name. 5. Click Apply Changes.
Figure 6-108. File Upload to Server The File Upload to Server page contains the following fields: • • File Type — Select the type of file to be uploaded. Possible filetypes are: – Firmware — Uploads the active image. – Configuration — Uploads the configuration file. If File Type - Configuration is selected, the Transfer File Name field is also displayed. – Startup Log — Uploads the startup log file. – Operational Log — Uploads the operational log.
– Running Configuration — Uploads the running configuration file. – Startup Configuration — Uploads the startup configuration files. – Backup Configuration — Uploads the backup configuration files. Uploading Files 1. Open the File Upload to Server page. 2. Define the applicable fields in the page. 3. Click Apply Changes. NOTE: After you start a file upload, the page refreshes and a transfer status field appears to indicate the number of bytes transferred.
Figure 6-109. Copy Files The Copy Files page contains the following fields: • Copy Master Firmware — Specifies that a software image file should be copied. • Destination — The destination unit(s) (within the stack) to which the file is copied. Select from the menu one of the following values: – All — All units in the stack. – Unit — Specified unit within the stack, unit 1 for example. • Copy Configuration — Specifies that a configuration file should be copied.
Copy Files Using CLI Commands For information about the CLI command that perform this function, see the Configuration and Image Files Commands chapter in the CLI Reference Guide. The following table summarizes the equivalent CLI command you use to copy files from one location to another. Table 6-51. Copy Command CLI Command Description copy Copies files from a source to a destination. Defining Advanced Settings Use Advanced Settings to set miscellaneous global attributes of the device.
• The IP addresses of DNS name servers (option 6). The IP addresses of DNS name servers should be returned from the DHCP server only if the DNS server is in the same LAN as the switch performing Auto Configuration. A DNS server is needed to resolve the IP address of the TFTP server if only the “sname” or option 66 values are returned to the switch.
– Disable — Uses the configuration file as the running configuration only. When the switch reboots, it will load the configuration from the startup configuration file. • Retry Count — Indicates the number of times to attempt the auto configuration process during boot up. The number of times the switch has attempted to contact the TFTP server during the current Auto Configuration session. • Auto Configuration State — Shows the current state of the Auto Configuration process.
Defining Stacking Overview A stack is created by daisy-chaining stacking links on adjacent units. A stack of units is manageable as a single entity when the units are connected together. If a unit cannot detect a stacking partner on a port enabled for stacking, the unit automatically operates as a standalone unit. If a stacking partner is detected, the switch always operates in stacking mode. One unit in the stack is designated as the Master unit. The Master manages all the units in the stack.
Configuring Stacking Use the Stacking menu to set the stacking characteristics of the device. The changes to these attributes are applied only after the device is reset. Click System →Stacking in the tree view to display the Stacking page.
Figure 6-111. Unit Configuration The Unit Configuration page contains the following fields: • Switch ID — Specifies unit to be configured. • Change Switch ID to — Changes the unit number of the selected unit. • Management Status — Shows whether the selected unit is a Management Unit or a Stack Member. • Unit Type — Specify whether the select unit is the Management Unit (Stack Master), a Stack Member, or the Standby Switch.
• Plugged-in Model Identifier — A 16-byte character string to identify the plugged-in model of the selected unit. • Switch Status — Displays the status of the selected unit. The possible values are: • – OK — The unit is in place and functioning. – Unsupported — The unit is in place, but can not function as a member of the stack. – Code Mismatch — The software of the switch does not match the master unit software.
• Standby Status — This field identifies the switch that is configured as the Standby Unit. Possible values are: – OPR Standby — Indicates that this unit is operating as the Standby Unit and the configured Standby Unit is not part of the stack. – CFG Standby — Indicates that the unit is configured as the Standby Unit. The unit configured as the Standby switch becomes the stack manager if the current manager fails. – Blank — Indicates that the switch is not configured as the Standby Unit.
Table 6-53. Stack Summary Commands CLI Command Description show switch Displays information about all units in the stack. switch priority Configures the ability of the switch to become the Management Switch. switch renumber Changes the identifier for a switch in the stack. member Configures the switch as a member of a stack. movemanagement Moves the Management Switch functionality from one switch to another. standby Configures the standby in the stack.
• Management Preference — Determines whether this unit is capable of becoming the master switch. If the value is set to zero then the unit cannot support Master Switch function. The higher value means that the unit is more desirable than another unit with lower value for running the management function. The device manufacturer sets the initial value of this field. • Expected Code Type — Displays the release number and version number of the code expected. Viewing Supported Switch Characteristics 1.
Figure 6-114. Stack Port Summary The Stack Port Summary page contains the following fields: • Unit — ID number of the unit. • Interface — Identifies the stack interface assigned to the unit. • Configured Stack Mode — Indicates whether or not each unit is able to participate in the stack. • Running Stack Mode — Indicates whether or not each unit is actually participating in the stack. • Link Status — Indicates whether or not the stack interface for each unit is operating.
Figure 6-115. Stack Port Counters The Stack Port Counters page contains the following fields: • Unit — Indicates the subordinate switch being viewed. • Interface — Indicates the name of the interface. • Data Rate (Mb/s) — Indicates the speed at which the data is transmitted. • Transmit Error Rate (Errors/sec) — Indicates the number of errors transmitted per second. • Total Errors — Total number of errors transmitted. • Data Rate (Mb/s) — Indicates the speed at which the data is received.
Stack Port Diagnostics The Stack Port Diagnostics page is intended for Field Application Engineers (FAEs) and developers only. Nonstop Forwarding Overview When switches are members of a stack, packet forwarding rules, protocol configurations, and state information are controlled by a designated stack management unit. Typically, when the management unit fails due to a power failure, hardware failure, or software fault, neighbor routers detect that the management unit is down or restarting.
Figure 6-116. NSF Summary • Admin Status — Select the administrative mode for the interface. When enabled, the stack selects a backup unit to receive checkpointed data from applications on the management unit. • Operation Status — Indicates whether NSF is operational on the stack, which may differ from the Admin Status setting. If a unit that does not support NSF is connected to the stack, then NSF is disabled on all stack members.
• Backup Configuration Age — Indicates the time since the running configuration was last copied to the backup unit. Click Initiate Failover to start a warm restart. On a warm restart, the backup unit becomes the management unit without clearing its hardware tables (on a cold restart, hardware tables are cleared). Applications apply checkpointed data from the former management unit to the backup unit as the original management unit reboots.
Figure 6-117. Checkpoint Statistics • Messages Checkpointed — The number of messages sent from master unit to backup unit. • Bytes Checkpointed — How much data has been sent from master unit to the backup unit. • Time Since Counters Cleared — The amount of time since the counters have been reset. • Message Rate Interval — The number of seconds between measurements. • Message Rate — The number of messages sent in the last measurement interval.
Trap Manager Use the Trap Manager menus to configure traps flags and view the trap log. Click System →Trap Manager in the tree view to display the Trap Manager page. Use this page to go to the following features: • Trap Flags • OSPFv2 Trap Flags • OSPFv3 Trap Flags • Trap Log Trap Flags The Trap Flags page is used to specify which traps you want to enable or disable.
The Trap Flags page contains the following fields: • • Switch Traps – Authentication — Enable or disable activation of authentication failure traps by selecting the corresponding line on the pull-down entry field. The factory default is enabled. – Link Up/Down — Enable or disable activation of link status traps by selecting the corresponding line on the pull-down entry field. The factory default is enabled.
Table 6-59. Trap Flag Commands CLI Command Description snmp-server enable traps Enables SNMP traps globally or enables specific SNMP traps. show trapflags Shows the status of the configurable SNMP traps. show trapflags captive-portal Shows the status of captive portal trapflags. OSPFv2 Trap Flags The OSPFv2 Trap Flags page is used to specify which OSPFv2 traps you want to enable or disable.
Figure 6-119. OSPFv2 Trap Flags The OSPFv2 Trap Flags page contains the following fields: • Error Traps – Authentication Failure — Signifies that a packet has been received on a non-virtual interface from a router with an authentication key or authentication type that conflicts with this router's authentication key or authentication type. The factory default is disabled. – Bad Packet — Signifies that an OSPF packet has been received on a non-virtual interface that cannot be parsed.
• • • • 266 – Virtual Authentication Failure — Signifies that a packet has been received on a virtual interface from a router with an authentication key or authentication type that conflicts with this router's authentication key or authentication type. The factory default is disabled. – Virtual Bad packet — Signifies that an OSPF packet has been received on a virtual interface that cannot be parsed. The factory default is disabled.
– Virtual Link Interface State Change — Signifies that there has been a change in the state of an OSPF virtual interface. This trap should be generated when the interface state regresses (e.g., goes from Point- to-Point to Down) or progresses to a terminal state (i.e., Point-to-Point). The factory default is disabled. – Virtual Neighbor State Change — Signifies that there has been a change in the state of an OSPF virtual neighbor. This trap should be generated when the neighbor state regresses (e.g.
Figure 6-120. OSPFv3 Trap Flags The OSPFv3 Trap Flags page contains the following fields: • • 268 Error Traps – Bad Packet — Signifies that an OSPF packet has been received on a non-virtual interface that cannot be parsed. The factory default is disabled. – Configuration Error — Signifies that a packet has been received on a non-virtual interface from a router with configuration parameters that conflict with this router's configuration parameters. The factory default is disabled.
• • • – LSA Max Age — Signifies that one of the LSA in the router link-state database has aged to MaxAge. The factory default is disabled. – LSA Originate — Signifies that a new LSA has been originated by this router. This trap should not be invoked for simple refreshes of LSAs (every 30 minutes), but only when an LSA is (re)originated due to a topology change. This trap does not include LSAs that are being flushed because they have reached MaxAge. The factory default is disabled.
Configuring OSPFv3 Traps Using CLI Commands For information about the CLI command that performs this function, see the SNMP Commands chapter in the CLI Reference Guide. The following table shows the equivalent CLI command you use to configure OSPFv3 traps. Table 6-61. OSPFv3 Trap Command CLI Command Description snmp-server enable traps ospfv3 Enables OSPFv3 traps. Trap Log The Trap Log page is used to view entries that have been written to the trap log.
• Trap Log Capacity — The maximum number of traps stored in the log. If the number of traps exceeds the capacity, the entries will overwrite the oldest entries. • Number of Traps Since Log Last Viewed — The number of traps that have occurred since the traps were last displayed. Displaying the traps by any method (terminal interface display, Web display etc.) will cause this counter to be cleared to 0. • Log — The sequence number of this trap.
• The sFlow collector can receive data from multiple switches, providing a real-time synchronized view of the whole network. • The collector can analyze traffic patterns for whatever protocols are found in the headers (e.g. TCP/IP, IPX, Ethernet, AppleTalk…), which means there is no need for a layer 2 switch to decode and understand all protocols. sFlow Agent Summary Packet Flow Sampling and Counter Sampling are performed by sFlow Instances associated with individual data sources within the sFlow Agent.
Configuring and Viewing sFlow Settings Using CLI Commands For information about the CLI commands that perform this function, see the Flow Commands chapter in the CLI Reference Guide. The following table summarizes the equivalent CLI commands you use to configure and view sFlow settings. Table 6-63. sFlow Settings Commands CLI Command Description show sflow agent Displays the sflow agent information.
• Receiver Owner String — The entity making use of this sFlowRcvrTable entry. The empty string indicates that the entry is currently unclaimed and the receiver configuration is reset to the default values. An entity wishing to claim an sFlowRcvrTable entry must ensure that the entry is unclaimed before trying to claim it. The entry is claimed by setting the owner string. The entry must be claimed before any changes can be made to other sampler objects.
Table 6-64. sFlow Receiver Commands CLI Command Description sflow destination Configures sFlow collector parameters (owner string, receiver timeout, ip address, and port). sFlow Sampler Configuration The sFlow Agent collects a statistical packet-based sampling of the switched flows and sends them to the configured receivers. A data source configured to collect flow samples is called a sampler.
Figure 6-125. sFlow Sampler Configuration The sFlow Sampler Configuration page contains the following fields: • Sampler DataSource— The sFlow data source for this sFlow sampler. This Agent supports physical ports only. • Receiver Index — The sFlow Receiver for this sFlow sampler. If set to zero, no packets will be sampled. Only active receivers can be set. If a receiver expires, then all samplers associated with the receiver will also expire. The allowed range is 1 to 8.
Figure 6-126. sFlow Sampler Summary Configuring and Viewing sFlow Settings Using CLI Commands For information about the CLI commands that perform this function, see the sFlow Commands chapter in the CLI Reference Guide. The following table summarizes the equivalent CLI commands you use to configure and view sFlow settings. Table 6-65. sFlow Settings Commands CLI Command Description sflow sampling Enables a new sflow sampler instance for this data source if rcvr_idx is valid.
To access the sFlow Poll Configuration page, click System →sFlow →Poll Configuration in the navigation tree. Figure 6-127. sFlow Poll Configuration The sFlow Poll Configuration page contains the following fields: • Poll DataSource — The sFlow Sampler data source for this flow sampler. This Agent supports physical ports only. • Receiver Index — The sFlowReceiver for this sFlow Counter Poller. If set to zero, the poller configuration is set to the default and the poller is deleted.
Configuring and Viewing sFlow Settings Using CLI Commands For information about the CLI commands that perform this function, see the sFlow Commands chapter in the CLI Reference Guide. The following table summarizes the equivalent CLI commands you use to configure and view sFlow settings. Table 6-66. sFlow Poll Configuration Commands CLI Command Description sflow polling Enables a new sflow poller instance for the data source if rcvr_idx is valid.
Figure 6-129. ISDP Global Configuration The ISDP Global Configuration page contain the following fields: • ISDP Mode — Use this field to enable or disable the Industry Standard Discovery Protocol on the switch. • ISDP V2 Mode — Use this field to enable or disable the Industry Standard Discovery Protocol v2 on the switch. • Message Interval — Specifies the ISDP transmit interval. The range is (5–254). Default value is 30 seconds.
– other — Indicates that the value is in the form of a platform specific ASCII string containing info that identifies the device. For example: ASCII string contains serialNumber appended/prepended with system name. Configuring ISDP Using CLI Commands For information about the CLI commands that perform this function, see the CDP Interoperability Commands chapter in the CLI Reference Guide. The following table summarizes the equivalent CLI commands you use to configure ISDP. Table 6-67.
• IP Address — The (first) network-layer address that is reported in the Address TLV of the most recently received ISDP message. • Version — Displays the Version string for the neighbor. • Holdtime — Displays the ISDP holdtime for the neighbor. • Capability — Displays the ISDP Functional Capabilities for the neighbor. • Platform — Displays the ISDP Hardware Platform for the neighbor. • Port ID — Displays the ISDP port ID string for the neighbor.
Figure 6-131. ISDP Interface Configuration The ISDP Interface Configuration page contain the following fields: • Interface — Select the interface with the ISDP mode status to configure or view. • ISDP Mode — Use this field to enable or disable the Industry Standard Discovery Protocol on the selected interface. Displaying the ISDP Interface Summary Table 1. Open the ISDP Interface Configuration page. 2. Click Show All. The ISDP Interface Summary page displays: Figure 6-132.
Table 6-69. ISDP Interface Commands CLI Command Description isdp enable (Interface Mode) Enables ISDP on an interface. show isdp interface Displays ISDP settings for the specified interface. ISDP Statistics From the ISDP Statistics page, you can view information about the ISDP packets sent and received by the switch. To access the ISDP Statistics page, click System →ISDP →Statistics in the navigation tree. Figure 6-133.
The ISDP Statistics page contain the following fields: • Packets Received — Displays the number of all ISDP protocol data units (PDUs) received. • Packets Transmitted — Displays the number of all ISDP PDUs transmitted. • ISDPv1 Packets Received — Displays the number of v1 ISDP PDUs received. • ISDPv1 Packets Transmitted — Displays the number of v1 ISDP PDUs transmitted. • ISDPv2 Packets Received — Displays the number of v2 ISDP PDUs received.
iSCSI Optimization The Internet Small Computer System Interface (iSCSI) Optimization feature enables the switch to detect the presence of EqualLogic (EQL) storage arrays on the network and automatically configure the software to enhance the flow of storage traffic to the iSCSI device. iSCSI optimization uses LLDP snooping to detect the presence and the removal of EQL arrays on the network.
Figure 6-134. iSCSI Sessions When you change the status to Enable, the following message displays: Configuring iSCSI Optimization Using CLI Commands For information about the CLI commands that perform this function, see the iSCSI Commands chapter in the CLI Reference Guide: The following table summarizes the equivalent CLI commands you use to configure iSCSI Optimization. Table 6-71. iSCSI Optimization Commands CLI Command Description iscsi enable Globally enables iSCSI awareness.
Configuring System Information
7 Configuring Switching Information Overview This section provides all system operations and general information for network security, ports, address tables, GARP, VLANs, Spanning Tree, Port Aggregation, and Multicast Support.
Configuring Network Security Use the Network Security menu page to set network security through port-based authentication, locked ports, DHCP Filtering configuration, and access control lists. To display the Network Security page, click Switching →Network Security in the tree view.
Figure 7-1. Dot1x Authentication The Dot1x Authentication page contains the following fields: Global Parameters • • Administrative Mode— Permits 802.1X port-based authentication on the switch. The possible field values are: – Enable — Enables 802.1X authentication on the switch. – Disable — Disables 802.1X authentication on the switch. Authentication Method — Selects the Authentication method used.
– None — Indicates that no authentication method is used. – RADIUS — Indicates that authentication occurs at the RADIUS server. Interface Parameters 292 • Interface — Selects the Unit and Port to be affected. • Guest VLAN — Enables or disables the guest VLAN mode on this interface. To enable the guest VLAN, select the VLAN ID to use as the guest VLAN. All VLANs configured on the system are included in the menu. • Unauthenticated VLAN — Allows or prohibits unauthenticated traffic on the port.
• Max Users — Set the maximum number of clients supported on the port when MAC-based 802.1X authentication is enabled on the port. The number of users allowed to authenticate per port ranges from 1 to 16. • Termination Cause — Displays the reason for termination. • MAC Authentication Bypass — Enable this feature to provide 802.1x unaware clients controlled access to the network using the MAC address of the device as an identifier.
Figure 7-2. Dot1x Authentication Table 3. Use the horizontal scroll bar or click the right arrow at the bottom of the screen to display the right side of the table. 4. Use the Unit drop-down menu to view the Dot1x Authentication Table for other units in the stack, if they exist. Re-Authenticating One Port 1. Open the Dot1x Authentication page. 2. Click Show All. The Dot1x Authentication Table displays. 3. Check Edit to select the Unit/Port to re-authenticate. 4. Check Reauthenticate Now. 5.
Changing Administrative Port Control 1. Open the Dot1x Authentication page. 2. Click Show All. The Dot1x Authentication Table displays. 3. Scroll to the right side of the table and select the Edit check box for each port to configure. Change Admin Port Control to Authorized, Unauthorized, or Automode as needed for chosen ports. Only MAC-Based and Automode actually uses dot1x to authenticate. Authorized and Unauthorized are manual overrides. 4. Click Apply Changes.
Table 7-1. 802.1x Authentication Commands CLI Command Description dot1x mac-auth-bypass Enables MAB on an interface. dot1x max-req Sets the maximum number of times the switch sends an EAP-request frame to the client before restarting the authentication process. dot1x max-users Sets the maximum number of clients supported on the port when MAC-based 802.1X authentication is enabled on the port. dot1x port-control Enables manual control of the authorization state of the port.
Figure 7-3. Network Security Authenticated Users The Authenticated Users page contains the following fields: • Port — Displays the port used for authentication. • User Name — Specifies a user from the list of users authorized via the RADIUS Server. Displaying Authenticated Users Using CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • 802.1X Commands Table 7-2. 802.
Figure 7-4. Network Security Port Security The Port Security page contains the following fields: • Interface — Displays the unit and port or the LAG on which the locked port security is enabled. • Set Port — Enables locking the port or LAG. When a port is locked, all the current addresses that had been dynamically learned by the switch on that port are removed from the list. When the port is unlocked, they are removed from the static list.
Figure 7-5. Port Security Table 3. Use the Unit drop-down menu to view the Port Security Table for other units in the stack, if they exist. Defining Multiple Locked Ports 1. Open the Port Security page. 2. Click Show All. The Port Security Table displays. 3. Click Edit for each port whose parameters are to be changed. 4. Fields can now be edited as needed for these ports. 5. Click Apply Changes. The changes are made to the Port Security table, and the device is updated.
IP ACL Configuration Access control lists (ACL) allow network managers to define classification actions and rules for specific ingress ports. Your switch supports up to 100 ACLs. However, the hardware resources are limited and may not be able to fully support 100 completely populated ACLs. Packets can be filtered on ingress or egress. If the filter rules match, then some actions can be taken, including dropping the packet or disabling the port.
Figure 7-7. Add IP ACL 3. Enter the desired ACL Name in the related entry field. 4. Click Apply Changes. The IP-based ACL is added, and the device is updated. Removing an IP-based ACL 1. Open the IP ACL Configuration page, and select the ACL to be deleted from the IP ACL drop-down menu. 2. Check the Remove ACL check box. 3. Click Apply Changes. The IP-based ACL is removed, and the device is updated. Displaying IP ACLs 1. Open the IP ACL Configuration page. 2. Click Show All.
The following table summarizes the equivalent CLI commands you use to configure an IP-based ACL. Table 7-4. IP ACL Commands CLI Command Description access-list Creates an Access Control List show ip access-lists Displays access lists applied on interfaces and all rules that are defined for the access lists. IP ACL Rule Configuration Use the IP ACL Rule Configuration page to define rules for IP-based ACLs.
Figure 7-9. IP ACL - Rule Configuration (Standard) The IP ACL Rule Configuration page contains the following fields: • IP ACL Name — Specifies an existing IP ACL. To set up a new IP ACL use the "IP ACL Configuration" page. • Rule ID — Selects or creates user-defined ACLs. Enter an existing Rule ID, or create a new one by selecting Create from the drop-down menu and entering the desired new Rule ID in the field next to it. The new ID is created once Apply Changes is clicked.
• Redirect Interface — Select from the drop-down list of interfaces one that packets meeting this rule can be redirected to. • Mirror Interface — Select from the drop-down list of interfaces one that packets meeting this rule can be mirrored to. • Logging — Enables logging for a particular ACL when the check box is selected. Logging is supported for Deny action only. • Match Every — Requires a packet to match the criteria of this ACL. Click the check box to apply this criteria.
– Match to Port — Click to add a user-defined Port ID. • IP Precedence — Matches the packet IP Precedence value to the rule when checked. Enter the IP Precedence value to match. Either the DSCP value or the IP Precedence value is used to match packets to ACLs. • IP TOS Bits — Matches on the Type of Service bits in the IP header when checked. • – TOS Bits — Requires the bits in a packet’s TOS field to match the two-digit hexadecimal number entered here.
Table 7-5. IP Access Rule Command CLI Command Description access-list Use this command to specify rules for the IP access list. show ip access-lists Displays an Access Control List (ACL) and all of the rules that are defined for the ACL. MAC ACL Configuration The MAC ACL Configuration page allows network administrators to define a MAC-based ACL. For an explanation of ACLs, see "IP ACL Configuration.
Figure 7-11. Add MAC ACL 3. Enter the desired MAC ACL Name in the entry field. 4. Click Apply Changes. The MAC-based ACL is added, and the device is updated. Removing a MAC-based ACL 1. Open the MAC ACL Configuration page, and select the ACL to be removed from the MAC ACL drop-down menu. 2. Select the Remove check box. 3. Click Apply Changes. The MAC-based ACL is removed, and the device is updated. Displaying MAC ACLs 1. Open the MAC ACL Configuration page. 2. Click Show All.
Table 7-6. MAC ACL Commands CLI Command Description mac access-list Configures conditions required to allow traffic based on MAC addresses. show mac access-lists Displays a MAC access list and all of the rules that are defined for the ACL. MAC ACL Rule Configuration Use the MAC ACL Rule Configuration page to define rules for MAC-based ACLs. The access list definition includes rules that specify whether traffic matching the criteria is forwarded normally or discarded.
• Rule Id — Selects or creates a user-defined ACLs. Enter an existing Rule ID, or create a new one by selecting Create from the drop-down menu and entering the desired new Rule ID in the field next to it. The new ID is created once Apply Changes is clicked. • Action — Selects the ACL forwarding action, which can be one of the following values: – Permit — Forwards packets which meet the ACL criteria. – Deny — Drops packets which meet the ACL criteria.
1. Open the MAC ACL Rule Configuration page. 2. Select the desired ACL from the MAC ACL drop-down menu. 3. Select the desired rule from the Rule ID drop-down menu. 4. Modify the remaining fields as needed. 5. Click Apply Changes. The MAC-based rule is modified, and the device is updated. Adding a New Rule to a MAC-based ACL 1. Open the MAC ACL Rule Configuration page. 2. Select the desired ACL from the MAC ACL drop-down menu. 3. Specify Create New Rule for Rule ID. 4. Enter a new ID number. 5.
