3COM 2924-PWR User Manual

Download

3Com® Baseline Switch 2924-PWR Plus

User Guide

3CBLSG24PWR

www.3Com.com

Part Number 10016095 Rev. AA Published June 2007

3Com Corporation 350 Campus Drive Marlborough, MA 01752-3064

Copyright © 2007, 3Com Corporation. All rights reserved. No part of this documentation may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without written permission from 3Com Corporation.

3Com Corporation reserves the right to revise this documentation and to make changes in content from time to time without obligation on the part of 3Com Corporation to provide notification of such revision or change.

3Com Corporation provides this documentation without warranty, term, or condition of any kind, either implied or expressed, including, but not limited to, the implied warranties, terms or conditions of merchantability, satisfactory quality, and fitness for a particular purpose. 3Com may make improvements or changes in the product(s) and/or the program(s) described in this documentation at any time.

If there is any software on removable media described in this documentation, it is furnished under a license agreement included with the product as a separate document, in the hard copy documentation, or on the removable media in a directory file named LICENSE.TXT or !LICENSE.TXT. If you are unable to locate a copy, please contact 3Com and a copy will be provided to you.

UNITED STATES GOVERNMENT LEGEND

If you are a United States government agency, then this documentation and the software described herein are provided to you subject to the following:

All technical data and computer software are commercial in nature and developed solely at private expense. Software is delivered as “Commercial Computer Software” as defined in DFARS 252.227-7014 (June 1995) or as a “commercial item” as defined in FAR provided in 3Com’s standard commercial license for the Software. Technical data is provided with limited rights only as provided in DFAR 252.227-7015 (Nov applicable. You agree not to remove or deface any portion of any legend provided on any licensed program or documentation contained in, or delivered to you in conjunction with, this User Guide.

Unless otherwise indicated, 3Com registered trademarks are registered in the United States and may or may not be registered in other countries.

3Com and the 3Com logo are registered trademarks of 3Com Corporation.

Intel and Pentium are registered trademarks of Intel Corporation. Microsoft, MS-DOS, Windows, and Windows NT are registered trademarks of Microsoft Novell,

Inc. UNIX is a registered trademark in the United States and other countries, licensed exclusively

through X/Open Company, Ltd.

IEEE and 802 are registered trademarks of the Institute of Electrical and Electronics Engineers, Inc.

All other company and product names may be trademarks of the respective companies with which they are associated.

2.101(a) and as such is provided with only such rights as are

1995) or FAR 52.227-14 (June 1987), whichever is

Corporation. Novell and NetWare are registered trademarks of

ENVIRONMENTAL STATEMENT

It is the policy of 3Com Corporation to be environmentally friendly in all operations. To uphold our policy, we are committed to:

Establishing environmental performance standards that comply with national legislation and regulations.

Conserving energy, materials and natural resources in all operations.

Reducing the waste generated by all operations. Ensuring that all waste conforms to recognized environmental standards. Maximizing the recyclable and reusable content of all products.

Ensuring that all products can be recycled, reused and disposed of safely.

Ensuring that all products are labelled according to recognized environmental standards.

Improving our environmental record on a continual basis.

End of Life Statement

3Com processes allow for the recovery, reclamation and safe disposal of all end-of-life electronic components.

Regulated Materials Statement

3Com products do not contain any hazardous or ozone-depleting material.

Environmental Statement about the Documentation

The documentation for this product is printed on paper that comes from sustainable, managed forests; it is fully biodegradable and recyclable, and is completely chlorine-free. The varnish is environmentally friendly, and the inks are vegetable-based with a low heavy-metal content.

ABOUT THIS GUIDE

This guide provides information about the Web user interface for the 3Com® Baseline Switch 2924-PWR Plus. The Web interface is a network management system that allows you to configure, monitor, and troubleshoot your switch from a remote web browser. The Web interface web pages are easy-to-use and easy-to-navigate.

