Extreme Networks EAS 100-24t Switch Software Manual Layer 2 Managed Gigabit Switch Release 1.00 Extreme Networks, Inc. 3585 Monroe Street Santa Clara, California 95051 (888) 257-3000 (408) 579-2800 http://www.extremenetworks.com Published: July 2011 Part number: 120707-00 Rev.
AccessAdapt, Alpine, Altitude, BlackDiamond, Direct Attach, EPICenter, ExtremeWorks Essentials, Ethernet Everywhere, Extreme Enabled, Extreme Ethernet Everywhere, Extreme Networks, Extreme Standby Router Protocol, Extreme Turbodrive, Extreme Velocity, ExtremeWare, ExtremeWorks, ExtremeXOS, Go Purple Extreme Solution, ExtremeXOS ScreenPlay, ReachNXT, Ridgeline, Sentriant, ServiceWatch, Summit, SummitStack, Triumph, Unified Access Architecture, Unified Access RF Manager, UniStack, XNV, the Extreme Networks lo
Table of Contents Preface Template Formats......................................................................................................................... 7 Intended Readers .....................................................................................................................................................7 Typographical Conventions ......................................................................................................................................
Table of Contents SNMP User Table ...........................................................................................................................................42 SNMP Community Table.................................................................................................................................43 SNMP Host Table ...........................................................................................................................................44 SNMP Engine ID ..........
Table of Contents DSCP Mapping.....................................................................................................................................................102 Chapter 5: Security.................................................................................................................................103 Trusted Host .........................................................................................................................................................
Table of Contents Authenticator State........................................................................................................................................176 Authenticator Statistics..................................................................................................................................178 Authenticator Session Statistics ....................................................................................................................
Preface Template Formats This manual describes the software installation and configuration of the EAS 100-24t. Intended Readers The Extreme Networks Software Installation Manual contains information for setup and management of the Switch. This manual is intended for network managers familiar with network management concepts and terminology. Typographical Conventions Convention Description [] In a command line, square brackets indicate an optional entry.
Preface Template Formats Notes, Cautions, and Warnings NOTE A NOTE indicates important information that helps make better use of the device. CAUTION A CAUTION indicates either potential damage to hardware or loss of data and tells how to avoid the problem. WARNING! A WARNING indicates a potential for property damage, personal injury, or death.
1 Web-based (GUI) Configuration CHAPTER Introduction All software functions of the Switch can be managed, configured and monitored via the embedded webbased (HTML) interface. The Switch can be managed from remote stations anywhere on the network through a standard browser such as Mozilla Firefox, Microsoft Internet Explorer. The browser acts as a universal access tool and can communicate directly with the Switch using the HTTP protocol.
Chapter 1: Web-based (GUI) Configuration Figure 1: Enter Network Password dialog The default User Name is admin and Password for this Switch is blank. Click OK. This will open the Web-based user interface. The Switch management features available in the web-based manager are explained below. Web-based User Interface The user interface provides access to various Switch configuration and management windows, allows you to view performance statistics, and permits you to graphically monitor the system status.
Web Pages Area 1 Select the folder or window to be displayed. The folder icons can be opened to display the hyperlinked window buttons and subfolders contained within them. Click the Extreme Networks logo to go to the Extreme Networks website. Area 2 Presents a graphical near real-time image of the front panel of the Switch. This area displays the Switch's ports and expansion modules, showing port activity, duplex mode, or speed, depending on the specified mode.
Chapter 1: Web-based (GUI) Configuration Below is a list and description of the main folders available in the Web interface: ● Configuration – Contains main windows concerning Device Information, System Information, Serial Port Settings, IP Address Settings, IPv6 Interface Settings, IPv6 Route Settings, IPv6 Neighbor Settings, Port Configuration, Static ARP Settings, User Accounts, System Log Configuration, MAC Address Aging Time, Web Settings, Telnet Settings, CLI Paging Settings, Firmware Information, S
Web Pages Extreme Networks EAS 100-24t Switch Software Manual 13
Chapter 1: Web-based (GUI) Configuration Extreme Networks EAS 100-24t Switch Software Manual 14
2 Configuration CHAPTER Device Information This window contains the main settings for all major functions on the Switch and appears automatically when you log on. To return to the Device Information window, click the EAS 100-24t folder. The Device Information window shows the Switch’s MAC Address (assigned by the factory and unchangeable), the Boot PROM Version, Firmware Version and other information about different settings on the Switch.
Chapter 2: Configuration System Information This window contains the System Information details. The user may enter a System Name, System Location and System Contact to aid in defining the Switch, to the user's preference. This window displays the MAC Address, and Firmware Version.
IP Address Settings In this window, the following parameters can be configured: Parameter Description Baud Rate This field specifies the baud rate for the serial port on the Switch. There are four possible baud rates to choose from, 9600, 19200, 38400 and 115200. The default setting is 9600. Auto Logout Select the logout time used for the console interface. This automatically logs the user out after an idle period of time as defined.
Chapter 2: Configuration NOTE The Switch's factory default IP address is 0.0.0.0 with a subnet mask of 255.0.0.0 and a default gateway of 0.0.0.0. To access the web configuration, the you must first configure an IP address for the Switch using the Console Connection. To use the BOOTP or DHCP protocols to assign the Switch an IP address, subnet mask, and default gateway address, select either BOOTP or DHCP.
IPv6 Address Settings Setting the Switch’s IP Address using the Console Interface Each Switch must be assigned its own IP Address, which is used for communication with an SNMP network manager or other TCP/IP application (for example BOOTP, TFTP). The Switch’s default IP address is 0.0.0.0. The default Switch IP address can be changed to meet the specification of your networking address scheme. The IP address for the Switch must be set before the Web-based manager can manage the switch.
Chapter 2: Configuration In this window, the following parameters can be configured: Parameter Description Interface Name The name of the IPv6 interface being displayed or modified. VLAN Name Display the VLAN name of the IPv6 interface. Admin. State Display the current administrator state. IPv6 Address Enter the IPv6 address of the interface to be modified. Automatic Link Local Address Toggle between Enabled and Disabled.
Port Configuration Folder To view the IPv6 Neighbor Settings, click Configuration > IPv6 Neighbor Settings: In this window, the following parameters can be configured: Parameter Description Interface Name Displays the interface name. This field is not user-configurable. To search for all the current interfaces on the Switch, go to the second Interface Name field in the middle part of the window, tick the All check box, and then click the Find button.
Chapter 2: Configuration To view the Port Settings window, click Configuration > Port Configuration > Port Settings: To configure switch ports, choose the port or sequential range of ports using the From Port and To Port pull-down menus. In this window, the following parameters can be configured: Parameter Description From Port/To Port Use the pull-down menus to select the port or range of ports to be configured. State Toggle this field to either enable or disable a given port or group of ports.
Port Configuration Folder Parameter Description Speed/Duplex Toggle the Speed/Duplex field to either select the speed and duplex/halfduplex state of the port. Auto denotes auto-negotiation between 10/100/1000 Mbps devices, in full-duplex or half-duplex. The Auto setting allows the port to automatically determine the fastest settings between the connected devices and to use those settings.
Chapter 2: Configuration To view the Port Description Settings window, click Configuration > Port Configuration > Port Description Settings: Use the From Port and To Port pull-down menus to choose a port or range of ports to describe, and then enter a description of the port(s). The Medium Type applies only to the Combo ports. If configuring the Combo ports this defines the type of transport medium used. SFP ports should be nominated Fiber and the Combo 1000BASE-T ports should be nominated Copper.
Port Configuration Folder Port Error Disabled The following window will display information about ports that have had their connection status disabled for reasons such as loopback detection or Traffic Control. To view this window, click Configuration > Port Configuration > Port Error Disabled: In this window, the following parameters can be configured: Parameter Description Port Displays the port that has been error disabled. Port State Describes the current running state of the port.
Chapter 2: Configuration In this window, the following parameters can be configured: Parameter Description Port Displays the port number to view the corresponding media type. Type Displays the medium type of the ports. Static ARP Settings The Address Resolution Protocol (ARP) is a TCP/IP protocol that converts IP addresses into physical addresses. This table allows network managers to view, define, modify and delete ARP information for specific devices. Static entries can be defined in the ARP Table.
User Accounts User Accounts Use this window to control user privileges, create new users, and view existing User Accounts. To view this window, click Configuration > User Accounts: In this window, the following parameters can be configured: Parameter Description User Name The name of the user, an alphanumeric string of up to 15 characters. Password Enter a password for the new user. Access Right There are two levels of user privileges, Admin and User.
Chapter 2: Configuration System Log Configuration Folder This section contains information for configuring various attributes and properties for System Log Configurations, including System Log Settings and System Log Host. System Log Settings This window allows the user to enable or disable the System Log and specify the System Log Save Mode Settings.
System Log Configuration Folder In this window, the following parameters can be configured: Parameter Description Server ID Syslog server settings index (1-4). Severity This drop-down menu allows you to select the level of messages that will be sent. The options are Warning, Informational, and All. Server IP Address The IP address of the Syslog server. Facility Some of the operating system daemons and processes have been assigned Facility values.
