User Manual

ManualsBrandsNETGEAR ManualsComputers & Accessories40x1G PoE+ 480W and 8xSFP Managed Switch

Table Of Contents

Main User Manual

AV Line of Fully Managed Switches

M4250 Series

Firmware version 13.0.0 and later versions

NETGEAR, Inc.

350 E. Plumeria DriveNovember 2021

San Jose, CA 95134, USA202-12091-03

Summary of content (826 pages)

PAGE 1
Main User Manual AV Line of Fully Managed Switches M4250 Series Firmware version 13.0.0 and later versions November 2021 202-12091-03 NETGEAR, Inc. 350 E.
PAGE 2
AV Line of Fully Managed Switches M4250 Series Main User Manual Support and Community Visit netgear.com/support to get your questions answered and access the latest downloads. You can also check out our NETGEAR Community for helpful advice at community.netgear.com. Regulatory and Legal Si ce produit est vendu au Canada, vous pouvez accéder à ce document en français canadien à https://www.netgear.com/support/download/.
PAGE 3
AV Line of Fully Managed Switches M4250 Series Main User Manual Revision History Publication Part Number Publish Date Comments 202-12091-03 November 2021 We changed the following sections: Log in to the main UI with a web browser on page 26 Log in to the main UI using the switch default IP address on page 26 Configure the IPv4 service port on page 49 Add an SNMPv3 user account on page 159 Configure user password requirements on page 497 Configure the HTTPS access settings on page 526 Manage certificat
PAGE 4
Contents Chapter 1 Get Started with the Main UI Supported switches............................................................................23 Available publications and online help...........................................24 Register your product........................................................................24 Main local browser UI overview........................................................25 Log in to the main UI with a web browser.......................................
PAGE 5
AV Line of Fully Managed Switches M4250 Series Main User Manual Manage the IPv6 default route addresses for the IPv6 management VLAN.......................................................................61 Configure an IPv6 management interface..................................62 Manage IPv6 addresses for the IPv6 management interface....64 Manage the IPv6 default route addresses for the IPv6 management interface..................................................................65 Time and SNTP settings....
PAGE 6
AV Line of Fully Managed Switches M4250 Series Main User Manual Create a DHCP pool...............................................................102 Change a DHCP pool.............................................................105 Remove a DHCP pool.............................................................106 Configure DHCP pool options...................................................106 Display DHCP server statistics....................................................107 Display the DHCP bindings...
PAGE 7
AV Line of Fully Managed Switches M4250 Series Main User Manual Timer schedules...............................................................................145 Create a timer schedule..............................................................145 Specify the settings for an absolute timer schedule...............146 Specify the settings for a recurring timer schedule.................147 Change the settings for a recurring timer schedule entry......149 Delete a timer schedule entry.......................
PAGE 8
AV Line of Fully Managed Switches M4250 Series Main User Manual Display or clear ISDP neighbor information.............................187 Display or clear ISDP statistics....................................................188 Chapter 3 Configure Switching Information VLANs................................................................................................191 Manage the VLAN configuration on the switch.......................191 Add a VLAN.........................................................
PAGE 9
AV Line of Fully Managed Switches M4250 Series Main User Manual Configure the CST settings and display the CST status..........229 Configure the CST interface settings........................................231 Display the CST interface Status................................................234 Manage MST instances...............................................................236 Add an MST instance and display the MST status..............236 Change an MST instance...........................................
PAGE 10
AV Line of Fully Managed Switches M4250 Series Main User Manual Configure an MLD multicast router interface...........................278 Configure an MLD multicast router VLAN................................279 Configure the MLD snooping querier global settings............280 Configure an MLD snooping querier for a VLAN....................281 Remove the MLD snooping querier settings for a VLAN........283 Multicast VLAN registration............................................................
PAGE 11
AV Line of Fully Managed Switches M4250 Series Main User Manual Configure the loop protection settings for interfaces and display the loop protection state............................................................335 Chapter 4 Manage Routing Routing concepts.............................................................................338 Routing table, routes and route preferences................................338 Configure a route and display learned routes.........................338 Delete a route....
PAGE 12
AV Line of Fully Managed Switches M4250 Series Main User Manual Configure the global RIP settings for the switch......................384 Configure RIP interface settings................................................386 Configure the RIP route redistribution settings and display the route redistribution summary....................................................388 Router discovery and router advertisements................................
PAGE 13
AV Line of Fully Managed Switches M4250 Series Main User Manual Delete a multicast admin boundary configuration for an interface........................................................................................425 IPv6 multicast routing and the IPv6 multicast route table...........426 Display the IPv6 multicast route table.......................................426 PIM for IPv6 multicast routing.........................................................
PAGE 14
AV Line of Fully Managed Switches M4250 Series Main User Manual Differentiated Services.....................................................................464 Defining DiffServ..........................................................................464 DiffServ wizard overview.............................................................465 Use the DiffServ wizard to create a traffic class and policy for one or more interfaces........................................................................
PAGE 15
AV Line of Fully Managed Switches M4250 Series Main User Manual Add a RADIUS accounting server to the switch..................507 Modify the settings for a RADIUS accounting server on the switch........................................................................................509 Remove a RADIUS accounting server from the switch.......510 TACACS+ serversConfiguration TACACS....................................510 Configure the global TACACS+ settings..................................
PAGE 16
AV Line of Fully Managed Switches M4250 Series Main User Manual Display the access profile summary and the number of filtered packets..........................................................................................549 Deactivate an access profile.......................................................550 Remove an access profile...........................................................551 Port authenticationport authentication.........................................551 Configure the global 802.
PAGE 17
AV Line of Fully Managed Switches M4250 Series Main User Manual Private VLAN promiscuous trunk interface: Add primary and secondary VLANs to the trunk....................................................589 Private VLAN promiscuous trunk interface: Remove primary and secondary VLANs from the trunk...............................................590 Private VLAN isolated trunk interface: Add primary and secondary VLANs to the trunk.......................................................................
PAGE 18
AV Line of Fully Managed Switches M4250 Series Main User Manual Create a DAI access control list.................................................627 Configure a rule for an existing DAI ACL..................................627 Delete a rule from an existing DAI ACL....................................628 Delete a DAI access control list..................................................629 Display the DAI statistics.............................................................630 Captive portals..............
PAGE 19
AV Line of Fully Managed Switches M4250 Series Main User Manual Configure rules for an extended IPv4 ACL...............................671 Add a rule for an extended IPv4 ACL...................................671 Modify the match criteria for an extended IPv4 ACL rule...678 Delete an extended IPv4 ACL rule........................................679 Configure an IPv6 ACL................................................................679 Add an IPv6 ACL........................................................
PAGE 20
AV Line of Fully Managed Switches M4250 Series Main User Manual Configure an sFlow receiver.......................................................727 Configure sFlow polling and sampling on an interface..........729 Display license information.............................................................730 Display license key information.................................................730 Display features to which the license applies..........................
PAGE 21
AV Line of Fully Managed Switches M4250 Series Main User Manual MAC ACL sample configuration................................................769 Basic IP ACL sample configuration............................................770 Differentiated Services (DiffServ)....................................................771 Class..............................................................................................772 DiffServ traffic classes..................................................................
PAGE 22
1 Get Started with the Main UI This user manual is for the AV Line of Fully Managed Switches M4250 Series and covers all M4250 switch models. This chapter provides an overview of how you can using your switch and access the main local browser user interface (UI).
PAGE 23
AV Line of Fully Managed Switches M4250 Series Main User Manual Supported switches This release and this main user manual are for the following M4250 switch models: • • • 8-port PoE+ and PoE++ models: - M4250-10G2F-PoE+ (SKU GSM4212P): Eight PoE+ (802.3at) 1GBASE-T RJ-45 ports, two 1GBASE-T RJ-45 ports, and two 1G SFP fiber uplink ports. The total PoE budget for the switch is 125W. - M4250-10G2XF-PoE+ (SKU GSM4212PX): Eight PoE+ (802.
PAGE 24
AV Line of Fully Managed Switches M4250 Series Main User Manual • Special models: - M4250-12M2XF (SKU MSM4214X): LED tiles model with 2.5 Gbps ports. Twelve 2.5GBASE-T RJ-45 ports and two 10G SFP+ fiber uplink ports. - M4250-16XF (SKU XSM4216F): Aggregation model with sixteen 10G SFP+ fiber ports. Twelve ports also support 1G speed with autonegotiation. Four ports can be manually set to 1G speed.
PAGE 25
AV Line of Fully Managed Switches M4250 Series Main User Manual To register your switch with NETGEAR: 1. Visit the NETGEAR website for registration at https://my.netgear.com/registration/login.aspx. 2. Click the Login button, and follow the directions onscreen to register the switch with your NETGEAR email address and password.
PAGE 26
AV Line of Fully Managed Switches M4250 Series Main User Manual Log in to the main UI with a web browser If this is the first time that you log in to the switch and you must use the default IP address of the switch, see the information in the installation guide. You can use a web browser to access the switch and log in. You must be able to ping the IP address of the management interface or out-of-band (OOB) port from your computer for web access to be available.
PAGE 27
AV Line of Fully Managed Switches M4250 Series Main User Manual 6. Click the Main UI Login button. The main UI login page displays in a new tab. 7. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays.
PAGE 28
AV Line of Fully Managed Switches M4250 Series Main User Manual Main UI buttons and user-defined fields The following table shows the command buttons that are used on the pages in the main UI: Table 1. Main UI command buttons Button Function Add Clicking the Add button adds the new item configured in the heading row of a table. Apply Clicking the Apply button sends the updated configuration to the switch. Configuration changes take effect immediately.
PAGE 29
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 3. Naming conventions for interfaces Interface Description Example Physical interfaces Depending on the model, the physical ports are 1G, 2.5G,or 10G Ethernet interfaces or 1G or 10G fiber interfaces. The interface number consists of the switch number (always 0) followed by a forward slash and the port number, which is a sequential number starting from 1.
PAGE 30
AV Line of Fully Managed Switches M4250 Series Main User Manual To access the online support link: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required.
PAGE 31
AV Line of Fully Managed Switches M4250 Series Main User Manual The Device View front view of the switch displays. As an example, the following figure shows the front view of model M4250-10G2F-PoE+. 6. To display the back view, click the B button. The B button changes into the F button. (Clicking the F button displays the front view again.) As an example, the following figure shows the back view of model M4250-10G2F-PoE+. The port coloring indicates the port status: • Black.
PAGE 32
AV Line of Fully Managed Switches M4250 Series Main User Manual As an example, the following figure shows the back view of model M4250-10G2F-PoE+ with a partial view of the menus that let you configure a port. 8. To display the menus that let you configure global switch settings, right-click the back view anywhere other than on a port. As an example, the following figure shows the back view of model M4250-10G2F-PoE+ with menus that let you configure global switch settings.
PAGE 33
AV Line of Fully Managed Switches M4250 Series Main User Manual The switch uses both standard public MIBs for standard functionality and private MIBs that support additional switch functionality. All private MIBs begin with a “-” prefix. The main object for interface configuration is in -SWITCHING-MIB, which is a private MIB. Some interface configurations also involve objects in the public MIB, IF-MIB. SNMP is enabled by default.
PAGE 34
AV Line of Fully Managed Switches M4250 Series Main User Manual 8. Click the Apply button. Your settings are saved. 9. To save the settings to the running configuration, click the Save icon. Note: To access configuration information for SNMP V1 or SNMP V2, select System > SNMP > SNMPv1/v2 and select the page that contains the information that you want to configure.
PAGE 35
2 Configure Switch System Information This chapter covers the following topics: • • • • • • • • • • • • • • • • • • • • • • • Switch system information Loopback interface IPv4 management interfaces and VLANs IPv6 management interfaces and VLANs Time and SNTP settings Precision Time Protocol Domain Name System Switch database management template Green Ethernet settings Bonjour settings IPv4 DHCP server DHCP relay and relay statistics DHCP Layer 2 relay UDP relay DHCPv6 server DHCPv6 relay interface Power ov
PAGE 36
AV Line of Fully Managed Switches M4250 Series Main User Manual Switch system information You can view and configure the switch system information. View and configure switch system information When you log in, the System Information page displays. You can configure and view general device information. To view and define system information: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button.
PAGE 37
AV Line of Fully Managed Switches M4250 Series Main User Manual 5. Select System > Management > System Information. 6. Define the following fields: • System Name: Enter the name to identify this switch. You can use up to 255 alphanumeric characters. The factory default is blank. • System Location: Enter the location of this switch. You can use up to 255 alphanumeric characters. The factory default is blank. • System Contact: Enter the contact person for this switch.
PAGE 38
AV Line of Fully Managed Switches M4250 Series Main User Manual • Routing Loopback Interface • Service Port • Different. For some applications from the list, the source interface is configured separately. They display in the list only if this is the case. By default VLAN 1 is used as the source interface. 7. Click the Apply button. Your settings are saved. 8. To save the settings to the running configuration, click the Save icon.
PAGE 39
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 4. Application Information and System Information (Continued) Field Description Current SNTP Sync Status The current SNTP sync status. System SNMP OID The base object ID for the switch's enterprise MIB. System Mac Address Universally assigned network address. Current SNTP Synchronized Time The SNTP synchronized time. View the fan status This page shows the status of the fans in all units.
PAGE 40
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 5. Fan Status Field Description FAN-1 The working status of the system fan 1. FAN-2 The working status of the system fan 2. View the temperature sensor information You can view the current temperature of different system sensors using the Temperature Status table. To view temperature information: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3.
PAGE 41
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 6. Temperature Status information Field Description sensor-1 The current temperature in degrees Centigrade. Max Operating Temperature The maximum supported operating temperature in degrees Centigrade. View the device status and firmware version You can view the device status and firmware version. To view the device status and firmware version: 1. Launch a web browser. 2.
PAGE 42
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 7. Device Status (Continued) Field Description CPLD Version The version of the software for CPLD. Serial Number The serial number of this switch. PS-1 Indicates the status of the power supply in the switch.The status can be any of the following: • Operational: The power supply is present and functioning properly. • Failed: The power supply is present, but the power cable is not plugged in or a bad cable is plugged in.
PAGE 43
AV Line of Fully Managed Switches M4250 Series Main User Manual The CPU memory status includes the total memory of the switch in KBytes and the available memory space for the switch in KBytes. The CPU utilization shows the CPU utilization by the various processes on the switch. Configure the CPU thresholds You to configure CPU thresholds that, when crossed, trigger a notification. The notification occurs through SNMP trap and syslog messages. To configure the CPU thresholds: 1. Launch a web browser. 2.
PAGE 44
AV Line of Fully Managed Switches M4250 Series Main User Manual • Free Memory Threshold: Configure the CPU free memory threshold value in KB. 7. Click the Apply button. Your settings are saved. 8. To save the settings to the running configuration, click the Save icon. View or clear switch statistics To view or clear the switch statistics: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button.
PAGE 45
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 8. Switch statistics information (Continued) Field Description Packets Received Without Errors The total number of packets (including broadcast packets and multicast packets) received by the processor. Unicast Packets Received The number of subnetwork-unicast packets delivered to a higher-layer protocol. Multicast Packets Received The total number of packets received that were directed to a multicast address.
PAGE 46
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 8. Switch statistics information (Continued) Field Description Dynamic VLAN Entries The number of presently active VLAN entries on this switch that were created by GVRP registration. VLAN Deletes The number of VLANs on this switch that were created and then deleted since the last reboot. Time Since Counters Last Cleared The elapsed time, in days, hours, minutes, and seconds, since the statistics for this switch were last cleared.
PAGE 47
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 9. USB Memory Statistics information Field Description Total Size The USB flash device storage size in bytes. Bytes Used The size of memory used on the USB flash device. Bytes Free The size of memory free on the USB flash device. The following table describes the information in the USB Directory Details section. Table 10.
PAGE 48
AV Line of Fully Managed Switches M4250 Series Main User Manual The Loopback Interface page displays. 6. From the Loopback Interface Type menu, select IPv4 or IPv6. 7. From the Loopback ID menu, select an interface. 8. Configure the following settings, depending on the type of loopback interface: • IPv4: For an IPv4 interface, configure the following settings: • Primary IP Address: Enter the primary IPv4 address for this interface in dotted-decimal notation.
PAGE 49
AV Line of Fully Managed Switches M4250 Series Main User Manual network traffic on the switch ports and cannot be switched or routed to the operational network. • Management VLAN interface: The management VLAN is the logical interface used for in-band connectivity with the switch over any of the switch's network interfaces. To access the switch over a network you must first configure an IP address and subnet mask for the switch.
PAGE 50
AV Line of Fully Managed Switches M4250 Series Main User Manual • Bootp: During the next boot cycle, the BootP client on the device broadcasts a BootP request to acquire information from a BootP server on the network. The IP Address, Subnet Mask, and Default Gateway field display the information is dynamically acquired. • DHCP: During the next boot cycle, the DHCP client on the device broadcasts a DHCP request to acquire information from a DHCP server on the network.
PAGE 51
AV Line of Fully Managed Switches M4250 Series Main User Manual associated with the switch’s management VLAN do not affect the configuration of the front panel ports through which traffic is switched or routed. To access the switch over a network you must first configure an IP address and subnet mask for the switch.
PAGE 52
AV Line of Fully Managed Switches M4250 Series Main User Manual 8. Select the Configuration Method DHCP or Manual radio button to specify the switch startup action: • DHCP: The switch requests IP address information from a DHCP server. • Manual: The switch loads the IP address information that you specify: • IP Address: Specify the IP address of the interface. The default value is 169.254.100.100. • Subnet Mask: Specify the IP subnet mask for the interface.
PAGE 53
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 12. Nonconfigurable IPv4 management interface status information (Continued) Field Description Subnet Mask The IP subnet mask for the management interface. Gateway The specified default gateway for the management interface. Configure an IPv4 management interface You can restrict IPv4 management to one specific interface. By default, you can use any of the interfaces as an IPv4 management interface.
PAGE 54
AV Line of Fully Managed Switches M4250 Series Main User Manual • Subnet Mask: Specify the subnet mask for the management interface. The default subnet mask is 255.255.0.0. • Gateway: Specify the IP address of the default gateway for the management interface. The default IP address is 0.0.0.0. 9. Click the Apply button. Your settings are saved. 10. To save the settings to the running configuration, click the Save icon.
PAGE 55
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 13. Nonconfigurable IPv4 management interface status information (Continued) Field Description Subnet Mask The IP subnet mask for the management interface. Gateway The specified default gateway for the management interface. IPv6 management interfaces and VLANs The main UI provides separate options for IPv6 interface and port-based IP management. If you configure port-based IP management, VLAN-based IP management is disabled.
PAGE 56
AV Line of Fully Managed Switches M4250 Series Main User Manual To configure the IPv6 service port: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required.
PAGE 57
AV Line of Fully Managed Switches M4250 Series Main User Manual 10. Click the Apply button. Your settings are saved. 11. To save the settings to the running configuration, click the Save icon. Manage IPv6 addresses for the IPv6 service port You can add a static IPv6 address that is specific to the IPv6 service port. You can also remove an IPv6 address that you no longer need for the IPv6 service port. To add or remove an IPv6 address for the IPv6 service port: 1. Launch a web browser. 2.
PAGE 58
AV Line of Fully Managed Switches M4250 Series Main User Manual The IPv6 address is removed from the IPv6 service port. 8. To save the settings to the running configuration, click the Save icon. Configure an IPv6 management VLAN For you to manage the switch over the main UI, you must define the management IP address. A management VLAN interface is created by default and it gets an IP address if a DHCP server is present.
PAGE 59
AV Line of Fully Managed Switches M4250 Series Main User Manual The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select System > Management > Management Interfaces > IPv6 Management VLAN Configuration.
PAGE 60
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 14. Current IPv6 management interface status information Field Description Management Interface The IPv6 management interface. (By default, no IPv6 management interface is configured). Link State Indicates if the link status is up or down. IPv6 Routing Interface Status/Operational Mode Indicates if the link status is up or down for the IPv6 management interface.
PAGE 61
AV Line of Fully Managed Switches M4250 Series Main User Manual 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select System > Management > Management Interfaces > IPv6 Management VLAN Configuration. The IPv6 Management VLAN Configuration page displays.
PAGE 62
AV Line of Fully Managed Switches M4250 Series Main User Manual The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5.
PAGE 63
AV Line of Fully Managed Switches M4250 Series Main User Manual 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5.
PAGE 64
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 15. Current IPv6 management interface status information Field Description Management Interface The IPv6 management interface. (By default, no IPv6 management interface is configured). Link State Indicates if the link status is up or down. IPv6 Routing Interface Status/Operational Mode Indicates if the link status is up or down for the IPv6 management interface.
PAGE 65
AV Line of Fully Managed Switches M4250 Series Main User Manual 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select System > Management > Management Interfaces > IPv6 Management Interface Configuration. The IPv6 Management Interface Configuration page displays.
PAGE 66
AV Line of Fully Managed Switches M4250 Series Main User Manual To add or remove an IPv6 default route address for the IPv6 management interface: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required.
PAGE 67
AV Line of Fully Managed Switches M4250 Series Main User Manual synchronizing the clocks of networked computer systems, primarily when data transfer is handled through the Internet. You can also set the system time manually. Configure the time setting manually To configure the time setting manually 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button.
PAGE 68
AV Line of Fully Managed Switches M4250 Series Main User Manual 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select System > Management > Time > Time Configuration.
PAGE 69
AV Line of Fully Managed Switches M4250 Series Main User Manual • Routing VLAN: The primary IP address of a VLAN routing interface is used as the source address. • Routing loopback interface: The primary IP address of a routing loopback interface is used as the source address. • Tunnel interface: The IPv6 tunnel interface. • Service port: The management port source IP address is used as the source address. By default VLAN 1 is used as the source interface. 10.
PAGE 70
AV Line of Fully Managed Switches M4250 Series Main User Manual The range is from 0 to 59. The default is 0. 17. Click the Apply button. Your settings are saved. 18. To save the settings to the running configuration, click the Save icon. View the SNTP global status When you select the SNTP option as the clock source, you can view the SNTP global status. To view SNTP global status: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch.
PAGE 71
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 16. SNTP global status information (Continued) Field Description Last Attempt Status The status of the last SNTP request or unsolicited message for both unicast and broadcast modes. If no message was received from a server, a status of Other is displayed. These values are appropriate for all operational modes. • Other: None of the following enumeration values.
PAGE 72
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 16. SNTP global status information (Continued) Field Description Unicast Server Current The number of current valid unicast server entries configured for this client. Entries Broadcast Count The number of unsolicited broadcast SNTP messages that were received and processed by the SNTP client since the last reboot. Configure SNTP servers SNTP assures accurate time synchronization for network device clock, up to the millisecond.
PAGE 73
AV Line of Fully Managed Switches M4250 Series Main User Manual synchronizing device time because it is the most secure method. If this method is selected, SNTP information is accepted only from SNTP servers that are configured on the switch. The switch retrieves synchronization information, either by actively requesting information or at every poll interval. Add an SNTP server To add an SNTP server: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch.
PAGE 74
AV Line of Fully Managed Switches M4250 Series Main User Manual to an SNTP server with a priority value of 1 first, then to a server with a priority value of 2, and so on. If any servers are assigned the same priority, the SNTP client contacts the servers in the order that they appear in the table. The range is from 1 to 3. The default is 1. 10. In the NTP Version field, specify the NRP version that is supported by the switch. The range is from 1 to 4. The default is 4. 11. Click the Add button.
PAGE 75
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 17. SNTP server status information (Continued) Field Description Requests The number of SNTP requests made to this server since last agent reboot. Failed Requests The number of failed SNTP requests made to this server since last reboot. Change the settings for an existing SNTP server To change the settings for an existing SNTP server: 1. Launch a web browser. 2.
PAGE 76
AV Line of Fully Managed Switches M4250 Series Main User Manual 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select System > Management > Time > SNTP Server Configuration. The SNTP Server Configuration page displays. 6.
PAGE 77
AV Line of Fully Managed Switches M4250 Series Main User Manual • Recurring: Daylight saving time occurs at the same time every year. You must manually configure the start and end times and dates for the time shift. Configure the settings that are described in Step 7. • Recurring EU: The system clock uses the standard recurring summer time settings used in countries in the European Union. With this option, the rest of the applicable fields on the page are automatically populated and you cannot change them.
PAGE 78
AV Line of Fully Managed Switches M4250 Series Main User Manual Field Description Begins At These fields are used to configure the start values of the date and time. • Month: Configure the start month. • Date: Configure the start date. • Year: Configure the start year. • Hours: Configure the start hours. • Minutes: Configure the start minutes. Ends At These fields are used to configure the end values of date and time. • Month: Configure the end start date. • Date: Configure the end date.
PAGE 79
AV Line of Fully Managed Switches M4250 Series Main User Manual 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select System > Management > Time > Daylight Saving Configuration. The Daylight Saving Configuration page displays. 6.
PAGE 80
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 18. Daylight saving status information (Continued) Field Description Zone The zone acronym. This field is not displayed when daylight saving time is disabled. Daylight Saving (DST) in Effect Displays whether daylight saving time is in effect. Precision Time Protocol Precision Time Protocol (PTP, IEEE 1588) is a protocol that enables precise synchronization of clocks with a sub-microsecond accuracy across a packet-based network.
PAGE 81
AV Line of Fully Managed Switches M4250 Series Main User Manual 6. Select the Admin Mode Enable or Disable radio button. The default is Enable. 7. Click the Apply button. Your settings are saved. 8. To save the settings to the running configuration, click the Save icon. Manage the PTP interface settings On a standalone switch, by default, PTP is enabled globally on all interfaces. In a switch stack, by default, PTP is disabled for all interfaces.
PAGE 82
AV Line of Fully Managed Switches M4250 Series Main User Manual • To configure multiple interfaces with the same settings, select the check box associated with each interface. • To configure all interfaces with the same settings, select the check box in the heading row. 8. From the Configured Mode menu, select Enable or Disable. The default is Enable. 9. Click the Apply button. Your settings are saved. The Operational Mode field shows whether PTP is enabled or disabled for an interface. 10.
PAGE 83
AV Line of Fully Managed Switches M4250 Series Main User Manual The DNS Server Configuration table includes a default DNS server with IP address 8.8.8.8. 6. Select the DNS Status Disable or Enable radio button: • Enable: Allows the switch to send DNS queries to a DNS server to resolve a DNS domain name. The default value is Enable. • Disable: Prevents the switch from sending DNS queries. 7. In the DNS Default Name field, enter the name that must be includes in DNS queries.
PAGE 84
AV Line of Fully Managed Switches M4250 Series Main User Manual 13. To add a DNS server to which the switch sends DNS queries, do the following: a. In the DNS Server Address field in the DNS Server Configuration table, enter an IP address in standard IPv4 or IPv6 dot notation. b. Click the Add button. The server is added to the table. You can specify up to eight DNS servers. The precedence is set in the order that you add the servers. 14.
PAGE 85
AV Line of Fully Managed Switches M4250 Series Main User Manual Note: If you do not select a DNS server, all the DNS servers are removed after you click the Delete button. 7. Click the Delete button. The DNS server is removed. 8. To save the settings to the running configuration, click the Save icon. Configure and view host name-to-IP address information You can manually map host names to IP addresses or view dynamic host mappings.
PAGE 86
AV Line of Fully Managed Switches M4250 Series Main User Manual Remove an entry from the dynamic host mapping table To remove an entry from the dynamic host mapping table: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button.
PAGE 87
AV Line of Fully Managed Switches M4250 Series Main User Manual 5. Select System > Management > DNS > Host Configuration. The Host Configuration page displays. 6. Select the check box next to the entry to update. 7. Enter the new information in the appropriate field. 8. Click the Apply button. Your settings are saved. 9. To clear all the dynamic host name entries from the list, click the Clear button. 10. To save the settings to the running configuration, click the Save icon.
PAGE 88
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 21.
PAGE 89
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 22. SDM template summary information Field Description SDM Template Identifies the template. ARP Entries The maximum number of entries in the Address Resolution Protocol (ARP) cache for routing interfaces. IPv4 Unicast Routes The maximum number of IPv4 unicast forwarding table entries. IPv6 NDP Entries The maximum number of IPv6 Neighbor Discovery Protocol (NDP) cache entries.
PAGE 90
AV Line of Fully Managed Switches M4250 Series Main User Manual The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select System > Management > Green Ethernet > Green Ethernet Configuration. The Green Ethernet Configuration page displays. 6. Select the Auto Power Down Mode Disable or Enable radio button. By default, this mode is disabled.
PAGE 91
AV Line of Fully Managed Switches M4250 Series Main User Manual The System Information page displays. 5. Select System > Management > Green Ethernet > Green Ethernet Interface Configuration. The Green Ethernet Interface Configuration page displays. 6. Select one or more interfaces by taking one of the following actions: • To configure a single interface, select the check box associated with the interface, or type the interface number in the Go To Interface field and click the Go button.
PAGE 92
AV Line of Fully Managed Switches M4250 Series Main User Manual The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select System > Management > Green Ethernet > Green Ethernet Details.
PAGE 93
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 23. Green Ethernet local device information Field Description Cumulative Energy Saved on this port due to Green mode(s) (Watts * Hours) The cumulative energy saved on the port because of the green modes that are enabled on the port in watts * hours. Energy Detect Operational Status The operational state (Active or Inactive) of the Energy Detect mode.
PAGE 94
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 23. Green Ethernet local device information (Continued) Field Description Rx_dll_ready The receive DLL status, which indicates if the ‘rx system’ initialization is complete and if port is ready to receive or update LLDPDUs that contain EEE TLVs. Time Since Counters Last Cleared The time since the counters were reset.
PAGE 95
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 24. Green Ethernet remote device information Field Description Remote ID The identifier that is assigned to the link partner of the port. Remote Tw_sys_tx (uSec) The value of ‘Tw_sys’ that the link partner can support. Remote Tw_sys_tx Echo (uSec) The value of ‘transmit Tw_sys’ that the link partner returns to the port. Remote Tw_sys_rx (uSec) The value of ‘Tw_sys’ that the link partner requests from the port.
PAGE 96
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 25. Green Ethernet statistics summary information Field Description Current Power Consumption (mW) The power consumption by all ports on the switch in mWatts (mW). Percentage Power Saving (%) The percentage of power saved on all ports on the switch when green Ethernet mode is enabled. Cumulative Energy Saving (W*H) The cumulative energy saved on the switch in (watts * hour) when all green features are enabled.
PAGE 97
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 27. Green Ethernet interface summary information Field Description Interface The interface for which information is displayed. Energy Detect Admin Mode Indicates the status of the mode (Enable or Disable). If the mode is enabled and a port link is down, the underlying physical layer goes down for a short period and then checks for port link pulses again so that auto-negotiation remains possible.
PAGE 98
AV Line of Fully Managed Switches M4250 Series Main User Manual 7. In the Sampling Interval field, enter the interval at which EEE LPI data is collected. The range is from 30 to 36000 seconds.The default is 3600 seconds. 8. In the Max Samples To Keep field, enter the maximum number of samples to keep. The range is from 1 to 168.The default is 168. The Percentage LPI time field displays the time that the interface was in LPI mode since the EEE counters were reset. 9. Click the Apply button.
PAGE 99
AV Line of Fully Managed Switches M4250 Series Main User Manual Enable or disable Bonjour To enable or diable Bonjour: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required.
PAGE 100
AV Line of Fully Managed Switches M4250 Series Main User Manual The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select System > Management > Bonjour > Bonjour Details. The Bonjour Details page displays. The Bonjour Administration Mode field displays whether Bonjour is enabled or disabled. 6. To refresh the page, click the Refresh button.
PAGE 101
AV Line of Fully Managed Switches M4250 Series Main User Manual 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select System > Services > DHCP Server > DHCP Server Configuration. The DHCP Server Configuration page displays. 6.
PAGE 102
AV Line of Fully Managed Switches M4250 Series Main User Manual Manage DHCP pools You can set up and manage different types of pools of IP addresses that the DHCP server can assign. Create a DHCP pool To create a DHCP pool: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4.
