MAGNUM 6K FAMILY OF SWITCHES
Managed Network Software (MNS) for Magnum 6K family of Switches
– MNS-6K
Release 3.7.1
CLI User Guide
Preface
This guide describes how to use the Command Line Interface (CLI) for the Magnum 6K family of switches. For the Web Management Interface please refer to the Web Management Guide.
Some simple guidelines which will be useful for configuring and using the Magnum 6K family of switches -
If you need information on a specific command in the CLI, type the command name after you type the word “help” (help <command> ) or just type <command> [Enter].
If you need information on a specific feature in Web Management Interface, use the online help provided in the interface.
If you need further information or data sheets on GarrettCom Magnum 6K family of switches, refer to the GarrettCom web links at:
http://www.garrettcom.com/managed_switches.htm (except MP62 switch shown on the page)
GarrettCom Inc.
47823 Westinghouse Drive
Fremont, CA 94539-7437
Phone (510) 438-9071• Fax (510) 438-9072 Email – Tech support – support@garrettcom.com Email – Sales – sales@garrettcom.com
WWW – http://www.garrettcom.com/
i
Trademarks
GarrettCom Inc. reserves the right to change specifications, performance characteristics and/or model offerings without notice. GarrettCom, Magnum, S-Ring, Link-Loss-Learn, Converter Switch, Convenient Switch and Personal Switch are trademarks and Personal Hub is a registered trademark of GarrettCom, Inc.
NEBS is a registered trademark of Telcordia Technologies.
UL is a registered trademark of Underwriters Laboratories.
Ethernet is a trademark of Xerox Corporation.
Copyright © 2007 GarrettCom, Inc. All rights reserved. No part of this publication may be reproduced without prior written permission from GarrettCom, Inc.
Printed in the United States of America.
Part #: 84-00131
PK-040207
ii
Table of Contents
1 – Conventions Followed............................................................... |
18 |
Flow of the User Guide .......................................................... |
19 |
2 – Getting Started ............................................................................ |
22 |
Before starting .......................................................................... |
22 |
MNS-6K Software Updates ....................................................... |
23 |
Console connection ................................................................. |
23 |
Console setup............................................................................ |
24 |
Console screen.......................................................................... |
24 |
Logging in for the first time ................................................... |
25 |
Setting the IP parameters........................................................ |
25 |
Privilege levels........................................................................... |
28 |
Operator Privileges...................................................................... |
28 |
Manager Privileges....................................................................... |
28 |
User management..................................................................... |
28 |
Add User....................................................................................... |
29 |
Delete User................................................................................... |
29 |
Modify Password ......................................................................... |
29 |
Modify the Privilege Level ......................................................... |
29 |
Modify Access Privileges for a user .......................................... |
30 |
Help............................................................................................ |
31 |
Displaying Help for an Individual Command......................... |
31 |
Viewing options for a command............................................... |
31 |
Context help................................................................................. |
32 |
Exiting........................................................................................ |
33 |
iii |
|
List of commands in this chapter .......................................... |
33 |
3 – IP Address and System Information..................................... |
35 |
IP Addressing............................................................................... |
35 |
Importance of an IP address .................................................. |
35 |
DHCP and bootp ........................................................................ |
36 |
Bootp Database ........................................................................... |
36 |
Configuring Auto/DHCP/Bootp/Manual ............................. |
37 |
Using Telnet ................................................................................. |
38 |
Setting serial port parameters ................................................. |
40 |
System parameters.................................................................... |
41 |
Date and time............................................................................ |
43 |
Network time............................................................................ |
44 |
Saving and loading configuration .......................................... |
45 |
Config files.................................................................................... |
48 |
Displaying configuration......................................................... |
50 |
Erasing configuration .............................................................. |
53 |
Displaying Serial Number....................................................... |
54 |
List of commands in this chapter .......................................... |
55 |
Other commands ..................................................................... |
57 |
4 – IPv6 ................................................................................. |
59 |
Assumptions................................................................................. |
59 |
Introduction to IPv6................................................................ |
59 |
What’s changed in IPV6?........................................................ |
60 |
IPv6 Addressing ....................................................................... |
61 |
Configuring IPv6...................................................................... |
61 |
List of commands in this chapter .......................................... |
62 |
5 – Access Considerations .................................................... |
64 |
Securing access............................................................................. |
64 |
Passwords .................................................................................. |
64 |
Port Security.............................................................................. |
65 |
iv |
|
Network security.......................................................................... |
65 |
Configuring Port Security........................................................... |
65 |
Logs ............................................................................................ |
71 |
Authorized managers............................................................... |
73 |
List of commands in this chapter .......................................... |
75 |
6 – Access Using RADIUS ................................................... |
77 |
RADIUS ....................................................................................... |
77 |
802.1x ......................................................................................... |
77 |
Configuring 802.1x................................................................... |
80 |
List of commands in this chapter .......................................... |
85 |
7 – Access Using TACACS+ ................................................ |
87 |
TACACS – flavors and history.................................................. |
87 |
TACACS+ Flow....................................................................... |
88 |
TACACS+ Packet.................................................................... |
89 |
Configuring TACACS+ .......................................................... |
89 |
List of commands in this chapter .......................................... |
91 |
8 – Port Mirroring and Setup................................................ |
93 |
Port monitoring and mirroring.................................................. |
93 |
Port mirroring........................................................................... |
93 |
Port setup .................................................................................. |
94 |
Speed settings............................................................................... |
95 |
Flow Control ................................................................................ |
96 |
Back Pressure ............................................................................... |
97 |
Broadcast Storms......................................................................... |
99 |
Preventing broadcast storms ................................................ |
100 |
Port Rate limiting for broadcast traffic............................... |
101 |
List of commands in this chapter ........................................ |
101 |
9 – VLAN............................................................................ |
103 |
Why VLANs?............................................................................. |
103 |