Table 7-7. MAC ACL Commands CLI Command Description deny|permit Use the deny command to deny traffic if the conditions defined in the deny statement are matched. Use the permit command in Mac-AccessList Configuration mode to allow traffic if the conditions defined in the permit statement are matched. show mac access-list Displays a MAC access list and all of the rules that are defined for the ACL.
Figure 7-14. IPv6 ACL Configuration The IPv6 ACL Configuration page contains the following fields: • IPv6 ACL Name — Specify an IPv6 ACL name string which includes alphanumeric characters only. The name must start with an alphabetic character. This field displays the name of the currently selected IPv6 ACL if any ACLs have already been created. • Rename — To rename an existing IPv6 ACL, select this option, enter a new name in the text field, and click Apply Changes.
Displaying IPv6 ACLs 1. Open the IPv6 ACL Configuration page. 2. Click Show All. All IP ACLs and their related data display in the IPv6 ACL Table. Figure 7-16. IPv6 ACL Table The Summary page has the following fields: • IPv6 ACL Name — Describes the number ranges for IPv4 ACL standard versus extended. The range for a standard IP ACL is 1-99. For an extended IP ACL, the ID range is 101-199. • Rules — Shows the number of rules currently configured for the IP ACL.
IPv6 ACL Rule Configuration Use the IPv6 ACL Rule Configuration page to define rules for IPv6-based ACLs. The access list definition includes rules that specify whether traffic matching the criteria is forwarded normally or discarded. Additionally, you can specify to assign traffic to a particular queue, filter on some traffic, change VLAN tag, shut down a port, and/or redirect the traffic to a particular port. By default, no specific value is in effect for any of the IPv6 ACL rules.
• Rule ID — Select an existing Rule ID to modify or select Create Rule to configure a new ACL Rule. To create a new rule, enter a rule ID from 1–127 in the available field. New rules cannot be created if the maximum number of rules has been reached. For each rule, a packet must match all the specified criteria in order to be true against that rule and for the specified rule action (Permit/Deny) to take place. • Action — Specify what action should be taken if a packet matches the rule’s criteria.
– Select one of the keyword from the list: DOMAIN, ECHO, FTP, FTPDATA, HTTP, SMTP, SNMP, TELNET, TFTP, and WWW. Each of these values translates into its equivalent port number, which is used as both the start and end of the port range. • Destination Prefix/Prefix Length — Enter up to a 128-bit prefix combined with the prefix length to be compared to a packet's destination IP address as a match criteria for the selected IPv6 ACL rule. The prefix length can be in the range 0 to 128.
NOTE: Binding an ACL in the egress direction is not supported by the PowerConnect 6200 Series switches. IP ACLs may be bound to an Ethernet interface in the egress direction. To display the ACL Bind Configuration page, click Switching →Network Security →Access Control Lists →Binding Configuration in the tree view. Figure 7-18. ACL Bind Configuration The ACL Bind Configuration page contains the following fields: • Interface — Radio buttons permit selection of interface by Unit/port, LAG, or VLAN.
Assigning an ACL to an Interface 1. Open the ACL Bind Configuration page. 2. In the Interface field, specify the Unit and Port, LAG, or VLAN to configure. 3. Select the IP, IPv6, or MAC ACL in the Select an ACL field. NOTE: Whenever an ACL is assigned on a port, LAG, or VLAN, flows from that ingress interface that do not match the ACL are matched to the default rule, which is Drop unmatched packets. 4. Specify the priority in Assign ACL Priority. 5. Click Apply Changes.
Configuring Ports The Ports menu page provides links for configuring port functionality, including advanced features such as storm control and port mirroring, and for performing virtual port tests. To display the page, click Switching →Ports in the tree view. The Ports menu page contains links to the following features: • Global Parameters • Port Configuration • Protected Port Configuration • LAG Configuration • Storm Control Global Parameters Use the Global Parameters to configure Flow Control.
Enabling Ingress Backpressure 1. Open the Ports Global Parameters page. 2. Select Enable from the drop-down menu in the Flow Control field. 3. Click Apply Changes. 4. Ingress backpressure is now enabled. Configuring Flow Control Using CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • Ethernet Configuration Commands The following table summarizes the equivalent CLI commands for this feature. Table 7-11.
Port Configuration Use the Port Configuration page to define port parameters. To display the Port Configuration page, click Switching →Ports →Port Configuration in the tree view. Figure 7-20. Port Configuration The Port Configuration page contains the following fields: • Port — Specifies the Unit and Port for which port parameters are defined. • Description (0–64 Characters) — Provides a brief interface description, such as Ethernet.
• Admin Duplex — Specifies the port duplex mode. – Full — Indicates that the interface supports transmission between the switch and the client in both directions simultaneously. – Half — Indicates that the interface supports transmission between the switch and the client in only one direction at a time. • Current Duplex Mode — Displays the synchronized port duplex mode. • Auto Negotiation — Enables Auto Negotiation on the port.
2. Click Show All. The Port Configuration Table displays. Figure 7-21. Port Configuration Table 3. Use the Unit drop-down menu to view the Port Configuration Table for other units in the stack, if they exist. Copying Port Configuration Settings 1. Open the Port Configuration page. 2. Click Show All. The Port Configuration Table displays. 3. Specify the Unit and Port you are copying from in Copy Parameters From. 4. Click Copy To for each Port to receive these parameters. 5. Click Apply Changes.
Configuring Ports with CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • Ethernet Configuration Commands The following table summarizes the equivalent CLI commands for this feature. Table 7-12. Port Configuration Commands CLI Command Description description Adds a description to an interface. duplex Configures the full/half-duplex operation of a given Ethernet interface when not using auto-negotiation.
Figure 7-22. Protected Port Configuration The Protected Port Configuration page contains the following fields: • Port — Specifies the Unit and Port for which port parameters are defined. • Protected Group ID — Drop-down menu used to assign a port to Group 0, 1, or 2. • Remove Group Name — Check this box to disassociate the selected port from the protected group. Displaying the Protected Port Table 1. Open the Protected Port Configuration page. 2. Click Show All.
4. Use the Unit drop-down menu to view the Protected Port Summary table for other units in the stack, if they exist. Adding Protected Port Groups 1. Open the Protected Port Configuration page. 2. Click Add. The Add Protected Group displays. Figure 7-24. 3. Add Protected Port Use the drop-down menu to assign the numeric designation 0, 1, or 2 to the Protected Group ID. 4. Enter a Protected Group Name (1–32 characters). 5. Click Apply Changes.
To display the LAG Configuration page, click Switching →Ports →LAG Configuration in the tree view. Figure 7-25. LAG Configuration The LAG Configuration page contains the following fields: • LAG — Contains a list of LAG numbers. • LAG Type — The port types that comprise the LAG. • Description (0–64 Characters) — Description of the port. • Admin Status — Enables or disables traffic forwarding through the selected LAG. • Current LAG Status — Indicates whether the selected LAG is Up or Down.
Figure 7-26. LAG Configuration Table Editing LAG Parameters 1. Open the LAG Configuration page. 2. Click Show All. 3. The LAG Configuration Table displays. 4. Check Edit for all LAGs to be modified. 5. Admin Status and Description can now be edited as needed. 6. Click Apply Changes. The LAG parameters are saved to the switch.
Table 7-14. LAG Commands CLI Command Description channel-group Configure a port-to-port channel. description Adds a description to a LAG . hashing-mode Sets the hashing algorithm on trunk ports. interface port-channel Configure a port-channel type and enters port-channel configuration mode. interface range port-channel Use this command in Global Configuration mode to execute a command on multiple port channels at the same time. show interfaces port-channel Shows port-channel information.
The Storm Control page contains the following fields: • Port — Specifies the Unit and Port for which storm control is enabled. • Storm Control Mode — Specifies the mode of broadcast affected by storm control. – Broadcast — If the rate of L2 broadcast traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped. – Multicast — If the rate of L2 multicast traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped.
Modifying Broadcast Control 1. Open the Storm Control interface. 2. Click Show All. The Storm Control Settings Table displays. 3. Check Edit for each port that Broadcast Control is to be modified. 4. Edit Broadcast Control as needed. 5. Click Apply Changes. The storm control port parameters are saved to the switch.
Configuring Traffic Mirroring Traffic mirroring allows the user to configure the switch to send copies of packets on a port that is being mirrored to the mirroring port. The mirroring can be port-based or flow-based. Use the Traffic Mirroring menu page to define port mirroring sessions and configure flow-based mirroring. To display this page, click Switching →Traffic Mirroring in the tree view.
The Port Mirroring page contains the following fields: • Session — Specifies the monitoring session. • Admin Mode — Enables or Disables the port mirroring. • Destination Port — Select the port to which port traffic may be copied. • Reset Session — Allows you to reset the port monitoring session. • Source Port — Lists the source ports that have been added from the Add Source Port page. • Type — Shows the type traffic monitored on the source port.
Modifying a Port Mirroring Session 1. Open the Port Mirroring page. 2. Modify the fields. 3. Click Apply Changes. The port mirroring session fields are modified, and the device is updated. Removing a Port Mirroring Session 1. Open the Port Mirroring page. 2. Select the Reset Session check box. 3. Click Apply Changes. The port mirroring session is removed, and the device is updated.
Figure 7-31. Flow Based Mirroring The Flow Based Mirroring page contains the following fields: • Policy Name — Selects policy to associate with a traffic class. Policy Name is defined using the DiffServ "Policy Configuration" web page. • Member Classes — Selects the traffic class associated with this policy. Member Class is defined using the DiffServ "Class Configuration" web page. • Copy to Interface — When checked, this feature permits packets to be copied to either a unit/port or LAG.
Table 7-17. Flow-based Mirroring Commands CLI Command Description diffserv Sets the DiffServ operational mode to active. policy-map Establishes a new DiffServ policy mirror Mirrors all the data that matches a policy to the specified destination port. Configuring Address Tables MAC addresses are stored in either the static or dynamic address table. Static addresses are defined by you. Dynamic addresses are learned by the system, and are erased after a time-out.
– Delete on Timeout — The MAC address is deleted when a timeout occurs. Adding a Static MAC Address 1. Open the Static MAC Address page. 2. Click Add. The Add Static MAC Address page displays. Figure 7-33. Adding Static MAC Address 3. Complete the fields as needed. 4. Click Apply Changes. The new static address is added to the Static MAC Address Table, and the device is updated. Modifying a Static Address in the Static MAC Address Table 1. Open the Static MAC Address page. 2. Modify the fields. 3.
Figure 7-34. Static MAC Address Table Removing a Static Address from the Static Address Table 1. Open the Static MAC Address page. 2. Click Show All to display the Static MAC Address Table. 3. Check the Remove check box for the address to be removed. 4. Click Apply Changes. The static address is deleted, and the device is updated.
Figure 7-35. Dynamic Address Table The Dynamic Address Table contains the following fields: • Address Aging (10–1000000) — Specifies aging time in seconds before a dynamic MAC address is erased. The default value is 300 seconds. • Clear Table — Clears all dynamic MAC address data from the table when checked and Apply Changes is clicked. • The Dynamic Address Table can be queried by: • – Interface — Specifies Unit and Port queried for an address. – LAG — Specifies the LAG queried for an address.
• VLAN ID — Displays the VLAN Tag value. • MAC Address— Displays the MAC address. • Interface — Displays the port number. Defining the Aging Time 1. Open the Dynamic Address Table page. 2. Define the Address Aging field. 3. Click Apply Changes. The aging time is modified, and the device is updated. Querying the Dynamic Address Table 1. Open the Dynamic Address Table page. 2. Define the parameter by which to query the Dynamic Address Table.
Configuring GARP Generic Attribute Registration Protocol (GARP) is a general-purpose protocol that registers any network connectivity or membership-style information. GARP defines a set of switches interested in a given network attribute, such as VLAN or multicast address. The GARP Timers page is accessible from the GARP menu page. To display the GARP menu page, click Switching →GARP in the tree view. GARP Timers The GARP Timers page contains fields for enabling GARP on the switch.
Defining GARP Timers 1. Open the GARP Timers page. 2. Complete the fields. 3. Click Apply Changes. The parameters are copied to the selected ports or LAGs in the GARP Timers Table, and the device is updated. Displaying Parameters in the GARP Timers Table 1. Open the GARP Timers page. 2. Click Show All. The GARP Timers Table displays. Figure 7-37. GARP Timers Table 3. Use the Unit drop-down menu to view the GARP Timers Table for other units in the stack, if they exist. Copying GARP Timers Settings 1.
Modifying GARP Timers Settings for Multiple Ports 1. Open the GARP Timers page. 2. Click Show All. The GARP Timers Table displays. 3. Click Edit for each Interface to modify. 4. Edit the GARP Timers fields as needed. 5. Click Apply Changes. The GARP Timers settings are modified, and the device is updated.
Configuring the Spanning Tree Protocol The Spanning Tree Protocol (STP) provides a tree topology for any arrangement of bridges. STP also provides one path between end stations on a network, eliminating loops. Spanning tree versions supported include Classic STP, Multiple STP, and Rapid STP. Classic STP provides a single path between end stations, avoiding and eliminating loops. For information on configuring Classic STP, see "STP Global Settings.
Figure 7-38. Spanning Tree Global Settings The STP Global Settings page contains the following fields: • Spanning Tree Status — Enables or disables RSTP, STP, or MSTP on the switch. • STP Operation Mode — Specifies the STP mode by which STP is enabled on the switch. Possible field values are: Classic STP, Rapid STP, and Multiple STP. • BPDU Flooding — Specifies Bridge Protocol Data Unit (BPDU) packet handling when the spanning tree is disabled on an interface.
• BPDU Protection — Disables a port in case a new switch tries to enter the already existing topology of STP. This keeps switches not originally part of an STP from influencing the STP topology. If set to Enable, when a BPDU is received on an edge port, that port is disabled. Once the port has been disabled it requires manual-intervention to be re-enabled. Bridge Settings • Priority — Specifies the bridge priority value. When switches or bridges are running STP, each are assigned a priority.
Table 7-21. Spanning Tree Global Commands CLI Command Description spanning-tree Enables spanning-tree functionality. spanning-tree bpdu flooding Allows flooding of BPDUs received on nonspanning-tree ports to all other non-spanning-tree ports. spanning-tree bpdu-protection Enables BPDU protection on a switch.
STP Port Settings Use the STP Port Settings page to assign STP properties to individual ports. To display the STP Port Settings page, click Switching →Spanning Tree →STP Port Settings in the tree view. Figure 7-39. STP Port Settings The STP Port Settings page contains the following fields: • Select a Port — Specifies the Unit and Port on which STP is enabled. • STP — Enables or disables STP on the port. • Port Fast — Enables Port Fast mode for the port when checked.
– Blocking — The port is currently blocked and cannot be used to forward traffic or learn MAC addresses. – Listening — The port is currently in the listening mode. The port cannot forward traffic nor can it learn MAC addresses. – Learning — The port is currently in the learning mode. The port cannot forward traffic, however, it can learn new MAC addresses. – Forwarding — The port is currently in the forwarding mode. The port can forward traffic and learn new MAC addresses.
Displaying the STP Port Table and Configuring STP Port Settings 1. Open the STP Port Settings page. 2. Click Show All. The STP Port Table displays. Figure 7-40. STP Port Table 3. Use the Unit drop-down menu to view the STP Port Table for other units in the stack, if they exist. 4. To change the STP settings for one or more ports, select the Edit option for the port(s), configure the desired settings, and then click Apply Changes.
To display the STP LAG Settings page, click Switching →Spanning Tree →STP LAG Settings in the tree view. Figure 7-41. STP LAG Settings The STP LAG Settings page contains the following fields: • Select a LAG — Specifies the LAG number for which you want to modify STP settings. • STP — Enables or disables STP on the LAG. Default is enable. • Port Fast — Enables Port Fast mode for the LAG.
– Learning — The LAG is in the learning mode and cannot forward traffic, but it can learn new MAC addresses. – Forwarding — The LAG is currently in the forwarding mode, and it can forward traffic and learn new MAC addresses. – Broken — The LAG is currently malfunctioning and cannot be used for forwarding traffic. • STP Root Guard — Enables or disables STP Root Guard. The default is disable. • Role — Displays the role this port has in the STP topology.
Figure 7-42. STP LAG Table 3. To change the STP settings for one or more LAGs, select the Edit option for the LAG(s), configure the desired settings, and then click Apply Changes. Defining STP LAG Settings Using CLI Commands See "Configuring Spanning Tree Port Settings Using CLI Commands" on page 350. Rapid Spanning Tree Rapid Spanning Tree Protocol (RSTP) detects and uses network topologies that allow a faster convergence of the spanning tree without creating forwarding loops.
• Mode — Displays the administrative mode and if its enabled or disabled. • Fast Link Operational Status — Indicates if Fast Link is enabled or disabled for the port or LAG. If Fast Link is enabled for a port, the port is automatically placed in the forwarding state. This setting can be changed from the "STP Port Settings" or "STP LAG Settings" page. • Point to Point Operational Status — Displays the Point-to-Point operating state.
To display the MSTP Settings page, click Switching →Spanning Tree →MSTP Settings in the tree view. Figure 7-45. MSTP Settings The MSTP Settings page contains the following fields divided into two sections, Global Settings and Instance Settings: • Region Name (1–32 characters) — Specifies a user-defined MST region name. • Revision (0–65535) — Specifies unsigned 16-bit number that identifies the revision of the current MST configuration. The revision number is required as part of the MST configuration.
• Root Bridge ID of the root bridge which is the one with the lowest path cost. • Root Port — Indicates the root port of the selected instance. • Root Path Cost — Indicates the path cost of the selected instance. Modifying MSTP Settings: 1. Open the MSTP Settings page. 2. Modify the fields in the Global Settings and Instance Settings sections as needed. 3. Click Apply Changes. The MSTP parameters are modified, and the device is updated. Displaying the MSTP VLAN to Instance Mapping Table 1.
Table 7-23. MST CLI Command Description instance Maps VLANS to an MST instance. name Define the configuration name for an MST instance. revision Identifies the configuration revision number of an MST instance. spanning-tree max-hops Sets the MSTP Max Hops parameter to a new value for the common and internal spanning tree. spanning-tree mst configuration Enables configuring an MST region by entering the multiple spanningtree (MST) mode.
• Port State — Indicates whether the port is enabled or disabled in the specific instance. • Port Type — Indicates whether MSTP treats the port as a point-to-point port or a port connected to a hub and whether the port is internal to the MST region or a boundary port. If the port is a boundary port, it also indicates whether the switch on the other side of the link is working in RSTP or STP mode • Role — Indicates the port role assigned by the STP algorithm in order to provide to STP paths.
Displaying the MSTP Interface Settings Table 1. Open the MSTP Settings page. 2. Click Show All. The MSTP Interface Table displays. Figure 7-48. MSTP Interface Table 3. Use the Unit drop-down menu to view the MSTP Interface Table for other units in the stack, if they exist. 4. To modify the port priority or path cost for one or more interfaces, check Edit for the desired interfaces. 5. Make the needed changes to the values in the Port Priority or Path Cost columns. 6. Click Apply Changes.
Table 7-24. MST Port Commands CLI Command Description spanning-tree mst 0 external-cost Sets the external cost for the common spanning tree. spanning-tree mst cost Configure the path cost for multiple spanning tree (MST) calculations. spanning-tree mst port-priority Configures port priority. Configuring VLANs Adding Virtual LAN (VLAN) support to a Layer 2 switch offers some of the benefits of both bridging and routing.
Valid VLANs that can be created are 2–4093. VLAN 4094 is reserved. To display the VLAN Membership page, click Switching →VLAN →VLAN Membership in the tree view. Figure 7-49. VLAN Membership The VLAN Membership page is divided into two sections. The top section contains fields that define the entire VLAN’s membership. The bottom section contains tables that define membership settings for specific Ports and LAGs on this VLAN.
• – Dynamic — Indicates the VLAN was dynamically created through GVRP. – Static — Indicates the VLAN is user-defined and may be modified. – Default — Indicates the VLAN is the default VLAN. Remove VLAN — Removes the displayed VLAN from the VLAN Membership Table when checked. The VLAN Membership tables display which Ports and LAGs are members of the VLAN, and whether they’re tagged (T), untagged (U), or forbidden (F). The tables have two rows: Static and Current.
Figure 7-50. Add VLAN 3. Enter a new VLAN ID and VLAN Name. 4. Click Apply Changes. The new VLAN is added, and the device is updated. Assigning VLAN Membership to a Port or LAG 1. Open the VLAN Membership page. 2. Select a VLAN from the VLAN ID or VLAN Name drop-down menu. 3. In the VLAN Port Membership Table, assign a value by clicking in the Static row for a specific Port/LAG. Each click toggles between U, T, and blank (not a member). 4. Click Apply Changes.
The selected VLAN is removed, and the device is updated. Configuring VLAN Membership Using CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • Virtual LAN Routing Commands The following table summarizes the equivalent CLI commands for this feature. Table 7-26. VLAN Membership Commands CLI Command Description name Configures a name to a VLAN. show interfaces switchport Displays switchport configuration.
Figure 7-51. Double VLAN Global Configuration The Double VLAN Global Configuration page contains the following fields: • • EtherType — The two-byte hex Ethertype to be used as the first 16 bits of the Double VLAN tag: – 802.1Q — Commonly used tag representing 0x8100. This value is supported by several network equipment manufacturers. If a double-tagged frame with the first Ethertype value set to 802.
Figure 7-52. Double VLAN Interface Configuration The Double VLAN Interface Configuration page contains the following fields: • Interface — Select the port or LAG for which you want to display or configure data. • Interface Mode — Enables or disables double VLAN tagging on the selected interface. The default value is Disable. Assigning Double VLAN Tags 1. Open the Double VLAN Global Configuration page. 2. Select the Ethertype from the drop-down menu. 3. Click Apply Changes. 4.
Figure 7-53. Double VLAN Port Parameters Table Copying Double VLAN Parameters 1. Open the Double VLAN Interface Configuration page. 2. Click Show All. The Double VLAN Port Parameters Table displays. 3. Specify the Port you are copying from in Copy Parameters From. 4. Click Copy To for each Interface to receive these parameters. 5. Click Apply Changes. The Double VLAN port settings are copied, and the device is updated. Modifying Settings for Multiple Ports 1.
Table 7-27. Double VLAN Commands CLI Command Description dvlan-tunnel ethertype Configures the EtherType for the interface. mode dvlan-tunnel Enables Double VLAN tunneling on the specified interface show dvlan-tunnel Displays all interfaces enabled for Double VLAN Tunneling. show dvlan-tunnel interface Displays detailed information about Double VLAN Tunneling for the specified interface.
– General — The port belongs to VLANs, and each VLAN is user-defined as tagged or untagged (full 802.1Q mode). – Access — The port belongs to a single untagged VLAN. When a port is in Access mode, the packet types which are accepted on the port (packet type) cannot be designated. It is also not possible to enable/disable ingress filtering on an access port. – Trunk — The port belongs to more than one VLAN, and all ports are tagged (except for an optional single native VLAN).
NOTE: If an Access port is chosen, the packet types that are accepted on the port (packet type) cannot be designated. It is also not possible to enable or disable ingress filtering on an access port. 3. Use the Unit drop-down menu to view the VLAN Port Table for other units in the stack, if they exist. Modifying Settings for Multiple Ports 1. Open the VLAN Port Settings page. 2. Click Show All. The VLAN Port Table displays. 3. Click Edit for each Port to modify. 4. Edit fields as needed. 5.
Figure 7-56. VLAN LAG Settings The VLAN LAG Settings page contains the following fields: • LAG — Specifies the LAG number included in the VLAN. • Port VLAN Mode — Indicates the Port VLAN mode for the LAG. Possible values are: – General — The LAG belongs to VLANs, and each VLAN is user-defined as tagged or untagged (full 802.1Q mode). – Access — The LAG belongs to a single, untagged VLAN.
The VLAN LAG parameters are defined, and the device is updated. Displaying the VLAN LAG Table 1. Open the VLAN LAG Settings page. 2. Click Show All. The VLAN LAG Table displays. Figure 7-57. VLAN LAG Table Modifying Settings for Multiple LAGs 1. Open the VLAN LAG Settings page. 2. Click Show All. The VLAN LAG Table displays. 3. Click Edit for each LAG to modify. 4. Edit fields as needed. 5. Click Apply Changes. The VLAN LAG settings are modified, and the device is updated.
To display the Bind MAC to VLAN page, click Switching →VLAN →Bind MAC to VLAN in the tree view. Figure 7-58. Bind MAC to VLAN The Bind MAC to VLAN page contains the following fields: • MAC Address — Specifies MAC Address for a VLAN. • Bind to VLAN (1–4093) — Specifies VLAN to which the MAC is to be bound. Assigning Bind MAC to VLAN Settings 1. Open the Bind MAC to VLAN page. 2. Enter the MAC Address to bind to the VLAN. 3. Enter the VLAN to which the MAC Address is to be bound. 4.