PAGE 103
AV Line of Fully Managed Switches M4250 Series Main User Manual 5. Select System > Services > DHCP Server > DHCP Pool Configuration. 6. From the Pool Name menu, select Create. The Pool Name field displays. 7. In the Pool Name field, type a name for the new pool. The name can be up to 31 characters in length. 8. Select the type of binding for the pool: • Unallocated: No further configurations are required. Continue with the next step. • Dynamic: Configure the following settings: • Network Address.
PAGE 104
AV Line of Fully Managed Switches M4250 Series Main User Manual Note: For a dynamic DHCP pool, you can configure either the network mask or the prefix length. • Manual: Configure the following settings: • Client Name: The DHCP client name. • Hardware Address: The hardware MAC address of the DHCP client. • Hardware Address Type: The protocol of the MAC address of the DHCP client. The type can be Ethernet or IEEE802. The default is Ethernet. • Client ID: The client ID of the DHCP client.
PAGE 105
AV Line of Fully Managed Switches M4250 Series Main User Manual 13. From the NetBIOS Node Type menu, select one of the following NetBIOS node types for DHCP clients: • • • • b-node Broadcast p-node Peer-to-Peer m-node Mixed h-node Hybrid 14. In the Next Server Address field, enter the IP address of the next server in the boot process for a DHCP client. 15. In the Domain Name field, enter the domain name in the boot process for a DHCP client. The domain name can be up to 255 characters in length. 16.
PAGE 106
AV Line of Fully Managed Switches M4250 Series Main User Manual 7. Change the settings as needed. For more information about the settings, see Create a DHCP pool on page 102. 8. Click the Apply button. Your settings are saved. 9. To save the settings to the running configuration, click the Save icon. Remove a DHCP pool You can remove a DHCP pool that you no longer need. To remove a DHCP pool: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch.
PAGE 107
AV Line of Fully Managed Switches M4250 Series Main User Manual 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select System > Services > DHCP Server> DHCP Pool Options.
PAGE 108
AV Line of Fully Managed Switches M4250 Series Main User Manual 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select System > Services > DHCP Server > DHCP Server Statistics. The DHCP Server Statistics page displays. 6.
PAGE 109
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 30. DHCP server statistics information (Continued) Field Description DHCPACK The number of DHCPACK messages sent by the DHCP server. DHCPNAK The number of DHCPNAK messages sent by the DHCP server. Display the DHCP bindings To display the DHCP bindings: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button.
PAGE 110
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 31. DHCP bindings information (Continued) Field Description Lease Time Left The remaining lease time in days, hours and minutes (dd:hh:mm format). Type The type of binding (Dynamic or Manual). Delete one or all dynamic DHCP bindings To delete one or all dynamic DHCP bindings: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3.
PAGE 111
AV Line of Fully Managed Switches M4250 Series Main User Manual To view DHCP bindings with conflicts: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required.
PAGE 112
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 32. DHCP conflicts information (Continued) Field Description Detection Method The method with which the IP address of the DHCP client was detected on the DHCP server. Detection Time The time when the conflict was detected in the days;hours;minutes;seconds format since the switch was last restarted. Delete one or all DHCP bindings with conflicts To delete one or all DHCP bindings with conflicts: 1. Launch a web browser. 2.
PAGE 113
AV Line of Fully Managed Switches M4250 Series Main User Manual DHCP relay and relay statistics If the switch is functioning as a Layer 3 device, you can enable the Layer 3 DHCP relay agent and let the switch relay DHCP messages between DHCP clients and DHCP servers that are located in a different IP subnet. To configure a DHCP relay and display relay statistics: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3.
PAGE 114
AV Line of Fully Managed Switches M4250 Series Main User Manual 10. Click the Apply button. Your settings are saved. 11. To save the settings to the running configuration, click the Save icon. 12. To refresh the information on the page, click the Refresh button. The following table describes the nonconfigurable fields on the page. Table 33. DHCP relay status information Field Description Requests Received The total number of DHCP requests received from all clients since the time the switch was started.
PAGE 115
AV Line of Fully Managed Switches M4250 Series Main User Manual Configure the global DHCP L2 relay settings To configure the global DHCP L2 relay settings: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button.
PAGE 116
AV Line of Fully Managed Switches M4250 Series Main User Manual To configure DHCP L2 relay interface: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required.
PAGE 117
AV Line of Fully Managed Switches M4250 Series Main User Manual 11. To save the settings to the running configuration, click the Save icon. Display DHCP L2 relay interface statistics To display the DHCP L2 relay interface statistics: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4.
PAGE 118
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 34. DHCP L2 relay interface statistics information (Continued) Field Description UntrustedClientMsgsWithOpt82 The number of DHCP messages with Option 82 received from an untrusted client. TrustedServerMsgsWithoutOpt82 The number of DHCP messages without Option 82 received from a trusted server. TrustedClientMsgsWithoutOpt82 The number of DHCP messages without Option 82 received from a trusted client.
PAGE 119
AV Line of Fully Managed Switches M4250 Series Main User Manual 6. Select the Admin mode Disable or Enable radio button to disable or enable the UDP relay on the switch. The default is Disable. 7. In the UDP Relay Global Configuration section, configure the following settings: • Server Address: Enter the IPv4 address of the UDP relay server.
PAGE 120
AV Line of Fully Managed Switches M4250 Series Main User Manual Change a UDP switch configuration To change a UDP switch configuration: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required.
PAGE 121
AV Line of Fully Managed Switches M4250 Series Main User Manual 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select System > Services > UDP Relay > UDP Relay Global Configuration. The UDP Relay Global Configuration page displays. 6.
PAGE 122
AV Line of Fully Managed Switches M4250 Series Main User Manual • Other: The UDP Port Other Value field becomes available so that you can enter a custom UDP port number. • dhcp: Relay DHCP (UDP port 67) packets. • domain: Relay DNS (UDP port 53) packets. • isakmp: Relay ISAKMP (UDP port 500) packets.
PAGE 123
AV Line of Fully Managed Switches M4250 Series Main User Manual The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select System > Services > UDP Relay > UDP Relay Interface Configuration.
PAGE 124
AV Line of Fully Managed Switches M4250 Series Main User Manual 7. Click the Delete button. The UDP switch configuration is removed. 8. To save the settings to the running configuration, click the Save icon. DHCPv6 server You can configure settings for a DHCPv6 server, DHCPv6 pools, DHCPv6 prefix delegation, DHCPv6 interfaces. and DHCPv6 bindings. You can also view DHCPv6 statistics. Enable the DHCPv6 server By default, the DHCPv6 server is disabled.
PAGE 125
AV Line of Fully Managed Switches M4250 Series Main User Manual 8. To save the settings to the running configuration, click the Save icon. Manage DHCPv6 pools A DHCPv6 pool provides network configuration information that is available to DHCPv6 clients that request such information. You can add, change, and remove DHCPv6 pools. Create a DHCPv6 pool A DHCPv6 pool provides network configuration information that is available to DHCPv6 clients that request such information. To create a DHCPv6 pool: 1.
PAGE 126
AV Line of Fully Managed Switches M4250 Series Main User Manual Change a DHCPv6 pool You can change an existing DHCPv6 pool. To change a DHCPv6 pool: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button.
PAGE 127
AV Line of Fully Managed Switches M4250 Series Main User Manual 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select System > Services > DHCPv6 Server > DHCPv6 Pool Configuration. The DHCPv6 Pool Configuration page displays. 6.
PAGE 128
AV Line of Fully Managed Switches M4250 Series Main User Manual 5. Select System > Services > DHCPv6 Server > DHCPv6 Prefix Delegation Configuration. The DHCPv6 Prefix Delegation Configuration page displays. 6. From the Pool Names menu, select a pool. 7. In the Prefix field, specify the IPv6 prefix. 8. In the Prefix Length field, specify the length that is associated with the IPv6 prefix. 9. In the DUID field, specify the DHCP Unique Identifier (DUID) that is associated with the IPv6 prefix.
PAGE 129
AV Line of Fully Managed Switches M4250 Series Main User Manual 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select System > Services > DHCPv6 Server > DHCPv6 Prefix Delegation Configuration. The DHCPv6 Prefix Delegation Configuration page displays. 6.
PAGE 130
AV Line of Fully Managed Switches M4250 Series Main User Manual The prefix delegation configuration is deleted. 8. To save the settings to the running configuration, click the Save icon. Configure the DHCPv6 settings for an interface You can configure the DHCPv6 settings for an interface so that the interface can provide DHCPv6 services to attached devices. To configure the DHCPv6 settings for an interface: 1. Launch a web browser. 2.
PAGE 131
AV Line of Fully Managed Switches M4250 Series Main User Manual For more information, see Manage DHCPv6 pools on page 125. 9. From the Rapid Commit menu, select to enable or disable an abbreviated exchange between the device that requests IPv6 information and the DHCPv6 server. This setting is optional. 10. In the Preference field, specify the preference value that a device can use to determine the preference of this interface in relation to other DHCPv6 servers. You can enter a value from 0 to 4294967295.
PAGE 132
AV Line of Fully Managed Switches M4250 Series Main User Manual The following table describes the nonconfigurable fields on the page. Table 35. DHCPv6 binding Information Field Description Client Address The IPv6 address of the client associated with the binding. Client Interface The interface number on which the client binding occurred. Client DUID The DHCPv6 Unique Identifier (DUID) of the client. The DUID is a combination of the client’s hardware address and client identifier.
PAGE 133
AV Line of Fully Managed Switches M4250 Series Main User Manual The System Information page displays. 5. Select System > Services > DHCPv6 Server > DHCPv6 Server Statistics. The DHCPv6 Server Statistics page displays. 6. Do one of the following: • Display statistics for one interface: From the Interface menu, select the interface. • Display statistics for all interfaces: From the Interface menu, select All. 7. To refresh the page, click the Refresh button.
PAGE 134
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 36. DHCPv6 server statistics information (Continued) Field Description DHCPv6 Decline Packets Received The number of DHCPv6 Decline messages received. This type of message is sent by a client to the DHCPv6 server to indicate that an assigned address is already in use on the link. DHCPv6 Inform Packets Received The number of DHCP v6 information-request messages received.
PAGE 135
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 36. DHCPv6 server statistics information (Continued) Field Description DHCPv6 Relay-forward Packets The number of DHCPv6 Relay-Forward messages sent. This type of Transmitted message is sent by a relay agent to forward messages to servers. DHCPv6 Relay-reply Packets The number of DHCPv6 Relay-Reply messages sent.
PAGE 136
AV Line of Fully Managed Switches M4250 Series Main User Manual DHCPv6 relay interface A DHCPv6 relay agent allows sub-options to be attached to messages that are being relayed by the switch to a DHCPv6 server. In turn, the DHCPv6 server can use this information in determining an address to assign to a DHCPv6 client. To configure an interface as a DHCPv6 relay: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3.
PAGE 137
AV Line of Fully Managed Switches M4250 Series Main User Manual 9. In the Destination IP Address field, specify the IPv6 address for the DHCPv6 relay server. 10. In the Remote ID field, specify the relay agent information option. The remote ID is derived from the DHCPv6 server DUID and the relay interface number, or you can specify is as a user-defined string. 11. Click the Apply button. Your settings are saved. 12. To save the settings to the running configuration, click the Save icon.
PAGE 138
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 37. PoE port capacities and budgets (Continued) Model PoE ports Port Capacity Switch PoE Budget M4250-40G8XF-PoE+ 8 PoE+ (802.3at) 30W 960W M4250-40G8XF-PoE++ 8 PoE++ (802.3bt) 90W 2880W with three internal PSUs connected Supplied power is prioritized according to the port order, up to the total power budget of the device. Port 1 receives the highest PoE priority, while port 8 is relegated to the lowest PoE priority.
PAGE 139
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 38. PoE classes and PoE power allocations (Continued) Device Class Compatible PoE Standard Class Description Maximum Power Reserved for the PD Power Delivered to the PD 7 PoE++ Ultra high power 75.0W 62.0W–81.1W 8 PoE++ Ultra high power 90.0W 71.0W–96.5W Configure the global PoE settings To configure the global PoE setting: 1. Launch a web browser. 2.
PAGE 140
AV Line of Fully Managed Switches M4250 Series Main User Manual 9. Click the Apply button. Your settings are saved. 10. To save the settings to the running configuration, click the Save icon. The following table describes the nonconfigurable fields on the page. Table 39. PoE information Field Description Firmware Version The firmware version of the PoE software. Power Status The power status. Total Power Available (W) The maximum power in watts the switch can deliver to all ports.
PAGE 141
AV Line of Fully Managed Switches M4250 Series Main User Manual • To configure a single port, select the check box associated with the port, or type the port number in the Go To Interface field and click the Go button. • To configure multiple ports with the same settings, select the check box associated with each port. • To configure all ports with the same settings, select the check box in the heading row. 7.
PAGE 142
AV Line of Fully Managed Switches M4250 Series Main User Manual • 802.3bt-Type3. The port supports the IEEE 802.3bt Type 3 mode, the IEEE 802.3at mode, and the IEEE 802.3af mode. • 802.3bt: The port is powered in the IEEE 802.3bt mode and is backward compatible with IEEE 802.3at and IEEE 802.3af. In this mode, if the switch detects that the attached PD requests more power than IEEE 802.3at but is not an IEEE 802.3bt device, the PD does not receive power from the switch. 10.
PAGE 143
AV Line of Fully Managed Switches M4250 Series Main User Manual • 4pt 802.3af + Legacy: The port performs a 4-point resistive detection, and if required, continues with legacy detection. • Legacy: The port performs legacy detection. 13. From the Timer Schedule menu, select a timer schedule or select None, which is the default selection. For information about setting up and configuring PoE timer schedules, see Timer schedules on page 145. 14. Click the Apply button. Your settings are saved. 15.
PAGE 144
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 40. PoE port information (Continued) Field Description Status The operational status of the port: • Disabled: No power is delivered. • Delivering Power. Power is being drawn by the PD. • Requesting Power: The port is requesting power. • Fault: A problem occurred with the power. • Test: The port is in test mode. • Other Fault: The port is idle because of an error condition.
PAGE 145
AV Line of Fully Managed Switches M4250 Series Main User Manual The System Information page displays. 5. Select System > PoE > Advanced > PoE Port Configuration. The PoE Port Configuration page displays. 6. Select one or more ports by taking one of the following actions: • To power-cycle a single port, select the check box associated with the port, or type the port number in the Go To Interface field and click the Go button.
PAGE 146
AV Line of Fully Managed Switches M4250 Series Main User Manual To create a timer schedule: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required.
PAGE 147
AV Line of Fully Managed Switches M4250 Series Main User Manual The System Information page displays. 5. Select System > Timer Schedule > Advanced > Timer Schedule Configuration. The Timer Schedule Configuration page displays. 6. In the Timer Schedule Selection section, make your selections from the following menus: a. Timer Schedule Name. Select the name of the timer schedule that you want to configure. You can select only names of schedules that you created (see Create a timer schedule on page 145). b.
PAGE 148
AV Line of Fully Managed Switches M4250 Series Main User Manual For a single recurring timer schedule, you can add a daily, weekly, and monthly schedule configuration. That is, these schedule configurations are not mutually exclusive but complement each other. To specify the settings for a timer schedule that uses a recurring pattern: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button.
PAGE 149
AV Line of Fully Managed Switches M4250 Series Main User Manual c. Next to the Date Start field, click the calendar icon and use the menus in the pop-up window to enter the date in the DD-Mon-YYY format to specify when the timer schedule must start. d.
PAGE 150
AV Line of Fully Managed Switches M4250 Series Main User Manual To change the settings for an existing recurring timer schedule entry: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required.
PAGE 151
AV Line of Fully Managed Switches M4250 Series Main User Manual 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select System > Timer Schedule > Advanced > Timer Schedule Configuration. The Timer Schedule Configuration page displays. 6.
PAGE 152
AV Line of Fully Managed Switches M4250 Series Main User Manual The schedule is deleted. 8. To save the settings to the running configuration, click the Save icon. Simple Network Management Protocol You can configure SNMP settings for SNMPv1, SNMPv2, and SNMPv3. The switch supports the configuration of SNMP groups and users that can manage traps that the SNMP agent generates. The switch uses both standard public MIBs for standard functionality and private MIBs that support additional switch functionality.
PAGE 153
AV Line of Fully Managed Switches M4250 Series Main User Manual • Client Address: Enter the IP address of the client. • Client IP Mask: Enter the IP mask of the client. The client IP address and client IP mask together denote a range of IP addresses from which SNMP clients can use the community to access the switch. If either the client IP address or client IP mask is 0.0.0.0, access is allowed from any IP address. Otherwise, every client’s IP address is ANDed with the mask, as is the client IP address.
PAGE 154
AV Line of Fully Managed Switches M4250 Series Main User Manual For more information about the settings, see Add an SNMPv1 and SNMPv2 community on page 152. 8. Click the Apply button. Your settings are saved. 9. To save the settings to the running configuration, click the Save icon. Delete an SNMPv1 and SNMPv2 community You can delete an SNMPv1 and SNMPv2 community that you no longer need. To delete an SNMPv1 and SNMPv2 community: 1. Launch a web browser. 2.
PAGE 155
AV Line of Fully Managed Switches M4250 Series Main User Manual To add an SNMPv1 or SNMPv2 trap configuration for a host: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required.
PAGE 156
AV Line of Fully Managed Switches M4250 Series Main User Manual 9. From the Protocol menu, select the protocol to be used by the receiver: Select IPv4 if the receiver's address is an IPv4 address or IPv6 if the receiver's address is an IPv6 address. Or, you can select DNS and enter a domain name. 10. In the Address field, enter the IPv4 or IPv6 address or the domain name, depending on your selection from the Protocol menu. 11. Click the Add button. The trap configuration is added. 12.
PAGE 157
AV Line of Fully Managed Switches M4250 Series Main User Manual To delete an SNMPv1 or SNMPv2 trap configuration for a host: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required.
PAGE 158
AV Line of Fully Managed Switches M4250 Series Main User Manual The System Information page displays. 5. Select System > SNMP > SNMP V1/V2 > Trap Flags. The Trap Flags page displays. 6. Select the Authentication Disable or Enable radio button. This setting enables or disables activation of authentication failure traps. The default is Enable.
PAGE 159
AV Line of Fully Managed Switches M4250 Series Main User Manual Display the supported MIBs To display the MIBs supported by the switch: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required.
PAGE 160
AV Line of Fully Managed Switches M4250 Series Main User Manual 5. Select System > SNMP > SNMP V3 > User Configuration. The User Configuration page displays. 6. In the User Name field, type a name for the user account. The name can up be up to characters. 7. From the SNMP v3 Access Mode menu, select Read-Only or Read/Write to specify the SNMPv3 access privileges for the user account. The SNMPv3 access privileges for the admin account are Read/Write. 8.
PAGE 161
AV Line of Fully Managed Switches M4250 Series Main User Manual 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select System > SNMP > SNMP V3 > User Configuration. The User Configuration page displays. 6. Select the check box next to the SNMPv3 user account. 7.
PAGE 162
AV Line of Fully Managed Switches M4250 Series Main User Manual 8. To save the settings to the running configuration, click the Save icon. Link Layer Discovery Protocol Link Layer Discovery Protocol (LLDP), which is the defined in IEEE 802.1AB, lets devices on a LAN advertise major capabilities and physical descriptions. You can view this information to identify the system topology and detect problematic configurations in the LAN. LLDP is a one-way protocol without request and response sequences.
PAGE 163
AV Line of Fully Managed Switches M4250 Series Main User Manual 7. In the Hold Multiplier field, enter the multiplier for the value that you enter in the TLV Advertised Interval field, which determines the time-to-live (TTL) for LLDP notifications. The range is from 2 to 10 secs. The default value is 4. As an example, if the value that you enter in the TLV Advertised Interval field is 30 and the value that you enter in the Hold Multiplier field is 4, the TTL for LLDP notifications is 120 seconds. 8.
PAGE 164
AV Line of Fully Managed Switches M4250 Series Main User Manual • To configure multiple interfaces with the same settings, select the check box associated with each interface. • To configure all interfaces with the same settings, select the check box in the heading row. The Link Status fields shows whether the interface is up or down. 7. From the Transmit menu, select if the interface can transmit LLDP notifications. The default is Enable. 8.
PAGE 165
AV Line of Fully Managed Switches M4250 Series Main User Manual 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select System > LLDP > Statistics. The Statistics page displays. 6. To refresh the page, click the Refresh button. 7.
PAGE 166
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 41. LLDP statistics information (Continued) Field Description Receive Total The number of valid LLDP frames received by this LLDP agent. Discards The number of LLDP TLVs discarded for any reason by the LLDP agent. Errors The number of invalid LLDP frames received by the LLDP agent. Ageouts The number of age-outs that occurred.
PAGE 167
AV Line of Fully Managed Switches M4250 Series Main User Manual 6. From the Interface menu, select an interface on which the transmission of LLDP frames is enabled. 7. To refresh the page, click the Refresh button. The following table describes the nonconfigurable fields on the page. Table 42. LLDP local device information Field Description Chassis ID Subtype The switch identifier is the MAC address of the switch (see the following field). Chassis ID The MAC address of the switch.
PAGE 168
AV Line of Fully Managed Switches M4250 Series Main User Manual The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select System > LLDP > Remote Device Information. The Remote Device Information page displays. 6.
PAGE 169
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 43. LLDP remote device information (Continued) Field Description Management Address Type The type of the management IP address of the remote device. Management Address The advertised management IP address of the remote device. Display the LLDP remote device inventory The LLDP inventory consists of the devices that LLDP detects. To display the LLDP remote device inventory: 1. Launch a web browser. 2.
PAGE 170
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 44. LLDP remote device inventory information Field Description Port The interface on the switch on which LLDP information is received. Remote Device ID The remote device ID. Management Address The advertised management address of the remote device. MAC Address The MAC address of the remote device. System Name The system name of the remote device. Remote Port ID The interface number of the remote device.
PAGE 171
AV Line of Fully Managed Switches M4250 Series Main User Manual The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select System > LLDP > LLDP-MED > Global Configuration. The Global Configuration page displays. 6.
PAGE 172
AV Line of Fully Managed Switches M4250 Series Main User Manual The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select System > LLDP > LLDP-MED > Interface Configuration. The Interface Configuration page displays. 6.
PAGE 173
AV Line of Fully Managed Switches M4250 Series Main User Manual • Inventory Information: Select if the interface can send inventory information in an LLDP frame. 11. Click the Apply button. Your settings are saved. 12. To save the settings to the running configuration, click the Save icon. Display LLDP-MED local device information You can display LLDP-MED local device information, which is information that the switch itself, or an interface of the switch, advertises.
PAGE 174
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 45. LLDP-MED local device information Field Description Network Policy Information Displays if a network policy TLV is present in LLDP-MED frames that are transmitted.
PAGE 175
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 45. LLDP-MED local device information (Continued) Field Description Manufacturer Name The manufacturers name that is transmitted. Model Name The model name that is transmitted. Asset ID The asset ID that is transmitted. Location Information Displays if a location TLV is present in LLDP-MED frames that are transmitted. Sub Type The type of location information that is transmitted.
PAGE 176
AV Line of Fully Managed Switches M4250 Series Main User Manual The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select System > LLDP > LLDP-MED > Remote Device Information. The Remote Device Information page displays. 6. From the Interface menu, select an interface on which the reception of LLDP-MED frames is enabled.
PAGE 177
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 46. LLDP-MED remote device information (Continued) Field Description Media Application Type The application type of the remote device, which can be one of the following: • unknown • voice signaling • guest voice • guest voice signaling • soft phone voice • videoconferencing • streaming video • video signaling Each application type that is received includes the VLAN ID, priority, DSCP, tagged bit status, and unknown bit status.
PAGE 178
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 46. LLDP-MED remote device information (Continued) Field Description Asset ID The asset ID of the remote device. Location Information Displays the location information that is received in LLDP-MED frames. Sub Type The type of location information of the remote device. Location Information The location information of the remote device.
PAGE 179
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 46. LLDP-MED remote device information (Continued) Field Description Power Priority The type of power priority on the remote device. Power Value The power in watts that the remote device transmits, that is, the information is transmitted, not the actual power. Display the LLDP-MED remote device inventory The LLDP inventory consists of the devices that LLDP detects and that support MED.
PAGE 180
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 47. LLDP-MED remote device inventory information (Continued) Field Description System Name The system name of the remote device. Remote Port ID The interface number of the remote device. Link dependency Link dependency lets you enable or disable one or more interfaces based on the link state of one or more other interfaces.
PAGE 181
AV Line of Fully Managed Switches M4250 Series Main User Manual The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select System > Link Dependency > Link Dependency Group Configuration. The Link Dependency Group Configuration page displays. 6. Select one or more check boxes for the group IDs. The switch supports 16 group IDs.
PAGE 182
AV Line of Fully Managed Switches M4250 Series Main User Manual To configure or display upstream and downstream interfaces for a link dependency group: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button.
PAGE 183
AV Line of Fully Managed Switches M4250 Series Main User Manual • False. The interface is not a member of the upstream list for the group. This is the default setting. • True: The interface is a member of the up stream list for the group. 10. Click the Apply button. Your settings are saved. 11. From the Downstream Interface menu, select if the interface is a member of the group’s downstream list. • False: The interface is not a member of the downstream list for the group. This is the default setting.
PAGE 184
AV Line of Fully Managed Switches M4250 Series Main User Manual To clear all interfaces in a link dependency group: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required.
PAGE 185
AV Line of Fully Managed Switches M4250 Series Main User Manual To configure the global ISDP settings: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required.
PAGE 186
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 49. ISDP global configuration information Field Description Neighbors table last time changed The time that the information in the neighbors table was changed. Device ID The device ID of this switch. Device ID Format Capability The device ID format capability. Device ID Format The device ID format. Configure ISDP settings for an interface You can configure if an interface can communicate IDSP packets.
PAGE 187
AV Line of Fully Managed Switches M4250 Series Main User Manual 7. From the Admin mode menu, select Enable or Disable to specify if the interface can communicate ISDP information. The default is Enable. 8. Click the Apply button. Your settings are saved. 9. To save the settings to the running configuration, click the Save icon. Display or clear ISDP neighbor information You can view or clear the information about ISDP neighbors. To display or clear ISDP neighbor information: 1. Launch a web browser. 2.
PAGE 188
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 50. ISDP neighbor information Field Description Device ID The device ID of the ISDP neighbor. Interface The interface on which the neighbor is discovered. Address The IP address of the neighbor. Capability The capability of the neighbor, which can be one of the following: • Router • Trans Bridge • Source Route • Switch • Host • IGMP • Repeater Platform The model type of the neighbor. Port ID The port ID on the neighbor.
PAGE 189
AV Line of Fully Managed Switches M4250 Series Main User Manual The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select System > ISDP > Advanced > Statistics. The Statistics page displays. 6. To refresh the page, click the Refresh button. 7. To clear the ISDP statistics, click the Clear button. The statistics are cleared. 8.
PAGE 190
3 Configure Switching Information This chapter covers the following topics: • • • • • • • • • • • • • VLANs Auto-VoIP Spanning Tree Protocol Multicast forwarding database Internet Group Management Protocol snooping Multicast Listener Discovery snooping Multicast VLAN registration MAC address table Port settings Link aggregation groups 802.
PAGE 191
AV Line of Fully Managed Switches M4250 Series Main User Manual VLANs Adding virtual LAN (VLAN) support to a Layer 2 switch offers some of the benefits of both bridging and routing. Like a bridge, a VLAN switch forwards traffic based on the Layer 2 header, which is fast, and like a router, it partitions the network into logical segments, which provides better administration, security, and management of multicast traffic. By default, all ports on the switch are in the same broadcast domain.
PAGE 192
AV Line of Fully Managed Switches M4250 Series Main User Manual The System Information page displays. 5. Select Switching > VLAN > Basic > VLAN Configuration. The VLAN Configuration page displays. 6. In the VLAN Configuration section, specify the settings for the new VLAN: • VLAN ID: Specify the identifier for the new VLAN. The range of the VLAN ID can be from 1 to 4093. • VLAN Name: Type a name for new VLAN. The name can be up to 32 characters, including blanks.
PAGE 193
AV Line of Fully Managed Switches M4250 Series Main User Manual 6. In the VLAN Configuration section, select the check box for the VLAN ID. 7. To change the VLAN name, in the VLAN Name field, type a name for new VLAN. The name can be up to 32 characters, including blanks. 8. To change the VLAN type from dynamic to static, from the Make Static menu, select Enable. A VLAN that is created by GVRP registration initially uses a type of dynamic but you can change it to static.
PAGE 194
AV Line of Fully Managed Switches M4250 Series Main User Manual Reset the entire VLAN configuration to default setting You can reset all VLAN configuration settings on the switch to factory default settings, with the exception of the default VLAN (VLAN 1). The factory default values are as follows: • All ports are assigned to the default VLAN of 1. • All ports are configured with a PVID of 1. • All ports are configured to an “Acceptable Frame Types value of Admit All Frames.
PAGE 195
AV Line of Fully Managed Switches M4250 Series Main User Manual To change the internal VLAN allocation settings: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required.
PAGE 196
AV Line of Fully Managed Switches M4250 Series Main User Manual Before the switch configures an Auto-Trunk, the switch first detects the physical links with the partner device that also supports the Auto-Trunk feature, and then automatically configures the ports that are connected and capable of forming a trunk at both ends. A trunk carries multiple VLANs and accepts both tagged and untagged packets.
PAGE 197
AV Line of Fully Managed Switches M4250 Series Main User Manual The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Switching> VLAN > Advanced > VLAN Trunking Configuration.
PAGE 198
AV Line of Fully Managed Switches M4250 Series Main User Manual To configure the switch port mode settings for interfaces: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required.
PAGE 199
AV Line of Fully Managed Switches M4250 Series Main User Manual • Trunk: Select this mode if the interface is connected to another switch or to a router. A trunk interface can participate in multiple VLANs and accept both tagged and untagged packets. 9. Do one of the following, depending on your selection in the previous step: • Access: If you selected Access from the Switch port Mode menu, from the Access VLAN ID menu, select the access VLAN for the interface.
PAGE 200
AV Line of Fully Managed Switches M4250 Series Main User Manual The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Switching > VLAN > Advanced > VLAN Membership. The previous figure shows the page for a model with 12 ports. 6. From the VLAN ID menu, select the VLAN ID. 7.
PAGE 201
AV Line of Fully Managed Switches M4250 Series Main User Manual • Excluded member: By default, the selection is blank, which means that the port is excluded from the VLAN. A port that is excluded can still be dynamically added to the VLAN through GVRP. 9. In the LAG table, click a LAG once, twice, or three times to configure one of the following modes: • T (tagged) member: The LAG is added as a tagged member of the VLAN. • U (untagged) member: The LAG is added as an untagged member of the VLAN.
PAGE 202
AV Line of Fully Managed Switches M4250 Series Main User Manual 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Switching > VLAN > Advanced > VLAN Status. The VLAN Status page displays. 6. To refresh the page, click the Refresh button.
PAGE 203
AV Line of Fully Managed Switches M4250 Series Main User Manual To configure the PVID and PVID-related settings: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required.
PAGE 204
AV Line of Fully Managed Switches M4250 Series Main User Manual VLAN IDs range from 1 to 4093. Use a hyphen (-) to specify a range or a comma (,) to separate VLAN IDs in a list. Spaces and zeros are not permitted. To reset the VLAN tag configuration to the defaults, use the None keyword. Port tagging for the VLAN can be set only if the interface is a member of this VLAN. 11.
PAGE 205
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 54. PVID configuration information Field Description Current Ingress Filtering Indicates whether ingress filtering is enabled for the interface. Untagged VLANs The number of untagged VLANs that the interface is a member of. Tagged VLANs The number of tagged VLANs that the interface is a member of. Forbidden VLANs The number of forbidden VLANs that the interface is a member of.
PAGE 206
AV Line of Fully Managed Switches M4250 Series Main User Manual The System Information page displays. 5. Select Switching > VLAN > Advanced > MAC Based VLAN. The MAC Based VLAN page displays. 6. In the MAC Address field, type a MAC address that must be bound to a VLAN ID. 7. In the VLAN ID field, specify the VLAN ID in the range of 1 to 4093. 8. Click the Add button. The MAC-based VLAN configuration is added. 9. To save the settings to the running configuration, click the Save icon.
