TigerSwitch 10/100 Stackable Fast Ethernet Switch ◆ ◆ ◆ ◆ ◆ ◆ ◆ ◆ ◆ ◆ ◆ 24 10BASE-T/100BASE-TX RJ-45 ports Auto MDI/MDI-X support on all ports Optional 100BASE-FX or 1000BASE-X modules Optional stack module for linking up to 16 units 8.8 Gbps of aggregate switch bandwidth LACP and FEC port trunking support Port mirroring for non-intrusive analysis Port security Full support for IEEE 802.
TigerSwitch 10/100 Management Guide From SMC’s Tiger line of feature-rich workgroup LAN solutions 6 Hughes Irvine, CA 92618 Phone: (949) 707-2400 July 2001 Pub.
Information furnished by SMC Networks, Inc. (SMC) is believed to be accurate and reliable. However, no responsibility is assumed by SMC for its use, nor for any infringements of patents or other rights of third parties which may result from its use. No license is granted by implication or otherwise under any patent or patent rights of SMC. SMC reserves the right to change specifications at any time without notice. Copyright © 2001 by SMC Networks, Inc. 6 Hughes Irvine, CA 92618 All rights reserved.
LIMITED WARRANTY Limited Warranty Statement: SMC Networks, Inc. (“SMC”) warrants its products to be free from defects in workmanship and materials, under normal use and service, for the applicable warranty term. All SMC products carry a standard 90-day limited warranty from the date of purchase from SMC or its Authorized Reseller. SMC may, at its own discretion, repair or replace any product not operating as warranted with a similar or functionally equivalent product, during the applicable warranty term.
LIMITED WARRANTY MAINTENANCE, USE, PERFORMANCE, FAILURE, OR INTERRUPTION OF ITS PRODUCTS, EVEN IF SMC OR ITS AUTHORIZED RESELLER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES OR THE LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES FOR CONSUMER PRODUCTS, SO THE ABOVE LIMITATIONS AND EXCLUSIONS MAY NOT APPLY TO YOU. THIS WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS, WHICH MAY VARY FROM STATE TO STATE.
Contents Contents 1 Selecting a Management Interface Understanding Management Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Advantages of Using the Menu Interface . . . . . . . . . . . . . . . . . . . . . . . . 1-2 Advantages of Using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3 CLI Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3 Advantages of Using the Web Browser Interface . . . . . . . . . . . .
Contents CLI Control and Editing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-15 4 Using the Web Browser Interface General Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2 Web Browser Interface Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3 Starting a Web Browser Interface Session with the Switch . . . . . . 4-4 Using a Standalone Web Browser in a PC or UNIX Workstation . . . .
Contents Web: Configuring IP Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-9 How IP Addressing Affects Switch Operation . . . . . . . . . . . . . . . . . . . . 5-9 DHCP/Bootp Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-10 Network Preparations for Configuring DHCP/Bootp . . . . . . . . . 5-13 Globally Assigned IP Network Addresses . . . . . . . . . . . . . . . . . . . . . .
Contents How the Switch Lists Trunk Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-27 Outbound Traffic Distribution Across Trunked Links . . . . . . . . . . . . 6-27 7 Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Using Password Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2 Menu: Setting Manager and Operator passwords . . . . . . . . . . . . . . . . .
Contents Web: Configuring IP Authorized Managers . . . . . . . . . . . . . . . . . . . . . 7-34 Building IP Masks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring One Station Per Authorized Manager IP Entry . . . . Configuring Multiple Stations Per Authorized Manager IP Entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Additional Examples for Authorizing Multiple Stations . . . . . . .
Contents Using the Menu Interface To View Stack Status And Configure Stacking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-12 Using the Menu Interface To View and Configure a Commander Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-12 Using the Menu To Manage a Candidate Switch . . . . . . . . . . . . . 9-14 Using the Commander To Manage The Stack . . . . . . . . . . . . . . . . . . .
Contents Effect of VLANs on Other Switch Features . . . . . . . . . . . . . . . . . . . . . Spanning Tree Protocol Operation with VLANs . . . . . . . . . . . . . IP Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . VLAN MAC Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Port Trunks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Port Monitoring . . . . . . . . . . . . . . . . . . . . . .
Contents Menu Access To Status and Counters . . . . . . . . . . . . . . . . . . . . . . . . . 10-3 General System Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-4 Menu Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-4 CLI Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-4 Switch Management Address Information . . . . . . . . . . . . . . . . . . . . . . 10-5 Menu Access . . .
Contents Using the Event Log To Identify Problem Sources . . . . . . . . . . . . . 11-10 Menu: Entering and Navigating in the Event Log . . . . . . . . . . . . . . . 11-11 CLI: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-12 Diagnostic Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-13 Ping and Link Tests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents C Switch Memory and Configuration Overview of Configuration File Management . . . . . . . . . . . . . . . . . . C-1 Using the CLI To Implement Configuration Changes . . . . . . . . . . . C-3 Using the Menu and Web Browser Interfaces To Implement Configuration Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-6 Using the Menu Interface To Implement Configuration Changes . . C-6 Using Save and Cancel in the Menu Interface . . . . . . . . . . . . . . .
1 Selecting a Management Interface Selecting a Management Interface This chapter describes the following: ■ Management interfaces for the SMC6624M switch ■ Advantages of using each interface Understanding Management Interfaces Management interfaces enable you to reconfigure the switch and to monitor switch status and performance.
Selecting a Management Interface Selecting a Management Interface Advantages of Using the Menu Interface Advantages of Using the Menu Interface Figure 1-1.
Selecting a Management Interface Advantages of Using the CLI Selecting a Management Interface Advantages of Using the CLI SMC6624M> Operator Level SMC6624M# Manager Level SMC6624M(config)# Global Configuration Level SMC6624M()# Context Configuration Levels (port, VLAN) Figure 1-2. Example of The Command Prompt ■ Provides access to the complete set of the switch configuration, performance, and diagnostic features.
Selecting a Management Interface Selecting a Management Interface Advantages of Using the Web Browser Interface Advantages of Using the Web Browser Interface Figure 1-3.
2 Using the Menu Interface This chapter describes the following features: ■ Overview of the Menu Interface (page 4-1) ■ Starting and ending a Menu session (page 2-2) ■ The Main Menu (page 2-6) ■ Screen structure and navigation (page 2-8) ■ Rebooting the switch (page 2-11) ■ Perform a “quick configuration” of basic parameters, such as the IP addressing needed to provide management access through your network ■ Configure these features: • Manager and Operator passwords • A network monitoring p
Using the Menu Interface Starting and Ending a Menu Session Menu Interaction with Other Interfaces. ■ A configuration change made through any switch interface overwrites earlier changes made through any other interface. ■ The Menu Interface and the CLI (Command Line Interface) both use the switch console. To enter the menu from the CLI, use the menu command. To enter the CLI from the Menu interface, select Command Line (CLI) option.
Using the Menu Interface Starting and Ending a Menu Session How To Start a Menu Interface Session In its factory default configuration, the switch console starts with the CLI prompt. To use the menu interface with Manager privileges, go to the Manager level prompt and enter the menu command. 1. Use one of these methods to connect to the switch: • A PC terminal emulator or terminal • Telnet (You can also use the stack Commander if the switch is a stack member. See “Stack Management” on page 9-2). 2.
Using the Menu Interface Using the Menu Interface Starting and Ending a Menu Session Figure 2-1. The Main Menu with Manager Privileges For a description of Main Menu features, see “Main Menu Features” on page 2-6. Note To configure the switch to start with the menu interface instead of the CLI, go to the Manager level prompt, enter the setup command, and in the resulting desplay, change the Logon Default parameter to Menu. For more information, see the Installation Guide you received with the switch.
Using the Menu Interface Starting and Ending a Menu Session Asterisk indicates a configuration change that requires a reboot to activate. 1. In the current session, if you have not made configuration changes that require a switch reboot to activate, return to the Main menu and press [0] (zero) to log out. Then just exit from the terminal program, turn off the terminal, or quit the Telnet session. 2.
Using the Menu Interface Main Menu Features Using the Menu Interface Main Menu Features Figure 2-3. The Main Menu View with Manager Privileges The Main Menu gives you access to these Menu interface features: 2-6 ■ Status and Counters: Provides access to display screens showing switch information, port status and counters, port and VLAN address tables, and spanning tree information. (See chapter 10, “Monitoring and Analyzing Switch Operation.
Using the Menu Interface Main Menu Features Command Line (CLI): Selects the Command Line Interface at the same level (Manager or Operator) that you are accessing in the Menu interface. (See chapter 3, “Using the Command Line Interface (CLI).”) ■ Reboot Switch: Performs a “warm” reboot of the switch, which clears most temporary error conditions, resets the network activity counters to zero, and resets the system up time to zero. A reboot is required to activate a change in the VLAN Support parameter.
Using the Menu Interface Screen Structure and Navigation Screen Structure and Navigation Menu interface screens include these three elements: ■ Parameter fields and/or read-only information such as statistics ■ Navigation and configuration actions, such as Save, Edit, and Cancel ■ Help line to describe navigation options, individual parameters, and readonly data Using the Menu Interface For example, in the following System Information screen: Screen title – identifies the location within the menu st
Using the Menu Interface Screen Structure and Navigation Table 4-1. How To Navigate in the Menu Interface Actions: Execute an action from the “Actions –>” list at the bottom of the screen: Use either of the following methods: • Use the arrow keys ( [<] ,or [>] ) to highlight the action you want to execute, then press [Enter]. • Press the key corresponding to the capital letter in the action name. For example, in a configuration menu, press [E] to select Edit and begin editing parameter values.
Using the Menu Interface Screen Structure and Navigation To get Help on individual parameter descriptions. In most screens there is a Help option in the Actions line. Whenever any of the items in the Actions line is highlighted, press [H], and a separate help screen is displayed.
Using the Menu Interface Rebooting the Switch Rebooting the Switch Rebooting the switch from the menu interface ■ Terminates all current sessions and performs a reset of the operating system ■ Activates any configuration changes that require a reboot ■ Resets statistical counters to zero To Reboot the switch, use the Reboot Switch option in the Main Menu.
Using the Menu Interface Rebooting the Switch Rebooting To Activate Configuration Changes. Configuration changes for most parameters become effective as soon as you save them. However, you must reboot the switch in order to implement a change in the Maximum VLANs to support parameter. (To access this parameter, go to the Main menu and select 2. Switch Configuration, then 8. VLAN Menu, then 1. VLAN Support.
Using the Menu Interface Menu Features List Menu Features List Status and Counters General System Information • Switch Management Address Information • Port Status • Port Counters • Address Table • Port Address Table • Spanning Tree Information Using the Menu Interface • Switch Configuration • System Information • Port/Trunk Settings • Network Monitoring Port • Spanning Tree Operation • IP Configuration • SNMP Community Names • IP authorized Managers • VLAN Menu Console Passw
Using the Menu Interface Where To Go From Here Where To Go From Here Using the Menu Interface This chapter provides an overview of the menu interface and how to use it. The following table indicates where to turn for detailed information on how to use the individual features available through the menu interface. Option Where To Turn To use the Run Setup option See the Installation Guide shipped with the switch.
3 Using the Command Line Interface (CLI) The CLI is a text-based command interface for configuring and monitoring the switch. The CLI gives you access to the switch’s full set of commands while providing the same password protection that is used in the web browser interface and the menu interface. Accessing the CLI Also, if you are using the menu interface, you can access the CLI by selecting the Command Line (CLI) option in the Main Menu.
Using the Command Line Interface (CLI) Using the CLI When you use the CLI to make a configuration change, the switch writes the change to the Running-Config file in volatile memory. This allows you to test your configuration changes before making them permanent. to make changes permanent, you must use the write memory command to save them to the Startup Config file in non-volatile memory.
Using the Command Line Interface (CLI) Using the CLI Caution SMC strongly recommends that you configure a Manager password. If a Manager password is not configured, then the Manager level is not passwordprotected, and anyone having in-band or out-of-band access to the switch may be able to reach the Manager level and compromise switch and network security. Note that configuring only an Operator password does not prevent access to the Manager level by intruders who have the Operator password.
Using the Command Line Interface (CLI) Using the CLI Manager Privileges Manager privileges give you three additional levels of access: Manager, Global Configuration, and Context Configuration. (See figure .) A “#” character delimits any Manager prompt. For example: SMC TigerSwitch 10/100#_ ■ (Example of the Manager prompt.) Manager level: Provides all Operator level privileges plus the ability to perform system-level actions that do not require saving changes to the system configuration file.
Using the Command Line Interface (CLI) Using the CLI SMC TigerSwitch 10/100(vlan-10)# Changing Interfaces. If you change from the CLI to the menu interface, or the reverse, you will remain at the same privilege level. For example, entering the menu command from the Operator level of the CLI takes you to the Operator privilege level in the menu interface. Table 3-1.
Using the Command Line Interface (CLI) Using the CLI How To Move Between Levels Change in Levels Example of Prompt , Command, and Result Operator level to Manager level SMC TigerSwitch 10/100> enable Password:_ After you enter enable, the Password prompt appears.
Using the Command Line Interface (CLI) Using the CLI For example, if you use the CLI to set a Manager password, and then later use the Setup screen (in the menu interface) to set a different Manager password, then the first password will be replaced by the second one.
Using the Command Line Interface (CLI) Using the CLI Typing ? at the Manager level produces this listing: Using the Command Line Interface (CLI) When - - MORE - - appears, use the Space bar or [Return] to list additional commands. Figure 3-4. Example of the Manager-Level Command Listing When - - MORE - - appears, there are more commands in the listing. To list the next screenfull of commands, press the Space bar. To list the remaining commands one-by-one, repeatedly press [Enter].
Using the Command Line Interface (CLI) Using the CLI As mentioned above, if you type part of a command word and press [Tab], the CLI completes the current word (if you have typed enough of the word for the CLI to distinguish it from other possibilities), including hyphenated extensions. For example: SMC TigerSwitch 10/100(config)# port[Tab] SMC TigerSwitch 10/100(config)# port-security _ Pressing [Tab] after a completed command word lists the further options for that command.
Using the Command Line Interface (CLI) Using the CLI Thus, if you wanted to create a port trunk group using ports 5 - 8, the above conventions show that you could do so using any of the following forms of the trunk command: SMC TigerSwitch 10/100(config)# trunk trk1 trunk 5-8 SMC TigerSwitch 10/100(config)# trunk trk1 trunk e 5-8 SMC TigerSwitch 10/100(config)# trunk trk1 lacp 5-8 SMC TigerSwitch 10/100(config)# trunk trk1 lacp e 5-8 Using the Command Line Interface (CLI) Listing Command Options.
Using the Command Line Interface (CLI) Using the CLI Figure 3-7. Example of Context-Sensitive Command-List Help Displaying Help for an Individual Command. You can display Help for any command that is available at the current context level by entering enough of the command string to identify the command, along with help. Syntax: help For example, to list the Help for the interface command in the Global Configuration privilege level: Using the Command Line Interface (CLI) Figure 3-8.
Using the Command Line Interface (CLI) Using the CLI Figure 3-9. Example of Help for a Specific Instance of a Command Note that if you try to list the help for an individual command from a privilege level that does not include that command, the switch returns an error message.
Using the Command Line Interface (CLI) Using the CLI SMC TigerSwitch 10/100(eth-5-8)# ? Lists the commands you can use in the port or static trunk SMC TigerSwitch 10/100(eth-5-8)# ? context, plus the Manager, Operator, and context commands you can execute at this level. In the port context, the first block of commands in the "?" listing show the context-specific commands that will affect only ports 5-8. Figure 3-10.
Using the Command Line Interface (CLI) Using the CLI VLAN Context. Includes VLAN-specific commands that apply only to the selected VLAN, plus Manager and Operator commands. The prompt for this mode includes the VLAN ID of the selected VLAN. For example, if you had already configured a VLAN with an ID of 100 in the switch: SMC TigerSwitch 10/ 100(config)# vlan 100 Command executed at configuration level to enter VLAN 100 context.