Figure 7-59. MAC - VLAN Bind Table Modifying VLAN for Multiple MAC Addresses 1. Open the Bind MAC to VLAN page. 2. Click Show All. The MAC - VLAN Bind Table displays. 3. Click Edit for each MAC Address with a VLAN to modify. 4. Edit the Bind to VLAN fields. 5. Click Apply Changes. The MAC to VLAN settings are modified, and the device is updated. Removing a MAC - VLAN Entry 1. Open the Bind MAC to VLAN page. 2. Click Show All. The MAC - VLAN Bind Table displays. 3. Check Remove for each entry to remove.
Table 7-29. MAC - VLAN Binding Commands CLI Command Description vlan association mac Associates a MAC address to a VLAN. show vlan association mac Displays the VLAN associated with a specific configured MAC address. Bind IP Subnet to VLAN An IP Subnet to VLAN mapping is defined by configuring an entry in the IP Subnet to VLAN table, an entry is specified through a source IP address, network mask, and the desired VLAN ID. The IP Subnet to VLAN configurations are shared across all ports of the switch.
4. Enter the VLAN ID to which the IP address and subnet mask are assigned. 5. Click Apply Changes. The listed VLAN and IP Subnet are now bound, and the device is updated. Displaying the IP Subnet - VLAN Bind Table 1. Open the Bind IP Subnet to VLAN page. 2. Click Show All. 3. The IP Subnet - VLAN Bind Table displays. Figure 7-61. IP Subnet - VLAN Bind Table Modifying the VLAN Bound to Multiple IP Addresses 1. Open the Bind IP Subnet to VLAN page. 2. Click Show All.
Binding IP Subnets to VLANs Using CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • VLAN Commands The following table summarizes the equivalent CLI commands for this feature. Table 7-30. IP Subnet - VLAN Binding Commands CLI Command Description vlan association subnet Associates an IP subnet to a VLAN show vlan association subnet Displays the VLAN associated with a specific configured IP subnet.
Figure 7-62. Protocol Group The Protocol Group page contains the following fields: 378 • Protocol Group — Displays the name associated with the protocol group ID (up to 16 characters). Create a new group by clicking the Add button. • Protocol — Specifies protocols (in hexadecimal format in the range 0x0600 to 0xffff) associated with this group. Enter up to 16 protocols using comma separated list. • VLAN ID (1–4093) — Specifies VLAN ID associated with this group.
Adding a Protocol Group 1. Open the Protocol Group page. 2. Click Add. The Add Protocol Group page displays. Figure 7-63. Add Protocol Group 3. Enter a new Protocol Group Name and a VLAN ID to associate with this group. 4. Return to the Protocol Group page. 5. Select the Protocol Group that you added, then select the protocol. 6. In the first Interface column, click to highlight the interfaces to be added to the protocol group.
8. Click Apply Changes. The VLAN protocol group parameters are modified, and the device is updated. Removing Multiple Protocols From the Protocol Group Table 1. Open the Protocol Group page. 2. Click Show All. The Protocol Group Table displays. Figure 7-64. Protocol Group Table 3. Check Remove for the protocol groups you want to remove. 4. Click Apply Changes. The protocol is removed, and the device is updated.
GVRP Parameters The GARP VLAN Registration Protocol provides a mechanism that allows networking switches to dynamically register (and de-register) VLAN membership information with the MAC networking switches attached to the same segment, and for that information to be disseminated across all networking switches in the bridged LAN that support GVRP. The operation of GVRP relies upon the services provided by the Generic Attribute Registration Protocol (GARP). GVRP can create up to 1024 VLANs.
2. Select Enable in the GVRP Global Status field. 3. Click Apply Changes. GVRP is enabled on the switch. Enabling VLAN Registration Through GVRP 1. Open the GVRP Global Parameters page. 2. Select Enable in the GVRP Global Status field for the desired interface. 3. Select Enable in the GVRP Registration field. 4. Click Apply Changes. GVRP VLAN Registration is enabled on the port, and the device is updated. Displaying the GVRP Port Parameters Table 1. Open the GVRP Global Parameters page. 2. Click Show All.
3. Specify the Port or LAG you are copying from in Copy Parameters From. 4. Click Copy To for each Interface/LAG to receive these parameters. 5. Click Apply Changes. The GVRP Port Parameter settings are copied, and the device is updated. Modifying GVRP Parameters for Multiple Ports 1. Open the GVRP Global Parameters page. 2. Click Show All. The GVRP Port Parameters Table displays. 3. Click Edit for each Interface/LAG to modify. 4. Edit the GVRP Port Parameter fields as needed. 5. Click Apply Changes.
Configuring Voice VLAN The Voice VLAN feature enables switch ports to carry voice traffic with defined priority. The priority level enables the separation of voice and data traffic coming onto the port. A primary benefit of using Voice VLAN is to ensure that the sound quality of an IP phone is safeguarded from deteriorating when the data traffic on the port is high. The system uses the source MAC address of the traffic traveling through the port to identify the IP phone data flow.
– None — Allow the IP phone to use its own configuration to send untagged voice traffic. – VLAN ID — Configure VLAN tagging for the voice traffic. The VLAN ID range is 1–4093. – dot1p — Configure Voice VLAN 802.1p priority tagging for voice traffic. The priority tag range is 0–7. – Untagged — Configure the phone to send untagged voice traffic. • DSCP Value — Configures the Voice VLAN DSCP value for the port. The default value is 46.
Aggregating Ports Link Aggregation allows one or more full-duplex (FDX) Ethernet links to be aggregated together to form a Link Aggregation Group (LAG). This allows the networking switch to treat the LAG as if it is a single link. Static LAGs are supported. When a port is added to a LAG as a static member, it neither transmits nor receives LACPDUs. To display the Link Aggregation menu page, click Switching →Link Aggregation in the tree view.
Global Parameters • LACP System Priority (1–65535) — Indicates the LACP priority value for global settings. The default value is 1. Port Parameters • Interface— Specifies the unit and port number to which timeout and priority values are assigned. • LACP Port Priority (1–65535) — Specifies LACP priority value for the specified port. The default value is 1. • LACP Timeout — Specifies Administrative LACP timeout. Possible values are: – Short — Specifies a short timeout value.
Modifying LACP Parameters for Multiple Ports 1. Open the LACP Parameters page. 2. Click Show All. The LACP Parameters Table displays. 3. Click Edit for each Port to modify. 4. Edit the fields as needed. 5. Click Apply Changes. The LACP Parameter settings are modified, and the device is updated.
Figure 7-70. LAG Membership The LAG Membership page contains a table with the following fields: • LACP — Aggregates a LAG port to LACP membership. For ports with a number in the LAG row, you can click in the LACP row to toggle LACP "on." Each click toggles between L (LACP) and blank (no LACP). • LAG — Adds a port to a LAG, and indicates the specific LAG to which the port belongs. Each click toggles through the LAG numbers, 1–48, and then back to blank (no LAG assigned). Adding a Port to a LAG 1.
Assigning Ports to LAGs and LACPs Using CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • Port Channel Commands The following table summarizes the equivalent CLI commands for this feature. Table 7-35. LAG Membership Commands CLI Command Description channel-group Associates a port with a port-channel. LAG Hash Configuration Use the LAG HASH algorithm to set the traffic distribution mode on the aggregator link.
– Source/Destination MAC, VLAN, EtherType, source MODID/port – Source/Destination IP and source/destination TCP/UDP port Configuring the LAG Hash 1. Open the LAG Hash Configuration page. 2. Select the LAG to configure and the hash algorithm to assign to the LAG. 3. Click Apply Changes. The parameters are modified, and the device is updated.
Figure 7-72. LAG Hash Summary The LAG Hash Summary page contains a table with the following fields: • LAGs — Lists the LAG numbers. • Hash Algorithm Type — Shows the type of HASH algorithm for unicast traffic flows that is associated with the LAG.
Managing Multicast Support The Layer 2 Multicast Forwarding Database is used by the switch to make forwarding decisions for packets that arrive with a multicast destination MAC address. By limiting multicasts to only certain ports in the switch, traffic is prevented from going to parts of the network where that traffic is unnecessary. When a packet enters the switch, the destination MAC address is combined with the VLAN ID and a search is performed in the Layer 2 Forwarding database.
The Multicast Global Parameters page contains the following field: • Bridge Multicast Filtering — Enables or disables bridge Multicast filtering. The default value is disabled. • IGMP Snooping Status — Enables or disables IGMP snooping. The default value is disabled. • MLD Snooping Status — Enables or disables MLD snooping. The default value is disabled. Enabling Bridge Multicast Filtering on the Switch 1. Open the Multicast Global Parameters page. 2.
Figure 7-74. Bridge Multicast Group The Bridge Multicast Group page contains the following fields: • VLAN ID — Selects the VLAN to add a multicast group to or to modify ports on an existing multicast group. • Bridge Multicast Address — Identifies the multicast group MAC address/IP address associated with the selected VLAN ID. Use the Add button to associate a new address with a VLAN ID. • Remove — Removes a Bridge Multicast address when checked.
• LAGs — Displays and assigns multicast group membership to LAGs. To assign membership, click in Static for a specific LAG. Each click toggles between S, F, and blank. See the following table for definitions. The following table contains definitions for port/LAG IGMP management settings. Table 7-39. Port/LAG IGMP Management Settings Port Control Definition D Dynamic: Indicates that the port/LAG was dynamically joined to the Multicast group (displays in the Current row).
3. Select the VLAN ID from the drop-down menu. 4. Define the New Bridge Multicast IP or MAC address. 5. In the Bridge Multicast Group tables, assign a setting by clicking in the Static row for a specific port/LAG. Each click toggles between S, F, and blank. (not a member). 6. Click Apply Changes. The bridge multicast address is assigned to the multicast group, ports/LAGs are assigned to the group (with the Current rows being updated with the Static settings), and the device is updated.
Table 7-40. Bridge Multicast Groups Commands CLI Command Description bridge multicast address Register MAClayer Multicast addresses to the bridge table and adds ports to the group statically. bridge multicast forbidden address Forbids adding a specific Multicast address to specific ports. show bridge multicast address-table Displays Multicast MAC address table information.
Changing the Bridge Multicast Forwarding Mode. 1. Open the Bridge Multicast Forward page. 2. Select the VLAN ID from the drop-down menu. 3. Select the Forwarding Mode to assign the VLAN from the drop-down menu. 4. Click Apply Changes. The VLAN is updated with the Forwarding Mode setting, and the device is updated.
To display the IGMP Snooping page, click Switching →Multicast Support →IGMP Snooping in the tree view. Use this page to go to the following features: • General IGMP Snooping • Global Querier Configuration • VLAN Querier • VLAN Querier Status • MFDB IGMP Snooping Table General IGMP Snooping Use the General IGMP snooping page to add IGMP members. To display the General IGMP snooping page, click Switching →Multicast Support →IGMP Snooping → General in the tree view. Figure 7-77.
• Leave Timeout — Specifies time, in seconds, after a port leave message is received before the entry is aged out. Enter an amount of time for the timeout period, or click Immediate Leave to specify an immediate timeout. The default timeout is 10 seconds. Enabling IGMP Snooping on an Interface 1. Open the General IGMP snooping page. 2. Select the unit and port, LAG, or VLAN to configure from the Interface field. 3. Complete the fields on the page as needed. 4. Click Apply Changes.
5. Click Apply Changes. The IGMP Snooping settings are modified, and the device is updated. Copying IGMP Snooping Settings to Multiple Ports, LAGs, or VLANs 1. Open the General IGMP snooping page. 2. Click Show All. The IGMP Snooping Table displays. 3. Click Copy Parameters From. 4. Select a Unit/Port, LAG, or VLAN to use as the source of the desired parameters. 5. Click Copy To for the Unit/Ports, LAGs, or VLANs that these parameters will be copied to. 6. Click Apply Changes.
Table 7-42. IGMP Snooping Commands (continued) CLI Command Description ip igmp snooping maxresponse Sets the IGMP Maximum Response time on a particular VLAN. ip igmp snooping mcrtrexpiretime Sets the Multicast Router Present Expiration time. Global Querier Configuration Use the Global Querier Configuration page to configure the parameters for the IGMP Snooping Querier.
Configuring IGMP Snooping Querier Settings with CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • IGMP Snooping Querier Commands The following table summarizes the equivalent CLI commands for this feature. Table 7-43. IGMP Snooping Querier Global Commands CLI Command Description ip igmp snooping querier Enables/disables IGMP Snooping Querier on the system (Global Configuration mode) or on a VLAN.
The VLAN Querier page contains the following fields: • VLAN ID — Specifies the VLAN for the IGMP Snooping Querier configuration. • VLAN Mode — Enables or disables the IGMP Snooping Querier on the VLAN selected in the VLAN ID field. • Querier Election Participate Mode — Enables or disables the IGMP participation in election mode by the Snooping Querier. When this mode is disabled, upon seeing another querier of same version in the VLAN, the Snooping Querier transitions to non-querier state.
Figure 7-82. VLAN Querier Summary Table Configuring VLAN Querier Settings with CLI Commands See "Configuring IGMP Snooping Querier Settings with CLI Commands" on page 404. VLAN Querier Status Use the VLAN Querier Status page to view the IGMP Snooping Querier settings for individual VLANs. To display the VLAN Querier Status page, click Switching →Multicast Support →IGMP Snooping → VLAN Querier Status in the tree view. Figure 7-83.
• Querier Election Participate Mode — Shows whether the mode is enabled or disabled. When this mode is disabled, upon seeing another querier of same version in the VLAN, the Snooping Querier transitions to non-querier state. When this mode is enabled, the Snooping Querier participates in querier election, where in the lowest IP address wins the querier election and operates as the querier in that VLAN. The other querier transitions to non-querier state.
Figure 7-84. MFDB IGMP Snooping Table The MFDB IGMP Snooping Table page contains the following fields: • VLAN — Displays the VLAN ID associated with an IGMP group entry in the MFDB table. • MAC Address — Displays the MAC Address associated with an IGMP group entry in the MFDB table. • Type — Displays the type of the entry. Static entries are those that are configured by the user. Dynamic entries are added to the table as a result of a learning process or protocol.
MRouter Status Use the MRouter Status page to display the status of dynamically learned multicast router interfaces. To access this page, click Switching →Multicast Support →MRouter Status in the navigation tree. Figure 7-85. MRouter Status The MRouter Status page contains the following fields: • Interface — Select the interface for which you want to display the status. • VLAN ID — Displays the dynamically learned multicast router interfaces.
MLD Snooping In IPv4, Layer 2 switches can use IGMP snooping to limit the flooding of multicast traffic by dynamically configuring Layer-2 interfaces so that multicast traffic is forwarded to only those interfaces associated with an IP multicast address. In IPv6, MLD snooping performs a similar function. With MLD snooping, IPv6 multicast data is selectively forwarded to a list of ports that want to receive the data instead of being flooded to all ports in a VLAN.
• Auto Learn — Enable or Disable the ability of the switch to automatically learn about dynamic MLD ports. • Host Timeout — Specifies time (in seconds) before an MLD snooping entry is aged out. The range is from 2 to 3600 seconds. The default time is 260 seconds. • Multicast Router Timeout — Specifies time (in seconds) before aging out a Multicast router entry. The range is 1 to 3600 seconds. The default value is 300 seconds.
Configuring MLD Snooping with CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • IPv6 MLD Snooping Commands The following table summarizes the equivalent CLI commands for this feature. Table 7-46. MLD Snooping Commands CLI Command Description ipv6 mld snooping immediate-leave Enables or disables MLD Snooping immediate-leave admin mode on a selected interface or VLAN.
Figure 7-88. MLD Snooping Global Querier Configuration The MLD Snooping Global Querier Configuration page contains the following fields: • IP Address— Specifies the Snooping Querier IPv6 Address which will be used as the source address in periodic MLD queries. This address is used when no address is configured for the VLAN on which the query is being sent. • Snooping Querier Admin Mode — Enables or disables the administrative mode for MLD Snooping for the switch.
Table 7-47. MLD Snooping Querier Commands CLI Command Description ipv6 mld snooping querier Enables MLD Snooping Querier on the system or on a VLAN. ipv6 mld snooping querier address Sets the global MLD Snooping Querier address on the system or on a VLAN. ipv6 mld snooping querier election participate Enables the Snooping Querier to participate in the Querier Election process when it discovers the presence of another Querier in the VLAN.
• VLAN Mode — Enables or disables the MLD Snooping Querier on the VLAN selected in the VLAN ID field. • Querier Election Participate Mode — Enables or disables the MLD participation in election mode by the Snooping Querier. When this mode is disabled, upon seeing another querier of same version in the VLAN, the Snooping Querier transitions to non-querier state.
Figure 7-91. VLAN Querier Summary Table Configuring VLAN Querier Settings with CLI Commands See "Configuring IGMP Snooping Querier Settings with CLI Commands" on page 404. FMLD Snooping VLAN Querier Status Use the VLAN Querier Status page to view the MLD Snooping Querier settings for individual VLANs. To display the VLAN Querier Status page, click Switching →Multicast Support →MLD Snooping → VLAN Querier Status in the tree view. Figure 7-92.
• Querier Election Participate Mode — Shows whether the mode is enabled or disabled. When this mode is disabled, upon seeing another querier of same version in the VLAN, the Snooping Querier transitions to non-querier state. When this mode is enabled, the Snooping Querier participates in querier election, where in the lowest IP address wins the querier election and operates as the querier in that VLAN. The other querier transitions to non-querier state.
To display the MFDB MLD Snooping Table page, click Switching →Multicast Support →MLD Snooping →MFDB MLD Snooping Table in the tree view. Figure 7-93. MFDB MLD Snooping Table The MFDB MLD Snooping Table page contains the following fields: • VLAN — Displays the VLAN ID associated with an MLD group entry in the MFDB table. • MAC Address — Displays the MAC Address associated with an MLD group entry in the MFDB table. • Type — Displays the type of entry.
Configuring the Link Layer Discovery Protocol (LLDP) The IEEE 802.1AB defined standard, Link Layer Discovery Protocol (LLDP), allows stations residing on an 802 LAN to advertise major capabilities and physical descriptions. This information is viewed by a network manager to identify system topology and detect bad configurations on the LAN. LLDP is a one-way protocol; there are no request/response sequences.
Figure 7-94. LLDP Configuration The LLDP Configuration page contains the following fields: Global Settings • Transmit Interval (1–32768) — Specifies the interval at which frames are transmitted. The default is 30 seconds. • Hold Multiplier (2–10) — Specifies multiplier on the transmit interval to assign to TTL. Default is 4. • Re-Initialization Delay (1–10) — Specifies delay before a re-initialization. Default is 2 seconds.
• Included TLVs — Selects TLV information to transmit. Choices include System Name, System Capabilities, System Description, and Port Description. Modifying the LLDP Configuration 1. Open the LLDP Configuration page. 2. Define the fields as needed. 3. Click Apply Changes. LLDP parameters are saved to the switch. Displaying the LLDP Interface Settings Table 1. Open the LLDP Configuration page. 2. Click Show All. The LLDP Interface Settings Table displays. Figure 7-95. LLDP Interface Settings Table 3.
Modifying LLDP Interface Settings for Multiple Ports 1. Open the LLDP Configuration page. 2. Click Show All. The LLDP Interface Settings Table displays. 3. Click Edit for each Unit/Port to modify. 4. Edit the LLDP Interface fields as needed. 5. Click Apply Changes. The LLDP Interface settings are modified, and the device is updated.
Figure 7-96.
The LLDP Statistics page displays the following statistics: System-wide Statistics • Last Update — Displays the value of system up time the last time a remote data entry was created, modified, or deleted. • Total Inserts — Displays the number of times a complete set of information advertised by a remote switch has been inserted into the table. • Total Deletes — Displays the number of times a complete set of information advertised by a remote switch has been deleted from the table.
Table 7-51. LLDP Statistics Commands CLI Command Description show lldp statistics Displays the current LLDP traffic statistics. clear lldp statistics Resets all LLDP statistics. LLDP Connections Use the LLDP Connections page to view the list of ports with LLDP enabled. Basic connection details are displayed. To display the LLDP Connections page, click Switching →LLDP →LLDP Connections in the tree view. Figure 7-97.
Viewing Details about the LLDP Connections 1. Open the LLDP Connections page. 2. Click the interface in the Local Interface field to view details about that device. The LLDP Connections - Detailed page for the device displays. Figure 7-98. Detailed LLDP Connections 3. Use the Back button to return to the LLDP Connections page.
Table 7-52. LLDP Connections Commands CLI Command Description show lldp interface Displays the current LLDP interface state. show lldp local-device Displays the LLDP local data show lldp remote-device Displays the LLDP remote data clear lldp remote data Deletes all data from the remote data table. Configuring Link Layer Discovery Protocol (LLDP) for Media Endpoint Devices The IEEE 802.
To display the LLDP-MED Global Configuration page, click Switching→LLDP →LLDP-MED → LLDP-MED Global Configuration in the tree view. Figure 7-99. LLDP-MED Global Configuration The LLDP-MED Global Configuration page contains the following fields: • Fast Start Repeat Count — Specifies the number of LLDP PDUs that will be transmitted when the protocol is enabled. The range is from (1 to 10). Default value of fast repeat count is 4. • Device Class — Specifies local device's MED Classification.
Table 7-53. LLDP-MED Global Commands CLI Command Description lldp med faststartrepeatcount Sets the value of the fast start repeat count. show lldp med Displays a summary of the current LLDP MED configuration. lldp med confignotification Enables sending the topology change notifications. lldp med transmit-tlv Spruciest which optional TLVs in the LLDP MED set are transmitted in the LLDPDUs.
• Config Notification Mode — Specifies the LLDP-MED topology notification mode for the selected interface. • Transmit TLVs — Specifies which optional type length values (TLVs) in the LLDP-MED will be transmitted in the LLDP PDUs frames for the selected interface. – MED Capabilities — To transmit the capabilities TLV in LLDP frames. – Network Policy — To transmit the network policy TLV in LLDP frames. – Location Identification — To transmit the location TLV in LLDP frames.
Table 7-54. LLDP MED Interface Commands CLI Command Description lldp med Enables/disables LLDP-MED on an interface. lldp med confignotification Enables sending the topology change notification. lldp med transmit-tlv Specifies which optional TLVs in the LLDP MED set are transmitted in the LLDPDUs. show lldp med interface Displays a summary of the current LLDP MED configuration for a specific interface.
• Network Policies Information — If a network policy TLV is present in the LLDP frames, the following information displays: – • • • 432 • unknown • voicesignaling • guestvoice • guestvoicesignalling • softphonevoice • videoconferencing • streammingvideo • videosignalling – Vlan Id — Specifies the VLAN ID associated with a particular policy type. – Priority — Specifies the priority associated with a particular policy type.
• – Available — Specifies available power sourcing equipment's power value in tenths of watts on the port of local device. – Source — Specifies power source of this port. – Priority — Specifies PSE port power priority. Extended PoE PD — If an extended PD TLV is present in LLDP frame, the following information displays: – Required — Specifies required power device power value in tenths of watts on the port of local device. – Source — Specifies power source of this port.
Figure 7-103. LLDP-MED Remote Device Information The LLDP-MED Remote Device Information page contains the following fields: • Local Interface — Specifies the list of all the ports on which LLDP-MED is enabled. • Capability Information — Specifies the supported and enabled capabilities that was received in MED TLV on this port. • – Supported Capabilities — Specifies supported capabilities that was received in MED TLV on this port.
• • • • softphonevoice • videoconferencing • streammingvideo • videosignalling – Vlan Id — Specifies the VLAN ID associated with a particular policy type. – Priority — Specifies the priority associated with a particular policy type. – DSCP — Specifies the DSCP associated with a particular policy type. – Unknown Bit Status — Specifies the unknown bit associated with a particular policy type. – Tagged Bit Status — Specifies the tagged bit associated with a particular policy type.
Viewing LLDP-MED Remote Device Information with CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • LLDP Commands The following table summarizes the equivalent CLI commands for this feature. Table 7-56. 436 LLDP-MED Remote Device Information Commands CLI Command Description show lldp med remote-device Displays the current LLDP MED remote data.
Creating Link Dependencies The link dependency feature provides the ability to enable or disable one or more ports based on the link state of one or more different ports. With link dependency enabled on a port, the link state of that port is dependent on the link state of another port. For example, if port A is dependent on port B and the switch detects a link loss on port B, the switch automatically brings down the link on port A.
Figure 7-104. Link Dependency Summary The Link Dependency Summary page contains the following fields: • Group ID — The ID number of the group. • Member Ports — The list of member ports belonging to the group. • Ports Depended On — The list of ports upon which the group depends. • Remove — A check box for removing the configuration for a group. • Modify — A link for modifying the configuration of a group. Click the Modify link to access the configuration page for the group.
Figure 7-105. Link Dependency Group Configuration 3. To add a port to the Member Ports column, click the port in the Available Ports column, and then click the << button to the left of the Available Ports column. Ctrl + click to select multiple ports. 4. To add a port to the Ports Depended On column, click the port in the Available Ports column, and then click the >> button to the right of the Available Ports column. 5. Click Apply Changes.