Tag VLAN or Port VLAN? ................................................. |
105 |
v |
|
Private VLANs ....................................................................... |
106 |
Using Port VLANs ................................................................ |
107 |
Creating VLANs..................................................................... |
107 |
Using Tag VLANs ................................................................. |
111 |
Tag VLANs and Management ............................................. |
118 |
List of commands in this chapter ........................................ |
121 |
10 – Spanning Tree Protocol (STP).................................... |
123 |
STP features and operation...................................................... |
123 |
Using STP................................................................................ |
124 |
List of commands in this chapter ........................................ |
134 |
11 – Rapid Spanning Tree Protocol (RSTP)....................... |
135 |
RSTP concepts........................................................................... |
135 |
Transition from STP to RSTP ............................................. |
136 |
Configuring RSTP.................................................................. |
137 |
List of commands in this chapter ........................................ |
147 |
12 – RS-Ring™, S-Ring™ and Link-Loss-Learn™ (LLL) 149 |
|
S-Ring and LLL concepts......................................................... |
150 |
RS-Ring concepts ...................................................................... |
151 |
When to use RS-Ring vs S-Ring .......................................... |
152 |
Comparing resiliency methods............................................. |
153 |
RSTP/STP Operation without RS-Ring or S-Ring .......... |
154 |
RSTP/STP Operation with S-Ring ..................................... |
156 |
LLL with S-Ring..................................................................... |
158 |
Ring learn features.................................................................. |
158 |
Configuring S-Ring ................................................................ |
159 |
RSTP Operation with RS-Ring ............................................ |
162 |
Configuring RS-Ring ............................................................. |
164 |
List of commands in this chapter ........................................ |
166 |
13 – Dual-Homing.............................................................. |
168 |
vi |
|
Dual-Homing concepts ............................................................ |
168 |
Dual-Homing Modes............................................................. |
171 |
Configuring Dual-Homing ................................................... |
171 |
List of commands in this chapter ........................................ |
173 |
14 – Link Aggregation Control Protocol (LACP) ............... |
174 |
LACP concepts.......................................................................... |
174 |
LACP Configuration.............................................................. |
175 |
List of commands in this chapter ........................................ |
185 |
15 – Quality of Service ........................................................ |
186 |
QoS concepts ............................................................................. |
186 |
DiffServ and QoS................................................................... |
187 |
IP Precedence ......................................................................... |
188 |
Configuring QoS .................................................................... |
189 |
List of commands in this chapter ........................................ |
193 |
16 – IGMP........................................................................... |
195 |
IGMP concepts.......................................................................... |
195 |
IGMP-L2................................................................................. |
199 |
Configuring IGMP................................................................. |
202 |
List of commands in this chapter ........................................ |
207 |
17 – GVRP........................................................................... |
209 |
GVRP concepts ......................................................................... |
209 |
GVRP Operations.................................................................. |
210 |
Configuring GVRP ................................................................ |
215 |
GVRP Operations Notes...................................................... |
216 |
List of commands in this chapter ........................................ |
217 |
18 – SNMP.......................................................................... |
218 |
SNMP concepts ......................................................................... |
218 |
Traps......................................................................................... |
220 |
Standards ................................................................................. |
220 |
vii |
|
Configuring SNMP ................................................................ |
221 |
Configuring RMON .............................................................. |
230 |
List of commands in this chapter ........................................ |
231 |
19 – Miscellaneous Commands .......................................... |
235 |
Alarm Relays ........................................................................... |
235 |
Email ........................................................................................ |
239 |
Serial Connectivity ................................................................. |
244 |
Miscellaneous commands ..................................................... |
245 |
Prompt ..................................................................................... |
246 |
Ping........................................................................................... |
247 |
FTP modes.............................................................................. |
248 |
System Events......................................................................... |
248 |
MAC Address Table .............................................................. |
253 |
List of commands in this chapter ........................................ |
254 |
APPENDIX 1 - Command listing by Chapter .................. |
257 |
Chapter 2 – Getting Started.................................................. |
257 |
Chapter 3 – IP Address and System Information............. |
258 |
Chapter 4 – IPv6 .................................................................... |
261 |
Chapter 5 – Access Considerations..................................... |
262 |
Chapter 6 – Access Using Radius........................................ |
263 |
Chapter 7 – Access using TACACS+................................. |
264 |
Chapter 8 – Port mirroring and setup................................. |
265 |
Chapter 9 - VLAN ................................................................. |
266 |
Chapter 10 – Spanning Tree Protocol (STP)..................... |
267 |
Chapter 11 – Rapid Spanning Tree Protocol..................... |
267 |
Chapter 12 – RS-Ring, S-Ring and Link-Loss-Learn ....... |
268 |
Chapter 13 – Dual-Homing.................................................. |
270 |
Chapter 14 – Link Aggregation Control Protocol (LACP)270 |
|
Chapter 15 – Quality of Service........................................... |
270 |
viii |
|
Chapter 16 - IGMP................................................................ |
271 |
Chapter 17 - GVRP ............................................................... |
272 |
Chapter 18 – SNMP .............................................................. |
272 |
Chapter 19 – Miscellaneous Commands ............................ |
275 |
APPENDIX 2 - Commands sorted alphabetically............ |
278 |
APPENDIX 3 - Daylight Savings ...................................... |
299 |
Daylight Savings Time........................................................... |
299 |
APPENDIX 4 – Updating MNS-6K Software.................... |
301 |
1. Getting Started ...................................................... |
302 |
Selecting the proper version ................................................. |
303 |
Downloading the MNS-6K software.................................. |
303 |
Next steps................................................................................ |
307 |
2. Preparing to load the software.............................. |
308 |
Accessing the switch.............................................................. |
308 |
Serial Connection....................................................................... |
308 |
Network Access......................................................................... |
309 |
Saving the Configuration ...................................................... |
309 |
Serial Connection....................................................................... |
310 |
Network Access......................................................................... |
312 |
Next steps................................................................................ |
313 |
3. Loading the MNS-6K software ............................. |
314 |
Before loading the MNS-6K software................................ |
314 |
Accessing the switch.............................................................. |
314 |