Using the Command Line Interface (CLI) CLI Control and Editing CLI Control and Editing Function [Ctrl] [A] Jumps to the first character of the command line. [Ctrl] [B] or [<] Moves the cursor back one character. [Ctrl] [C] Terminates a task and displays the command prompt. [Ctrl] [D] Deletes the character at the cursor. [Ctrl] [E] Jumps to the end of the current command line. [Ctrl] [F] or [>] Moves the cursor forward one character.
Using the Command Line Interface (CLI) Using the Command Line Interface (CLI) CLI Control and Editing 3-16
4 Using the Web Browser Interface The web browser interface built into the switch lets you easily access the switch from a browser-based PC on your network. This lets you do the following: ■ Optimize your network uptime by using the Alert Log and other diagnostic tools ■ Make configuration changes to the switch ■ Maintain security by configuring usernames and passwords This chapter covers the following: ■ General features (page 4-2).
Using the Web Browser Interface General Features General Features The SMC6624M switch includes these web browser interface features: Switch Configuration: • Ports • VLANs and Primary VLAN • Port monitoring (mirroring) • System information • Enable/Disable Multicast Filtering (IGMP) and Spanning Tree • IP • Stacking • Support URL Switch Security: • Passwords • Authorized IP Managers • Port security and Intrusion Log Using the Web Browser Interface Switch Diagnostics: • Ping/Link Test
Using the Web Browser Interface Web Browser Interface Requirements Web Browser Interface Requirements You can use equipment meeting the following requirements to access the web browser interface on your intranet. Table 4-1.
Using the Web Browser Interface Starting a Web Browser Interface Session with the Switch Starting a Web Browser Interface Session with the Switch You can start a web browser session in the following ways: ■ Using a standalone web browser on a network connection from a PC or UNIX workstation: • Directly connected to your network • Connected through remote access to your network Using a Standalone Web Browser in a PC or UNIX Workstation This procedure assumes that you have a supported web browser (page
Using the Web Browser Interface Starting a Web Browser Interface Session with the Switch Alert Log First-Time Install Alert Figure 4-1. Example of Status Overview Screen Note 4-5 Using the Web Browser Interface The above screen appears somewhat different if the switch is configured as a stack Commander. For an example, see figure 1-3 on page 1-4.
Using the Web Browser Interface Tasks for Your First Web Browser Interface Session Tasks for Your First Web Browser Interface Session The first time you access the web browser interface, there are three tasks that you should perform: ■ Review the “First Time Install” window ■ Set Manager and Operator passwords Viewing the “First Time Install” Window When you access the switch’s web browser interface for the first time, the Alert log contains a “First Time Install” alert, as shown in figure 4-2.
Using the Web Browser Interface Tasks for Your First Web Browser Interface Session This window is the launching point for the basic configuration you need to perform to set web browser interface passwords to maintain security. To set web browser interface passwords, click on secure access to the device to display the Device Passwords screen, and then go to the next page. (You can also access the password screen by clicking on the Security tab.
Using the Web Browser Interface Tasks for Your First Web Browser Interface Session To set the passwords: 1. 2. Access the Device Passwords screen by one of the following methods: • If the Alert Log includes a “First Time Install” event entry, double click on this event, then, in the resulting display, click on the secure access to the device link. • Select the Security tab. Click in the appropriate box in the Device Passwords window and enter user names and passwords.
Using the Web Browser Interface Tasks for Your First Web Browser Interface Session ■ Entering the operator password gives you read and limited write capabilities. Using the User Names If you also set user names in the web browser interface screen, you must supply the correct user name for web browser interface access. If a user name has not been set, then leave the User Name field in the password window blank.
Using the Web Browser Interface Support/Mgmt URL Feature Support/Mgmt URL Feature The Support/Mgmt URL window enables you to change the World Wide Web Universal Resource Locator (URL) for a support information site for your switch. 1. Click Here Using the Web Browser Interface 2. Click Here 3. Enter URL for the support information source you want the switch to access when you click on the web browser interface Support tab. Figure 4-5. 4.
Using the Web Browser Interface Status Reporting Features Status Reporting Features Browser elements covered in this section include: ■ The Overview window (below) ■ Port utilization and status (page ) ■ The Alert log (page ) ■ The Status bar (page ) The Overview Window The Overview Window is the home screen for any entry into the web browser interface.The following figure identifies the various parts of the screen.
Using the Web Browser Interface Status Reporting Features The Port Utilization and Status Displays The Port Utilization and Status displays show an overview of the status of the switch and the amount of network activity on each port. The following figure shows a sample reading of the Port Utilization and Port Status. Port Utilization Bar Graphs Bandwidth Display Control Port Status Indicators Legend Figure 4-7.
Using the Web Browser Interface Status Reporting Features ■ Maximum Activity Indicator: As the bars in the graph area change height to reflect the level of network activity on the corresponding port, they leave an outline to identify the maximum activity level that has been observed on the port. Utilization Guideline. A network utilization of 40% is considered the maximum that a typical Ethernet-type network can experience before encountering performance difficulties.
Using the Web Browser Interface Status Reporting Features Port Status Port Status Indicators Legend Figure 4-10. The Port Status Indicators and Legend Using the Web Browser Interface The Port Status indicators show a symbol for each port that indicates the general status of the port. There are four possible statuses: 4-14 ■ Port Connected – the port is enabled and is properly connected to an active network device.
Using the Web Browser Interface Status Reporting Features The Alert Log The web browser interface Alert Log, shown in the lower half of the screen, shows a list of network occurrences, or alerts, that were detected by the switch. Typical alerts are Broadcast Storm, indicating an excessive number of broadcasts received on a port, and Problem Cable, indicating a faulty cable. A full list of alerts is shown in the table on page 4-16. Figure 4-11.
Using the Web Browser Interface Status Reporting Features Alert Types The following table lists the types of alerts that can be generated. Table 4-2. Alert Strings and Descriptions Alert String Alert Description First Time Install Important installation information for your switch.
Using the Web Browser Interface Status Reporting Features Note When troubleshooting the sources of alerts, it may be helpful to check the switch’s Port Status and Port Counter windows and the Event Log in the console interface. Viewing Detail Views of Alert Log Entries By double clicking on Alert Entries, the web browser interface displays a Detail View or separate window detailing information about the events. The Detail View contains a description of the problem and a possible solution.
Using the Web Browser Interface Status Reporting Features Using the Web Browser Interface Table 4-3. 4-18 Status Indicator Key Color Blue Switch Status Status Indicator Shape Normal Activity; "First time installation" information available in the Alert log. Green Normal Activity Yellow Warning Red Critical ■ System Name. The name you have configured for the switch by using Identity screen, system name command, or the switch console System Information screen.
5 Configuring IP Addressing, Interface Access, and System Information ■ Chapter 2, “Using the Menu Interface” ■ Chapter 3, “Using the Command Line Interface (CLI)” ■ Chapter 4, Using the Web Browser Interface” Why Configure IP Addressing? In its factory default configuration, the switch operates as a multiport learning bridge with network connectivity provided by the ports on the switch. However, to enable specific management access and control through your network, you will need IP addressing.
Configuring IP Addressing, Interface Access, and System Information IP Configuration IP Configuration Configuring IP Addressing, Interface Access, and IP Configuration Features Feature Default Menu CLI Web IP Address and Subnet Mask DHCP/Bootp page 5-4 page 5-6 page 5-9 Default Gateway Address none page 5-4 page 5-6 page 5-9 Packet Time-To-Live (TTL) 64 seconds page 5-4 page 5-6 n/a Time Server (Timep) DHCP page 5-4 page 5-6 n/a IP Address and Subnet Mask.
Configuring IP Addressing, Interface Access, and System Information IP Configuration Timep Operation. Use this optional parameter if you want the switch to get its time information from another device operating as a Timep server. In its default Timep configuration, the switch attempts to get a Timep server address from a DHCP server. Other configuration options are to manually assign a Timep server address or to disable the Timep server feature.
Configuring IP Addressing, Interface Access, and Configuring IP Addressing, Interface Access, and System Information IP Configuration ■ The IP addressing used in the switch should be compatible with your network. That is, the IP address must be unique and the subnet mask must be appropriate for the IP network. ■ If you plan to connect to other networks that use globally administered IP addresses, refer to “Globally Assigned IP Network Addresses” on page 5-14.
Configuring IP Addressing, Interface Access, and System Information IP Configuration To Configure IP Addressing. 1. From the Main Menu, Select. 2. Switch Configuration ... 5. IP Configuration If multiple VLANs are configured, a screen showing all VLANs appears instead of the following screen. The default setting for TimeP Config is DHCP. Setting it to Manual, then pressing [v] or [Tab] causes the Server Address parameter to appear.
Configuring IP Addressing, Interface Access, and Configuring IP Addressing, Interface Access, and System Information IP Configuration 6. If you selected Manual , press [Tab] or [v], and additional fields will be displayed for entering the IP address for the Timep server. 7. Select the TimeP Poll Interval field if you want to change the value for how often the switch polls the Timep server for time information. 8. Do one of the following: 9.
Configuring IP Addressing, Interface Access, and System Information IP Configuration Viewing the Current IP Configuration. The following command displays the IP addressing for each VLAN configured in the switch. If only the DEFAULT_VLAN exists, then its IP configuration applies to all ports in the switch. Where multiple VLANs are configured, the IP addressing is listed per VLAN. The display includes switch-wide packet time-to-live, and (if configured) the switch’s default gateway and Timep configuration.
Configuring IP Addressing, Interface Access, and System Information IP Configuration Configuring IP Addressing, Interface Access, and Configure an IP Address and Subnet Mask. The following command includes both the IP address and the subnet mask. You must either include the ID of the VLAN for which you are configuring IP addressing or go to the context configuration level for that VLAN. (If you are not using VLANs on the switch—that is, if the only VLAN is the default VLAN—then the VLAN ID is always “1”.
Configuring IP Addressing, Interface Access, and System Information IP Configuration In the CLI, you can execute this command only from the global configuration level. The TTL range is 2 - 255 seconds. Configure the Optional Timep Server. Syntax: [no] ip timep > [interval <1-9999>] SMC TigerSwitch 10/100(config)# ip timep manual 10.28.227.1 interval 60 SMC TigerSwitch 10/100(config)# ip timep manual 10.28.227.
Configuring IP Addressing, Interface Access, and System Information IP Configuration Configuring IP Addressing, Interface Access, and Table 5-1. Features Available With and Without IP Addressing on the Switch Features Available Without an IP Address Additional Proactive Networking Features Available with an IP Address and Subnet Mask • Direct-connect access to the CLI and the menu interface.
Configuring IP Addressing, Interface Access, and System Information IP Configuration DHCP/Bootp requests are automatically broadcast on the local network. (The switch sends one type of request to which either a DHCP or Bootp server can respond.) 2. When a DHCP or Bootp server receives the request, it replies with a previously configured IP address and subnet mask for the switch. The switch also receives an IP Gateway address if the server has been configured to provide one.
Configuring IP Addressing, Interface Access, and System Information IP Configuration Configuring IP Addressing, Interface Access, and Bootp Operation. When a Bootp server receives a request it searches its Bootp database for a record entry that matches the MAC address in the Bootp request from the switch. If a match is found, the configuration data in the associated database record is returned to the switch. For many Unix systems, the Bootp database is contained in the /etc/bootptab file.
Configuring IP Addressing, Interface Access, and System Information IP Configuration is the IP address of the default gateway. lg TFTP server address (source of final configuration file) T144 is the vendor-specific “tag” identifying the configuration file to download. vm is a required entry that specifies the Bootp report format. For the SMC6624M, set this parameter to rfc1048.
Configuring IP Addressing, Interface Access, and System Information IP Configuration Globally Assigned IP Network Addresses Configuring IP Addressing, Interface Access, and If you intend to connect your network to other networks that use globally administered IP addresses, SMC strongly recommends that you use IP addresses that have a network address assigned to you. There is a formal process for assigning unique IP addresses to networks worldwide.
Configuring IP Addressing, Interface Access, and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet Interface Access: Console/Serial Link, Web, and Inbound Telnet Feature Default Menu CLI Inactivity Time 0 Minutes (disabled) page 5-16 page 5-18 — Inbound Telnet Access Enabled page 5-16 page 5-17 — Web Browser Interface Access Enabled page 5-16 page 5-18 — Terminal type VT-100 — page 5-18 — Event Log event types to list (Displayed Events) All — page
Configuring IP Addressing, Interface Access, and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet Menu: Modifying the Interface Access Configuring IP Addressing, Interface Access, and The menu interface enables you to modify these parameters: ■ Inactivity Timeout ■ Inbound Telnet Enabled ■ Web Agent Enabled To Access the Interface Access Parameters: 1. From the Main Menu, Select... 2. Switch Configuration... 1.
Configuring IP Addressing, Interface Access, and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet CLI: Modifying the Interface Access Interface Access Commands Used in This Section below [no] telnet-server below [no] web-management page 5-18 console page 5-18 Configuring IP Addressing, Interface Access, and show console Listing the Current Console/Serial Link Configuration. This command lists the current interface access parameter settings.
Configuring IP Addressing, Interface Access, and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet Reconfigure Web Browser Access. In the default configuration, web browser access is enabled. Syntax:[no] web-management To disable web browser access: Configuring IP Addressing, Interface Access, and SMC TigerSwitch 10/100(config)# no web-management To re-enable web browser access: SMC TigerSwitch 10/100(config)# web-management Reconfigure the Console/Serial Link Settings.
Configuring IP Addressing, Interface Access, and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet Figure 5-6. Example of Executing the Console Command with Multiple Parameters You can also execute a series of console commands and then save the configuration and boot the switch. For example: Configure the individual parameters. Save the changes. Boot the switch. Figure 5-7.
Configuring IP Addressing, Interface Access, and System Information System Information System Information Configuring IP Addressing, Interface Access, and System Information Features Feature Default Menu CLI Web System Name switch product name page 5-21 page 5-22 page 5-24 System Contact n/a page 5-21 page 5-22 page 5-24 System Location n/a page 5-21 page 5-22 page 5-24 MAC Age Interval 300 seconds page 5-21 page 5-23 — Time Zone 0 page 5-21 page 5-23 — Daylight Time Rule No
Configuring IP Addressing, Interface Access, and System Information System Information Daylight Time Rule: Specifies the daylight savings time rule to apply for your location. The default is None. (For more on this topic, see appendix D, “Daylight Savings Time on the SMC6624M.”) Time: Used in the CLI to specify the time of day, the date, and other system parameters. To access the system information parameters: 1. From the Main Menu, Select... 3. Switch Configuration... 1.
Configuring IP Addressing, Interface Access, and System Information System Information CLI: Viewing and Configuring System Information Configuring IP Addressing, Interface Access, and System Information Commands Used in This Section show system-information below hostname below snmp-server [contact] [location] below mac-age-time page 5-23 time timezone page 5-23 time daylight-time-rule page 5-23 time (date and time) page 5-24 Listing the Current System Information.
Configuring IP Addressing, Interface Access, and System Information System Information Figure 5-10. System Information Listing After Executing the Preceding Commands Reconfigure the Age Interval for Learned MAC Addresses. This command corresponds to the MAC Age Interval in the menu interface, and is expressed in seconds. Syntax: mac-age-time <10 . .
Configuring IP Addressing, Interface Access, and System Information System Information Configure the Time and Date. The switch uses the time command to configure both the time of day and the date. Also, executing time without parameters lists the switch’s time of day and date. Note that the CLI uses a 24-hour clock scheme; that is, hour (hh) values from 1 p.m. to midnight are input as 13 - 24, respectively.