Chapter 2: Configuration Parameter Description Facility Some of the operating system daemons and processes have been assigned Facility values. Processes and daemons that have not been explicitly assigned a Facility may use any of the "local use" facilities or they may use the "user-level" Facility. Those Facilities that have been designated are shown in the following: Bold font indicates the facility values that the Switch is currently employing.
DHCP Relay Folder To configure the DHCP Relay Global settings, click Configuration > DHCP Relay > DHCP Relay Global Settings: In this window, the following parameters can be configured: Parameter Description DHCP Relay State: This option allows the user to enable or disable the DHCP Relay state. DHCP Relay / Hops Count Limit Enter the maximum number of relay agent hops that the DHCP packets can (1-16): cross. This value must be between 1 and 16. The default value is 4.
Chapter 2: Configuration MAC Address Aging Time This table specifies the length of time a learned MAC Address will remain in the forwarding table without being accessed (that is, how long a learned MAC Address is allowed to remain idle). To change this, enter a value representing the MAC address age-out time in seconds. The MAC Address Aging Time can be set to any value between 10 and 1,000,000 seconds. The default setting is 300 seconds.
Telnet Settings Telnet Settings Telnet configuration is Enabled by default. If you do not want to allow configuration of the system through Telnet choose Disabled. The TCP ports are numbered between 1 and 65535. The standard TCP port for the Telnet protocol is 23. To access this window, click Configuration > Telnet Settings: In this window, the following parameters can be configured: Parameter Description Telnet State Specifies to enable or disable the Telnet settings state.
Chapter 2: Configuration Firmware Information Information about current firmware images stored on the Switch can be viewed. To access this window, click Configuration > Firmware Information: In this window, the following parameters can be configured: Parameter Description ID States the image ID number of the firmware in the Switch’s memory. The Switch can store two firmware images for use. Image ID 1 will be the default boot up firmware for the Switch unless otherwise configured by the user.
SNTP Settings Folder Time Settings To configure the time settings for the Switch, click Configuration > SNTP Settings > Time Settings: In this window, the following parameters can be configured: Parameter Description Status: SNTP State Use the radio button to select an Enabled or Disabled SNTP state. Current Time Displays the Current Time set on the Switch. Time Source Displays the time source for the system.
Chapter 2: Configuration To configure the time zone settings for the Switch, click Configuration > SNTP Settings > Time Zone Settings: In this window, the following parameters can be configured: Parameter Description Time Zone and DST: Daylight Saving Time State Use this pull-down menu to enable or disable the DST Settings. Daylight Saving Time Offset in Minutes Use this pull-down menu to specify the amount of time that will constitute your local DST offset 30, 60, 90, or 120 minutes.
SMTP Settings Folder Parameter Description DST Annual Settings Using annual mode will enable DST seasonal time adjustment. Annual mode requires that the DST beginning and ending date be specified concisely. For example, specify to begin DST on April 3 and end DST on October 14. From: Month Enter the month DST will start on, each year. From: Day Enter the day DST will start on, each year. From: Time in HH:MM Enter the time of day DST will start on, each year.
Chapter 2: Configuration In this window, the following parameters can be configured: Parameter Description SMTP State Use the radio button to enable or disable the SMTP service on this device. SMTP Server Address Enter the IP address of the SMTP server on a remote device. This will be the device that sends out the mail for you. SMTP Server Port (1-65535) Enter the virtual port number that the Switch will connect with on the SMTP server.
SNMP Settings Folder Managed devices that support SNMP include software (referred to as an agent), which runs locally on the device. A defined set of variables (managed objects) is maintained by the SNMP agent and used to manage the device. These objects are defined in a Management Information Base (MIB), which provides a standard presentation of the information controlled by the on-board SNMP agent.
Chapter 2: Configuration To configure SNMP View Settings for the Switch, click Configuration > SNMP Settings > SNMP View Table: In this window, the following parameters can be configured: Parameter Description View Name Type an alphanumeric string of up to 32 characters. This is used to identify the new SNMP view being created. Subtree OID Type the Object Identifier (OID) Subtree for the view.
SNMP Settings Folder To view this window, click Configuration > SNMP Settings > SNMP Group Table: In this window, the following parameters can be configured: Parameter Description Group Name Type an alphanumeric string of up to 32 characters. This is used to identify the new SNMP group of SNMP users. Read View Name Specify an SNMP group name for users that are allowed SNMP read privileges to the Switch’s SNMP agent.
Chapter 2: Configuration SNMP User Table This window displays all of the SNMP User's currently configured on the Switch and also allows you to add new users. To view this window, click Configuration > SNMP Settings > SNMP User Table: In this window, the following parameters can be configured: Parameter Description User Name An alphanumeric string of up to 32 characters. This is used to identify the SNMP users. Group Name This name is used to specify the SNMP group created can request SNMP messages.
SNMP Settings Folder Click on the Delete button to remove the selected entry. SNMP Community Table Use this table to view existing SNMP Community Table configurations and to create a SNMP community string to define the relationship between the SNMP manager and an agent. The community string acts like a password to permit access to the agent on the Switch.
Chapter 2: Configuration SNMP Host Table Use the SNMP Host Table window to set up SNMP trap recipients. To configure SNMP Host Table entries, click Configuration > SNMP Settings > SNMP Host Table In this window, the following parameters can be configured: Parameter Description Host IP Address Type the IP address of the remote management station that will serve as the SNMP host for the Switch. User-based Security Model SNMPv1 - Specifies that SNMP version 1 will be used.
SNMP Settings Folder To change the Engine ID, enter the new Engine ID in the space provided and click the Apply button. SNMP Trap Configuration The following window is used to enable and disable trap settings for the SNMP function on the Switch. To view this window for configuration, click Configuration > SNMP Settings > SNMP Trap Configuration: In this window, the following parameters can be configured: Parameter Description SNMP Trap Specifies to enable or disable SNMP Traps.
Chapter 2: Configuration To view this window for configuration, click Configuration > SNMP Settings > RMON: In this window, the following parameters can be configured: Parameter Description RMON Status Specifies to enable or disable the RMON status. Click on the Apply button to accept the changes made.
3 Layer 2 Features CHAPTER The following section will aid the user in configuring Layer 2 functions for the Switch. The Switch includes various functions all discussed in detail in the following section. Jumbo Frame This window will enable or disable the Jumbo Frame function on the Switch. The default is Enabled. When Enabled, jumbo frames (frames larger than the standard Ethernet frame size of 1522 bytes) with a maximum size of 9216 bytes can be transmitted by the Switch.
Chapter 3: Layer 2 Features Priority tags are given values from 0 to 7 with 0 being assigned to the lowest priority data and 7 assigned to the highest. The highest priority tag 7 is generally only used for data associated with video or audio applications, which are sensitive to even slight delays, or for data from specified end users whose data transmissions warrant special consideration. The Switch allows you to further tailor how priority tagged data packets are handled on your network.
VLANs ● Untagging - The act of stripping 802.1Q VLAN information out of the packet header. ● Ingress port - A port on a switch where packets are flowing into the Switch and VLAN decisions must be made. ● Egress port - A port on a switch where packets are flowing out of the Switch, either to another switch or to an end station, and tagging decisions must be made. IEEE 802.1Q (tagged) VLANs are implemented on the Switch. 802.
Chapter 3: Layer 2 Features EtherType field is equal to 0x8100, the packet carries the IEEE 802.1Q/802.1p tag. The tag is contained in the following two octets and consists of three bits of user priority, one bit of Canonical Format Identifier (CFI - used for encapsulating Token Ring packets so they can be carried across Ethernet backbones), and twelve bits of VLAN ID (VID). The three bits of user priority are used by 802.1p. The VID is the VLAN identifier and is used by the 802.1Q standard.
VLANs Every physical port on a switch has a PVID. 802.1Q ports are also assigned a PVID, for use within the Switch. If no VLANs are defined on the Switch, all ports are then assigned to a default VLAN with a PVID equal to 1. Untagged packets are assigned the PVID of the port on which they were received. Forwarding decisions are based upon this PVID, in so far as VLANs are concerned. Tagged packets are forwarded according to the VID contained within the tag.
Chapter 3: Layer 2 Features This process is referred to as ingress filtering and is used to conserve bandwidth within the Switch by dropping packets that are not on the same VLAN as the ingress port at the point of reception. This eliminates the subsequent processing of packets that will just be dropped by the destination port. Default VLANs The Switch initially configures one VLAN, VID = 1, called "default." The factory default setting assigns all ports on the Switch to the "default.
VLANs ports 1, 2, 3 and 4 and VLAN 2 members to ports 1, 5, 6 and 7, Port 1 will belong to two VLAN groups. Ports 8, 9 and 10 are not configured to any VLAN group. This means ports 8, 9 and 10 are in the same VLAN group. VLAN and Trunk Groups The members of a trunk group have the same VLAN setting. Any VLAN setting on the members of a trunk group will apply to the other member ports.