Serial Connection....................................................................... |
315 |
Network Access......................................................................... |
316 |
Next steps................................................................................ |
317 |
4. (Optional Step) Restoring the configuration........ |
318 |
Accessing the switch.............................................................. |
318 |
Reloading the configuration ................................................. |
318 |
ix |
|
Updating boot code over the network................................ |
319 |
Index................................................................................... |
321 |
x
List of Figures |
|
|
FIGURE 1 - HyperTerminal screen showing the serial settings................................................................. |
24 |
|
FIGURE 2 - Prompt indicating the switch model number as well as mode of operation – note the |
|
|
commands to switch between the levels is not shown here.............................................................. |
25 |
|
FIGURE 3 - Setting IP address on the switch ......................................................................................... |
26 |
|
FIGURE 4 - Rebooting the switch .......................................................................................................... |
27 |
|
FIGURE 5 - Viewing the basic setup parameters. You can use ‘show setup’ or ‘show sysconfig’ to |
|
|
view setup parameters ................................................................................................................ |
27 |
|
FIGURE 6 - Switching users and privilege levels. Note the prompt changes with the new privilege |
|
|
level. ......................................................................................................................................... |
|
28 |
FIGURE 7 - Adding a user with Manager level privilege ....................................................................... |
29 |
|
FIGURE 8 - Deleting a user ................................................................................................................. |
29 |
|
FIGURE 9 - Changing the password for a specific user........................................................................... |
29 |
|
FIGURE 10 - Changing the privilege levels for a user ............................................................................. |
30 |
|
FIGURE 11 – Creating user access privileges........................................................................................... |
30 |
|
FIGURE 12 - |
Help command.............................................................................................................. |
31 |
FIGURE 13 - |
Help for a specific command........................................................................................... |
31 |
FIGURE 14 - Options for the ‘show’ command...................................................................................... |
32 |
|
FIGURE 15 - Listing commands available (at the operator level) ........................................................... |
32 |
|
FIGURE 16 - Listing commands starting with a specific character .......................................................... |
32 |
|
FIGURE 17 - Listing commands options – note the command was not completed and the TAB |
|
|
key completed the command. ...................................................................................................... |
33 |
|
FIGURE 18 – logout command .............................................................................................................. |
33 |
|
FIGURE 19 - Checking the IP settings.................................................................................................. |
36 |
|
FIGURE 20 - Changing the boot mode of the switch .............................................................................. |
38 |
|
FIGURE 21 - Changing telnet access – note in this case, the enable command was repeated without |
|
|
any effect to the switch................................................................................................................ |
38 |
|
FIGURE 22 - Reviewing the console parameters – note telnet is enabled ................................................. |
39 |
|
FIGURE 23 - Example of a telnet session............................................................................................. |
39 |
|
FIGURE 24 – managing and viewing multiple telnet sessions .................................................................. |
40 |
|
|
xi |
|
FIGURE 25 - Querying the serial port settings ...................................................................................... |
41 |
FIGURE 26 - System parameters using the show setup command. Most parameters here cannot be |
|
changed ..................................................................................................................................... |
41 |
FIGURE 27 - System parameters using the show sysconfig command. Most parameters here can be |
|
changed. .................................................................................................................................... |
42 |
FIGURE 28 - Setting the system name, system location and system contact information........................... |
42 |
FIGURE 29 - Setting the system date, time and time zone ..................................................................... |
43 |
FIGURE 30 - Setting the system daylight saving time............................................................................. |
44 |
FIGURE 31 - Setting up SNTP services ............................................................................................... |
45 |
FIGURE 32 - Saving the configuration on a tftp server .......................................................................... |
45 |
FIGURE 33 – Based on the ftp or tftp or xmodem commands – the MNS-6K based switch can |
|
upload or download different types of files and images .Other files such as log files, hosts file |
|
can also be saved or loaded onto a switch .................................................................................... |
47 |
FIGURE 34 – commands to save the configuration using ftp. Similar options will be specified using |
|
tftp etc. When using the ftp command, use the host command discussed later in this section |
|
to define the ftp server ................................................................................................................ |
48 |
FIGURE 35 – Contents of the config file................................................................................................. |
49 |
FIGURE 36 – Creating host entries on MNS-6K.................................................................................. |
50 |
FIGURE 37 – ‘show config’ command output................................................................................... |
52 |
FIGURE 38 – displaying specific modules using the ‘show config’ command....................................... |
52 |
FIGURE 39 – displaying configuration for different modules. Note – multiple modules can be |
|
specified on the command line..................................................................................................... |
53 |
FIGURE 40 – Erasing configuration without erasing the IP address ....................................................... |
54 |
FIGURE 41 – Display the serial number, factory code and other relevant setup information...................... |
54 |
FIGURE 42 – Configuring IPv6............................................................................................................ |
62 |
FIGURE 43 – Changing password for a given account ............................................................................ |
64 |
FIGURE 44 – Port security configuration mode ...................................................................................... |
65 |
FIGURE 45 – Port security configuration mode ...................................................................................... |
66 |
FIGURE 46 – Port security – allowing specific MAC addresses on a specified port. (No spaces |
|
between specified MAC addresses) ............................................................................................. |
67 |
FIGURE 47 – Port security - the port learns the MAC addresses. Note – a maximum of 200 |
|
MAC addresses can be learnt per port and a maximum of 500 per switch. Also, the |
|
‘action’ on the port must be set to none before the port ‘learns’ the MAC address |
|
information. .............................................................................................................................. |
67 |
FIGURE 48 – Enabling and disabling port security ............................................................................... |
67 |
xii |
|
FIGURE 49 – Viewing port security settings on a switch. On port 9, learning is enabled. This port |
|
has 6 stations connected to it with the MAC addresses as shown. Other ports have |
|
learning disabled and the MAC addresses are not configured on those ports ................................ |
68 |
FIGURE 50 – Enabling learning on a port. Note – after the learning is enabled, the port security |
|
can be queried to find the status of MAC addresses learnt. If there were machines |
|
connected to this port, the MAC address would be shown on port 11 as they are shown on |
|
port 9 ....................................................................................................................................... |