PAGE 207
AV Line of Fully Managed Switches M4250 Series Main User Manual handled according to the IEEE 802.1Q standard, and are not included in protocol-based VLANs. If you assign an interface to a protocol-based VLAN for a specific protocol, untagged frames received on the interface for that protocol are assigned the protocol-based VLAN ID.
PAGE 208
AV Line of Fully Managed Switches M4250 Series Main User Manual • ARP: Address Resolution Protocol (ARP) is a low-level protocol that dynamically maps network layer addresses to physical medium access control (MAC) addresses. • IPX: The internetwork packet exchange (IPX) is a connectionless datagram network-layer protocol that forwards data over a network. Separate protocols by a comma (,).
PAGE 209
AV Line of Fully Managed Switches M4250 Series Main User Manual 7. Change the settings are needed. For more information, see Add a protocol-based VLAN group on page 207. 8. Click the Apply button. Your settings are saved. 9. To save the settings to the running configuration, click the Save icon. Delete a protocol-based VLAN group You can delete a protocol-based VLAN group that you no longer need. To delete a protocol-based VLAN group: 1. Launch a web browser. 2.
PAGE 210
AV Line of Fully Managed Switches M4250 Series Main User Manual To configure membership interfaces for a protocol-based VLAN group: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required.
PAGE 211
AV Line of Fully Managed Switches M4250 Series Main User Manual A pop-up window displays the members. 8. To select physical interfaces for the VLAN, do one the following: • Select all physical interfaces: Click the Ports icon above the Ports table. • Select individual physical interfaces: In the Ports table, click one or more ports individually. 9. To select LAGs for the VLAN, do one the following: • Select all LAGs: Click the LAG icon above the LAG table.
PAGE 212
AV Line of Fully Managed Switches M4250 Series Main User Manual 7. In the Subnet Mask field, specify a subnet mask that is associated with the IP address. Enter the subnet mask in dotted-decimal notation. 8. In the VLAN ID field, specify the VLAN ID to which the IP configuration must be bound. The VLAN ID can be in the range from 1 to 4093. 9. Click the Add button. The IP subnet-based VLAN is added. 10. To save the settings to the running configuration, click the Save icon.
PAGE 213
AV Line of Fully Managed Switches M4250 Series Main User Manual To configure the global EtherType for the DVLAN and configure the DVLAN on one or more interfaces: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button.
PAGE 214
AV Line of Fully Managed Switches M4250 Series Main User Manual • To configure all interfaces with the same settings, select the check box in the heading row. 10. From the Admin Mode menu, select Enabled or Disabled to specify if the selected DVLAN tag is added to frames that are processed on the interface. The default is Disabled and the selected DVLAN tag is not added to frames. 11. Click the Apply button. Your settings are saved. 12.
PAGE 215
AV Line of Fully Managed Switches M4250 Series Main User Manual • To configure a single interface, select the check box associated with the interface, or type the interface number in the Go To Interface field and click the Go button. • To configure multiple interfaces with the same settings, select the check box associated with each interface. • To configure all interfaces with the same settings, select the check box in the heading row. 8.
PAGE 216
AV Line of Fully Managed Switches M4250 Series Main User Manual Configure Generic Attribute Registration Protocol Generic Attribute Registration Protocol (GARP) allows network devices to share information such as VLAN IDs and multicast group membership across a bridged LAN. That is, GARP participants can register and deregister attribute values within the LAN.
PAGE 217
AV Line of Fully Managed Switches M4250 Series Main User Manual If GVMP is enabled, the switch can share multicast information with devices in the network. the The default is Disable. 8. Click the Apply button. Your settings are saved. It can take up to 10 seconds for GARP configuration changes to take effect. 9. To save the settings to the running configuration, click the Save icon. Configure GARP settings for one or more interfaces You can configure GARP settings for individual interfaces.
PAGE 218
AV Line of Fully Managed Switches M4250 Series Main User Manual • To configure all interfaces with the same settings, select the check box in the heading row. 8. From the GVRP Mode menu, select Enable or Disable to specify the GARP VLAN registration protocol mode for the port. If you select Disable, GVRP is not active and the join time, leave time, and leave all time options are without any effect. The default is Disable. 9.
PAGE 219
AV Line of Fully Managed Switches M4250 Series Main User Manual Auto-VoIP Voice over Internet Protocol (VoIP) enables telephone calls over a data network. Because voice traffic is typically more time-sensitive than data traffic, Auto-VoIP provides classification for voice packets so that they can be prioritized above data packets for better quality of service (QoS). With Auto-VoIP, voice prioritization is based on call-control protocols such as SIP, H.
PAGE 220
AV Line of Fully Managed Switches M4250 Series Main User Manual 6. In the Protocol Based Global Settings section, specify the following global settings: a. From the Prioritization Type menu, select Traffic Class or Remark. This specifies the type of prioritization. b. From the Class Value menu, specify the CoS class value to be reassigned for packets that the voice VLAN receives. You can select a value in the range from 0 to 7. 7.
PAGE 221
AV Line of Fully Managed Switches M4250 Series Main User Manual To configure the Auto-VoIP OUI-based properties: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required.
PAGE 222
AV Line of Fully Managed Switches M4250 Series Main User Manual The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Switching > Auto-VoIP > OUI-based > Port Settings. The page Port Settings displays. 6.
PAGE 223
AV Line of Fully Managed Switches M4250 Series Main User Manual • 00:0F:E2: H3C • 00:60:B9: NITSUKO • 00:D0:1E: PINTEL • 00:E0:75: VERILINK • 00:E0:BB: 3COM • 00:04:0D: AVAYA1 • 00:1B:4F: AVAYA2 • 00:04:13: SNOM • 00:1D:C1: Dante You can select an existing OUI or add a new OUI and description to identify the IP phones on the network. Add an OUI prefix To add an OUI prefix: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch.
PAGE 224
AV Line of Fully Managed Switches M4250 Series Main User Manual 9. To save the settings to the running configuration, click the Save icon. Delete one or more OUI prefixes To delete one or more OUI prefixes: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4.
PAGE 225
AV Line of Fully Managed Switches M4250 Series Main User Manual 5. Select Switching > Auto-VoIP > Auto-VoIP Status. The Auto-VoIP Status page displays. 6. To refresh the page, click the Refresh button. The following table describes the nonconfigurable fields on the page. Table 55. Auto-VoIP status information Field Description Auto-VoIP VLAN ID The Auto-VoIP VLAN ID. Maximum Number of Voice The maximum number of voice channels supported.
PAGE 226
AV Line of Fully Managed Switches M4250 Series Main User Manual The difference between the RSTP and the traditional STP (IEEE 802.1D) is the ability to configure and recognize full-duplex connectivity and ports that are connected to end stations, resulting in rapid transitioning of the port to the forwarding state and the suppression of Topology Change Notification messages. These features are represented by the ‘pointtopoint’ and ‘edgeport’ parameters. MSTP is compatible with both RSTP and STP.
PAGE 227
AV Line of Fully Managed Switches M4250 Series Main User Manual The System Information page displays. 5. Select Switching > STP > Basic > STP Configuration. The STP Configuration page displays. 6. Select the Spanning Tree Admin Mode Disable or Enable radio button. This specifies whether spanning tree operation is enabled on the switch. 7. Select one of the following Force Protocol Version radio buttons to specify the STP version that the switch must use: • • • • IEEE 802.
PAGE 228
AV Line of Fully Managed Switches M4250 Series Main User Manual • Enabled: The BPDU Filter feature is enabled and applies to all operational edge ports. An edge port in an operational state connects to hosts that typically drop BPDUs. If an operational edge port receives a BPDU, it loses its operational status. If a port on which BPDU filtering is enabled receives BPDUs, the port drops the BPDUs and remains operational. 13.
PAGE 229
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 56. STP configuration and status information (Continued) Field Description MST ID The multiple spanning tree (MST) or common spanning tree (CST) instance. VID ID The VLAN ID (VID). FID ID The filtering ID (FID). Configure the CST settings and display the CST status You can configure common spanning tree (CST) and display the CST status on the switch. To configure the CST settings and display the CST status: 1.
PAGE 230
AV Line of Fully Managed Switches M4250 Series Main User Manual The range is from 6 to 40 seconds, and the value must be less than or equal to the following: (2 * Bridge Forward Delay) – 1 and greater than or equal to 2 * (Bridge Hello Time +1). The default is 20 seconds. Note: The Bridge Hello Time (secs) field shows the fixed period in seconds that a root bridge waits between configuration messages. The fixed period is 2 seconds. 8.
PAGE 231
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 57. CST status information (Continued) Field Description Designated Root The bridge identifier of the root bridge, which consist of he bridge priority and the base MAC address of the bridge. Root Path Cost The path cost to the designated root for the CST. Root Port The port through which the designated root for the CST is accessed.
PAGE 232
AV Line of Fully Managed Switches M4250 Series Main User Manual 5. Select Switching > STP > Advanced > CST Port Configuration. The CST Port Configuration page displays. 6. Select whether to display physical interfaces, LAGs, or both by clicking one of the following links above the table heading: • 1: Only physical interfaces are displayed. This is the default setting. • LAG: Only LAGs are displayed. • All: Both physical interfaces and LAGs are displayed. 7.
PAGE 233
AV Line of Fully Managed Switches M4250 Series Main User Manual If the value in the External Port Path Cost field is zero and the external path cost is calculated automatically, the value is based on the link speed of the port. The default is Disable. 14. From the BPDU Filter menu, select Enable or Disable to specify if BPDU traffic is filtered on the port when STP is enabled on the port. The default value is Disable. 15.
PAGE 234
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 58. CST port configuration information Field Description Hello Timer The setting of the Hello Timer for the CST. By default, the setting is 2. BPDU Guard Effect Indicates if an edge port that receives BPDU packets is enabled or disabled. Port Forwarding State Indicates the current STP state of the interface. If enabled, the port state determines what forwarding action is taken on traffic.
PAGE 235
AV Line of Fully Managed Switches M4250 Series Main User Manual 6. Select whether to display physical interfaces, LAGs, or both by clicking one of the following links above the table heading: • 1: Only physical interfaces are displayed. This is the default setting. • LAG: Only LAGs are displayed. • All: Both physical interfaces and LAGs are displayed. 7. To refresh the page, click the Refresh button. The following table describes the nonconfigurable fields on the page. Table 59.
PAGE 236
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 59. CST interface status information (Continued) Field Description Topology Change Acknowledge Indicates if the topology change acknowledgement flag is set for the next BPDU to be transmitted on the port. (True or False.) Edge port Indicates if the port is enabled as an edge port. Point-to-Point MAC The point-to-point status, which indicates is the port’s link is a point-to-point link (True) or not or (False).
PAGE 237
AV Line of Fully Managed Switches M4250 Series Main User Manual 5. Select Switching > STP > Advanced > MST Configuration. The MST Configuration page display. 6. Configure the settings for the MST instance: • MST ID: In the MST ID field, specify the ID of the MST. The ID can be in the range from 1 to 4094. • Priority: In the Priority field, specify the bridge priority value for the MST instance. When switches or bridges are running STP, each is assigned a priority.
PAGE 238
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 60. MST configuration information (Continued) Field Description Root Path Cost The path cost to the designated root for the MST instance. Root Port The port through which the designated root for the MST instance can be accessed. Change an MST instance You can change an existing MST instance. To change an existing MST instance: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch.
PAGE 239
AV Line of Fully Managed Switches M4250 Series Main User Manual 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Switching > STP > Advanced > MST Configuration.
PAGE 240
AV Line of Fully Managed Switches M4250 Series Main User Manual 5. Select Switching > STP > Advanced > MST Port Configuration. The MST Port Configuration page displays. 6. From the Select MST menu, select an MST instance. For information about adding MST instances, see Manage MST instances on page 236. 7. Select whether to display physical interfaces, LAGs, or both by clicking one of the following links above the table heading: • 1: Only physical interfaces are displayed. This is the default setting.
PAGE 241
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 61. MST interface configuration information Field Description Operational Port Path Cost The path cost that the interface uses. Auto Calculated Port Path Cost Indicates if the path cost is automatically calculated (Enable) or not (Disable). If enabled, the path cost is calculated based on the link speed of the port if the configured value for Port Path Cost is zero.
PAGE 242
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 61. MST interface configuration information (Continued) Field Description Designated Bridge The bridge identifier of the bridge with the designated port. This identifier is created from the bridge priority and the base MAC address of the bridge. Designated Port The port identifier on the designated bridge that offers the lowest cost to the LAN. This identifier is created from the port priority and the interface number of the port.
PAGE 243
AV Line of Fully Managed Switches M4250 Series Main User Manual 6. Select whether to display physical interfaces, LAGs, or both by clicking one of the following links above the table heading: • 1: Only physical interfaces are displayed. This is the default setting. • LAG: Only LAGs are displayed. • All: Both physical interfaces and LAGs are displayed. Your settings are saved. 7. To refresh the page, click the Refresh button. The following table describes the nonconfigurable fields on the page. Table 62.
PAGE 244
AV Line of Fully Managed Switches M4250 Series Main User Manual 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Switching > STP > Advanced > PVST VLAN. The PVST VLAN page displays. 6. In the VLAN ID field, specify a unique VLAN ID.
PAGE 245
AV Line of Fully Managed Switches M4250 Series Main User Manual 0 4096 8192 12288 16384 20480 24576 28672 32768 (default) 36864 40960 45056 49152 53248 57344 61440 The default value is 32768. If the value that you enter is not among the specified values, the value is automatically rounded off to the nearest valid value. 12. Click the Add button. PVST/RPVST VLAN configuration is added. 13. To save the settings to the running configuration, click the Save icon.
PAGE 246
AV Line of Fully Managed Switches M4250 Series Main User Manual For more information, see Configure the PVST/RPVST VLAN settings on page 243. 8. Click the Apply button. Your settings are saved. 9. To save the settings to the running configuration, click the Save icon. Remove a PVST/RPVST VLAN configuration You can delete a PVST/RPVST VLAN configuration that you no longer need. To delete a PVST/RPVST VLAN configuration: 1. Launch a web browser. 2.
PAGE 247
AV Line of Fully Managed Switches M4250 Series Main User Manual To configure the PVST and RPVST interface settings: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required.
PAGE 248
AV Line of Fully Managed Switches M4250 Series Main User Manual (Continued) 192 208 224 240 – – The default value is 128. If the value that you enter is not among the specified values, the value is automatically rounded off to the nearest valid value. 9. In the Cost field, enter the path cost from the interface to the root bridge. By default, the cost is not configured. Enter a value from 1 and 200,000,000. Enter 0 to disable the setting.
PAGE 249
AV Line of Fully Managed Switches M4250 Series Main User Manual The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5.
PAGE 250
AV Line of Fully Managed Switches M4250 Series Main User Manual 5. Select Switching > Multicast > MFDB > MFDB Table. The MFDB Table page displays. 6. To search for an entry, in the Search by MAC Address, enter a MAC address, and click the Go button. If the address exists, that entry is displayed. An exact match is required. The following table describes the nonconfigurable fields on the page. Table 64.
PAGE 251
AV Line of Fully Managed Switches M4250 Series Main User Manual 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Switching > Multicast > MFDB > MFDB Table. The MFDB Table page displays. 6. Click the Clear button. Your settings are saved. 7.
PAGE 252
AV Line of Fully Managed Switches M4250 Series Main User Manual 8. Click the Apply button. Your settings are saved. 9. To save the settings to the running configuration, click the Save icon. Display the multicast forwarding database statistics You can display the multicast forwarding database statistics To display the multicast forwarding database statistics: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3.
PAGE 253
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 65. MFDB statistics information Field Description Max MFDB Table Entries The maximum number of entries that the multicast forwarding database table can hold. Most MFDB Entries Since Last The largest number of entries that were present in the multicast forwarding Reset database table since the last reset. This value is also known as the MFDB high-water mark.
PAGE 254
AV Line of Fully Managed Switches M4250 Series Main User Manual Allowing switches to snoop IGMP packets is a creative effort to solve this problem. The switch uses the information in the IGMP packets as they are being forwarded throughout the network to determine which segments receive packets directed to the group address.
PAGE 255
AV Line of Fully Managed Switches M4250 Series Main User Manual Note: For information about other settings on the page, see Configure IGMP snooping manually on page 255. 7. Click the Apply button. Your settings are saved. 8. To save the settings to the running configuration, click the Save icon. 9. To refresh the page, click the Refresh button. The following table describes the nonconfigurable fields on the page. Table 66.
PAGE 256
AV Line of Fully Managed Switches M4250 Series Main User Manual The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Switching > Multicast > IGMP Snooping > Configuration. The Configuration page displays. 6. Select the Admin Mode Enable or Disable radio button. This selection enables or disables the administrative mode for IGMP snooping for the switch.
PAGE 257
AV Line of Fully Managed Switches M4250 Series Main User Manual 12. Click the Apply button. Your settings are saved. 13. To save the settings to the running configuration, click the Save icon. 14. To refresh the page, click the Refresh button. The following table describes the nonconfigurable fields on the page. Table 67. IGMP snooping configuration information Field Description Multicast Control Frame Count The number of multicast control frames that are processed by the switch.
PAGE 258
AV Line of Fully Managed Switches M4250 Series Main User Manual 6. Select whether to display physical interfaces, LAGs, or both by clicking one of the following links above the table heading: • 1: Only physical interfaces are displayed. This is the default setting. • LAG: Only LAGs are displayed. • All: Both physical interfaces and LAGs are displayed. 7.
PAGE 259
AV Line of Fully Managed Switches M4250 Series Main User Manual If disabled, the IGMP proxy query with source IP address 0.0.0.0 is not sent in response to an IGMP leave packet. The default is Enable. 14. Click the Apply button. Your settings are saved. 15. To save the settings to the running configuration, click the Save icon.
PAGE 260
AV Line of Fully Managed Switches M4250 Series Main User Manual • Proxy Querier • Report Flood Mode • Exclude Mrouter Interface Mode • Installs reserved Multicast MAC addresses into the system. If disabled, these IGMP snooping modes are automatically disabled for the VLAN. Note: For information about other settings on the page, see Configure IGMP snooping for VLANs manually on page 260. 8. Click the Apply button. Your settings are saved. 9.
PAGE 261
AV Line of Fully Managed Switches M4250 Series Main User Manual 7. From the Admin Mode menu, select to enable or disable IGMP snooping for the VLAN. The default is Disable. 8. From the Fast Leave menu, select to enable or disable the IGMP snooping fast leave mode for the VLAN. This selection enables or disables the automatic assignment of fast-leave messages for all members of the VLAN. The default is Enable. 9.
PAGE 262
AV Line of Fully Managed Switches M4250 Series Main User Manual This selection specifies the type of information that is forwarded to the upstream multicast router interface: • Enable. The VLAN forwards IGMP Join/Leave PDUs that it receives on a downstream port to an upstream mrouter interface. In addition, the VLAN forwards a multicast data stream to an upstream mrouter interface only if that port already received an IGMPv1 or IGMPv2 membership message. The VLAN drops unknown multicast streams.
PAGE 263
AV Line of Fully Managed Switches M4250 Series Main User Manual 5. Select Switching > Multicast > IGMP Snooping > Multicast Router Configuration. The Multicast Router Configuration page displays. 6. Select whether to display physical interfaces, LAGs, or both by clicking one of the following links above the table heading: • 1: Only physical interfaces are displayed. This is the default setting. • LAG: Only LAGs are displayed. • All: Both physical interfaces and LAGs are displayed. 7.
PAGE 264
AV Line of Fully Managed Switches M4250 Series Main User Manual 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Switching > Multicast > IGMP Snooping > Multicast Router VLAN Configuration. The Multicast Router VLAN Configuration page displays. 6.
PAGE 265
AV Line of Fully Managed Switches M4250 Series Main User Manual 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Switching > Multicast > IGMP Snooping > Querier Configuration. The Querier Configuration page displays. 6.
PAGE 266
AV Line of Fully Managed Switches M4250 Series Main User Manual To configure an IGMP snooping querier for a VLAN: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required.
PAGE 267
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 68. Querier VLAN configuration information Field Description Operational State The operational state of the IGMP snooping querier on a VLAN: • Querier: The snooping switch is the querier in the VLAN. The snooping switch sends out periodic queries with a time interval equal to the configured querier query interval. If the snooping switch finds a better querier in the VLAN, it moves to non-querier mode.
PAGE 268
AV Line of Fully Managed Switches M4250 Series Main User Manual 5. Select Switching > Multicast > IGMP Snooping > Querier VLAN Configuration. The Querier VLAN Configuration page displays. 6. Select the VLAN for which you want to remove the IGMP snooping querier settings. 7. Click the Delete button. Your settings are saved. (The VLAN itself is not deleted.) 8. To save the settings to the running configuration, click the Save icon.
PAGE 269
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 69. Querier VLAN status information Field Description VLAN ID The ID of the VLAN on which the host sends IGMP member join requests. Subscriber The IP address and MAC address of the host that sends IGMP member join requests. MC Group The multicast IP address and MAC address that the subscriber is registered to. Interface The interface on which the IGMP member join requests us detected. Type The IGMP protocol version.
PAGE 270
AV Line of Fully Managed Switches M4250 Series Main User Manual To configure MLD snooping automatically: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required.
PAGE 271
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 70. MLD snooping configuration information Field Definition Multicast Control Frame Count The number of multicast control frames that were processed. Interfaces Enabled for MLD The interface on which MLD snooping is administratively enabled.
PAGE 272
AV Line of Fully Managed Switches M4250 Series Main User Manual This enables or disables an MLD proxy querier on the system. If it is disabled, then an MLD proxy query with source IP 0::0 is not sent in response to an MLD leave packet. If it is enabled, then MLD proxy queries are sent. The default is Enable. 8. Select the Exclude Mrouter Interface Mode Enable or Disable radio button. This selection specifies the type of information that is forwarded to the upstream multicast router interface.
PAGE 273
AV Line of Fully Managed Switches M4250 Series Main User Manual To configure the MLD snooping settings for interfaces: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required.
PAGE 274
AV Line of Fully Managed Switches M4250 Series Main User Manual 10. In the Max Response Time field, specify the time that the switch must wait after sending a query on an interface because it did not receive a report for a particular group on that interface. Enter a value greater than or equal to 1 and less than the group membership interval in seconds. The default is 10 seconds. The configured value must be less than the group membership interval. 11.
PAGE 275
AV Line of Fully Managed Switches M4250 Series Main User Manual The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Switching > Multicast > MLD Snooping > MLD VLAN Configuration.
PAGE 276
AV Line of Fully Managed Switches M4250 Series Main User Manual To configure the settings for MLD snooping for a VLAN manually: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required.
PAGE 277
AV Line of Fully Managed Switches M4250 Series Main User Manual 12. From the Exclude Mrouter Interface Mode menu, select to enable or disable the mrouter interface mode. This selection specifies the type of information that is forwarded to the upstream multicast router interface. If enabled, the interface blocks all unknown multicast data through the mrouter port, whether the port is configured dynamically or statically.
PAGE 278
AV Line of Fully Managed Switches M4250 Series Main User Manual 6. Select the VLAN for which you want to remove the IGMP snooping querier settings. 7. Click the Delete button. Your settings are saved. (The VLAN itself is not deleted.) 8. To save the settings to the running configuration, click the Save icon. Configure an MLD multicast router interface You can configure an interface as the designated interface to which a multicast router is attached.
PAGE 279
AV Line of Fully Managed Switches M4250 Series Main User Manual • To configure a single interface, select the check box associated with the interface, or type the interface number in the Go To Interface field and click the Go button. • To configure multiple interfaces with the same settings, select the check box associated with each interface. • To configure all interfaces with the same settings, select the check box in the heading row. 8.
PAGE 280
AV Line of Fully Managed Switches M4250 Series Main User Manual 7. In the VLAN ID field, enter the VLAN ID. 8. From the Multicast Router menu, select Enable or Disable to specify if the VLAN is a multicast router VLAN. 9. Click the Apply button. Your settings are saved. 10. To save the settings to the running configuration, click the Save icon. Configure the MLD snooping querier global settings You can configure the global settings for an MLD snooping querier on the switch.
PAGE 281
AV Line of Fully Managed Switches M4250 Series Main User Manual 8. In the Query Interval (secs) field, specify the period in seconds between periodic queries sent by the snooping querier. The range is from 1 to 1800 seconds. The default is 60 seconds. 9. In the Querier Expiry Interval (secs) field, specify the period in seconds after which the last querier information is removed. The range is from 60 to 300 seconds. The default is 60 seconds. 10. Click the Apply button. Your settings are saved.
PAGE 282
AV Line of Fully Managed Switches M4250 Series Main User Manual • Disabled: If the switch detects another querier of the same version in the VLAN, the snooping querier moves to the non-querier state. • Enabled: The snooping querier participates in querier election, in which the lowest numbered IPv6 address operates as the querier in that VLAN. The other querier moves to non-querier state. 8.
PAGE 283
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 72. Querier VLAN configuration information (Continued) Field Description Last Querier Version The MLD protocol version of the last querier from which a query was snooped on the VLAN. Operational Max Response Time The maximum response time to be used in the queries that are sent by the snooping querier. Remove the MLD snooping querier settings for a VLAN You can remove the MLD snooping querier settings for a VLAN.
PAGE 284
AV Line of Fully Managed Switches M4250 Series Main User Manual registration (MVR) eliminates the need to duplicate the multicast traffic when multicast group member ports belong to different VLANs. MVR uses a dedicated multicast VLAN to forward multicast traffic over the L2 network. You can configure one multicast source VLAN (MVLAN) only on the switch.
PAGE 285
AV Line of Fully Managed Switches M4250 Series Main User Manual 8. In the MVR Global Query Response Time field, set the period that the switch must wait for an IGMP group membership report from an interface before removing the interface as a member from the multicast group. This period applies only to the removal of the interface from the receiver port on the switch.
PAGE 286
AV Line of Fully Managed Switches M4250 Series Main User Manual The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Switching > MVR > Advanced > MVR Group Configuration. The MVR Group Configuration page displays. 6.
PAGE 287
AV Line of Fully Managed Switches M4250 Series Main User Manual 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Switching > MVR > Advanced > MVR Group Configuration. The MVR Group Configuration page displays. 6. Select the check box for the MVR group. 7.
PAGE 288
AV Line of Fully Managed Switches M4250 Series Main User Manual • All: Both physical interfaces and LAGs are displayed. 7. Select one or more interfaces by taking one of the following actions: • To configure a single interface, select the check box associated with the interface, or type the interface number in the Go To Interface field and click the Go button. • To configure multiple interfaces with the same settings, select the check box associated with each interface.
PAGE 289
AV Line of Fully Managed Switches M4250 Series Main User Manual 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Switching > MVR > Advanced > MVR Group Membership. The MVR Group Membership page display. 6.
PAGE 290
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 75. MVR statistics information Field Definition IGMP Query Received The number of received IGMP queries. IGMP Report V1 Received The number of received IGMP V1 reports. IGMP Report V2 Received The number of received IGMP V2 reports. IGMP Leave Received The number of received IGMP leaves. IGMP Query Transmitted The number of transmitted IGMP queries. IGMP Report V1 Transmitted The number of transmitted IGMP V1 reports.
PAGE 291
AV Line of Fully Managed Switches M4250 Series Main User Manual The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Switching > Address Table > Basic > Address Table. The Address Table page displays. 6.
PAGE 292
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 76. MAC address table information (Continued) Field Description Port The interface on which the address was learned. Status The status of this entry: • Static: The value of the corresponding instance was added by the switch or a user and cannot be relearned. • Learned: The value of the corresponding instance was learned, and is being used.
PAGE 293
AV Line of Fully Managed Switches M4250 Series Main User Manual 8. To save the settings to the running configuration, click the Save icon. Add a static MAC address to the MAC address table Static MAC address entries are the ones that you manually add to the MAC address table for a specific interface and VLAN. To add a static MAC address to the MAC address table: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3.
PAGE 294
AV Line of Fully Managed Switches M4250 Series Main User Manual 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Switching > Address Table > Advanced > Static MAC Address.
PAGE 295
AV Line of Fully Managed Switches M4250 Series Main User Manual 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Switching > Ports > Port Configuration.
PAGE 296
AV Line of Fully Managed Switches M4250 Series Main User Manual The default is Enable. 12. To change the speed for the port, from the Speed menu, select one of the following speeds: • Auto: The speed is set by the auto-negotiation process. This is the default setting. • 100: The speed is limited to 100 Mbits/second. The delimiter characters for setting different speed values are a comma (,), a period (.) and a space ( ).
PAGE 297
AV Line of Fully Managed Switches M4250 Series Main User Manual requests from partner devices. The paused port does not forward packets for the time that is specified in the pause frame. When the pause frame time elapses, or the utilization returns to a specified low threshold, the switch enables the port to again transmit frames. The switch also honors incoming pause frames by temporarily halting transmission.
PAGE 298
AV Line of Fully Managed Switches M4250 Series Main User Manual To add port, LAG, and VLAN descriptions: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required.
PAGE 299
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 78. Port description information Field Description MAC Address The MAC address of the interface or VLAN. PortList Bit Offset The bit offset value that corresponds to the interface or VLAN when the MIB object type PortList is used to manage in SNMP. ifIndex The interface index associated with the interface or VLAN.
PAGE 300
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 79. Port transceiver information Field Description Port The port in which the transceiver module is installed. Vendor Name The vendor name of the transceiver module. Link Length 50 μm [m] The link length supported for 50 μm fiber. Link Length 62, 5 μm [m] The link length supported for 62, 5 μm fiber. Serial Number The serial number of the transceiver module. Part Number The part number of the transceiver module.
PAGE 301
AV Line of Fully Managed Switches M4250 Series Main User Manual The System Information page displays. 5. Select Switching > Ports > Link Flap Configuration. The Link Flap Configuration page displays. 6. Select the Admin Mode Enable or Disable radio button to enable or disable the link flap administrative mode. For you to be able to configure the link flap settings, you must select Enable. The default is Disable. 7.
PAGE 302
AV Line of Fully Managed Switches M4250 Series Main User Manual provides load sharing. You assign the LAG VLAN membership after you create a LAG. The LAG by default becomes a member of the management VLAN. A LAG interface can be either static or dynamic, but not both. All members of a LAG must participate in the same protocols. A static port-channel interface does not require a partner system to be able to aggregate its member ports. The switch supports static LAGs.
PAGE 303
AV Line of Fully Managed Switches M4250 Series Main User Manual An Auto-LAG can form with up to eight interfaces as members. Interfaces are automatically selected for the Auto-LAG based on whether they are up and available and on the following conditions: • The interface is not already manually configured as a member of a LAG. • The interface is not manually configured as a trunk port or an access port. That is, the interface must be a general interface.
PAGE 304
AV Line of Fully Managed Switches M4250 Series Main User Manual Configure the hash mode for Auto-LAGs By default, the Auto-LAG feature is enabled and uses a hash mode that auto-configures a LAG based on the destination MAC address, VLAN, EtherType, and incoming port in the packet (that is, the hash mode with the name 2 Dest MAC, VLAN, EType, incoming port). You can change the hash mode (that is, the load balancing mode) for the Auto-LAG feature.
PAGE 305
AV Line of Fully Managed Switches M4250 Series Main User Manual • 6 Src/Dest IP and TCP/UDP Port fields: Source and destination IP addresses and source and destination TCP/UDP port fields of the packet. 7. Click the Apply button. Your settings are saved. 8. To save the settings to the running configuration, click the Save icon. Configure the LAG settings You can group one or more full-duplex Ethernet links to be aggregated together to form a link aggregation group, which is also known as a port-channel.
PAGE 306
AV Line of Fully Managed Switches M4250 Series Main User Manual 8. From the Hash Mode menu, select the hash mode (that is, the load-balancing mode) for the LAG: • 1 Src MAC, VLAN, EType, incoming port: Source MAC address, VLAN, EtherType, and incoming port associated with the packet. • 2 Dest MAC, VLAN, EType, incoming port: Destination MAC address, VLAN, EtherType, and incoming port associated with the packet. This is the default mode.