Chapter 3: Layer 2 Features 6 Before Q-in-Q VLANs are enabled, users need to disable STP and GVRP manually. 7 All packets sent from the CPU to the Access ports must be untagged. 802.1Q Static VLAN This window lists all previously configured VLANs by VLAN ID and VLAN Name. To view this window, click L2 Features > 802.1Q Static VLAN: To create a new 802.1Q VLAN entry, click the Add/Edit VLAN tab at the top of the window.
802.1Q Static VLAN To return to the initial 802.1Q Static VLAN window, click the VLAN List tab at the top of the window. To change an existing 802.1Q static VLAN entry, click the corresponding Edit button. A new window will appear to configure the port settings and to assign a unique name and number to the new VLAN. See the table below for a description of the parameters in the new window. NOTE The Switch supports up to 4k static VLAN entries.
Chapter 3: Layer 2 Features Click on the Apply button to accept the changes made. To search for a VLAN, click the Find VLAN tab at the top of the window (see below), enter a VLAN ID, and click Find to display the settings for a previously configured VLAN.
Q-in-Q Folder In this window, the following parameters can be configured: Parameter Description VID List (e.g.: 2-5) Enter a VLAN ID List that can be added, deleted or configured. Advertisement Enabling this function will allow the Switch to send out GVRP packets to outside sources, notifying that they may join the existing VLAN. Port List (e.g.: 1-5) Allows an individual port list to be added or deleted as a member of the VLAN. Tagged Specifies the port as 802.1Q tagged.
Chapter 3: Layer 2 Features Q-in-Q Settings To view this window, click L2 Features > Q-in-Q > Q-in-Q Settings: In this window, the following parameters can be configured: Parameter Description Q-in-Q Global Settings Click the radio button to enable or disable the Q-in-Q Global Settings. From Port/To Port A consecutive group of ports that are part of the VLAN configuration starting with the selected port. Role The user can choose between UNI or NNI role.
802.1v Protocol VLAN Folder VLAN Translation Settings VLAN translation translates the VLAN ID carried in the data packets it receives from private networks into those used in the Service Providers network. To view this window click L2 Features > Q-in-Q > VLAN Translation CVID Entry Settings: In this window, the following parameters can be configured: Parameter Description Action Specify to Add or Replace Service Provider VLAN ID (SVID) packets.
Chapter 3: Layer 2 Features 802.1v Protocol Group Settings To view this window, click L2 Features > 802.1v Protocol VLAN > 802.1v Protocol Group Settings: In this window, the following parameters can be configured: Parameter Description Group ID (1-16) Select an ID number for the group, between 1 and 16. Group Name This is used to identify the new Protocol VLAN group. Type an alphanumeric string of up to 32 characters.
802.1v Protocol VLAN Folder To view this window, click L2 Features > 802.1v Protocol VLAN > 802.1v Protocol VLAN Settings: In this window, the following parameters can be configured: Parameter Description Group ID Click the corresponding radio button to select a previously configured Group ID from the drop-down menu. Group Name Click the corresponding radio button to select a previously configured Group Name from the drop-down menu. VID (1-4094) Click the radio button to enter the VID.
Chapter 3: Layer 2 Features GVRP Settings This window allows the user to determine whether the Switch will share its VLAN configuration information with other GARP VLAN Registration Protocol (GVRP) enabled switches. In addition, Ingress Checking can be used to limit traffic by filtering incoming packets whose PVID do not match the PVID of the port. Results can be seen in the table under the configuration settings, as seen below.
Asymmetric VLAN Settings Parameter Description Ingress Checking This field can be toggled using the space bar between Enabled and Disabled. Enabled enables the port to compare the VID tag of an incoming packet with the PVID number assigned to the port. If the two are different, the port filters (drops) the packet. Disabled disables ingress filtering. Ingress Checking is Enabled by default. Acceptable Frame Type This field denotes the type of frame that will be accepted by the port.
Chapter 3: Layer 2 Features To view this window, click L2 Features > MAC-based VLAN Settings: In this window, the following parameters can be configured: Parameter Description MAC Address Specify the MAC address to be mapped. VLAN Name Enter the VLAN name of a previously configured VLAN. Click on the Find button to find a specific entry based on the parameters entered. Click on the Add button to add a new entry. Click on the Delete All button to remove all the entries.
Port Trunking Port Trunking Understanding Port Trunk Groups Port trunk groups are used to combine a number of ports together to make a single high-bandwidth data pipeline. The Switch supports up to eight port trunk groups with two to eight ports in each group. The Switch treats all ports in a trunk group as a single port. Data transmitted to a specific host (destination address) will always be transmitted over the same port in a trunk group.
Chapter 3: Layer 2 Features status, static multicast, traffic control; traffic segmentation and 802.1p default priority configurations must be identical. Port locking, port mirroring and 802.1X must not be enabled on the trunk group. Further, the aggregated links must all be of the same speed and should be configured as full duplex.
LACP Port Settings Parameter Description Flooding Ports These ports are designated for flooding broadcast, multicast, and DLF (unicast Destination Lookup Fail) packets from the CPU in a trunk group. The port is defined by software and doesn’t actually exist in the hardware. Click on the Apply button to accept the changes made. Click on the Clear All button to clear all the entered data from the fields. Click on the Add button to add a new entry.
Chapter 3: Layer 2 Features Parameter Description Activity Active - Active LACP ports are capable of processing and sending LACP control frames. This allows LACP compliant devices to negotiate the aggregated link so the group may be changed dynamically as needs require. In order to utilize the ability to change an aggregated port group, that is, to add or subtract ports from the group, at least one of the participating devices must designate LACP ports as active. Both devices must support LACP.
IGMP Snooping Folder In this window, the following parameters can be configured: Parameter Description From Port/To Port Check the corresponding boxes for the port(s) to transmit packets. Forward Portlist Check the boxes to select which of the ports on the Switch will be able to forward packets. These ports will be allowed to receive packets from the port specified above. Click on the Clear All button to clear all the entered data from the fields.
Chapter 3: Layer 2 Features After clicking on the Edit button, the following window will appear: In this window, the following parameters can be configured: Parameter Description VLAN ID This is the VLAN ID that, along with the VLAN Name, identifies the VLAN for which the user wishes to modify the IGMP Snooping Settings. VLAN Name This is the VLAN Name that, along with the VLAN ID, identifies the VLAN for which the user wishes to modify the IGMP Snooping Settings.
MLD Snooping Settings Click on the Apply button to accept the changes made. After clicking on the Modify Router Port link, the following window will appear: Click on the Select All button to select all the options for configuration. Click on the Clear All button to clear all the entered data from the fields. Click on the Apply button to accept the changes made. Click on the <
Chapter 3: Layer 2 Features requesting multicast data. There are two types of MLD query messages emitted by the router. The General Query is used to advertise all multicast addresses that are ready to send multicast data to all listening ports, and the Multicast Specific query, which advertises a specific multicast address that is also ready.
MLD Snooping Settings To view this window, click L2 Features > MLD Snooping Settings: In this window, the following parameters can be configured: Parameter Description MLD Snooping State Specifies to enable or disable the MLD Snooping Global Settings state. Click on the Apply button to accept the changes made. Click on the Edit button to re-configure a specific entry.
Chapter 3: Layer 2 Features Parameter Description Fast Done This parameter allows the user to enable the Fast Leave function. Enabled, this function will allow members of a multicast group to leave the group immediately (without the implementation of the Last Listener Query Interval) when an MLD Leave Report Packet is received by the Switch. The default is Disabled. State Select Enabled to implement MLD Snooping. This field is Disabled by default.
Loopback Detection Settings Page To view this window, click Layer 2 Features > Port Mirror: To configure a mirror port: 1 Change the status to Enabled. 2 Select the Target Port, which receives the copies from the source port. 3 Select the Source Port from where the frames come from. 4 Click Apply to let the changes take effect. NOTE You cannot mirror a fast port onto a slower port. For example, if you try to mirror the traffic from a 100 Mbps port onto a 10 Mbps port, this can cause throughput problems.
Chapter 3: Layer 2 Features To view this window, click L2 Features > Loopback Detection Settings: In this window, the following parameters can be configured: Parameter Description State Here the user can enable or disable the loopback detection feature. Interval The time interval (in seconds) at which a device transmits all the CTP (Configuration Test Protocol) packets to detect the loopback event. The valid range is 1 to 32767. The default setting is 10.
Spanning Tree Folder processed quickly and completely throughout interconnected bridges utilizing any of the three spanning tree protocols (STP, RSTP or MSTP). This protocol will also tag BPDU packets so receiving devices can distinguish spanning tree instances, spanning tree regions and the VLANs associated with them. An MSTI ID will classify these instances. MSTP will connect multiple spanning trees with a Common and Internal Spanning Tree (CIST).