User Guide Overview

This section provides an overview to the User Guide. The User Guide provides the following sections:

■ Getting Started — Provides introductory information about the

Switch 2924-PWR and how it can be used in your network. It covers summaries of hardware and software features.

■ Using the 3Com Web Interface — Provides information for using

the Web interface including adding, editing, and deleting device configuration information.

■ Viewing Basic Settings — provides information for viewing and

configuring essential information required for setting up and maintaining device settings.

■ Managing Device Security — Provides information for configuring

both system and network security, including traffic control, ACLs, and device access methods.

■ Managing System Information — Provides information for

configuring general system information including the user-defined system name, the user-defined system location, and the system contact person.

■ Configuring Ports — Provides information for configuring port

settings.

■ Aggregating Ports — Provides information for configuring Link

Aggregation which optimizes port usage by linking a group of ports together to form a single LAG.

4 ABOUT THIS GUIDE

■ Configuring VLANs — Provides information for configuring VLANs.

VLANs are logical subgroups with a Local Area Network (LAN) which combine user stations and network devices into a single virtual LAN segment, regardless of the physical LAN segment to which they are attached.

■ Configuring IP and MAC Address Information — Provides

information for configuring IP addresses, DHCP and ARP.

■ Configuring IGMP Snooping — Provides information for

configuring IGMP Snooping.

■ Configuring Spanning Tree — Provides information for configuring

Classic and Rapid Spanning Tree.

■ Configuring SNMP — Provides information for configuring the

Simple Network Management Protocol (SNMP) which provides a method for managing network devices.

■ Configuring Quality of Service — Provides information defining

Quality of Service, including DSCP and CoS mapping, policies, and configuring Trust mode.

■ Managing System Files — Provides information for defining file

maintenance.

■ Managing Power over Ethernet Devices — Provides information

for configuring ports for PoE.

■ Managing System Logs — Provides information for viewing system

logs, and configuring device log servers.

■ Viewing Statistics — Provides information for viewing RMON and

interface statistics.

■ Managing Device Diagnostics — Provides information for

managing device diagnostics.

Intended Audience 5

Intended Audience This guide is intended for network administrators familiar with IT

concepts and terminology.

If release notes are shipped with your product and the information there differs from the information in this guide, follow the instructions in the release notes.

Most user guides and release notes are available in Adobe Acrobat Reader Portable Document Format (PDF) or HTML on the 3Com Web site:

■ http://www.3Com.com

Conventions Ta bl e 1 lists conventions that are used throughout this guide.

Ta bl e 1 Notice Icons

Icon Notice Type Description

Information note

Information that describes important features or instructions.

GETTING STARTED

This chapter contains introductory information about the 3Com® Baseline Switch 2924-PWR Plus (hereafter called the Switch) and how they can be used in your network. It covers summaries of hardware and software features and also the following topics:

■ About the Switch 2924-PWR

■ Front Panel Detail

■ LED Status Indicators

■ System Specifications

■ Installing the Switch

■ Setting Up for Management

■ Methods of Managing a Switch

■ Switch Setup Overview

■ Using the Command Line Interface (CLI)

■ Setting Up Web Interface Management

■ Setting Up SNMP Management V1 or V2

■ Default Users and Passwords

■ Upgrading Software using the CLI

14 CHAPTER 1: GETTING STARTED

About the Switch 2924-PWR

Summary of

Hardware Features

The Switch 2924-PWR is a Gigabit Ethernet switching products that delivers flexible three-speed performance (10/100/1000), Power over Ethernet (PoE) and advanced voice-optimized features such as auto-QoS and auto-voice VLAN. This makes the switch ideal for medium businesses and small enterprises seeking to build a secure converged network.