PAGE 307
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 80. LAG configuration information Field Description LAG Description The description that you might have added to the LAG (see Add port, LAG, and VLAN descriptions on page 297 or Configure a single LAG and its membership on page 307). LAG ID The LAG ID. Configured Ports The interfaces that are members of the LAG. Down Ports The interfaces that are members of the LAG but that are down.
PAGE 308
AV Line of Fully Managed Switches M4250 Series Main User Manual By default, the names are ch1, ch2, ch3, and so on. You can enter a name of up to 15 characters. 8. To enter a description for the LAG, in the LAG Description field, enter a description of up to 64 characters. 9. From the Admin Mode menu, select to enable or disable the LAG. When the LAG is disabled, no traffic flows and LACPDUs are dropped, but the links that form the LAG are not released. The default is Enable. 10.
PAGE 309
AV Line of Fully Managed Switches M4250 Series Main User Manual 15. Click the Apply button. Your settings are saved. 16. To save the settings to the running configuration, click the Save icon. 802.1AS timing and synchronization 802.1AS timing and synchronization is an audio video bridging (AVB) feature. The 802.1AS feature requires a license. For information about purchasing a license, contact NETGEAR or your local NETGEAR reseller. The IEEE 802.
PAGE 310
AV Line of Fully Managed Switches M4250 Series Main User Manual The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Switching > 802.1AS > Basic > 802.1AS Configuration. The 802.1AS Configuration page displays. 6. To enable the feature, select the 802.1AS status Enable radio button. 7.
PAGE 311
AV Line of Fully Managed Switches M4250 Series Main User Manual To configure the 802.1AS interface settings: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required.
PAGE 312
AV Line of Fully Managed Switches M4250 Series Main User Manual interface. The range is from 0 to 1,000,000,000 nanoseconds (ns). The default is 2500 ns. 10. In the Allowed Lost Responses field, specify the allowed loss response value. If the interface does not receive valid responses to PDELAY_REQ messages above the value of the allowed lost responses, a port is considered to not be exchanging peer delay messages with its neighbor. The range is from 0 to 65,535. The default is 3. 11.
PAGE 313
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 82. 802.1AS interface information Field Description Port Role The 802.1AS role of the interface. The possible roles are as follows: • Disabled (default) • Master • Slave • Passive Propagation Delay The mean propagation delay on the interface. Measuring Pdelay Indicates whether the interface is receiving PDELAY response messages from the other end of the link. 802.1AS Capable Indicates whether the interface is 802.1AS capable.
PAGE 314
AV Line of Fully Managed Switches M4250 Series Main User Manual The System Information page displays. 5. Select Switching > 802.1AS > Advanced > 802.1AS Statistics. 6. Select whether to display physical interfaces, LAGs, or both by clicking one of the following links above the table heading: • 1: Only physical interfaces are displayed. This is the default setting. • LAG: Only LAGs are displayed. • All: Both physical interfaces and LAGs are displayed.
PAGE 315
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 83. 802.1AS statistics information (Continued) Field Description Sync Timeouts The total number of SYNC receipt time-outs that occurred. Sync Discards The total number of SYNC packets that were discarded. Announce Timeouts The total number of ANNOUNCE receipt time-outs that occurred. Announce Discards The total number of ANNOUNCE packets that were discarded.
PAGE 316
AV Line of Fully Managed Switches M4250 Series Main User Manual VLAN ID. With the use of MVRP on both ingress and egress, no manual VLAN configuration is required to pass tagged traffic through the network. • Multiple Stream Reservation Protocol (MSRP): MSRP reserves resources in the network to facilitate time-sensitive traffic to flow end to end. A typical network includes multiple talkers (devices that transmit streams) and multiple listeners (devices that receive streams from one or many talkers).
PAGE 317
AV Line of Fully Managed Switches M4250 Series Main User Manual Enabling this mode lets MVRP register VLANs in the network, enabling automatic VLAN configuration on the device. The default is Disable. 7. Select the MMRP Enable or Disable radio button to specify the global administrative mode of MMRP on the switch. Enabling this mode allows for the propagation of MAC address information in the network.
PAGE 318
AV Line of Fully Managed Switches M4250 Series Main User Manual Configure 802.1Qav mapping You can set the global QoS priorities for class A and class B traffic Ethernet audio video (EAV) streams. Class A streams receive higher priority than class B streams. To change the 802.1Qav mapping priorities: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button.
PAGE 319
AV Line of Fully Managed Switches M4250 Series Main User Manual To configure MRP interface settings: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required.
PAGE 320
AV Line of Fully Managed Switches M4250 Series Main User Manual MAC address information and group MAC address membership. The default is Disable. 10. From the MSRP Mode menu, select Enable or Disable to specify the administrative mode of MSRP on the interface. Enabling this mode allows the interface to reserve resources in the network to facilitate time-sensitive traffic to flow end to end. The default is Disable. 11.
PAGE 321
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 84. MRP interface settings information Field Description MSRP Class A Boundary Port Indicates whether the interface is a boundary port for class A traffic. MSRP Class B Boundary Port Indicates whether the interface is a boundary port for class B traffic. View or clear MMRP statistics You can view and clear information regarding the MMRP frames transmitted and received by the switch and by each interface.
PAGE 322
AV Line of Fully Managed Switches M4250 Series Main User Manual The statistics are cleared. 9. To save the settings to the running configuration, click the Save icon. The following table describes the nonconfigurable fields on the page. Table 85. MMRP statistics information Field Description MMRP Global Statistics Frames Received The number of MMRP frames that were received on the switch. Bad Header The number of MMRP frames with bad headers that were received on the switch.
PAGE 323
AV Line of Fully Managed Switches M4250 Series Main User Manual 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Switching > MRP > Advanced > MVRP Statistics.
PAGE 324
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 86. MVRP statistics information (Continued) Field Description Transmission Failures The number of MMRP frames that the switch did not transmit. Message Queue Failures The number of MMRP messages that were not added to the queue. MVRP Statistics Interface The interface for which information is displayed. Frames Received The number of MVRP frames that were received on the interface.
PAGE 325
AV Line of Fully Managed Switches M4250 Series Main User Manual 6. Select whether to display physical interfaces, LAGs, or both by clicking one of the following links above the table heading: • 1: Only physical interfaces are displayed. This is the default setting. • LAG: Only LAGs are displayed. • All: Both physical interfaces and LAGs are displayed. 7. To refresh the page, click the Refresh button. 8. To clear the statistics, do the following: a.
PAGE 326
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 87. MSRP statistics information (Continued) Field Description Frames Transmitted The number of MSRP frames that transmitted on the interface. Transmission Failures The number of MSRP frames that the interface failed to transmit. Registration Failures The number of MSRP frames that failed to register on a device or particular interface.
PAGE 327
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 88. MSRP reservation parameters information Field Description Interface The interface for which information is displayed. Stream ID A 16-bit unsigned integer value, which is a unique ID used to distinguish the stream among multiple streams from the same device. Listener Declaration Status The MSRP declaration status of the listener attribute. Listener Declaration Type The MSRP declaration type of the listener attribute.
PAGE 328
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 88. MSRP reservation parameters information (Continued) Field Description Failure Code If a failure occurred, the number that represents the reason for the failure.
PAGE 329
AV Line of Fully Managed Switches M4250 Series Main User Manual To configure view the Qav settings for interfaces: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required.
PAGE 330
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 89. Qav settings information Field Description Class A Bandwidth Allocated The current rate (in Bps) of class A traffic on interface Class A Remaining Bandwidth The maximum rate (in Bps) of class A that is supported by the interface. Class B Bandwidth Allocated The current rate (in Bps) of class B traffic on interface CLass B Remaining Bandwidth The maximum rate (in Bps) of class B that is supported by the interface.
PAGE 331
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 90. MSRP streams information Field Description Stream ID A 16-bit unsigned integer value, which is a unique ID used to distinguish the stream among multiple streams from the same device. Stream Source MAC Address The MAC address of the traffic stream’s source.
PAGE 332
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 90. MSRP streams information (Continued) Field Description Received Failure Information If a failure occurred, the number that represents the reason for the failure.
PAGE 333
AV Line of Fully Managed Switches M4250 Series Main User Manual The switch can automatically identify loops in the network. You can enable loop protection per port or globally. If loop protection is enabled, the switch sends predefined protocol data unit (PDU) packets to a Layer 2 multicast destination address (09:00:09:09:13:A6) on all ports for which the feature is enabled.
PAGE 334
AV Line of Fully Managed Switches M4250 Series Main User Manual blocking state, loop protection packets are received and loop protection brings down the port that is involved in the loop (if the configured action is to shut down the port).
PAGE 335
AV Line of Fully Managed Switches M4250 Series Main User Manual Your settings are saved. 8. To save the settings to the running configuration, click the Save icon. Configure the loop protection settings for interfaces and display the loop protection state Before you can configure loop protection for individual ports, you must globally enable loop protection (see Configure the global loop protection settings on page 334).
PAGE 336
AV Line of Fully Managed Switches M4250 Series Main User Manual 8. From the Keep Alive menu, select Enable to specify that loop protection must be enabled on the port. By default, loop protection is disabled for a port. 9. From the RX Action menu, select the action that the switch takes when a loop is detected on the port: • Log: Log the message when a loop is detected on the port. • Disable: Disable the port when a loop is detected. This is the default setting.
PAGE 337
4 Manage Routing This chapter covers the following topics: • • • • • • • • Routing concepts Routing table, routes and route preferences IPv4 routing IPv6 routing Routing VLANs Address Resolution Protocol Routing Information Protocol Router discovery and router advertisements 337
PAGE 338
AV Line of Fully Managed Switches M4250 Series Main User Manual Routing concepts The switch supports IP routing. When a packet enters the switch, the switch checks the destination MAC address to determine if it matches any of the configured routing interfaces. If it does, the switch searches the host table for a matching destination IP address. If a matching entry is found, the packet is routed to the host.
PAGE 339
AV Line of Fully Managed Switches M4250 Series Main User Manual 6. If you are changing an existing route, select the check box for the route. 7. From the Route Type menu, select one of the following route types: • Default: Specify the next hop address and preference. • Static: Specify the network address, subnet mask, next hop address, and preference. • Static Reject: Specify the network address, subnet mask, and preference. 8. In the Network Address field, enter the IP route prefix for the destination. 9.
PAGE 340
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 92. Learned routes information Field Description Network Address The IP route prefix for the destination. Subnet Mask The subnet/network mask, which indicates the portion of the IP interface address that identifies the attached network. Protocol The protocol that created the route: Local or Static. Route Type The type of route, depending on the protocol: Connected, Static, or Dynamic.
PAGE 341
AV Line of Fully Managed Switches M4250 Series Main User Manual 6. Select the check box for the route. 7. Click the Delete button. Your settings are saved. The route is removed. 8. To save the settings to the running configuration, click the Save icon. Specify route preferences You can configure the default preference for each protocol, for example, 60 for static routes or 120 for RIP. These values are arbitrary values in the range from 1 to 255 and are independent of route metrics.
PAGE 342
AV Line of Fully Managed Switches M4250 Series Main User Manual 8. Click the Apply button. Your settings are saved. The Local field displays the local route preference value. 9. To save the settings to the running configuration, click the Save icon. IPv4 routing You can enable or disable the IPv4 routing mode, configure the global IPv4 routing settings, configure IPv4 routing interfaces, add a secondary IP address to an IPv4 routing interface, and view IPv4 routing statistics.
PAGE 343
AV Line of Fully Managed Switches M4250 Series Main User Manual 8. Select the ICMP Redirects Enable or Disable radio button. The default is Disable. If you enable ICMP Redirects, the switch can forward ICMP Redirects. 9. In the ICMP Rate Limit Interval field, specify the number of ICMP error packets that are allowed per burst interval. By default, the burst interval is 1000 msec (the rate limit is 100 packets/sec). The interval is from 0 to 2147483647 msec.
PAGE 344
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 93. IPv4 routing configuration information (Continued) Field Description Maximum Routes The maximum number of routes supported by the switch. Maximum Static Routes The maximum number of static routes supported by the switch. Display the IPv4 statistics You can display the IPv4 routing statics for the switch. To display the IPv4 routing statistics for the switch: 1. Launch a web browser. 2.
PAGE 345
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 94. IP statistics information (Continued) Field Description IpInAddrErrors The number of input datagrams discarded because the IP address in their IP header's destination field was not a valid address to be received at this entity. This count includes invalid addresses (for example, 0.0.0.0) and addresses of unsupported classes (Class E).
PAGE 346
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 94. IP statistics information (Continued) Field Description IpReasmTimeout The maximum number of seconds for which received fragments are held while they are awaiting reassembly at this entity. IpReasmReqds The number of IP fragments received that were reassembled at this entity. IpReasmOKs The number of IP datagrams successfully re-assembled.
PAGE 347
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 94. IP statistics information (Continued) Field Description IcmpInEchoReps The number of ICMP echo reply messages received. IcmpInTimestamps The number of ICMP timestamp (request) messages received. IcmpInTimestampReps The number of ICMP rimestamp reply messages received. IcmpInAddrMasks The number of ICMP address mask request messages received. IcmpInAddrMaskReps The number of ICMP address mask reply messages received.
PAGE 348
AV Line of Fully Managed Switches M4250 Series Main User Manual To configure one or more IPv4 routing interfaces: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required.
PAGE 349
AV Line of Fully Managed Switches M4250 Series Main User Manual 10. If you select None from the IP Address Configuration Method menu, do the following: a. In the IP Address field, enter the IP address for the interface. b. In the Subnet Mask, enter the subnet mask for the interface. This is also referred to as the subnet/network mask, and defines the portion of the interface’s IP address that is used to identify the attached network. 11.
PAGE 350
AV Line of Fully Managed Switches M4250 Series Main User Manual 19. From the ICMP Redirects menu, select Enable or Disable to enable or disable the ICMP redirecting mode. The interface sends an ICMP redirect message only if this function is enabled both globally and on the interface. The default is Enable. 20. In the IP MTU field, specify the maximum size of IP packets that are sent on the interface. The IP MTU is the maximum frame size minus the length of the Layer 2 header.
PAGE 351
AV Line of Fully Managed Switches M4250 Series Main User Manual 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Routing> IP > Advanced > IP Interface Configuration.
PAGE 352
AV Line of Fully Managed Switches M4250 Series Main User Manual The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Routing> IP > Advanced > Secondary IP. The Secondary IP page displays. 6.
PAGE 353
AV Line of Fully Managed Switches M4250 Series Main User Manual 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Routing> IP > Advanced > Secondary IP. The Secondary IP page displays. 6. From the Routing Interface menu, select the interface. 7.
PAGE 354
AV Line of Fully Managed Switches M4250 Series Main User Manual The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Routing> IPv6 > Basic > Global Configuration. The Global Configuration page displays. 6. Select the IPv6 Unicast Routing Enable or Disable radio button.
PAGE 355
AV Line of Fully Managed Switches M4250 Series Main User Manual 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Routing> IPv6 > Basic > Route Table.
PAGE 356
AV Line of Fully Managed Switches M4250 Series Main User Manual To configure one or more IPv6 routing interfaces: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required.
PAGE 357
AV Line of Fully Managed Switches M4250 Series Main User Manual 10. From the Stateless Address AutoConfig Mode menu, select Enable or Disable to enable or disable the stateless address automatic configuration mode on the interface. The default value is Disable. 11. From the Routing Mode menu, select Enable or Disable to enable or disable the routing mode for the interface. The default is Disable. 12.
PAGE 358
AV Line of Fully Managed Switches M4250 Series Main User Manual The range is from 4 to 1800. The default is 600. 19. From the Adv Management Config Flag menu, select Enable or Disable to enable or disable the router advertisement “managed address configuration flag” for the interface. When enabled, end nodes use DHCPV6. When disabled, end nodes automatically configure addresses. The default is Disable. 20.
PAGE 359
AV Line of Fully Managed Switches M4250 Series Main User Manual To add or change prefix settings for an IPv6 routing interface: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required.
PAGE 360
AV Line of Fully Managed Switches M4250 Series Main User Manual 14. From the Autonomous Flag menu, to enable or disable the prefix from being used for on-link determination. If enabled, the prefix can be used for autonomous address configuration. 15. Do one of the following: • If you are adding a new prefix, click the Add button. Your settings are saved. The prefix is added for the interface. • If you are changing an existing prefix, click the Apply button. Your settings are saved.
PAGE 361
AV Line of Fully Managed Switches M4250 Series Main User Manual 9. To save the settings to the running configuration, click the Save icon. Display the IPv6 and ICMPv6 statistics for an IPv6 routing interface You can display the IPv6 and ICMPv6 statics for an IPv6 routing interface. To display the IPv6 and ICMPv6 statistics for an IPv6 routing interface: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3.
PAGE 362
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 99.
PAGE 363
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 99. IPv6 interface statistics information (Continued) Field Description Datagrams Failed To Reassemble The number of failures detected by the IPv6 reassembly algorithm (for whatever reason: timed out, errors, and so on). This is not necessarily a count of discarded IPv6 fragments since some algorithms (notably the algorithm in RFC 815) can lose track of the number of fragments by combining them as they are received.
PAGE 364
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 100. ICMPv6 interface statistics information Field Description Total ICMPv6 Messages Received The total number of ICMP messages received by the interface, which includes all those counted by IPv6IfIcmpInErrors. This interface is the interface to which the ICMP messages were addressed, which might not be the input interface for the messages.
PAGE 365
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 100. ICMPv6 interface statistics information (Continued) Field Description ICMPv6 Redirect Messages The number of ICMPv6 Redirect messaged received by the interface. Received ICMPv6 Group Membership Query The number of ICMPv6 Group Membership Query messages received Messages Received by the interface.
PAGE 366
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 100. ICMPv6 interface statistics information (Continued) Field Description ICMPv6 Router Solicit Messages The number of ICMP Neighbor Solicitation messages sent by the Transmitted interface. ICMPv6 Router Advertisement The number of ICMP Router Advertisement messages sent by the Messages Transmitted interface.
PAGE 367
AV Line of Fully Managed Switches M4250 Series Main User Manual 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Routing> IPv6 > Advanced > Neighbor Table. The Neighbor Table page displays. 6.
PAGE 368
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 101. IPv6 Advanced Neighbor Table (Continued) Field Description Neighbor State The state of the neighbor cache entry. Following are the states for dynamic entries in the IPv6 neighbor discovery cache: • Incmp: Address resolution is being performed on the entry. A neighbor solicitation message was sent to the solicited-node multicast address of the target, but the corresponding neighbor advertisement message was not yet received.
PAGE 369
AV Line of Fully Managed Switches M4250 Series Main User Manual The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Routing> IPv6 > Advanced > Static Route Configuration. The Static Route Configuration page displays. 6. If you are changing en existing route, select the check box for the route. The only field you can change is the preference for the route.
PAGE 370
AV Line of Fully Managed Switches M4250 Series Main User Manual Delete an IPv6 static route You can delete an IPv6 static route that you no longer need. To delete an IPv6 static route: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button.
PAGE 371
AV Line of Fully Managed Switches M4250 Series Main User Manual 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Routing> IPv6 > Advanced > Route Preference.
PAGE 372
AV Line of Fully Managed Switches M4250 Series Main User Manual 6. If you are changing en existing tunnel, select the check box for the route. 7. From the Tunnel ID menu, select a tunnel ID. 8. From the Mode menu, select one of the following modes: • 6-in-4-configured: This mode encapsulates IPv6 packets on an IPv4 interface. • 6-to-4: This mode encapsulates IPv6 packets and derives the endpoint IPv4 address from the IPv6 addresses in the IPv6 packet. 9.
PAGE 373
AV Line of Fully Managed Switches M4250 Series Main User Manual 17. To save the settings to the running configuration, click the Save icon. Delete an IPv6 tunnel You can delete an IPv6 tunnel that you no longer need. To delete an IPv6 tunnel: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4.
PAGE 374
AV Line of Fully Managed Switches M4250 Series Main User Manual Because an interface can belong to more than one VLAN, VLAN routing might be enabled for all of the VLANs on the interface, or for a subset. VLAN routing can be used to allow more than one physical port to reside on the same subnet. It could also be used when a VLAN spans multiple physical networks, or when additional segmentation or security is required. An interface can be either a VLAN interface or a routing interface, but not both.
PAGE 375
AV Line of Fully Managed Switches M4250 Series Main User Manual 6. In the VLAN ID field, specify the VLAN identifier (VID) that must be associated with the VLAN. The range is from 1 to 4093. 7. In the IP Address field, specify the IPv4 address for the VLAN routing interface. 8. In the Network Mask field, specify the subnet mask for the VLAN routing interface. 9.
PAGE 376
AV Line of Fully Managed Switches M4250 Series Main User Manual The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Routing> VLAN > VLAN Routing. The VLAN Routing page displays. 6. If you are changing an existing routing VLAN, select the check box for the VLAN. 7. If you are adding a new routing VLAN, from the VLAN ID menu, select the VLAN ID.
PAGE 377
AV Line of Fully Managed Switches M4250 Series Main User Manual The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Routing> VLAN > VLAN Routing. The VLAN Routing page displays. 6. Select the check box for the VLAN.
PAGE 378
AV Line of Fully Managed Switches M4250 Series Main User Manual A device can be moved in a network, which means that the device’s IP address that was associated with one MAC address is now associated with another MAC address. A device can also disappear from the network altogether (for example, it was reconfigured, disconnected, or powered off). These situations cause stale information in the ARP cache. Therefore, entries are updated or periodically refreshed to determine if an address still exists.
PAGE 379
AV Line of Fully Managed Switches M4250 Series Main User Manual • Rows per page: Select how many table entries are displayed per page. Possible values are 20, 50, 100, 200, and All. If you select All, the browser might be slow to display the information. • <. Display the previous page of the table data entries. • >. Display the next page of the table data entries. 6. To refresh the page, click the Refresh button.
PAGE 380
AV Line of Fully Managed Switches M4250 Series Main User Manual • If you are changing an existing ARP entry, click the Apply button. Your settings are saved. 10. To save the settings to the running configuration, click the Save icon. The ARP table can be large. The pagination navigation menu functions as follows: • Rows per page: Select how many table entries are displayed per page. Possible values are 20, 50, 100, 200, and All. If you select All, the browser might be slow to display the information.
PAGE 381
AV Line of Fully Managed Switches M4250 Series Main User Manual The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Routing> ARP > Advanced > ARP Create. The ARP Create page displays. 6.
PAGE 382
AV Line of Fully Managed Switches M4250 Series Main User Manual The range is from 15 to 21600 seconds. The default is 1200 seconds. 7. In the Response Time field, specify the period in seconds that the switch waits for an ARP response to an ARP request that it sends. The range is from 1 to 10 seconds. The default is 1 second. 8. In the Retries field, specify the maximum number of times an ARP request is retried after the switch does not receive an ARP response. This number includes the initial ARP request.
PAGE 383
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 104. ARP Table Configuration Field Description Total Entry Count The total number of entries in the ARP table. Peak Total Entries The highest value reached in the Total Entry Count field. This counter is restarted when you change the size of the ARP table cache. Active Static Entries The total number of active static entries in the ARP table.
PAGE 384
AV Line of Fully Managed Switches M4250 Series Main User Manual • Prevent any RIP packets from being sent. Enable or disable RIP on the switch By default, RIP is enabled on the switch. To enable or disable RIP on the switch: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4.
PAGE 385
AV Line of Fully Managed Switches M4250 Series Main User Manual The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Routing > RIP > Advanced > RIP Configuration. The RIP Configuration page displays. 6.
PAGE 386
AV Line of Fully Managed Switches M4250 Series Main User Manual Your settings are saved. 13. To save the settings to the running configuration, click the Save icon. The following table describes the nonconfigurable fields on the page. Table 105. RIP configuration information Field Description Global Route Changes The number of route changes made to the IP route database by RIP. This does not include the refreshing of a route after it aged out.
PAGE 387
AV Line of Fully Managed Switches M4250 Series Main User Manual • To configure a single interface, select the check box associated with the interface, or type the interface number in the Go To Interface field and click the Go button. • To configure multiple interfaces with the same settings, select the check box associated with each interface. • To configure all interfaces with the same settings, select the check box in the heading row. 8.
PAGE 388
AV Line of Fully Managed Switches M4250 Series Main User Manual 13. Click the Apply button. Your settings are saved. 14. To refresh the page, click the Refresh button. 15. To save the settings to the running configuration, click the Save icon. The following table describes the nonconfigurable fields on the page. Table 106.
PAGE 389
AV Line of Fully Managed Switches M4250 Series Main User Manual The System Information page displays. 5. Select Routing > RIP > Advanced > Route Redistribution. The Route Redistribution page displays. The options that you can select from the Source menu consist of only those source routes that are already configured for redistribution by RIP. This allows you to configure another source route among the available source routes. 6.
PAGE 390
AV Line of Fully Managed Switches M4250 Series Main User Manual When an access list rule includes a destination IP address and netmask (an extended access list), the destination IP address is compared to the network mask of the destination of the route. The destination netmask in the access list serves as a wildcard mask, indicating which bits in the route's destination mask are significant for the filtering operation. 10. Click the Apply button. Your settings are saved. 11.
PAGE 391
AV Line of Fully Managed Switches M4250 Series Main User Manual 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Routing > Router Discovery > Router Discovery Configuration. The Router Discovery Configuration page displays. 6.
PAGE 392
AV Line of Fully Managed Switches M4250 Series Main User Manual 13. In the Preference Level field, specify the preference level of the router interface as a default router relative to other routers on the same subnet. A higher number means that the advertized address receives a higher preference. The default is 0. 14. Click the Apply button. Your settings are saved. 15. To save the settings to the running configuration, click the Save icon.
PAGE 393
5 Configure Multicast Routing This chapter covers the following topics: • • • • • • • • • IPv4 multicast routing and the IPv4 multicast route table IGMP for IPv4 multicast routing PIM for IPv4 multicast routing Static multicast routes for IPv4 addresses Multicast admin boundaries for IPv4 addresses IPv6 multicast routing and the IPv6 multicast route table PIM for IPv6 multicast routing MLD for IPv6 multicast routing Static multicast routes for IPv6 addresses 393
PAGE 394
AV Line of Fully Managed Switches M4250 Series Main User Manual IPv4 multicast routing and the IPv4 multicast route table Multicast is best suited for video and audio traffic requiring multicast packet control for optimal operation. Multicast for IPv4 includes support for IGMPv1, IGMPv2, and IGMPv3. Communication from point to multipoint is called multicasting. The source host (point) transmits a message to a group of zero or more hosts (multipoint) that are identified by a single IPv4 destination address.
PAGE 395
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 108. Multicast IPv4 Mroute table information Field Description Group IP The destination group IPv4 address. Source IP The IPv4 address of the multicast packet source to be combined with the group IPv4 to fully identify a single route. Incoming Interface The incoming interface on which multicast packets for this source/group arrive.
PAGE 396
AV Line of Fully Managed Switches M4250 Series Main User Manual The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Routing > Multicast > Mroute Static-Multicast Configuration. The Mroute Static-Multicast Configuration page displays. 6. In the Group IP field, specify the multicast group IP address. 7.
PAGE 397
AV Line of Fully Managed Switches M4250 Series Main User Manual The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Routing > Multicast > Mroute Static-Multicast Configuration. The Mroute Static-Multicast Configuration page displays. 6. Select the check box for the multicast entry. 7. Click the Delete button. Your settings are saved.
PAGE 398
AV Line of Fully Managed Switches M4250 Series Main User Manual 8. To save the settings to the running configuration, click the Save icon. The following table describes the nonconfigurable fields on the page. Table 110. Multicast global configuration information Field Description Protocol State The operational state of multicast forwarding. Table Maximum Entry Count The maximum number of entries in the Mroute table.
PAGE 399
AV Line of Fully Managed Switches M4250 Series Main User Manual 7. Select one or more interfaces by taking one of the following actions: • To configure a single interface, select the check box associated with the interface, or type the interface number in the Go To Interface field and click the Go button. • To configure multiple interfaces with the same settings, select the check box associated with each interface.
PAGE 400
AV Line of Fully Managed Switches M4250 Series Main User Manual The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Routing > Multicast > IGMP > Global Configuration. The Global Configuration page displays. 6.
PAGE 401
AV Line of Fully Managed Switches M4250 Series Main User Manual • 1: Only physical interfaces are displayed. This is the default setting. • VLANS: Only VLANs are displayed. • All: Both physical interfaces and VLANs are displayed. 7. Select one or more interfaces by taking one of the following actions: • To configure a single interface, select the check box associated with the interface, or type the interface number in the Go To Interface field and click the Go button.
PAGE 402
AV Line of Fully Managed Switches M4250 Series Main User Manual This value is the maximum response time to be inserted into group-specific queries sent in response to leave group messages, and is also the period between group-specific query messages. The value is from 0 to 255. The default is 10. This value is not used for IGMP version 1. 16. In the Last Member Query Count field, enter the number of queries to be sent on receiving a leave group report. The value is from 1 to 20. The default is 2. 17.
PAGE 403
AV Line of Fully Managed Switches M4250 Series Main User Manual The following table describes the nonconfigurable fields on the page. Table 111. IGMP routing interface statistics information Field Description Interface The interface on which IGMP is enabled. IP Address The IP address of the interface. Subnet Mask The subnet mask for the IP address of the interface. Protocol State The operational state of IGMP on the interface (Operational or Non-Operational).
PAGE 404
AV Line of Fully Managed Switches M4250 Series Main User Manual To display the IGMP groups and search the IGMP group database: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required.
PAGE 405
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 112. IGMP group information (Continued) Field Description Up Time The period elapsed since this entry was created. Expiry Time The period remaining before this entry is aged out. Version 1 Host Timer The period remaining until the switch determines that no IGMP version 1 members are on the IP subnet attached to the interface. When an IGMPv1 membership report is received, this timer is reset to the group membership timer.
PAGE 406
AV Line of Fully Managed Switches M4250 Series Main User Manual The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Routing > Multicast > IGMP > IGMP Membership. The IGMP Membership page displays. 6.
PAGE 407
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 113. IGMP membership information (Continued) Field Description Source Hosts The source IP addresses that are members of the multicast address. Expiry Time The expiration time that applies to each source IP address that is a member of the multicast group. This is the period after which the source entry ages out. Configure an IGMP proxy interface You can configure an IGMP proxy interface.
PAGE 408
AV Line of Fully Managed Switches M4250 Series Main User Manual 8. In the Unsolicited Report Interval field, specify the period in seconds between repetitions of a host's initial report of membership in a group. The range is from 1 to 260. The default is 1. 9. Click the Apply button. Your settings are saved. 10. To save the settings to the running configuration, click the Save icon. The following table describes the nonconfigurable fields on the page. Table 114.
PAGE 409
AV Line of Fully Managed Switches M4250 Series Main User Manual To display the statistics for the IGMP proxy interface: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required.
PAGE 410
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 115. IGMP proxy interface statistics information (Continued) Field Description Leaves Received The number of IGMP leave messages received. Leaves Sent The number of IGMP leave messages sent. Display the IGMP proxy membership and search the IGMP proxy membership database You can display the IGMP proxy membership information and search the IGMP proxy membership database by group.
PAGE 411
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 116. IGMP proxy membership information Field Description Proxy Interface The interface on which the IGMP proxy is enabled. Group IP The multicast group IPv4 address. Source Hosts The source addresses that are members of the multicast group. Last Reporter The source IPv4 address that sent the last membership report for the multicast group on the IGMP proxy interface. Up Time The time elapsed since the entry was created.
PAGE 412
AV Line of Fully Managed Switches M4250 Series Main User Manual Configure the global PIM IPv4 settings on the switch Depending on your IPv4 network needs, you can globally enable PIM Sparse Mode (PIM-SM) or PIM Dense Mode (PIM-DM) on the switch. To configure the global PIM IPv4 settings on the switch: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button.
PAGE 413
AV Line of Fully Managed Switches M4250 Series Main User Manual To add an IPv4 PIM-SSM group: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required.