Chapter 3: Layer 2 Features All three protocols calculate a stable topology in the same way. Every segment will have a single path to the root bridge. All bridges listen for BPDU packets. However, BPDU packets are sent more frequently with every Hello packet. BPDU packets are sent even if a BPDU packet was not received. Therefore, each link between bridges is sensitive to the status of the link. Ultimately this difference results in faster detection of failed links, and thus faster topology adjustment.
Spanning Tree Folder STP Bridge Global Settings To open the following window, click L2 features > Spanning Tree > STP Bridge Global Settings: In this window, the following parameters can be configured: Parameter Description STP State Use the radio buttons to enable or disable the STP Status. STP Version Use the pull-down menu to choose the desired version of STP to be implemented on the Switch.
Chapter 3: Layer 2 Features Click on the Apply button to accept the changes made. NOTE The Hello Time cannot be longer than the Max. Age. Otherwise, a configuration error will occur. Observe the following formulas when setting the above parameters: Max. Age ? 2 x (Forward Delay - 1 second) Max. Age ? 2 x (Hello Time + 1 second) STP Port Settings STP can be set up on a port per port basis.
Spanning Tree Folder NOTE STP Port Settings window for MSTP mode. In addition to setting Spanning Tree parameters for use on the switch level, the Switch allows for the configuration of groups of ports, each port-group of which will have its own spanning tree, and will require some of its own configuration settings. An STP Group will use the switch-level parameters entered above, with the addition of Port Priority and Port Cost.
Chapter 3: Layer 2 Features Parameter Description Migrate Setting this parameter as Yes will set the ports to send out BPDU packets to other bridges, requesting information on their STP setting If the Switch is configured for RSTP, the port will be capable to migrate from 802.1D STP to 802.1w RSTP. Migration should be set as yes on ports connected to network stations or segments that are capable of being upgraded to 802.1w RSTP on all or some portion of the segment.
Spanning Tree Folder To view this window, click L2 Features > Spanning Tree > MST Configuration Identification: In this window, the following parameters can be configured: Parameter Description Configuration Name A previously configured name set on the Switch to uniquely identify the MSTI (Multiple Spanning Tree Instance). If a configuration name is not set, this field will show the MAC address to the device running MSTP. This field can be set in the STP Bridge Global Settings window.
Chapter 3: Layer 2 Features To view the following table, click L2 Features > Spanning Tree > STP Instance Settings: In this window, the following parameters can be configured: Parameter Description MSTI ID Displays the MSTI ID of the instance being modified. An entry of 0 in this field denotes the CIST (default MSTI). Priority Enter the new priority in the Priority field. The user may set a priority value between 0 and 61440. Click on the Apply button to accept the changes made.
Forwarding & Filtering Folder In this window, the following parameters can be configured: Parameter Description Port Use the drop-down menu to select a port. Instance ID Displays the MSTI ID of the instance being configured. An entry of 0 in this field denotes the CIST (default MSTI). Internal Path Cost (1200000000) This parameter is set to represent the relative cost of forwarding packets to specified ports when an interface is selected within a STP instance.
Chapter 3: Layer 2 Features Multicast Forwarding Settings To view this window, click L2 Features > Forwarding & Filtering > Multicast Forwarding Settings: In this window, the following parameters can be configured: Parameter Description VLAN ID (1-4094) The VLAN ID of the VLAN to which the corresponding MAC address belongs. MAC Address The MAC address that will be added to the multicast forwarding table. Port Settings Allows the selection of ports that will be members of the static multicast group.
LLDP Folder To view this window, click L2 Features > Forwarding & Filtering > Multicast Filtering Mode: In this window, the following parameters can be configured: Parameter Description From Port/To Port The range of ports to be configured. Filtering Mode This drop-down menu instructs the Switch what action to take when it receives a multicast packet that requires forwarding to a port.
Chapter 3: Layer 2 Features LLDP Global Settings To view this window, click L2 Features > LLDP > LLDP Global Settings: In this window, the following parameters can be configured: Parameter Description LLDP State Used to enable or disable LLDP on the Switch. LLDP Forward Message When LLDP is Disabled this function controls the LLDP packet forwarding message based on individual ports.
LLDP Folder LLDP Port Settings To view this window, click L2 Features > LLDP > LLDP Port Settings: In this window, the following parameters can be configured: Parameter Description From Port/To Port Use the pull-down menu to select a range of ports to be configured. Notification Use the pull-down menu to Enable or Disable the status of the LLDP notification. This function controls the SNMP trap, however it cannot implement traps on SNMP when the notification is disabled.
Chapter 3: Layer 2 Features LLDP Basic TLVs Settings This window is used to enable the settings for the Basic TLVs Settings. To view this window, click L2 Features > LLDP > LLDP Basic TLVs Settings: In this window, the following parameters can be configured: Parameter Description From Port/To Port Use the pull-down menu to select a range of ports to be configured. Port Description Use the drop-down menu to enable or disable port description.
LLDP Folder To view this window, click L2 Features > LLDP > LLDP Dot1 TLVs Settings: In this window, the following parameters can be configured: Parameter Description From Port/To Port Use the pull-down menu to select a range of ports to be configured. PVID Use the drop-down menu to enable or disable the advertise PVID. Protocol VLAN ID Use the drop-down menu to enable or disable the advertise Protocol VLAN ID. VLAN Name Use the drop-down menu to enable or disable the advertise VLAN Name.
Chapter 3: Layer 2 Features To view this window, click L2 Features > LLDP > LLDP Dot3 TLVs Settings: In this window, the following parameters can be configured: Parameter Description From Port / To Port Use the drop-down menu to select a range of ports to be configured. MAC/PHY Configuration Status This TLV optional data type indicates that the LLDP agent should transmit 'MAC/PHY configuration/status TLV'. This indicates it is possible for two ends of an IEEE 802.
4 Quality of Service (QoS) CHAPTER The Switch supports 802.1p priority queuing Quality of Service. The following section discusses the implementation of QoS (Quality of Service) and benefits of using 802.1p priority queuing. Advantages of QoS QoS is an implementation of the IEEE 802.
Chapter 4: Quality of Service (QoS) The previous picture shows the default priority setting for the Switch. Class 3 has the highest priority of the four priority queues on the Switch. In order to implement QoS, the user is required to instruct the Switch to examine the header of a packet to see if it has the proper identifying tag tagged. Then the user may forward these tagged packets to designated queues on the Switch where they will be emptied, based on priority.
Bandwidth Control Bandwidth Control The bandwidth control settings are used to place a ceiling on the transmitting and receiving data rates for any selected port. To view this window, click QoS > Bandwidth Control: In this window, the following parameters can be configured: Parameter Description From Port/To Port A consecutive group of ports may be configured starting with the selected port. Type This drop-down menu allows you to select between Rx (receive), Tx (transmit), and Both.
Chapter 4: Quality of Service (QoS) packets coming into the Switch until the storm has subsided. This method can be utilized by selecting the Drop option of the Action field in the window below. The Switch will also scan and monitor packets coming into the Switch by monitoring the Switch’s chip counter. This method is only viable for Broadcast and Multicast storms because the chip only has counters for these two types of packets.
Traffic Control Parameter Description Action Select the method of traffic Control from the pull-down menu. The choices are: Drop – Utilizes the hardware Traffic Control mechanism, which means the Switch’s hardware will determine the Packet Storm based on the Threshold value stated and drop packets until the issue is resolved. Shutdown – Utilizes the Switch’s software Traffic Control mechanism to determine the Packet Storm occurring.
Chapter 4: Quality of Service (QoS) NOTE Ports that are in the Shutdown rest mode will be seen as Discarding in Spanning Tree windows and implementations though these ports will still be forwarding BPDUs to the Switch’s CPU. NOTE Ports that are in Shutdown rest mode will be seen as link down in all windows and screens until the user recovers these ports or when the port automatically recover after 5 minutes. 802.1p Default Priority The Switch allows the assignment of a default 802.
802.1p User Priority 802.1p User Priority The Switch allows the assignment of a user priority to each of the 802.1p priorities. To view this window, click QoS > 802.1p User Priority: Once a priority has been assigned to the port groups on the Switch, assign this Class to each of the eight levels of 802.1p priorities. In this window, the following parameters can be configured: Parameter Description Class ID This field is used to enter a Class ID between Class-0 and Class-3.
Chapter 4: Quality of Service (QoS) In this window, the following parameters can be configured: Parameter Description Scheduling Mechanism Toggle between Strict and Weight Fair. Strict is the highest class of service and the first to process traffic. That is, the highest class of service will finish before other queues empty. Weight Fair uses the weighted round-robin algorithm to handle packets in an even distribution in priority classes of service. Weight (1-55) Enter a Weight value between 1 and 55.
TOS Mapping TOS Mapping This window is used to set up Type of Service (TOS) Mapping. To view this window, click QoS > ToS Mapping: In this window, the following parameters can be configured: Parameter Description Class ID This field is used to enter a Class ID between Class-0 and Class-3. Click on the Apply button to accept the changes made.