6 Optimizing Port Usage Through Traffic Control and Port Trunking Overview ■ Configuring ports, including mode (speed and duplex), flow control, and broadcast control parameters (page 6-1) ■ Creating and modifying a dynamic LACP or static port trunk group (page 6-9) Port numbers in the status and configuration screens correspond to the port numbers on the front of the switch.
Optimizing Port Usage Through Traffic Control and Port Trunking Viewing Port Status and Configuring Port Parameters Table 6-1. Status or Parameter Status and Parameters for Each Port Type Description Optimizing Port Usage Through Traffic Control and Intrusion Alert Yes: The switch has detected an attempt by an unauthorized device to communicate through the (read-only) indicated port. No: Either no unauthorized devices have been detected on the port, or any detected violations have been cleared.
Optimizing Port Usage Through Traffic Control and Port Trunking Viewing Port Status and Configuring Port Parameters Status or Parameter Description Gigabit fiber-optic ports (1000Base-SX and 1000Base-LX): • 1000FDx (default): 1000 Mbps (1 Gbps), Full Duplex only • Auto: The port operates at 1000FDx and auto-negotiates flow control with the device connected to the port. Flow Control • Disabled (default): The port will not generate flow control packets and drops received flow control packets.
Optimizing Port Usage Through Traffic Control and Port Trunking Viewing Port Status and Configuring Port Parameters Menu: Viewing Port Status and Configuring Port Parameters From the menu interface, you can configure and view all port parameter settings and view all port status indicators. Using the Menu To View Port Status. The menu interface displays the status for ports and (if configured) a trunk group. From the Main Menu, select: Optimizing Port Usage Through Traffic Control and 1.
Optimizing Port Usage Through Traffic Control and Port Trunking Viewing Port Status and Configuring Port Parameters 2. Press [E] (for Edit). The cursor moves to the Enabled field for the first port. 3. Refer to the online help provided with this screen for further information on configuration options for these features. 4. When you have finished making changes to the above parameters, press [Enter], then press [S] (for Save).
Optimizing Port Usage Through Traffic Control and Port Trunking Viewing Port Status and Configuring Port Parameters Syntax: show interfaces show interface config Optimizing Port Usage Through Traffic Control and The next two figures list examples of the output of the above two commands for the same port configuration on the SMC6624M. Figure 6-1. Example of a Show Interface Command Listing Figure 6-2.
Optimizing Port Usage Through Traffic Control and Port Trunking Viewing Port Status and Configuring Port Parameters Using the CLI To Configure Ports. You can configure one or more of the following port parameters. For details on each option, see Table 6-1 on page 6-2.
Optimizing Port Usage Through Traffic Control and Port Trunking Viewing Port Status and Configuring Port Parameters Web: Viewing Port Status and Configuring Port Parameters In the web browser interface: 1. Click on the Configuration tab. 2. Click on [Port Configuration]. 3. Select the ports you want to modify and click on [Modify Selected Ports]. 4. After you make the desired changes, click on [Apply Settings].
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking Port Trunking Port Status and ConfigurationFeatures Feature Default Menu CLI Web viewing port trunks n/a page 6-15 page 6-17 page 6-22 configuring a static trunk group none page 6-15 page 6-20 — configuring a dynamic LACP trunk group LACP passive — page 6-21 — The multiple physical links in a trunk behave as one logical link Switch 1: Ports 1 - 4 configured as a port trunk group.
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking Port Connections and Configuration: All port trunk links must be pointto-point connections between the SMC6624M and another switch, router, server, or workstation configured for port trunking. No intervening, nontrunking devices are allowed. It is important to note that ports on both ends of a port trunk group must have the same mode (speed and duplex) and flow control settings.
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking Fault Tolerance: If a link in a port trunk fails, the switch redistributes traffic originally destined for that link to the remaining links in the trunk. The trunk remains operable as long as there is at least one link in operation. If a link is restored, that link is automatically included in the traffic distribution again.
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking Optimizing Port Usage Through Traffic Control and Table 6-4. Trunk Configuration Protocols Protocol Trunking Options LACP (802.3ad) Provides dynamic and static LACP trunking options. • Dynamic LACP — Use the switch-negotiated dynamic LACP trunk when: – The port on the other end of the trunk link is configured for Active or Passive LACP.
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking Table 6-5. General Operating Rules for Port Trunks Media: All ports on both ends of a trunk group must have the same media type and mode (speed and duplex). The switch blocks any trunked links that do not conform to this rule. (For the SMC6624M, SMC recommends leaving the port Mode setting at Auto or, in networks using Cat 3 cabling, Auto-10.
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking Optimizing Port Usage Through Traffic Control and Spanning Tree Protocol (STP): STP operates as a global setting on the switch (one instance of STP per switch). However, you can adjust STP parameters on a per-port basis. A static trunk of any type appears in the STP configuration display, and you can configure STP parameters for a static trunk in the same way that you would configure STP parameters on a non-trunked port.
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking Menu: Viewing and Configuring a Static Trunk Group Important Configure port trunking before you connect the trunked links to another switch, routing switch, or server. Otherwise, a broadcast storm could occur. (If you need to connect the ports before configuring them for trunking, you can temporarily disable the ports until the trunk is configured. See “Using the CLI To Configure Ports” on page 6-7.
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking switch automatically adjusts Broadcast Limit settings to be the same for all ports in a trunk.) To verify these settings, see “Viewing Port Status and Configuring Port Parameters” on page 6-1. • You can configure the trunk group with one, two, three, or four ports per trunk. If multiple VLANs are configured, all ports within a trunk will be assigned to the same VLAN or set of VLANs. (With the 802.
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking 8. Connect the trunked ports on the switch to the corresponding ports on the opposite device. If you previously disabled any of the trunked ports on the switch, enable them now. (See “Viewing Port Status and Configuring Port Parameters” on page 6-1.) Check the Event Log (page 11-10) to verify that the trunked ports are operating properly.
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking Optimizing Port Usage Through Traffic Control and The show trunk command in this example does not include a port list. As a result, the listing shows static trunk group information for all switch ports. Figure 6-7. Example of a Show Trunk Listing Without Specifying Ports Listing Static LACP and Dynamic LACP Trunk Data. This command lists data for only the LACP-configured ports.
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking “Up” Links Standby Link Using the CLI To Configure a Static or Dynamic Trunk Group Important Configure port trunking before you connect the trunked links between switches. Otherwise, a broadcast storm could occur. (If you need to connect the ports before configuring them for trunking, you can temporarily disable the ports until the trunk is configured. See “Using the CLI To Configure Ports” on page 6-7.
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking You can configure trunk group types as follows: Trunk Type Trunk Group Membership Trk1 (Static) Note Dyn1 (Dynamic) LACP Yes Yes Trunk Yes No FEC Yes No The following examples show how to create different types of trunk groups. However, the SMC6624M allows only one trunk group at any time. Optimizing Port Usage Through Traffic Control and Configuring a Static Trunk, Static FEC, or Static LACP Trunk Group.
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking Enabling a Dynamic LACP Trunk Group. In the default port configuration, all ports on the switch are set to LACP passive. However, to enable the switch to automatically form a trunk group that is dynamic on both ends of the link, the ports on one end of a set of links must be LACP active. The ports on the other end can be either LACP active or LACP passive.
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking Removing Ports from a Dynamic LACP Trunk Group. To remove a port from dynamic LACP trunk operation, you must turn off LACP on the port. (On a port in an operating, dynamic LACP trunk, you cannot change between LACP dynamic and LACP passive without first removing LACP operation from the port.) Caution Unless STP is running on your network, removing a port from a trunk can result in a loop.
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking Trunk Group Operation Using LACP The switch can automatically configure a dynamic LACP trunk group or you can manually configure a static LACP trunk group. The methods for displaying Note LACP requires full-duplex (FDx) links of the same media type (10/100Base-T, 100FX, etc.) and speed, and enforces speed and duplex conformance across a trunk group.
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking LACP Port Trunk Operation Configuration The trunk operates if the trunk group on the opposite device is running one of the following trunking protocols: • Active LACP • Passive LACP • Trunk • FEC This option uses Trk1 for the port Group parameter and LACP for the port Type parameter. Displaying Static LACP Trunk Data: To list the configuration and status for a static LACP trunk, use the CLI show lacp command.
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking Meaning Port Status Up: The port has an active LACP link and is not blocked or in Standby mode. Down: The port is enabled, but an LACP link is not established. This can indicate, for example, a port that is not connected to the network or a speed mismatch between a pair of linked ports. Disabled: The port cannot carry traffic. Blocked: LACP, STP, or FEC has blocked the port. (The port is not in LACP Standby mode.
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking Half-Duplex and/or Different Port Speeds Not Allowed in LACP Trunks. The ports on both sides of a trunk must be configured for the same speed and for full-duplex (FDx). In most cases, SMC recommends the Auto setting. The 802.3ad LACP standard specifies a full-duplex (FDx) requirement for LACP trunking.
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking ■ Depending on the capabilities of the device on the other end of the trunk, negotiate the forwarding mechanism on the trunk to the non-protocol option. ■ When auto-negotiated to the SA/DA forwarding mechanism, provide higher performance on the trunk for broadcast, multicast, and flooded traffic through distribution in the same manner as non-protocol trunking. ■ Support FEC automatic trunk configuration mode on other devices.
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking Optimizing Port Usage Through Traffic Control and and sends traffic from the same source address to a different destination address through a different link, depending on the rotation of path assignments among the links in the trunk. Likewise, the switch distributes traffic for the same destination address but from different source addresses through different links.
7 Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Manager and Operator passwords (page 7-2): Control access and privileges for the command line and menu interfaces (through either the console port or Telnet) and the web browser interface through the network. The features described in this chapter enhance security controls against unauthorized access through the network.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Using Password Security Using Password Security Password Features Feature Default Menu CLI Web Set a Password no passwords set page 7-3 page 7-5 page 7-6 Set User Names no user names set — — page 7-6 Delete Password Protection n/a page 7-5 page 7-6 page 7-4 Using Passwords, Port Security, and Authorized IP Console access includes both the menu interface and the CLI.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Using Password Security If you set a Manager password, you may also want to configure the Inactivity Time parameter (see page 5-15). This causes the console session to end after the specified period of inactivity, thus giving you added security against unauthorized console access. Note The manager and operator passwords control access to the menu interface, the CLI, and the web browser interface.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Using Password Security Figure 7-1. Using Passwords, Port Security, and Authorized IP 2. The Set Password Screen To set a new password: a. Select Set Manager Password or Set Operator Password. You will then be prompted with Enter new password. b. Type a password of up to 16 ASCII characters with no spaces and press [Enter]. (Remember that passwords are case-sensitive.) c.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Using Password Security To Recover from a Lost Manager Password: If you cannot start a console session at the manager level because of a lost Manager password, you can clear the password by getting physical access to the switch and pressing and holding the Clear button for a minimum of one second.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Using Password Security Web: Configuring User Names and Passwords In the web browser interface you can enter both user names and passwords. Because user names do not apply in the menu interface and the CLI, they affect only your access to the switch through the web browser interface. To Configure (or Remove) User Names and Passwords in the Web Browser Interface. 1. Click on the Security tab.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security Configuring and Monitoring Port Security Feature Default Menu CLI Web Displaying Current Port Security n/a — page 7-14 page 7-20 Configuring Port Security disabled — page 7-15 page 7-20 Intrusion Alerts and Alert Flags n/a page 7-25 page 7-23 page 7-26 Using Port Security, you can configure each switch port with a unique list of the MAC addresses of d
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security ■ Intrusion Log entries in either the menu interface, CLI, or web browser interface For any port, you can configure the following: ■ Authorized (MAC) Addresses: Specify up to eight devices (MAC addresses) that are allowed to send inbound traffic through the port.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security Physical Topology Logical Topology for Access to Switch A Switch A Switch A Port Security Configured Port Security Configured PC 1 MAC Address Authorized by Switch A Switch B MAC Address Authorized by Switch A PC 1 MAC Address Authorized by Switch A PC 2 Switch B MAC Address NOT Authorized by Switch A MAC Address Authorized by Switch A PC 3 MAC Address NOT
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security Using Passwords, Port Security, and Authorized IP 2. 7-10 b. Which devices (MAC addresses) are authorized on each port (up to 8 per port)? c. For each port, what security actions do you want? (The switch automatically blocks intruders detected on that port from transmitting to the network.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security CLI: Port Security Command Options and Operation Port Security Commands Used in This Section show port-security page 7-14: “CLI: Displaying Current Port Security Settings” port-security page 7-15: “CLI: Configuring Port Security” <[ethernet] port-list> page 7-15: “CLI: Configuring Port Security” [learn-mode continuous] page 7-16: “Adding an Authorized Device to a
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security Table 7-1. Port Security Parameters Parameter Description Port List <[ethernet] port-list> Learn Mode learn-mode Identifies the port or ports on which to apply a port security command. Specifies how the port acquires authorized addresses. Continuous (the Default): Appears in the factory-default setting or when you execute no port-security.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security Parameter Description Device Limit address-limit When Learn Mode is set to Static, specifies how many authorized devices (MAC addresses) to allow. Range: 1 (the default) to 8.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security CLI: Displaying Current Port Security Settings The CLI uses the same command to provide two types of port security listings: ■ All ports on the switch with their Learn Mode and (alarm) Action ■ Only the specified ports with their Learn Mode, Address Limit, (alarm) Action, and Authorized Addresses Using the CLI To Display Port Security Settings.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security Figure 7-5. Example of the Port Security Configuration Display for a Single Port The following command example shows the option for entering a range of ports, including a series of non-contiguous ports.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security Specifying Authorized Devices and Intrusion Responses. This example configures port 1 to automatically accept the first device (MAC address) it detects as the only authorized device for that port. (The default device limit is 1.) It also configures the port to send an alarm to a network management station and disable itself if an intruder is detected on the port.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security Although the Address Limit is set to 2, only one device has been authorized for this port. In this case you can add another without having to also increase the Address Limit. The Address Limit has not been reached. With the above configuration for port 1, the following command adds the 0c0090-456456 MAC address as the second authorized address.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security simultaneously increase the limit and add the MAC address with a single command.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security Note You can reduce the address limit below the number of currently authorized addresses on a port. This enables you to subsequently remove a device from the “Authorized” list without opening the possibility for an unwanted device to automatically become authorized.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security Web: Displaying and Configuring Port Security Features 1. Click on the Security tab. 2. Click on [Port Security]. 3. Select the settings you want and, if you are using the Static Learn Mode, add or edit the Authorized Addresses field. 4. Implement your new data by clicking on [Apply Changes].
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security How the Intrusion Log Operates When the switch detects an intrusion attempt on a port, it enters a record of this event in the Intrusion Log. No further intrusion attempts on that port will appear in the Log until you acknowledge the earlier intrusion event by resetting the alert flag.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security Menu: Checking for Intrusions, Listing Intrusion Alerts, and Resetting Alert Flags The menu interface indicates per-port intrusions in the Port Status screen, and provides details and the reset function in the Intrusion Log screen. 1. From the Main Menu select: Using Passwords, Port Security, and Authorized IP 1. Status and Counters 3.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security The above example shows two intrusions for port 3 and one intrusion for port 1. In this case, only the most recent intrusion at port 3 has not been acknowledged (reset).