PAGE 414
AV Line of Fully Managed Switches M4250 Series Main User Manual The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Routing > Multicast > Mroute Static-Multicast Configuration. The Mroute Static-Multicast Configuration page displays. 6. Select the check box for the PIM-SSM group. 7. Click the Delete button. Your settings are saved.
PAGE 415
AV Line of Fully Managed Switches M4250 Series Main User Manual • To configure a single interface, select the check box associated with the interface, or type the interface number in the Go To Interface field and click the Go button. • To configure multiple interfaces with the same settings, select the check box associated with each interface. • To configure all interfaces with the same settings, select the check box in the heading row. 8.
PAGE 416
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 117. IPv4 PIM interface configuration information (Continued) Field Description Designated Router The IPv4 address of the designated router on the PIM interface. Neighbor Count The number of PIM neighbors on the PIM interface. Display IPv4 PIM neighbors and search the PIM neighbor database You can display the IPv4 PIM neighbor information and search the PIM neighbors database by interface or by neighbor IP address.
PAGE 417
AV Line of Fully Managed Switches M4250 Series Main User Manual 7. To refresh the page, click the Refresh button. The following table describes the nonconfigurable fields on the page. Table 118. IPv4 PIM neighbor information Field Description Interface The interface on which the PIM neighbor is connected. Neighbor IP The IPv4 address of the PIM neighbor. Up Time (hh:mm:ss) The time that passed since the PIM device became a neighbor of the interface.
PAGE 418
AV Line of Fully Managed Switches M4250 Series Main User Manual 8. In the Group Mask field, enter the group address mask that is transmitted in candidate-RP-advertisements. 9. In the C-RP Advertisement Interval field, specify the period in seconds at which candidate-RP-advertisements are sent as unicast traffic to the bootstrap router (BSR). The range is from 1 to 16383 seconds. 10. Click the Add button. Your settings are saved. The PIM candidate RP is added. 11.
PAGE 419
AV Line of Fully Managed Switches M4250 Series Main User Manual Configure an interface as an IPv4 PIM bootstrap router candidate You can configure an interface as an IPv4 PIM bootstrap router (BSR) candidate. To configure an interface as an IPv4 PIM BSR candidate: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4.
PAGE 420
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 119. IPv4 PIM BSR candidate configuration information Field Description BSR Expiry Time (hh:mm:ss) The time (in hours, minutes and seconds) after which the learned elected BSR expires. IP Address The IPv4 address of the elected BSR. Next bootstrap Message The time (in hours, minutes, and seconds) after which the next bootstrap (hh:mm:ss) message is due from the BSR.
PAGE 421
AV Line of Fully Managed Switches M4250 Series Main User Manual 8. To save the settings to the running configuration, click the Save icon. Configure a static IPv4 PIM rendezvous point for a group You can add a new or change an existing static IPv4 PIM rendezvous point (RP) for a group. To add or change a static IPv4 PIM RP for a group: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button.
PAGE 422
AV Line of Fully Managed Switches M4250 Series Main User Manual Delete a static IPv4 PIM rendezvous point configuration You can delete a static IPv4 PIM rendezvous point (RP) configuration that you no longer need for a group. To delete a static IPv4 PIM RP configuration for a group: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4.
PAGE 423
AV Line of Fully Managed Switches M4250 Series Main User Manual To add or change a static IPv4 multicast route: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required.
PAGE 424
AV Line of Fully Managed Switches M4250 Series Main User Manual To delete a static IPv4 multicast route: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required.
PAGE 425
AV Line of Fully Managed Switches M4250 Series Main User Manual 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Routing > Multicast > Admin Boundary Configuration.
PAGE 426
AV Line of Fully Managed Switches M4250 Series Main User Manual The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Routing > Multicast > Admin Boundary Configuration. The Admin Boundary Configuration page displays. 6. Select the check box for the interface. 7. Click the Delete button. Your settings are saved. The static route is deleted fro the interface.
PAGE 427
AV Line of Fully Managed Switches M4250 Series Main User Manual The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Routing > IPv6 Multicast > Mroute Table. The Mroute Table page displays. 6.
PAGE 428
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 120. Multicast IPv6 Mroute table information (Continued) Field Description Protocol The multicast routing protocol which dynamically created this entry. The possible values are as follows: • PIM-DM • PIM-SM Flags The value displayed in this field is valid if the multicast routing protocol is PIM-SM. The possible values are RPT and SPT. For other protocols a “------” is displayed.
PAGE 429
AV Line of Fully Managed Switches M4250 Series Main User Manual The Global Configuration page displays. 6. Select one of the following Admin Mode radio buttons: • Disable: PIM is disabled on the switch. This is the default setting. • PIM-SM: PIM Sparse Mode is enabled on the switch. • PIM-DM: PIM Dense Mode is enabled on the switch. 7. Click the Apply button. Your settings are saved. 8. To save the settings to the running configuration, click the Save icon.
PAGE 430
AV Line of Fully Managed Switches M4250 Series Main User Manual 7. In the SSM Group Mask field, enter the source-specific multicast group IPv6 address prefix. 8. Click the Add button. Your settings are saved. The group is added. 9. To save the settings to the running configuration, click the Save icon. Delete an IPv6 PIM-SSM group You can delete an IPv6 PIM-SSM group that you no longer need. To delete an IPv6 PIM-SSM group: 1. Launch a web browser. 2.
PAGE 431
AV Line of Fully Managed Switches M4250 Series Main User Manual The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5.
PAGE 432
AV Line of Fully Managed Switches M4250 Series Main User Manual The default is Disable. 12. In the DR Priority field, specify the designated router (DR) priority for the interface. The range is from 0 to 2147483647. The default is 1. 13. Click the Apply button. Your settings are saved. 14. To save the settings to the running configuration, click the Save icon. The following table describes the nonconfigurable field on the page. Table 121.
PAGE 433
AV Line of Fully Managed Switches M4250 Series Main User Manual 5. Select Routing > IPv6 Multicast > IPv6 PIM > PIM Neighbor. The PIM Neighbor page displays. 6. To search for IGMP group entries by interface or group, select one of the following options from the Search menu: • Interface: Select Interface from the menu, specify the interface in unit/port format (for example 0/8), and click the Go button. If the entry exists, the entry is displayed as the first entry, followed by the remaining entries.
PAGE 434
AV Line of Fully Managed Switches M4250 Series Main User Manual The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Routing > IPv6 Multicast > IPv6 PIM > Candidate RP Configuration.
PAGE 435
AV Line of Fully Managed Switches M4250 Series Main User Manual The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Routing > IPv6 Multicast > IPv6 PIM > Candidate RP Configuration. The Candidate RP Configuration page displays. 6. From the Interface menu, select the interface. 7. Select the check box for the PIM candidate RP. 8. Click the Delete button.
PAGE 436
AV Line of Fully Managed Switches M4250 Series Main User Manual 8. In the Priority field, specify the priority for the BSR candidate. The range is from 0 to 255. The default is 0. 9. In the Advertisement Interval field, specify the period in seconds between advertisements. The range is from 1 to 16383. The default is 60. 10. Click the Apply button. Your settings are saved. 11. To save the settings to the running configuration, click the Save icon. 12. To refresh the page, click the Refresh button.
PAGE 437
AV Line of Fully Managed Switches M4250 Series Main User Manual 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Routing > IPv6 Multicast > IPv6 PIM > BSR Candidate Configuration. The BSR Candidate Configuration page displays. 6.
PAGE 438
AV Line of Fully Managed Switches M4250 Series Main User Manual 8. In the Group Address field, specify the IPv6 address for the group to which the static RP applies. 9. In the Prefix Length field, specify the IPv6 prefix length for the group to which the static RP applies. 10. From the Override menu, select Enable or Disable to enable or disable the override capacity of a static RP over an RP that is learned from a BSR.
PAGE 439
AV Line of Fully Managed Switches M4250 Series Main User Manual Your settings are saved. The static RP configuration is deleted for the group. 8. To save the settings to the running configuration, click the Save icon. MLD for IPv6 multicast routing You can configure the Multicast Listener Discovery (MLD) settings and view the MLD statistics.
PAGE 440
AV Line of Fully Managed Switches M4250 Series Main User Manual 6. Select the Admin Mode Enable or Disable radio button to enable or disable MLD on the switch. The default is Disable. 7. Click the Apply button. Your settings are saved. 8. To save the settings to the running configuration, click the Save icon. Configure an MLD routing interface You can configure one or more MLD routing interfaces. To configure an MLD routing interface: 1. Launch a web browser. 2.
PAGE 441
AV Line of Fully Managed Switches M4250 Series Main User Manual • To configure all interfaces with the same settings, select the check box in the heading row. 8. From the Admin Mode menu, select Enable or Disable to enable or disable MLD for the interface. The default is Disable. 9. In the Version field, specify the version of MLD for the interface. The version can be 1 or 2. The default is 2. 10.
PAGE 442
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 124. MLD Routing Interface Configuration Field Description Operational Mode The operational status of MLD on the Interface. Robustness The robustness setting for the interface. The default value is 2. Display the statistics for the MLD routing interfaces You can display the statics for the MLD routing interfaces. To display the statistics for the MLD routing interfaces: 1. Launch a web browser. 2.
PAGE 443
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 125. MLD routing interface statistics information Field Description Interface The interface on which MLD is enabled. Querier Status Indicates if the interface is an MLD querier or non-querier on the IPv6 subnet it is associated with. Querier IP The IPv6 address of the MLD querier on the IPv6 subnet to which the interface is attached. Querier Up Time The period in seconds since the MLD interface querier was last changed.
PAGE 444
AV Line of Fully Managed Switches M4250 Series Main User Manual The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Routing > IPv6 Multicast > MLD > MLD Groups. The MLD Groups page displays. 6.
PAGE 445
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 126. MLD groups information (Continued) Field Description Source Hosts The source addresses that are members of the multicast address. Source Address (Expiry Time) The expiration time after which each source address that is a member of the multicast group ages out. Display or clear MLD traffic statistics You can view the MLD traffic statistics and clear these statistics. To view or clear IPv6 MLD traffic statistics: 1.
PAGE 446
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 127. MLD traffic statistics information Field Description Valid MLD Packets Received The number of valid MLD packets received by the switch. Valid MLD Packets Sent The number of valid MLD packets sent by the switch. Queries Received The number of valid MLD queries received by the switch. Queries Sent The number of valid MLD queries sent by the switch. Reports Received The number of valid MLD reports received by the switch.
PAGE 447
AV Line of Fully Managed Switches M4250 Series Main User Manual 6. From the Interface menu, select the interface that must function as the IGMP proxy interface. 7. From the Admin Mode menu, select Enable or Disable to enable or disable the IGMP proxy capability on the interface. The default is Disable. 8. In the Unsolicited Report Interval field, specify the period in seconds between repetitions of a host's initial report of membership in a group. The range is from 1 to 260. The default is 1. 9.
PAGE 448
AV Line of Fully Managed Switches M4250 Series Main User Manual To display the statistics for the MLD proxy interface: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required.
PAGE 449
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 129. MLD proxy interface statistics information (Continued) Field Description Leaves Received The number of MLD proxy leave messages received. Leaves Sent The number of MLD proxy leave messages sent. Display the MLD proxy membership and search the MLD proxy membership database You can display the MLD proxy membership information and search the MLD proxy membership database by group.
PAGE 450
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 130. MLD proxy membership information Field Description Proxy Interface The interface on which the MLD proxy is enabled. Group IP The IPv6 multicast group address. Source Hosts The source addresses that are members of the multicast group. Last Reporter The source IPv6 address that sent the last membership report for the multicast group on the MLD proxy interface. Up Time The time elapsed since this entry was created.
PAGE 451
AV Line of Fully Managed Switches M4250 Series Main User Manual Configure static multicast routes for IPv6 addresses You can add a new or change an existing static IPv6 multicast route. To add or change a static IPv6 multicast route: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4.
PAGE 452
AV Line of Fully Managed Switches M4250 Series Main User Manual 13. To save the settings to the running configuration, click the Save icon. Delete a static multicast route for an IPv6 address You can delete a static IPv6 multicast route that you no longer need. To delete a static multicast route: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab.
PAGE 453
6 Configure Quality of Service This chapter covers the following topics: • • • Quality of Service concepts Class of Service Differentiated Services 453
PAGE 454
AV Line of Fully Managed Switches M4250 Series Main User Manual Quality of Service concepts In a switch, each physical port consists of one or more queues for transmitting packets on the attached network. Multiple queues per port are often provided to give preference to certain packets over others based on user-defined criteria.
PAGE 455
AV Line of Fully Managed Switches M4250 Series Main User Manual Alternatively, when a port is configured as untrusted, it does not trust any incoming packet priority designation and uses the port default priority value instead. All packets arriving at the ingress of an untrusted port are directed to a specific CoS queue on the appropriate egress ports, in accordance with the configured default priority of the ingress port.
PAGE 456
AV Line of Fully Managed Switches M4250 Series Main User Manual • To configure the same CoS trust mode settings for all CoS configurable interfaces, do the following: a. Select the Global radio button. b. From the Global Trust Mode menu, select one of the following trust mode options for ingress traffic on the switch: • untrusted: Do not trust any CoS packet marking at ingress. • trust dot1p: The eight priority tags that are specified in IEEE 802.1p are p0 to p7.
PAGE 457
AV Line of Fully Managed Switches M4250 Series Main User Manual mapping allows the switch to group various traffic types (for example, data or voice) based on their latency requirements and give preference to time-sensitive traffic. To map 802.1p priorities to queues for all interfaces or individual interfaces 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button.
PAGE 458
AV Line of Fully Managed Switches M4250 Series Main User Manual 9. To save the settings to the running configuration, click the Save icon. Map DSCP values to queues You can map an internal traffic class to a DSCP value. To map DSCP values to queues: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4.
PAGE 459
AV Line of Fully Managed Switches M4250 Series Main User Manual 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select QoS > CoS > Advanced > CoS Interface Configuration.
PAGE 460
AV Line of Fully Managed Switches M4250 Series Main User Manual maximum bandwidth configuration. It is effectively a second-level shaping mechanism. The default value is 0. The value 0 means that the maximum is unlimited. The expected shaping at egress interface is calculated as follows: • frameSize × shaping/(frameSize + IFG), where IFG (Inter frame gap) is 20 bytes, • frameSize is configured frame size, and shaping is configured traffic shaping.
PAGE 461
AV Line of Fully Managed Switches M4250 Series Main User Manual • 1 (the unit ID of the switch): Only physical interfaces are displayed. This is the default setting. • LAG: Only LAGs are displayed. • All: Both physical interfaces and LAGs are displayed. 7. Select one or more interfaces by taking one of the following actions: • To configure a single interface, select the check box associated with the port, or type the port number in the Go To Interface field and click the Go button.
PAGE 462
AV Line of Fully Managed Switches M4250 Series Main User Manual 12. Click the Apply button. Your settings are saved. 13. To save the settings to the running configuration, click the Save icon. Configure the CoS WRED precedence settings for dropping packets If you use the Weighted Random Early Detection (WRED) method as the queue depth management method (see Configure CoS queue settings for an interface on page 460), you can configure the precedence settings for dropping packets if a queue is full.
PAGE 463
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 132. Default values for drop precedence levels Drop precedence level WRED Minimum Threshold WRED Maximum Threshold WRED Drop Probability Scale 1 40 100 10 2 30 90 10 3 20 80 10 4 99 100 10 9. In the WRED Minimum Threshold field, specify the WRED minimum queue threshold below which no packets are dropped for the selected drop precedence level. The range is from 0 to 100. 10.
PAGE 464
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 133. CoS Interface Queue Drop Precedence Status (Continued) Field Description WRED Maximum Threshold The weighted RED maximum queue threshold value. WRED Drop Probability Scale The packet drop probability value. Differentiated Services The QoS feature contains Differentiated Services (DiffServ) support that allows traffic to be classified into streams and given certain QoS treatment in accordance with defined per-hop behaviors.
PAGE 465
AV Line of Fully Managed Switches M4250 Series Main User Manual can be defined on a per-class instance basis, and it is these attributes that are applied when a match occurs. • The configuration process begins with defining one or more match criteria for a class. Then one or more classes are added to a policy. Policies are then added to interfaces. Packet processing begins by testing the match criteria for a packet.
PAGE 466
AV Line of Fully Managed Switches M4250 Series Main User Manual • • Policing disabled: If policing is disabled, all traffic is marked as follows: - High: Sets the policy mark to ipdscp ef. - Medium: Sets the policy mark to ipdscp af31. - Low: Sets the policy mark to ipdscp be. Adds each selected port and LAG to the policy.
PAGE 467
AV Line of Fully Managed Switches M4250 Series Main User Manual 8. To disable policing, clear the Policing check box. By default, policing is enabled. 9. From the Outbound Priority menu, select the priority for outbound traffic: • High: The way this setting is applied depends on whether policing is enabled: • Policing enabled: High sets the action to mark dscp ef. • Policing disabled: High sets the action to mark ipdscp ef.
PAGE 468
AV Line of Fully Managed Switches M4250 Series Main User Manual 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select QoS > DiffServ > Basic > DiffServ Configuration. The DiffServ Configuration page displays. 6.
PAGE 469
AV Line of Fully Managed Switches M4250 Series Main User Manual Add and configure a DiffServ class To add and configure a DiffServ class: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required.
PAGE 470
AV Line of Fully Managed Switches M4250 Series Main User Manual The class name is a hyperlink to the page on which you can define the class configuration (see the following figure). 10. Define the criteria that must be associated with the DiffServ class by selecting one of the following radio buttons: • Match Every: Select this radio button to add a match condition that considers all packets to belong to the class. The only selection from the Match Every menu is Any.
PAGE 471
AV Line of Fully Managed Switches M4250 Series Main User Manual • Secondary VLAN: Select this radio button to require a packet’s VLAN ID to match a secondary VLAN ID. The VLAN value is in the range from 1 to 4093. • Ethernet Type: Select this radio button to require the EtherType value in the Ethernet frame header to match the specified EtherType value. After you select the radio button, select the EtherType keyword from the menu of common protocols that are mapped to their Ethertype value.
PAGE 472
AV Line of Fully Managed Switches M4250 Series Main User Manual • Mask: The bit mask in IP dotted-decimal format indicating which parts of the source IP address to use for matching against packet content. • Source L4 Port: Select this radio button to require a packet’s TCP/UDP source port to match the specified protocol, which you must select from the menu. You can also select Other from the menu and enter a port number from 0 to 65535.
PAGE 473
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 135. DiffServ Class Configuration, Class Summary information Field Description Match Criteria The configured match criteria for the specified class. Values The values of the configured match criteria. Rename an existing DiffServ class To rename an existing DiffServ class: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3.
PAGE 474
AV Line of Fully Managed Switches M4250 Series Main User Manual 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select QoS > DiffServ > Advanced > Class Configuration. The Class Configuration page displays. 6. Click the class name, which is a hyperlink.
PAGE 475
AV Line of Fully Managed Switches M4250 Series Main User Manual Configure an IPv6 DiffServ class The switch supports QoS ACL and DiffServ functionality for IPv6 by providing support for IPv6 packet classification. An IPv6 ACL serves the same purpose as an IPv4 ACL. An Ethernet IPv6 packet is distinguished from an IPv4 packet by its unique Ethertype value, so all IPv6 classifiers include the Ethertype field, even though you cannot configure its value for an IPv6 class on the switch.
PAGE 476
AV Line of Fully Managed Switches M4250 Series Main User Manual For example, if the class includes one criterion for an IP address and another criterion for a MAC address, the traffic must match both criteria. • Any: Any match criterion that you define for the class must be satisfied for a packet match. For example, if the class includes one criterion for an IP address and another criterion for a MAC address, the traffic must match either one of the criteria but does not need to match both criteria.
PAGE 477
AV Line of Fully Managed Switches M4250 Series Main User Manual • Reference Class: Select this radio button to reference another class for criteria. The match criteria defined in the reference class function as match criteria in addition to the match criteria that you define for the selected class. After selecting this option, the classes that can be referenced are displayed. Select the class to reference. A class can reference one other class of the same type.
PAGE 478
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 136. IPv6 DiffServ class configuration class summary Field Description Match Criteria The configured match criteria for the specified class. Values The values of the configured match criteria. Rename an existing IPv6 DiffServ class To rename an existing IPv6 DiffServ class: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3.
PAGE 479
AV Line of Fully Managed Switches M4250 Series Main User Manual 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select QoS > DiffServ > Advanced > IPv6 Class Configuration. The Class Configuration page displays. 6. Click the class name, which is a hyperlink.
PAGE 480
AV Line of Fully Managed Switches M4250 Series Main User Manual Configure a DiffServ policy You can associate a collection of classes with one or more policies. Create and configure a DiffServ policy To create and configure a DiffServ policy: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4.
PAGE 481
AV Line of Fully Managed Switches M4250 Series Main User Manual The policy name is a hyperlink to the page on which you can define the policy attributes (see the following figure, which does not show the Two Rate section of the page). 11. Configure the policy attributes by selecting one of the following radio buttons: • Assign Queue: Select this radio button to specify that traffic must be assigned to a queue, which you must select from the menu. The queue is expressed as a value in the range from 0 to 7.
PAGE 482
AV Line of Fully Managed Switches M4250 Series Main User Manual • Mark IP DSCP: Select this radio button to require packet to be marked with an IP DSCP keyword code, which you must select from the menu. The DSCP value is defined as the high-order 6 bits of the Service Type octet in the IP header. • Simple Policy: Select this radio button to define the simple traffic policing style for the class. By default, the simple policy is color blind, and color classes do not apply.
PAGE 483
AV Line of Fully Managed Switches M4250 Series Main User Manual requires that the Mark IP Precedence field is set. You must select an IP precedence value from 0 to 7 from the menu. • Mark IP DSCP: Packets are marked by DiffServ with the specified DSCP value before being forwarded. This selection requires that the DSCP field is set. You must either select a DSCP code from the menu or enter an IP DSCP value from 0 to 63 in the field next to the menu.
PAGE 484
AV Line of Fully Managed Switches M4250 Series Main User Manual A two-rate policy supports two data rates and results in and action for packets that conform to the policy and an action for packets that violate the policy. a. Specify the color class: • Color Blind: This is the default selection. Color classes do not apply. • Color Aware: Select this radio button to require a color class that is valid for use with this policy instance.
PAGE 485
AV Line of Fully Managed Switches M4250 Series Main User Manual • Mark IP Precedence: These packets are marked by DiffServ with the specified IP Precedence value before being forwarded. This selection requires that the Mark IP Precedence field is set. You must select an IP precedence value from 0 to 7 from the menu. • Mark IP DSCP: Packets are marked by DiffServ with the specified DSCP value before being forwarded. This selection requires that the DSCP field is set.
PAGE 486
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 137. DiffServ policy configuration, policy attributes Field Description Policy Name The name of the DiffServ policy. Policy Type The type of the policy (In or Out). Member Class Name The class instances that are associated within the policy. Rename an existing DiffServ policy To rename an existing DiffServ policy: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch.
PAGE 487
AV Line of Fully Managed Switches M4250 Series Main User Manual 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select QoS > DiffServ > Advanced > Policy Configuration. The Policy Configuration page displays. 6. Click the policy name, which is a hyperlink.
PAGE 488
AV Line of Fully Managed Switches M4250 Series Main User Manual 8. Click the Apply button. Your settings are saved. 9. To save the settings to the running configuration, click the Save icon. Delete a DiffServ policy To delete a DiffServ policy: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4.
PAGE 489
AV Line of Fully Managed Switches M4250 Series Main User Manual The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select QoS > DiffServ > Advanced > Service Interface Configuration. The Service Interface Configuration page displays. 6.
PAGE 490
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 138. Service Interface Configuration information Field Description Direction The traffic direction (In, Out, or both In and Out) of the policy or policies on the service interface. Operational Status The operational status of this service interface (either Up or Down). The operational status is shown as Up if all of the following conditions are true: • The attached class is valid and includes at least one matching rule.
PAGE 491
AV Line of Fully Managed Switches M4250 Series Main User Manual 9. To select another outbound policy, from the Policy Out Name menu, select another policy name. 10. Click the Apply button. Your settings are saved. 11. To save the settings to the running configuration, click the Save icon. Remove one or both DiffServ policies from an interface To remove one or both DiffServ policies from an interface: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch.
PAGE 492
AV Line of Fully Managed Switches M4250 Series Main User Manual Display DiffServ service statistics You can display service-level statistical information about all interfaces to which DiffServ policies are attached. To display DiffServ service statistics: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4.
PAGE 493
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 139. DiffServ Service Statistics information (Continued) Field Description Policy Name The name of the DiffServ policies attached. Operational Status The operational status of the DIffServ policy attached. The operational status is shown as Up if all of the following conditions are true: • The attached class is valid and includes at least one matching rule. • The attached policy is valid and includes at least one attribute.
PAGE 494
7 Manage Switch Security The chapter covers the following topics: • • • • • • • • • • • • • • • • • • • • • • • • • User accounts and passwords RADIUS servers TACACS+ serversConfiguration TACACS Authentication lists Current login sessions HHTP and HTTPS management access SSH management access Telnet management access Console port management access Denial of service Management access profiles and rules Port authenticationport authentication MAC filters for traffic control Port security Private port groups P
PAGE 495
AV Line of Fully Managed Switches M4250 Series Main User Manual User accounts and passwords You can configure user accounts and login passwords. By default, two user accounts exist: • admin, with read and write (read/write) privileges • guest, with read-only privileges The account names are not case-sensitive. The first time that you log in as an admin user to the main UI, no password is required (that is, the password is blank).
PAGE 496
AV Line of Fully Managed Switches M4250 Series Main User Manual If you change the settings, you cannot change the user name. 7. If you are adding a new user account, In the User Name field, enter a name. You can enter a user name only when you are creating an account. User names are up to 64 characters in length and are not case-sensitive. Valid characters include all the alphanumeric characters as well as the hyphen (-) and underscore (_) characters. The user name default is not valid.
PAGE 497
AV Line of Fully Managed Switches M4250 Series Main User Manual To delete a user account: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required.
PAGE 498
AV Line of Fully Managed Switches M4250 Series Main User Manual The User Password Configuration page displays. 6. In the Password Minimum Length field, type the minimum character length for any new local user password. The default is eight characters. The range is from 0 to 64 characters. 7. In the Password Aging (days) field, type the maximum number of days during which a user password is valid, counted from the day that the password is defined.
PAGE 499
AV Line of Fully Managed Switches M4250 Series Main User Manual 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Security> Management Security > Enable Password. The Enable Password page displays. 6. In the Password field, type the password.
PAGE 500
AV Line of Fully Managed Switches M4250 Series Main User Manual 6. To change the console password, do the following: a. In the Console Password field, type the console password. The password can be a maximum of 64 alphanumeric characters. b. In the Confirm Console Password field, type the password again to confirm that you typed it correctly. 7. To change the Telnet password, do the following: a. In the Telnet Password field, type the Telnet password.
PAGE 501
AV Line of Fully Managed Switches M4250 Series Main User Manual If you configure multiple RADIUS servers, consider the maximum delay time when you specify the maximum number of retransmissions (that is, the value that you enter in the Max Number of Retransmits field in the following procedure) and the time-out period (that is, the value that you enter in the Timeout Duration field in the following procedure) for RADIUS: • For one RADIUS server, a retransmission does not occur until the configured time-out
PAGE 502
AV Line of Fully Managed Switches M4250 Series Main User Manual • None: The primary IP address of the originating (outbound) interface is used as the source address. • Routing interface: The primary IP address of a physical port is used as the source address. • Routing VLAN: The primary IP address of a VLAN routing interface is used as the source address. • Routing loopback interface: The primary IP address of a routing loopback interface is used as the source address.
PAGE 503
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 141. Radius configuration information Field Description Current Server Address The address of the current RADIUS server. This field is blank if no servers are configured. Number of Configured Authentication Servers The number of configured authentication RADIUS servers. The value can range from 0 to 32. Number of Configured Accounting Servers The number of RADIUS accounting servers configured. The value can range from 0 to 32.
PAGE 504
AV Line of Fully Managed Switches M4250 Series Main User Manual This name helps you to identify the RADIUS server. 8. In the Port field, specify the UDP port number that the server uses to verify the RADIUS server authentication. The range is from 1 to 65535. 9. From the Secret Configured menu, select Yes. You must select Yes before you can configure the RADIUS secret. After you add the RADIUS server, this field indicates whether the shared secret for this server was configured. 10.
PAGE 505
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 142. RADIUS authentication server statistics information Field Description Radius Server The address of the RADIUS server or the name of the RADIUS server for which the statistics are displayed. Round Trip Time The time interval, in hundredths of a second, between the most recent access-reply/access-challenge and the access-request that matched it from this RADIUS authentication server.
PAGE 506
AV Line of Fully Managed Switches M4250 Series Main User Manual 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Security > Management Security> RADIUS > Server Configuration. The Server Configuration page displays. 6.
PAGE 507
AV Line of Fully Managed Switches M4250 Series Main User Manual 9. To save the settings to the running configuration, click the Save icon. Configure a RADIUS accounting server You can display and configure various settings for a RADIUS accounting server on the network. Add a RADIUS accounting server to the switch To add a RADIUS accounting server to the switch and display or clear the RADIUS accounting server statistics: 1. Launch a web browser. 2.
PAGE 508
AV Line of Fully Managed Switches M4250 Series Main User Manual • Enable: All configured RADIUS accounting server are enabled. • Disable: All configured RADIUS accounting server are disabled. Note: Your selection from the Accounting Mode menu applies to all configured accounting servers, not only to the server that you are adding. 12. Click the Add button. The server is added to the switch. 13.
PAGE 509
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 143. RADIUS accounting server statistics information (Continued) Field Description Unknown Types The number of RADIUS packets of unknown type that were received from this server on the accounting port. Packets Dropped The number of RADIUS packets that were received from this server on the accounting port and dropped for some other reason.
PAGE 510
AV Line of Fully Managed Switches M4250 Series Main User Manual Remove a RADIUS accounting server from the switch To remove a RADIUS accounting server from the switch: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button.
PAGE 511
AV Line of Fully Managed Switches M4250 Series Main User Manual Configure the global TACACS+ settings You can configure the global TACACS+ settings for communication between the switch and a TACACS+ server. To configure the global TACACS+ settings: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4.
PAGE 512
AV Line of Fully Managed Switches M4250 Series Main User Manual • Service port: The management port source IP address is used as the source address. By default, VLAN 1 is used as source interface. 9. Click the Apply button. Your settings are saved. 10. To save the settings to the running configuration, click the Save icon. Add a TACACS+ server to the switch You can add up to five TACACS+ servers with which the switch can communicate. To add a TACACS+ server to the switch: 1. Launch a web browser. 2.
PAGE 513
AV Line of Fully Managed Switches M4250 Series Main User Manual The key can be from 0 to 128 characters. The key must match the key used on the TACACS+ server. 10. In the Connection Timeout field, specify the time that passes before the connection between the device and the TACACS+ server times out. The range is from 1 to 30 seconds. 11. Click the Add button. The server is added to the switch. 12. To save the settings to the running configuration, click the Save icon.
PAGE 514
AV Line of Fully Managed Switches M4250 Series Main User Manual Remove a TACACS+ server from the switch To remove a TACACS+ server from the switch: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required.
PAGE 515
AV Line of Fully Managed Switches M4250 Series Main User Manual • Telnet: For information about selecting an authentication list for Telnet access, see Telnet management access on page 539. • Console port: For information about selecting an authentication list for console port access, see Console port management access on page 542. Two default lists are present: defaultList and networkList. You cannot delete these lists.
PAGE 516
AV Line of Fully Managed Switches M4250 Series Main User Manual If you select a method that does not time out as the first method, such as Local, no other method is tried, even if you specified more than one method. User authentication occurs in the order that you select the methods: • Local: The user’s locally stored name and password are used for authentication.
PAGE 517
AV Line of Fully Managed Switches M4250 Series Main User Manual To delete a login authentication list: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required.
PAGE 518
AV Line of Fully Managed Switches M4250 Series Main User Manual All newly added users are also assigned to the enableList until you specifically select a different list. To configure an enable authentication list: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4.