Table 7-57. Link Dependency Commands CLI Command Description link-dependency group Enters the link-dependency mode to configure a link-dependency group. add ethernet Adds member Ethernet port(s) to the dependency list. add port-channel Adds member port-channels to the dependency list. depends-on ethernet Adds the dependent Ethernet ports list. depends-on port-channel Adds the dependent port-channels list. show link-dependency Shows the link dependencies configured on a particular group.
Figure 7-106. Dynamic ARP Inspection Global Configuration The Dynamic ARP Inspection Global Configuration page contains the following fields: • Validate Source MAC — Select the DAI Source MAC Validation Mode for the switch. If you select Enable, Sender MAC validation for the ARP packets will be enabled. The default is Disable. • Validate Destination MAC—Select the DAI Destination MAC Validation Mode for the switch.
To display the DAI Interface Configuration page, click Switching →Dynamic ARP Inspection →DAI Interface Configuration in the navigation tree. Figure 7-107. Dynamic ARP Inspection Interface Configuration The Dynamic ARP Inspection Interface Configuration page contains the following fields: • Port— Select the port or LAG for which data is to be displayed or configured. • Trust State — Indicates whether the interface is trusted for Dynamic ARP Inspection. If you select Enable, the interface is trusted.
Table 7-59. Dynamic ARP Inspection Interface Commands CLI Command Description ip arp inspection limit Configures the rate limit and burst interval values for an interface. ip arp inspection trust Configures an interface as trusted for Dynamic ARP Inspection. show ip arp inspection interfaces Displays the Dynamic ARP Inspection configuration on all the DAI enabled interfaces.
• Static Flag — Use this flag to determine whether the ARP packet needs validation using the DHCP snooping database, in case the ARP ACL rules do not match. If Enabled, then the ARP Packet will be validated by the ARP ACL Rules only. If Disabled, then the ARP Packet needs further validation by using the DHCP Snooping entries. The default is Disable.
• ARP ACL Name — Use this field to create a new ARP ACL for Dynamic ARP Inspection. The name can be 1 to 31 alphanumeric characters in length. Displaying the DAI ACL Summary Table and Removing an Entry 1. Open the DAI ACL Configuration page. 2. Click Show All. The Dynamic ARP Inspection ACL Summary table displays. Figure 7-110. Dynamic ARP Inspection ACL Summary 3. To remove an ARP ACL from the list, select the Remove option in the appropriate row, and then click Apply Changes.
Figure 7-111. Dynamic ARP Inspection Rule Configuration The Dynamic ARP Inspection Rule Configuration page contains the following fields: • ARP ACL Name — Select the ARP ACL for which information is to be displayed or configured. • Sender IP Address — To create a new rule for the selected ARP ACL, enter in this field the Sender IP Address match value for the ARP ACL.
The following table summarizes the equivalent CLI commands for this feature. Table 7-62. Dynamic ARP Inspection Rule Command CLI Command Description permit ip host mac host Configures a rule for a valid IP address and MAC address combination used in ARP packet validation. DAI Statistics Use the DAI Statistics page to display the statistics per VLAN. To display the DAI Statistics page, click Switching →Dynamic ARP Inspection →Statistics in the navigation tree. Figure 7-113.
• Bad Source MAC — The number of ARP packets that were dropped by DAI because the sender MAC address in the ARP packet did not match the source MAC in the Ethernet header. • Bad Dest MAC — The number of ARP packets that were dropped by DAI because the target MAC address in the ARP reply packet did not match the destination MAC in the Ethernet header.
The hardware identifies all incoming DHCP packets on ports where DHCP snooping is enabled. DHCP snooping is enabled on a port if (a) DHCP snooping is enabled globally, and (b) the port is a member of a VLAN where DHCP snooping is enabled. On untrusted ports, the hardware traps all incoming DHCP packets to the CPU. On trusted ports, the hardware forwards client messages and copies server messages to the CPU so that DHCP snooping can learn the binding. Table 7-64.
Figure 7-114. DHCP Snooping Configuration The DHCP Snooping Configuration page contains the following fields: • DHCP Snooping Mode — Enables or disables the DHCP Snooping feature. The default is Disable. • MAC Address Validation — Enables or disables the validation of sender MAC Address for DHCP Snooping. The default is Enable.
To prevent DHCP packets from being used as a DoS attack when DHCP snooping is enabled, the snooping application enforces a rate limit for DHCP packets received on untrusted interfaces. DHCP snooping monitors the receive rate on each interface separately. If the receive rate exceeds the configuration limit, DHCP snooping brings down the interface. The port must be administratively enabled from the Switching →Ports →Port Configuration page (or the no shutdown CLI command) to further work with the port.
• Logging Invalid Packets — If it is enabled, the DHCP snooping application logs invalid packets on this interface. The default is Disable. • Rate Limit — Specifies the rate limit value for DHCP snooping purposes. If the incoming rate of DHCP packets exceeds the value of this object for consecutively burst interval seconds, the port will be shutdown. If this value is None, there is no limit. The default is 15 packets per second (pps). The Rate Limit range is 0 to 300.
Table 7-66. DHCP Snooping Interface Configuration Commands CLI Command Description ip dhcp snooping limit Controls the maximum rate of DHCP messages. ip dhcp snooping log-invalid Enables logging of DHCP messages filtered by the DHCP Snooping application. ip dhcp snooping trust Configure a port as trusted for DHCP snooping. show ip dhcp snooping interfaces Displays the DHCP Snooping status of the interfaces.
• VLAN ID — Select the VLAN for which information to be displayed or configured for the DHCP snooping application. • DHCP Snooping Mode — Enables or disables the DHCP snooping feature on the selected VLAN. The default is Disable. Displaying the DHCP Snooping VLAN Summary Table 1. Open the DHCP Snooping VLAN Configuration page. 2. Click Show All. The DHCP Snooping VLAN Summary table displays. Figure 7-118.
Figure 7-119. DHCP Snooping Persistent Configuration The DHCP Snooping Persistent Configuration page contains the following fields: • Store Locally — Choose whether to store the DHCP snooping database locally in flash or on a remote system: – Local — Select the Local check box to store the DHCP binding database in the flash memory on the switch. – Remote — Check the Remote check box to store the DHCP binding database on a remote server.
Table 7-68. DHCP Snooping Persistent Database Commands CLI Command Description ip dhcp snooping database Configures the persistent location of the DHCP snooping database. ip dhcp snooping database write-delay Configures the interval in seconds at which the DHCP Snooping database will be stored in persistent storage. show ip dhcp snooping database Displays the DHCP snooping configuration related to the database persistence.
Figure 7-120. States of Client Binding No Binding DISCOVER, REQUEST Tentative Binding DECLINE, NACK DISCOVER ACK RELEASE, NACK Complete Binding To access the DHCP Snooping Static Bindings Configuration page, click Switching →DHCP Snooping →Static Bindings Configuration in the navigation tree. Figure 7-121.
• IP Address — Specify a valid IP address for the binding rule. Displaying the DHCP Snooping Static Bindings Summary Table 1. Open the DHCP Snooping Static Bindings Configuration page. 2. Click Show All. The DHCP Snooping Static Bindings Summary table displays. Figure 7-122.
Figure 7-123. DHCP Snooping Dynamic Bindings Summary The DHCP Snooping Dynamic Bindings Summary page contains the following fields: • Interface — Displays the interface. • MAC Address — Displays the MAC address. • VLAN ID — Displays the VLAN ID. • IP Address — Displays the IP address. • Lease Time — Displays the remaining Lease time for the dynamic entries. • Remove — Select to remove the particular binding entry.
Figure 7-124. DHCP Snooping Statistics The DHCP Snooping Statistics page contains the following fields: • Interface — Select the untrusted and snooping-enabled interface for which statistics are to be displayed. • MAC Verify Failures — The number of DHCP messages that were filtered on an untrusted interface because of source MAC address and client MAC address mismatch. • Client Ifc Mismatch — The number of DHCP release and Deny messages received on the different ports than previously learned.
DHCP Relay When a DHCP client and server are in the same IP subnet, they can directly connect to exchange IP address requests and replies. However, having a DHCP server on each subnet can be expensive and is often impractical. Alternatively, network infrastructure devices can be used to relay packets between a DHCP client and server on different subnets. Such a device, a Layer 3 Relay agent, is generally a router that has IP interfaces on both the client and server subnets and can route between them.
Figure 7-125. DHCP Relay Global Configuration If you enable or disable the DHCP Relay feature, click Apply Changes to submit the changes to system. Configuring DHCP Relay With CLI Commands For information about the CLI commands that perform this function, refer to the following chapter in the CLI Reference Guide: • L2 DHCP Relay Agent Commands The following table summarizes the equivalent CLI commands for this feature. Table 7-72.
Figure 7-126. DHCP Relay Interface Configuration The DHCP Relay Interface Configuration page contains the following fields: • Interface — Select the slot/port to configure this feature on. • DHCP Relay Mode — Enable or disable L2 Relay mode on the selected interface. • DHCP Relay Trust Mode — Enable or disable L2 Relay Trust Mode on the selected interface. Trusted interfaces usually connect to other agents or servers participating in the DHCP interaction (e.g. other L2 or L3 Relay Agents or Servers).
Figure 7-127. DHCP Relay Interface Summary Configuring DHCP Relay With CLI Commands For information about the CLI commands that perform this function, refer to the following chapter in the CLI Reference Guide: • L2 DHCP Relay Agent Commands The following table summarizes the equivalent CLI commands for this feature. Table 7-73. DHCP Relay Interface Configuration Commands CLI Command Description dhcp l2relay Enables the Layer 2 DHCP Relay agent for an interface.
The DHCP Relay Interface Statistics page contains the following fields: • Interface — Select the slot/port to configure this feature on. • Untrusted Server Msgs With Option-82 — If the selected interface is configured in untrusted mode, this field shows the number of messages received on the interface from a DHCP server that contained Option 82 data.These messages are dropped.
If the S-VID is enabled for DHCP Relay, then the packet can be forwarded. If the C-VID does not correspond to an S-VID that is enabled for DHCP Relay, then the switch will not relay the DHCP request packet. To access this page, click Switching →DHCP Relay →VLAN Configuration in the tree view. Figure 7-129. DHCP Relay VLAN Configuration The DHCP Relay VLAN Configuration page contains the following fields: • VLAN ID — Select a VLAN ID from the list for configuration.
Displaying the DHCP Relay VLAN Summary Table 1. Open the DHCP Relay VLAN Configuration page. 2. Click Show All. The DHCP Relay VLAN Summary table displays. Figure 7-130. DHCP Relay VLAN Summary Configuring DHCP Relay With CLI Commands For information about the CLI commands that perform this function, refer to the following chapter in the CLI Reference Guide: • L2 DHCP Relay Agent Commands The following table summarizes the equivalent CLI commands for this feature. Table 7-75.
Configuring Switching Information
8 Viewing Statistics and Remote Monitoring Overview This section explains the RMON options available from the Statistics/RMON menu page. These options include viewing statistics in table form, editing and viewing RMON statistics, and charting Port and LAG statistics. The Statistics/RMON menu page provides access to these options through the following menu pages: • Table Views • RMON • Charts NOTE: CLI commands are not available for all the Statistics/RMON pages.
Table Views The Table Views menu page contains links to web pages that display statistics in table form. To display this page, click Statistics/RMON →Table Views in the tree view. Following are the web pages accessible from this menu page: • Interface Statistics • Etherlike Statistics • GVRP Statistics • EAP Statistics • Utilization Summary • Counter Summary Interface Statistics Use the Interface Statistics page to display statistics for both received and transmitted packets.
The Interface Statistics page contains the following fields: • Interface — Select physical interface (unit, port) or LAG interface for which statistics is displayed. • Refresh Rate — Specifies amount of time that passes before statistics are refreshed. The possible field values are No Refresh, 15, 30 and 60 seconds. Default is No Refresh. Received Statistics • Total Bytes (Octets) — Displays the total number of octets received on the selected interface.
Etherlike Statistics Use the Etherlike Statistics page to display interface statistics. To display the page, click Statistics/RMON →Table Views →Etherlike Statistics in the tree view. Figure 8-2. Etherlike Statistics The Etherlike Statistics page contains the following fields: 472 • Interface — Select physical interface (unit, port) or LAG interface for which statistics is displayed. • Refresh Rate — Specifies amount of time that passes before statistics are refreshed.
• Oversize Packets — Displays the total number of packets received that were longer than 1518 octets (excluding framing bits, but including FCS octets) and were otherwise well formed. • Internal MAC Receive Errors — Displays number of internal MAC received errors on the selected interface. • Received Pause Frames — Displays number of received paused frames on the selected interface. • Transmitted Pause Frames — Displays number of transmitted paused frames on the selected interface.
Figure 8-3.
The GVRP Statistics page contains the following fields: • Interface — Select physical interface (unit, port) or LAG interface for which statistics will be displayed. • Refresh Rate — Specifies amount of time that passes before statistics are refreshed. The possible field values are No Refresh, 15, 30, and 60 seconds. Default is No Refresh. GVRP Statistics Table Attribute (Counters) - Received and Transmitted • Join Empty — Displays switch GVRP Join Empty statistics.
EAP Statistics Use the EAP Statistics page to display information about EAP packets received on a specific port. For more information about EAP, see "Dot1x Authentication." To display the EAP Statistics page, click Statistics/RMON →Table Views →EAP Statistics in the tree view. Figure 8-4. EAP Statistics The EAP Statistics page contains the following fields: 476 • Interface — Specifies the interface which is polled for statistics.
• Respond Frames Received — Displays the number of valid EAP Respond frames received on the port. • Request ID Frames Received — Displays the number of EAP Request ID frames that have been received on the port. • Request Frames Transmitted — Displays the number of EAP Request frames transmitted through the port. • Request ID Frames Transmitted — Displays the number of EAP Requested ID frames transmitted through the port.
Figure 8-5. Utilization Summary The Utilization Summary page contains the following fields: 478 • Unit — Specifies the unit for which statistics are displayed. • Refresh Rate — Specifies amount of time that passes before statistics are refreshed. The possible field values are No Refresh, 15, 30, and 60 seconds. Default is No Refresh. • Interface — Specifies the interface for which statistics are displayed. • Interface Status — Displays status of the interface.
• Error Packets Received % — Displays number packets with errors received on the interface. Viewing Interface Utilization Statistics Using CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • RMON Commands The following table summarizes the equivalent CLI commands for this feature. Table 8-5. Utilization Summary Commands CLI Command Description show rmon statistics Displays RMON Ethernet Statistics.
Figure 8-6. Counter Summary The Counter Summary page contains the following fields: 480 • Unit — Specifies the unit for which statistics are displayed. • Refresh Rate — Specifies amount of time that passes before statistics are refreshed. The possible field values are No Refresh, 15, 30, and 60 seconds. Default is No Refresh. • Interface — Specifies the interface for which statistics are displayed. • Interface Status — Displays status of the interface.
Setting Refresh Rate 1. Open the Counter Summary page. 2. Select the Refresh Rate from the drop-down menu. Statistics refresh for the displayed interfaces at the selected frequency. Viewing Numeric Port Utilization Statistics Using CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • RMON Commands The following table summarizes the equivalent CLI commands for this feature. Table 8-6.
Figure 8-7. RMON Statistics The RMON Statistics page contains the following fields: 482 • Interface — Specifies whether statistics are shown for a Unit or a LAG as well as which Unit/LAG is displayed. • Refresh Rate — Specifies amount of time that passes before statistics are refreshed. The possible field values are No Refresh, 15, 30, and 60 seconds. Default is No Refresh. • Drop Events — Displays number of dropped events that have occurred on the interface since the switch was last refreshed.
• Broadcast Packets Received — Displays number of good broadcast packets received on the interface since the switch was last refreshed. This number does not include multicast packets. • Multicast Packets Received — Displays number of good multicast packets received on the interface since the switch was last refreshed. • CRC & Align Errors — Displays number of CRC and Align errors that have occurred on the interface since the switch was last refreshed.
• RMON Commands The following table summarizes the equivalent CLI commands for this feature. Table 8-7. RMON Commands CLI Command Description show rmon statistics Displays RMON Ethernet Statistics. RMON History Control Statistics Use the RMON History Control page to maintain a history of statistics on each port. For each interface (either a physical port or a port-channel), you can define how many buckets exist, and the time interval between each bucket snapshot.
• Sampling Interval (1–3600) — Sets the frequency at which samplings are taken from the ports. The possible values are from 1 to 3600 seconds. The default is 1800 seconds (30 minutes). • Remove — Removes the RMON History Control Table entry displayed when checked. Adding a History Control Entry 1. Open the RMON History Control page. 2. Click Add. The Add History Entry page displays. Figure 8-9. Add History Entry 3. Complete the fields on this page and click Apply Changes.
Figure 8-10. RMON History Control Table Removing a History Control Table Entry 1. Open the RMON History Control page. 2. Select the Remove check box in the row of the history entry to remove. 3. Click Apply Changes. The table entry is removed, and the device is updated.
Table 8-8. RMON History Control Commands CLI Command Description rmon collection history Enables a Remote Monitoring (RMON) MIB history statistics group on an interface. RMON History Table Use the RMON History Table page to display interface-specific statistical network samplings. Each table entry represents all counter values compiled during a single sample. To display the RMON History Table page, click Statistics/RMON →RMON →History Table in the tree view. Figure 8-11.
• Drop Events — Displays the total number of events in which packets were dropped by the port due to lack of resources. Note that this number is not necessarily the number of packets dropped; it is just the number of times this condition has been detected. • Received Bytes (Octets)— Displays the total number of octets of data (including those in bad packets) received on the network (excluding framing bits but including Frame Check Sequence (FCS) octets).
Viewing RMON History Table Using CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • RMON Commands The following table summarizes the equivalent CLI commands for this feature. Table 8-9. RMON History Table Command CLI Command Description show rmon collection history Displays interface-specific statistical network samplings show rmon history Displays RMON Ethernet Statistics history.
• Description — Describes the user-defined event. • Event Type — Selects the event type. Possible values are: – Log — Event type is a log entry. – Trap — Event type is a trap. – Log and Trap — Event type is both a log entry and a trap. – None — There is no event. • Time — Displays the time when the event occurred. • Owner — Lists the switch or user that defined the event. • Remove — Removes the event from the Events Table when checked. Adding an RMON Event 1.
The RMON Events Table entry is modified, and the device is updated. Displaying the RMON Event Control Table 1. Open the RMON Event Control page. 2. Click Show All. The Event Control Table displays. Figure 8-14. Event Control Table Removing RMON Event Entries 1. Open the RMON Event Control page. 2. Choose the event to remove from the drop-down menu in the Event Entry field and check Remove. 3. Click Apply Changes. The table entry is removed, and the device is updated.
Figure 8-15. RMON Event Log The RMON Event Log page contains the following fields: • Event — Displays the RMON Events Log entry number. • Log No. — Displays the log number. • Log Time — Displays the time when the log entry was entered. • Description — Describes the log entry.
Figure 8-16. RMON Alarms The RMON Alarms page contains the following fields: • Alarm Entry — Selects a specific alarm from the drop-down menu. • OID — Specifies the Object Identifier. • Counter Value — Displays the number of selected events counted. • Sample Type — Displays the sampling method for the selected variable and comparing the value against the thresholds. The possible field values are: – Delta — Subtracts the last sampled value from the current value.
• Falling Threshold (0–2147483647) — Displays the falling counter value that triggers the falling threshold alarm. The falling threshold is graphically presented on top of the graph bars. Each monitored variable is designated a color. The default is 20. • Falling Event — Displays the mechanism in which the alarms are reported, including a log, a trap, or both. When a log is selected, there is no saving mechanism either in the switch or in the management system.
Displaying the Alarm Table 1. Open the RMON Alarms page. 2. Click Show All. The left side of the RMON Alarms Table displays. Figure 8-18. RMON Alarms Table 3. Click the right arrow at the bottom of the screen to view the right side of the table. Removing One Alarm Table Entry 1. Open the RMON Alarms page. 2. Select an entry in the Alarm Entry drop-down menu. 3. Check the Remove check box and click Apply Changes. The entry is removed, and the device is updated. Removing Multiple Alarm Table Entries 1.
Table 8-12. 496 Alarm Configuration Commands CLI Command Description rmon alarm Configures alarm conditions. show rmon alarm display alarm configuration. show rmon alarm-table Displays the alarms summary table.
Charts The Chart menu page contains links to web pages that allow you to chart statistics on a graph. To display the Charts menu page, click Statistics/RMON →Charts in the tree view. The Charts menu page contains links to the following features: • Ports Statistics • LAG Statistics Ports Statistics Use the Ports Statistics page to chart port-related statistics on a graph. To display the page, click Statistics/RMON →Charts →Ports in the tree view. Figure 8-19.
• GVRP Statistics — Selects GVRP Statistics when clicked, and specifies the type of GVRP statistics to graph from the drop-down menu. The default is Join Empty - Receive. • Refresh Rate — Selects the amount of time that passes before statistics are refreshed. The possible field values are No Refresh, 15, 30 and 60 seconds. The default rate is No Refresh. Displaying Port Statistics 1. Open the Ports Statistics page. 2. Select the port for which statistics will be charted. 3.
Figure 8-20. LAG Statistics The LAG Statistics page contains the following fields: • Interface Statistics — Selects Interface Statistics when clicked, and specifies the type of interface statistics to graph from the drop-down menu. The default is Received Rate. • Etherlike Statistics — Selects Etherlike Statistics when clicked, and specifies the type of etherlike statistics to graph from the drop-down menu. The default is Frame Check Sequence Errors.
2. Click the radio button associated with the statistics to chart. 3. Select the type of statistics from the related drop-down menu. 4. Select the desired refresh rate from the Refresh Rate drop-down menu. 5. Click Draw. The selected statistics are charted on the graph.
9 Configuring Routing Overview The PowerConnect 6200 Series supports the IP routing feature. Use the Routing menu page to configure routing on VLANs. The Routing menu page contains links to the following features: • ARP • Router Discovery • IP • Router • OSPF • VLAN Routing • BOOTP/DHCP Relay Agent • VRRP • IP Helper • Tunnels • RIP • Loopbacks NOTE: CLI commands are not available for all the Routing pages.
ARP The PowerConnect 6200 Series uses the ARP protocol to associate a layer 2 MAC address with a layer 3 IPv4 address. Additionally, the administrator can statically add entries into the ARP table. ARP is a necessary part of the internet protocol (IP) and is used to translate an IP address to a media (MAC) address, defined by a local area network (LAN) such as Ethernet.
Figure 9-1. ARP Create The ARP Create page contains the following fields: • IP Address — Enter the IP address you want to add. It must be the IP address of a device on a subnet attached to one of the switch's existing routing interfaces. • MAC Address — The unicast MAC address of the device. Enter the address as six two-digit hexadecimal numbers separated by colons, for example 00:06:29:32:81:40. Adding an Entry to the ARP Table 1. Open the ARP Create page. 2. Specify the addresses to be associated.
ARP Table Configuration Use this page to change the configuration parameters for the Address Resolution Protocol Table. You can also use this screen to display the contents of the table. To display the page, click Routing →ARP →ARP Table Configuration in the tree view. Figure 9-2. ARP Table Configuration The ARP Table Configuration page contains the following fields: 504 • Age Time (secs) — Enter the value you want the switch to use for the ARP entry ageout time.
• Dynamic Renew — This controls whether the ARP component automatically attempts to renew ARP Entries of type Dynamic when they age out. The default setting is Enable. • Total Entry Count — Total number of Entries in the ARP table. • Peak Total Entries — Highest value reached by Total Entry Count. This counter value is restarted whenever the ARP table Cache Size value is changed. • Active Static Entries — Total number of Active Static Entries in the ARP table.
Table 9-2. ARP Table Commands 506 CLI Command Description arp cachesize Configures the maximum number of entries in the ARP cache. arp dynamicrenew Enables the ARP component to automatically renew dynamic ARP entries when they age out. arp purge Causes the specified IP address to be removed from the ARP cache. arp resptime Configures the ARP request response timeout. arp retries Configures the ARP count of maximum request for retries. arp timeout Configures the ARP entry age-out time.
IP The IP menu page contains links to web pages that configure and display IP routing data. To display this page, click Routing →IP in the tree view. Following are the web pages accessible from this menu page: • IP Configuration • IP Statistics • IP Interface Configuration IP Configuration Use the IP Configuration page to configure routing parameters for the switch as opposed to an interface. The IP configuration settings allow you to enable or disable the generation of various types of ICMP messages.
• ICMP Redirects — Select Enable to allow the switch to generate ICMP redirect messages. Select Disable to prevent the switch from generating ICMP redirect messages. The ICMP Redirect feature is also configurable on each interface. • ICMP Rate Limit Interval — To control the ICMP error packets, you can specify the number of ICMP error packets that are allowed per burst interval. By default, the rate limit is 100 packets per second, i.e. the burst interval is 1000 milliseconds.
Figure 9-4. IP Statistics The IP Statistics page contains the following fields: • IpInReceives — The total number of input datagrams received from interfaces, including those received in error. • IpInHdrErrors — The number of input datagrams discarded due to errors in their IP headers, including bad checksums, version number mismatch, other format errors, time-to-live exceeded, errors discovered in processing their IP options, etc.