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security Syntax: show interface show intrusion-log clear intrusion-log port-security clear-intrusion-flag List Intrusion Alert status. List Intrusion Log content. Clear Intrusion flags on all ports. Clear Intrusion flag on a specific port.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security full and new intrusions are subsequently added.) The “prior to” text in the record for the third intrusion means that a switch reset occurred at the indicated time and that the intrusion occurred prior to the reset.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security Log Command with “security” for Search String Log Listing with Security Violation Detected Log Listing with No Security Violation Detected Figure 7-12. Example of Log Listing With and Without Detected Security Violation From the Menu Interface: In the Main Menu, click on 4. Event Log and use Next page and Prev page to review the Event Log contents.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security ■ Enter your PC or workstation MAC address in the port’s Authorized Addresses list. ■ Enter your PC or workstation’s IP address in the switch’s IP Authorized Managers list. See “Using IP Authorized Managers” on page 7-28.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Using IP Authorized Managers Using IP Authorized Managers Authorized IP Manager Features Feature Default Menu CLI Web Listing (Showing) Authorized Managers n/a page 7-31 page 7-32 page 7-34 Configuring Authorized IP Managers None page 7-31 page 7-32 page 7-34 Building IP Masks n/a page 7-34 page 7-34 page 7-34 Operating and Troubleshooting Notes n/a page 7-37 page 7-37 page 7-37 Using
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Using IP Authorized Managers Access Levels For each authorized manager address, you can configure either of these access levels: ■ Manager: Enables full access to all web browser and console interface screens for viewing, configuration, and all other operations available in these interfaces. ■ Operator: Allows view-only access from the web browser and console interfaces.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Using IP Authorized Managers Overview of IP Mask Operation The default IP Mask is 255.255.255.255 and allows switch access only to a station having an IP address that is identical to the Authorized Manager IP parameter value.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Using IP Authorized Managers Menu: Viewing and Configuring IP Authorized Managers From the console Main Menu, select: 2. Switch Configuration . . . 7. IP Authorized Managers 1. Select Add to add an authorized manager to the list. Using Passwords, Port Security, and Authorized IP Figure 7-13. Example of How To Add an Authorized Manager Entry 2. Enter an Authorized Manager IP address here. 3.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Using IP Authorized Managers Editing or Deleting an Authorized Manager Entry. Go to the IP Managers List screen (figure 7-13), highlight the desired entry, and press [E] (for Edit) or [D] (for Delete).
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Using IP Authorized Managers Configuring IP Authorized Managers for the Switch Syntax: ip authorized-managers [mask ] To Authorize Manager Access. This command authorizes manager-level access for any station having an IP address of 10.28.227.0 through 10.28.227.255: SMC TigerSwitch 10/100(config)# ip authorized-managers 10.28.227.101 mask 255.255.255.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Using IP Authorized Managers The following command replaces the existing mask and access level for IP address 10.28.227.101 with 255.0.0.0 and manager (the defaults) because the command does not specify either of these parameters . SMC TigerSwitch 10/100(config)# ip authorized-managers 10.28.227.101 To Delete an Authorized Manager Entry.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Using IP Authorized Managers Table 7-2. Analysis of IP Mask for Single-Station Entries 1st Octet 2nd Octet 3rd Octet 4th Octet Manager-Level or Operator-Level Device Access IP Mask 255 255 255 255 Authorized Manager IP 10 28 227 125 The “255” in each octet of the mask specifies that only the exact value in that octet of the corresponding IP address is allowed.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Using IP Authorized Managers Using Passwords, Port Security, and Authorized IP Table 7-3.
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Using IP Authorized Managers Additional Examples for Authorizing Multiple Stations Entries for Authorized Results Manager List IP Mask 255 255 0 Authorized Manager IP 10 IP Mask 255 238 255 250 Authorized Manager IP 10 33 255 248 1 This combination specifies an authorized IP address of 10.33.xxx.1.
Using Passwords, Port Security, and Authorized IP Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Using IP Authorized Managers 7-38
8 Configuring for Network Management Applications You can manage the switch via SNMP from a network management station. For this purpose, SMC recommends EliteView — an easy-to-install and use network management application that runs on your Windows NT- or Windows 2000-based PC. EliteView uses the RMON statistical sampling software that is included in the switch to provide powerful, but easy-to-use traffic monitoring and network activity analysis tools.
Configuring for Network Management Applications SNMP Management Features SNMP Management Features SNMP management features on the switch include: ■ SNMP version 2c over IP ■ Security via configuration of SNMP communities ■ Event reporting via SNMP • Version 1 traps • RMON: groups 1, 2, 3, and 9 ■ Managing the switch with an SNMP network management tool such as EliteView ■ Supported Standard MIBs include: • Bridge MIB (RFC 1493) dot1dBase, dot1dTp, dot1dStp • Ethernet MAU MIB (RFC 1515) dot3I
Configuring for Network Management Applications Configuring for SNMP Access to the Switch The switch SNMP agent also uses certain variables that are included in an SMC proprietary MIB file you can add to the SNMP database in your network management tool. Configuring for SNMP Access to the Switch SNMP access requires an IP address and subnet mask configured on the switch. (See “IP Configuration” on page 5-2.
Configuring for Network Management Applications Configuring for SNMP Access to the Switch Monitoring and Managing the Switch Caution 8-4 Deleting the community named “public” disables many network management functions (such as auto-discovery, traffic monitoring, SNMP trap generation, and threshold setting). If security for network management is a concern, it is recommended that you change the write access for the “public” community to “Restricted”.
Configuring for Network Management Applications SNMP Communities SNMP Communities SNMP Community Features Feature Default Menu CLI Web show community name n/a page 8-5 page 8-7 — configure identity information none — page 8-8 page 8-5 " " page 8-8 " " " " configure community names public MIB view for a community name manager (operator, manager) write access for default community name unrestricted " — Use SNMP communities to restrict access to the switch by SNMP management stations by add
Configuring for Network Management Applications SNMP Communities Note: This screen gives an overview of the SNMP communities that are currently configured. All fields in this screen are readonly. Add and Edit options are used to modify the SNMP options. See figure 8-2. Figure 8-1. The SNMP Communities Screen (Default Values) 2. Press [A] (for Add) to display the following screen: Monitoring and Managing the Switch If you are adding a community, the fields in this screen are blank.
Configuring for Network Management Applications SNMP Communities CLI: Viewing and Configuring Community Names Community Name Commands Used in This Section show snmp-server [] below snmp-server page 8-8 [contact ] page 8-8 [location ] page 8-8 [community ] page 8-8 [host ] [] page 8-11 [enable traps page 8-11 Listing Current Community Names and Values
Configuring for Network Management Applications SNMP Communities SMC TigerSwitch 10/100# show snmp-server public Configuring Identity Information This command enables you to enter contact-person and location data to help identify the switch. Syntax: snmp-server [contact ] [location ] Both fields allow up to 48 characters, without spaces. For example, to configure the switch with “Site-LAN-Ext.
Configuring for Network Management Applications Trap Receivers and Authentication Traps Trap Receivers and Authentication Traps Trap Features Feature Default Menu CLI Web snmp-server host (trap receiver) public — page 8-11 — snmp-server enable (authentication trap) none — page 8-11 — A trap receiver is a management station designated by the switch to receive SNMP traps sent from the switch.
Configuring for Network Management Applications Trap Receivers and Authentication Traps CLI: Configuring and Displaying Trap Receivers Trap Receiver Commands Used in This Section show snmp-server below snmp-server host [none | all | non-info| critical | debug] page 8-11 snmp-server enable traps authentication page 8-11 Using the CLI To List Current SNMP Trap Receivers This command lists the currently configured trap receivers and the setting for authentication traps (along
Configuring for Network Management Applications Trap Receivers and Authentication Traps Configuring Trap Receivers This command specifies trap receivers by community membership, management station IP address, and the type of Event Log messages to send to the trap receiver. Note If you specify a community name that does not exist—that is, has not yet been configured on the switch—the switch still accepts the trap receiver assignment.
Configuring for Network Management Applications Advanced Management: RMON Support Advanced Management: RMON Support The switch supports RMON (Remote Monitoring) on all connected network segments. This allows for troubleshooting and optimizing your network.
9 Configuring Advanced Features ■ Stack Management (Page 9-2): Use your network to stack switches without the need for any specialized cabling. ■ Port-Based VLANs — Page 9-48: ■ GVRP — Page 9-74: ■ Multimedia Traffic Control with IP Multicast (IGMP) — Page 9-88: Use the switch to reduce unnecessary bandwidth usage on a per-port basis by configuring IGMP controls.
Configuring Advanced Features Stack Management Stack Management Stacking Features Configuring Advanced Features Feature Default Menu CLI Web view status of a single switch n/a page 9-26 thru page 9-28 page 9-31 page 9-46 view candidate status n/a page 9-31 view status of commander and its stack n/a page 9-32 view status of all stacking-enabled switches in the ip subnet n/a page 9-32 view stack status configure stacking enable/disable candidate Auto-Join enabled/Yes page 9-15 page 9
Configuring Advanced Features Stack Management Simplify management of small workgroups or wiring closets while scaling your network to handle increased bandwidth demand. ■ Eliminate any specialized cables for stacking connectivity and remove the distance barriers that typically limit your topology options when using other stacking technologies. ■ Add SMC6624M switches to your network without having to first perform IP addressing tasks.
Configuring Advanced Features Stack Management Components of Stack Management Configuring Advanced Features Table 9-1. Stacking Definitions Stack Consists of a Commander switch and any Member switches belonging to that Commander’s stack. Commander A switch that has been manually configured as the controlling device for a stack. When this occurs, the switch’s stacking configuration appears as Commander.
Configuring Advanced Features Stack Management Use the Commander’s console or web browser interface to access the user interface on any Member switch in the same stack. Wiring Closet "A" Network Backbone Member Switch 1 Candidate Switch IP Address: None Assigned IP Address: None Assigned Manager Password: leader Manager Password: francois Configuring Advanced Features Wiring Closet "B" Commander Switch 0 Non-Member Switch Member Switch 2 IP Address: 14.28.227.100 IP Address: 14.28.227.
Configuring Advanced Features Configuring Advanced Features Stack Management ■ There is no limit on the number of stacks in the same IP subnet (broadcast domain), however a switch can belong to only one stack. ■ If multiple VLANs are configured, stacking uses only the primary VLAN on any switch. In the factory-default configuration, the DEFAULT_VLAN is the primary VLAN. (See “Stacking Operation with Multiple VLANs Configured” on page 9-45 and “Which VLAN Is Primary?” on page 9-51.
Configuring Advanced Features Stack Management IP Addressing and Stack Name Candidate Note Passwords SNMP Communities IP Addr: Optional. n/a Configuring an IP address allows access via Telnet or web browser interface while the switch is not a stack member. In the factory default configuration the switch automatically acquires an IP address if your network includes DHCP service. Stack Name: N/A Passwords optional.
Configuring Advanced Features Stack Management Overview of Configuring and Bringing Up a Stack Configuring Advanced Features This process assumes that: ■ All switches you want to include in a stack are connected to the same subnet (broadcast domain). ■ If VLANs are enabled on the switches you want to include in the stack, then the ports linking the stacked switches must be on the primary VLAN in each switch (which, in the default configuration, is the default VLAN).
Configuring Advanced Features Stack Management Table 9-3. Stacking Configuration Guide Join Method1 Commander Candidate (IP Addressing Required) (IP Addressing Optional) Auto Join Passwords Automatically add Candidate to Stack (Causes the first 15 eligible, discovered switches in the subnet to automatically join a stack.
Configuring Advanced Features Stack Management General Steps for Creating a Stack This section describes the general stack creation process. For the detailed configuration processes, see pages 9-12 through 9-36 for the menu interface and pages 9-29 through 9-41 for the CLI. Configuring Advanced Features 1. Determine the naming conventions for the stack. You will need a stack name. Also, to help distinguish one switch from another in the stack, you can configure a unique system name for each switch.
Configuring Advanced Features Stack Management For automatically or manually pulling Candidate switches into a stack, you can leave such switches in their default stacking configuration. If you need to access Candidate switches through your network before they join the stack, assign IP addresses to these devices. Otherwise, IP addressing is optional for Candidates and Members.
Configuring Advanced Features Stack Management Using the Menu Interface To View Stack Status And Configure Stacking Configuring Advanced Features Using the Menu Interface To View and Configure a Commander Switch 1. Configure an IP address and subnet mask on the Commander switch. (See “IP Configuration” on page 5-2.) 2. Display the Stacking Menu by selecting Stacking in the Main Menu. Figure 9-5. The Default Stacking Menu 3. Display the Stack Configuration menu by pressing Configuration.
Configuring Advanced Features Stack Management Configuring Advanced Features Figure 9-6. The Default Stack Configuration Screen 4. Move the cursor to the Stack State field by pressing [E] (for Edit). Then use the Space bar to select the Commander option. 5. Press the downarrow key to display the Commander configuration fields in the Stack Configuration screen. Figure 9-7. The Default Commander Configuration in the Stack Configuration Screen 6.
Configuring Advanced Features Configuring Advanced Features Stack Management • No (the default) prevents automatic joining of Candidates that have their Auto Join set to Yes. • Yes enables the Commander to automatically take a Candidate into the stack as a Member if the Candidate has Auto Join set to Yes (the default Candidate setting) and does not have a previously configured password. 8.
Configuring Advanced Features Stack Management Table 9-4.Candidate Configuration Options in the Menu Interface Parameter Default Setting Other Settings Stack State Candidate Commander, Member, or Disabled Auto Join Yes No Range: 1 to 300 seconds Using the Menu To “Push” a Switch Into a Stack, Modify the Switch’s Configuration, or Disable Stacking on the Switch. Use Telnet or the web browser interface to access the Candidate if it has an IP address.
Configuring Advanced Features Stack Management 4. Do one of the following: • To disable stacking on the Candidate, use the Space bar to select the Disabled option, then go to step 5. Note: Using the menu interface to disable stacking on a Candidate removes the Candidate from all stacking menus. Configuring Advanced Features • To insert the Candidate into a specific Commander’s stack: i. Use the space bar to select Member. ii.
Configuring Advanced Features Stack Management Using the Commander’s Menu To Manually Add a Candidate to a Stack. In the default configuration, you must manually add stack Members from the Candidate pool. Reasons for a switch remaining a Candidate instead of becoming a Member include any of the following: ■ Auto Grab in the Commander is set to No (the default). ■ Auto Join in the Candidate is set to No. stack from which it has just departed. ■ A Manager password is set in the Candidate.
Configuring Advanced Features Stack Management The Commander automatically selects an available switch number (SN). You have the option of assigning any other available number. Configuring Advanced Features Candidate List Figure 9-10. Example of Candidate List in Stack Management Screen 3. Either accept the displayed switch number or enter another available number. (The range is 0 - 15, with 0 reserved for the Commander.) 4.
Configuring Advanced Features Stack Management For status descriptions, see the table on page 9-47. Figure 9-11. Example of Stack Management Screen After New Member Added Using the Commander’s Menu To Move a Member From One Stack to Another. Where two or more stacks exist in the same subnet (broadcast domain), you can easily move a Member of one stack to another stack if the destination stack is not full.
Configuring Advanced Features Stack Management Configuring Advanced Features For status descriptions, see the table on page 47. This column lists the MAC Addresses for switches discovered (in the local subnet) that are configured for Stacking. Using the MAC addresses for these Members, you can move them between stacks in the same subnet. Figure 9-12. Example of How the Stacking Status (All) Screen Helps You Find Member MAC Addresses 3.
Configuring Advanced Features Stack Management 8. Note: • If the stack containing the Member you are moving has a Manager password, press the downarrow key to select the Candidate Password field, then type the password. • If the stack containing the Member you want to move does not have a password, go to step 9. Press [Enter] to return to the Actions line, then press [S] (for Save) to complete the Add process for the selected Member.
Configuring Advanced Features Stack Management 4. Stack Management You will then see the Stack Management screen: Configuring Advanced Features For status descriptions, see the table on page 9-47. Stack Member List Figure 9-13. Example of Stack Management Screen with Stack Members Listed 2. Use the downarrow key to select the Member you want to remove from the stack. Figure 9-14. Example of Selecting a Member for Removal from the Stack 3.