The Switch 2924-PWR includes the following model:

■ Baseline Switch 2924-PWR Plus 24-Port

The Switch 2924-PWR features the following advantages:

■ Full Gigabit speed access ports

■ Jumbo frames support

■ Port security

■ Link aggregation control protocol (LACP)

■ Up to 256 VLANs

■ Access control lists (ACLs)

■ Port-based mirroring

Ta bl e 1 summarizes the hardware features supported by the Switch 2924-PWR.

Ta bl e 1 Hardware Features

Feature Switch 2924-PWR

Addresses Up to 8,000 supported

Auto-negotiation Supported on all ports

Forwarding Modes Store and Forward

Duplex Modes Half and full duplex on all front panel ports

Auto MDI/MDIX Supported on all ports. If fiber SFP transceivers are used,

Auto MDIX is not supported.

Flow Control In full duplex operation all ports are supported.

The Switch 2924-PWR ports are capable of receiving, but not sending pause frames.

Traffic Prioritization Supported (using the IEEE Std 802.ID, 1998 Edition):

Four traffic queues per port

Front Panel Detail 15

Table 1 Hardware Features (continued)

Feature Switch 2924-PWR

Ethernet, Fast Ethernet,

Auto-negotiating 10/100/1000BASE-T ports

and Gigabit Ethernet Ports

SFP Ethernet Ports Supports fiber Gigabit Ethernet long-wave (LX), and

fiber Gigabit Ethernet short-wave (SX) transceivers in any combination.

Mounting 19-inch rack or standalone mounting

Front Panel Detail Figure 1 shows the front panel of the Switch 2924-PWR Plus 24-Port unit

Figure 1 Switch 2924-PWR Plus 24-Port—front panel.

16 CHAPTER 1: GETTING STARTED

LED Status Indicators

The 2924-PWR SFP Plus 24-Port Ethernet switch provides LED indicators on the front panel for your convenience to monitor the switch.

Ta bl e 2

describes the meanings of the LEDs.

Ta bl e 2 Description on the LEDs of the Switch 2924-PWR

LED Label Status Description

Power Power Green The switch starts normally. The LED flashes

when the system is performing power-on self test (POST).

Yellow The system has failed the POST.

OFF The switch is powered off.

10/100/1000 BASE-T Ethernet port status

Duplex mode Duplex Yellow The port is in full duplex mode.

1000Base SFP port status

PoE status PoE

Link/ Activity

SFP Module Active

Status

Green The port works at the rate of 1000 Mbps; the

LED flashes quickly when the port is sending or receiving data.

Yellow The port works at the rate of 10/100 Mbps;

the LED flashes quickly when the port is sending or receiving data.

OFF The port is not connected.

OFF The port is not connected, or is in half duplex

mode.

Green The SFP module is inserted.

OFF The SFP module is not inserted or is not

recognized.

Green Delivering power. The LED flashes if a fault

occurs.

OFF Not delivering power.

System Specifications 17

System Specifications

Ta bl e 3 contains the system specifications of the 2924-PWR series switch.

Ta bl e 3 System specifications of the Switch 2924PWR series switch

Specification Switch 2924-PWR Plus 24-Port 3CBLSG24PWR

Physical dimensions (H×W×D)

Weight 3.6 kg (7.9 lb)

Console port One Console port

Gigabit Ethernet ports on the front panel

AC Input voltage Rated voltage range: 100–240 VAC, 50/60 Hz

Power consumption (full load)

Operating temperature 0 to 40 °C (32 to 113 °F)

Relative humidity 10 to 90% noncondensing

44×440×265 mm (1.73 17.3 10.43 in.)

24 × 10/100/1000 Mbps Ethernet ports

Four Gigabit SFP Combo ports

350 W

Additional specifications can be found in Appendix B “Device Specifications and Features”.

18 CHAPTER 1: GETTING STARTED

Installing the Switch

This section contains information that you need to install and set up your 3Com switch.

WARNING: Safety Information. Before you install or remove any components from the Switch or carry out any maintenance procedures, you must read the 3Com Switch Family Safety and Regulatory Information document enclosed.