68 |
FIGURE 51 – Allowing specific MAC address on specific ports. After the MAC address is |
|
specified, the port or specific ports or a range of ports can be queried as shown .............................. |
69 |
FIGURE 52 – Removing a MAC address from port security .................................................................. |
69 |
FIGURE 53 – Setting the logging on a port ............................................................................................ |
69 |
FIGURE 54 – Steps for setting up port security on a specific port ............................................................ |
71 |
FIGURE 55 – Show log and clear log command. The show log command indicates the type of log |
|
activity in the S column ............................................................................................................. |
73 |
FIGURE 56 – Steps to allow deny or remove specific services ................................................................... |
75 |
FIGURE 57 – 802.1x network components........................................................................................... |
78 |
FIGURE 58 – 802.1x authentication details ......................................................................................... |
79 |
FIGURE 59 – securing the network using port access .............................................................................. |
84 |
FIGURE 60 – Flow chart describing the interaction between local users and TACACS |
|
authorization ............................................................................................................................ |
88 |
FIGURE 61 – TACACS packet format ............................................................................................... |
89 |
FIGURE 62 – Configuring TACACS+............................................................................................... |
91 |
FIGURE 63 – Enabling port mirroring ................................................................................................. |
94 |
FIGURE 64 – Port setup....................................................................................................................... |
95 |
FIGURE 65 – Setting up back pressure and flow control on ports............................................................ |
99 |
FIGURE 66 – Setting up broadcast storm protection. Also shows how the threshold can be lowered |
|
for a specific port ..................................................................................................................... |
101 |
FIGURE 67 – VLAN as two separate collision domains. The top part of the figure shows two |
|
“traditional” Ethernet segments. Up to 32 VLANs can be defined per switch......................... |
103 |
FIGURE 68 – Ports can belong to multiple VLANs. In this figure a simplistic view is presented |
|
where some ports belong to VLANs 1, 2 and other ports belong to VLANs 2,3. Ports |
|
can belong to VLANs 1, 2 and 3. This is not shown in the figure. ......................................... |
104 |
FIGURE 69 – routing between different VLANs is performed using a router or a Layer 3 switch |
|
(L3-switch) ............................................................................................................................. |
105 |
FIGURE 70 – configuring VLANs on Magnum 6K switch ................................................................ |
108 |
FIGURE 71 – Example of setting up port based VLANs .................................................................. |
111 |
xiii |
|
FIGURE 72 – Example for Tag VLAN........................................................................................... |
118 |
FIGURE 73 – Editing the VLAN information for enabling or disabling management ......................... |
121 |
Figure 74 – STP default values – refer to next section “Using STP” for more detailed |
|
explanation on the variables .................................................................................................... |
124 |
FIGURE 75 – Viewing STP configuration .......................................................................................... |
125 |
FIGURE 76 – STP Port status information......................................................................................... |
126 |
FIGURE 77 – Enabling STP ............................................................................................................. |
128 |
FIGURE 78 – Configuring STP parameters ........................................................................................ |
134 |
FIGURE 79 – Enabling RSTP and reviewing the RSTP variables...................................................... |
139 |
FIGURE 80 – Reviewing the RSTP port parameters............................................................................ |
140 |
Figure 81 – Path cost as defined in IEEE 802.1d (STP) and 802.1w (RSTP) ............................... |
141 |
FIGURE 82 – RSTP information from a network with multiple switches. Note the “show stp |
|
ports” command can be executed from the manager level prompt or from rstp configuration |
|
state as shown in the screen captures earlier. ............................................................................. |
141 |
FIGURE 83 – Configuring RSTP on MNS-6K.................................................................................. |
147 |
FIGURE 84 – Normal RSTP/STP operations in a series of switches. Note – this normal status |
|
is designated RING_CLOSED ............................................................................................ |
155 |
FIGURE 85 – A fault in the ring interrupts traffic. The blocking port now becomes forwarding so |
|
that traffic can reach all switches in the network Note – the mP62 as well as the ESD42 |
|
switches support LLL and can participate in S-Ring as an access switch .................................. |
156 |
FIGURE 86 – More than one S-Ring pair can be selected and more than one S-Ring can be |
|
defined per switch. Note – the mP62 as well as the ESD42 switches support LLL and |
|
can participate in S-Ring as an access switch ............................................................................ |
157 |
FIGURE 87 – Activating S-Ring on the switch .................................................................................... |
159 |
FIGURE 88 – S-Ring configuration commands for root switch .............................................................. |
161 |
FIGURE 89 – Link Loss Learn (LLL) setup. Setup LLL on ports connected to other switches |
|
participating in S-Ring............................................................................................................ |
162 |
FIGURE 90 – More than one RS-Ring cannot be defined per managed Magnum 6K switch. Note |
|
– unmanaged switches cannot participate in RS-Ring............................................................... |
163 |
FIGURE 91 – Activating RS-Ring on the switch.................................................................................. |
164 |
FIGURE 92 – RS-Ring configuration commands ................................................................................. |
166 |
FIGURE 93 – Dual-homing using ESD42 switch and Magnum 6K family of switches. In case of |
|
a connectivity break – the connection switches to the standby path or standby link ..................... |
169 |
FIGURE 94 – Dual-homing using Magnum 6K family of switches. Note the end device (video |
|
surveillance camera) can be powered using PoE options on Magnum 6K family of switches. |
|
xiv
In case of a connectivity break – the connection switches to the standby path or standby |
|
link ........................................................................................................................................ |
169 |
FIGURE 95 – Using S-Ring, RS-Ring and dual-homing, it is possible to build networks resilient |
|
not only to a single link failure but also for one device failing on the network ............................. |
170 |
FIGURE 96 – configuring dual-homing ................................................................................................ |
172 |
FIGURE 97 – Some valid LACP configurations. ................................................................................ |
176 |
FIGURE 98 – an incorrect LACP connection scheme for Magnum 6K family of switches. All |
|
LACP trunk ports must be on the same module and cannot span different modules.................. |
176 |
FIGURE 99 – In this figure, even though the connections are from one module to another, this is |
|
still not a valid configuration (for LACP using 4 ports) as the trunk group belongs to two |
|
different VLANs................................................................................................................... |
177 |
FIGURE 100 - In the figure above, there is no common VLAN between the two sets of ports, so |
|
packets from one VLAN to another cannot be forwarded. There should be at least one |
|
VLAN common between the two switches and the LACP port groups. ................................... |
177 |
FIGURE 101 – This configuration is similar to the previous configuration, except there is a common |
|
VLAN (VLAN 1) between the two sets of LACP ports. This is a valid configuration. ........ |
178 |
FIGURE 102 – In the architecture above, using RSTP and LACP allows multiple switches to be |
|
configured together in a meshed redundant link architecture. First define the RSTP |
|