Configuring Advanced Features Stack Management Using the Commander To Access Member Switches for Configuration Changes and Monitoring Traffic After a Candidate becomes a stack Member, you can use that stack’s Commander to access the Member’s console interface for the same configuration and monitoring that you would do through a Telnet or direct-connect access. From the Main Menu, select: 9. Stacking... 5.
Configuring Advanced Features Configuring Advanced Features Stack Management Main Menu for stack Member named "Coral Sea" (SN = 1 from figure 9-16) Figure 9-17. The eXecute Command Displays the Console Main Menu for the Selected Stack Member 2. You can now make configuration changes and/or view status data for the selected Member in the same way that you would if you were directly connected or telnetted into the switch. 3.
Configuring Advanced Features Stack Management 3. Press [B] (for Back) to return to the Stacking Menu. 4. To display Stack Configuration menu for the switch you are moving, select 3. Stack Configuration Press [E] (for Edit) to select the Stack State parameter. 6. Use the Space bar to select Member, then press [v] to move to the Commander MAC Address field. 7. Enter the MAC address of the destination Commander and press [Enter]. 8. Press [S] (for Save).
Configuring Advanced Features Stack Management Using Any Stacked Switch To View the Status for All Switches with Stacking Enabled. This procedure displays the general status of all switches in the IP subnet (broadcast domain) that have stacking enabled. Configuring Advanced Features 1. Go to the console Main Menu for any switch configured for stacking and select: 9. Stacking ... 2.
Configuring Advanced Features Stack Management Configuring Advanced Features Figure 9-19. Example of the Commander’s Stacking Status Screen Viewing Member Status. This procedure displays the Member’s stacking information plus the Commander’s status, IP address, and MAC address. To display the status for a Member: 1. Go to the console Main Menu of the Commander switch and select 9. Stacking ... 5. Stack Access 2.
Configuring Advanced Features Configuring Advanced Features Stack Management Figure 9-20. Example of a Member’s Stacking Status Screen Viewing Candidate Status. This procedure displays the Candidate’s stacking configuration. To display the status for a Candidate: 1. Use Telnet (if the Candidate has a valid IP address for your network) or a direct serial port connection to access the menu interface Main Menu for the Candidate switch and select 9. Stacking ... 1.
Configuring Advanced Features Stack Management Using the CLI To View Stack Status and Configure Stacking The CLI enables you to do all of the stacking tasks available through the menu interface.) Table 9-6. CLI Commands for Configuring Stacking on a Switch Operation show stack [candidates | view | all] Commander: Shows Commander’s stacking configuration and lists the stack members and their individual status.
Configuring Advanced Features Configuring Advanced Features Stack Management CLI Command Operation [no] stack member mac-address [password ] Commander: Adds a Candidate to stack membership. “No” form removes a Member from stack membership. To easily determine the MAC address of a Candidate, use the show stack candidates command. To determine the MAC address of a Member you want to remove, use the show stack view command.
Configuring Advanced Features Stack Management Using the CLI To View Stack Status You can list the stack status for an individual switch and for other switches that have been discovered in the same subnet. Syntax: show stack [candidates | view | all] Syntax: show stack Figure 9-22. Example of Using the Show Stack Command To List the Stacking Configuration for an Individual Switch Viewing the Status of Candidates the Commander Has Detected.
Configuring Advanced Features Stack Management Viewing the Status of all Stack-Enabled Switches Discovered in the IP Subnet. The next example lists all the stack-configured switches discovered in the IP subnet. Because the SMC6624M on which the show stack all command was executed is a candidate, it is included in the “Others” category. Configuring Advanced Features Syntax: show stack all Figure 9-24.
Configuring Advanced Features Stack Management Using the CLI To Configure a Commander Switch You can configure any stacking-enabled switch to be a Commander as long as the intended stack name does not already exist on the broadcast domain. (When you configure a Commander, you automatically create a corresponding stack.) Before you begin configuring stacking parameters: Note Configure IP addressing on the switch intended for stack commander and, if not already configured, on the primary VLAN.
Configuring Advanced Features Stack Management The Commander appears in the stack as Switch Number (SN) 0. Configuring Advanced Features The stack commander command configures the Commander and names the stack. Figure 9-26. Example of the Commander’s Show Stack Screen with Only the Commander Discovered Using a Member’s CLI to Convert the Member to the Commander of a New Stack. This procedure requires that you first remove the Member from its current stack, then create the new stack.
Configuring Advanced Features Stack Management The output from this command tells you the MAC address of the current stack Commander. Configuring Advanced Features Removes the Member from the “Big_Waters” stack. Converts the former Member to the Commander of the new “Lakes” stack. Figure 9-27.
Configuring Advanced Features Stack Management Configuring Advanced Features Using the Commander’s CLI To Manually Add a Candidate to the Stack. To manually add a candidate, you will use: ■ A switch number (SN) to assign to the new member. Member SNs range from 1 to 15. To see which SNs are already assigned to Members, use show stack view. You can use any SN not included in the listing. (SNs are viewable only on a Commander switch.
Configuring Advanced Features Stack Management For example, if the switch named “DEFAULT_CONFIG” in the above listing did not have a Manager password and you wanted to make it a stack Member with an SN of 2, you would execute the following command: SMC TigerSwitch 10/100(config)# stack member 2 macaddress 0060b0-dfla00 The new member did not have a System Name configured prior to joining the stack, and so receives a System Name composed of the stack name (assigned in the Commander) with its SN number as a
Configuring Advanced Features Stack Management Configuring Advanced Features Using a Candidate CLI To Manually “Push” the Candidate Into a Stack . Use this method if any of the following apply: ■ The Candidate’s Auto Join is set to Yes (and you do not want to enable Auto Grab on the Commander) or the Candidate’s Auto Join is set to No.
Configuring Advanced Features Stack Management Syntax: stack member mac-address [password] Move this switch into the “Cold Waters” Figure 9-32. Example of Stack Listing with Two Stacks in the Subnet You would then execute the following command to pull the desired switch into the new stack: SMC TigerSwitch 10/100(config)# stack member 1 macaddress 0060b0-df1a00 Where 1 is an unused switch number (SN).
Configuring Advanced Features Stack Management Syntax: no stack name stack join If you don’t know the MAC address of the destination Commander, you can use show stack all to identify it. Configuring Advanced Features For example, suppose you have a switch operating as the Commander for a temporary stack named “Test”.
Configuring Advanced Features Stack Management Syntax: [no] stack member mac-address Use show stack view to list the stack Members. For example, suppose that you wanted to use the Commander to remove the “North Sea” Member from the following stack: Configuring Advanced Features Remove this Member from the stack. Figure 9-34.
Configuring Advanced Features Stack Management Configuring Advanced Features CLI for “North Sea” Stack Member MAC Address of the Commander for the Stack to Which the“North Sea” Switch Belongs Figure 9-35.
Configuring Advanced Features Stack Management The switch number (SN) for the “North Sea” switch is “3”. To access the “North Sea” console, you would then execute the following telnet command: Big_Waters-0(config)# telnet 3 You would then see the CLI prompt for the “North Sea” switch, allowing you to configure or monitor the switch as if you were directly connected to the console. 9-43 Configuring Advanced Features Figure 9-36.
Configuring Advanced Features Stack Management SNMP Community Operation in a Stack Configuring Advanced Features Community Membership In the default stacking configuration, when a Candidate joins a stack, it automatically becomes a Member of any SNMP community to which the Commander belongs, even though any community names configured in the Commander are not propagated to the Member’s SNMP Communities listing.
Configuring Advanced Features Stack Management Note that in the above example (figure 9-37) you cannot use the public community through the Commander to access any of the Member switches. For example, you can use the public community to access the MIB in switches 1 and 3 by using their unique IP addresses. However, you must use the red or blue community to access the MIB for switch 2. snmpget 10.31.29.100 blue@sw2 In the default configuration, stacking is enabled on the SMC6624M.
Configuring Advanced Features Configuring Advanced Features Stack Management ■ Stacking uses only the primary VLAN on each switch in a stack. ■ The primary VLAN can be tagged or untagged as needed in the stacking path from switch to switch. ■ The same VLAN ID (VID) must be assigned to the primary VLAN in each stacked switch. Web: Viewing and Configuring Stacking Figure 9-38. Example of the Web Browser Interface for a Commander The web browser interface for a Commander appears as shown above.
Configuring Advanced Features Stack Management 3. Click on [Apply Changes] to save any configuration changes for the individual switch. 4. If the switch is a Commander, use the [Stack Closeup] and [Stack Management] buttons for viewing and using stack features. Status Messages Message Condition Action or Remedy Candidate Auto-join Indicates a switch configured with Stack State set to Candidate, Auto Join set to Yes (the default), and no Manager password.
Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) Port-Based Virtual LANs (Static VLANs) VLAN Features Configuring Advanced Features Feature Default Menu CLI Web page 9-55 thru 9-60 page 9-61 page 9-66 default VLAN with page 9-55 VID = 1 thru 9-60 page 9-60 page 9-66 view existing VLANs n/a configuring static VLANs configuring dynamic disabled VLANs See “GVRP” on page 9-74. A VLAN is a group of ports designated by the switch as belonging to the same broadcast domain.
Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) saved by not allowing packets to flood out all ports. An external router is required to enable separate VLANs on a switch to communicate with each other. Switch with Two VLANs Configured VLAN_1 Port 1 Port 2 Port 3 Port 4 External Router Port 8 Port 5 Port 6 Port 7 VLAN_2 Figure 9-39. Example of Routing Between VLANs via an External Router Overlapping (Tagged) VLANs.
Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) Configuring Advanced Features SMC6624M Figure 9-40. Example of Overlapping VLANs Using the Same Server Similarly, using 802.1Q-compliant switches, you can connect multiple VLANs through a single switch-to-switch link. 6624M Switch 2524 6624M Figure 9-41. Example of Connecting Multiple VLANs Through the Same Link Introducing Tagged VLAN Technology into Networks Running Legacy (Untagged) VLANs. You can introduce 802.
Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) Switch 2524 Switch Non2524 802.1Q 6624M 6624M Switch 2512 Tagged VLAN Link Configuring Advanced Features Untagged VLAN Links Non-802.1Qcompliant switch Figure 9-42.
Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) Configuring Advanced Features DHCP or Bootp on different VLANs do not result in conflicting configuration values for the switch. The primary VLAN is the VLAN the switch uses to run and manage these features and data. In the factory-default configuration, the switch designates the default VLAN (DEFAULT_VLAN) as the primary VLAN. However, to provide more control in your network, you can designate another VLAN as primary.
Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) Example of Per-Port VLAN Configuration with GVRP Disabled (the default) Example of Per-Port VLAN Configuration with GVRP Enabled Configuring Advanced Features Enabling GVRP causes “No” to display as “Auto”. Figure 9-43. Comparing Per-Port VLAN Options With and Without GVRP Table 9-7. Per-Port VLAN Configuration Options Parameter Effect on Port Participation in Designated VLAN Tagged Allows the port to join multiple VLANs.
Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) General Steps for Using VLANs Configuring Advanced Features 1. Plan your VLAN strategy and create a map of the logical topology that will result from configuring VLANs. Include consideration for the interaction between VLANs and other features such as Spanning Tree Protocol, load balancing, and IGMP. (Refer to “Effect of VLANs on Other Switch Features” on page 9-71.
Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) Menu: Configuring VLAN Parameters To Change VLAN Support Settings This section describes: ■ Changing the maximum number of VLANs to support ■ Changing the primary VLAN selection (See “Changing the Primary VLAN” on page 9-63.) ■ Enabling or disabling dynamic VLANs (See “GVRP” on page 9-74.) 1. From the Main Menu select: 2. Switch Configuration 8. VLAN Menu . . . 1. VLAN Support You will then see the following screen: Figure 9-44.
Configuring Advanced Features Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) Note ■ To select another primary VLAN, select the Primary VLAN field and use the space bar to select from the existing options. ■ To enable or disable dynamic VLANs, select the GVRP Enabled field and use the Space bar to toggle between options. (For GVRP information, see “GVRP” on page 9-74.
Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) Adding or Editing VLAN Names Use this procedure to add a new VLAN or to edit the name of an existing VLAN. 1. From the Main Menu select: 2. Switch Configuration 8. VLAN Menu . . . 2. VLAN Names Default VLAN and VLAN ID Figure 9-46. The Default VLAN Names Screen 2. Press [A] (for Add). You will then be prompted for a new VLAN name and VLAN ID: 802.1Q VLAN ID : 1 Name : _ 3. Type in a VID (VLAN ID number).
Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) Configuring Advanced Features Example of a New VLAN and ID Figure 9-47. Example of VLAN Names Screen with a New VLAN Added 6. Repeat steps 2 through 5 to add more VLANs. Remember that you can add VLANs until you reach the number specified in the Maximum VLANs to support field on the VLAN Support screen (see figure 9-44on page 9-55). This includes any VLANs added dynamically due to GVRP operation. 7.
Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) Configuring Advanced Features Default: In this example, the “VLAN-22” has been defined, but no ports have yet been assigned to it. (“No” means the port is not assigned to that VLAN.) Using GVRP? If you plan on using GVRP, any ports you don’t want to join should be changed to “Forbid”. A port can be assigned to several VLANs, but only one of those assignments can be “Untagged”. Figure 9-48. Example of VLAN Port Assignment Screen 2.
Configuring Advanced Features Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) Ports 4 and 5 are assigned to both VLANs. Ports 6 and 7 are assigned only to VLAN-22. All other ports are assigned only to the Default VLAN. Figure 9-49. Example of VLAN Assignments for Specific Ports For information on VLAN tags (“Untagged” and “Tagged”), refer to “VLAN Tagging Information” on page 9-67. d. 3.
Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) VLAN Commands Used in this Section below show vlan page 9-62 max-vlans <1..30> page 9-63 primary-vlan page 9-63 [no] vlan page 9-64 name page 9-65 [no] tagged page 9-65 [no] untagged page 9-65 [no] forbid page 9-65 auto page 9-65 (Available if GVRP enabled.) static-vlan page 9-65 (Available if GVRP enabled.
Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) Displaying the Configuration for a Particular VLAN . This command uses the VID to identify and display the data for a specific static or dynamic VLAN. show vlan Configuring Advanced Features Syntax: Figure 9-51. Example of “Show VLAN” for a Specific Static VLAN Show VLAN lists this data when GVRP is enabled and at least one port on the switch has dynamically joined the designated VLAN. Figure 9-52.
Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) Changing the Number of VLANs Allowed on the Switch. By default, the switch allows a maximum of 8 VLANs. You can specify any value from 1 to 30. (If GVRP is enabled, this setting includes any dynamic VLANs on the switch.) As part of implementing a new value, you must execute a write memory command (to save the new value to the startup-config file) and then reboot the switch. max-vlans <1 ..
Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) Creating a New Static VLAN Changing the VLAN Context Level. With this command, entering a new VID creates a new static VLAN. Entering the VID or name of an existing static VLAN places you in the context level for that VLAN. Configuring Advanced Features Syntax: vlan [name ]Creates a new static VLAN if a VLAN with that VID does not already exist, and places you in that VLAN’s context level.
Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) Converting a Dynamic VLAN to a Static VLAN. If GVRP is running on the switch and a port dynamically joins a VLAN, you can use the next command to convert the dynamic VLAN to a static VLAN. (For GVRP and dynamic VLAN operation, see “GVRP” on page 9-74.) This is necessary if you want to make the VLAN permanent.
Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) operation. Note that Auto is the default per-port setting for a static VLAN if GVRP is runing on the switch. (For information on dynamic VLAN and GVRP operation, see “GVRP” on page 9-74.) Configuring Advanced Features For example, suppose you have a VLAN named VLAN100 with a VID of 100, and all ports are set to No for this VLAN.
Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) To configure static VLAN port parameters, you will need to use the menu interface (available by Telnet from the web browser interface) or the CLI. 1. Click on the Configuration tab. 2. Click on [VLAN Configuration]. 3. Click on [Add/Remove VLANs]. VLAN tagging enables traffic from more than one VLAN to use the same port.
Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) Blue Server Red VLAN Configuring Advanced Features Red Server 5 4 3 Blue VLAN 2 Green Server Red VLAN: Untagged Green VLAN: Tagged 6 Switch "X" White Server 7 1 Green VLAN Ports 1-6: Untagged Port 7: Red VLAN Untagged Green VLAN Tagged 4 5 White VLAN 3 Switch "Y" 1 Red VLAN 2 Green VLAN Ports 1-4: Untagged Port 5: Red VLAN Untagged Green VLAN Tagged Figure 9-54.
Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) Note Each 802.1Q-compliant VLAN must have its own unique VID number, and that VLAN must be given the same VID in every device in which it is configured. That is, if the Red VLAN has a VID of 10 in switch X, then 10 must also be used for the Red VID in switch Y. Configuring Advanced Features VID Numbers Figure 9-55.
Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) Server S2 Server S1 Red VLAN: Untagged Green VLAN: Tagged X1 Configuring Advanced Features Switch "X" X4 Red VLAN X2 Red VLAN: Untagged Green VLAN: Tagged Red VLAN: Untagged Green VLAN: Tagged Y1 Y5 Switch "Y" Y4 X3 Green VLAN Y2 Green VLAN only Server S3 Y3 Red VLAN Green VLAN Figure 9-56. Example of Networked 802.
Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) To summarize: Tagging Scheme 1 Untagged or Tagged. If the device connected to the port is 802.1Q-compliant, then the recommended choice is “Tagged”. 2 or More 1 VLAN Untagged; all others Tagged or All VLANs Tagged A given VLAN must have the same VID on any 802.1Q-compliant device in which the VLAN is configured. The ports connecting two 802.1Q devices should have identical VLAN configurations, as shown for ports X2 and Y5, above.
Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) VLAN MAC Addresses Configuring Advanced Features The switch has one unique MAC address for each of its VLAN interfaces. You can send an 802.2 test packet to this MAC address to verify connectivity to the switch. Likewise, you can assign an IP address to the VLAN interface, and when you Ping that address, ARP will resolve the IP address to this MAC address. The switch allows up to 30 VLAN MAC addresses (one per possible VLAN).
Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) VLAN Restrictions A port must be a member of at least one VLAN. In the factory default configuration, all ports are assigned to the default VLAN (DEFAULT_VLAN; VID = 1). ■ A port can be assigned to several VLANs, but only one of those assignments can be untagged. (The “Untagged” designation enables VLAN operation with non 802.1Q-compliant devices.) ■ An external router must be used to communicate between tagged VLANs.
Configuring Advanced Features GVRP Configuring Advanced Features GVRP Feature Default Menu CLI Web view GVRP configuration n/a page 9-81 page 9-83 page 9-86 list static and dynamic VLANs on a GVRP-enabled switch n/a — page 9-85 page 9-86 enable or disable GVRP on the disabled switch page 9-81 page 9-84 page 9-86 enable or disable GVRP on individual ports page 9-81 page 9-84 — control how individual ports Learn will handle advertisements for new VLANs page 9-81 page 9-84 page 9-86
Configuring Advanced Features GVRP Note General Operation A GVRP-enabled port with a Tagged or Untagged static VLAN sends advertisements (BPDUs, or Bridge Protocol Data Units) advertising the VLAN (actually, its VID). Another GVRP-aware port receiving the advertisements over a link can dynamically join the advertised VLAN. All dynamic VLANs operate as Tagged VLANs. Also, a GVRP-enabled port can forward an advertisement for a VLAN it learned about from other ports on the same switch.
Configuring Advanced Features GVRP Note that if a static VLAN is configured on at least one port of a switch, and that port has established a link with another device, then all other ports of that switch will send advertisements for that VLAN. Configuring Advanced Features For example, in the following figure, Tagged VLAN ports on switch “A” and switch “C”, below advertise VLANs 22 and 33 to ports on other GVRP-enabled switches that can dynamically join the VLANs.
Configuring Advanced Features GVRP If the switch already has a static VLAN assignment with the same VID as in the advertisement, and the port is configured to Auto for that VLAN, then the port will dynamically join the VLAN and begin moving that VLAN’s traffic. (For more detail on Auto, see “Per-Port Options for Dynamic VLAN Advertising and Joining” on page 9-79.) ■ Ignore the advertisement for that VID and drop all GVRP traffic with that VID. ■ Don’t participate in that VLAN.
Configuring Advanced Features GVRP Table 9-8. Options for Handling “Unknown VLAN” Advertisements: Configuring Advanced Features Unknown VLAN Operation Mode Learn (the Default) Enables the port to dynamically join any VLAN for which it receives an advertisement, and allows the port to forward advertisements it receives. Block Prevents the port from dynamically joining a VLAN that is not statically configured on the switch.
Configuring Advanced Features GVRP Per-Port Options for Dynamic VLAN Advertising and Joining Enabling a Static VLAN for Dynamic Joins. You can configure a port to dynamically join a static VLAN (that shares the same VID) if that port subsequently receives an advertisement for the static VLAN. (This is done by using the Auto and Learn options described in table 9-9, below. Parameters for Controlling VLAN Propagation Behavior.
Configuring Advanced Features GVRP As the above table indicates, when you enable GVRP, a port that has a Tagged or Untagged static VLAN has the option for both generating advertisements and dynamically joining other VLANs. Configuring Advanced Features Note In table 9-9, above, the Unknown VLAN parameters are configured on a perinterface basis using the CLI. The Tagged, Untagged, Auto, and Forbid options are configured in the VLAN context using either the menu interface or the CLI.
Configuring Advanced Features GVRP Planning for GVRP Operation These steps outline the procedure for setting up dynamic VLANs for a segment. Determine the VLAN topology you want for each segment (broadcast domain) on your network. 2. Determine the VLANs that must be static and the VLANs that can be dynamically propagated. 3. Determine the device or devices on which you must manually create static VLANs in order to propagate VLANs throughout the segment. 4.
Configuring Advanced Features GVRP Configuring Advanced Features 2. Switch Configuration . . . 8. VLAN Menu . . . 1. VLAN Support Figure 9-60. The VLAN Support Screen (Default Configuration) 2. Do the following to enable GVRP and display the Unknown VLAN fields: a. Press [E] (for Edit). b. Use [v] to move the cursor to the GVRP Enabled field. c. Press the Space bar to select Yes. d. Press [v] again to display the Unknown VLAN fields.
Configuring Advanced Features GVRP CLI: Viewing and Configuring GVRP GVRP Commands Used in This Section show gvrp below gvrp page 9-84 unknown-vlans page 9-84 Syntax: show gvrp Figure 9-62. Example of “Show GVRP” Listing with GVRP Disabled This example includes non-default settings for the Unknown VLAN field for some ports. Figure 9-63. Example of Show GVRP Listing with GVRP Enabled 9-83 Configuring Advanced Features Displaying the Switch’s Current GVRP Configuration.
Configuring Advanced Features GVRP Enabling and Disabling GVRP on the Switch. This command enables GVRP on the switch. Syntax: gvrp This example enables GVRP: Configuring Advanced Features SMC TigerSwitch 10/100(config)# gvrp This example disables GVRP operation on the switch: SMC TigerSwitch 10/100(config)# no gvrp Enabling and Disabling GVRP On Individual Ports. When GVRP is enabled on the switch, use the unknown-vlans command to change the Unknown VLAN field for one or more ports.
Configuring Advanced Features GVRP Displaying the Static and Dynamic VLANs Active on the Switch. The show vlans command lists all VLANs present in the switch. Syntax: show vlans Switch “A” Switch “B” GVRP enabled. GVRP enabled. 3 Static VLANs: 1 Static VLANs: – DEFAULT_VLAN – VLAN-222 – VLAN-33 – DEFAULT_VLAN The show vlans command lists the dynamic (and static) VLANs in switch “B”. Dynamic VLANs Learned from Switch “A” through Port 1 Figure 9-64.
Configuring Advanced Features GVRP Converting a Dynamic VLAN to a Static VLAN. If a port on the switch has joined a dynamic VLAN, you can use the following command to convert that dynamic VLAN to a static VLAN: Syntax: static Configuring Advanced Features For example, to convert dynamic VLAN 333 (from the previous example) to a static VLAN: SMC TigerSwitch 10/100(config)# static 333 Web: Viewing and Configuring GVRP To view, enable, disable, or reconfigure GVRP: 1.
Configuring Advanced Features GVRP ■ By receiving advertisements from other devices running GVRP, the switch learns of static VLANs on those other devices and dynamically (automatically) creates tagged VLANs on the links to the advertising devices. Similarly, the switch advertises its static VLANs to other GVRP-aware devices. ■ A GVRP-enabled switch does not advertise any GVRP-learned VLANs out of the port(s) on which it originally learned of those VLANs.
Configuring Advanced Features Multimedia Traffic Control with IP Multicast (IGMP) Multimedia Traffic Control with IP Multicast (IGMP) Configuring Advanced Features IGMP Features Feature Default Menu CLI Web view igmp configuration n/a — page 9-90 — show igmp status for multicast groups used by the selected VLAN n/a — Yes — enabling or disabling IGMP (Requires VLAN ID Context) disabled — page 9-92 page 9-94 per-port packet control auto — page 9-93 — IGMP traffic priority normal —
Configuring Advanced Features Multimedia Traffic Control with IP Multicast (IGMP) Enabling IGMP allows the ports to detect IGMP queries and report packets and manage IP multicast traffic through the switch. If no other querier is detected, the switch will then also function as the querier. (If you need to disable the querier feature, you can do so through the IGMP configuration MIB. Refer to “Changing the Querier Configuration Setting” on page 9-94.
Configuring Advanced Features Multimedia Traffic Control with IP Multicast (IGMP) Configuring Advanced Features ■ Note • Blocked: Causes the switch to drop all IGMP transmissions received from a specific port and to block all outgoing IP Multicast packets for that port. This has the effect of preventing IGMP traffic from moving through specific ports. • Forward: Causes the switch to forward all IGMP and IP multicast transmissions through the port.
Configuring Advanced Features Multimedia Traffic Control with IP Multicast (IGMP) Viewing the Current IGMP Configuration. This command lists the IGMP configuration for all VLANs configured on the switch or for a specific VLAN. Syntax: show ip igmp config show ip igmp config (For IGMP operating status, see “Internet Group Management Protocol (IGMP) Status” on page 10-16.
Configuring Advanced Features Multimedia Traffic Control with IP Multicast (IGMP) Configuring Advanced Features IGMP Configuration for the Selected VLAN IGMP Configuration On the Individual Ports in the VLAN Figure 9-66. Example Listing of IGMP Configuration for A Specific VLAN Enabling or Disabling IGMP on a VLAN. You can enable IGMP on a VLAN, along with the last-saved or default IGMP configuration (whichever was most recently set), or you can disable IGMP on a selected VLAN.
Configuring Advanced Features Multimedia Traffic Control with IP Multicast (IGMP) Configuring Per-Port IGMP Packet Control. Use this command in the VLAN context to specify how each port should handle IGMP traffic. Syntax: vlan ip igmp [auto | blocked | forward ] Default: auto Ports 1-7 auto Filter multicast traffic. Forward IGMP traffic to hosts on these ports that belong to the multicast group for which the traffic is intended.
Configuring Advanced Features Multimedia Traffic Control with IP Multicast (IGMP) SMC TigerSwitch 10/100(vlan 1)# no ip igmp high-priorityforward Returns IGMP traffic to “normal” priority. SMC TigerSwitch 10/100> show ip igmp config Show command to display results of above high-priority commands. Configuring Advanced Features Configuring the Querier Function. The default querier function is “enabled”. This command disables or re-enables the querier function.
Configuring Advanced Features Multimedia Traffic Control with IP Multicast (IGMP) to or from the same source(s) is termed a multicast group, and all devices in the group use the same multicast group address. The multicast group running version 2 of IGMP uses three fundamental types of messages to communicate: Query: A message sent from the querier (multicast router or switch) asking for a response from each host belonging to the multicast group.
Configuring Advanced Features Multimedia Traffic Control with IP Multicast (IGMP) ■ Switch 2 is recognizing IGMP traffic and learns that PC 4 is in the IP multicast group receiving multicast data from the video server (PC X). Switch 2 then sends the multicast data only to the port for PC 4, thus avoiding unwanted multicast traffic on the ports for PCs 5 and 6.
Configuring Advanced Features Multimedia Traffic Control with IP Multicast (IGMP) Switch 1 IGMP is NOT Running Here IGMP IS Running Here Switch 3 IGMP IS Running Here Switch 4 PC 2 PC 1 PC 5 PC 6 Figure 9-68.
Configuring Advanced Features Multimedia Traffic Control with IP Multicast (IGMP) Configuring Advanced Features Note: IP Multicast Filters. IP multicast addresses occur in the range from 224.0.0.0 through 239.255.255.255 (which corresponds to the Ethernet multicast address range of 01005e-000000 through 01005e-7fffff).
Configuring Advanced Features Spanning Tree Protocol (STP) Spanning Tree Protocol (STP) STP Features Default Menu CLI Web viewing the STP configuration n/a page 9-100 page 9-102 — enable/disable STP disabled page 9-100 page 9-103 page 9-105 reconfiguring general operation priority: 32768 page max age: 20 s 9-100 hello time: 2 s fwd.
Configuring Advanced Features Spanning Tree Protocol (STP) Configuring Advanced Features STP Fast Mode for Overcoming Server Access Failures. If an end node is configured to automatically access a server, the duration of the STP startup sequence can result in a “server access failure”. On ports where this is a problem, configuring STP Fast Mode can eliminate the failure. For more information, see “STP Fast Mode” on page 9-106. Also, for more information on STP, see “How STP Operates” on page 9-105.
Configuring Advanced Features Spanning Tree Protocol (STP) ) Read-Only Fields Configuring Advanced Features Figure 9-69. Example of the STP Configuration Screen 4. If the remaining STP parameter settings are adequate for your network, go to step 8. 5. Use [Tab] or the arrow keys to select the next parameter you want to change, then type in the new value or press the Space Bar to select a value.
Configuring Advanced Features Spanning Tree Protocol (STP) CLI: Configuring STP Configuring Advanced Features STP Commands Used in This Section show spanning-tree config Below spanning-tree page 9-103 forward-delay <4 - 30> page 9-103 hello-time <1 - 10> page 9-103 maximum-age <6 - 40> page 9-103 priority <0 - 65535> page 9-103 ethernet page 9-104 path-cost <1 - 65535> page 9-104 priority <0 - 255> page 9-104 mode page 9-104 show spanning tree See “Spanning
Configuring Advanced Features Spanning Tree Protocol (STP) Enabling or Disabling STP. Enabling STP implements the spanning-tree protocol for all physical ports on the switch, regardless of whether multiple VLANs are configured. Disabling STP removes protection against redundant loops that can significantly slow or halt a network.
Configuring Advanced Features Spanning Tree Protocol (STP) Configuring Advanced Features You can also include one or more of the STP per-port parameters in this command. See “Reconfiguring Per-Port STP Operation on the Switch” on page 9-104. Syntax: spanning-tree priority <0 - 65355> maximum-age <6 - 40 seconds> hello-time <1 - 10 seconds> forward-delay <4 - 30 seconds> Default: See table 9-10, above.
Configuring Advanced Features Spanning Tree Protocol (STP) For example, the following enables STP (if it is not already enabled) and configures ports 5 and 6 to a path cost of 15, a priority of 100, and fast mode: SMC TigerSwitch 10/100(config)# spanning-tree ethernet 56 path-cost 15 priority 100 mode fast Web: Enabling or Disabling STP To enable or disable STP on the switch: 1. Click on the Configuration tab 2. Click on [Device Features]. 3.