AVERTISSEMENT: Consignes de securite. Avant d'installer ou d'enlever tout composant de Switch ou d'entamer une procedure de maintenance, lisez les informations relatives a la securite qui se trouvent dans 3Com Switch Family Safety and Regulatory Information.

VORSICHT: Sicherheitsinformationen. Bevor Sie Komponenten aus dem Switch entfernen oder den Switch hinzufugen oder Instandhaltungsarbeiten verrichten, lesen Sie die 3Com Switch Family Safety and Regulatory Information.

ADVERTENCIA: Informacion de seguridad. Antes de instalar o extraer cualquier componente del Switch o de realizar tareas de mantenimiento, debe leer la informacion de seguridad facilitada en el 3Com Switch Family Safety and Regulatory Information.

AVVERTENZA: Informazioni di sicurezza. Prima di installare o rimuovere qualsiasi componente dal Switch o di eseguire qualsiasi procedura di manutenzione, leggere le informazioni di sicurezza riportate 3Com Switch Family Safety and Regulatory Information.

OSTRZEŻENIE: Informacje o zabezpieczeniach. Przed instalacją lub usunięciem jakichkolwiek elementów z product lub przeprowadzeniem prac konserwacyjnych należy zapoznać się z informacjami o bezpieczeństwie zawartymi w 3Com Switch Family Safety and Regulatory Information.

CAUTION Opening the switch or tampering with the warranty sticker can void your warranty.

Setting Up for Management 19

Setting Up for Management

Methods of Managing a Switch

To make full use of the features offered by your switch, and to change and monitor the way it works, you have to access the management software that resides on the switch. This is known as managing the switch. Managing the switch can help you to improve the efficiency of the switch and therefore the overall performance of your network.

This section explains the initial set up of the switch and the different methods of accessing the management software to manage a switch. It covers the following topics:

■ Methods of Managing a Switch

■ Switch Setup Overview

■ Manually set the IP Address using the Console Port

■ Viewing IP Information using the Console Port

■ Setting Up Web Interface Management

■ Setting Up SNMP Management V1 or V2

■ Default Users and Passwords

To manage your switch you can use one of the following methods:

■ Web Interface Management

Web Interface

Management

■ SNMP Management

In addition, you can use the Command Line Interface through the Console port for basic operations of the switch including setting and viewing the IP address, configuring user accounts, upgrading switch firmware, and more. Refer to

“3Com CLI Reference Guide” on page 227.

Each switch has an internal set of web pages that allow you to manage the switch using a Web browser remotely over an IP network (see Figure 2).

20 CHAPTER 1: GETTING STARTED

Figure 2 Web Interface Management over the Network

Workstation

Connect over Network

via web browser

Switch

Refer to “Setting Up Web Interface Management” on page 27.

SNMP Management You can manage a switch using any network management workstation

running the Simple Network Management Protocol (SNMP) as shown in Figure 3. For example, you can use the 3Com Network Director software, available from the 3Com website.

Figure 3 SNMP Management over the Network

Switch Setup Overview

SNMP Network Management

Workstation

Connect over Network

using SNMP

Switch

Refer to “Setting Up SNMP Management V1 or V2” on page 28.

This section gives an overview of what you need to do to get your switch set up and ready for management when it is in its default state. The whole setup process is summarized in

Figure 4. Detailed procedural steps

are contained in the sections that follow. In brief, you need to:

■ Configure IP information manually for your switch or view the

automatically configured IP information

■ Prepare for your chosen method of management

Switch Setup Overview 21

Figure 4 Initial Switch Setup and Management Flow Diagram

Power Up the Switch.

Plug and Play Setup

Connect to the

console port and use

the Command Line

Initial IP Information Setup

Yes

IP Information is automatically

configured using DHCP

See page 22

Yes

How do you want to connect to the Switch?