Chapter 4: Quality of Service (QoS) DSCP Mapping This window is used to set up DSCP Mapping. To view this window, click QoS > DSCP Mapping: In this window, the following parameters can be configured: Parameter Description DSCP Value This field is used to enter a DSCP value in the space provided, which will instruct the Switch to examine the DiffServ Code part of each packet header and use this as the main, or part of, the criterion for forwarding. The user may choose a value between 0 and 63.
5 Security CHAPTER Trusted Host Use the Security IP Management to permit remote stations to manage the Switch. If one or more designated management stations are defined by the user, only the chosen stations, as defined by the IP address and subnet, will be allowed management privilege through the Web manager, Telnet session, or SNMP manager. To define a management station IP setting, type in the IP address with a proper subnet mask and click the Add button.
Chapter 5: Security Port Security Folder Port Security is a security feature that prevents unauthorized computers (with source MAC addresses) unknown to the Switch prior to locking the port (or ports) from connecting to the Switch's locked ports and gaining access to the network.
Authentication Settings Click on the Apply button to accept the changes made. Port Security FDB Entries This window is used to clear the Port Lock Entries by individual ports. To clear entries enter the range of ports and click Clear. To view the following window click, Security > Port Security > Port Security FDB Entries: Authentication Settings The user can use this page to configure authorization mode on ports.
Chapter 5: Security In this window, the following parameters can be configured: Parameters Description From Port ~ To Port Here will be displayed the list of ports used for this configuration. This list is fixed on using all the ports. Authorized Mode Specifies the authentication mode used. Host-based - Every user can be authenticated individually. Port-based - If one of the attached hosts passes the authentication, all hosts on the same port will be granted to access network.
802.1X Folder Authentication Server The Authentication Server is a remote device that is connected to the same network as the Client and Authenticator, must be running a RADIUS Server program and must be configured properly on the Authenticator (Switch). Clients connected to a port on the Switch must be authenticated by the Authentication Server (RADIUS) before attaining any services offered by the Switch on the LAN.
Chapter 5: Security Client The Client is simply the end station that wishes to gain access to the LAN or switch services. All end stations must be running software that is compliant with the 802.1X protocol. For users running Windows XP and Windows Vista, that software is included within the operating system. All other users are required to attain 802.1X client software from an outside source.
802.1X Folder Port-Based Network Access Control Once the connected device has successfully been authenticated, the Port then becomes Authorized, and all subsequent traffic on the Port is not subject to access control restriction until an event occurs that causes the Port to become Unauthorized.
Chapter 5: Security 802.1X Settings To configure the 802.1X Settings, click Security > 802.1X > 802.1X Settings: In this window, the following parameters can be configured: Parameters Description 802.1X Use the radio buttons to enable or disable 802.1X. Auth Mode Here is authentication mode used will be displayed. Auth Protocol Choose the authentication protocol, Local or RADIUS EAP. From Port/To Port Enter the port or ports to be set.
802.1X Folder Parameters Description ReAuthPeriod (1-65535) A constant that defines a nonzero number of seconds between periodic reauthentication of the client. The default setting is 3600 seconds. ReAuthentication Determines whether regular reauthentication will take place on this port. The default setting is Disabled. Port Control This allows you to control the port authorization state. Select ForceAuthorized to disable 802.
Chapter 5: Security In this window, the following parameters can be configured: Parameters Description 802.1X User Specifies the 802.1X username used here. Password Specifies the 802.1X password used here. Confirm Password Specifies the 802.1X password confirmation used here. Click on the Apply button to accept the changes made.
802.1X Folder Initialize Port(s) Existing 802.1X port and MAC-based settings are displayed and can be configured using the two windows below. To initialize ports for the port side of 802.1X, the user must first enable 802.1X by port in the 802.1X Settings window. To view the following window, click Security > 802.1X > Initialize Port(s): This window allows initialization of a port or group of ports. The Initialize Port Table in the bottom half of the window displays the current status of the port(s).
Chapter 5: Security Parameters Description Port Status The status of the controlled port can be Authorized, Unauthorized, or N/A. MAC Address The authenticated MAC address of the client connected to the corresponding port, if any. Reauthenticate Port(s) Users can display and configure reauthenticate ports for 802.1X port and MAC-based using the two windows below. To reauthenticate ports for the port side of 802.1X, the user must first enable 802.1X by port in the 802.
SSL Settings Parameters Description MAC Address Displays the physical address of the Switch where the port resides. Auth PAE State The Authenticator State will display one of the following: Initialize, Disconnected, Connecting, Authenticating, Authenticated, Aborting, Held, ForceAuth, ForceUnauth, and N/A. Backend_State The Backend State will display one of the following: Request, Response, Success, Fail, Timeout, Idle, Initialize, and N/A.
Chapter 5: Security Download Certificate This window is used to download a certificate file for the SSL function on the Switch from a TFTP server. The certificate file is a data record used for authenticating devices on the network. It contains information on the owner, keys for authentication and digital signatures. Both the server and the client must have consistent certificate files for optimal use of the SSL function. The Switch only supports certificate files with .der file extensions.
SSH Folder Parameters Description RSA with RC4_128_MD5 This ciphersuite combines the RSA key exchange, stream cipher RC4 encryption with 128-bit keys and the MD5 Hash Algorithm. Use the pull-down menu to enable or disable this ciphersuite. This field is enabled by default. RSA with 3DES EDE CBC SHA This ciphersuite combines the RSA key exchange, CBC Block Cipher 3DES_EDE encryption and the SHA Hash Algorithm. Use the pull-down menu to enable or disable this ciphersuite.
Chapter 5: Security 3 Configure the encryption algorithm that SSH will use to encrypt and decrypt messages sent between the SSH client and the SSH server, using the SSH Authmode and Algorithm Settings window. 4 Finally, enable SSH on the Switch using the SSH Settings window. After completing the preceding steps, a SSH Client on a remote PC can be configured to manage the Switch using a secure, in band connection. SSH Settings The following window is used to configure and view settings for the SSH server.
SSH Folder To view this window, click Security > SSH > SSH Authmode and Algorithm Settings: In this window, the following parameters can be configured: Parameters Description SSH Authentication Mode Settings Password This parameter may be enabled if the administrator wishes to use a locally configured password for authentication on the Switch. The default is enabled.
Chapter 5: Security Parameters Description HMAC-SHA1 Tick the check box to enable the HMAC (Hash for Message Authentication Code) mechanism utilizing the Secure Hash algorithm. The default is enabled. HMAC-MD5 Tick the check box to enable the HMAC (Hash for Message Authentication Code) mechanism utilizing the MD5 Message Digest encryption algorithm. The default is enabled.
Access Authentication Control Folder Parameters Description Auth. Mode The administrator may choose one of the following to set the authorization for users attempting to access the Switch. Host Based – This parameter should be chosen if the administrator wishes to use a remote SSH server for authentication purposes. Choosing this parameter requires the user to input the following information to identify the SSH user.
Chapter 5: Security ● TACACS+ (Terminal Access Controller Access Control System plus) - Provides detailed access control for authentication for network devices. TACACS+ is facilitated through Authentication commands via one or more centralized servers.
Access Authentication Control Folder To access the following window, click Security > Access Authentication Control > Authentication Policy Settings: In this window, the following parameters can be configured: Parameters Description Authentication Policy Use the pull-down menu to enable or disable the Authentication Policy on the Switch. Response Timeout (0-255) This field will set the time the Switch will wait for a response of authentication from the user.
Chapter 5: Security In this window, the following parameters can be configured: Parameters Description Application Lists the configuration applications on the Switch. The user may configure the Login Method List and Enable Method List for authentication for users utilizing the Console (Command Line Interface) application, the Telnet application, SSH, and the WEB (HTTP) application.
Access Authentication Control Folder The Switch has four built-in Authentication Server Groups that cannot be removed but can be modified.
Chapter 5: Security Switch. More than one authentication protocol can be run on the same physical server host but, remember that TACACS/XTACACS/TACACS+/RADIUS are separate entities and are not compatible with each other. The maximum supported number of server hosts is 16.
Access Authentication Control Folder Login Method Lists This window is used to configure a user-defined or default Login Method List of authentication techniques for users logging on to the Switch. The sequence of techniques implemented in this command will affect the authentication result. For example, if a user enters a sequence of techniques, for example TACACS – XTACACS - local, the Switch will send an authentication request to the first TACACS host in the server group.
Chapter 5: Security Parameters Description Priority 1, 2, 3, 4 The user may add one, or a combination of up to four of the following authentication methods to this method list: tacacs - Adding this parameter will require the user to be authenticated using the TACACS protocol from a remote TACACS server. xtacacs - Adding this parameter will require the user to be authenticated using the XTACACS protocol from a remote XTACACS server.
Access Authentication Control Folder To view the following table, click Security > Access Authentication Control > Enable Method Lists: To delete an Enable Method List defined by the user, click the the Delete button. To modify an Enable Method List, click on its corresponding Edit button. In this window, the following parameters can be configured: Parameters Description Method List Name Enter a method list name defined by the user of up to 15 characters.