PAGE 519
AV Line of Fully Managed Switches M4250 Series Main User Manual If a previous method times out, the next method is used. For example, the authentication method that you select in the 2 column is tried after the authentication method that select in the 1 column in the previous step. Similarly, the authentication method that you select in the 3 column is tried after the authentication method that you select in the 2 column, and so on.
PAGE 520
AV Line of Fully Managed Switches M4250 Series Main User Manual 6. Select the check box that is associated with the list. 7. Click the Delete button. Your settings are saved. The list is removed. Configure the Dot1x authentication list You can configure the dot1x authentication list, which specifies the authentication methods to validate port access for users associated with the dot1x list. Only a single dot1x list exists. For that list, you can select a single access method only.
PAGE 521
AV Line of Fully Managed Switches M4250 Series Main User Manual 9. To save the settings to the running configuration, click the Save icon. Configure the HTTP authentication list You can configure the HTTP authentication list, which specifies the authentication methods to validate switch or port access through HTTP, for example, through a web browser session. Only a single HTTP authentication list exists, which, by default, uses local authentication. To configure the HTTP authentication list: 1.
PAGE 522
AV Line of Fully Managed Switches M4250 Series Main User Manual 8. From the menus in the 2, 3, and 4 columns, select the authentication methods, if any, that must be used in the selected authentication login list. If a previous method times out, the next method is used. For example, the authentication method that you select in the 2 column is tried after the authentication method that select in the 1 column in the previous step.
PAGE 523
AV Line of Fully Managed Switches M4250 Series Main User Manual If you select a method that does not time out as the first method, such as Local, no other method is tried, even if you specified more than one method. User authentication occurs in the order that you select the methods: • Local: The user’s locally stored name and password are used for authentication.
PAGE 524
AV Line of Fully Managed Switches M4250 Series Main User Manual The System Information page displays. 5. Select Security > Management Security > Login Sessions. The Login Sessions page displays. The following table describes the fields that are shown in the table. Table 144. Login Sessions Field Description ID Identifies the ID of this row. User Name The user's name whose session is open. Connection From The machine from which the user is connected. Idle Time The idle session time.
PAGE 525
AV Line of Fully Managed Switches M4250 Series Main User Manual The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Security > Access > HTTP > HTTP Configuration. The HTTP Configuration page displays. 6. Select the HTTP Access Disable or Enable radio button: • Disable: You cannot access the switch device UI from an HTTP session over a web browser.
PAGE 526
AV Line of Fully Managed Switches M4250 Series Main User Manual Configure the HTTPS access settings Secure HTTP (HTTPS) enables the transmission of HTTP over an encrypted Secure Sockets Layer (SSL) or Transport Layer Security (TLS) connection. When you manage the switch over the device UI, HTTPS can help ensure that communication between the management system and the switch is protected from eavesdroppers and man-in-the-middle attacks. To configure the HTTPS access settings: 1. Launch a web browser. 2.
PAGE 527
AV Line of Fully Managed Switches M4250 Series Main User Manual The value must be in the range from 0 to 60 minutes. The default value is 5 minutes. After the session is inactive and times out, you are automatically logged out and must reenter the password to access the device UI. A value of zero means that the session does not time out. 9. In the HTTP Session Hard Timeout (Hours) field, specify the hard time-out for HTTP sessions. This time-out is unaffected by the activity level of the session.
PAGE 528
AV Line of Fully Managed Switches M4250 Series Main User Manual • Mozilla Firefox: If Mozilla Firefox displays a Your connection is not secure message, click the ADVANCED button. Then, click the Add Exception button. In the pop-up window that displays, click the Confirm Security Exception button. • Microsoft Internet Explorer: If Microsoft Internet Explorer displays a There is a problem with this website’s security certificate message, click the Continue to this website (not recommended).
PAGE 529
AV Line of Fully Managed Switches M4250 Series Main User Manual Note: A certificate that you transfer (upload) to the switch is assigned number 1. The Certificate Present field displays if the selected certificate is present on the switch. The Certificate Expire field displays if the selected certificate is expired. The Certificate Status section displays the following for all certificates on the switch: • Active Certificate: The active certificates on the switch. If HTTPS is disabled, None is displayed.
PAGE 530
AV Line of Fully Managed Switches M4250 Series Main User Manual The switch generates an SSL certificate. The Certificate Generation Status field shows that the switch is in the process of generating a certificate. 9. Click the Refresh button. The Certificate Present field shows Yes, indicating that the certificate is present. 10. To save the settings to the running configuration, click the Save icon.
PAGE 531
AV Line of Fully Managed Switches M4250 Series Main User Manual Delete an SSL certificate Note: Before you can delete a certificate, you must disable HTTPS (see Configure the HTTPS access settings on page 526) and log back in to the device UI over an HTTP session. After you delete the certificate, you can reenable HTTPS and log back in to the device UI over an HTTPS session. To delete an SSL certificate: 1. Launch a web browser. 2.
PAGE 532
AV Line of Fully Managed Switches M4250 Series Main User Manual Before you transfer a file from a server to the switch, the following conditions must be true: • The file that you transfer from a server is on the server in the appropriate directory. • The file is in the correct format. • The switch contains a path to the server.
PAGE 533
AV Line of Fully Managed Switches M4250 Series Main User Manual • SFTP: Secure File Transfer Protocol • SCP: Secure Copy Protocol 8. From the Server Address Type menu, select IPv4, IPv6, or DNS to indicate the format for the TFTP Server IP field. The default is IPv4. 9. In the Server Address field, specify the address or host name of the server. The address can be an IP address in the standard IPv4 or IPv6 address format or a host name. The host name must start with a letter of the alphabet. 10.
PAGE 534
AV Line of Fully Managed Switches M4250 Series Main User Manual Configure the global SSH access settings You can configure the global SSH access settings. To configure SSH settings: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button.
PAGE 535
AV Line of Fully Managed Switches M4250 Series Main User Manual This list is used to authenticate users who try to get privileged EXEC access. The default list is enableList. For more information about enable authentication lists, see Configure an enable authentication list on page 517. 11. In the SSH Port field, specify the port for SSH access. The range is from range from 1 to 65535. The default port number is 22. 12. Click the Apply button. Your settings are saved. 13.
PAGE 536
AV Line of Fully Managed Switches M4250 Series Main User Manual The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Security > Access > SSH > Host Keys Management. The Host Keys Management page displays.
PAGE 537
AV Line of Fully Managed Switches M4250 Series Main User Manual To delete an RSA or DSA key: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required.
PAGE 538
AV Line of Fully Managed Switches M4250 Series Main User Manual To transfer SSH keys to the switch: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required.
PAGE 539
AV Line of Fully Managed Switches M4250 Series Main User Manual You can enter up to 32 characters. The default is blank. 12. Select the Start File Transfer check box. 13. Click the Apply button. The file transfer starts. A status message displays during the transfer and upon successful completion of the transfer. 14. To save the settings to the running configuration, click the Save icon. Telnet management access You can configure Telnet authentication lists and manage outbound and inbound Telnet.
PAGE 540
AV Line of Fully Managed Switches M4250 Series Main User Manual 6. From the Login Authentication List menu, select which login authentication list must be used to establish a Telnet session. The default is networkList. 7. From the Enable Authentication List menu, select which enable authentication list must be used to access the privileged EXEC mode in an established Telnet session. The default is enableList. 8. Click the Apply button. Your settings are saved. 9.
PAGE 541
AV Line of Fully Managed Switches M4250 Series Main User Manual 6. In the Inbound Telnet section, configure the following settings: a. Select the Telnet Server Admin Mode Disable or Enable radio button. This selection specifies if the switch accepts any inbound Telnet sessions. By default, the Enable radio button is selected. b. Next to Allow new telnet sessions, select the Disable or Enable radio button.
PAGE 542
AV Line of Fully Managed Switches M4250 Series Main User Manual 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Security > Access > Telnet. The Telnet page displays. 6. In the Outbound Telnet section, configure the following settings: a.
PAGE 543
AV Line of Fully Managed Switches M4250 Series Main User Manual The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Security > Access > Console Port. The Console Port page displays. 6.
PAGE 544
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 147. Console port information Field Description Character Size (bits) The number of bits in a character. This setting is always 8. Flow Control Shows if hardware flow control is enabled or disabled. This setting is always disabled. Stop Bits The number of stop bits per character. This setting is always 1. Parity The parity method used on the console port. This setting is always None.
PAGE 545
AV Line of Fully Managed Switches M4250 Series Main User Manual • Denial of Service ICMPv4: Enabling ICMPv4 DoS prevention causes the switch to drop ICMPv4 packets with a type set to ECHO_REQ (ping) and a size greater than the configured ICMPv4 packet size. By default, this option is disabled. • Denial of Service Max ICMPv4 Packet Size: Specify the maximum ICMPv4 packet size allowed. If ICMPv4 DoS prevention is enabled, the switch drops ICMPv4 ping packets with a size greater than the configured value.
PAGE 546
AV Line of Fully Managed Switches M4250 Series Main User Manual • Denial of Service TCP SYN: Enabling TCP SYN DoS prevention causes the switch to drop packets with the TCP flag SYN set. By default, this option is disabled. • Denial of Service TCP SYN&FIN: Enabling TCP SYN & FIN DoS prevention causes the switch to drop packets with TCP flags SYN and FIN set. By default, this option is disabled.
PAGE 547
AV Line of Fully Managed Switches M4250 Series Main User Manual The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Security > Access > Access Control > Access Profile Configuration. The Access Profile Configuration page displays. 6. In the Access Profile Name field, enter the name of the access profile to be added. The maximum length is 32 characters. 7.
PAGE 548
AV Line of Fully Managed Switches M4250 Series Main User Manual 5. Select Security > Access > Access Control > Access Rule Configuration. The Access Rule Configuration page displays. 6. From the Rule Type menu, select Permit or Deny to permit or deny access when the selected rules are matched. A Permit rule allows access from a device that matches the rule criteria. A Deny rule blocks a device that matches the rule criteria. 7.
PAGE 549
AV Line of Fully Managed Switches M4250 Series Main User Manual The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5.
PAGE 550
AV Line of Fully Managed Switches M4250 Series Main User Manual The Access Profile Configuration page displays. The Packets Filtered field displays the number of packets filtered. 6. To refresh the page with the latest information about the switch, click the Refresh button. The following table describes the nonconfigurable data that is displayed. Table 148. Access profile configuration profile summary Field Description Rule Type The action performed when the rules match.
PAGE 551
AV Line of Fully Managed Switches M4250 Series Main User Manual 6. Select the Deactivate Profile check box. 7. Click the Apply button. Your settings are saved and the access profile is now deactivated. 8. To save the settings to the running configuration, click the Save icon. Remove an access profile You can remove an access profile that you no longer need. Before you can remove the access profile, you must deactivate it (see Deactivate an access profile on page 550). To remove an access profile: 1.
PAGE 552
AV Line of Fully Managed Switches M4250 Series Main User Manual to attempt authentication on a port in this mode. Ports in this mode are under bidirectional control. 802.1X is the default authentication mode. 802.1X is also referred to as dot1x. Note: For port authentication, if we refer to a port, it means the same as a physical interface. An 802.1X network includes three components: • Authenticator: The port that is authenticated before access to system services is permitted.
PAGE 553
AV Line of Fully Managed Switches M4250 Series Main User Manual 5. Select Security > Port Authentication > Basic > 802.1X Configuration. The 802.1X Configuration page displays. 6. Select the Dot1x Admin Mode Disable or Enable radio button: • Enabled: 802.1X port-based authentication is globally enabled on the switch. • Disabled: 802.1X port-based authentication is globally disabled on the switch. This is the default setting. The switch does not check for 802.
PAGE 554
AV Line of Fully Managed Switches M4250 Series Main User Manual If enabled, this option lets the switch monitor the dot1x authentication process and can help you to diagnose authentication failures, if they occur. The default is Disable. 12. From the Users menu, select the user name to which the login list that you can select in the next step must apply. If 802.1X is enabled, the default dot1xList applies for authentication, as displayed in the Authentication List field.
PAGE 555
AV Line of Fully Managed Switches M4250 Series Main User Manual 5. Select Security > Port Authentication > Advanced > Port Authentication. The previous figure shows part of the page only. 6. Select one or more interfaces by taking one of the following actions: • To configure a single interface, select the check box associated with the interface, or type the interface number in the Go To Interface field and click the Go button.
PAGE 556
AV Line of Fully Managed Switches M4250 Series Main User Manual • Multi-Domain: One data client and one voice client can be authenticated on the port. After authentication succeeds, the data and voice clients are granted access. As an example, use this option when an IP phone is connected to a NAS port and a laptop is connected to the hub port of the IP phone. Both devices must be authenticated to access the network services behind the NAS. The voice and data domains are segregated.
PAGE 557
AV Line of Fully Managed Switches M4250 Series Main User Manual 11. In the Quiet Period field, enter the period in seconds during which the interface does not attempt to acquire a supplicant after an earlier authentication exchange failed. Enter a value in the range from 0 to 65535. A quiet period of 0 means that the interface does not acquire a supplicant at all. The default is 60 seconds. 12.
PAGE 558
AV Line of Fully Managed Switches M4250 Series Main User Manual 21. If you enable the periodic reauthentication option, in the Reauthentication Period field, enter the period in seconds after which the supplicant must be reauthenticated. Enter a value in the range from 0 to 65535. The default is 3600 seconds. 22. From the User Privileges menu, select admin or guest to limit the type of users that can be granted access. By default, both admin and guest users can be granted access. 23.
PAGE 559
AV Line of Fully Managed Switches M4250 Series Main User Manual 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Security > Port Authentication > Advanced > Port Authentication. The Port Authentication page displays. 6.
PAGE 560
AV Line of Fully Managed Switches M4250 Series Main User Manual 5. Select Security > Port Authentication > Advanced > Port Summary. The Port Summary page displays. 6. To refresh the page, click the Refresh button. The following table describes the nonconfigurable fields on the page. Table 149. Port summary information Field Description Port The port for which settings are displayed.
PAGE 561
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 149. Port summary information (Continued) Field Description PAE Capabilities The port access entity (PAE) functionality, which is either Authenticator or Supplicant. Authenticator PAE State The state of the authenticator PAE: • Initialize • Authenticating • Authenticated • Held • Unauthenticated Key Transmission Enabled Indicates if key transmission is enabled. If the value is False, key transmission does not occur.
PAGE 562
AV Line of Fully Managed Switches M4250 Series Main User Manual 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Security > Port Authentication > Advanced > Client Summary. The Client Summary page displays. 6. To refresh the page, click the Refresh button.
PAGE 563
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 150. Client summary information (Continued) Field Description Termination Action The termination action enforced by the RADIUS server for the supplicant device. Time left for Session The time left before the session is terminated for the reason that is displayed in Termination Action the Termination Action field.
PAGE 564
AV Line of Fully Managed Switches M4250 Series Main User Manual 5. Select Security > Traffic Control > MAC Filter. The previous figure shows the page for a 12-port model. 6. From the MAC Filter menu, select Create Filter. If you did not configure any filters, this is the only option available. 7. From the VLAN ID menu, select the VLAN that must be used with the MAC address. 8. In the MAC Address field, specify the MAC address of the filter in the format XX:XX:XX:XX:XX:XX.
PAGE 565
AV Line of Fully Managed Switches M4250 Series Main User Manual If a packet with the MAC address and VLAN ID that you specify is received on a port that is not part of the inbound filter, the packet is dropped. 10. In the Port and LAG tables in the Destination Port Members section, select the ports and LAGs that must be included in the outbound filter. A packet with the MAC address and VLAN ID that you specify can be transmitted only from a port that is part of the outbound filter.
PAGE 566
AV Line of Fully Managed Switches M4250 Series Main User Manual Display the MAC filter summary You can display the MAC filters that are configured on the switch. To display the MAC filter summary: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button.
PAGE 567
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 151. MAC filter summary information (Continued) Field Description Source Port Members The ports to be used for filtering inbound packets. Destination Port Members The ports to be used for filtering outbound packets. Port security Port security lets you lock one or more ports on the switch. When a port is locked, the port can only forward packets with a source MAC addresses that you specifically allowed.
PAGE 568
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 152. Port security violations information Field Description Port The interface. Last Violation MAC The source MAC address of the last packet that was discarded on a locked port. VLAN ID The VLAN ID corresponding to the last MAC address violation. Configure a port security interface A MAC address can be defined as allowable by one of two methods: dynamically or statically. Both methods are used concurrently when a port is locked.
PAGE 569
AV Line of Fully Managed Switches M4250 Series Main User Manual 6. Select whether to display physical interfaces, LAGs, or both by clicking one of the following links above the table heading: • 1: Only physical interfaces are displayed. This is the default setting. • LAG: Only LAGs are displayed. • All: Both physical interfaces and LAGs are displayed. 7.
PAGE 570
AV Line of Fully Managed Switches M4250 Series Main User Manual To display learned MAC addresses for an individual interface or LAG and convert these MAC addresses to static MAC addresses: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button.
PAGE 571
AV Line of Fully Managed Switches M4250 Series Main User Manual Add a static MAC address to the MAC address table for port security Static MAC address entries are the ones that you manually add to the MAC address table for port security for a specific interface and VLAN. To add a static MAC address to the MAC address table for port security: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button.
PAGE 572
AV Line of Fully Managed Switches M4250 Series Main User Manual The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5.
PAGE 573
AV Line of Fully Managed Switches M4250 Series Main User Manual 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5.
PAGE 574
AV Line of Fully Managed Switches M4250 Series Main User Manual The System Information page displays. 5. Select Security > Traffic Control > Private Group > Private Group Configuration. The Private Group Configuration page displays. 6. Select the check box next to the private group. 7. Click the Delete button. The private group is removed. 8. To save the settings to the running configuration, click the Save icon.
PAGE 575
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 153. Private group membership information Field Description Group Name The name of the private group. Group Mode The mode of the private group (Community or Isolated). Protect ports If a port is configured as protected, it does not forward traffic to any other protected port on the switch, but it does forward traffic to unprotected ports. You can configure ports as protected or unprotected. To configure protected ports: 1.
PAGE 576
AV Line of Fully Managed Switches M4250 Series Main User Manual 8. In the Ports table, select the ports that must be protected ports and members of the protected port group. By default, all ports are unprotected. 9. Click the Apply button. Your settings are saved. 10. To save the settings to the running configuration, click the Save icon. Private VLANs A private VLAN separates a regular VLAN domain into two or more subdomains.
PAGE 577
AV Line of Fully Managed Switches M4250 Series Main User Manual • Community port: The port is a host port that is a member of a community VLAN (a secondary VLAN within the private VLAN) and that can communicate with other community ports and promiscuous ports. • Isolated port: The port is a host port that is a member of an isolated VLAN (a secondary VLAN within the private VLAN) and that can communicate with promiscuous ports only.
PAGE 578
AV Line of Fully Managed Switches M4250 Series Main User Manual 5. Private VLAN promiscuous interface: Assign the interface to primary and secondary VLANs on page 586. For a port that you configured to function in promiscuous mode, configure a single primary VLAN and one or more secondary VLANs. 6. Private VLAN promiscuous trunk interface: Add primary and secondary VLANs to the trunk on page 589.
PAGE 579
AV Line of Fully Managed Switches M4250 Series Main User Manual The Private VLAN Type Configuration page displays. 6. Select the check box for the VLAN. 7. From the Private VLAN Type menu, select the type of private VLAN: • Unconfigured: The VLAN is not a private VLAN but a regular VLAN. This the default setting. • Primary: The VLAN is a primary VLAN that forwards traffic from promiscuous ports to isolated ports, community ports, and other promiscuous ports in the same private VLAN.
PAGE 580
AV Line of Fully Managed Switches M4250 Series Main User Manual 5. Select Security > Traffic Control > Private VLAN > Private VLAN Association Configuration. The Private VLAN Association Configuration page displays. 6. If you are changing an existing private VLAN association, select the check box for the private VLAN association. 7. Form the Primary VLAN menu, select the primary VLAN ID for the private VLAN. This selection specifies the primary VLAN within the private VLAN.
PAGE 581
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 154. Private VLAN Association Field Description Isolated VLAN The single isolated VLAN associated with the selected primary VLAN. Community VLAN(s) The list of community VLANs associated with the selected primary VLAN. Remove an existing private VLAN association You can remove a private VLAN association that you no longer need. To remove a private VLAN association: 1. Launch a web browser. 2.
PAGE 582
AV Line of Fully Managed Switches M4250 Series Main User Manual The private plan port mode determines if a port (or LAG) can function in Host mode for a primary or secondary VLAN (within a private VLAN) or in Promiscuous mode for a promiscuous VLAN (within a private VLAN). You can also configure a port (or LAG) to function as a promiscuous trunk for an uplink to a router or as an isolated trunk for a downlink to multiple devices.
PAGE 583
AV Line of Fully Managed Switches M4250 Series Main User Manual To configure a promiscuous port to be a member of specific VLANs, see Private VLAN promiscuous interface: Assign the interface to primary and secondary VLANs on page 586. • Promiscuous trunk port: The port functions in promiscuous trunk mode as both an uplink trunk port (for example, it can connect a router) and a promiscuous port that can be a member of multiple primary VLANs (within the private VLAN) as well as regular VLANs.
PAGE 584
AV Line of Fully Managed Switches M4250 Series Main User Manual 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Security > Traffic Control > Private VLAN > Private VLAN Host Interface Configuration. The Private VLAN Host Interface Configuration page displays.
PAGE 585
AV Line of Fully Managed Switches M4250 Series Main User Manual Private VLAN host interface: Remove the interface from primary and secondary VLANs You can remove a private VLAN host interface from primary and secondary VLANs. To remove a private VLAN host interface from primary and secondary VLANs: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab.
PAGE 586
AV Line of Fully Managed Switches M4250 Series Main User Manual 9. To save the settings to the running configuration, click the Save icon. Private VLAN promiscuous interface: Assign the interface to primary and secondary VLANs If you configure the private VLAN port mode of an interface as Promiscuous (see Configure the private VLAN port mode on page 581), you can assign the interface to a single primary VLAN and to one or more secondary VLANs.
PAGE 587
AV Line of Fully Managed Switches M4250 Series Main User Manual The interface that you select must be configured in Promiscuous mode (see Configure the private VLAN port mode on page 581). 8. In the Promiscuous Primary VLAN field, specify a primary VLAN ID. You can select a VLAN for which you configured the type as Primary (see Assign a private VLAN type to a VLAN on page 578). 9. In the Promiscuous Secondary VLAN IDs field, specify one or more secondary VLAN IDs.
PAGE 588
AV Line of Fully Managed Switches M4250 Series Main User Manual The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5.
PAGE 589
AV Line of Fully Managed Switches M4250 Series Main User Manual Private VLAN promiscuous trunk interface: Add primary and secondary VLANs to the trunk If you configure the private VLAN port mode of an interface as Promiscuous Trunk (see Configure the private VLAN port mode on page 581), you can add multiple VLAN configurations to the trunk. Each VLAN configuration consists of single primary VLAN and one or more secondary VLANs.
PAGE 590
AV Line of Fully Managed Switches M4250 Series Main User Manual You can specify a single VLAN ID, a range of VLAN IDs, or a combination of both in sequence separated by a comma (,): • You can specify individual VLAN ID, such as 10. • You can specify the VLAN range values separated by a hyphen, for example, 10-13. • You can specify the combination of both separated by commas, for example: 12,15,40–43,1000–1005, 2000.
PAGE 591
AV Line of Fully Managed Switches M4250 Series Main User Manual 5. Select Security > Traffic Control > Private VLAN > Private VLAN Promiscuous Trunk Interface Configuration. The Private VLAN Promiscuous Trunk Interface Configuration page displays. 6. From the Interface menu, select an interface or LAG for which you configured the VLAN port mode as Promiscuous Trunk mode. For more information about port VLAN modes, see Configure the private VLAN port mode on page 581. 7.
PAGE 592
AV Line of Fully Managed Switches M4250 Series Main User Manual The Private VLAN Isolated Trunk Interface Configuration page displays. 6. From the Interface menu, select an interface or LAG for which you configured the VLAN port mode as Isolated Trunk mode. For more information about port VLAN modes, see Configure the private VLAN port mode on page 581. 7. In the Isolated Trunk Primary VLAN field, specify a primary VLAN ID.
PAGE 593
AV Line of Fully Managed Switches M4250 Series Main User Manual To remove primary and secondary VLANs from a private VLAN isolated trunk interface: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required.
PAGE 594
AV Line of Fully Managed Switches M4250 Series Main User Manual If you do not specify a native VLAN on the private trunk interface, all untagged packets are dropped from the private VLAN trunk interface. To configure native and allowed VLANs on a private VLAN trunk interface: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4.
PAGE 595
AV Line of Fully Managed Switches M4250 Series Main User Manual 9. In the Trunk Allowed VLAN field, specify one or more VLAN IDs for private VLAN configurations that consists of primary VLAN and secondary VLANs. You can specify VLANs for which you configured the type as Promiscuous, Isolated, or Community within a private VLAN (see Assign a private VLAN type to a VLAN on page 578).
PAGE 596
AV Line of Fully Managed Switches M4250 Series Main User Manual To configure global storm control settings: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required.
PAGE 597
AV Line of Fully Managed Switches M4250 Series Main User Manual Your settings are saved. 8. To save the settings to the running configuration, click the Save icon. Configure storm control settings for one or more ports You can specify storm control settings for one or more ports. To configure storm control settings for one or more ports: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button.
PAGE 598
AV Line of Fully Managed Switches M4250 Series Main User Manual • Recovery Level Type: Specify the recovery level in the Recovery Level field as a percentage of the port link speed or as packets per second: • Percent: The recovery level is expressed as a percentage of link speed. • pps: The recovery level is expressed as a packets per second (pps). • Recovery Level: Specify the threshold at which broadcast storm control is activated.
PAGE 599
AV Line of Fully Managed Switches M4250 Series Main User Manual • Recovery Mode: Enable of disable this option for unicast traffic: • Enable: If unicast traffic exceeds the configured threshold, the port discards the unicast traffic. The default is Enable. • Disable: If unicast traffic exceeds the configured threshold, unicast is not discarded.
PAGE 600
AV Line of Fully Managed Switches M4250 Series Main User Manual Enable DHCP snooping for the switch You can globally enable DHCP snooping for the switch. To globally enable DHCP snooping for the switch: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button.
PAGE 601
AV Line of Fully Managed Switches M4250 Series Main User Manual 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Security > Control > DHCP Snooping > Global Configuration.
PAGE 602
AV Line of Fully Managed Switches M4250 Series Main User Manual The Interface Configuration page displays. 6. Select whether to display physical interfaces, LAGs, or both by clicking one of the following links above the table heading: • 1 (the unit ID of the switch): Only physical interfaces are displayed. This is the default setting. • LAG: Only LAGs are displayed. • All: Both physical interfaces and LAGs are displayed. 7.
PAGE 603
AV Line of Fully Managed Switches M4250 Series Main User Manual 11. In the Burst Interval (secs) field, specify the burst interval in seconds for rate limiting on the interface. If the rate limit is N/A, the burst interval is not applicable. 12. Click the Apply button. Your settings are saved. 13. To save the settings to the running configuration, click the Save icon.
PAGE 604
AV Line of Fully Managed Switches M4250 Series Main User Manual The Dynamic Binding Configuration table shows information about the DHCP bindings that were learned on each interface on which DHCP snooping is enabled. The following table describes the dynamic binding information. Field Description Interface The interface on which the DHCP client message was received. MAC Address The MAC address associated with the DHCP client that sent the message. This is the key to the binding database.
PAGE 605
AV Line of Fully Managed Switches M4250 Series Main User Manual 7. Click the Delete button. The DHCP snooping binding entry is removed from the database. 8. To save the settings to the running configuration, click the Save icon. Configure DHCP snooping persistent settings You can configure the persistent location of the DHCP snooping bindings database. The bindings database can be stored locally on the switch or on a remote device in the network.
PAGE 606
AV Line of Fully Managed Switches M4250 Series Main User Manual The delay allows the switch to collect as many entries as possible (new and removed) before writing them to the persistent file. You can specify from 15 to 86400 seconds. By default, the delay is 300 seconds. 8. Click the Apply button. Your settings are saved. 9. To save the settings to the running configuration, click the Save icon.
PAGE 607
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 155. DHCP Snooping Statistics information Field Description MAC Verify Failures The number of DHCP messages that were dropped because the source MAC address and client hardware address did not match. MAC address verification is performed only if it is globally enabled.
PAGE 608
AV Line of Fully Managed Switches M4250 Series Main User Manual The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Security > Control > DHCPv6 Snooping > Global Configuration. The Global Configuration page displays. 6. Select the DHCPv6 Snooping Mode Enable radio button. The default is Disable. 7.
PAGE 609
AV Line of Fully Managed Switches M4250 Series Main User Manual 6. Select the check box for the VLAN. 7. From the DHCPv6 Snooping Mode menu, select Enable. 8. Click the Apply button. Your settings are saved. 9. To save the settings to the running configuration, click the Save icon. Configure DHCPv6 snooping interface settings You can display and configure each port as a trusted or untrusted port. Any DHCPv6 responses received on a trusted port are forwarded.
PAGE 610
AV Line of Fully Managed Switches M4250 Series Main User Manual • To configure multiple interfaces with the same settings, select the check box associated with each interface. • To configure all interfaces with the same settings, select the check box in the heading row. 8. From the Trust Mode menu, select the trust mode: • Disabled. The interface is considered to be untrusted and could potentially be used to launch a network attack. DHCPv6 server messages are checked against the bindings database.
PAGE 611
AV Line of Fully Managed Switches M4250 Series Main User Manual Add a static DHCPv6 binding and display dynamic DHCPv6 bindings You can add a static binding in the DHCPv6 snooping bindings database and display or clear the dynamic bindings in the bindings table. To add a static DHCPv6 binding and display or clear the dynamic bindings: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button.
PAGE 612
AV Line of Fully Managed Switches M4250 Series Main User Manual (Continued) Field Description VLAN ID The VLAN ID of the client interface. IPv6 Address The IPv6 address assigned to the client by the DHCPv6 server. Lease Time The remaining IP address lease time for the client. 11. To save the settings to the running configuration, click the Save icon. 12. To clear all dynamic bindings from the Dynamic Binding Configuration table, click the Clear button. 13.
PAGE 613
AV Line of Fully Managed Switches M4250 Series Main User Manual Configure DHCPv6 snooping persistent settings You can configure the persistent location of the DHCPv6 snooping bindings database. The bindings database can be stored locally on the switch or on a remote device in the network. The switch must be able to reach the IP address of the remote device to send bindings to a remote database. To configure DHCPv6 snooping persistent settings: 1. Launch a web browser. 2.
PAGE 614
AV Line of Fully Managed Switches M4250 Series Main User Manual 9. To save the settings to the running configuration, click the Save icon. Display or clear DHCPv6 snooping statistics You can display and clear per-interface statistics about the DHCPv6 messages filtered by the DHCPv6 snooping feature on untrusted interfaces. To display or clear the DHCPv6 snooping statistics: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3.
PAGE 615
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 156. DHCPv6 Snooping Statistics information Field Description MAC Verify Failures The number of DHCPv6 messages that were dropped because the source MAC address and client hardware address did not match. MAC address verification is performed only if it is globally enabled.
PAGE 616
AV Line of Fully Managed Switches M4250 Series Main User Manual 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Security > Control > IP Source Guard > Interface Configuration. The Interface Configuration page displays. 6.
PAGE 617
AV Line of Fully Managed Switches M4250 Series Main User Manual 10. Click the Apply button. Your settings are saved. 11. To save the settings to the running configuration, click the Save icon. Add a static IP source guard binding and display dynamic IP source guard bindings You can add a static binding in the IP source guard (IPSG) bindings database and display or clear the dynamic bindings in the bindings table. To add a static IPSG binding and display or clear the dynamic bindings: 1.
PAGE 618
AV Line of Fully Managed Switches M4250 Series Main User Manual The Dynamic Binding Configuration table shows information about the IPSG bindings that were learned on each interface on which IPSG is enabled. The following table describes the dynamic binding information. Field Description Interface The interface on which the IPSG source binding was learned. MAC Address The MAC address associated with the IPSG source device. This is the key to the binding database.