Connect to a front panel

port and use the Web

Interface.

See page 23

Command Line Interface

(basic setup only)

See page 27

How do you want to manage your Switch? See page 19

Is a DHCP server present?

Do you want to manually

configure the IP information?

Refer to the label on

the rear of the switch

which details the

default IP address.

SNMP

See page 28

The switch uses its default IP

information

See page 22

How do you want to view the automatically

configured IP information?

Connect to the

console port and use

the Command Line

Interface.

See page 25

Web Interface

Feature Management

Connect using the

console port.

See page 23

Connect over the

network.

See page 28

CAUTION To protect your switch from unauthorized access, you must change the default password as soon as possible, even if you do not intend to actively manage your switch. For more information on default users and changing default passwords, see

“Default Users and

Passwords” on page 29.

22 CHAPTER 1: GETTING STARTED

IP Configuration The switch’s IP configuration is determined automatically using DHCP, or

manually using values you assign.

Automatic IP Configuration using DHCP

By default the switch tries to configure its IP Information without requesting user intervention. It tries to obtain an IP address from a DHCP server on the network.

Default IP Address If no DHCP server is detected, the switch will use its default IP information. The default IP address is 169.254.x.y, where x and y are the last two bytes of its MAC address.

Note: The switch’s default IP address is listed on a label located on the rear of the switch.

If you use automatic IP configuration it is important that the IP address of the switch is static, otherwise the DHCP server can change the switch’s IP addresses and it will be difficult to manage. Most DHCP servers allow static IP addresses to be configured so that you know what IP address will be allocated to the switch. Refer to the documentation that accompanies your DHCP server.

You should use the automatic IP configuration method if:

■ your network uses DHCP to allocate IP information, or

■ flexibility is needed. If the switch is deployed onto a different subnet, it

will automatically reconfigure itself with an appropriate IP address, instead of you having to manually reconfigure the switch.

If you use the automatic IP configuration method, you need to discover the automatically allocated IP information before you can begin management. Work through the

“Viewing IP Information using the

Console Port” on page 25.

Manual IP Configuration

When you configure the IP information manually, the switch remembers the information that you enter until you change it again.

You should use the Manual IP configuration method if:

■ You do not have a DHCP server on your network, or

■ You want to remove the risk of the IP address ever changing, or

Using the Command Line Interface (CLI) 23

■ Your DHCP server does not allow you to allocate static IP addresses.

(Static IP addresses are necessary to ensure that the switch is always

allocated the same IP information.)

For most installations, 3Com recommends that you configure the switch IP information manually. This makes management simpler and more reliable as it is not dependent on a DHCP server, and eliminates the risk of the IP address changing.

To manually enter IP information for your switch, work through the “Manually set the IP Address using the Console Port” on page 24.

Using the Command Line Interface (CLI)

Connecting to the

Console Port

You can access the switch through the Console port to manually set the IP address, or to view the IP address that was assigned automatically (for example, by a DHCP server).

For more information about the CLI, refer to “3Com CLI Reference Guide” on page 227.

This section describes how to connect to your switch through the Console port.

Prerequisites

■ A workstation with terminal emulation software installed, such as

Microsoft Hyperterminal. This software allows you to communicate

with the switch using the console port directly.

■ Documentation supplied with the terminal emulation software.

■ The console cable (RJ-45) supplied with your switch.

You can find pin-out diagrams for the cable in Appendix C on page 221.

24 CHAPTER 1: GETTING STARTED

Connecting the Workstation to the Switch

1 Connect the workstation to the console port using the console cable as

shown in

Figure 5 Connecting a Workstation to the Switch using the Console Port

To connect the cable:

a Attach the cable’s RJ-45 connector to the Console port of the switch.

b Attach the other end of the cable to the workstation.

2 Open your terminal emulation software and configure the COM port

settings to which you have connected the cable. The settings must be set to match the default settings for the switch, which are:

■ 38,400 baud (bits per second)

Figure 5.