Chapter 5: Security To view the following window, click Security > Access Authentication Control > Local Enable Password Settings: In this window, the following parameters can be configured: Parameters Description Old Local Enable Password (Max: 15 characters) If a password was previously configured for this entry, enter it here in order to change it to a new password New Local Enable Password Enter the new password that you wish to set on the Switch to authenticate users attempting to access Adminis
MAC-based Access Control Folder To enable the MAC-based Access Control Global Settings on the Switch, click Security > MAC-based Access Control > MAC-based Access Control Settings: In this window, the following parameters can be configured: Parameters Description Settings MBA Global State Use the radio button to globally enable or disable the MAC-based Access Control function on the Switch.
Chapter 5: Security Parameters Authorization Network Description When enabled, authorized attributes (for example VLAN) assigned by the RADUIS server or local database. Which attributes will be accepted depends on the individual module’s setting. Authorization for attributes is disabled by default. Click on the Apply button to accept the changes made. Parameters Description Port Settings From Port/To Port Enter the Port range.
MAC-based Access Control Folder Click on the Edit By Name button to re-configure the VLAN name of the specific entry. Click on the Edit By ID button to re-configure the VLAN ID of the specific entry.
Chapter 5: Security Extreme Networks EAS 100-24t Switch Software Manual 134
6 Access Control List (ACL) CHAPTER Access profiles allow the user to establish criteria to determine whether or not the Switch will forward packets based on the information contained in each packet's header. These criteria can be specified on a basis of Packet Content, MAC address, IP address, or IPv6 address. ACL Configuration Wizard This window will aid with the creation of access profiles and ACL Rules. The ACL Wizard will create the access rule and profile automatically.
Chapter 6: Access Control List (ACL) Parameters Description Access ID (1-65535) Type in a unique identifier number for this access. This value can be set from 1 to 65535. From Use the drop-down menu to select from MAC Address, IPv4 Address, IPv6, or Any. To Use the drop-down menu to select from MAC Address, IPv4 Address, or Any. Service Type Use the drop-down menu to select from VLAN Name, Ethernet Type, 802.1P, or Any.
Access Profile List To display the currently configured Access Profiles on the Switch, click ACL > Access Profile Lists: Access Profile List – Enternet ACL To add an ACL Profile, click the Add ACL Profile button, which will display the window below: Extreme Networks EAS 100-24t Switch Software Manual 137
Chapter 6: Access Control List (ACL) There are four sets of Access Profile configuration windows; one for Ethernet (or MAC address-based) profile configuration, one for IP (IPv4) address-based profile configuration, one for the Packet Content and one for IPv6.
Access Profile List To add a rule to the Access Profile entry, click the Add/View Rules button. To view the configurations for a previously configured entry, click on the corresponding Show Details button, which will display the following window: To return to the Access Profile List window, click Show All Profiles. To add a rule to a previously configured entry click on the corresponding Add/View Rules.
Chapter 6: Access Control List (ACL) Click Add Rule, to display the following window: In this window, the following parameters can be configured: Parameters Access ID Description (1-65535) Type in a unique identifier number for this access. This value can be set from 1 to 65535. Auto Assign – Ticking this check box will instruct the Switch to automatically assign an Access ID for the rule being created.
Access Profile List Parameters Description Action Select Permit to specify that the packets that match the access profile are forwarded by the Switch, according to any additional rule added (see below). Select Deny to specify the packets that match the access profile are not forwarded by the Switch and will be filtered. Select Mirror to specify that packets that match the access profile are mirrored to a port defined in the config mirror port command.
Chapter 6: Access Control List (ACL) To view the configurations for previously configured rules, click on the corresponding Show Details button, which will display the following Access Rule Detail Information window: Access Profile List – IPv4 ACL To create an IPv4 ACL, click Add ACL Profile in the Access Profile List window and then use the drop-down menu to select a Profile ID between 1 and 256, click the IPv4 ACL radio button, and then use the drop-down menu to select a protocol ICMP, IGMP, TCP, UDP, o
Access Profile List In this window, the following parameters can be configured: Parameters Description VLAN Selecting this option instructs the Switch to examine the VLAN part of each packet header and use this as the, or part of the, criterion for forwarding. IPv4 DSCP Selecting this option instructs the Switch to examine the DiffServ Code part of each packet header and use this as the, or part of the criterion for forwarding.
Chapter 6: Access Control List (ACL) To add a rule to the Access Profile entry, click the Add/View Rules button.
Access Profile List To return to the Access Profile List window, click Show All Profiles. To add a rule to a previously configured entry, click on the corresponding Add/View Rules button, and then click Add Rule on the Access Rule List window, which will reveal the following window: In this window, the following parameters can be configured: Parameters Description Access ID (1-65535) Type in a unique identifier number for this access. This value can be set from 1 to 65535.
Chapter 6: Access Control List (ACL) Parameters Description IGMP Type ____ e.g. (0-255) - Specifies that the Switch will examine each frame’s IGMP Type field. TCP Source Port - Specifies a TCP port for the source port. Mask (0-FFFF) - Specifies a TCP port mask for the source port. Destination Port - Specifies a TCP port for the destination port. Mask (0-FFFF) - Specifies a TCP port mask for the destination port. Flag Bits - Enter the appropriate flag mask parameter.
Access Profile List Click Apply to display the following Access Rule List window: To view the configurations for a previously configured rule, click on the corresponding Show Details button, which will display the following Access Rule Detail Information window: Access Profile List – IPv6 ACL To create an IPv6 ACL, click Add ACL Profile in the Access Profile List window and then use the drop-down menu to select a Profile ID between 1 and 256, click the IPv6 ACL radio button, and then use the drop-down me
Chapter 6: Access Control List (ACL) Click Select and the following window will appear (this window will vary depending on whether TCP or UDP has been selected): Click on the boxes at the top of the table, which will then turn red and reveal parameters for configuration. To create a new entry enter the correct information and click Create. To return to the Access Profile List window, click <
Access Profile List button. To delete all the entries click on the Delete All button. To view the specific configurations for an entry click, the Show Details button. To add a rule to the Access Profile entry, click the Add/View Rules button.
Chapter 6: Access Control List (ACL) To return to the Access Profile List window, click Show All Profiles. To add a rule to a previously configured entry, click on the corresponding Add/View Rules button and then click Add Rule on the Access Rule List window, which will reveal the following window: In this window, the following parameters can be configured: Parameters Description Access ID (1-65535) Type in a unique identifier number for this access. This value can be set from 1 to 65535.
Access Profile List Parameters Description Action Select Permit to specify that the packets that match the access profile are forwarded by the Switch, according to any additional rule added (see below). Select Deny to specify the packets that match the access profile are not forwarded by the Switch and will be filtered. Select Mirror to specify that packets that match the access profile are mirrored to a port defined in the config mirror port command.
Chapter 6: Access Control List (ACL) Access Profile List – Packet Content ACL To create a Packet Content ACL, click Add ACL Profile in the Access Profile List window and then use the drop-down menu to select a Profile ID between 1 and 256 and click the Packet Content ACL radio button. Click Select and the following window will appear: Click on the boxes at the top of the table, which will then turn red and reveal parameters for configuration.
Access Profile List Click Create to view the new Access Profile List entry in the Access Profile List window shown below. To add another Access Profile, click Add ACL Profile. To delete a profile, click the corresponding Delete button. To delete all the entries click on the Delete All button. To view the specific configurations for an entry, click the Show Details button. To add a rule to the Access Profile entry, click the Add/View Rules button.
Chapter 6: Access Control List (ACL) To return to the Access Profile List window, click Show All Profiles. To add a rule to a previously configured entry, click on the corresponding Add/View Rules button and then Add Rule, which will reveal the following window: In this window, the following parameters can be configured: Parameters Description Access ID (1-65535) Type in a unique identifier number for this access. This value can be set from 1 to 65535.
ACL Finder Parameters Description Replace DSCP Select this option to instruct the Switch to replace the DSCP value (in a packet that meets the selected criteria) with the value entered in the adjacent field. Counter Enable or disable the counter for this ACL rule. Ports Enter a range of ports to be configured.
Chapter 6: Access Control List (ACL) To search for an entry, select the profile ID from the drop-down menu, enter a port to view, and click Find, the table on the lower half of the window will display the entries. To delete an entry click the corresponding Delete button. ACL Flow Meter This window offers flow bandwidth control used to limit the bandwidth of the ingress traffic. When users create an ACL rule to filter packets, a metering rule can be created to associate with this ACL rule to limit traffic.
ACL Flow Meter Parameters Description Mode Rate (Kbps) – Specifies the committed bandwidth in Kbps for the flow. The range is from 64 to 1024000. The unit is Kbps. Burst Size (Kbyte) – Specifies the burst size for this flow. The range is from 4 to 16384. The unit is Kbyte. Rate Exceed: Drop Packet– Drops the packet. Remark DSCP – Change the DSCP of the packet. Click Apply to implement changes made, click <
Chapter 6: Access Control List (ACL) Extreme Networks EAS 100-24t Switch Software Manual 158
7 Monitoring CHAPTER Cable Diagnostics This window displays the details of copper cables attached to specific ports on the Switch. If there is an error in the cable this feature can determine the type of error and the position where the error has occurred. To view this window, click Monitoring > Cable Diagnostics: Enter the range of ports to test and click Test. The results will be displayed in the table on the lower half of the window.