• IpInDiscards — The number of input IP datagrams for which no problems were encountered to prevent their continued processing, but which were discarded (for example, for lack of buffer space). Note that this counter does not include any datagrams discarded while awaiting re-assembly. • IpInDelivers — The total number of input datagrams successfully delivered to IP user-protocols (including ICMP).
• IcmpInParmProbs — The number of ICMP Parameter Problem messages received. • IcmpInSrcQuenchs — The number of ICMP Source Quench messages received. • IcmpInRedirects — The number of ICMP Redirect messages received. • IcmpInEchos — The number of ICMP Echo (request) messages received. • IcmpInEchoReps — The number of ICMP Echo Reply messages received. • IcmpInTimestamps — The number of ICMP Timestamp (request) messages received.
Displaying IP Statistics Using CLI Commands For information about the CLI command that performs this function, see the following chapter in the CLI Reference Guide: • IP Routing Commands The following table summarizes the equivalent CLI commands for this feature. Table 9-4. IP Statistics Command CLI Command Description show ip stats Displays IP statistical information IP Interface Configuration Use the IP Interface Configuration page to update IP interface data for this switch.
• IP Address — Enter the IP address for the interface. • Subnet Mask — Enter the subnet mask for the interface. This is also referred to as the subnet/network mask, and defines the portion of the interface's IP address that is used to identify the attached network. • Routing Mode — Setting this enables or disables routing for an interface. The default value is Enable. • Forward Net Directed Broadcasts — Select how network directed broadcast packets should be handled.
3. Click Apply Changes. Changes are saved, and the IP Interface is updated. IP Interface Configuration CLI Commands For information about the CLI commands that perform this function, see the following chapters in the CLI Reference Guide: • IP Addressing Commands • IP Routing Commands • ARP Commands The following table summarizes the equivalent CLI commands for this feature. Table 9-5.
OSPF The Open Shortest Path First (OSPF) routing protocol is an Interior Gateway Protocol (IGP). Every OSPF router builds a shortest path tree of all the routers and networks in the domain. Routing information is propagated in Link State Update packets both periodically and in the event of network topology changes. This information is received, assimilated and stored in the OSPF databases of individual routers.
Figure 9-6. OSPF Configuration The OSPF Configuration page contains the following fields: • Router ID — The 32-bit integer in dotted decimal format that uniquely identifies the router within the autonomous system (AS). If you want to change the Router ID you must first disable OSPF. After you set the new Router ID, you must re-enable OSPF to have the change take effect. The default value is 0.0.0.0, although this is not a valid Router ID.
• RFC 1583 Compatibility — Select Enable or Disable from the drop-down menu to specify the preference rules that are used when choosing among multiple AS-external-LSAs advertising the same destination. If you select Enable, the preference rules are those defined by RFC 1583. If you select Disable, the preference rules are those defined in Section 16.4.1 of the OSPF-2 standard (RFC 2328), which prevent routing loops when AS-external-LSAs for the same destination have been originated from different areas.
• External LSDB Limit — The maximum number of AS-External-LSAs that can be stored in the database. A value of -1 implies there is no limit on the number that can be saved. The valid range of values is -1 to 2147483647. • Default Metric — Sets a default for the metric of redistributed routes.This field displays the default metric if one has already been set or blank if not configured earlier. The valid values are 1 to 16777214. Enter 0 to unconfigure.
Table 9-6. OSPF Global Commands CLI Command Description auto-cost Changes the reference bandwidth used in computing link cost. bandwidth Changes the bandwidth used in computing link cost. capability opaque Enables Opaque Capability on the router. clear ip ospf Resets specific OSPF states. default-information originate Controls the advertisement of default routes. default-metric Sets a default for the metric of distributed routes.
Area Configuration The OSPF Area Configuration page lets you create a Stub area configuration and NSSA once you’ve enabled OSPF on an interface through Routing →OSPF →Interface Configuration. At least one router must have OSPF enabled for this web page to display. To display the page, click Routing →OSPF →Area Configuration in the tree view. If a Stub Area has been created, the fields in the Stub Area Information are available.
• Area LSA Checksum — The 32-bit unsigned sum of the link-state advertisements' LS checksums contained in this area's link-state database. This sum excludes external (LS type 5) link-state advertisements. The sum can be used to determine if there has been a change in a router's link state database, and to compare the link-state database of two routers. This value is in hexadecimal. Stub Area Information: • Import Summary LSAs — Select Enable or Disable from the drop-down menu.
Displaying an OSPF Area Configuration 1. Open the OSPF Area Configuration page. 2. Select the OSPF area to display from the drop-down menu. The OSPF area configuration is displayed for this area. Deleting an OSPF Area Configuration Use these steps to delete NSSA configuration or Stub area configuration. 1. Open the OSPF Area Configuration page. 2. Select the OSPF area configuration to delete from the drop-down menu. The configuration displays. 3. Click Delete. The OSPF area configuration is removed.
Table 9-7. OSPF Area Configuration Commands CLI Command Description area default-cost Configures the monetary default cost for the stub area. area nssa Configures the specified area ID to function as an NSSA. area nssa default-info-originate Configures the metric value and type for the default route advertised into the NSSA. area nssa no-redistribute Configures the NSSA Area Border router (ABR) so that learned external routes are not redistributed to the NSSA.
Stub Area Summary The OSPF Stub Area Summary page displays OSPF stub area detail. To display the page, click Routing →OSPF →Stub Area Summary in the tree view. Figure 9-8. OSPF Stub Area Summary The OSPF Stub Area Summary page displays the following fields: • Area ID — The Area ID of the stub area. • Type of Service — The type of service associated with the stub metric. The switch supports Normal only. • Metric Value — The metric value for the default route advertised into the area.
Area Range Configuration Use the OSPF Area Range Configuration page to configure and display an area range for a specified NSSA. To display the page, click Routing →OSPF →Area Range Configuration in the tree view. Figure 9-9. OSPF Area Range Configuration The OSPF Area Range Configuration page contains the following fields: • Area ID — Select the area for which data is to be configured from the drop-down menu. • IP Address — Enter the IP Address for the address range for the selected area.
Defining an OSPF Area Range 1. Open the OSPF Area Range Configuration page. 2. Enter Area ID, IP Address, Subnet Mask, LSDB Type and Advertisement. 3. Click the Add check box. 4. Click Apply Changes. The OSPF area range is defined and configured. All configured OSPF area ranges are displayed in the table on the OSPF Area Range Configuration page. Removing an OSPF Area Range Configuration 1. Open the OSPF Area Range Configuration page. 2. Select the Remove check box in the row of the Area ID to be deleted.
Interface Statistics Use the OSPF Interface Statistics page to display statistics for the selected interface. The information is displayed only if OSPF is enabled. To display the page, click Routing →OSPF →Interface Statistics in the tree view. Figure 9-10. OSPF Interface Statistics The OSPF Interface Statistics page contains the following fields: • Interface — Select the interface for which data is to be displayed from the drop-down menu.
• OSPF Area ID — The OSPF area to which the selected router interface belongs. An OSPF Area ID is a 32-bit integer in dotted decimal format that uniquely identifies the area to which the interface connects. • Area Border Router Count — The total number of area border routers reachable within this area. This is initially zero, and is calculated in each SPF Pass. • AS Border Router Count — The total number of Autonomous System border routers reachable within this area.
• No Neighbor at Source Address — The number of OSPF packets dropped because the sender is not an existing neighbor or the sender's IP address does not match the previously recorded IP address for that neighbor. • Invalid OSPF Packet Type — The number of OSPF packets discarded because the packet type field in the OSPF header is not a known type.
Interface Configuration Use the OSPF Interface Configuration page to configure an OSPF interface. To display the page, click Routing →OSPF →Interface Configuration in the tree view. Figure 9-11. OSPF Interface Configuration The OSPF Interface Configuration page contains the following fields: 530 • Interface — Select the interface for which data is to be displayed or configured from the drop-down menu. • IP Address — Displays the address of the VLAN Interface.
NOTE: Once OSPF is initialized on the router, it remains initialized until the router is reset. • OSPF Area ID — Enter the 32-bit integer in dotted decimal format that uniquely identifies the OSPF area to which the selected router interface connects. If you assign an Area ID which does not exist, the area is created with default values. • Advertise Secondaries — Select Enable or Disable from the drop-down menu to indicate the advertiseability of all secondary addresses.
– • 532 Point-to-Point — When there are only two routers on the network, OSPF can operate more efficiently by treating the network as a point-to-point network. For point-to-point networks, OSPF does not elect a designated router or generate a network link state advertisement (LSA). Both endpoints of the link must be configured to operate in point-to-point mode. Authentication Type — You may select an authentication type other than None by clicking on the Modify button.
– Designated Router — This router is itself the Designated Router on the attached network. Adjacencies are established to all other routers attached to the network. The router must also originate a network-LSA for the network node. The network- LSA contains links to all routers (including the Designated Router itself) attached to the network. – Backup Designated Router — This router is the Backup Designated Router on the attached network.
Configuration data for this interface display. Configuring an OSPF Interface using CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • OSPF Commands The following table summarizes the equivalent CLI commands for this feature. Table 9-11. 534 OSPF Interface Configuration Commands CLI Command Description ip ospf area Enables OSPFv2 and sets the area ID of an interface.
Neighbor Table Use the OSPF Neighbor Table page to display the OSPF neighbor table list. When a particular neighbor ID is specified, detailed information about a neighbor is given. The information below is only displayed if OSPF is enabled. To display the page, click Routing →OSPF →Neighbor Table in the tree view. Figure 9-12. OSPF Neighbor Table The OSPF Neighbor Table page displays the following fields: • Interface — Select the interface for which data is to be displayed from a drop-down menu.
Table 9-12. OSPF Neighbor Table Commands CLI Command Description show ip ospf neighbor Displays information about OSPF neighbors. Neighbor Configuration Use the OSPF Neighbor Configuration page to display the OSPF neighbor configuration for a selected neighbor ID. When a particular neighbor ID is specified, detailed information about a neighbor is given. The information below is only displayed if OSPF is enabled and the interface has a neighbor. The IP address is the IP address of the neighbor.
communicate their capability level to other OSPF routers. Through this mechanism, routers of differing capabilities can be mixed within an OSPF routing domain. The Options value is a bitmap, and it signifies the capability of the neighbor. • Router Priority — Displays the OSPF priority for the specified neighbor. The priority of a neighbor is a priority integer from 0 to 255. A value of 0 indicates that the router is not eligible to become the designated router on this network.
Displaying OSPF Neighbor Configuration 1. Open the OSPF Neighbor Configuration page. 2. Select the interface and the IP address to display. The neighbor configuration displays. Displaying OSPF Neighbor Configuration Using CLI Commands For information about the CLI command that performs this function, see the following chapter in the CLI Reference Guide: • OSPF Commands The following table summarizes the equivalent CLI commands for this feature. Table 9-13.
Link State Database Use the OSPF Link State Database page to display OSPF link state, external LSDB table, and AS opaque LSDB table information. To display the page, click Routing →OSPF →Link State Database in the tree view. Figure 9-14. OSPF Link State Database The OSPF Link State Database page displays the following fields: • Router ID — The 32-bit integer in dotted decimal format that uniquely identifies the router within the autonomous system (AS). The Router ID is set on the IP Configuration page.
– Network Summary – ASBR Summary – AS-external • LS ID — The Link State ID identifies the piece of the routing domain that is being described by the advertisement. The value of the LS ID depends on the advertisement's LS type. • Age — The time since the link state advertisement was first originated, in seconds. • Sequence — The sequence number field is a signed 32-bit integer. It is used to detect old and duplicate link state advertisements.
Virtual Link Configuration Use the Virtual Link Configuration page to create or configure virtual interface information for a specific area and neighbor. A valid OSPF area must be configured before this page can be displayed. To display the page, click Routing →OSPF →Virtual Link Configuration in the tree view. Figure 9-15.
• Dead Interval — Enter the OSPF dead interval for the specified interface in seconds. This specifies how long a router waits to see a neighbor router's Hello packets before declaring that the router is down. This parameter must be the same for all routers attached to a network. This value should a multiple of the Hello Interval (for example, 4). Valid values range from 1 to 65535. The default is 40 seconds.
– None — This is the initial interface state. If you select this option from the drop-down menu on the second screen and click Apply Changes, you are returned to the first screen. – Simple — If you select Simple you are prompted to enter an authentication key. This key is included, in the clear, in the OSPF header of all packets sent on the network. All routers on the network must be configured with the same key.
Figure 9-16. OSPF Virtual Link Configuration 5. Click Configure Authentication to modify authentication.
Figure 9-17. OSPF Virtual Link Authentication Configuration 6. Select values for Authentication Type and Authentication Key. 7. Click Apply Changes when finished. Configuring Virtual Link Data 1. Open the OSPF Virtual Link Configuration page. 2. Specify the area ID and neighbor router ID to configure. 3. Enter data into the fields as needed. 4. Click Configure Authentication to modify authentication. 5. Click Apply Changes when finished.
The related virtual link data displays. 3. Click Delete. The virtual link is removed, and the device is updated. Configuring Virtual Link Data Using CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • OSPF Commands The following table summarizes the equivalent CLI commands for this feature. Table 9-15.
Virtual Link Summary Use the OSPF Virtual Link Summary page to display all of the configured virtual links. To display the page, click Routing →OSPF →Virtual Link Summary in the tree view. Figure 9-18. OSPF Virtual Link Summary The OSPF Virtual Link Summary page contains the following fields: • Area ID — The Area ID portion of the virtual link identification for which data is to be displayed. The Area ID and Neighbor Router ID together define a virtual link.
• Iftransit Delay Interval (secs) — The OSPF Transit Delay for the virtual link in units of seconds. It specifies the estimated number of seconds it takes to transmit a link state update packet over this interface. Displaying the Virtual Link Summary Using CLI Commands For information about the CLI command that performs this function, see the following chapter in the CLI Reference Guide: • OSPF Commands The following table summarizes the equivalent CLI commands for this feature. Table 9-16.
• Metric — Sets the metric value for redistributed routes. This field displays a metric value if the source was preconfigured. The valid values are 0 to 16777214. • Metric Type — Select the OSPF metric type of redistributed routes from the drop-down menu. • Tag — Sets the tag field in routes redistributed. This field displays a tag value if the source was preconfigured, otherwise 0 is displayed. The valid values are 0 to 4294967295.
Modifying OSPF Route Redistribution Data 1. Open the OSPF Route Redistribution Configuration page. 2. Select a source from the Configured Source drop-down. 3. Enter data in the fields as needed. 4. Click Apply Changes when finished. The route redistrbution data is configured, and the device is updated.
The OSPF Route Redistribution Summary page contains the following fields: • Source — The Source Route to be redistributed by OSPF. • Redistribute — Specify whether to allow the routes learned through this protocol to be redistributed. • Metric — The Metric of redistributed routes for the given Source Route. Displays 0 when not configured. • Metric Type — The OSPF metric type of redistributed routes. • Tag — The tag field in routes redistributed.
failure), to correct faulty system behavior which cannot be corrected through less severe management actions, or other reasons. An unplanned restart is an unexpected failover caused by a fatal hardware failure of the management unit or a software hang or crash on the management unit. To configure the OSPF graceful restart feature, click Routing →OSPF →NSF OSPF Summary in the navigation tree. Figure 9-21. • 552 NSF OSPF Summary Support Mode — Enables or disables OSPF to perform graceful restarts.
– Timed Out—The previous graceful restart timed out. – Topology Changed— The previous graceful restart terminated prematurely because of a topology change. If you change the Support Mode, click Submit to save your change. Click Refresh to redisplay the page with the latest values from the switch.
The BOOTP/DHCP Relay Agent menu page contains links to web pages that configure and display BOOTP/DHCP relay agent. To display this page, click Routing →BOOTP/DHCP Relay Agent in the tree view. Following are the web pages accessible from this menu page: • BOOTP/DHCP Relay Agent Configuration BOOTP/DHCP Relay Agent Configuration Use the BOOTP/DHCP Relay Agent Configuration page to configure and display a BOOTP/DHCP relay agent.
Configuring BOOTP/DHCP 1. Open the BOOTP/DHCP Configuration page. 2. Enter data in the fields as needed. 3. Click Apply Changes when finished. The BOOTP/DHCP data is configured, and the device is updated. Configuring BOOTP/DHCP using CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • DHCP and BOOTP Relay Commands The following table summarizes the equivalent CLI commands for this feature. Table 9-20.
IP Helper Global Configuration Use the IP Helper Global Configuration page to add, show, or delete UDP Relay and Helper IP configuration To display the page, click Routing →IP Helper →Global Configuration in the tree view. Figure 9-23. IP Helper Global Configuration The IP Helper Global Configuration page contains the following fields: 556 • UDP Relay Mode — Use the menu to enable or disable the UDP relay mode.
Table 9-21.
2. Click Add to display the Add Helper IP Address page: Figure 9-24. Add Helper IP Address 3. Select a UDP Destination port name from the menu or enter the UDP Destination Port ID. Select the Default Set to configure for the relay entry for the default set of protocols.
Figure 9-25. IP Helper Interface Configuration The IP Helper Interface Configuration page contains the following fields: • Source IP Interface — Select the interface to use for UDP/Helper relays. Select All to configure relay entries on all available interfaces. • UDP Destination Port — Identifies destination UDP port number of UDP packets to be relayed. For a list of UDP Port allocations, see Table 9-21.
Figure 9-26. Add Helper IP Address 3. Select the interface to use for the relay. 4. Select a UDP Destination port name from the menu or enter the UDP Destination Port ID. Select the Default Set to configure for the relay entry for the default set of protocols.
Figure 9-27. IP Helper Statistics The IP Helper Statistics page contains the following fields: • DHCP Client Messages Received — The number of valid messages received from a DHCP client. The count is only increased if IP helper is enabled globally, the ingress routing interface is up, and the packet passes a number of validity checks, such as having a TTL >1 and having valid source and destination IP addresses. • DHCP Client Messages Relayed — The number of DHCP client messages relayed to a server.
• DHCP Pkts Rcvd Too Early — The number of DHCP client messages received whose secs field is less than the minimum value. The minimum secs value is a configurable value. A log message is written for each such failure. The DHCP relay agent does not relay these packets. • Received DHCP Client Messages With Giaddr As Local Address — The number of DHCP client messages received whose gateway address, giaddr, is already set to an IP address configured on one of the relay agents own IP addresses.
• RIP Route Redistribution Configuration • RIP Route Redistribution Summary RIP Configuration Use the RIP Configuration page to enable and configure or disable RIP in Global mode. To display the page, click Routing →RIP →Configuration in the tree view. Figure 9-28. RIP Configuration The RIP Configuration page contains the following fields: • RIP Admin Mode — Select Enable or Disable from the drop-down menu. If you select Enable, RIP is enabled for the switch. The default is Disable.
• Global Route Changes — Displays the number of route changes made to the IP Route Database by RIP. This does not include the refresh of a route's age. • Global Queries — Displays the number of responses sent to RIP queries from other systems. • Default Information Originate — Enable or Disable Default Route Advertise. • Default Metric — Sets a default for the metric of redistributed routes.This field displays the default metric if one has already been set, or blank if not configured earlier.
RIP Interface Configuration Use the RIP Interface Configuration page to enable and configure or to disable RIP on a specific interface. To display the page, click Routing →RIP →Interface Configuration in the tree view. Figure 9-29. RIP Interface Configuration The RIP Interface Configuration page contains the following fields: • Interface — Select the interface for which data is to be configured from the drop-down menu. • Send Version — RIP Version that router sends with its routing updates.
• RIP Admin Mode — Select Enable or Disable from the drop-down menu. Before you enable RIP version 1 or version 1c on an interface, you must first enable network directed broadcast mode on the corresponding interface. The default value is Disable. • Authentication Type — You may select an authentication type other than None by clicking the Modify button. You then see a new screen, where you can select the authentication type from the drop-down menu.
2. Specify the interface for which the authentication method is to be configured. 3. Click Modify. The Authentication Method page displays. 4. Specify the Authentication Type (None, Simple, or Encrypt) from the drop-down menu. 5. If you specify Simple or Encrypt as the Authentication Type, additional fields appear. Enter the Authentication Key (Simple or Encrypt) and Authentication Key ID (Encrypt). 6. Click Apply Changes. 7. The authentication method is updated, and the device is updated.
Figure 9-30. RIP Interface Summary The RIP Interface Summary page displays the following fields: • Interface — The interface, such as the routing-enabled VLAN on which RIP is enabled. • IP Address — The IP Address of the router interface. • Send Version — Specifies the RIP version to which RIP control packets sent from the interface conform. The default is RIP-2. Possible values are: • – RIP-1 — RIP version 1 packets are sent using broadcast. – RIP-1c — RIP version 1 compatibility mode.
Table 9-27. RIP Interface Summary Command CLI Command Description show ip rip interface brief Displays general information for each RIP interface. RIP Route Redistribution Configuration Use the RIP Route Redistribution Configuration page to configure the RIP Route Redistribution parameters. The allowable values for each fields are displayed next to the field. If any invalid values are entered, an alert message is displayed with the list of all the valid values.
• Source — Select the type of source route to configure for redistribution by RIP. Possible values are: – Static – Connected – OSPF • Metric — Sets the metric value to be used as the metric of redistributed routes. This field displays the metric if the source was pre-configured and can be modified. The valid values are 1 to 15. • Distribute List — Select the Access List that filters the routes to be redistributed by the destination protocol. Only permitted routes are redistributed.
2. Select the Configured Source to modify. 3. Change values on this screen as needed. 4. Click Apply Changes Specified changes are saved, and the device is updated. Configuring RIP Route Redistribution using CLI Command For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • Routing Information Protocol (RIP) Commands The following table summarizes the equivalent CLI commands for this feature. Table 9-28.
RIP Route Redistribution Summary Use the RIP Route Redistribution Summary page to display Route Redistribution configurations. To display the page, click Routing →RIP →Route Redistribution Summary in the tree view. Figure 9-32. RIP Route Redistribution Summary The RIP Route Redistribution Summary page contains the following fields: 572 • Source — The source route to be redistributed by RIP. • Metric — The metric of redistributed routes for the given source route. Displays 0 when not configured.
Displaying RIP Route Redistribution Summary Using CLI Commands For information about the CLI command that performs this function, see the following chapter in the CLI Reference Guide: • Routing Information Protocol (RIP) Commands The following table summarizes the equivalent CLI commands for this feature. Table 9-29. RIP Route Redistribution Summary Command CLI Command Description show ip rip Displays IP RIP redistribution summary data.
Figure 9-33. Router Discovery Configuration The Router Discovery Configuration page contains the following fields: • VLAN Interface — Select the router interface for which data is to be configured. • Advertise Mode — Select Enable or Disable from the drop-down menu. If you select Enable, Router Advertisements are transmitted from the selected interface. • Advertise Address — Enter the IP Address to be used to advertise the router.
Configuring Router Discovery Using CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • Router Discovery Protocol Commands The following table summarizes the equivalent CLI commands for this feature. Table 9-30. Router Discovery Commands CLI Command Description ip irdp Enables Router Discovery on an interface.
• Advertise Mode — The values are Enable or Disable. Enable denotes that Router Discovery is enabled on that interface. • Advertise Address — The IP Address used to advertise the router. • Maximum Advertise Interval (secs) — The maximum time (in seconds) allowed between router advertisements sent from the interface. • Minimum Advertise Interval (secs) — The minimum time (in seconds) allowed between router advertisements sent from the interface.
To display the page, click Routing →Router →Route Table in the tree view. Figure 9-35. Router Route Table The Router Route Table page displays the following fields: • Total Number of Routes — The total number of routes in the route table. • Network Address — The IP route prefix for the destination. • Subnet Mask — Also referred to as the subnet/network mask, this indicates the portion of the IP interface address that identifies the attached network.
• IP Routing Commands The following table summarizes the equivalent CLI commands for this feature. Table 9-32. Router Route Table Commands CLI Command Description show ip route Displays the routing table. show ip route summary Shows the number of all routes, including best and non-best routes. Best Routes Table Use the Router Best Routes Table page to display the best routes from the routing table. To display the page, click Routing →Router →Best Routes Table in the tree view. Figure 9-36.
– OSPF Type-1 – OSPF Type-2 – RIP • Next Hop Interface — The outgoing router interface to use when forwarding traffic to the destination. • Next Hop IP Address — The outgoing router IP address to use when forwarding traffic to the next router (if any) in the path towards the destination. The next router is always one of the adjacent neighbors or the IP address of the local interface for a directly attached network.
• Network Address — Specify the IP route prefix for the destination from the drop-down menu. In order to create a route, a valid routing interface must exist and the next hop IP Address must be on the same network as the routing interface. Routing interfaces are created on the IP Interface Configuration page. Valid next hop IP Addresses can be viewed on the Route Table page.