Workstation

(with terminal emulation

software installed)

Console Cable

Switch

Console Port

Connection

Manually set the IP

Address using the

Console Port

■ 8 data bits

■ no parity

■ 1 stop bit

■ no hardware flow control

Refer to the documentation that accompanies the terminal emulation software for more information.

3 Power up the switch. The Power on Self Test (POST) will be performed.

The Switch 2924-PWR takes approximately one minute to boot.

You are now ready to manually set up the switch with IP information using the command line interface.

■ You need to have the following information:

■ IP address

■ subnet mask

■ default gateway

Using the Command Line Interface (CLI) 25

1 Connect to the switch Console port as described in “Connecting to the

Console Port” page 23.

2 The command line interface login sequence begins as soon as the switch

detects a connection to its console port. When the process completes, the Login prompt displays.

3 At the login prompt, enter admin as your user name and press Return.

The Password prompt displays.

4 Press Return. If you have logged on correctly, Select menu option#

should be displayed.

5 Enter the IP address and subnet mask for the switch as follows:

ipSetup xxx.xxx.xxx.xxx mmm.mmm.mmm.mmm ggg.ggg.ggg.gggg

and press Enter.

(Note: xxx.xxx.xxx.xxx is the IP address, mmm.mmm.mmm.mmm is the subnet mask, and ggg.ggg.ggg.ggg is the default gateway of the switch.)

6 Enter the logout command to terminate the CLI session.

The initial setup of your switch is now complete and the switch is ready for you to set up your chosen management method. See

“Methods of

Managing a Switch” on page 19.

Viewing IP

Information using the

Console Port

This section describes how to view the automatically allocated IP information using the command line interface. The automatic IP configuration process usually completes within one minute after the switch is connected to the network and powered up.

1 Connect to the switch Console port as described in “Connecting to the

Console Port” page 23.

The automatic IP configuration process usually completes within one minute.

2 The command line interface login sequence begins as soon as the switch

detects a connection to its console port.

3 At the login prompt, enter admin as your user name and press Return.

4 At the password prompt, press Return.If you have logged on correctly,

Select menu option# is displayed.

26 CHAPTER 1: GETTING STARTED

5 Enter Summary to view a summary of allocated IP addresses. The

following is an example of the display from the Summary command.

Select menu option# summary IP Method: default IP address: 169.254.99.51 Subnet mask: 255.255.0.0 Runtime version: 00_00_38 (date 01-Apr-2007 time 15:31:29) Bootcode version: 1.0.0.12 (date 01-Apr-2007 time 17:44:52) Select menu option#

The initial set up of your switch is now complete and the switch is ready for you to set up your chosen management method. See Managing a Switch” on page 19.

For more information about the CLI, refer to “3Com CLI Reference Guide” on page 227.

If you do not intend to use the command line interface using the console port to manage the switch, you can logout, disconnect the serial cable and close the terminal emulator software.

“Methods of

Setting Up Web Interface Management 27

Setting Up Web Interface Management

This section describes how you can set up web interface management over the network.

Prerequisites

■ Ensure you have already set up the switch with IP information as

described in

■ Ensure that the switch is connected to the network using a Category 5

“Methods of Managing a Switch” on page 19.

twisted pair Ethernet cable with RJ-45 connectors.

■ A suitable Web browser.

Choosing a Browser

To display the web interface correctly, use one of the following Web browser and platform combinations:

Ta bl e 4 Supported Web Browsers and Platforms

Platform

Browser

Internet Explorer 6 Yes Yes Yes

Internet Explorer 7 Yes Yes Yes

Firefox 1.5 Yes Yes Yes

Firefox 2 Yes Yes Yes

Netscape 8 Yes Yes Yes

Windows 2000 Windows XP Windows Vista

For the browser to operate the web interface correctly, JavaScript and Cascading Style Sheets must be enabled on your browser. These features are enabled on a browser by default. You will only need to enable them if you have changed your browser settings.