Chapter 7: Monitoring To view this window, click Monitoring > CPU Utilization: To view the CPU utilization by port, use the real-time graphic of the Switch at the top of the Web page by simply clicking on a port. The window will automatically refresh with new updated statistics. In this window, the following parameters can be configured: Parameters Description Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second.
Port Utilization Port Utilization This window displays the percentage of the total available bandwidth being used on the port. To view this window, click Monitoring > Port Utilization: To select a port to view these statistics for, select the port by using the Port pull-down menu. The user may also use the real-time graphic of the Switch at the top of the Web page by simply clicking on a port.
Chapter 7: Monitoring To view the packet size windows, click Monitoring > Packet Size: Click on the Apply button to accept the changes made. To view the Packet Size Table window, click the link View Table, which will show the following table: In this window, the following parameters can be configured: Parameters Description Port Use the drop-down menu to choose the port that will display statistics. Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds.
Memory Utilization Parameters Description 64 The total number of packets (including bad packets) received that were 64 octets in length (excluding framing bits but including FCS octets). 65-127 The total number of packets (including bad packets) received that were between 65 and 127 octets in length inclusive (excluding framing bits but including FCS octets).
Chapter 7: Monitoring Packets Folder The Web Manager allows various packet statistics to be viewed as either a line graph or a table. Six windows are offered. Received (Rx) These windows display the Rx packets on the Switch. To select a port to view these statistics for, select the port by using the Port pull-down menu. The user may also use the real-time graphic of the Switch at the top of the Web page by simply clicking on a port.
Packets Folder To view the Received (Rx) Table window, click View Table. In this window, the following parameters can be configured: Parameters Description Port Use the drop-down menu to choose the port that will display statistics. Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second. Record Number Select number of times the Switch will be polled between 20 and 200. The default value is 200.
Chapter 7: Monitoring UMB_cast (Rx) These windows display the UMB_cast Rx packets on the Switch. To select a port to view these statistics for, select the port by using the Port pull-down menu. The user may also use the real-time graphic of the Switch at the top of the Web page by simply clicking on a port. To view the following graph of UMB cast packets received on the Switch, click Monitoring > Packets > UMB_cast (Rx): Click on the Apply button to accept the changes made.
Packets Folder To view the UMB_cast (Rx) Table window, click the View Table link. In this window, the following parameters can be configured: Parameters Description Port Use the drop-down menu to choose the port that will display statistics. Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second. Record Number Select number of times the Switch will be polled between 20 and 200. The default value is 200.
Chapter 7: Monitoring Transmitted (Tx) These windows display the Transmittd (Tx) packets on the Switch.To select a port to view these statistics for, select the port by using the Port pull-down menu. The user may also use the real-time graphic of the Switch at the top of the Web page by simply clicking on a port. To view the following graph of packets transmitted from the Switch, click Monitoring > Packets > Transmitted (Tx): Click on the Apply button to accept the changes made.
Packets Folder To view the Transmitted (Tx) Table window, click the link View Table. In this window, the following parameters can be configured: Parameters Description Port Use the drop-down menu to choose the port that will display statistics. Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second. Record Number Select number of times the Switch will be polled between 20 and 200. The default value is 200.
Chapter 7: Monitoring Errors Folder The Web Manager allows port error statistics compiled by the Switch's management agent to be viewed as either a line graph or a table. Four windows are offered. Received (RX) To select a port to view these statistics for, select the port by using the Port pull-down menu. The user may also use the real-time graphic of the Switch at the top of the Web page by simply clicking on a port.
Errors Folder To view the Received (Rx) Table window for errors, click the link View Table, which will show the following table: In this window, the following parameters can be configured: Parameters Description Port Use the drop-down menu to choose the port that will display statistics. Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second. Record Number Select number of times the Switch will be polled between 20 and 200.
Chapter 7: Monitoring Click on the Clear button to clear the data. Transmitted (TX) To select a port to view these statistics for, select the port by using the Port pull-down menu. The user may also use the real-time graphic of the Switch at the top of the Web page by simply clicking on a port. To view the following graph of error packets received on the Switch, click the Monitoring > Errors > Transmitted (Tx) : Click on the Apply button to accept the changes made.
Errors Folder To view the Transmitted (Tx) Table window, click the link View Table, which will show the following table: In this window, the following parameters can be configured: Parameters Description Port Use the drop-down menu to choose the port that will display statistics. Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second. Record Number Select number of times the Switch will be polled between 20 and 200.
Chapter 7: Monitoring Port Access Control Folder The following six windows are used to monitor 802.1X statistics of the Switch, on a per port basis. RADIUS Authentication This table contains information concerning the activity of the RADIUS authentication client on the client side of the RADIUS authentication protocol.
Port Access Control Folder Parameters Description AccessChallenges The number of RADIUS Access-Challenge packets (valid or invalid) received from this server. AccessResponses The number of malformed RADIUS Access-Response packets received from this server. Malformed packets include packets with an invalid length. Bad authenticators or Signature attributes or known types are not included as malformed access responses.
Chapter 7: Monitoring In this window, the following parameters can be configured: Parameters Description InvalidServerAddresses The number of RADIUS Accounting-Response packets received from unknown addresses. Identifier The NAS-Identifier of the RADIUS account. (This is not necessarily the same as sysName in MIB II.) ServerIndex The identification number assigned to each RADIUS Accounting server that it shares a secret with.
Port Access Control Folder To view the Authenticator State window for Port-based, click Monitoring > Port Access Control > Authenticator State: Extreme Networks EAS 100-24t Switch Software Manual 177
Chapter 7: Monitoring To view the Authenticator State window for MAC-based, click Monitoring > Port Access Control > Authenticator State: This window displays the Authenticator State for individual ports on a selected device. A polling interval between 1s and 60s seconds can be set using the drop-down menu at the top of the window and clicking OK. The information on this window is described as follows: Parameters Description MAC Address The MAC Address of the device of the corresponding index number.
Port Access Control Folder To view the Authenticator Statistics window for Port-based, click Monitoring > Port Access Control > Authenticator Statistics: Extreme Networks EAS 100-24t Switch Software Manual 179
Chapter 7: Monitoring To view the Authenticator Statistics window for MAC-based, click Monitoring > Port Access Control > Authenticator Statistics: The user may also select the desired time interval to update the statistics, between 1s and 60s, where “s” stands for seconds. The default value is one second. The following fields can be viewed: Parameters Description Port The identification number assigned to the Port by the System in which the Port resides.
Port Access Control Folder Parameters Description Rx Resp The number of valid EAP Response frames (other than Resp/Id frames) that have been received by this Authenticator. Rx Invalid The number of EAPOL frames that have been received by this Authenticator in which the frame type is not recognized. Rx Error The number of EAPOL frames that have been received by this Authenticator in which the Packet Body Length field is invalid.
Chapter 7: Monitoring To view the Authenticator Session Statistics window for MAC-based, click Monitoring > Port Access Control > Authenticator Session Statistics: The user may select the desired time interval to update the statistics, between 1s and 60s, where “s” stands for seconds. The default value is one second. The following fields can be viewed: Parameters Description Port The identification number assigned to the Port by the System in which the Port resides.
Port Access Control Folder Parameters Description Terminate Cause The reason for the session termination. There are eight possible reasons for termination. 1) Supplicant Logoff 2) Port Failure 3) Supplicant Restart 4) Reauthentication Failure 5) AuthControlledPortControl set to ForceUnauthorized 6) Port re-initialization 7) Port Administratively Disabled 8) Not Terminated Yet UserName The User-Name representing the identity of the Supplicant PAE.
Chapter 7: Monitoring To view the Authenticator Diagnostics window for MAC-based, click Monitoring > Port Access Control > Authenticator Diagnostics: The following fields can be viewed: Parameters Description Port The identification number assigned to the Port by the System in which the Port resides. Connect Enter Counts the number of times that the state machine transitions to the CONNECTING state from any other state.
Browse ARP Table Parameters Description Auth Reauth Counts the number of times that the state machine transitions from AUTHENTICATING to ABORTING, as a result of a reauthentication request (reAuthenticate = TRUE). Auth Start Counts the number of times that the state machine transitions from AUTHENTICATING to ABORTING, as a result of an EAPOL-Start message being received from the Supplicant.
Chapter 7: Monitoring The view this window, click Monitoring > Browse ARP Table: Click on the Find button to find a specific entry based on the parameters entered. Click on the Show Static button to display all the static entries. Click on the Clear All button to clear all the entered data from the fields. Browse VLAN This window allows the VLAN status for each of the Switch's ports to be viewed by VLAN. Enter a VID (VLAN ID) in the field at the top of the window and click the Find button.