configuration on the switches. Then define the LACP ports. Then finally connect the ports |
|
together to form the meshed redundant link topology as shown above.......................................... |
178 |
FIGURE 103 – LACP, along with RSTP/STP brings redundancy to the network core or |
|
backbone. Using this reliable core with a dual-homed edge switch brings reliability and |
|
redundancy to the edge of the network....................................................................................... |
179 |
FIGURE 104 – This architecture is not recommended............................................................................ |
180 |
FIGURE 105 – Creating a reliable infrastructure using wireless bridges (between two facilities) and |
|
LACP. “A” indicates a Wi-Fi wireless Bridge or other wireless Bridges.................................. |
181 |
FIGURE 106 – Configuring LACP.................................................................................................... |
183 |
FIGURE 107 – The network for the ‘show lacp’ command listed below.................................................. |
184 |
FIGURE 108 – LACP information over a network ............................................................................. |
185 |
FIGURE 109 – ToS and DSCP......................................................................................................... |
187 |
FIGURE 110 - IP Precedence ToS Field in an IP Packet Header......................................................... |
188 |
FIGURE 111 - Port weight settings and the meaning of the setting ......................................................... |
190 |
FIGURE 112 – QoS configuration and setup........................................................................................ |
193 |
FIGURE 113 – IGMP concepts – advantages of using IGMP.............................................................. |
197 |
FIGURE 114 – IGMP concepts – Isolating multicast traffic in a network............................................. |
198 |
FIGURE 115 - In a Layer 2 network, an IGMP multicast traffic goes to all the nodes. In the |
|
figure, T1, a surveillance camera, using multicast, will send the traffic to all the nodes - R1 |
|
xv |
|
through R6 - irrespective of whether they want to view the surveillance traffic or not. The |
|
traffic is compounded when additional cameras are added to the network. End result is that |
|
users R1 through R6 see the network as heavily loaded and simple day to day operations |
|
may appear sluggish................................................................................................................. |
200 |
FIGURE 116 - Using IGMP-L2 on Magnum 6K family of switches, a Layer 2 network can |
|
minimize multicast traffic as shown above. Each switch has the IGMPL2 turned on. |
|
Each switch can exchange the IGMP query message and respond properly. R4 wants to |
|
view surveillance traffic from T1. As shown by (1), a join request is sent by R4. Once the |
|
join report information is exchanged, only R4 receives the video surveillance traffic, as |
|
shown by (2). No other device on the network gets the video surveillance traffic unless they |
|
issue a join request as well. ...................................................................................................... |
201 |
FIGURE 117 – Enabling IGMP and query the status of IGMP ......................................................... |
203 |
FIGURE 118 – Displaying IGMP groups............................................................................................ |
204 |
FIGURE 119 – Configuring IGMP..................................................................................................... |
207 |
FIGURE 120 - Setting IGMP-L2 ....................................................................................................... |
207 |
FIGURE 121 – GVRP operation – see description below ..................................................................... |
210 |
FIGURE 122 – VLAN Assignment in GVRP enabled switches. Non GVRP enabled switches |
|
can impact VLAN settings on other GVRP enabled switches................................................. |
211 |
FIGURE 123 – Port settings for GVRP operations ............................................................................. |
212 |
FIGURE 124 – Command to check for dynamically assigned VLANs ................................................ |
213 |
FIGURE 125 – Converting a dynamic VLAN to a static VLAN..................................................... |
213 |
FIGURE 126 – GVRP options........................................................................................................... |
214 |
FIGURE 127 – GVRP configuration example .................................................................................... |
216 |
FIGURE 128 – Configuring SNMP – most of the command here are SNMP v3 commands ................ |
230 |
FIGURE 129 – Configuring RMON groups........................................................................................ |
231 |
FIGURE 130 – Predefined conditions for the relay ................................................................................ |
236 |
FIGURE 131 – Setting up the external electrical relay and alerts........................................................... |
239 |
FIGURE 132 – setting SMTP to receive SNMP trap information via email......................................... |
244 |
FIGURE 133 – Optimizing serial connection (shown for Hyper Terminal on Windows XP). The |
|
highlighted fields are the ones to change as described .................................................................. |
244 |
FIGURE 134 – History commands ...................................................................................................... |
246 |
FIGURE 135 – Setting custom prompts................................................................................................ |
247 |
FIGURE 136 – Using the ping command ............................................................................................. |
247 |
FIGURE 137 – Event log shown on the screen...................................................................................... |
249 |
FIGURE 138 – Using exportlog to export the event log information ...................................................... |
250 |
FIGURE 139 – Listing of severity - sorted by subsystem and severity ..................................................... |
253 |
xvi |
|
FIGURE 140 – Display of the internal switching decision table............................................................. |
254 |
FIGURE 141 – Accessing the GarrettCom site for download................................................................. |
305 |
FIGURE 142 – Select the proper version to use after successful login ...................................................... |
306 |
FIGURE 143 – Navigate to MNS-6K folder to download the latest MNS-6K software and the |
|
release notes............................................................................................................................. |
306 |
FIGURE 144 – Use the copy command to copy the files to the proper location ........................................ |
307 |
FIGURE 145 - HyperTerminal screen showing the serial settings ......................................................... |
309 |
FIGURE 146 – Using telnet command to connect to a Magnum 6K switch with IP address |
|
192.168.10.11 ...................................................................................................................... |
309 |
FIGURE 147 – Example of saveconf command using serial interface..................................................... |
310 |
FIGURE 148 – Invoke the “Receive File” to start the Xmodem transfer program. In the figure |
|
above the Windows XP based HyperTerminal screen is shown ................................................. |
311 |
FIGURE 149 – Make sure to select the Xmodem protocol and the proper directory where the |
|
configuration is saved. Click on Receive. This starts the file transfer. ......................................... |
311 |
FIGURE 150 – Status window for Xmodem (using HyperTerminal under Windows XP) .................... |
312 |
FIGURE 151 – Message which shows the completion of the file transfer (from ‘saveconf’ command)......... |
312 |
FIGURE 152 – Example of saveconf command for tftp......................................................................... |
312 |
FIGURE 153 – Upgrade using serial connection ................................................................................... |
315 |
FIGURE 154 – File upload status window under Xmodem (using HyperTerminal under Windows |
|
XP)........................................................................................................................................ |
315 |
FIGURE 155 – upgrading the switch using the serial interface ............................................................... |
316 |
FIGURE 156 – Dialog for upgrading the image using tftp..................................................................... |
317 |
FIGURE 157 – Updating the boot code over the network using the upgrade command. Make sure |
|
to reboot the switch after the boot loader upgrade is completed.................................................... |
319 |
xvii
1Chapter
1 – Conventions Followed
Conventions followed in the manual…
To best use this document, please review some of the conventions followed in the manual, including screen captures, interactions and commands with the switch, etc.