Configuring Advanced Features Spanning Tree Protocol (STP) • Active path from node A to node B: 1—> 3 • Backup (redundant) path from node A to node B: 4 —> 2 —> 3 switch A 1 path cost: 100 2 3 path cost: 100 path cost: 100 Configuring Advanced Features switch B 4 switch C switch D path cost:200 node A node B Figure 9-71.
Configuring Advanced Features Spanning Tree Protocol (STP) Caution To Configure Fast Mode for a Switch Port: ■ In the CLI, use this command: spanning tree mode fast For example, to configure Fast mode for ports 1-3 and 5: SMC TigerSwitch 10/100(config)# spanning-tree ethernet 1-3,5 mode fast ■ In the menu interface, go to the Main Menu and follow the steps under “Menu: Configuring STP” on page 9-100. STP Operation with 802.1Q VLANs As recommended in the IEEE 802.
Configuring Advanced Features Spanning Tree Protocol (STP) Solution: STP enabled with 2 separate (non-trunked) links blocks a VLAN link. STP enabled with one trunked link. Configuring Advanced Features Problem: Nodes 1 and 2 cannot communicate because STP is blocking the link. Nodes 1 and 2 can communicate because STP sees the trunk as a single link and 802.1Q (tagged) VLANs enable the use of one (trunked) link for both VLANs. Figure 9-72.
10 Monitoring and Analyzing Switch Operation The SMC6624M switch has several built-in tools for monitoring, analyzing, and troubleshooting switch and network operation: Status: Includes options for displaying general switch information, management address data, port status, MAC addresses detected on each port, and STP, IGMP, and VLAN data. ■ Counters: Display details of traffic volume on individual ports. ■ Event Log: Lists switch operating events.
Monitoring and Analyzing Switch Operation Status and Counters Data Status and Counters Data This section describes the status and counters screens available through the switch console interface and/or the web browser interface. Monitoring and Analyzing Switch Operation Note Status or Counters Type You can access all console screens from the web browser interface via Telnet to the console. Telnet access to the switch is available in the Device View window under the Configuration tab.
Monitoring and Analyzing Switch Operation Status and Counters Data Menu Access To Status and Counters Beginning at the Main Menu, display the Status and Counters menu by selecting: 1. Status and Counters Monitoring and Analyzing Switch Operation Figure 10-1. The Status and Counters Menu Each of the above menu items accesses the read-only screens described on the following pages. Refer to the online help for a description of the entries displayed in these screens.
Monitoring and Analyzing Switch Operation Status and Counters Data General System Information Menu Access From the console Main Menu, select: 1. Status and Counters Monitoring and Analyzing Switch Operation 1. General System Information Figure 10-2. Example of General Switch Information This screen dynamically indicates how individual switch resources are being used.
Monitoring and Analyzing Switch Operation Status and Counters Data Switch Management Address Information Menu Access From the Main Menu, select: 1 Status and Counters . . . 2. Switch Management Address Information Monitoring and Analyzing Switch Operation Figure 10-3. Example of Management Address Information with VLANs Configured This screen displays addresses that are important for management of the switch.
Monitoring and Analyzing Switch Operation Status and Counters Data Port Status The web browser interface and the console interface show the same port status data. Menu: Displaying Port Status From the Main Menu, select: Monitoring and Analyzing Switch Operation 1. Status and Counters . . .3. Port Status Figure 10-4. Example of Port Status on the Menu Interface CLI Access Syntax: show interfaces Web Access 10-6 1. Click on the Status tab. 2. Click on [Port Status].
Monitoring and Analyzing Switch Operation Status and Counters Data Viewing Port and Trunk Group Statistics Feature Default Menu CLI Web viewing port and trunk statistics n/a for all ports page 10-8 page 10-9 page 10-9 viewing a detailed summary for a n/a particular port or trunk page 10-8 page 10-9 page 10-9 resetting counters page 10-8 page 10-9 page 10-9 n/a These features enable you to determine the traffic patterns for each port since the last reboot or reset of the switch.
Monitoring and Analyzing Switch Operation Status and Counters Data Menu Access to Port and Trunk Statistics To access this screen from the Main Menu, select: 1. Status and Counters . . . Monitoring and Analyzing Switch Operation 4. Port Counters Figure 10-5. Example of Port Counters on the Menu Interface To view details about the traffic on a particular port, use the [v] key to highlight that port number, then select Show Details.
Monitoring and Analyzing Switch Operation Status and Counters Data CLI Access To Port and Trunk Group Statistics To Display the Port Counter Summary Report. This command provides an overview of port activity for all ports on the switch. Syntax: show statistics To Display a Detailed Traffic Summary for a Specific Port. This command provides traffic details for the port you specify.
Monitoring and Analyzing Switch Operation Status and Counters Data Viewing the Switch’s MAC Address Tables Feature Default Menu CLI Web viewing MAC addresses on all ports n/a page 10-11 page 10-13 — viewing MAC addresses on a specific port n/a page 10-12 page 10-13 — viewing MAC addresses on a specific VLAN n/a — searching for a MAC address n/a page 10-12 page 10-13 — page 10-13 — Monitoring and Analyzing Switch Operation These features help you to view: 10-10 ■ The MAC addresses that
Monitoring and Analyzing Switch Operation Status and Counters Data Menu Access to the MAC Address Views and Searches Switch-Level MAC-Address Viewing and Searching. This feature lets you determine which switch port is being used to communicate with a specific device on the network. The listing includes: ■ The MAC addresses that the switch has learned from network devices attached to the switch ■ The port on which each MAC address was learned From the Main Menu, select: 1. Status and Counters 5.
Monitoring and Analyzing Switch Operation Status and Counters Data 2. Type the MAC address you want to locate and press [Enter]. The address and port number are highlighted if found. If the switch does not find the address, it leaves the MAC address listing empty. Located MAC Address and Corresponding Port Number Figure 10-8. Example of Menu Indicating Located MAC Address Monitoring and Analyzing Switch Operation Port-Level MAC Address Viewing and Searching.
Monitoring and Analyzing Switch Operation Status and Counters Data Enter MAC address: _ 2. Type the MAC address you want to locate and press [Enter]. The address is highlighted if found. If the switch does not find the address, it leaves the MAC address listing empty.
Monitoring and Analyzing Switch Operation Status and Counters Data Spanning Tree Protocol (STP) Information Menu Access to STP Data From the Main Menu, select: 1. Status and Counters . . . 7. Spanning Tree Information Monitoring and Analyzing Switch Operation STP must be enabled on the switch to display the following data: Figure 10-10.Example of Spanning Tree Information Use this screen to determine current switch-level STP parameter settings and statistics.
Monitoring and Analyzing Switch Operation Status and Counters Data Monitoring and Analyzing Switch Operation Figure 10-11.Example of STP Port Information CLI Access to STP Data This option lists the STP configuration, root data, and per-port data (cost, priority, state, and designated bridge).
Monitoring and Analyzing Switch Operation Status and Counters Data Internet Group Management Protocol (IGMP) Status Monitoring and Analyzing Switch Operation The switch uses the CLI to display the following IGMP status on a per-VLAN basis: Show Command Output show ip igmp Global command listing IGMP status for all VLANs configured in the switch: • VLAN ID (VID) and name • Active group addresses per VLAN • Number of report and query packets per group • Querier access port per VLAN show ip igmp
Monitoring and Analyzing Switch Operation Status and Counters Data VLAN Information The switch uses the CLI to display the following VLAN status: Output show vlan Lists: • Maximum number of VLANs to support • Existing VLANs • Status (static or dynamic) • Primary VLAN show vlan For the specified VLAN, lists: • Name, VID, and status (static/dynamic) • Per-Port mode (tagged, untagged, forbid, no/auto) • “Unknown VLAN” setting (Learn, Block, Disable) • Port status (up/down) Monitoring and Analy
Monitoring and Analyzing Switch Operation Status and Counters Data Listing the VLAN ID (VID) and Status for Specific Ports. Because ports 1 and 2 are not members of VLAN-44, it does not appear in this listing. Figure 10-14.Example of VLAN Listing for Specific Ports Monitoring and Analyzing Switch Operation Listing Individual VLAN Status.
Monitoring and Analyzing Switch Operation Status and Counters Data Web Browser Interface Status Information The “home” screen for the web browser interface is the Status Overview screen, as shown below. As the title implies, it provides an overview of the status of the switch, including summary graphs indicating the network utilization on each of the switch ports, symbolic port status indicators, and the Alert Log, which informs you of any problems that may have occurred on the switch.
Monitoring and Analyzing Switch Operation Port Monitoring Features Port Monitoring Features Port Monitoring Features Feature Default Menu CLI Web display monitoring configuration disabled page 10-21 page 10-23 page 10-25 Monitoring and Analyzing Switch Operation configure the monitor port(s) ports: none page 10-21 page 10-24 page 10-25 or VLAN VLANs: DEFAULT_VLAN selecting or removing ports or VLANs none selected page 10-21 page 10-24 page 10-25 You can designate a port for monitoring traffic o
Monitoring and Analyzing Switch Operation Port Monitoring Features Menu: Configuring Port Monitoring This procedure describes configuring the switch for monitoring when monitoring is disabled. (If monitoring has already been enabled, the screens will appear differently than shown in this procedure.) 1. From the Console Main Menu, Select: 2. Switch Configuration... 3. Network Monitoring Port Monitoring and Analyzing Switch Operation Enable monitoring by setting this parameter to “Yes”. Figure 10-16.
Monitoring and Analyzing Switch Operation Port Monitoring Features Monitoring and Analyzing Switch Operation Move the cursor to the Monitoring Port parameter. Figure 10-17. How To Select a Monitoring Port 10-22 5. Use the Space bar to select the port to use for monitoring, then press the downarrow key to select the Monitor parameter. (The default setting is Ports, which you will use if you want to monitor one or more individual ports on the switch.) 6.
Monitoring and Analyzing Switch Operation Port Monitoring Features iv. Press [Enter], then press [S] (for Save) to save your changes and exit from the screen. Note: This screen appears instead of the one in figure 10-17 if the Monitor parameter is set to VLAN Example of a VLAN Monitoring Parameter Monitoring and Analyzing Switch Operation Figure 10-18.Example of Selecting a VLAN to Monitor 7. Return to the Main Menu.
Monitoring and Analyzing Switch Operation Port Monitoring Features Port receiving monitored traffic. Monitored Ports Figure 10-19.Example of Monitored Port Listing Monitoring and Analyzing Switch Operation Configuring the Monitor Port. This command assigns or removes a monitoring port, and must be executed from the global configuration level. Removing the monitor port disables port monitoring and resets the monitoring parameters to their factory-default settings.
Monitoring and Analyzing Switch Operation Port Monitoring Features From the global config level, removes ports or VLAN as monitoring sources. From the interface or VLAN context level, removes the ports or VLAN as monitoring sources. Figure 10-21.Examples of Removing Ports and VLANs as Monitoring Sources Web: Configuring Port Monitoring 1. Click on the Configuration tab. 2. Click on [Monitor Port]. 3. Do either of the following: 4. • To monitor a VLAN: i.
Monitoring and Analyzing Switch Operation Monitoring and Analyzing Switch Operation Port Monitoring Features 10-26
11 Troubleshooting This chapter addresses performance-related network problems that can be caused by topology, switch configuration, and the effects of other devices or their configurations on switch operation. (For switch-specific information on hardware problems indicated by LED behavior, cabling requirements, and other potential hardware-related problems, refer to the installation guide you received with the switch.
Troubleshooting Troubleshooting Approaches Troubleshooting Approaches Use these approaches to diagnose switch problems: ■ Check the switch LEDs for indications of proper switch operation: • Each switch port has a Link LED that should light whenever an active network device is connected to the port. • Problems with the switch hardware and software are indicated by flashing the Fault and other switch LEDs.
Troubleshooting Browser or Console Access Problems Browser or Console Access Problems Cannot access the web browser interface: ■ Access may be disabled by the Web Agent Enabled parameter in the switch console. Check the setting on this parameter by selecting: 2. Switch Configuration . . . 1. System Information ■ The switch may not have the correct IP address, subnet mask or gateway. Verify by connecting a console to the switch’s Console port and selecting: 2. Switch Configuration . . . 1.
Troubleshooting Browser or Console Access Problems Cannot Telnet into the switch console from a station on the network: ■ Telnet access may be disabled by the Inbound Telnet Enabled parameter in the System Information screen of the menu interface: 2. Switch Configuration 1. System Information ■ The switch may not have the correct IP address, subnet mask, or gateway. Verify by connecting a console to the switch’s Console port and selecting: 2. Switch Configuration 5.
Troubleshooting Unusual Network Activity Unusual Network Activity Network activity that exceeds accepted norms may indicate a hardware problem with one or more of the network components, possibly including the switch. Unusual network activity is usually indicated by the LEDs on the front of the switch or measured with the switch console interface or with a network management tool such as EliteView.
Troubleshooting Unusual Network Activity IP addresses that will expire after a limited duration. One solution is to configure “reservations” in the DHCP server for specific IP addresses to be assigned to devices having specific MAC addresses. For more information, refer to the documentation for the DHCP server.
Troubleshooting Unusual Network Activity Problems Related to Spanning-Tree Protocol (STP) Caution If you enable STP, it is recommended that you leave the remainder of the STP parameter settings at their default values until you have had an opportunity to evaluate STP performance in your network. Because incorrect STP settings can adversely affect network performance, you should avoid making changes without having a strong understanding of how STP operates.
Troubleshooting Unusual Network Activity VLAN-Related Problems Monitor Port. When using the monitor port in a multiple VLAN environment, it can be useful to know how broadcast, multicast, and unicast traffic is tagged. The following table describes the tagging to expect.
Troubleshooting Unusual Network Activity 1. If VLAN_1 (VID=1) is configured as “Untagged” on port 3 on switch “X”, then it must also be configured as “Untagged” on port 7 on switch “Y”. Make sure that the VLAN ID (VID) is the same on both switches. 2. Similarly, if VLAN_2 (VID=2) is configured as “Tagged on the link port on switch “A”, then it must also be configured as “Tagged” on the link port on switch “B”. Make sure that the VLAN ID (VID) is the same on both switches.
Troubleshooting Using the Event Log To Identify Problem Sources Using the Event Log To Identify Problem Sources The Event Log records operating events as single-line entries listed in chronological order, and serves as a tool for isolating problems. Each Event Log entry is composed of five fields: Severity I Date 08/05/98 Time System Module 10:52:32 ports: Event Message port 1 enabled Severity is one of the following codes: I (information) indicates routine events.
Troubleshooting Using the Event Log To Identify Problem Sources Table 11-1.
Troubleshooting Using the Event Log To Identify Problem Sources The log status line at the bottom of the display identifies where in the sequence of event messages the display is currently positioned. To display various portions of the Event Log, either preceding or following the currently visible portion, use either the actions listed at the bottom of the display (Next page, Prev page, or End), or the keys described in the following table: Troubleshooting Table 11-2.
Troubleshooting Diagnostic Tools Diagnostic Tools Diagnostic Features Feature Default PingTest n/a Link Test Menu CLI Web — page 11-15 page 11-14 n/a — page 11-15 page 11-14 Display Config File n/a — page 11-17 page 11-17 Admin. and Troubleshooting Commands n/a — page 11-18 — Factory-Default Config page 11-19 (Buttons) — page 11-19 — Ping and Link Tests Note To respond to a Ping test or a Link test, the device you are trying to reach must be IEEE 802.3-compliant. Ping Test.
Troubleshooting Diagnostic Tools Web: Executing Ping or Link Tests 1. Click here. 2. Click here. 3. Select Ping Test (the default) or Link Test Troubleshooting 4. For a Ping test, enter the IP address of the target device. For a Link test, enter the MAC address of the target device. 6. Click on Start to begin the test. 5. Select the number of tries (packets) and the timeout for each try from the drop-down Figure 11-12.