IGMP Snooping Folder Browse IGMP Router Port This window displays which of the Switch’s ports are currently configured as router ports. A router port configured by a user (using the console or Web-based management interfaces) is displayed as a static router port, designated by S. A router port that is dynamically configured by the Switch is designated by D, while a Forbidden port is designated by F.
Chapter 7: Monitoring Click on the Find button to find a specific entry based on the parameters entered. Click on the View All button to view all the existing entries. NOTE To configure IGMP snooping for the Switch, go to the L2 Features folder and select IGMP Snooping > IGMP Snooping Settings. IGMP Snooping Host This window displays current IGMP Snooping host information on the Switch.
LLDP Folder To view this window, click Monitoring > MLD Snooping > Browse MLD Router Port: MLD Snooping Group The following window allows the user to view MLD Snooping Groups present on the Switch. MLD Snooping is an IPv6 function comparable to IGMP Snooping for IPv4. To view this window, click Monitoring > MLD Snooping > MLD Snooping Group: Click on the Find button to find a specific entry based on the parameters entered. Click on the View All button to view all the existing entries.
Chapter 7: Monitoring LLDP Statistics System To view this window, click Monitoring > LLDP > LLDP Statistics System: In this window, the following parameters can be configured: Parameters Description Port Specifies the port to be used for this configuration. Click on the Find button to find a specific entry based on the parameters entered.
LLDP Folder After clicking the Show Normal button, the following window will appear: In this window, the following parameters can be configured: Parameters Description Port Specifies the port to be used for this configuration. To find the specific entry entered, click on the Find button. To view the brief display for the selected port, click on the Show Brief button.
Chapter 7: Monitoring After clicking the Show Normal button, the following window will appear: MBA Authentication State To view the MBA Authentication State window, click Monitoring > MBA Authentication State: In this window, the following parameters can be configured: Parameters Description Port List Specifies the list of port to be used for this configuration. To find the specific entry entered, click on the Find button. To clear by port, click on the Clear By Port button.
MAC Address Table MAC Address Table This allows the Switch's dynamic MAC address forwarding table to be viewed. When the Switch learns an association between a MAC address and a port number, it makes an entry into its forwarding table. These entries are then used to forward packets through the Switch.
Chapter 7: Monitoring To view the Switch history log, click Monitoring > System Log: The Switch can record event information in its own logs. Click Next to go to the next page of the System Log window. Clicking Clear will allow the user to clear the Switch History Log. In this window, the following parameters can be configured: Parameters Description Index A counter incremented whenever an entry to the Switch's history log is made. The table displays the last entry (highest sequence number) first.
8 Save and Tools CHAPTER The three Save windows include: Save Configuration, Save Log, and Save All. Each version of the window will aid the user in saving configurations to the Switch’s memory. The options include: ● Save Configuration to save the current configuration file. ● Save Log to save only the current log. ● Save All to save the current configuration file and log.
Chapter 8: Save and Tools Save Log Open the Save drop-down menu at the top of the Web manager and click Save Log to open the following window: Save All Open the Save drop-down menu at the top of the Web manager and click Save All to open the following window: Extreme Networks EAS 100-24t Switch Software Manual 196
Configuration File Upload & Download Configuration File Upload & Download The Switch can upload and download configuration files. Open the Tools drop-down menu on the left-hand side of the menu bar at the top of the Web manager and click Configuration File Upload & Download to open the following window: Use the radio button to select IPv4 and specify File name or use the radio button to select IPv6, enter a Server IP, Interface Name, and File name.
Chapter 8: Save and Tools Reset The Reset function has several options when resetting the Switch. Some of the current configuration parameters can be retained while resetting all other configuration parameters to their factory defaults. NOTE Only the Reset System option will enter the factory default parameters into the Switch's non-volatile RAM, and then restart the Switch. All other options enter the factory defaults into the current configuration, but do not save this configuration.
Download Firmware Open the Tools drop-down menu on the left-hand side of the menu bar at the top of the Web manager and click Ping Test to open the following window: You may click the Infinite times radio button, in the Repeat Pinging for field, which will tell the ping program to keep sending ICMP Echo packets to the specified IP address until the program is stopped.
Chapter 8: Save and Tools Open the Tools drop-down menu on the left-hand side of the menu bar at the top of the Web manager and click Download Firmware to open the following window: Use the radio button to select either IPv4 or IPv6. Enter the TFTP Server IP address for the type of IP selected. Specify the path/file name of the TFTP File. Select the desired Image ID, 1(Boot Up) or 2. Click Download to initiate the file transfer. Reboot System The following window is used to restart the Switch.
A System Log Entries APPENDIX The following table lists all possible entries and their corresponding meanings that will appear in the System Log of this Switch.
Appendix A: System Log Entries Category Interface Console Web Event Description Log Content Severity Configuration download was unsuccessful Configuration download was unsuccessful! (Username: , IP: ) Warning Configuration download by console was unsuccessful Configuration download by console was unsuccessful! (Username: ) Warning Configuration successfully uploaded Configuration successfully uploaded (Username: , IP: ) Informational Configuratio
Category Event Description Log Content Severity Login failed through Web (SSL) Login failed through Web (SSL) (Username: , IP: ) Warning Logout through Web (SSL) Logout through Web (SSL) (Username: , IP: ) Informational Web (SSL) session timed out Web (SSL) session timed out (Username: , IP: ) Informational Successful login through Telnet Successful login through Telnet (Username: , IP: ) Informational Login failed throu
Appendix A: System Log Entries Category Event Description Log Content Severity Successful login through Console authenticated by AAA local method Successful login through Console authenticated by AAA local method (Username: ) Informational Login failed through Console authenticated by AAA local method Login failed through Console authenticated by AAA local method (Username: ) Warning Successful login through Web authenticated by AAA local method Successful login through Web f
Category Event Description Log Content Severity Login failed through Console due to AAA server timeout or improper configuration Login failed through Console due to Warning AAA server timeout or improper configuration (Username:) Successful login through Web authenticated by AAA server Informational Successful login through Web from authenticated by AAA server (Username: ) Login failed through Web authenticated Login failed through Web from Warning by AAA serv
Appendix A: System Log Entries Category Event Description Log Content Enable Admin failed through Web authenticated by AAA local_enable method Enable Admin failed through Web from Warning authenticated by AAA local_enable method (Username: ) Successful Enable Admin through Web(SSL) authenticated by AAA local_enable method Successful Enable Admin through Web(SSL) from authenticated by AAA local_enable method (Username: ) Enable Admin failed through Web(SSL) Enabl
Category Event Description Log Content Enable Admin failed through Console due to AAA server timeout or improper configuration Enable Admin failed through Console Warning due to AAA server timeout or improper configuration (Username: ) Successful Enable Admin through Web Successful Enable Admin through authenticated by AAA server Web from authenticated by AAA server (Username: ) Severity Informational Enable Admin failed through Web authenticated by AAA server
Appendix A: System Log Entries Category Port security IP and Password Changed Packet Storm 802.
Category Event Description Log Content MAC-based Access Control MAC-based Access Control host login successful MAC-based Access Control host login Informational successful (MAC: , port: , VID: ) MAC-based Access Control unauthenticated host MAC-based Access Control unauthenticated host(MAC: , Port: , VID: ) MAC-based Access Control host aged out MAC-based Access Control host aged Informational out (MAC: , port: , VID: )
Appendix A: System Log Entries Extreme Networks EAS 100-24t Switch Software Manual 210
B Trap List APPENDIX Trap Name/OID Variable Bind Format Description MIB Name coldStart None V2 RFC1907 1.3.6.1.6.3.1.1.5.1 warmStart A coldStart trap signifies that the SNMPv2 entity, acting in an agent role, is reinitializing itself and that its configuration may have been altered. (SNMPv2-MIB) None V2 A warmStart trap signifies RFC1907 that the SNMPv2 entity, (SNMPv2-MIB) acting in an agent role, is reinitializing itself such that its configuration is unaltered.
Appendix B: Trap List Trap Name/OID Variable Bind Format Description linkUp ifIndex, V2 1.3.6.1.6.3.1.1.5.4 ifAdminStatus, ifOperStatus MIB Name A linkUp trap signifies that RFC2863 the SNMP entity, acting in an (IF-MIB) agent role, has detected that the ifOperStatus object for one of its communication links left the down state and transitioned into some other state (but not into the notPresent state). This other state is indicated by the included value of ifOperStatus. newRoot None V2 1.3.6.
Trap Name/OID Variable Bind Format Description lldpRemTablesChange lldpStatsRemTablesInserts, V2 1.0.8802.1.1.2.0.0.1 lldpStatsRemTablesDeletes, lldpStatsRemTablesDrops, lldpStatsRemTablesAgeouts MIB Name A lldpRemTablesChange LLDP notification is sent when the (LLDP-MIB) value of lldpStatsRemTableLastChang eTime changes. It can be utilized by an NMS to trigger LLDP remote systems table maintenance polls.
Appendix B: Trap List Extreme Networks EAS 100-24t Switch Software Manual 214