Box shows interaction with the switch command line or screen captures from the switch or computer for clarity
Commands typed by a user will be shown in a different color and this font
Switch prompt – shown in Bold font, with a “# or >” at the end. For the document we will use Magnum6K25# as the default prompt.
Syntax rules
Optional entries are shown in [square brackets]
Parameter values within are shown in < pointed brackets >
Optional parameter values are shown again in [square brackets]
Thus
Syntax command [parameter1=<value1>[, parameter2=<value2>]] parameter3=<value3|value4>
In the example above:
Parameter 1 and Parameter 2 are optional values
Parameter 2 can be used optionally only if Parameter 1 is specified Parameter 3 is mandatory.
Parameter 1 has value1 = IP address
Parameter 2 has value2 = string
Parameter 3 has value3 or value4
18
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E
j |
Related Topics |
|
Related topics show |
that GarrettCom strongly recommends reading |
|
about those topics. You |
may choose to skip those if you already have |
prior detailed knowledge on those subjects.
Tool box – Necessary software and hardware components needed (or recommended to have) as a prerequisite. These include serial ports on a computer, serial cables, TFTP or FTP software, serial terminal emulation software etc.
Caution or take notice – Things to watch out for in case of problems or potential problems. This is also used to draw attention to a special issue, capability or fact.
Terminology – Whenever the word PC is used it implies a UNIX, Linux, Windows or any other operating system based work station, computer, personal computer, laptop, notebook or any other computing device. Most of the manual uses Windows-XP based examples. While effort has been made to indicate other Operating System interactions, it is best to use a Windows-XP based machine when in doubt.
Supported MNS-6K Version – The documentation reflects features of MNS-6K version 3.4 or later. If your switch is not at the current version, GarrettCom Inc. recommends upgrade to the latest version. Please refer to the GarrettCom Web site for information on upgrading the MNS-6K software on Magnum 6K family of switches.
Product Family – this manual is for all the Magnum 6K family of switches.
Finally, at the end of each chapter, is a list of the commands covered in the chapter as well as a brief synopsis of what they do.
Flow of the User Guide
The manual is designed to guide the user through a sequence of events.
Chapter 1 – this chapter
Chapter 2 is the basic setup as required by the Magnum 6K family of switches. After completing Chapter 2, the configuration can be done using the web interface. Chapter 2 is perhaps the most critical chapter in what needs to be done by the network administrator once the switch is received.
19
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E
Chapter 3 focuses on operational issues of the switch. This includes time synchronization using the command line or using a time server on the network.
Chapter 4 through Chapter 6 focuses on security and access consideration. Bad passwords trump any security setup, so setup the manager passwords carefully as described in Chapter 2. Chapter 4 describes how to setup port access using MAC address security. Chapter 5 describes how a RADIUS server can be used for authentication and access. Chapter 6 essentially is similar to Chapter 5, and talks about using a TACACS+ server instead of a RADIUS server.
Chapter 7 talks about port mirroring and preventing broadcast storms. Port mirroring is necessary in a network to reflect traffic from one port onto another port so that the traffic can be captured for protocol analysis or intrusion analysis.
Chapter 8 deals with VLANs. VLANs provide security as well as traffic separation. This chapter shows how VLANs can be setup and managed.
At this stage the network and the switch are secured. It is now critical to make the network more reliable. The User Guide switches gears and talks about STP, RSTP and S- Ring technologies which can be used for making the network reliable. These technologies allow resiliency in a network. Chapters 9 through Chapter 12 discuss some resiliency techniques.
Chapter 9 shows how STP can be setup and used. Today, RSTP is preferred over STP.
Chapter 10 shows how RSTP is setup and used as well as how RSTP can be used with legacy devices which support STP only.
Chapter 11 focuses on S-Ring™ and setup of S-Ring (optional). This chapter also talks about using RS-Ring™ with managed switches.
Chapter 12 talks about dual homing and how dual homing can be used to bring resiliency to edge devices.
Chapter 13 describes LACP and how LACP can be used to increase the throughput using 10/100 Mbps ports or in situations where resiliency is needed between switches (trunks).
Once the network is made resilient, the network manager may want to setup prioritization of traffic.
Chapter 14 focuses on Quality of Service (QoS) and other prioritization issues.
Chapters 15 and 16 focus on advanced topics such as IGMP and GVRP.
20
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E
Chapter 15 focuses on IGMP.
Chapter 16 focuses on GVRP.
Chapter 17 shows how the SNMP parameters can be setup for managing the switch with network management software such as Castle Rock SNMPc™
Chapter 18 includes miscellaneous commands to improve the overall ease of use and other diagnostic information.