PAGE 619
AV Line of Fully Managed Switches M4250 Series Main User Manual The Binding Configuration page displays. 6. In the Static Binding Configuration table, select the check box for the static binding. 7. Click the Delete button. The IPSG binding entry is removed from the database. 8. To save the settings to the running configuration, click the Save icon. IPv6 source guard interfaces You can configure IPv6 source guard (IPv6SG) on individual interfaces.
PAGE 620
AV Line of Fully Managed Switches M4250 Series Main User Manual The System Information page displays. 5. Select Security > Control > IPv6 Source Guard > Interface Configuration. The Interface Configuration page displays. 6. Select whether to display physical interfaces, LAGs, or both by clicking one of the following links above the table heading: • 1 (the unit ID of the switch): Only physical interfaces are displayed. This is the default setting. • LAG: Only LAGs are displayed.
PAGE 621
AV Line of Fully Managed Switches M4250 Series Main User Manual 11. To save the settings to the running configuration, click the Save icon. Add a static IPv6 source guard binding and display dynamic IPv6 source guard bindings You can add a static binding in the IPv6 source guard (IPv6SG) bindings database and display or clear the dynamic bindings in the bindings table. To add a static IPv6SG binding and display or clear the dynamic bindings: 1. Launch a web browser. 2.
PAGE 622
AV Line of Fully Managed Switches M4250 Series Main User Manual Field Description Interface The interface on which the IPv6SG source binding was learned. MAC Address The MAC address associated with the IPv6SG source device. This is the key to the binding database. VLAN ID The VLAN ID for the interface of the IPv6SG source device. IPv6 Address The IPv6 address of the IPv6SG source device. Filter Type The filter type used on the switch interface.
PAGE 623
AV Line of Fully Managed Switches M4250 Series Main User Manual The IPv6SG binding entry is removed from the database. 8. To save the settings to the running configuration, click the Save icon. Dynamic ARP inspection Dynamic ARP inspection (DAI) is a security feature that rejects invalid and malicious ARP packets. The feature prevents a class of man-in-the-middle attacks, where an unfriendly station intercepts traffic for other stations by poisoning the ARP caches of its unsuspecting neighbors.
PAGE 624
AV Line of Fully Managed Switches M4250 Series Main User Manual 5. Select Security > Control > Dynamic ARP Inspection > DAI Configuration. The DAI Configuration page displays. 6. Select the Validate Source MAC Disable or Enable radio button. This settings specifies the DAI source MAC validation mode for the switch. If you select Enable, the sender MAC validation for the ARP packets is enabled. The default is Disable. 7.
PAGE 625
AV Line of Fully Managed Switches M4250 Series Main User Manual The table lists the VLANs. 6. Select the check box for the VLAN. 7. From the Admin Mode menu, select Enable or Disable to specify if DAI is enabled for the VLAN. The default is Disable. 8. From the Invalid Packets menu, select Enable or Disable to specify if DAI logging is enabled for the VLAN. The default is Enable. 9. In the ARP ACL Name field, specify a name of an existing ARP ACL (see Create a DAI access control list on page 627).
PAGE 626
AV Line of Fully Managed Switches M4250 Series Main User Manual The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Security > Control > Dynamic ARP Inspection > DAI Interface Configuration. The DAI Interface Configuration page displays. 6.
PAGE 627
AV Line of Fully Managed Switches M4250 Series Main User Manual Create a DAI access control list You can create a dynamic ARP inspection (DAI) access control list (ACL) to which you then can add rules. To create a DAI ACL: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4.
PAGE 628
AV Line of Fully Managed Switches M4250 Series Main User Manual 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Click the Go button. The System Information page displays. 6. Select Security > Control > Dynamic ARP Inspection > DAI ACL Rule Configuration.
PAGE 629
AV Line of Fully Managed Switches M4250 Series Main User Manual 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Security > Control > Dynamic ARP Inspection > DAI ACL Rule Configuration. The DAI ACL Rule Configuration page displays. 6.
PAGE 630
AV Line of Fully Managed Switches M4250 Series Main User Manual The DAI ACL is removed. 8. To save the settings to the running configuration, click the Save icon. Display the DAI statistics To display the DAI statistics: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4.
PAGE 631
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 157. DAI Statistics information (Continued) Field Description ACL Permits The number of ARP packets that were permitted by DAI because a matching ARP ACL rule exists for the VLAN. Bad Source MAC The number of ARP packets that were dropped by DAI because the sender MAC address in the ARP packets did not match the source MAC address in the Ethernet header.
PAGE 632
AV Line of Fully Managed Switches M4250 Series Main User Manual The captive portal feature is not supported for VLAN interfaces, loopback interfaces, and logical interfaces. The captive portal feature uses MAC-address based authentication and not port-based authentication. This means that all clients connected to the captive portal interface must be authenticated before they can get access to the network.
PAGE 633
AV Line of Fully Managed Switches M4250 Series Main User Manual 9. In the Authentication Timeout field, enter the number of seconds that an authentication session remains open while a client attempts to access the network through a captive portal. To access the network through a captive portal, the client must first enter authentication information on an authentication web page. When the time-out expires, the switch disconnects any active TCP or SSL connection with the client.
PAGE 634
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 158. Captive portal global configuration information (Continued) Field Description Configured Local Users The number of local users that are configured on the switch. Authenticated Users The number of users that are authenticated for all captive portal on the switch. Configure a captive portal By default, the switch provides one default captive portal. You can change the settings for the default captive portal.
PAGE 635
AV Line of Fully Managed Switches M4250 Series Main User Manual 9. In the Protocol field, select HTTP or HTTPS used for communication with clients during the verification process: • HTTP: Does not use encryption during verification. • HTTPS: Uses the Secure Sockets Layer (SSL), which requires a certificate for encryption. The certificate is presented to the user at connection time. 10.
PAGE 636
AV Line of Fully Managed Switches M4250 Series Main User Manual 16. From the Redirect Mode menu, specify if newly authenticated clients are redirected to a URL: • Enable: Authenticated clients are redirected to a URL that you can specify in the Redirect URL field. • Disable: Authenticated clients are not redirected and the default locale “welcome” is used. The default is Disable. 17. In the Redirect URL field, specify the URL to which newly authenticated clients must be redirected.
PAGE 637
AV Line of Fully Managed Switches M4250 Series Main User Manual 25. In the Max Total field, specify the maximum number of octets that a client is allowed to transfer, meaning the sum of octets transmitted and received. After this limit is reached, the client is disconnected. The range is from 0 to 4294967295. The default is 0, which indicates that the limit is not enforced. 26. Do one of the following: • If you are adding a new captive portal, click the Add button. Your settings are saved.
PAGE 638
AV Line of Fully Managed Switches M4250 Series Main User Manual Configure a captive portal binding You can associate a captive portal with one or more interfaces. Although you can associate multiple interfaces with one captive portal, you can associate an interface with one captive portal only. To configure a captive portal binding: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button.
PAGE 639
AV Line of Fully Managed Switches M4250 Series Main User Manual To display or delete captive portal bindings: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required.
PAGE 640
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 159. Captive portal binding information (Continued) Field Description Block Status Indicates if the captive portal is temporarily blocked for authentication. Authenticated Users The number of users authenticated through the captive portal on the interface. Configure captive portal groups Captive portal groups let you organize captive portal users, which is useful if a large number of users must be able to access a captive portal.
PAGE 641
AV Line of Fully Managed Switches M4250 Series Main User Manual The group is added. 9. To save the settings to the running configuration, click the Save icon. Remove a captive portal group To remove a captive portal group: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4.
PAGE 642
AV Line of Fully Managed Switches M4250 Series Main User Manual Add or modify a captive portal user account To add or modify a captive portal user account: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button.
PAGE 643
AV Line of Fully Managed Switches M4250 Series Main User Manual By default, the selection is Disable, which means that no password is used and the password fields are masked out. 10. From the Group menu, select at least one captive portal group. To assign a user account to more than one group, press the Ctrl key and click each group. By default, a new user account is assigned to the default group with ID 1. 11.
PAGE 644
AV Line of Fully Managed Switches M4250 Series Main User Manual Your settings are saved. The user account is added. • If you are changing the settings for a user account, click the Apply button. Your settings are saved. 19. To save the settings to the running configuration, click the Save icon. Delete a captive portal user account You can delete a captive portal user account that is no longer required. To delete a captive portal user account: 1. Launch a web browser. 2.
PAGE 645
AV Line of Fully Managed Switches M4250 Series Main User Manual 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Security > Control > Captive Portal > CP Trap Flags.
PAGE 646
AV Line of Fully Managed Switches M4250 Series Main User Manual 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Security > Control > Captive Portal > CP Client. The CP Client page displays. 6.
PAGE 647
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 160. Captive portal client statistics (Continued) Field Description Packets Received The total number of packets the client received. Packets Transmitted The total number of packets the client transmitted. Access control lists Access control lists (ACLs) ensure that only authorized users can access specific resources while blocking any unwarranted attempts to reach network resources.
PAGE 648
AV Line of Fully Managed Switches M4250 Series Main User Manual The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Security > ACL > ACL Wizard. The previous figure shows the page for a 12-port model.
PAGE 649
AV Line of Fully Managed Switches M4250 Series Main User Manual • ACL Based on Destination IPv6: Creates an ACL based on the destination IPv6 prefix and IPv6 prefix length. • ACL Based on Source IPv6: Creates an ACL based on the source IPv6 prefix and IPv6 prefix length. • ACL Based on Destination IPv4 L4 Port: Creates an ACL based on the destination IPv4 Layer 4 port number. • ACL Based on Source IPv4 L4 Port: Creates an ACL based on the source IPv4 Layer 4 port number.
PAGE 650
AV Line of Fully Managed Switches M4250 Series Main User Manual ACL Based On Fields Destination MAC • Destination MAC: Specify the destination MAC address to compare against an Ethernet frame. The format is xx:xx:xx:xx:xx:xx. The BPDU keyword might be specified using a destination MAC address of 01:80:C2:xx:xx:xx. • Destination MAC Mask: Specify the destination MAC address mask, which represents the bits in the destination MAC address to compare against an Ethernet frame.
PAGE 651
AV Line of Fully Managed Switches M4250 Series Main User Manual (Continued) ACL Based On Fields Destination IPv6 L4 Port • Destination L4 port (protocol): Specify the destination IPv6 L4 port protocol. • Destination L4 port (value): Specify the destination IPv6 L4 port value. Source IPv6 L4 Port • Source L4 port (protocol): Specify the source IPv6 L4 port protocol. • Source L4 port (value): Specify the source IPv6 L4 port value. 11.
PAGE 652
AV Line of Fully Managed Switches M4250 Series Main User Manual 16. To save the settings to the running configuration, click the Save icon. Modify an ACL rule that you created with the ACL Wizard To modify an ACL rule that you created with the ACL Wizard: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4.
PAGE 653
AV Line of Fully Managed Switches M4250 Series Main User Manual 5. Select Security > ACL > ACL Wizard. The ACL Wizard page displays. 6. Select check box that is associated with the rule. 7. Click the Delete button. The rule is removed. 8. To save the settings to the running configuration, click the Save icon. ACL Wizard example In the following figure, the ACL rule is configured to check for packet matches on ports 3, 7, and 8 and on LAG 4. Packets that include a source address in the 203.0.113.
PAGE 654
AV Line of Fully Managed Switches M4250 Series Main User Manual Multiple steps are involved in defining a MAC ACL and applying it to the switch: 1. Create a MAC ACL ID (see Add a MAC ACL on page 654). 2. Create a MAC rule (see Configure MAC ACL rules on page 656). 3. Associate the MAC ACL with one or more interfaces (see Configure MAC bindings on page 660).
PAGE 655
AV Line of Fully Managed Switches M4250 Series Main User Manual 8. To save the settings to the running configuration, click the Save icon. Change the name of a MAC ACL To change the name of a MAC ACL: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button.
PAGE 656
AV Line of Fully Managed Switches M4250 Series Main User Manual The MAC ACL page displays. 6. Select check box that is associated with the MAC ACL. 7. Click the Delete button. The MAC ACL is removed. 8. To save the settings to the running configuration, click the Save icon. Configure MAC ACL rules You can define rules for MAC-based ACLs. The access list definition includes rules that specify whether traffic matching the criteria is forwarded normally or discarded.
PAGE 657
AV Line of Fully Managed Switches M4250 Series Main User Manual • Permit: Forwards packets that meet the ACL criteria. • Deny: Drops packets that meet the ACL criteria. 9. In the Assign Queue field, specify the hardware egress queue identifier that must be used to handle all packets matching this ACL rule. The range for the queue ID is from 0 to 7. 10.
PAGE 658
AV Line of Fully Managed Switches M4250 Series Main User Manual • • • • • • • • • IPv6 IPX MPLS Multicast MPLS Unicast NetBios Novell PPPOE RARP User Value 17. If you select User Value from the EtherType Key menu, in the EtherType User Value field, specify the customized EtherType value that must be used. This value must be compared against the information in an Ethernet frame. The range is from 0x0600 to 0xFFFF. 18.
PAGE 659
AV Line of Fully Managed Switches M4250 Series Main User Manual 24. From the Time Range menu, as an option, select the name of the timer schedule. For information about timer schedules, see Timer schedules on page 145. The Rule Status field in the table shows if the rule is active or inactive. Blank means that no timer schedule is associated with the rule. 25. Click the Add button. The rule is added. 26. To save the settings to the running configuration, click the Save icon.
PAGE 660
AV Line of Fully Managed Switches M4250 Series Main User Manual The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Security > ACL > Basic > MAC Rules. The MAC Rules page displays. 6.
PAGE 661
AV Line of Fully Managed Switches M4250 Series Main User Manual 5. Select Security > ACL > Basic > MAC Binding Configuration. The previous figure shows the page for a 12-port model and includes some examples. 6. From the ACL ID menu, select an ACL. 7. From the Direction menu, select the traffic direction for the MAC binding: • Inbound: The MAC binding can be applied to incoming traffic only. • Outbound: The MAC binding can be applied to outgoing traffic only. 8.
PAGE 662
AV Line of Fully Managed Switches M4250 Series Main User Manual The following table describes the nonconfigurable information that is displayed. Table 161. Interface Binding Status information Field Description Interface The selected interface. Direction The selected packet filtering direction for the ACL. ACL Type The type of ACL assigned to the selected interface and direction. ACL ID The ACL number or name identifying the ACL assigned to the selected interface and direction.
PAGE 663
AV Line of Fully Managed Switches M4250 Series Main User Manual 6. To delete a MAC ACL-to-interface binding, do the following: a. Select the check box next to the interface. b. Click the Delete button. The binding is removed. 7. To save the settings to the running configuration, click the Save icon. The following table describes the information that is displayed in the MAC binding table. Table 162. MAC Binding Table information Field Description Interface The interface of the ACL assigned.
PAGE 664
AV Line of Fully Managed Switches M4250 Series Main User Manual Multiple steps are involved in defining an IPv4 ACL and applying it to the switch: 1. Add an IPv4 ACL ID (see Add an IPv4 ACL on page 664). The differences between a basic IPv4 ACL and an extended IPv4 ACL are as follows: • Numbered ACL from 1 to 99: Creates a basic IPv4 ACL, which allows you to permit or deny traffic from a source IP address.
PAGE 665
AV Line of Fully Managed Switches M4250 Series Main User Manual The Current Number of ACL field displays the current number of all ACLs configured on the switch. The Maximum ACL field displays the maximum number of ACLs that you can configure on the switch. 6. In the IP ACL ID field, specify the ACL ID or IP ACL name, which depends on the IP ACL type. The IP ACL ID is an integer in the following range: • 1–99: Creates a basic IP ACL, which allows you to permit or deny traffic from a source IP address.
PAGE 666
AV Line of Fully Managed Switches M4250 Series Main User Manual 5. Select Security > ACL > Advanced > IP ACL. The IP ACL Configuration page displays. 6. Select the check box that is associated with the IP ACL. 7. In the IP ACL field, specify the new number or name. 8. Click the Apply button. Your settings are saved. 9. To save the settings to the running configuration, click the Save icon. Delete an IPv4 ACL To delete an IPv4 ACL: 1. Launch a web browser. 2.
PAGE 667
AV Line of Fully Managed Switches M4250 Series Main User Manual Note: An implicit deny all rule is included at the end of an ACL list. This means that if an ACL is applied to a packet, and if none of the explicit rules match, then the final implicit deny all rule applies and the packet is dropped. Add a rule for a basic IPv4 ACL To add a rule for a basic IPv4 ACL: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3.
PAGE 668
AV Line of Fully Managed Switches M4250 Series Main User Manual 7. Click the Add button. 8. Specify the following match criteria for the rule: • Sequence Number: Enter an ACL sequence number in the range from 1 to 2147483647 that is used to identify the rule. An IP ACL can contain up to 50 rules. • Action: Select the ACL forwarding action, which is one of the following: • Permit: Forward packets that meet the ACL criteria.
PAGE 669
AV Line of Fully Managed Switches M4250 Series Main User Manual • • • • • • You can either select a mirror interface or a redirect interface. These options are mutually exclusive. Redirect Interface: From the menu, select the egress interface to which the matching traffic stream must be redirected, bypassing any forwarding decision normally performed by the switch. You can either select a redirect interface or a mirror interface. These options are mutually exclusive.
PAGE 670
AV Line of Fully Managed Switches M4250 Series Main User Manual The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Security > ACL > Advanced > IP Rules. The IP Rules page displays. 6. From the ACL ID menu, select the ACL that includes the rule that you want to modify. 7. In the Basic ACL Rule Table, click the rule. The rule is a hyperlink.
PAGE 671
AV Line of Fully Managed Switches M4250 Series Main User Manual Configure rules for an extended IPv4 ACL You can define rules for extended IPv4 ACLs. The access list definition includes rules that specify whether traffic matching the criteria is forwarded normally or discarded. Note: An implicit deny all rule is included at the end of an ACL list.
PAGE 672
AV Line of Fully Managed Switches M4250 Series Main User Manual 7. Click the Add button. 8. Configure the following options for the rule: • Sequence Number: Enter a number in the range from 1 to 2147483647 that is used to identify the rule. An extended IP ACL can contain up to 1023 rules. • Action: Select the ACL forwarding action, which is one of the following: • Permit: Forward packets that meet the ACL criteria.
PAGE 673
AV Line of Fully Managed Switches M4250 Series Main User Manual • Select the Redirect radio button and use the menu to specify the egress interface to which the matching traffic stream is forced, bypassing any forwarding decision normally performed by the device. • Match Every: Select one of the radio buttons to specify whether all packets must match the selected IP ACL rule: • False: Not all packets need to match the selected IP ACL rule. You can configure other match criteria on the page.
PAGE 674
AV Line of Fully Managed Switches M4250 Series Main User Manual You can select either the Port radio button or the Range radio button: • Port: If you select the Port radio button, you can either enter the port number yourself or select one of the following protocols from the menu: - The source IP TCP port protocols are Domain, Echo, FTP, FTP data, www-http, SMTP, Telnet, POP2, POP3, and BGP. - The source IP UDP port protocols are Domain, Echo, SNMP, NTP, RIP, Time, Who, and TFTP.
PAGE 675
AV Line of Fully Managed Switches M4250 Series Main User Manual The wildcard mask determines which bits are used and which bits are ignored. A wildcard mask of 0.0.0.0 indicates that none of the bits are important. A wildcard of 255.255.255.255 indicates that all of the bits are important.
PAGE 676
AV Line of Fully Managed Switches M4250 Series Main User Manual • Range: If you select the Range radio button, the IP ACL rule matches only if the Layer 4 destination port number is within the specified port range. The starting port, ending port, and all ports in between are a part of the Layer 4 port range. The Start Port and End Port fields identify the first and last ports that are part of the port range. They values can range from 0 to 65535.
PAGE 677
AV Line of Fully Managed Switches M4250 Series Main User Manual The IPv4 ICMP message types are Echo, echo-reply, host-redirect, mobile-redirect, net-redirect, net-unreachable, redirect, packet-too-big, port-unreachable, source-quench, router-solicitation, router-advertisement, TTL-exceeded, time-exceeded, and unreachable.
PAGE 678
AV Line of Fully Managed Switches M4250 Series Main User Manual Timer schedules on page 145. If you did not set up any timer schedules, the menu does not present any options. 9. Click the Apply button. Your settings are saved. The Rule Status field in the table shows if the rule is active or inactive. Blank means that no timer schedule is associated with the rule. 10. To save the settings to the running configuration, click the Save icon.
PAGE 679
AV Line of Fully Managed Switches M4250 Series Main User Manual Delete an extended IPv4 ACL rule To delete an extended IPv4 ACL rule: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required.
PAGE 680
AV Line of Fully Managed Switches M4250 Series Main User Manual You can display or delete IPv6 ACL configurations in the IP ACL Binding table (see Display or delete IP ACL bindings in the IP ACL binding table on page 690). Add an IPv6 ACL To add an IPv6 ACL: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4.
PAGE 681
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 163. IPv6 ACL information (Continued) Field Description Rules The maximum number of ACLs that can be configured on the switch. Type The type is IPv6 ACL. Change the name of an IPv6 ACL To change the name of an IPv6 ACL: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4.
PAGE 682
AV Line of Fully Managed Switches M4250 Series Main User Manual The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Security > ACL > Advanced > IPv6 ACL. The IPv6 ACL page displays. 6. Select the check box that is associated with the IPv6 ACL. 7. Click the Delete button. The IPv6 ACL is removed. 8.
PAGE 683
AV Line of Fully Managed Switches M4250 Series Main User Manual 6. From the ACL Name menu, select the IPv6 ACL for which you want to add or a change a rule. 7. Click the Add button. 8. Configure the following options for the rule: • Sequence Number: Enter a whole number in the range of 1 to 2147483647. This number is used to identify the rule. An IPv6 ACL can contain up to 1023 rules.
PAGE 684
AV Line of Fully Managed Switches M4250 Series Main User Manual • Interface: If you select the Permit radio button, use either a mirror interface or a redirect interface: • Select the Mirror Interface radio button and use the menu to specify the egress interface to which the matching traffic stream is copied, in addition to being forwarded normally by the device.
PAGE 685
AV Line of Fully Managed Switches M4250 Series Main User Manual • If you select the Host radio button, enter a host source IPv6 address to match the specified IPv6 address. If this field is left empty, it means any. The source IPv6 address argument must be in the form documented in RFC 2373 where the address is specified in hexadecimal numbers using 16-bit values between colons. • Src L4: The options are available only if the selection from the Protocol Type menu is TCP or UDP.
PAGE 686
AV Line of Fully Managed Switches M4250 Series Main User Manual Each of these values translates into its equivalent port number, which is used as both the start and end of the port range. Select Other from the menu to enter a port number. If you select Other from the menu but leave the field blank, it means any. The only relevant matching condition for L4 port numbers is equal.
PAGE 687
AV Line of Fully Managed Switches M4250 Series Main User Manual • IPv6 DSCP Service: Specify the IP DiffServ Code Point (DSCP) field. This is an optional configuration. The DSCP is defined as the high-order six bits of the service type octet in the IPv6 header. Enter an integer from 0 to 63. To select the IPv6 DSCP, select one of the DSCP keywords. To specify a numeric value, select Other and enter the numeric value of the DSCP.
PAGE 688
AV Line of Fully Managed Switches M4250 Series Main User Manual 6. From the ACL Name menu, select the ACL that includes the rule that you want to modify. 7. In the IPv6 ACL Rule Table, click the rule. The rule is a hyperlink. The IPv6 ACL Rule Configuration page displays. 8. Modify the IPv6 ACL rule criteria. 9. Click the Apply button. Your settings are saved. 10. To save the settings to the running configuration, click the Save icon. Delete an IPv6 ACL rule To delete an IPv6 ACL rule: 1.
PAGE 689
AV Line of Fully Managed Switches M4250 Series Main User Manual To bind an IP ACL to one or more interfaces: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required.
PAGE 690
AV Line of Fully Managed Switches M4250 Series Main User Manual 8. In the Sequence Number field, optionally specify a number to indicate the order of the access list relative to other access lists already assigned to the interface and direction. A low number indicates high precedence order. If a sequence number is already in use for the interface and direction, the specified access list replaces the currently attached access list using that sequence number.
PAGE 691
AV Line of Fully Managed Switches M4250 Series Main User Manual To display or delete IP ACL bindings: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required.
PAGE 692
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 165. Interface Binding Status information (Continued) Field Description ACL ID/Name The ACL number or name identifying the ACL assigned to the selected interface and direction. Sequence Number The sequence number signifying the order of specified ACL relative to other ACLs assigned to the selected interface and direction. Configure VLAN ACL bindings You can associate a MAC ACL, any type of IPv4 ACL, or an IPv6 ACL with a VLAN.
PAGE 693
AV Line of Fully Managed Switches M4250 Series Main User Manual than the highest sequence number currently in use for the VLAN ID and direction is used. The range is from 1 to 4294967295. 9. From the ACL Type menu, select the type of ACL. You can select a MAC ACL, IP ACL, or IPv6 ACL. 10. From the ACL ID list, select the ID or name of the ACL that must be bound to the specified VLAN. 11. Click the Add button. The VLAN ACL binding is added. 12.
PAGE 694
8 Monitor the Switch and Network This chapter covers the following topics: • • • • • • • • • • Port and EAP packet statistics Perform a cable test Logs Syslog and log server host settings Trap log Event log Port mirroring RSPAN VLANs and source and destination switches sFlow monitoring Display license information 694
PAGE 695
AV Line of Fully Managed Switches M4250 Series Main User Manual Port and EAP packet statistics You can view port statistics, including detailed statistics, and Extensible Authentication Protocol (EAP) packets statistics. Display or clear port statistics You can display a summary of per-port traffic statistics on the switch and clear the statistics. To view or clear port statistics: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch.
PAGE 696
AV Line of Fully Managed Switches M4250 Series Main User Manual 9. To refresh the page, click the Refresh button. 10. To save the settings to the running configuration, click the Save icon. The following table describes the per-port statistics displayed on the page. Table 166. Port statistics information Field Description Interface The interface. Total Packets Received Without Errors The total number of packets that were received without errors.
PAGE 697
AV Line of Fully Managed Switches M4250 Series Main User Manual To display and clear detailed statistics for a port: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required.
PAGE 698
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 167. Port detailed statistics information (Continued) Field Description Port Role Each MST bridge port that is enabled is assigned a port role for each spanning tree. The port role is one of the following values: Root, Designated, Alternate, Backup, Master, or Disabled. STP Mode The Spanning Tree Protocol administrative mode that is associated with the port or port channel.
PAGE 699
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 167. Port detailed statistics information (Continued) Field Description Packets RX and TX 256-511 Octets The total number of packets (including bad packets) received or transmitted that were between 256 and 511 octets in length inclusive (excluding framing bits but including FCS octets).
PAGE 700
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 167. Port detailed statistics information (Continued) Field Description Packets Received > 1518 Octets The total number of packets received that were longer than 1518 octets (excluding framing bits, but including FCS octets) and were otherwise well formed. Total Packets Received Without Errors The total number of packets received that were without errors.
PAGE 701
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 167. Port detailed statistics information (Continued) Field Description 802.3x Pause Frames Received A count of MAC control frames received on this interface with an opcode indicating the PAUSE operation. This counter does not increment when the interface is operating in half-duplex mode. Unacceptable Frame Type The number of frames discarded from this port due to being an unacceptable frame type.
PAGE 702
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 167. Port detailed statistics information (Continued) Field Description Multicast Packets Transmitted The total number of packets that higher-level protocols requested be transmitted to a multicast address, including those that were discarded or not sent.
PAGE 703
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 167. Port detailed statistics information (Continued) Field Description GMRP PDUs Transmitted The number of GMRP PDUs transmitted from the GARP Layer. GMRP Failed Registrations The number of times attempted GMRP registrations could not be completed. EAPOL Frames Received The number of valid EAPOL frames of any type that were received by this authenticator.
PAGE 704
AV Line of Fully Managed Switches M4250 Series Main User Manual The System Information page displays. 5. Select Monitoring > Ports > EAP Statistics. The EAP Statistics page displays. 6. To refresh the page, click the Refresh button. 7. To clear the counters, which resets the EAP and EAPoL statistics to default values, take one of the following actions: • To clear the counters for a specific port, select the check box associated with the port, and click the Clear button.
PAGE 705
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 168. EAP Statistics information (Continued) Field Description EAP Response/ID Frames Received The number of EAP response/identity frames that were received by this authenticator. EAP Response Frames Received The number of valid EAP response frames (other than resp/ID frames) that were received by this authenticator.
PAGE 706
AV Line of Fully Managed Switches M4250 Series Main User Manual by the PHY for the current link speed. Note that if the link is down and a cable is attached to a 10/100 Ethernet adapter then the cable status might be Open or Short because some Ethernet adapters leave unused wire pairs unterminated or grounded. The following table describes the nonconfigurable information displayed on the page. Table 169.
PAGE 707
AV Line of Fully Managed Switches M4250 Series Main User Manual To manage and display the memory log: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required.
PAGE 708
AV Line of Fully Managed Switches M4250 Series Main User Manual • Critical: Level 2, the third-highest warning level. A critical log is saved if a critical device malfunction occurs, for example, two device ports are not functioning, while the rest of the device ports remain functional. • Error: Level 3, a device error occurred, such as a port being offline. • Warning: Level 4, the lowest level of a device warning. • Notice: Level 5, provides the network administrators with device information.
PAGE 709
AV Line of Fully Managed Switches M4250 Series Main User Manual 11. To refresh the page, click the Refresh button. 12. To clear the log, click the Clear button. 13. To save the settings to the running configuration, click the Save icon. Message log format This topic applies to the format of all logged messages that are displayed for the message log, persistent log, or console log. Messages logged to a collector or relay through syslog use an identical format: • <15>Aug 24 05:34:05 0.0.0.
PAGE 710
AV Line of Fully Managed Switches M4250 Series Main User Manual The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Monitoring > Logs > Command Log Configuration. The Command Log Configuration page displays. 6. Select one of the following Admin Status radio buttons: • Enable: Enable the switch to log CLI configuration commands. This is the default setting.
PAGE 711
AV Line of Fully Managed Switches M4250 Series Main User Manual 7. From the Severity Filter menu, select the logging level for messages that must be logged. Log messages with the selected severity level and all log messages of greater severity are logged. For example, if you select Warning, the logged messages include Warning, Error, Critical, Alert, and Emergency. The default severity level is Error (3). The severity can be one of the following levels: • Emergency: Level 0, the highest warning level.
PAGE 712
AV Line of Fully Managed Switches M4250 Series Main User Manual Configure the syslog settings To configure the syslog settings: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required.
PAGE 713
AV Line of Fully Managed Switches M4250 Series Main User Manual Note: The syslog function on the switch can save the log messages simultaneously to a remote server and to a USB storage device. 9. To simultaneously save the log messages to a USB storage device, in the USB Filename field, specify the name of the USB file. The filename cannot include the following symbols: V:*?”<>!. Up to 64 characters can be entered. The 64 characters are only the filename length, the extension is automatically added. 10.
PAGE 714
AV Line of Fully Managed Switches M4250 Series Main User Manual 5. Select Monitoring > Logs > Server Log. The Server Log page displays. 6. In the Server Configuration table, configure the following settings: • IP Address Type: Specify the IP address type of the syslog server, which can be IPv4, IPv6, or DNS. • Host Address: Specify the IP address or host name of the syslog server. • Port: Specify the port on the syslog server. The default port number is 514.
PAGE 715
AV Line of Fully Managed Switches M4250 Series Main User Manual The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Monitoring > Logs > Server Log.
PAGE 716
AV Line of Fully Managed Switches M4250 Series Main User Manual The syslog server is removed. Trap log The trap log includes information about the traps that the switch sent. You can display and clear the entries in the trap log. You can also retrieve the trap log and save it as a file. For more information, see Export a file from the switch on page 739. To display or clear the trap log: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch.
PAGE 717
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 171. Trap log information (Continued) Field Description Number of Traps since log last viewed The number of traps that occurred since the traps were last displayed. Note: If you save the trap log to another device (that is, you upload the file from the switch), this counter is set to 0. Log The sequence number of this trap.