Troubleshooting Diagnostic Tools Number of Packets to Send is the number of times you want the switch to attempt to test a connection. Timeout in Seconds is the number of seconds to allow per attempt to test a connection before determining that the current attempt has failed. To halt a Link or Ping test before it concludes, click on the Stop button. To reset the screen to its default settings, click on the Defaults button. CLI: Ping or Link Tests Ping Tests.
Troubleshooting Diagnostic Tools Link Tests. You can issue single or multiple link tests with varying repititions and timeout periods. The defaults are: ■ Repetitions: 1 (1 - 9999) ■ Timeout: 5 seconds (1 - 256 seconds) Syntax: link [repetitions <1 - 999>] [timeout <1 - 256>] Basic Link Test Link Test with Repetitions Troubleshooting Link Test with Repetitions and Timeout Link Test Over a Specific VLAN Link Test Over a Specific VLAN; Test Fail Figure 11-14.
Troubleshooting Diagnostic Tools Displaying the Configuration File The complete switch configuration is contained in a file that you can browse from either the web browser interface or the CLI. It may be useful in some troubleshooting scenarios to view the switch configuration. CLI: Viewing the Configuration File Using the CLI, you can display either the running configuration or the startup configuration. (For more on these topics, see appendix C, “Switch Memory and Configuration”.
Troubleshooting Diagnostic Tools CLI Administrative and Troubleshooting Commands These commands provide information or perform actions that you may find helpful in troubleshooting operating problems with the switch. Note For more on the CLI, refer to chapter 3, “Using the Command Line Reference (CLI).” Troubleshooting Syntax: 11-18 show version Shows the software version currently running on the switch. show boot-history Displays the switch shutdown history.
Troubleshooting Restoring the Factory-Default Configuration Restoring the Factory-Default Configuration As part of your troubleshooting process, it may become necessary to return the switch configuration to the factory default settings. This process momentarily interrupts the switch operation, clears any passwords, clears the console event log, resets the network counters to zero, performs a complete self test, and reboots the switch into its factory default configuration including deleting an IP address.
Troubleshooting Troubleshooting Restoring the Factory-Default Configuration 11-20
A You can download new switch software (operating system—OS) and upload or download switch configuration files. These features are useful for acquiring periodic switch software upgrades and for storing or retrieving a switch configuration.
Transferring an Operating System or Startup Configuration File Downloading an Operating System (OS) Transferring an Operating System or Startup Using TFTP To Download the OS File from a Server This procedure assumes that: ■ An OS file for the switch has been stored on a TFTP server accessible to the switch. (The OS file is typically available from SMC’s web site— http://www.smc.com.
Transferring an Operating System or Startup Configuration File Downloading an Operating System (OS) Menu: TFTP Download from a Server In the console Main Menu, select Download OS to display this screen: Figure A-1. Example of the Download OS Screen (Default Values) 2. Press [E] (for Edit). 3. Ensure that the Method field is set to TFTP (the default). 4. In the TFTP Server field, type in the IP address of the TFTP server in which the OS file has been stored. 5.
Transferring an Operating System or Startup Configuration File Downloading an Operating System (OS) Transferring an Operating System or Startup A “progress” bar indicates the progress of the download. When the entire operating system has been received, all activity on the switch halts and you will see Validating and writing system software to FLASH... followed by Transfer completed.
Transferring an Operating System or Startup Configuration File Downloading an Operating System (OS) Ensure that the Method parameter is set to TFTP (the default). 3. In the TFTP Server field, enter the IP address of the remote SMC6624M switch containing the OS you want to download. 4. Enter “flash” for the Remote File Name. (Type “flash” in lowercase characters.) 5. Press [Enter], then [X] (for eXecute) to begin the OS download. 6. A “progress” bar indicates the progress of the download.
Transferring an Operating System or Startup Configuration File Downloading an Operating System (OS) Transferring an Operating System or Startup Using Xmodem to Download the OS File From a PC This procedure assumes that: ■ The switch is connected via the Console RS-232 port on a PC operating as a terminal. (Refer to the Installation Guide you received with the switch for information on connecting a PC as a terminal and running the switch console interface.
Transferring an Operating System or Startup Configuration File Downloading an Operating System (OS) For example, to download an OS file named F_01_03.swi from a PC: Execute the following command in the CLI: 2. Execute the terminal emulator commands to begin the Xmodem transfer. The download can take several minutes, depending on the baud rate used in the transfer. When the download finishes, the switch automatically reboots itself and begins running the new OS version. 3.
Transferring an Operating System or Startup Transferring an Operating System or Startup Configuration File Troubleshooting TFTP Downloads Troubleshooting TFTP Downloads If a TFTP download fails, the Download OS screen indicates the failure. Message Indicating cause of TFTP Download Failure Figure A-4.
Transferring an Operating System or Startup Configuration File Transferring Switch Configurations ■ If an error occurs in which normal switch operation cannot be restored, the switch automatically reboots itself. In this case, an appropriate message is displayed in the copyright screen that appears after the switch reboots.
Transferring an Operating System or Startup Configuration File Transferring Switch Configurations Transferring an Operating System or Startup TFTP: Copying a Configuration to a Remote Host. Syntax: copy startup-config tftp This command copies the switch’s startup configuration (startup-config file) to a remote TFTP host.
Transferring an Operating System or Startup Configuration File Transferring Switch Configurations Syntax: copy xmodem startup-config For example, to copy a configuration file from a PC serially connected to the switch: 1. Execute the following command: 2. After you see the above prompt, press [Enter]. 3. Execute the terminal emulator commands to begin the file transfer. When the file transfer finishes, the switch automatically reboots itself with the new configuration.
Transferring an Operating System or Startup Transferring an Operating System or Startup Configuration File Transferring Switch Configurations A-12
B MAC Address Management ■ ■ For management functions: • One Base MAC address assigned to the default VLAN (VID = 1) • Additional MAC address(es) corresponding to additional VLANs you configure in the switch For internal switch operations: One MAC address per port (See “CLI: Viewing the Port and VLAN MAC Addresses” on page B-3.) MAC addresses are assigned at the factory. The switch automatically implements these addresses for VLANs and ports as they are added to the switch.
MAC Address Management Determining MAC Addresses Menu: Viewing the Switch’s MAC Addresses MAC Address Management The Management Address Information screen lists the MAC addresses for: ■ Base switch (default VLAN; VID = 1) ■ Any additional VLANs configured on the switch. Also, the Base MAC address appears on a label on the back of the switch. Note The Base MAC address is used by the first (default) VLAN in the switch.
MAC Address Management Determining MAC Addresses CLI: Viewing the Port and VLAN MAC Addresses Note This procedure displays the MAC addresses for all ports and existing VLANs in the switch, regardless of which VLAN you select. 1. If the switch is at the CLI Operator level, use the enable command to enter the Manager level of the CLI. 2.
MAC Address Management MAC Address Management Determining MAC Addresses B-4
C Switch Memory and Configuration This appendix describes the following: ■ How switch memory manages configuration changes ■ How the CLI implements configuration changes ■ How the menu interface and web browser interface implement configuration changes The switch maintains two configuration files, the running-config file and the startup-config file. Volatile Memory Running-Config File (Controls switch operation.
Switch Memory and Configuration Overview of Configuration File Management ■ Startup-config File: Exists in flash (non-volatile) memory and is used to preserve the most recently-saved configuration as the “permanent” configuration. Rebooting the switch replaces the current running-config file with a new running-config file that is an exact copy of the current startup-config file.
Switch Memory and Configuration Using the CLI To Implement Configuration Changes The above command disables port 5 in the running-config file, but not in the startup-config file. Port 5 remains disabled only until the switch reboots. If you want port 5 to remain disabled through the next reboot, use write memory to save the current running-config file to the startup-config file in flash memory. SMC TigerSwitch 10/100(config)# write memory Storing and Retrieving Configuration Files.
Switch Memory and Configuration Using the CLI To Implement Configuration Changes 2. Use the appropriate show commands to verify that you have correctly made the desired changes. 3. Observe the switch’s performance with the new parameter settings to verify the effect of your changes. 4. When you are satisfied that you have the correct parameter settings, use the write memory command to copy the changes to the startup-config file.
Switch Memory and Configuration Using the CLI To Implement Configuration Changes If you use the CLI to change a parameter setting, and then execute the boot command without first executing the write memory command to save the change, the switch prompts you to specify whether to save the changes in the current running-config file. For example: Disables port 1 in the running configuration, which causes port 1 to block all traffic.
Switch Memory and Configuration Using the Menu and Web Browser Interfaces To Implement Configuration Changes How To Reset the startup-config and running-config Files to the Factory Default Configuration. This command reboots the switch, replacing the contents of the current startup-config and running-config files with the factory-default startup configuration.
Switch Memory and Configuration Using the Menu and Web Browser Interfaces To Implement Configuration Changes Note The only exception to this operation are two VLAN-related parameter changes that require a reboot—described under “Rebooting To Activate Configuration Changes” on page C-8. Using Save and Cancel in the Menu Interface For any configuration screen in the menu interface, the Save command: 1. Implements the changes in the running-config file 2.
Switch Memory and Configuration Using the Menu and Web Browser Interfaces To Implement Configuration Changes face, the switch discards the configuration changes made while using the CLI. To ensure that changes made while using the CLI are saved, execute write memory in the CLI before rebooting the switch.
Switch Memory and Configuration Using the Menu and Web Browser Interfaces To Implement Configuration Changes (To access these parameters, go to the Main menu and select 2. Switch Configuration, then 8. VLAN Menu, then 1. VLAN Support.) If configuration changes requiring a reboot have been made, the switch displays an asterisk (*) next to the menu item in which the change has been made.
Switch Memory and Configuration Switch Memory and Configuration Using the Menu and Web Browser Interfaces To Implement Configuration Changes C-10
D Daylight Savings Time The SMC6624M switch provides a way to automatically adjust the system clock for Daylight Savings Time (DST) changes. In addition to the value “none” (no time changes), there are five pre-defined settings, named: ■ Alaska ■ Canada and Continental US ■ Middle Europe and Portugal ■ Southern Hemisphere ■ Western Europe The pre-defined settings follow these rules: Alaska: Begin DST at 2am the first Sunday on or after April 24th.
Daylight Savings Time Daylight Savings Time Figure D-1. Menu Interface with “User-Defined” Daylight Time Rule Option Before configuring a “User defined” Daylight Time Rule, it is important to understand how the switch treats the entries. The switch knows which dates are Sundays, and uses an algorithm to determine on which date to change the system clock, given the configured “Beginning day” and “Ending day”: ■ If the configured day is a Sunday, the time changes at 2am on that day.
Numerics 802.1Q VLAN standard … 9-99 802.
Index quick … 2-7 restoring factory defaults … 11-19 saving from menu interface … 2-9 serial link … 5-15 SNMP … 8-3, 8-5 spanning tree … 9-99 spanning tree protocol … 9-105 startup … 2-9 system … 5-20 Telnet access configuration … 5-15 transferring … A-9 trap receivers … 8-9 viewing … C-3 VLAN … 9-48 web browser access … 5-15 configuration file browsing for troubleshooting … 11-17 connection inactivity time … 7-3 console … 11-5 configuring … 5-15 ending a session … 2-4 features … 1-2 Main menu … 2-6 naviga
G H GARP See GVRP gateway … 5-2, 5-4 gateway (IP) address … 5-3, 5-5 GVRP advertisement … 9-75, 9-87 advertisement, defined … 9-74 advertisement, responses to … 9-76 advertisements, generating … 9-80 auto … 9-79 benefit … 9-74 block … 9-78 BPDU … 9-75 CLI, configuring … 9-83 common VID required … 9-75 configurable port options … 9-77 configuring learn, block, disable … 9-78 convert dynamic to static … 9-77 converting to static VLAN … 9-74 disable … 9-78 dynamic VLAN and reboots … 9-86 dynamic VLANs always
configuration … 5-2 DHCP/Bootp … 5-2 duplicate address … 11-5 duplicate address, DHCP network … 11-5 effect when address not used … 5-9 gateway … 5-2 gateway (IP) address … 5-3 global assignment … 5-14 globally assigned addressing … 5-14 menu access … 5-4 stacking … 5-4 subnet mask … 5-2, 5-6 using for web browser interface … 4-4 web access … 5-9 IP host-only … 9-73 IP masks building … 7-34 for multiple authorized manager stations … 7-35 for single authorized manager station … 7-34 operation … 7-30 IP, for
multicast group See IGMP multimedia See IGMP multiple VLAN … 8-1 multi-port bridge … 5-1 N navigation, console interface … 2-8–2-9 navigation, event log … 11-12 Netscape … 4-4 network management functions … 8-4 network manager address … 8-3 network monitoring traffic overload … 10-20 VLAN monitoring parameter … 10-23 Network Monitoring Port screen … 10-20 network slow … 11-5 notes on using VLANs … 9-54 O P password … 4-7–4-8 browser/console access … 7-3 case-sensitive … 7-4 creating … 4-7 delete … 2-6, 4
Index operating notes … 7-26 overview … 7-7 port trunk restriction … 6-10 prior to … 7-27 proxy web server … 7-27 trunk restriction … 6-14 port trunk … 6-9 bandwidth capacity … 6-9 caution … 6-10, 6-15, 6-22 CLI access … 6-17 default trunk type … 6-16 enabling dynamic LACP … 6-21 FEC … 6-12, 6-26 IGMP … 6-14 LACP … 6-3 LACP, full duplex required … 6-10 limit … 6-9 link requirements … 6-10 media requirements … 6-13 media type … 6-10 menu access to static trunk … 6-15 monitor port restrictions … 6-14 noncons
statistical sampling … 8-1 statistics … 2-6, 10-2 statistics, clear counters … 2-11, C-8 status and counters access from console … 2-6 status and counters menu … 10-3 status overview screen … 4-5 STP See spanning tree.
Index traffic analysis … 8-1 traffic monitoring … 8-1, 8-4 traffic, monitoring … 10-20 traffic, port … 10-7 transceiver, fiber-optic … 6-3 transceiver, speed change … 6-3 trap authentication … 8-9 authentication trap … 8-11 CLI access … 8-10 event levels … 8-9 limit … 8-9 receiver … 8-9 SNMP … 8-9 Trap Receivers Configuration screen … 8-9 trap receiver … 8-3, 8-9 configuring … 8-11 troubleshooting approaches … 11-2 authorized IP managers … 7-37 browsing the configuration file … 11-17 console access problem
primary, CLI command … 9-61, 9-63 primary, select in menu … 9-56 primary, web configure … 9-66 primary, with DHCP … 9-54 reboot required … 2-7 restrictions … 9-73 See GVRP spanning tree operation … 9-107 stacking, primary VLAN … 9-52 static … 9-48, 9-52, 9-55, 9-60 support enable/disable … 2-7 switch capacity … 9-48 tagged … 9-49 tagging … 9-67, 9-69 tagging broadcast, multicast, and unicast traffic … 11-8 unknown VLAN … 9-80 untagged … 9-50, 9-59 VID … 9-48, 9-69 VID, default VLAN … 9-52 VLAN already exist
Index 10 – Index
FOR TECHNICAL SUPPORT, CALL: From U.S.A. and Canada (24 hours, 7 days a week) (800) SMC-4-YOU; (949) 707-2400; (949) 707-2460 (Fax) From Europe (8:00 AM - 5:30 PM UK Greenwich Mean Time) 44 (0) 1188 748740; 44 (0) 1189 748741 (Fax) INTERNET E-mail addresses: techsupport@smc.com european.techsupport@smc-europe.com Driver updates: http://www.smc.com/support.html World Wide Web: http://www.smc.com/ FTP Site: ftp.smc.com FOR LITERATURE OR ADVERTISING RESPONSE, CALL: U.S.A.