21
2Chapter
2 – Getting Started
First few simple steps …
This section explains how the GarrettCom Magnum 6K family of switches can be setup using the console port on the switch. Some of the functionality includes setting up the IP address of the switch, securing the switch with a user name and password, setting up VLAN’s and more.
Before starting
Before you start, it is recommended to acquire the hardware listed below and be ready with the items listed.
For initial configuration through the serial/console port
1)A female-female null modem cable. This cable is available from GarrettCom Inc. as well as from LAN store (http://www.lanstore.com)
2)Serial port – if your PC does not have a serial port, you may want to invest in a USB to serial converter. This is again available from LAN store or from GarrettCom Inc. Alternately a USB to serial cable can also be used. This cable is also available from LAN store or GarrettCom Inc.
3)A PC (or a workstation/computer) with a terminal emulation program such as HyperTerminal (included with Windows) or Teraterm-pro, minicom or other equivalent software. (Make sure the software supports Xmodem protocol, as you may need this in the future to update the MNS-6K software)
4)Enough disk space to store and retrieve the configuration files as well as copy software files from GarrettCom. We recommend at least 15MB of disk space for this purpose
5)Decide on a manager level account name and password for access security
6)IP address, netmask, default gateway for the switch being configured
As a default, the switch has no IP (Internet Protocol) address and subnet mask. For first time use, the IP address has to be assigned. This can only be done by using the console interface provided.
22
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E
The same procedure can also be used for other configuration changes or updates – e.g. changing the IP address, VLAN assignments and more. Once the IP address is assigned and a PC is networked to the switch, the switch’s command line interface (CLI) can be accessed via telnet. To manage the switch through in-band (networked) access (e.g. telnet, or Web Browser Interface), you should configure the switch with an IP address and subnet mask compatible with your network. You should also change the manager password to control access privileges from the console.
Many other features such as optimizing the switch’s performance, traffic engineering and traffic prioritizing, VLAN configuration, and improving network security can be configured through the switch’s console interface as well as in-band (networked) access, once the IP address is setup. Besides the IP address, setting up the SNMP parameters allows configuration and monitoring through an SNMP network management station running a network management program (e.g. SNMPc from Castle Rock – available from GarrettCom Inc.)
j |
MNS-6K Software Updates |
|
Magnum switches already |
have the necessary software loaded on |
them. If a software upgrade is needed or the MNS-6K software needs to be updated to the current version, please refer to the GarrettCom web site for information on updating the MNS-6K software. The
documentation on how to update the MNS-6K is included as an Appendix in this manual.
The Login prompt is shown when the connection to the GarrettCom Magnum 6K Switch is successful and the switch is ready for the configuration commands. Should you get a boot prompt, please contact GarrettCom technical support.
The IP address of the switch is assigned automatically from a DHCP server or a BootP server. If these servers do not exist, the switch will be assigned an IP address which was previously configured or a static IP address of 192.168.1.2 with a netmask of 255.255.255.0 (if that address is not in use). It is recommended that the user uses Secure Web Management (SWM) capabilities built into MNS-6K to setup and manage the switch. Please refer to the SWM user guide for more information.
Console connection
The connection to the console is accessed through the DB-9 RS232 connector on the switch marked on the Magnum 6K family of switches as a console port. This interface provides access to the commands the switch can interpret and is called the Command Line Interface (or CLI). This interface can be accessed by attaching a VT100 compatible terminal or a PC running a terminal emulation program to the console port on the Magnum 6K family of switches.
USB to serial adapters are also available for laptops or computers that do not native serial ports but have access to USB ports.
23
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E
The interface through the console or the Console Management Interface (or CMI) enables you to reconfigure the switch and to monitor switch status and performance.
Once the switch is configured with an IP address, the Command Line Interface (or CLI) is also accessible using telnet as well as the serial port. Access to the switch can be either through the console interface or remotely over the network.
The Command Line Interface (CLI) enables local or remote unit installation and maintenance. The Magnum 6K family of switches provides a set of system commands which allow effective monitoring, configuration and debugging of the devices on the network.
Console setup
Connect the console port on the switch to the serial port on the computer using the serial cable listed above. The settings for the HyperTerminal software emulating a VT100 are shown in Figure 1 below. Make sure the serial parameters are set as shown (or bps = 38400, data bits=8, parity=none, stop bits=1, flow control=none).
FIGURE 1 - HyperTerminal screen showing the serial settings
Console screen
Once the console cable is connected to the PC and the software configured, MNS6K legal disclaimers and other text scrolls by on the screen.
24
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E
The switch has three modes of operation – Operator (least privilege), Manager and Configuration. The prompts for the switches change as the switch changes modes from Operator to Manager to Configuration. The prompts are shown in Figure 2 below, with a brief explanation of what the different prompts indicate.
Magnum6K> |
Operator Level – for running operations queries |
Magnum6K# |
Manager Level – for setting and reviewing commands |
Magnum6K## |
Configuration Level – for changing the switch parameter values |
FIGURE 2 - Prompt indicating the switch model number as well as mode of operation – note the commands to switch between the levels is not shown here.
The prompt can be changed by the user. See the Chapter on Miscellaneous Commands, sub section Prompt for more details. This manual was documented on a Magnum 6K25 switch, and for clarity, the prompt shown in the manual will be
Magnum6K25
jFor additional information on default users, user levels and more, see User Management in this guide.
Logging in for the first time
For the first time, use the default user name and passwords assigned by GarrettCom for the Magnum 6K family of switches. They are:
Username – manager |
Password – manager |
Username – operator |
Password – operator |
We recommend you login as manager for the first time to set up the IP address as well as change user passwords or create new users.
Setting the IP parameters
To setup the switch, the IP address and other relevant TCP/IP parameters have to be specified. A new GarrettCom Magnum switch looks for a DHCP or a BootP server. If a DHCP or a BootP server is present, the switch will be assigned an IP address from those servers. Failing to find these servers, the IP address is automatically assigned to 192.168.1.2 with a netmask of 255.255.255.0.