PAGE 718
AV Line of Fully Managed Switches M4250 Series Main User Manual The following table describes the event log information displayed on the page. Table 172. Event logs information Field Description Entry The sequence number of the event. Type The type of the event. File Name The file in which the event originated. Line The line number of the event. Task Id The task ID of the event. Code The event code. Time The time this event occurred.
PAGE 719
AV Line of Fully Managed Switches M4250 Series Main User Manual The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Monitoring > Mirroring > Multiple Port Mirroring. The Multiple Port Mirroring page displays. 6. From the Session ID menu, select 1, 2, 3, or 4 as the port mirroring session ID.
PAGE 720
AV Line of Fully Managed Switches M4250 Series Main User Manual 10. In the Source Interface Configuration section, select one or more source interfaces and the traffic direction: a. Select which interfaces are displayed on the page: • Unit ID: Displays the physical ports only. • LAG: Displays the LAGs only. • CPU: Displays the CPU only. • VLANS: Displays the VLANs only. • All: Displays all physical ports, LAGs, the CPU, and VLANs. b.
PAGE 721
AV Line of Fully Managed Switches M4250 Series Main User Manual RSPAN VLANs and source and destination switches You can configure a VLAN as a remote switched port analyzer (RSPAN) VLAN. RSPAN lets you mirror traffic from multiple source ports (or from all ports that are members of a VLAN) from different network devices and send the mirrored traffic to a destination port (a probe port connected to a network analyzer) on a remote device.
PAGE 722
AV Line of Fully Managed Switches M4250 Series Main User Manual 8. Click the Apply button. Your settings are saved. 9. To save the settings to the running configuration, click the Save icon. Configure the switch as an RSPAN source switch You can configure the switch as an RSPAN source switch that sends traffic to another switch that functions as an RSPAN destination switch. You can create up to four RSPAN source switch configurations. To configure the switch as an RSPAN source switch: 1.
PAGE 723
AV Line of Fully Managed Switches M4250 Series Main User Manual For each RSPAN source switch configuration, you can configure one RSPAN destination VLAN port only. The default is None. 9. From the RSPAN Reflector Port menu, select the interface that is connected to the RSPAN destination switch. 10. To filter the traffic that must be mirrored, do the following: a. From the Filter Type menu, select IP ACL or MAC ACL. Only traffic that matches the rules in the ACL is mirrored to the RSPAN destination VLAN.
PAGE 724
AV Line of Fully Managed Switches M4250 Series Main User Manual • Rx: Ingress (received) traffic only is mirrored. This option is not available for a VLAN. • Tx: Egress (transmitted) traffic only is mirrored. This option is not available for a VLAN. 12. Click the Apply button. Your settings are saved. If the port is configured as a source port, the Status field display Mirrored. If the port is configured as a destination port, the Status field display Probe. 13.
PAGE 725
AV Line of Fully Managed Switches M4250 Series Main User Manual 7. Enable or disable the RSPAN destination switch configuration by selecting one of the following Admin Mode radio buttons: • True: Traffic from the selected RSPAN source VLAN is copied (mirrored) to the selected RSPAN destination port. • False: Traffic from the selected RSPAN source VLAN is not mirrored. 8. From the RSPAN Source VLAN menu, select the RSPAN source VLAN from which traffic must be copied. 9.
PAGE 726
AV Line of Fully Managed Switches M4250 Series Main User Manual sFlow agent overview Packet flow sampling and counter sampling are performed by sFlow instances associated with individual data sources within the sFlow agent. Packet flow samples and counter samples are combined in sFlow datagrams. Packet flow sampling causes a steady but random stream of sFlow datagrams to be sent to the sFlow collector. Counter samples can be taken opportunistically to fill these datagrams.
PAGE 727
AV Line of Fully Managed Switches M4250 Series Main User Manual • Routing VLAN: The primary IP address of a VLAN routing interface is used as the source address. • Routing loopback interface: The primary IP address of a routing loopback interface is used as the source address. • Tunnel interface: The IPv6 tunnel interface. • Service port: The management port source IP address is used as the source address. By default, VLAN 1 is used as the source interface. 7. Click the Apply button.
PAGE 728
AV Line of Fully Managed Switches M4250 Series Main User Manual 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Monitoring> sFlow > Advanced > sFlow Receiver Configuration. The sFlow Receiver Configuration page displays. 6.
PAGE 729
AV Line of Fully Managed Switches M4250 Series Main User Manual Configure sFlow polling and sampling on an interface If the switch is configured as an sFlow agent, the switch can do the following: • Collect statistical packet-based sampling of switched flows and sends them to the configured receivers. A data source that is configured to collect flow samples is called a sampler. • Collect time-based sampling of network interface statistics and send them to the configured sFlow receivers.
PAGE 730
AV Line of Fully Managed Switches M4250 Series Main User Manual 8. In the Poller Interval field, specify the number of seconds between successive polling. A sampling interval of 0 disables sampling. The range is from 0 to 86400 seconds. The default is 0 seconds. 9. In the Sampler Receiver Index field, specify the sFlow receiver that must be associated with the sampler. For information about sFlow receivers, see Configure an sFlow receiver on page 727. 10.
PAGE 731
AV Line of Fully Managed Switches M4250 Series Main User Manual The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select System > Management > License Key. The License Key page displays. The following table describes the nonconfigurable fields on the page. Table 174.
PAGE 732
AV Line of Fully Managed Switches M4250 Series Main User Manual 5. Select System > Management > License Features. The License Features page displays. The table shows if the features are enabled or disabled.
PAGE 733
9 Maintenance and Troubleshooting This chapter covers the following topics: • • • • • • • • Save the configuration Automatic installation of the configuration file Reboot the switch from the main local browser UI Reset the switch to the factory default settings Export a file from the switch Upgrade software or download a file Manage software images file management Diagnostics and troubleshooting 733
PAGE 734
AV Line of Fully Managed Switches M4250 Series Main User Manual Save the configuration When you save the configuration, changes that you made are retained by the switch when it is rebooted. You can also save the settings on each configuration page of the main UI by clicking the Save icon. To save the configuration: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button.
PAGE 735
AV Line of Fully Managed Switches M4250 Series Main User Manual file as such. The auto Install process depends on the configuration of other devices in the network, including a DHCP or BOOTP server, a TFTP server and, if necessary, a DNS server. The auto install process occurs in three phases: 1. Configuration or assignment of an IP address to the switch: For more information, see IPv4 management interfaces and VLANs on page 48 or IPv6 management interfaces and VLANs on page 55. 2.
PAGE 736
AV Line of Fully Managed Switches M4250 Series Main User Manual • Disabled: The auto install process does not save the downloaded configuration file and, therefore, cannot apply it after the switch reboots. h. From the AutoSave Mode menu, select to enable or disable automatic saving of the configuration to the startup configuration: • Enabled: The automatically downloaded configuration is saved to the startup configuration.
PAGE 737
AV Line of Fully Managed Switches M4250 Series Main User Manual • Data length (1 octet): 0x12 The data length includes the SubOption code plus the SubOption length plus the image description file name: 1+1+16. - SubOption code (2 octets): 0x05 - SubOption length (1 octet): 0x10 The length of the name of the image description file. - Image description file name (N octets): 61.7574.6f69.6e73.7461.6c6c.5f64.6863.70 In plain text, the name of the image description file is autoinstall_dhcp.
PAGE 738
AV Line of Fully Managed Switches M4250 Series Main User Manual The System Information page displays. 5. Select Maintenance > Reset > Device Reboot. The Device Reboot page displays. 6. Select one of the following radio buttons: • Save prior to reboot: The switch saves all changes that you made and for which you did not click the Save icon in the main local browser interface.
PAGE 739
AV Line of Fully Managed Switches M4250 Series Main User Manual The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Maintenance > Reset > Factory Default. The Factory Default page displays. 6. Select the check box. 7. Click the Apply button. A confirmation pop-up window displays. 8. Click the OK button to confirm.
PAGE 740
AV Line of Fully Managed Switches M4250 Series Main User Manual The File Export page displays. 6. From the File Type menu, select the type of file that must be exported: • Text Configuration: A text-based configuration file enables you to edit a configured text file (startup-config) offline as needed.
PAGE 741
AV Line of Fully Managed Switches M4250 Series Main User Manual 9. In the Server Address field, enter the IP address of the server in accordance with the format indicated by the server address type. The default is the IPv4 address 0.0.0.0. 10. In the Remote File Path field, specify the path on the server where you want to save the file. The path name can include alphabetic, numeric, forward slash, dot, or underscore characters only. You can enter up to 160 characters. 11.
PAGE 742
AV Line of Fully Managed Switches M4250 Series Main User Manual The System Information page displays. 5. Select Maintenance > Export > HTTP File Export. The HTTP File Export page displays. 6. From the File Type menu, select the type of file that must be exported: • Text Configuration: A text-based configuration file enables you to edit a configured text file (startup-config) offline as needed.
PAGE 743
AV Line of Fully Managed Switches M4250 Series Main User Manual The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Maintenance > Export > USB File Export.
PAGE 744
AV Line of Fully Managed Switches M4250 Series Main User Manual firmware to the switch. If firmware release notes are available with new firmware, read the release notes to find out if you must reconfigure the switch after updating. In this context, downloading is also referred to as upgrading. Note the following about SSH and SSL files: • SSH: For you to be able to download SSH files to the switch, SSH must be administratively disabled and no active SSH sessions must occur.
PAGE 745
AV Line of Fully Managed Switches M4250 Series Main User Manual • Software: The system software image, which is saved in one of two flash sectors called images (image1 and image2). The active image stores the active copy, while the other image stores a second copy. The device boots and runs from the active image. If the active image is corrupted, the system automatically boots from the nonactive image. This is a safety feature for faults occurring during the boot upgrade process.
PAGE 746
AV Line of Fully Managed Switches M4250 Series Main User Manual We recommended that you do not overwrite the active image. 8. If the selection from the File Type menu is Software, the Verify radio buttons display so that you can select one of the following options: • None: Verification of the downloaded file is disabled. This is the default setting. • Verify: The digital signature of the downloaded file is verified. • No Verify: The digital signature of the downloaded file is not verified. 9.
PAGE 747
AV Line of Fully Managed Switches M4250 Series Main User Manual • User Name: Specify the user name for remote login to the server. • Password: Specify the password for remote login to the server. 16. Click the Apply button. The file is downloaded from the server to the switch. The page displays information about the progress of the file transfer. 17. To save the settings to the running configuration, click the Save icon.
PAGE 748
AV Line of Fully Managed Switches M4250 Series Main User Manual • SSH-2 RSA Key PEM File: An SSH-2 Rivest-Shamir-Adelman (RSA) key file (PEM Encoded). • SSH-2 DSA Key PEM File: An SSH-2 Digital Signature Algorithm (DSA) key file (PEM Encoded). • SSL Trusted Root Certificate PEM File: An SSL Trusted Root Certificate file (PEM Encoded). • SSL Server Certificate PEM File: An SSL Server Certificate file (PEM Encoded) to the device.
PAGE 749
AV Line of Fully Managed Switches M4250 Series Main User Manual 9. To save the settings to the running configuration, click the Save icon. Download a file from a USB storage device to the switch You can download a text configuration file or license key only from a USB storage device to the switch. To download a file from a USB storage device to the switch: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3.
PAGE 750
AV Line of Fully Managed Switches M4250 Series Main User Manual We recommended that you do not overwrite the active image. 8. In the File Path field, specify the path on the USB storage device. You can use up to 146 characters. The default is blank. 9. In the USB File field, specify the file name on the USB storage device. You can enter up to 32 characters. 10. Click the Apply button. The file is exported (uploaded) to the USB storage device.
PAGE 751
AV Line of Fully Managed Switches M4250 Series Main User Manual The main UI login page displays in a new tab. 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Security > Access > HTTPS > HTTPS Configuration. The HTTPS Configuration page displays. 6.
PAGE 752
AV Line of Fully Managed Switches M4250 Series Main User Manual Manage software images The switch maintains two versions of the switch software in permanent storage. One image is the active image, and the second image is the backup image. The active image is loaded when the switch starts or reboots. This feature reduces switch down time when you are upgrading the switch software. Copy an software image You can copy a software image from one location (primary or backup) to another.
PAGE 753
AV Line of Fully Managed Switches M4250 Series Main User Manual description, or delete an image. This feature reduces switch down time when you are upgrading or downgrading the software image. Change the software image that loads when the switch starts or reboots To change the image that loads during the boot process: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button.
PAGE 754
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 175. Dual image configuration information Field Description Image Name The name of the image. By default, the image names are image1 and image2. Active Image The current active image (True or False). Version The firmware version of the image. Delete a software image To delete a software image: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3.
PAGE 755
AV Line of Fully Managed Switches M4250 Series Main User Manual Ping an IPv4 address You can configure the switch to send a ping request to a specified IPv4 address. You can use this option to check whether the switch can communicate with a particular IPv4 device. When you send a ping, the switch sends a specified number of ping requests and the results are displayed. If a reply to the ping is received, the following message displays: PING x.y.z.w (x.y.z.w): size data bytes size bytes from x.y.z.
PAGE 756
AV Line of Fully Managed Switches M4250 Series Main User Manual 7. In the Count field, enter the number of echo requests that must be sent. The default value is 3. The range is from 1 to 15. 8. In the Interval (secs) field, enter the time between ping packets in seconds. The default value is 3 seconds. The range is from 1 to 60. 9. In the Size field, enter the size of the ping packet. The default value is 0 bytes. The range is from 0 to 13000. 10.
PAGE 757
AV Line of Fully Managed Switches M4250 Series Main User Manual If a reply to the ping is not received, the following message displays: PING x:y::z:w (x:y::z:w): size data bytes --- x:y::z:w ping statistics --count packets transmitted, 0 packets received, 100% packet loss To ping an IPv6 address: 1. Launch a web browser. 2. In the address field of your web browser, enter the IP address of the switch. The login page displays. 3. Click the Main UI Login button. The main UI login page displays in a new tab.
PAGE 758
AV Line of Fully Managed Switches M4250 Series Main User Manual 11. From the Source menu, as an option, you can select the IP address or interface that must be used to send echo request packets: • None: The source address of the ping packet is the address of the default egress interface. • IPv6 Address: The source IP address that must be used when echo request packets are sent. With this selection, the IPv6 Address field displays and you must enter the IPv6 address that must be used as the source.
PAGE 759
AV Line of Fully Managed Switches M4250 Series Main User Manual The System Information page displays. 5. Select Maintenance > Troubleshooting > Traceroute IPv4. The Traceroute IPv4 page displays. 6. In the IP Address/Hostname field, enter the IP address or host name of the device for which the path must be discovered. 7. In the Probes Per Hop field, enter the number of probes per hop. The default value is 3. The range is from 1 to 10. 8.
PAGE 760
AV Line of Fully Managed Switches M4250 Series Main User Manual Send an IPv6 traceroute You can configure the switch to send a traceroute request to a specified IPv6 address or host name. You can use this to discover the paths that packets take to a remote destination. When you send a traceroute, the switch displays the results below the configurable data.
PAGE 761
AV Line of Fully Managed Switches M4250 Series Main User Manual 9. In the Init TTL field, enter the initial TTL to be used. The default value is 1. The range is from 1 to 255. 10. In the MaxFail field, enter the maximum number of failures allowed in the session. The default value is 5. The range is from 1 to 255. 11. In the Interval (secs) field, enter the time between probes in seconds. The default value is 3. The range is from 1 to 60. 12.
PAGE 762
AV Line of Fully Managed Switches M4250 Series Main User Manual 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Maintenance > Troubleshooting > Packet Capturing. The Packet Capturing page displays. 6. Next to RPCAP USB, select the Enable radio button. 7.
PAGE 763
AV Line of Fully Managed Switches M4250 Series Main User Manual 4. Enter admin as the user name, enter your local device password, and click the Login button. The first time that you log in, no password is required. However, you then must specify a local device password to use each subsequent time that you log in. The System Information page displays. 5. Select Maintenance > Troubleshooting > Full Memory Dump. The Full Memory Dump page displays. 6.
PAGE 764
AV Line of Fully Managed Switches M4250 Series Main User Manual • Write Core: To generate a core dump and transfer it to the server or USB storage device, select the Write Core check box. 14. If you select the Write Core check box, to save the current settings, select the Save Current Settings check box. This check box is selected by default. CAUTION: The switch reboots after you click the Apply button. 15. Click the Apply button. The memory dump is sent to the specified location. The switch reboots.
PAGE 765
A Configuration Examples This appendix contains information about how to configure the following features: • • • • • • Virtual Local Area Networks (VLANs) Access control lists (ACLs) Differentiated Services (DiffServ) 802.
PAGE 766
AV Line of Fully Managed Switches M4250 Series Main User Manual Virtual Local Area Networks (VLANs) A local area network (LAN) can generally be defined as a broadcast domain. Hubs, bridges, or switches in the same physical segment or segments connect all end node devices. End nodes can communicate with each other without the need for a router. Routers connect LANs together, routing the traffic to the appropriate port.
PAGE 767
AV Line of Fully Managed Switches M4250 Series Main User Manual • When a tagged packet enters a port, the tag for that packet is unaffected by the default VLAN ID setting. The packet proceeds to the VLAN specified by its VLAN ID tag number. • If the port through which the packet enters is not a member of the VLAN as specified by the VLAN ID tag, the packet is dropped. • If the port is a member of the VLAN specified by the packet’s VLAN ID, the packet can be sent to other ports with the same VLAN ID.
PAGE 768
AV Line of Fully Managed Switches M4250 Series Main User Manual • Port 4: PVID 20 4. With the VLAN configuration that you set up, the following situations produce results as described: • If an untagged packet enters port 1, the switch tags it with VLAN ID 10. The packet can access port 2 and port 3. The outgoing packet is stripped of its tag to leave port 2 as an untagged packet. For port 3, the outgoing packet leaves as a tagged packet with VLAN ID 10.
PAGE 769
AV Line of Fully Managed Switches M4250 Series Main User Manual The switch allow ACLs to be bound to physical ports and LAGs. The switch supports MAC ACLs and IP ACLs. MAC ACL sample configuration The following example shows how to create a MAC-based ACL that permits Ethernet traffic from the Sales department on specified ports and denies all other traffic on those ports. 1.
PAGE 770
AV Line of Fully Managed Switches M4250 Series Main User Manual permitted on interfaces 6, 7, and 8 and are assigned to the hardware egress queue 0, which is the default queue. All other traffic is explicitly denied on these interfaces. To allow additional traffic to enter these ports, you must add a new Permit rule with the desired match criteria and bind the rule to interfaces 6, 7, and 8.
PAGE 771
AV Line of Fully Managed Switches M4250 Series Main User Manual The IP ACL in this example matches all packets with the source IP address and subnet mask of the Finance department's network and deny it on interfaces 2, 3, and 4 of the switch. The second rule permits all non-Finance traffic on the ports. The second rule is required because an explicit deny all rule exists as the lowest priority rule.
PAGE 772
AV Line of Fully Managed Switches M4250 Series Main User Manual Class You can classify incoming packets at Layers 2, 3 and 4 by inspecting the following information for a packet: • Source/destination MAC address • EtherType • Class of Service (802.1p priority) value (first/only VLAN tag) • VLAN ID range (first/only VLAN tag) • Secondary 802.
PAGE 773
AV Line of Fully Managed Switches M4250 Series Main User Manual Create policies Use DiffServ policies to associate a collection of classes that you configure with one or more QoS policy statements. The result of this association is referred to as a policy.
PAGE 774
AV Line of Fully Managed Switches M4250 Series Main User Manual • Color mode awareness: Policing in the DiffServ feature uses either color blind or color aware mode. Color blind mode ignores the coloration (marking) of the incoming packet. Color aware mode takes into consideration the current packet marking when determining the policing outcome. An auxiliary traffic class is used in conjunction with the policing definition to specify a value for one of the 802.1p, secondary 802.
PAGE 775
AV Line of Fully Managed Switches M4250 Series Main User Manual 5. On the Policy Configuration page, create a new policy with the following settings: • Policy Selector: Policy1 • Member Class: Class1 For more information about this page, see Configure a DiffServ policy on page 480. 6. Click the Add button. The policy is added. 7. Click the Policy1 hyperlink to display the Policy Class Configuration page for this policy. 8.
PAGE 776
AV Line of Fully Managed Switches M4250 Series Main User Manual to attempt to access the LAN through equipment already attached. In such environments you might want to restrict access to the services offered by the LAN to those users and devices that are permitted to use those services.
PAGE 777
AV Line of Fully Managed Switches M4250 Series Main User Manual A Port Access Entity (PAE) is able to adopt one of two distinct roles within an access control interaction: 1. Authenticator: A port that enforces authentication before allowing access to services available through that port. 2. Supplicant: A port that attempts to access services offered by the authenticator. Additionally, a third role exists: 3.
PAGE 778
AV Line of Fully Managed Switches M4250 Series Main User Manual The authentication is handled by an external RADIUS server. When the visitor is successfully authenticated, traffic is automatically assigned to the guest VLAN. This example assumes that a VLAN was configured with a VLAN ID of 150 and VLAN name of Guest. 1. On the Port Authentication page, select ports 5, 6, 7, and 8. 2. From the Port Control menu, select Unauthorized.
PAGE 779
AV Line of Fully Managed Switches M4250 Series Main User Manual Multiple Spanning Tree Protocol Spanning Tree Protocol (STP) runs on bridged networks to help eliminate loops. If a bridge loop occurs, the network can become flooded with traffic. IEEE 802.1s Multiple Spanning Tree Protocol (MSTP) supports multiple instances of spanning tree to efficiently channel VLAN traffic over different interfaces. Each instance of the spanning tree behaves in the manner specified in IEEE 802.
PAGE 780
AV Line of Fully Managed Switches M4250 Series Main User Manual MSTP bridge transmits the appropriate BPDU depending on the received type of BPDU from a particular port. An MST region comprises of one or more MSTP bridges with the same MST configuration identifier, using the same MSTIs, and without any bridges attached that cannot receive and transmit MSTP BPDUs. The MST configuration identifier includes the following components: 1. Configuration identifier format selector 2. Configuration name 3.
PAGE 781
AV Line of Fully Managed Switches M4250 Series Main User Manual Figure 2. MSTP sample configuration Perform the following procedures on each switch to configure MSTP: 1. Use the VLAN Configuration page to create VLANs 300 and 500 (see Change the internal VLAN allocation settings on page 194). 2. On the VLAN Membership page, include ports 1 through 8 as tagged (T) or untagged (U) members of VLAN 300 and VLAN 500 (see Change the internal VLAN allocation settings on page 194). 3.
PAGE 782
AV Line of Fully Managed Switches M4250 Series Main User Manual 5. On the CST Port Configuration page, select ports 1 through 8 and select Enable from the STP Status menu (see Configure the CST interface settings on page 231). 6. Click the Apply button. 7. Select ports 1 through 5 (edge ports), and select Enable from the Fast Link menu. Because the edge ports are not at risk for network loops, ports with Fast Link enabled transition directly to the forwarding state. 8. Click the Apply button.
PAGE 783
AV Line of Fully Managed Switches M4250 Series Main User Manual This is known as inter-VLAN routing. On the switch, it is accomplished by creating Layer 3 interfaces (switch virtual interfaces [SVI]). When a port is enabled for bridging (the default) rather than routing, all normal bridge processing is performed for an inbound packet, which is then associated with a VLAN. Its MAC destination address (MAC DA) and VLAN ID are used to search the MAC address table.
PAGE 784
B Software Default Settings and Hardware Specifications This appendix contains the following sections: • • • • • • • • • Access default settings for the switch device UI System features default settings Switching features default settings Routing and multicast features default settings QoS features default settings Security features default settings Monitoring features default settings Model-specific hardware technical specifications General hardware technical specifications Note: For more information abo
PAGE 785
AV Line of Fully Managed Switches M4250 Series Main User Manual Access default settings for the switch device UI The following table describes the default settings for access to the switch device UI. (Nonconfigurable settings are not included in the table but might be included in the data sheet, which you can download by visiting netgear.com/support/download/.) Table 176. Default settings for access to the switch device UI Feature Default IP address for management VLAN 169.254.100.
PAGE 786
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 177. System features default settings Feature Name/Setting Default Time, Global Clock source SNTP SNTP client mode Unicast Port 123 Source interface VLAN 1 Unicast poll interval 6 Broadcast poll interval 6 Unicast poll time-out 5 Unicast poll retry 1 Offset hours 0 Offset minutes 0 Time, SNTP Server Server type DNS (for each default server) Address time-a.netgear.com time-c.netgear.
PAGE 787
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 177.
PAGE 788
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 177.
PAGE 789
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 177.
PAGE 790
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 177.
PAGE 791
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 178.
PAGE 792
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 178.
PAGE 793
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 178. Switching features default settings (Continued) Feature Name/Setting Default STP, Global Spanning tree admin mode Enabled Force protocol version EEE 802.
PAGE 794
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 178.
PAGE 795
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 178.
PAGE 796
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 178.
PAGE 797
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 178.
PAGE 798
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 178.
PAGE 799
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 178. Switching features default settings (Continued) Feature Name/Setting Default SyncRx timeout 3 AnnounceRx timeout 3 MRP, Global MVRP mode Disabled MMRP mode Disabled MSRP mode Disabled MSRP talker pruning Disabled Periodic state machine (MVRP mode) Enabled Periodic state machine (MMRP mode) Enabled MSRP maximum fan-in ports 12 MSRP boundary propagation Disabled 802.
PAGE 800
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 178. Switching features default settings (Continued) Feature Name/Setting Default Admin mode Disabled TLV advertised interval 5 Maximum PDU receive 1 L2 Loop Protection, Interface Keep alive Disabled RX action Disabled Routing and multicast features default settings The following table describes the default settings for the routing and multicast features that you can configure.
PAGE 801
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 179. Routing and multicast features default settings (Continued) Feature Name/Setting Default IP, Interface IP address configuration method None IP address None Subnet mask None Routing mode Disabled Administrative mode Enabled Forward net directed broadcasts Disabled Encapsulation type Ethernet Proxy ARP Enabled Local proxy ARP Disabled Bandwidth 1000000 for a 1 Gbps link that is up.
PAGE 802
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 179.
PAGE 803
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 179.
PAGE 804
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 179.
PAGE 805
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 179.
PAGE 806
AV Line of Fully Managed Switches M4250 Series Main User Manual (Nonconfigurable settings are not included in the table but might be included in the data sheet, which you can download by visiting netgear.com/support/download/.) Table 180. QoS features default settings Feature Name/Setting Default CoS, Global Global trust mode trust IP-DSCP applied to all interfaces CoS, 802.1p Queue Mapping 802.1p priority (802.
PAGE 807
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 180. QoS features default settings (Continued) Feature Name/Setting Default DiffServ, Global No default classes, policies, and services configured DiffServ admin mode Enabled Security features default settings The following table describes the default settings for the security features that you can configure.
PAGE 808
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 181.
PAGE 809
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 181.
PAGE 810
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 181.
PAGE 811
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 181.
PAGE 812
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 181.
PAGE 813
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 181.
PAGE 814
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 181.
PAGE 815
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 181. Security features default settings (Continued) Feature Name/Setting Default Redirect URL /v1/security/captive_portal/cp_welcome.
PAGE 816
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 181. Security features default settings (Continued) Feature Name/Setting Default IP ACLs None configured IPv6 ACLs None configured Monitoring features default settings The following table describes the default settings for the monitoring features that you can configure. (Nonconfigurable settings are not included in the table but might be included in the data sheet, which you can download by visiting netgear.com/support/download/.
PAGE 817
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 182.
PAGE 818
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 182. Monitoring features default settings (Continued) Feature Default Receiver owner 0.0.0.0 Receiver port 6343 sFlow Interface Poller, Receiver index 0 Poller, Poller Interval 0 Sampler, Receiver index 0 Sampler, Sampling rate 0 Sampler, Maximum header size 128 Model-specific hardware technical specifications The tables in the following sections describes the unique main hardware technical specifications for each model.
PAGE 819
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 183. Hardware technical specifications for model M4250-10G2F-PoE+ (Continued) Feature Description PoE power budget 125W Dimensions Width Height Depth Weight 17.32 in (440 mm) 1.70 in (43.2 mm), 1U 7.87 in (200 mm) 6.28 lb (2.850 kg) Model M4250-10G2XF-PoE+ (SKU GSM4212PX) The following table shows the specifications that are specific to model M4250-10G2XF-PoE+. Table 184.
PAGE 820
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 185. Hardware technical specifications for model M4250-10G2XF-PoE++ Feature Description Network interfaces Eight PoE++ (802.3bt) 1GBASE-T RJ-45 ports Two 1GBASE-T RJ-45 ports Two 10G SFP+ fiber uplink ports. AC power input 100–240V ~ 50–60Hz, 10A Power consumption Max PoE No PoE Standby PoE power budget Dimensions 837.7W - 2859.91 BTU/hr 26.3W - 89.79 BTU/hr 18W - 61.45BTU/hr 720W Width Height Depth Weight 17.
PAGE 821
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 186. Hardware technical specifications for model M4250-26G4F-PoE+ (Continued) Feature Dimensions Description Width Height Depth Weight 17.32 in (440 mm) 1.70 in (43.2 mm), 1U 10.12 in (257 mm) 9.47 lb (4.300 kg) M4250-26G4XF-PoE+ (SKU GSM4230PX) The following table shows the specifications that are specific to model M4250-26G4XF-PoE+. Table 187.
PAGE 822
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 188. Hardware technical specifications for model M4250-26G4F-PoE++ Feature Description Network interfaces 24 PoE++ (802.3bt) 1GBASE-T RJ-45 ports Two 1GBASE-T RJ-45 ports Four 1G SFP fiber uplink ports AC power input 100–240V ~ 50–60Hz, 10A for each PSU Power consumption Max PoE No PoE Standby PoE power budget Dimensions 1 PSU: 889W - 3035.05 BTU/hr 2 PSUs: 1734W - 5919.88 BTU/hr 48.8W - 166.6 BTU/hr 36.9W - 125.
PAGE 823
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 189. Hardware technical specifications for model M4250-40G8F-PoE+ (Continued) Feature Dimensions Description Width Height Depth Weight 17.32 in (440 mm) 1.70 in (43.2 mm), 1U 15.75 in (400 mm) 12.90 lb (5.852 kg) M4250-40G8XF-PoE+ (SKU GSM4248PX) The following table shows the specifications that are specific to model M4250-40G8XF-PoE+. Table 190.
PAGE 824
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 191. Hardware technical specifications for model M4250-40G8XF-PoE++ Feature Description Network interfaces 40 PoE++ (802.3bt) 1GBASE-T RJ-45 ports Eight 10G SFP+ fiber uplink ports AC power input 100–240V ~ 50–60Hz, 12A for each PSU Power consumption Max PoE No PoE Standby PoE power budget Dimensions 1 PSU: 912W - 3113.57 BTU/hr 2 PSUs: 1998W - 6821.17 BTU/hr, 3 PSUs: 3523W - 12027.52 BTU/hr 82.6W - 282 BTU/hr 68.5W - 233.
PAGE 825
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 193. Hardware technical specifications for model M4250-16XF Feature Description Network interfaces Sixteen 1G/10G SFP+ fiber ports AC power input 100–240V ~ 50–60Hz, 2.5–1.25A Power consumption Max load Standby 47.84W - 163.33 BTU/hr 19.27W - 65.78 BTU/hr Dimensions Width Height Depth 17.32 in (440 mm) 1.70 in (43.2 mm), 1U 7.87 in (200 mm) Weight 6.17 lb (2.
PAGE 826
AV Line of Fully Managed Switches M4250 Series Main User Manual Table 194. General hardware technical specifications for the M4250 series switch models (Continued) Feature Description Electromagnetic emissions and immunity certifications CE: EN 55032:2012+AC:2013/CISPR 32:2012, EN 61000-3-2:2014, Class A, EN 61000-3-3:2013, EN 55024:2010 VCCI: VCCI-CISPR 32:2016, Class A RCM: AS/NZS CISPR 32:2013 Class A CCC: GB4943.