Figure 9-38. Add Route - Default Route Type 3. Next to Route Type, use the drop-down box to add a Default route or a Static route. If you select Static, the page refreshes and new fields appear, as Figure 9-39 shows. Default — Enter the default gateway address in the Next Hop IP Address field. Static — Enter values for Network Address, Subnet Mask, Next Hop IP Address, and Preference. Figure 9-39. Route Entry Configuration - Add Static Route Type 4. Click Apply Changes.
Table 9-34. Router Route Configuration Commands CLI Command Description ip route Configures a static route. Use the no form of the command to delete the static route. ip route default Configures the default route. Use the no form of the command to delete the default route. Configured Routes Use the Configured Routes page to display the routes that have been configured. To display the page, click Routing →Router →Configured Routes in the tree view. Figure 9-40.
Default — Enter the default gateway address in the Next Hop IP Address field. Figure 9-38 shows the fields that display when the Route Type value is Default. Static — Enter values for Network Address, Subnet Mask, Next Hop IP Address, and Preference. Figure 9-39 shows the fields that display when the Route Type value is Static. 4. Click Apply Changes. The new route is added, and you are returned to the Configured Routes page.
NOTE: For a static reject route, the next hop interface value is Null0. Packets to the network address specified in static reject routes are intentionally dropped. To display the page, click Routing →Router →Route Preferences Configuration in the tree view. Figure 9-41. Router Route Preferences Configuration The Router Route Preferences Configuration page contains the following fields: • Local — This field displays the local route preference value.
The following table summarizes the equivalent CLI commands for this feature. Table 9-36. Route Preference Commands CLI Command Description ip route Configures a static reject route. ip route distance Sets the default distance (preference) for static routes. VLAN Routing You can configure PowerConnect 6200 Series software with some VLANs that support routing. You can also configure the software to allow traffic on a VLAN to be treated as if the VLAN were a router port.
Figure 9-42. VLAN Routing Summary The VLAN Routing Summary page displays the following fields: • VLAN ID — The ID of the VLAN whose data is displayed in the current table row. • MAC Address — The MAC Address assigned to the VLAN Routing Interface. • IP Address — The configured IP address of the VLAN Routing Interface. NOTE: If a VLAN is created and the IP address is not configured, the web page by default shows an IP address of 0.0.0.0.
VRRP The Virtual Router Redundancy (VRRP) protocol is designed to handle default router failures by providing a scheme to dynamically elect a backup router. The driving force was to minimize “black hole” periods due to the failure of the default gateway router during which all traffic directed towards it is lost until the failure is detected. Though static configuration of default routes is popular, such an approach is susceptible to a single point of failure when the default router fails.
VRRP Configuration Use the VRRP Configuration page to enable or disable the administrative status of a virtual router. To display the page, click Routing →VRRP →Router Configuration in the tree view. Figure 9-43. VRRP Configuration The VRRP Configuration page contains the following field: • Admin Mode — Select Enable from the drop-down menu to administratively enable VRRP on the system.
VRRP Router Configuration Use the VRRP Configuration page to configure a virtual router. To display the page, click Routing →VRRP →Router Configuration in the tree view. Figure 9-44. VRRP Router Configuration The VRRP Router Configuration page contains the following fields: • VRID and Interface — Select Create from the drop-down menu to configure a new Virtual Router, or select one of the existing Virtual Routers, listed by interface number and VRID.
• Priority — The operational priority of the VRRP router, which is relative to the configured priority and depends on the priority decrements configured through tracking process. The priority and configured priority are the same unless a tracked event (for example a tracked interface is down) has occurred to change the value. • Advertisement Interval — Enter the time, in seconds, between the transmission of advertisement packets by this virtual router. Enter a number between 1 and 255.
Figure 9-45. Virtual Router Secondary Address 3. In the Secondary Address field, select Create to add a new secondary IP address, or select an existing secondary IP address to modify. 4. In the IP Address field, enter the secondary IP address. 5. Click Apply Changes. Configuring VRRP Interface Tracking 1. Open the VRRP Router Configuration page. 2. Click Track Interface. The VRRP Interface Tracking Configuration page displays.
Figure 9-47. Add VRRP Interface Tracking 4. Complete the fields as necessary. The Add VRRP Interface Tracking page contains the following fields. • Interface — The interface associated with the Virtual Router ID. • Virtual Router ID — The Virtual Router ID. • Track Interface — Select an interface for the VRRP router to track. • Priority Decrement — When a tracked interface goes down, the priority decrement specifies the amount that the router priority will be decreased. The valid range is 1 to 254.
Figure 9-49. Add VRRP Route Tracking 4. Complete the fields as necessary. The Add VRRP Route Tracking page contains the following fields. • Interface — The interface associated with the Virtual Router ID. • Virtual Router ID — The Virtual Router ID. • Track Route pfx— Enter the destination prefix for the route to be tracked. Specify the prefix in dotted decimal format, for example 192.168.10.0 • Track Route pfxlen — Enter the prefix length for the route to track.
Table 9-39. VRRP Configuration Commands CLI Command Description ip vrrp authentication Sets the authorization details value for the virtual router configured on a specified interface. ip vrrp ip Sets the virtual router IP address value for an interface. ip vrrp mode Enables the virtual router configured on an interface. Enabling the status field starts a virtual router. ip vrrp preempt Sets the preemption mode value for the virtual router configured on a specified interface.
• VLANID - Indicates the interface associate with the VRID. • Priority — The priority value used by the VRRP router in the election for the master virtual router. • Pre-empt Mode – Enable — If the Virtual Router is a backup router it preempts the master router if it has a priority greater than the master virtual router's priority provided the master is not the owner of the virtual router IP address.
Table 9-40. 596 Virtual Router Status Commands CLI Command Description show ip vrrp interface Displays all configuration information and VRRP router statistics of a virtual router configured on a specific interface. show ip vrrp interface brief Displays information about each virtual router configured on the switch.
VRRP Virtual Router Statistics Use the Virtual Router Statistics page to display statistics for a specified virtual router. To display the page, click Routing →VRRP →Virtual Router Statistics in the tree view. Figure 9-51. Virtual Router Statistics The Virtual Router Statistics page contains the fields listed below. Many of the fields display only when there is a valid VRRP configuration. • Router Checksum Errors — The total number of VRRP packets received with an invalid VRRP checksum value.
• State Transitioned to Master — The total number of times that this virtual router's state has transitioned to Master. • Advertisement Received — The total number of VRRP advertisements received by this virtual router. • Advertisement Interval Errors — The total number of VRRP advertisement packets received for which the advertisement interval was different than the one configured for the local virtual router.
Table 9-41. VRRP Interface Statistics Command CLI Command Description show ip vrrp interface stats Displays the statistical information about each virtual router configured on the switch. Tunnels The PowerConnect 6200 Series switches support the creation, deletion, and management of tunnel interfaces. These are dynamic interfaces that are created and deleted through user-configuration. Each switch also supports the functionality of a 6to4 border router that connects a 6to4 site to a 6to4 domain.
Tunnels Configuration Use the Tunnels Configuration page to create, configure, or delete a tunnel. To display the page, click Routing →Tunnels →Configuration in the tree view. Figure 9-52. Tunnels Configuration The Tunnels Configuration page contains the following fields: • Tunnel — Use the drop-down menu to select from the list of currently configured tunnel IDs. Create is also a valid choice if the maximum number of tunnel interfaces has not been created.
• Source — Select the desired source, IPv4 Address or Interface. If Address is selected, the source address for this tunnel must be entered in dotted decimal notation. If Interface is selected the source interface for this tunnel must be selected. The address associated with the selected interface is used as the source address. • Destination Address — The IPv4 destination address for this tunnel in dotted decimal notation. Creating a New Tunnel 1. Open the Tunnels Configuration page. 2.
4. Click Apply Changes. The new configuration is saved, and the device is updated. Removing a Tunnel 1. Open the Tunnels Configuration page. 2. Specify the tunnel to remove in the Tunnel drop-down menu. 3. Click Delete Tunnel. The tunnel is deleted, and the device is updated.
Figure 9-54. Tunnels Summary The Tunnels Summary page contains the following fields: • Tunnel ID — The Tunnel ID. • Tunnel Mode — The corresponding mode of the Tunnel. • IPv6 Mode — Shows whether IPv6 is enabled on the tunnel. • Source — The corresponding Tunnel Source Address. In the case where an interface has been configured both the interface and the address are displayed. If the source interface has no address configured then nothing is displayed in place of the address.
Loopbacks The PowerConnect 6200 Series provides for the creation, deletion, and management of loopback interfaces. They are dynamic interfaces that are created and deleted through user-configuration. The PowerConnect 6200 Series supports multiple loopback interfaces. A loopback interface is always expected to be up. As such, it provides a means to configure a stable IP address on the device that may be referred to by other switches.
• Loopback — Use the drop-down menu to select from the list of currently configured loopback interfaces. Create is also a valid choice if the maximum number of loopback interfaces has not been created. • Loopback ID — When Create is selected in the Loopback field, this list of available loopback ID's displays. • Protocol — Select IPv4 or IPv6 to configure the corresponding attributes on the loopback interface. The protocol selected affects the fields that are displayed on this page.
The Loopback ID field goes away, and the remaining loopback fields display. Figure 9-56. Loopbacks Configuration - IPv4 Entry 5. Enter IPv4 in the Protocol field. 6. Enter desired values in the remaining fields. 7. Click Submit. The new loopback is saved, and the webpage reappears showing secondary address configuration fields. Figure 9-57. Loopback Configuration - Add Secondary Address 8. Complete the Secondary Address, Secondary IP Address, and Secondary Subnet Mask fields. 9.
Creating a New Loopback (IPv6) 1. Open the Loopbacks Configuration page. 2. Select Create from the Loopback drop-down menu. 3. Specify an ID to use in the Loopback ID field. 4. Click Apply Changes. The Loopback ID field goes away, and the remaining loopback fields display. Figure 9-58. Loopbacks Configuration - IPv6 Entry 5. Choose IPv6 from the drop-down box in the Protocol field. 6. Add the IPv6 Address. 7. Enter desired values in the remaining fields. 8. Click Submit.
2. Specify the loopback to remove in the Loopback drop-down menu. 3. Click Delete Loopback. The loopback is deleted, and the device is updated. Removing a Secondary Address 1. Open the Loopback Configuration page. 2. Specify the loopback to be affected. 3. Specify the secondary address to be removed. 4. Click Delete Selected Secondary. The secondary address is deleted, and the device is updated.
Figure 9-59. Loopbacks Summary The Loopbacks Summary page displays the following fields: • Loopback Interface — The ID of the configured loopback interface. • Addresses — A list of the addresses configured on the loopback interface.
Configuring Routing
10 Configuring IPv6 Overview The IPv6 menu page contains links to the following features: • Global Configuration • Interface Configuration • Interface Summary • IPv6 Statistics • IPv6 Neighbor Table • DHCPv6 • OSPFv3 • IPv6 Routes IPv6 is the next generation of the Internet Protocol.
Global Configuration Use the Global Configuration page to enable IPv6 forwarding on the router, enable the forwarding of IPv6 unicast datagrams, and configure global IPv6 settings. To display the page, click IPv6 →Global Configuration in the tree view. Figure 10-1. IPv6 Global Configuration The IPv6 Global Configuration page contains the following fields: • IPv6 Unicast Routing — Globally enable or disable IPv6 unicast routing on the router. The default is Disable.
Configuring IPv6 Using CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • IPv6 Routing Commands The following table summarizes the equivalent CLI commands for this feature. Table 10-1. IPv6 Routing Global Commands CLI Command Description ipv6 forwarding Enables IPv6 forwarding on a router. ipv6 icmp error-interval Limits the rate at which ICMP error messages are sent.
Interface Configuration Use the Interface Configuration page to configure IPv6 interface parameters. This page has been updated to include the IPv6 Destination Unreachables field. To display the page, click IPv6 →Interface Configuration in the tree view. Figure 10-2. IPv6 Interface Configuration The IPv6 Interface Configuration page contains the following fields: 614 • Interface — Selects the interface to be configured.
• IPv6 Prefix — Choose to Add or Delete an IPv6 prefix on this interface. If adding a prefix, specify that prefix in the following IPv6 Prefix field. Checking Delete causes deletion of a displayed IPv6 Prefix. • IPv6 Prefix — Specifies the IPv6 prefix for an interface. When the selection is changed, the screen is refreshed and valid lifetime, preferred lifetime, on-link flag, and autonomous flag fields are updated for the selected IPv6 address. • EUI-64 — If checked, specifies 64-bit unicast prefix.
• Router Advertisement NS Interval — Specifies retransmission time field of router advertisement sent from the interface. A value of 0 means the interval is not specified for this router. The range of neighbor solicit interval is 1000 to 4294967295. • Router Lifetime Interval — Specifies the router advertisement lifetime field sent from the interface. This value must be greater than or equal to the maximum advertisement interval. 0 means do not use the router as the default router.
Table 10-2. IPv6 Interface Routing Commands CLI Command Description ipv6 address Configures an IPv6 address on an interface (including tunnel and loopback interfaces). ipv6 enable Enables IPv6 routing on an interface (including tunnel and loopback interfaces) that has not been configured with an explicit IPv6 address. ipv6 host Defines static host name-to- ipv6 address mapping in the host cache. ipv6 mtu Sets the maximum transmission unit (MTU) size, in bytes, of IPv6 packets on an interface.
Interface Summary Use the Interface Summary page to display settings for all IPv6 interfaces. To display the page, click IPv6 →Interface Summary in the tree view. Figure 10-3. IPv6 Interface Summary The IPv6 Interface Summary page contains the following fields: • Interface — Specifies the interface whose settings are displayed in the current table row. • Routing Mode — Specifies routing mode of the interface. • Admin Mode — Specifies administrative mode of the interface.
To display the page, click IPv6 →IPv6 Statistics in the tree view. Figure 10-4. IPv6 Statistics The IPv6 Statistics page contains the following fields: • Interface — Selects the interface for which statistics are displayed. When the selection is changed, a screen refresh occurs, causing all fields to be updated for the newly selected interface. IPv6 Statistics • Total Datagrams Received — The total number of input datagrams received by the interface, including those received in error.
• Received Datagrams Locally Delivered — The total number of datagrams successfully delivered to IPv6 user-protocols (including ICMP). This counter is incremented at the interface to which these datagrams were addressed, which might not be necessarily the input interface for some of the datagrams.
• Datagrams Forwarded — The number of output datagrams which this entity received and forwarded to their final destinations. In entities which do not act as IPv6 routers, this counter includes only those packets which were Source-Routed through this entity, and the Source-Route processing was successful. Note that for a successfully forwarded datagram the counter of the outgoing interface is incremented.
• ICMPv6 Router Solicit Messages Received — The number of ICMP Router Solicit messages received by the interface. • ICMPv6 Router Advertisement Messages Received — The number of ICMP Router Advertisement messages received by the interface. • ICMPv6 Neighbor Solicit Messages Received — The number of ICMP Neighbor Solicit messages received by the interface. • ICMPv6 Neighbor Advertisement Messages Received — The number of ICMP Neighbor Advertisement messages received by the interface.
• ICMPv6 Router Solicit Messages Transmitted — The number of ICMP Router Solicitation messages sent by the interface. • ICMPv6 Router Advertisement Messages Transmitted — The number of ICMP Router Advertisement messages sent by the interface. • ICMPv6 Neighbor Solicit Messages Transmitted — The number of ICMP Neighbor Solicitation messages sent by the interface. • ICMPv6 Neighbor Advertisement Messages Transmitted — The number of ICMP Neighbor Advertisement messages sent by the interface.
IPv6 Neighbor Table Use the IPv6 Neighbor Table page to display IPv6 neighbor details for a specified interface. To display the page, click IPv6 →IPv6 Neighbor Table in the tree view. Figure 10-5. IPv6 Neighbor Table The IPv6 Neighbor Table page contains the following fields: • Interface — Selects the interface for which neighbor state information is displayed. • Interface — Specifies the interface whose settings are displayed in the current table row.
• – Reachable — Positive confirmation was received within the last Reachable Time milliseconds that the forward path to the neighbor was functioning properly. While in REACH state, the device takes no special action as packets are sent. – Stale — More than ReachableTime milliseconds have elapsed since the last positive confirmation was received that the forward path was functioning properly. While in STALE state, the device takes no action until a packet is sent.
DHCPv6 DHCP is generally used between clients (for example hosts) and servers (for example routers) for the purpose of assigning IP addresses, gateways, and other networking definitions such as DNS, NTP, and/or Session Initiation Protocol (SIP) parameters. However, IPv6 natively provides for auto configuration of IP addresses through IPv6 Neighbor Discovery Protocol (NDP) and the use of Router Advertisement messages.
The DHCPv6 Global Configuration page contains the following fields: • DHCPv6 Admin Mode — Specifies DHCPv6 operation on the switch. Possible values are Enable and Disable; the default value is Disable. • Relay Option — Specifies Relay Agent Information Option value. The values allowed are between 32 to 65535, and represent the value exchanged between the relay agent and the server. Each value has a different meaning, of which 1 to 39 are standardized.
Figure 10-7. Pool Configuration - Create The Pool Configuration page contains the following fields: 628 • Pool Name — Drop-down menu that lists all the pool names configured. When Create is selected, fields on the page are cleared of data, in preparation for new pool information. • Pool Name — Displays the pool selected from the previous field, or provides entry of a unique name for a DHCPv6 pool when Create is selected. A maximum of 31 alphanumeric characters can be entered.
Creating a DHCPv6 Pool 1. Open the Pool Configuration page. 2. Select Create from the Pool Name drop-down menu. 3. Enter a new name in the Pool Name field. 4. Specify an existing DNS Server Address to associate with this pool, or create a new one. 5. Specify an existing Domain Name to associate with this pool, or create a new one. 6. Click Apply Changes. The new pool is saved, and the device is updated. If a new DNS server address or domain name was specified, it is also saved.
Table 10-7. DHCPv6 Pool Configuration Commands CLI Command Description dns-server Sets the ipv6 DNS server address which is provided to a DHCPv6 client by the DHCPv6 server. domain-name Sets the DNS domain name which is provided to a DHCPv6 client by the DHCPv6 server. ipv6 dhcp pool Enters IPv6 DHCP Pool Configuration mode. Prefix Delegation Configuration Use the Prefix Delegation Configuration page to configure a delegated prefix for a pool.
• Prefer Lifetime — Specifies the prefer lifetime in seconds for delegated prefix. • Delete — Deletes the displayed pool prefix delegation configuration when checked and Apply Changes is clicked. Configuring a delegated prefix to a Pool 1. Open the Prefix Delegation Configuration page. 2. Select the pool to be configured. 3. Specify the delegated prefix. 4. Modify the remaining fields as needed. 5. Click Apply Changes. The delegated prefix and parameters are saved, and the device is updated.
Figure 10-9. Pool Summary The Pool Summary page contains the following fields: • Pool Name — Selects the pool to display. • DNS Server — Displays the IPv6 address of the associated DNS server. • Domain Name — Displays the DNS domain name. • Host IP Address — Displays the IPv6 address and mask length for the delegated prefix. • DUID — Identifier used to identify the client's unique DUID value. • Valid Lifetime — Displays the valid lifetime in seconds for delegated prefix.
Figure 10-10. DHCPv6 Interface Configuration The fields that display on the DHCPv6 Interface Configuration pages depend on the value selected in the Interface Mode field. The following list describes all the possible fields on the page: • Interface — Select the interface for which you are configuring DHCPv6 server functionality. • Interface Mode — Configure the DHCPv6 mode as either Server or Relay. DHCPv6 server and DHCPv6 relay functions are mutually exclusive.
Figure 10-11. DHCPv6 Interface Configuration - Relay 3. Modify the fields as needed. 4. Click Apply Changes. The DHCPv6 interface configuration is saved, and the device is updated. Configuring a DHCPv6 Interface for Server Interface Mode 1. Open the DHCPv6 Interface Configuration page. 2. Specify the desired Interface, and select Server from the Interface Mode drop down menu. The following screen appears: Figure 10-12. DHCPv6 Interface Configuration - Server 3. Modify the fields as needed. 4.
The DHCPv6 interface configuration is saved, and the device is updated. Configuring a DHCPv6 Interface Using CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • DHCPv6 Commands The following table summarizes the equivalent CLI commands for this feature. Table 10-10. DHCPv6 Interface Configuration Commands CLI Command Description ipv6 dhcp relay Configures an interface for DHCPv6 relay functionality.
DHCPv6 Server Bindings Summary Use the Server Bindings Summary page to display all DHCPv6 server bindings. To display the page, click IPv6 →DHCPv6 →Bindings Summary in the tree view. Figure 10-13. Server Bindings Summary The Server Bindings Summary page contains the following fields: • Client Address — Specifies the IPv6 address of the client associated with the binding. • Client Interface — Specifies the interface number where the client binding occurred.
DHCPv6 Statistics Use the DHCPv6 Statistics page to display DHCPv6 statistics for one or all interfaces. To display the page, click IPv6 →DHCPv6 →Statistics in the tree view. Figure 10-14. DHCPv6 Statistics The DHCPv6 Statistics page displays the following fields: • Interface — Select the interface for which data is to be displayed or configured. On selecting All, data is shown for all interfaces.
• DHCPv6 Renew Packets Received — Specifies the number of Renews. • DHCPv6 Rebind Packets Received — Specifies the number of Rebinds. • DHCPv6 Release Packets Received — Specifies the number of Releases. • DHCPv6 Decline Packets Received — Specifies the number of Declines. • DHCPv6 Inform Packets Received — Specifies the number of Informs. • DHCPv6 Relay-forward Packets Received — Specifies the number of Relay forwards.
Table 10-12. DHCPv6 Statistics Commands CLI Command Description show ipv6 dhcp statistics Displays the DHCPv6 server name and status. clear ipv6 dhcp Clears DHCPv6 statistics for all interfaces or for a specific interface. OSPFv3 OSPFv3 is the Open Shortest Path First routing protocol for IPv6. It is similar to OSPFv2 in its concept of a link state database, intra/inter area, and AS external routes and virtual links.
To display the page, click IPv6 →OSPFv3 →Configuration in the tree view. Figure 10-15. OSPFv3 Configuration The OSPFv3 Configuration page contains the following fields: • Router ID — The 32-bit integer in dotted decimal format that uniquely identifies the router within the autonomous system (AS). If you want to change the Router ID you must first disable OSPFv3. After you set the new Router ID, you must re-enable OSPFv3 to have the change take effect. The default value is 0.0.0.
• ABR Status — The values of this are Enable or Disable. The field displays only when a valid configuration exists. Enabled implies that the router is an area border router. Disabled implies that it is not an area border router. • Exit Overflow Interval — Enter the number of seconds that, after entering overflow state, the router should wait before attempting to leave overflow state. This allows the router to again originate nondefault AS-external-LSAs.
NOTE: The values for Always, Metric, and Metric Type can only be configured after Default Information Originate is set to Enable. If Default Information Originate is set to Enable and values for Always, Metric, and Metric Type are already configured, then setting Default Information Originate back to disable sets the Always, Metric, and Metric Type values to default. • Always — Sets the router advertise ::/0 when set to True. • Metric — Specifies the metric of the default route.
Table 10-13. OSPFv3 Global Configuration Commands CLI Command Description default-information originate Controls the advertisement of default routes. default-metric Sets a default for the metric of distributed routes. distance ospf Sets the route preference value of OSPF in the router. enable Resets the default administrative mode of OSPF in the router (active). exit-overflow-interval Configures the exit overflow interval for OSPF.
Figure 10-16. OSPFv3 Area Configuration The OSPFv3 Area Configuration page contains the following fields: • Area ID — The OSPFv3 area. An Area ID is a 32-bit integer in dotted decimal format that uniquely identifies the area to which a router interface connects. • External Routing — A definition of the router's capabilities for the area, including whether or not ASexternal-LSAs are flooded into/throughout the area.
The web page reappears with Create Stub Area and NSSA Create buttons. Figure 10-17. OSPFv3 Area Configuration - Create Stub Area and NSSA Create Configuring OSPFv3 Stub Area 1. Open the OSPFv3 Area Configuration page. 2. Modify the fields as needed. 3. Click Apply Changes. The web page reappears with Create Stub Area and NSSA Create buttons. See Figure 10-17. 4. Click Create Stub Area. The Stub Area Information fields display. Figure 10-18. OSPFv3 Stub Area Configuration 5. Complete the remaining fields.
2. Modify the fields as needed. 3. Click Apply Changes. The web page reappears with Create Stub Area and NSSA Create buttons. See Figure 10-17. 4. Click NSSA Create on the OSPFv3 Area Configuration web page. The web page reappears showing options for NSSA configuration. Figure 10-19. OSPFv3 Area Configuration - NSSA 5. Complete the remaining fields. 6. Click Apply Changes. The NSSA information is saved and the device is updated. Deleting OSPFv3 Stub Area Information 1.
Configuring OSPFv3 Area Using CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • OSPFv3 Commands The following table summarizes the equivalent CLI commands for this feature. Table 10-14. OSPFv3 Area Configuration Commands CLI Command Description area default-cost Configures the monetary default cost for the stub area. area nssa Configures the specified areaid to function as an NSSA.