25
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E
Should a situation arise when there are multiple new switches powered up at the same time, there could be a situation of duplicate IP addresses. In this situation, only one Magnum switch will be assigned the IP address of 192.168.1.2 and netmask of 255.255.255.0. The other switches will not be assigned an IP address till the static IP address of 192.168.1.2 is freed up or reassigned.
To change the IP address, please ensure that the IP address to be assigned to the switch is known or contact your system/network administrator to get the IP address information. Follow the steps listed below to configure the IP address manually.
•Ensure the power is off
•Follow the steps described above for connecting the console cable and setting the console software
•Power on the switch
•Once the login prompt appears, login as manager using default password (manager)
•Configure the IP address, network mask and default gateway as per the IP addressing scheme for your network
•Set the Manager Password (recommended–refer to next section)
•Save the settings (without saving, the changes made will be lost)
•Power off the switch (or a software reboot as discussed below)
•Power on the switch – login with the new login name and password
•From the PC (or from the switch) ping the IP address specified for the switch to ensure connectivity
•From the switch ping the default gateway specified (ensure you are connected to the network to check for connectivity) to ensure network connectivity
Syntax ipconfig [ip=<ip-address>] [mask=<subnet-mask>]
[dgw=<gateway>] [add|del]
Magnum6K25# ipconfig ip=192.168.1.150 mask=255.255.255.0 dgw=192.168.1.10
Magnum6K25# save
FIGURE 3 - Setting IP address on the switch
This document assumes the reader is familiar with IP addressing schemes as well as how net mask is used and how default gateways and routers are used in a network.
26
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E
Reboot gives an opportunity to save the configuration prior to shutdown. For a reboot – simply type in the command “reboot”. (Note – even though the passwords are not changed, they can be changed later.)
Magnum6K25# reboot
Proceed on rebooting the switch? [ 'Y' or 'N' ] Y
Do you wish to save current configuration? [ 'Y' or 'N' ] Y
Magnum6K25#
FIGURE 4 - Rebooting the switch
MNS-6K forces an answer the prompts with a “Y” or a “N” to prevent accidental keystroke errors and loss of work.
The parameters can be viewed at any time by using the ‘show’ command. The show command will be covered in more detail later in various sections throughout the document.
Magnum6K25# show setup |
|
|
Version |
: Magnum 6K25 build 3.7.1 Sep 27 2007 16:41:37 |
|
MAC Address |
: 00:20:08:03:05:09 |
|
IP Address |
: 192.168.5.5 |
|
Subnet Mask |
: 255.255.255.0 |
|
Gateway Address |
: 192.168.5.1 |
|
CLI Mode |
: Manager |
|
System Name |
: Magnum 6K25 |
|
System Description |
: |
25 Port Modular Ethernet Switch |
System Contact |
: support@garrettcom.com |
|
System Location |
: Fremont, CA |
|
System ObjectId |
: 1.3.6.1.4.1.553.12.6 |
|
System Serial No |
: 43576812 |
|
Original Factory Config Code |
: |
6K25-8TP |
Magnum6K25# show sysconfig |
|
|
System Name |
: Magnum6K25 |
|
System Contact |
: support@garrettcom.com |
|
System Location |
: HO, Fremont, CA |
|
Boot Mode |
: manual |
|
Inactivity Timeout(min) |
: |
10 |
Address Age Interval(min) |
: |
300 |
Inbound Telnet Enabled |
: Yes |
|
Web Agent Enabled |
: Yes |
|
Time Zone |
: GMT-08hours:00minutes |
|
Day Light Time Rule |
: USA |
|
System UpTime |
: 36 Days 7 Hours 49 Mins 48 Secs |
Magnum6K25#
FIGURE 5 - Viewing the basic setup parameters. You can use ‘show setup’ or ‘show sysconfig’ to view setup parameters
27
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E
Some of the parameters in the Magnum 6K family of switches are shown above. The list of parameters below indicates some of the key parameters on the switch and the recommendations for changing them (or optionally keeping them the same).
Privilege levels
Two privilege levels are available - Manager and Operator. Operator is at privilege level 1 and the Manager is at privilege level 2 (the privilege increases with the levels). For example, to set up a user for basic monitoring capabilities use lower number or operator level privilege (Level 1)
The Manager level provides all Operator level privileges plus the ability to perform system-level actions and configuration commands. To select this level, enter the ‘enable <user-name>’ command at the Operator level prompt and enter the Manager password, when prompted.
Syntax enable <user-name>
For example, switching from an Operator level to manager level, using the ‘enable’ command is shown below in Figure 6
Magnum6K25> enable manager
Password: *******
Magnum6K25#
FIGURE 6 - Switching users and privilege levels. Note the prompt changes with the new privilege level.
Operator privileges allow views of the current configurations but do not allow changes to the configuration. A ">" character delimits the Operator-level prompt.
Manager privileges allow configuration changes. The changes can be done at the manager prompt or for global configuration as well as specific configuration. A “#” character delimits any Manager prompt.
User management
A maximum of five users can be added per switch. Users can be added, deleted or changed from a manager level account. There can be more than one manager account, subject to the maximum number of users on the switch being restricted to five.
28
M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E
To add a user, use the command “add” as shown below. The user name has to be a unique name and can be up to 24 characters long. The password is recommended to be at least 8 characters long with a mix of upper case, lower case, numbers and special characters.
Syntax add user=<name> level=<number>
Magnum6K25# user
Magnum6K25(user)## add user=peter level=2
Enter User Password:******
Confirm New Password:******
Magnum6K25(user)##
FIGURE 7 - Adding a user with Manager level privilege
In this example, user ‘peter’ was added with Manager privilege.
Syntax delete user=<name>
Magnum6K25(user)##delete user=peter
Confirm User Deletion(Y/N): Y
User successfully deleted
Magnum6K25(user)##
FIGURE 8 - Deleting a user
In this example, user ‘peter’ was deleted.
Syntax passwd user=<name>
Magnum6K25(user)## passwd user=peter
Enter New Password:******
Confirm New Password :******
Password has been modified successfully
Magnum6K25(user)##
FIGURE 9 - Changing the password for a specific user
In this example, password for ‘peter’ was modified.
Syntax chlevel user=<name> level=<number>
29