OSPFv3 Stub Area Summary Use the OSPFv3 Stub Area Summary page to display OSPFv3 stub area detail. To display the page, click IPv6 →OSPFv3 →Stub Area Summary in the tree view. Figure 10-20. OSPFv3 Stub Area Summary The OSPFv3 Stub Area Summary page displays the following fields: • Area ID — The Area ID of the Stub area. • Metric Value — The metric value applied to the default route advertised into the area. • Import Summary LSAs — Whether the import of Summary LSAs is enabled or disabled.
OSPFv3 Area Range Configuration Use the OSPFv3 Area Range Configuration page to configure OSPFv3 area ranges. To display the page, click IPv6 →OSPFv3 →Area Range Configuration in the tree view. Figure 10-21. OSPFv3 Area Range Configuration The OSPFv3 Area Range Configuration page contains the following fields: • Area ID — Selects the area for which data is to be configured. • IPv6 Prefix/Prefix Length — Enter the IPv6 Prefix/Prefix Length for the address range for the selected area.
The OSPFv3 area range is saved, and the device is updated. Configuring OSPFv3 Area Range Using CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • OSPFv3 Commands The following table summarizes the equivalent CLI commands for this feature. Table 10-16. 650 OSPFv3 Area Range Command CLI Command Description area range Creates an area range for a specified NSSA.
OSPFv3 Interface Configuration Use the OSPFv3 Interface Configuration page to create and configure OSPFv3 interfaces. This page has been updated to include the Passive Mode field. To display the page, click IPv6 →OSPFv3 →Interface Configuration in the tree view. Figure 10-22. OSPFv3 Interface Configuration The OSPFv3 Interface Configuration page contains the following fields: • Interface — Select the interface for which data is to be displayed or configured.
• OSPFv3 Area ID — Enter the 32-bit integer in dotted decimal format that uniquely identifies the OSPFv3 area to which the selected router interface connects. If you assign an Area ID which does not exist, the area is created with default values. • Router Priority — Enter the OSPFv3 priority for the selected interface. The priority of an interface is specified as an integer from 0 to 255. The default is 1, which is the highest router priority.
interface or through something like a bit error test. For this reason, IP packets may still be addressed to an interface in Loopback state. To facilitate this, such interfaces are advertised in router- LSAs as single host routes, whose destination is the IP interface address. – Waiting — The router is trying to determine the identity of the (Backup) Designated Router for the network by monitoring received Hello Packets.
Table 10-17. OSPFv3 Interface Commands CLI Command Description ipv6 ospf Enables OSPF on a router interface or loopback interface. ipv6 ospf areaid Sets the OSPF area to which the specified router interface belongs. ipv6 ospf cost Configures the cost on an OSPF interface. ipv6 ospf dead-interval Sets the OSPF dead interval for the specified interface. ipv6 ospf hello-interval Sets the OSPF hello interval for the specified interface.
Figure 10-23. OSPFv3 Interface Statistics The OSPFv3 Interface Statistics page displays the following fields: • Interface — Select the interface for which data is to be displayed. • OSPFv3 Area ID — The OSPF area to which the selected router interface belongs. An OSPF Area ID is a 32-bit integer in dotted decimal format that uniquely identifies the area to which the interface connects. • Area Border Router Count — The total number of area border routers reachable within this area.
• Interface Events — The number of times the specified OSPF interface has changed its state, or an error has occurred. • Virtual Events — The number of state changes or errors that have occurred on this virtual link. • Neighbor Events — The number of times this neighbor relationship has changed state, or an error has occurred. • External LSA Count — The number of external (LS type 5) link-state advertisements in the link-state database.
• LS Updates Received — The number of LS updates received on this interface by this router. • LS Acknowledgements Sent — The number of LS acknowledgements sent on this interface by this router. • LS Acknowledgements Received — The number of LS acknowledgements received on this interface by this router. Displaying OSPFv3 Interface Statistics 1. Open the OSPFv3 Interface Statistics page. 2. Select the interface to display from the Interface drop-down menu. Statistics for the interface display.
Figure 10-24. OSPFv3 Neighbors The OSPFv3 Neighbors page contains the following fields: • Interface — Selects the interface for which data is to be displayed or configured. • Neighbor Router ID — Selects the IP Address of the neighbor for which data is to be displayed. • Area ID — A 32-bit integer in dotted decimal format that identifies the neighbor router. • Options — The optional OSPF capabilities supported by the neighbor.
– Attempt — This state is only valid for neighbors attached to NBMA networks. It indicates that no recent information has been received from the neighbor, but that a more concerted effort should be made to contact the neighbor. This is done by sending the neighbor Hello packets at intervals of Hello Interval. – Init — In this state, a Hello packet has recently been seen from the neighbor. However, bidirectional communication has not yet been established with the neighbor (i.e.
Table 10-19. OSPFv3 Neighbor Command CLI Command Description show ipv6 ospf neighbor Displays information about OSPF neighbors. OSPFv3 Neighbor Table Use the OSPFv3 Neighbor Table page to display the OSPF neighbor table list. When a particular neighbor ID is specified, detailed information about a neighbor is given. The neighbor table is only displayed if OSPF is enabled. To display the page, click IPv6 →OSPFv3 →Neighbor Table in the tree view. Figure 10-25.
• IntlfID — The Interface ID that the neighbor advertises in its Hello packets on this link. • Interface — The slot/port that identifies the neighbor interface index. • State — State of the relationship with this neighbor. • Dead Time — Number of seconds since last Hello was received from adjacent neighbors. Set this value to 0 for neighbors in a state less than or equal to Init. Displaying the OSPFv3 Neighbor Table 1. Open the OSPFv3 Neighbor Table page. 2.
Figure 10-26. OSPFv3 Link State Database The OSPFv3 Link State Database page displays the following fields: 662 • Adv. Router — The 32-bit integer in dotted decimal format that uniquely identifies the router within the autonomous system (AS). The Router ID is set on the OSPFv3 Configuration page. • Area ID — The ID of an OSPF area to which one of the router interfaces is connected.
– Intra-Area-Prefix-LSA • Link ID — The Link State ID identifies the piece of the routing domain that is being described by the advertisement. The value of the LS ID depends on the advertisement's LS type. • Age — The time since the link state advertisement was first originated, in seconds. • Sequence — The sequence number field is a signed 32-bit integer. It is used to detect old and duplicate link state advertisements. The larger the sequence number, the more recent the advertisement.
To display the page, click IPv6 →OSPFv3 →Virtual Link Configuration in the tree view. Figure 10-27. OSPFv3 Virtual Link Configuration The OSPFv3 Virtual Link Configuration page contains the following fields: 664 • Create New Virtual Link — Select this option from the drop-down menu to define a new virtual link. The area portion of the virtual link identification is fixed: you are prompted to enter the Neighbor Router ID on a new screen.
• Interface Delay Interval (secs) — Enter the OSPF Transit Delay for the specified interface. This specifies the estimated number of seconds it takes to transmit a link state update packet over the selected interface. Valid values range from 1 to 3600 seconds (1 hour). The default value is 1 second. • State — The current state of the selected Virtual Link. One of: – Down — This is the initial interface state. In this state, the lower-level protocols have indicated that the interface is unusable.
4. Click Create. The new link is created, and you are returned to the Virtual Link Configuration page. Configuring a Virtual Link 1. Open the OSPFv3 Virtual Link Configuration page. 2. Select the virtual link to configure. 3. Modify the remaining fields as needed. 4. Click Apply Changes. 5. The virtual link is configured for OSPFv3, and the device is updated.
Figure 10-28. OSPFv3 Virtual Link Summary The OSPFv3 Virtual Link Summary page displays the following fields: • Area ID — The Area ID portion of the virtual link identification for which data is to be displayed. The Area ID and Neighbor Router ID together define a virtual link. • Neighbor Router ID — The neighbor portion of the virtual link identification. Virtual links may be configured between any pair of area border routers having interfaces to a common (non-backbone) area.
• Interface Delay Interval (secs) — The OSPF Transit Delay for the virtual link in units of seconds. It specifies the estimated number of seconds it takes to transmit a link state update packet over this interface. Displaying OSPFv3 Virtual Link Summary Using CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • OSPFv3 Commands The following table summarizes the equivalent CLI commands for this feature. Table 10-23.
• Tag — Sets the tag field in routes redistributed. This field displays the tag if the source was preconfigured, otherwise 0 is displayed. Valid values are 0 to 4294967295. • Redistribute — Enables or disables the redistribution for the selected source protocol. This field has to be enabled in order to be able to configure any of the route redistribution attributes. Configuring OSPFv3 Route Redistribution 1. Open the OSPFv3 Route Redistribution Configuration page. 2.
Figure 10-30. OSPFv3 Route Redistribution Summary The OSPFv3 Route Redistribution Summary page displays the following fields: 670 • Source — The Source Route to be Redistributed by OSPF. • Redistribute — Specify whether to allow the routes learned through this protocol to be redistributed. • Metric — The Metric of redistributed routes for the given Source Route. Displays nothing when not configured. • Metric Type — The OSPF metric type of redistributed routes.
Displaying OSPFv3 Route Redistribution Summary Using CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • OSPFv3 Commands The following table summarizes the equivalent CLI commands for this feature. Table 10-25. OSPFv3 Route Redistribution Summary Command CLI Command Description show ipv6 ospf Displays OSPFv3 route redistribution summary data.
Figure 10-31. NSF OSPFv3 Summary • Support Mode — Enables or disables OSPFv3 to perform graceful restarts. The following options are available: – Planned— OSPFv3 will perform a graceful restart for planned restarts. A planned restart is a failover initiated by the administrator (see "Enabling and Disabling NSF" on page 258). – Always— OSPFv3 will perform a graceful restart for all planned and unplanned warm restart events. – Disable—OSPFv3 will not perform graceful restarts.
Click Refresh to redisplay the page with the latest values from the switch. Enabling the NSF OSPFv3 Graceful Restart Using CLI Commands For information about the CLI command that performs this function, see the following chapter in the CLI Reference Guide: • OSPFv3 Commands The following table summarizes the equivalent CLI commands for this feature. Table 10-26. NSF OSPFv3 Graceful Restart Command CLI Command Description nsf Enables non-stop forwarding.
IPv6 Routes The IPv6 Routes menu page contains links to web pages that define and display IPv6 Routes parameters and data. To display this page, click IPv6 →IPv6 Routes in the tree view. Following are the web pages accessible from this menu page: • IPv6 Route Entry Configuration • IPv6 Route Table • IPv6 Route Preferences • Configured IPv6 Routes IPv6 Route Entry Configuration Use the IPv6 Route Entry Configuration page to configure information for IPv6 routes.
2. Modify the fields as needed. 3. Click Apply Changes. The route entry is configured for IPv6, and the device is updated. Configuring Route Entry the CLI Command For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • IPv6 Routing Commands The following table summarizes the equivalent CLI commands for this feature. Table 10-27.
Figure 10-33. IPv6 Route Table The IPv6 Route Table page displays the following fields: • Routes Displayed — Select to view either the Configured Routes, Best Routes, or All Routes from the drop-down menu. • Number of Routes — Displays the total number of active routes/best routes in the route table for the type of route selected. • IPv6 Prefix/Prefix Length — Displays the Network Prefix and Prefix Length for the Active Route. • Protocol — Displays the Type of Protocol for the Active Route.
Displaying the IPv6 Route Table Using CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • IPv6 Routing Commands The following table summarizes the equivalent CLI commands for this feature. Table 10-28. IPv6 Route Table Command CLI Command Description show ipv6 route Displays the IPv6 routing table. show ipv6 route summary Displays a summary of the routing table.
• OSPF Intra — The OSPF intra route preference value in the router. The default value is 110. • OSPF Inter — The OSPF inter route preference value in the router. The default value is 110. • OSPF External — The OSPF External route preference value in the router (OSPF Type-1 and OSPF Type-2 routes). The default value is 110. Configuring IPv6 Route Preferences 1. Open the IPv6 Route Preferences page. 2. Configure the default preference for each protocol. 3. Click Apply Changes.
Figure 10-35. Configured IPv6 Routes The Configured IPv6 Routes page contains the following fields: • Routes Displayed — Select to view either the Configured Routes, Best Routes or All Routes. When the Configured Routes option is selected, the following fields appear: • IPv6 Prefix/Prefix Length — Displays the Network Prefix and Prefix Length for the Configured Route. • Next Hop IP — Displays the Next Hop IPv6 Address for the Configured Route.
Displaying IPv6 Routes 1. Open the Configured IPv6 Routes page. 2. Select the routes to view from the Routes Displayed drop-down menu. The selected routes and their configurations display. Displaying Configured IPv6 Routes Using CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • IPv6 Routing Commands The following table summarizes the equivalent CLI commands for this feature. Table 10-30.
11 Configuring Quality of Service Overview The Quality of Service menu page contains links to the following pages: • Differentiated Services • Class of Service • Auto VoIP In a typical switch, each physical port consists of one or more queues for transmitting packets on the attached network. Multiple queues per port are often provided to give preference to certain packets over others based on user-defined criteria.
Differentiated Services DiffServ Overview The QoS feature contains Differentiated Services (DiffServ) support that allows traffic to be classified into streams and given certain QoS treatment in accordance with defined per-hop behaviors. Standard IP-based networks are designed to provide “best effort” data delivery service. “Best effort” service implies that the network delivers the data in a timely fashion, although there is no guarantee that it will.
Diffserv Configuration Use the Diffserv Configuration page to display DiffServ General Status Group information, which includes the current administrative mode setting as well as the current and maximum number of rows in each of the main DiffServ private MIB tables. To display the page, click Quality of Service →Differentiated Services →Diffserv Configuration in the tree view. Figure 11-1.
Changing Diffserv Admin Mode 1. Open the Diffserv Configuration page. 2. Turn Diffserv Admin Mode on or off by selecting Enable or Disable from the drop-down menu. 3. Click Apply Changes. The Diffserv Admin Mode is changed, and the device is updated. Displaying MIB Tables Using CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • QoS Commands The following table summarizes the equivalent CLI commands for this feature.
Figure 11-2. Diffserv Class Configuration The Diffserv Class Configuration page contains the following fields: • Class Name — Selects a class name to rename or delete. Click Add to set up a new class name. • Rename — Renames the class displayed when the box is checked and a new name is entered. • Class Type — Lists the class types. Currently the hardware supports only the Class Type value All. – • All — All the various match criteria defined for the class should be satisfied for a packet match.
Figure 11-3. Add DiffServ Class Enter a name for the class and select the protocol to use for class match criteria. 3. Click Apply Changes. The new class is added and the device is updated. Adding a Class Configuration Using CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • QoS Commands The following table summarizes the equivalent CLI commands for this feature. Table 11-2.
Figure 11-4. Diffserv Class Criteria IPv4 The Diffserv Class Criteria page contains the following fields: • Class Name — Selects the class name for which you are specifying criteria. • Class Type — Displays the class type. The only configurable class type supported is All. Match Attributes (IPv4) Use the following fields to match IPv4 packets to a class. Click the check box for each field to be used as a criterion for a class, and enter data in the related field.
• Subnet Mask — The subnet mask of the destination IP address. This field is required when Destination IP Address is checked. • Source L4 Port— Requires a packet’s TCP/UDP source port to match the port listed here. Select one of the following options: • • • 688 – Select From List — Click to select from a list of well known source ports to which packets are matched. – Match to Port — Click to add a user-defined Port ID to which packets are matched. Range is 065535.
• Reference Class — Selects a class to start referencing for criteria. Select the Add Diffserv Class check box, then select a previously configured Diffserv class from the related drop-down menu. Figure 11-5. Diffserv Class Criteria IPv6 Match Attributes (IPv6) Use the following fields to match IPv6 packets to a class. For other fields not listed here, see the description in "Match Attributes (IPv4)" on page 687.
Service Type Criteria Click to select one of the following three Match fields to use in matching packets to class criteria: • IP DSCP — Matches the packet’s DSCP to the class criteria’s when selected. Either select the DSCP type from the drop-down menu or enter a DSCP value to match. Valid range is 0-63. • Match Every — Requires a packet to match every criterion when Match Every is checked.
Policy Configuration Use the Diffserv Policy Configuration page to associate a collection of classes with one or more policy statements. To display the page, click Quality of Service →Differentiated Services →Policy Configuration in the tree view. Figure 11-6. Diffserv Policy Configuration The Diffserv Policy Configuration page contains the following fields: • Policy Name — Selects the policy name to be associated with the class(es).
Use Add a Class to associate a class with this policy. Use Remove a Class to remove the class from this policy. 4. Select the class to be affected from the relevant drop-down menu. 5. Click Apply Changes. The modified policy is saved, and the device is updated. Renaming a Policy 1. Open the Diffserv Policy Configuration page. 2. Select the Policy Name to be renamed. 3. Rename policy by checking Rename Policy and entering the new name in the adjacent field.
Figure 11-8. Diffserv Policy Summary Removing a Policy Configuration 1. Open the Diffserv Policy Configuration page. 2. Select the policy name to be deleted from the Policy Name drop-down menu. 3. Check the Remove check box. 4. Click Apply Changes. The associated policy configuration is removed, and the device is updated.
Policy Class Definition Use the Diffserv Policy Class Definition page to associate a class to a policy, and to define attributes for that policy-class instance. To display the page, click Quality of Service →Differentiated Services →Policy Class Definition in the tree view. Figure 11-9. Diffserv Policy Class Definition The Diffserv Policy Class Definition page contains the following fields: 694 • Policy Name — Selects the policy to associate with a member class from a drop-down menu.
– Policing: Allows you to configure how policing is performed, as well as configure what happens to packets that are considered conforming and non-conforming. For more information on the fields that display when Policing is selected, see "Policing Traffic Condition." • Redirect Interface — Displays whether Redirect Interface applies to this policy-class, and specifies the interface or LAG used.
You have the option of marking one of the following fields in the packet: • IP DSCP — Selects the IP DSCP to mark. Select from the drop down menu or enter directly in the User Value field. • IP Precedence — Selects the specified IP Precedence queue number to mark. • Class of Service — Selects the specified Class of Service queue number to mark. Configuring Packet Marking for a Policy Class Instance 1.
• Color Mode — Selects the type of color policing used. Choose Color Blind or Color Aware from the drop-down menu. • Conform Action Selector — Selects what happens to packets that are considered conforming (below the police rate). Options are Send, Drop, Mark CoS, Mark IP DSCP, Mark IP Precedence. • Violate Action — Selects what happens to packets that are considered non-conforming (above the police rate). Options are Send, Drop, Mark CoS, Mark IP DSCP, Mark IP Precedence.
Table 11-5. 698 Policy Class Configuration Commands CLI Command Description assign-queue Modifies the queue ID to which the associated traffic stream is assigned. conform-color Specifies for each outcome, the only possible actions are drop, set-costransmit, set-sec-cos-transmit, setdscp-transmit, set-prec-transmit, or transmit drop Use the drop policy-class-map configuration command to specify that all packets for the associated traffic stream are to be dropped at ingress.
Table 11-5. Policy Class Configuration Commands (continued) CLI Command Description match protocol Adds to the specified class definition a match condition based on the value of the IP Protocol field in a packet using a single keyword notation or a numeric value notation. match source-address mac Adds to the specified class definition a match condition based on the source MAC address of the packet.
Service Configuration Use the Diffserv Service Configuration page to activate a policy on a port. To display the page, click Quality of Service →Differentiated Services →Service Configuration in the tree view. Figure 11-13. Diffserv Service Configuration The Diffserv Service Configuration page contains the following fields: • Interface — Selects the interface (Unit/Port, LAG, or All) to be affected from drop-down menus.
Figure 11-14. Diffserv Service Summary Assigning a Policy to a Port Using CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • QoS Commands The following table summarizes the equivalent CLI commands for this feature. Table 11-6. Service Configuration Command CLI Command Description service-policy Attaches a policy to an interface in a particular direction.
Figure 11-15. Diffserv Service Detailed Statistics The Diffserv Service Detailed Statistics page contains the following fields: • Counter Mode Selector — Type of statistics to display. Packets is the only available type. • Interface — Selects the Unit and Port or LAG for which service statistics are to display. • Direction — Selects the direction of packets for which service statistics are to display. • Policy Name — Displays the policy associated with the selected interface.
Table 11-7. DiffServ Statistics Commands CLI Command Description show diffserv service brief Displays all interfaces in the system to which a DiffServ policy has been attached. Class of Service The Class of Service (CoS) queueing feature lets you directly configure certain aspects of switch queueing. This provides the desired QoS behavior for different types of network traffic when the complexities of DiffServ are not required.
The Trust Mode selected on the Mapping Table Configuration page affects how the page displays and the fields accessible from the page. There are three trust modes available from here: • Untrusted (None) • CoS(802.1P) • IP DSCP CoS(802.1P) is the default mode, so this is the page that displays when Mapping Table Configuration is selected from the Class of Service menu page. Figure 11-16. Mapping Table Configuration — CoS (802.1P) CoS (802.1P) Trust Mode The CoS (802.
• Class of Service — Lists each class of service on a separate line, so a separate queue can be assigned to each class of service. • Queue — Selects a queue for each Class of Service from the drop-down menu. Default queues are displayed initially. • Restore Defaults — Restores default queue values when checked and Apply Changes is clicked. Configuring CoS (802.1P) Trust Mode 1. Open the Mapping Table Configuration page. 2.
Figure 11-17. DSCP Queue Mapping Table The DSCP Queue Mapping Table page contains the following fields: • DSCP In — Check to select as a criterion, and enter which DiffServ Code Point in the packet to use. This field determines to which queue the packet is sent. • Queue ID — Selects the queue to which the packet is sent. Restoring Queue Defaults 1. Open the DSCP Queue Mapping Table page. 2. Click the Restore Defaults check box. 3. Click Apply Changes.
The following table summarizes the equivalent CLI commands for this feature. Table 11-8. Mapping Table Configuration Commands CLI Command Description classofservice dotlp-mapping Maps an 802.1p priority to an internal traffic class for a switch. classofservice ip-dscp-mapping Maps an IP DSCP value to an internal traffic class. classofservice trust Sets the class of service trust mode of an interface. show classofservice dotlp-mapping Displays the current Dot1p (802.
• Interface Shaping Rate — Sets the cap on how much traffic can leave a port. The specified value represents the maximum negotiated bandwidth in kilobit per second (Kbps). The range is 0 - Infinity or 64 to 4294967295 kbps. • Restore to Defaults — Restores the default interface shaping rate to the selected interfaces when checked. Defining Interface Configuration 1. Open the Interface Configuration page. 2.
To display the Interface Queue Configuration page, click Quality of Service →Class of Service → Interface Queue Configuration in the tree view. Figure 11-19. Interface Queue Configuration The Interface Queue Configuration page contains the following fields: • Interface — Specifies the Interface (Unit/Port, LAG, or Global) that’s being configured. • Queue ID — Selects the queue to be configured from the drop-down menu.
The queue is configured, and the device is updated. Displaying Interface Queue Settings 1. Open the Interface Queue Configuration page. 2. Click Show All. The Interface Queue Status page displays. 3. Select Unit / Port, LAG, or Global. Figure 11-20.
Auto VoIP Voice over Internet Protocol (VoIP) allows you to make telephone calls using a computer network over a data network like the Internet. With the increased prominence of delay-sensitive applications (voice, video, and other multimedia applications) deployed in networks today, proper QoS configuration will ensure high-quality application performance.
The Auto VoIP Configuration page contains the following fields: • Auto VoIP Mode — Enables or Disables Auto VoIP mode. The default is Disable. • Traffic Class — Displays the traffic class used for VoIP traffic. Configuring Auto VoIP Using CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • QoS Commands The following table summarizes the equivalent CLI commands for this feature. Table 11-11.
Viewing the Auto VoIP Summary Table 1. Open the Auto VoIP Interface Configuration page. 2. Click Show All. The Auto VoIP Summary page opens. Figure 11-23. Auto VoIP Summary Configuring Auto VoIP Interfaces Using CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • QoS Commands The following table summarizes the equivalent CLI commands for this feature. Table 11-12.
Configuring Quality of Service
12 Configuring IP Multicast Overview This chapter describes how to configure IPv4 and IPv6 multicast features on the PowerConnect 6200 Series. To display the IPv4 Multicast menu page, click IPv4 Multicast in the tree view. The IPv4 Multicast menu page contains links to the following features: • Multicast • Distance Vector Multicast Routing Protocol • Internet Group Management Protocol • Protocol Independent Multicast To display the IPv6 Multicast menu page, click IPv6 Multicast in the tree view.
Multicast The IPv4 Multicast menu page contains links to web pages that define and display Multicast parameters and data. To display this page, click IPv4 Multicast →Multicast in the tree view.
The Multicast Global Configuration page contains the following fields: • Admin Mode — Select Enable or Disable to set the administrative status of Multicast Forwarding in the router. The default is Disable. • Protocol State — The operational state of the multicast forwarding module. • Table Maximum Entry Count — The maximum number of entries in the IP Multicast routing table. • Protocol — The multicast routing protocol presently activated on the router, if any.
Table 12-1. 718 Multicast Global Commands (continued) CLI Command Description ip pimsm spt-threshold Configures the Data Threshold rate for the last hop router to switch to the shortest path. ip pimsm ssm Defines the Source Specific Multicast (SSM) range of IP multicast addresses. show ip mcast Displays the system-wide multicast information. show ip mcast boundary Displays all the configured administrative scoped multicast boundaries.
Multicast Interface Configuration Use the Multicast Interface Configuration page to configure the TTL threshold of a multicast interface. You must configure at least one router interface before fields display on this page. To display the page, click IPv4 Multicast →Multicast →Interface Configuration in the tree view. Figure 12-2.
Table 12-2. Multicast Interface Configuration Commands CLI Command Description ip multicast ttl-threshold Applies a ttlvalue to a routing interface. show ip mcast interface Displays the multicast information for the specified interface. Multicast Route Table Use the Multicast Route Table page is used to display MRoute data. To display the page, click IPv4 Multicast →Multicast →Multicast Route Table or IPv6 Multicast → Multicast →Multicast Route Table. Figure 12-3.
• Outgoing Interfaces — The list of outgoing interfaces on which multicast packets for this source/group are forwarded. • Up Time — The time in hours:minutes:seconds since the entry was created. • Expiry Time — The time in hours:minutes:seconds before this entry ages out and is removed from the table. • RPF Neighbor — The IP address of the Reverse Path Forwarding neighbor. • ProtocolFlags — The multicast routing protocol which created this entry.
Figure 12-4. Multicast Admin Boundary Configuration The Multicast Admin Boundary Configuration page contains the following fields: • Interface — Select the router interface for which the administratively scoped boundary is to be configured. • Group IP — Enter the multicast group address for the start of the range of addresses to be excluded. The address must be in the range of 239.0.0.0 through 239.255.255.255. • Group Mask — Enter the mask to be applied to the multicast group address.
Multicast Admin Boundary Summary Use the Multicast Admin Boundary Summary page to display existing administratively scoped boundaries. To display the page, click IPv4 Multicast →Multicast →Admin Boundary Summary in the tree view. Figure 12-5. Multicast Admin Boundary Summary The Multicast Admin Boundary Summary page displays the following fields: • Interface — The router interface to which the administratively scoped address range is applied.
To display the page, click IPv4 Multicast →Multicast →Static MRoute Configuration in the tree view. Figure 12-6. Multicast Static Routes Configuration The Multicast Static MRoute Configuration page contains the following fields: • Source IP — Enter the IP Address that identifies the multicast packet source for the entry you are creating. • Source Mask — Enter the subnet mask to be applied to the Source IP address. • RPF Next Hop— Enter the IP address of the neighbor router on the path to the source.
Table 12-6. Multicast Static Route Configuration Commands CLI Command Description ip mroute Creates a static multicast route for a source range. Multicast Static MRoute Summary Use the Multicast Static Routes Summary page to display static routes and their configurations. To display the page, click IPv4 Multicast →Multicast →Static MRoute Summary in the tree view. Figure 12-7.
Table 12-7. 726 Multicast Static Route Summary Command CLI Command Description show ip mcast mroute static Displays all the static routes configured in the static mcast table.
Distance Vector Multicast Routing Protocol Distance Vector Multicast Routing Protocol (DVMRP) exchanges probe packets with all its DVMRP enabled routers, it establishes two way neighboring relationships, and it builds a neighbor table. It exchanges report packets and creates a unicast topology table, with which it builds the multicast routing table. This table is used to route the multicast packets. Since every DVMRP router uses the same unicast routing protocol, routing loops are avoided.
• Total Number of Routes — The number of routes in the DVMRP routing table. • Reachable Routes — The number of routes in the DVMRP routing table that have a non-infinite metric. Setting the DVMRP Admin Mode 1. Open the DVMRP Global Configuration page. 2. Set Admin Mode to Enable or Disable, to turn DVMRP on or off. 3. Click Apply Changes. The DVMRP configuration is saved, and the device is updated.
Figure 12-9. DVMRP Interface Configuration The DVMRP Interface Configuration page contains the following fields: • Interface — Select the interface for which data is to be configured. You must configure at least one router interface before you configure a DVMRP interface. • Interface Mode — Select Enable or Disable from the drop-down menu to set the administrative mode of the selected DVMRP routing interface. • Interface Metric — Enter the DVMRP metric for the selected interface.
DVMRP Configuration Summary Use the DVMRP Configuration Summary page to display or print the DVMRP configuration and data for a selected interface. You must configure at least one router interface before you can display data for a DVMRP interface. Otherwise you see a message telling you that no router interfaces are available, and the configuration summary screen is not displayed. To display the page, click IPv4 Multicast →DVMRP →Configuration Summary in the tree view. Figure 12-10.
• Protocol State — Displays the operational state of the DVMRP protocol on the selected interface, either Operational or Non-operational. • Local Address — Displays the IP address used as a source address in packets sent from the selected interface. • Interface Metric — Displays the metric used to calculate distance vectors for the selected interface. Interface Statistics • Generation ID — Displays the DVMRP generation ID used by the router for the selected interface.
The following table summarizes the equivalent CLI commands for this feature. Table 12-10. DVMRP Configuration Summary Commands CLI Command Description show ip dvmrp interface Displays the interface information for DVMRP on the specified interface. show ip dvmrp neighbor Displays the neighbor information for DVMRP. Next Hop Summary Use the Next Hop Summary page to display or print the next hop summary by Source IP. To display the page, click IPv4 Multicast →DVMRP →Next Hop Summary in the tree view.
Displaying the Next Hop Summary Using CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • DVMRP Commands The following table summarizes the equivalent CLI commands for this feature. Table 12-11. DVMRP Next Hop Command CLI Command Description show ip dvmrp nexthop Displays the next hop information on outgoing interfaces for routing multicast datagrams.
• Source Mask — The subnet mask to be combined with the source IP address to identify the source or source network which has been pruned. • Expiry Time (secs) — The amount of time remaining before this prune should expire at the upstream neighbor. If no prune messages have been received from downstream neighbors, this is set to value of the default prune lifetime timer, otherwise it is set to the smallest received value or the default timer, whichever is less.
• Source Address - The network address that is combined with the source mask to identify the sources for this entry. • Source Mask — The subnet mask to be combined with the source address to identify the sources for this entry. • Upstream Neighbor — The address of the upstream neighbor (for example, RPF neighbor) from which IP datagrams from these sources are received. • Interface — The interface on which IP datagrams sent by these sources are received.
Internet Group Management Protocol The Internet Group Management Protocol (IGMP) is used by IPv4 systems (hosts and routers) to report their IP multicast group memberships to any neighboring multicast routers. The PowerConnect 6200 Series performs the multicast router role of the IGMP protocol, which means it collects the membership information needed by the active multicast routing. The currently supported multicast routing protocols in the PowerConnect 6200 Series are DVMRP, PIM-DM, and PIM-SM.
2. Set Admin Mode to Enable or Disable, to turn IGMP on or off. 3. Click Apply Changes. The IGMP configuration is saved, and the device is updated. Setting IGMP Mode Using CLI Commands For information about the CLI commands that perform this function, see the following chapter in the CLI Reference Guide: • IGMP Commands The following table summarizes the equivalent CLI commands for this feature. Table 12-14.
Figure 12-15. IGMP Interface Configuration The IGMP Interface Configuration page contains the following fields: 738 • Interface — Select the interface for which data is to be displayed or configured from the drop-down menu. • Interface Mode — Select Enable or Disable from the drop-down menu to set the administrative status of IGMP on the selected interface. The default is Disable. • Version — Enter the version of IGMP you want to configure on the selected interface.
• Last Member Query Interval (1/10 of a second) — Enter the last member query interval in tenths of a second. This is the maximum response time to be inserted into group-specific queries sent in response to leave group messages, and is also the amount of time between group-specific query messages. Valid values are from 0 to 255. The default value is 10. This value is not used for IGMP version 1. • Last Member Query Count — Enter the number of queries to be sent on receiving a leave group report.
IGMP Configuration Summary Use the IGMP Configuration Summary page to display IGMP routing parameters and data. You must configure at least one IGMP router interface to access this page. To display the page, click IPv4 Multicast →IGMP →Routing Interface →Configuration Summary in the tree view. Figure 12-16. IGMP Configuration Summary The IGMP Configuration Summary page displays the following fields: • Interface — Select the interface for which data is to be displayed.
• Query Interval (secs) — The frequency at which IGMP host-query packets are transmitted on the selected interface. • Query Max Response Time (1/10 of a second) — The maximum query response time advertised in IGMPv2 queries sent from the selected interface. • Robustness — The robustness parameter for the selected interface. This variable allows tuning for the expected packet loss on a subnet. If a subnet is expected to be lossy, the robustness variable may be increased.
Table 12-16. IGMP Configuration Summary Command CLI Command Description show ip igmp interface Displays the IGMP information for the specified interface. IGMP Cache Information Use the IGMP Cache Information page to display cache parameters and data for an IP multicast group address. You must configure at least one IGMP router interface to access this page. Also, group membership reports must have been received on the selected interface for data to display here.
• Version 1 Host Timer — The time remaining until the local router assumes that there are no longer any IGMP version 1 members on the IP subnet attached to this interface. When an IGMPv1 membership report is received, this timer is reset to the group membership timer. While this timer is non-zero, the local router ignores any IGMPv2 leave messages for this group that it receives on the selected interface. This field is displayed only if the interface is configured for IGMP version 1.
Figure 12-18. IGMP Interface The IGMP Interface page displays the following fields: • Multicast Group IP — Select the IP multicast group address for which data is to be displayed. If no group membership reports have been received on the selected interface, you cannot make this selection, and none of the remaining fields are displayed. • Interface — The interface on which multicast packets are forwarded.
Displaying IGMP Interface Detailed Membership Using CLI Commands For information about the CLI command that performs this function, see the following chapter in the CLI Reference Guide: • IGMP Commands The following table summarizes the equivalent CLI commands for this feature. Table 12-18. IGMP Interface Detailed Membership Command CLI Command Description show ip igmp interface membership Displays the list of interfaces that have registered in the multicast group.
Figure 12-19. IGMP Proxy Interface Configuration The IGMP Proxy Interface Configuration page contains the following fields: • Interface — Select the port for which data is to be displayed or configured from the drop-down menu. You must have configured at least one router interface before configuring or displaying data for an IGMP Proxy interface and it should not be a IGMP routing interface. This field is configurable only when interface mode is disabled.
Table 12-19. IGMP Proxy Global Commands CLI Command Description ip igmp-proxy Enables the IGMP Proxy on the router. ip igmp-proxy unsolicited-report-interval Sets the unsolicited report interval for the IGMP Proxy router. IGMP Proxy Configuration Summary Use the IGMP Proxy Configuration Summary page to display proxy interface configurations by interface. You must have configured at least one router interface configured before data displays on this page.
Figure 12-20. IGMP Proxy Configuration Summary The IGMP Proxy Configuration Summary page displays the following fields: 748 • Interface — Displays the interface on which IGMP proxy is enabled. There can be only one IGMP Proxy interface. • IP Address — The IP address of the IGMP Proxy interface. • Subnet Mask — The subnet mask for the IP address of the IGMP Proxy interface. • Admin Mode — The administrative status of IGMP Proxy on the selected interface.
• Number of Groups — The current number of multicast group entries for the IGMP Proxy interface in the cache table. • Version — The version of IGMP configured on the IGMP Proxy interface. • Unsolicited Report Interval — The Unsolicited Report Interval is the time between repetitions of a host's initial report of membership in a group. Default: 1 second. • Version 1 Querier Timeout — The older IGMP version 1 querier timeout value in seconds.
Figure 12-21. IGMP Proxy Interface Membership Info The IGMP Proxy Interface Membership Info page displays the following fields: • Interface — Displays the interface on which IGMP proxy is enabled. • Multicast Group IP — Select the IP multicast group address for which data is to be displayed. If no group membership reports have been received on the selected interface you cannot make this selection, and none of the following data displays.
Table 12-21. IGMP Proxy Interface Membership Command CLI Command Description show ip igmp-proxy Displays a summary of the host interface status parameters. show ip igmp-proxy groups Displays a table of information about multicast groups that IGMP Proxy reported. IGMP Proxy Interface Membership Info Detailed Use the IGMP Proxy Interface Membership Info Detailed page to display detailed interface membership data.
• Up Time (secs) — Displays the up time since the entry was created in the cache table. • State — The state of the host entry. A host can be in one of the following states: • – Non-member State — Does not belong to the group on the interface. – Delaying Member State — Host belongs to the group on the interface and report timer is running. The report timer is used to send out the reports. – Idle Member State — Host belongs to the group on the interface and no report timer is running.
Multicast Listener Discovery Multicast Listener Discovery (MLD) protocol enables IPv6 routers to discover the presence of multicast listeners, the nodes who wish to receive the multicast data packets, on its directly-attached interfaces. The protocol specifically discovers which multicast addresses are of interest to its neighboring nodes and provides this information to the active multicast routing protocol that makes decisions on the flow of multicast data packets.
Configuring MLD Global Settings Using CLI Commands For information about the CLI command that performs this function, see the following chapter in the CLI Reference Guide: • IPv6 Routing Commands The following table summarizes the equivalent CLI commands for this feature. Table 12-23. IPv6 MLD Global Commands CLI Command Description ipv6 mld router Enables MLD in the router in global configuration mode and for a specific interface in interface configuration mode.
• Query Interval — Specify the number of seconds between MLD general queries. Valid values are 1 to 3600. The default value is 125. • Query Max Response Time (secs) — Enter the maximum query response time to be advertised in MLDv2 queries on this interface, in ms. The default value is 10000. Valid values are 0 to 65535 milliseconds (ms). • Last Member Query Interval — Enter the maximum response time inserted into group-specific queries sent in response to leave group messages.
Figure 12-25. MLD Routing Interface Summary The MLD Routing Interface Summary page contains the following fields: • Interface — Select the VLAN for which data is to be displayed. Interface Parameters 756 • Global Admin Mode — Displays whether MLD has been globally enabled or disabled. • Interface Mode — Displays whether the administrative status of MLD on the selected interface is enabled or disabled.
• Robustness — Displays the robustness parameter for the selected interface. This value allows tuning for the expected packet loss on a subnet. If a subnet is expected to be lossy, increase the robustness variable. MLD is robust to (robustness variable - 1) packet losses. • Startup Query Interval — Displays the interval in seconds at which startup queries are sent on the selected interface. • Startup Query Count — Displays the number of queries to be sent upon startup.
The following table summarizes the equivalent CLI commands for this feature. Table 12-25. IPv6 MLD Interface Summary Commands CLI Command Description show ipv6 mld interface Displays MLD related information for an interface. MLD Routing Interface Cache Information The MLD Routing Interface Cache Information page displays cache parameters and data for an IP multicast group address that has been reported to operational MLD routing interfaces.
• Expiry Time — The cache timer value which indicates the remaining lifetime in hours:minutes:seconds for each entry. • Version1 Host Timer — The time in hours:minutes:seconds remaining until the local router assumes that there are no longer any MLD version 1 members on the IP subnet attached to this interface. When an MLDv1 membership report is received, this timer is reset to the group membership timer.
Figure 12-27. MLD Routing Interface Source List Information The MLD Routing Interface Source List Information page contains the following fields: • Multicast Group IP — Select the IP multicast group address for which data is to be displayed. Only if group membership reports have been received on the selected interface can you make this selection, and the data on this page displays. • Interface — Select the MLD routing interface for which data is displayed.
Figure 12-28. MLD Traffic The MLD Traffic page contains the following fields: • Valid MLD Packets Received — The total number of valid MLD packets received by the router. • Valid MLD Packets Sent — The total number of valid MLD packets sent from the router • Querier Received — The total number of MLD packets sent as the MLD querier. • Querier Sent — The total number of MLD packets sent as the MLD querier. • Reports Received — The total number of MLD reports received.
MLD Proxy Configuration When you configure an interface in MLD proxy mode, it acts as a proxy multicast host that sends MLD membership reports on one interface for MLD Membership reports received on all other MLD-enabled router interfaces. Use the MLD Proxy Interface Configuration page to enable and disable ports as MLD proxy interfaces. To display this page, click IPv6 Multicast →MLD →Proxy Interface →Interface Configuration in the navigation tree. Figure 12-29.
Table 12-28. IPv6 MLD Proxy Global Commands CLI Command Description ipv6 mld-proxy Enables MLD Proxy on the router. ipv6 mld-proxy reset-status Resets the host interface status parameters of the MLD Proxy router. ipv6 mld-proxy unsolicit-rprt-interval Sets the unsolicited report interval for the MLD Proxy router. MLD Proxy Configuration Summary Use the MLD Proxy Configuration Summary page to view configuration and statistics on MLD proxyenabled interfaces.
• Interface — Select the interface on which MLD proxy is enabled and for which data is to be displayed. • IPv6 Address — The IPv6 address of the MLD Proxy interface. • Prefix Length — Displays the prefix length for the IPv6 address of the MLD Proxy interface. • Admin Mode — The administrative status of MLD Proxy on the selected interface. • Operational Mode — The operational state of MLD Proxy interface.
Figure 12-31. Interface Membership Information The Interface Membership Information page contains the following fields: • Interface — Displays the interface on which MLD proxy is enabled. • Multicast Group IP — Select the IP multicast group address for which data is to be displayed. If no group membership reports have been received on the selected interface you will not be able to make this selection, and none of the non-configurable data will be displayed.
Table 12-30. IPv6 MLD Membership Information Command CLI Command Description show ipv6 mld-proxy groups Displays information about multicast groups that the MLD Proxy reported. Interface Membership Information—Detailed The Interface Membership Information—Detailed page provides additional information on the IP multicast groups for which the MLD proxy interface has received membership reports.
The following table summarizes the equivalent CLI commands for this feature. Table 12-31. IPv6 MLD Membership Detailed Information Command CLI Command Description show ipv6 mld-proxy groups detail Displays information about multicast groups that MLD Proxy reported. Protocol Independent Multicast Protocol Independent Multicast-Dense Mode (PIM-DM) protocol is a simple, protocol-independent multicast routing protocol.
• PIM Global Configuration • PIM Global Status • PIM Interface Configuration • Interface Summary • Candidate RP Configuration • Static RP Configuration • SSM Range Configuration • BSR Candidate Configuration • BSR Candidate Summary PIM Global Configuration Use the PIM Global Configuration page to configure the administrative status of PIM-DM or PIM-SM on the switch.
• Register Threshold Rate — If PIM-SM is selected as the protocol, enter the minimum source data rate in K bits/second above which the Rendezvous Point router switches to a source-specific shortest path tree. The valid values are from 0 to 2000 K bits/sec. The default value is 0. This field is not available for PIM-DM.
• Admin Mode — Displays the administrative status of the selected PIM protocol on the system. • Data Threshold Rate — If PIM-SM is selected as the protocol, shows the minimum source data rate in Kbps above which the last-hop router switches to a source-specific shortest path tree. • Register Threshold Rate — If PIM-SM is selected as the protocol, shows the minimum source data rate in Kbps above which the Rendezvous Point router switches to a source-specific shortest path tree.
• Interface — Select the interface for which data is to be displayed or configured. You must have configured at least one router interface before configuring or displaying data for a PIM interface, otherwise an error message is displayed. • Admin Mode — Select Enable or Disable from the drop-down menu to set the administrative status of PIM for the selected interface. The default is Disable.
Interface Summary Use the PIM Interface Summary page to display a PIM interface and its settings. To display the page, click IPv4 Multicast →PIM →Interface Summary or IPv6 Multicast →PIM → Interface Summary in the tree view. Figure 12-36. PIM Interface Summary The PIM Interface Summary page contains the following fields: • Interface — Select the interface for which data is to be displayed.
• BSR Border — Specifies the BSR border mode on the PIM interface. This field is not supported for PIM-DM. • Designated Router — The designated router on the selected PIM interface. For point-to-point interfaces, this is 0.0.0.0. Interface Neighbors fields are: • Neighbor Count — The number of PIM neighbors on the selected interface. • Neighbor IP — The IP address of the PIM neighbor for which this entry contains information.
Figure 12-37. Candidate RP Configuration The Candidate RP Configuration page contains the following fields: • RP Interface — Displays the interface for which the Candidate RP data is to be displayed. Slot 0 is the base unit. • Group Address — Displays the group address transmitted in Candidate-RP-Advertisements.
Table 12-36. PIM Candidate RP Configuration Commands CLI Command Description ipv6 pimsm rp-candidate Configures the router to advertise itself as a PIM candidate rendezvous point (RP) to the bootstrap router (BSR). Adding a Candidate RP Use the Add Candidate RP page to add PIM Candidate rendezvous points (RPs) for each IP multicast group. 1. Open the Candidate RP Configuration page. 2. Click Add. The Add Candidate RP page displays. Figure 12-38. Add Candidate RP 3.
Figure 12-39. Static RP Configuration The Static RP Configuration page contains the following fields: • RP Address — Select the slot and port for which data is to be displayed. Slot 0 is the base unit. • Group Address — Specify the group address transmitted in Candidate-RP-Advertisements in Prefix/Length format. • Group Mask — (IPv4) The Group Mask of the RP to be created or deleted.
Figure 12-40. Add Static RP 3. Enter the IP address of the RP for the group range. 4. Enter the group address of the RP. 5. Enter the group mask of the RP. 6. Check the Override option to configure the static RP to override the dynamic (candidate) RPs learned for same group ranges. 7. Click Apply Changes. The new Static RP is added, and the device is updated.
Figure 12-41. SSM Range Configuration The SSM Range Configuration page contains the following fields: • SSM Group Address — Displays the Source-Specific Multicast (SSM) group IP address. • SSM Group Mask — (IPv4) Displays the SSM group ip-address mask. • SSM Prefix Length — (IPv6) Displays the source-specific multicast group Prefix Length. • Remove — Select this option and click Apply Changes to remove the specified SSM Group IP Addresses for the PIM router.
Figure 12-42. Add SSM Range 3. Click the Add Default SSM Range check box to add the default SSM Range. The default SSM Range is ff3x::/32. 4. Enter the SSM Group IP Address. 5. Enter the SSM Group Mask (IPv4) or SSM Prefix Length (IPv6). 6. Click Apply Changes. The new SSM Range is added, and the device is updated.
Figure 12-43. BSR Candidate Configuration The BSR Candidate Configuration page contains the following fields: • Interface — Select the interface for which data is to be displayed. • Hash Mask Length — The CBSR hash mask length to be advertised in bootstrap messages if this interface is elected as the bootstrap router. This hash mask length will be used in the hash algorithm for selecting the RP for a particular group. The valid values are from 0 to 128.The default value is 126.
Figure 12-44. BSR Candidate Summary The BSR Candidate Summary page contains the following fields: • BSR Address — Displays the IP address of the elected bootstrap router (BSR). • BSR Priority — Displays the priority value of the elected BSR. • BSR Hash Mask Length — Displays the mask length of the elected BSR. • BSR Expiry Time — Time (in hours, minutes, and seconds) in which the learned elected BootStrap Router (BSR) expires.
Configuring IP Multicast
13 Getting Help This section contains information about getting help for questions about the PowerConnect 6200 Series switches.
Obtaining Assistance If you experience a problem with your computer, you can complete the following steps to diagnose and troubleshoot the problem: 1. Fill out the "Diagnostics Checklist" on page 787. 2. Use Dell's extensive suite of online services available at Dell Support (support.dell.com) for help with installation and troubleshooting procedures. See "Online Services" on page 784 for a more extensive list of Dell Support online. 3.
• Dell Support e-mail addresses mobile_support@us.dell.com support@us.dell.com la-techsupport@dell.com (Latin America and Caribbean countries only) apsupport@dell.com (Asian/Pacific countries only) • Dell Marketing and Sales e-mail addresses apmarketing@dell.com (Asian/Pacific countries only) sales_canada@dell.com (Canada only) • Anonymous file transfer protocol (FTP) ftp.dell.com Log in as user: anonymous, and use your e-mail address as your password.
Product Information If you need information about additional products available from Dell, or if you would like to place an order, visit the Dell website at www.dell.com. For the telephone number to call for your region or to speak to a sales specialist, see "Contacting Dell" on page 788. Returning Items for Warranty Repair or Credit Prepare all items being returned, whether for repair or credit, as follows: 1.
Diagnostics Checklist Name: Date: Address: Phone number: Service Tag (bar code on the back or bottom of the computer): Express Service Code: Return Material Authorization Number (if provided by Dell support technician): Operating system and version: Devices: Expansion cards: Are you connected to a network? Yes No Network, version, and network adapter: Programs and versions: See your operating system documentation to determine the contents of the system’s start-up files.
Contacting Dell For customers in the United States, call 800-WWW.DELL (800.999.3355). NOTE: If you do not have an active Internet connection, you can find contact information on your purchase invoice, packing slip, bill, or Dell product catalog. Dell provides several online and telephone-based support and service options. Availability varies by country and product, and some services may not be available in your area. To contact Dell for sales, technical support, or customer service issues: 1.