The switch’s Web interface supports both secure (HTTPS) and non-secure (HTTP) connections.

28 CHAPTER 1: GETTING STARTED

Web Management

Over the Network

To manage a switch using the web interface over an IP network:

1 Be sure that you know your switch’s IP address. See “IP Configuration”

on page 22, and “Viewing IP Information using the Console Port” on page 25.

2 Check that your management workstation is on the same subnet as your

switch.

3 Check you can communicate with the switch by entering a ping

command at the DOS or CMD prompt in the following format:

c:\ ping xxx.xxx.xxx.xxx

(where xxx.xxx.xxx.xxx is the IP address of the switch)

If you get an error message, check that your IP information has been entered correctly and the switch is powered up.

4 Open your web browser and enter the IP address of the switch that you

wish to manage in the URL locator, for example, in the following format:

http://xxx.xxx.xxx.xxx

5 At the login and password prompts, enter admin as your user name and

press Return at the password prompt (or the password of your choice if you have already modified the default passwords).

The main Web interface page is displayed.

Setting Up SNMP Management V1 or V2

You can use any network management application running the Simple Network Management Protocol (SNMP) to manage the switch. 3Com offers a range of network management applications to address networks of all sizes and complexity. See page 212.

Be sure the management workstation is connected to the switch using a port in VLAN 1 (the Default VLAN). By default, all ports on the switch are in VLAN 1.

To display and configure SNMP management parameters, refer to “Configuring SNMP” on page 155.

“3Com Network Management” on

Default Users and Passwords 29

Default Users and Passwords

Upgrading Software using the CLI

If you intend to manage the switch or to change the default passwords, you must log in with a valid user name and password. The switch has one default user name. The default user is listed in

Ta bl e 5 Default Users

User Name

admin (no password) Management — The user can access and change

Default Password

Access Level

all manageable parameters

Tab le 5.

Use the admin default user name (no password) to login and carry out initial switch setup.

This section describes how to upgrade software to your Switch from the Command Line Interface (CLI).

Note: You can also upgrade the software using the switch Web user interface. See “Restore the Software Image” page 188. Bootcode can only be upgraded using the CLI.

1 To download the runtime application file, enter:

upgrade aaa.aaa.aaa.aaa rrr runtime

where aaa.aaa.aaa.aaa is the IP address of the TFTP server and rrr is the source runtime filename.

2 To download the bootcode file, enter:

upgrade aaa.aaa.aaa.aaa bbb bootcode

where aaa.aaa.aaa.aaa is the IP address of the TFTP server and bbb is the source bootcode filename.

The bootcode firmware may not require upgrading for every software upgrade, therefore there may not be a new bootcode file to download.

3 To set the switch to boot from the new software you have downloaded,

enter the following:

reboot

The following prompt displays:

Are you sure you want to reboot the system (yes, no):

4 Enter yes and press Return. The system reboots the switch.

USING THE 3COM WEB INTERFACE

This section provides an introduction to the user interface, and includes the following topics:

■ Starting the 3Com Web Interface

■ Understanding the 3Com Web Interface

■ Saving the Configuration

■ Resetting the Device

■ Restoring Factory Defaults

■ Logging Off the Device

Starting the 3Com Web Interface 31

Starting the 3Com Web Interface

Multi-Session Web

Connections

This section includes the following topics:

■ Multi-Session Web Connections

■ Accessing the 3Com Web Interface

The Multi-Session web connections feature enables 10 users to be created and access the switch concurrently. Access levels provide read or read/write permissions to users for configuring the switch. Users and access levels are described in

Configuring System Access. Login information is always handled in the local database. A unique password is required of each user. Two access levels exist on the 3Com Web Interface:

■ Management access level — Provides the user with read/write

access. There is always one management level user configured for the switch. The factory default is be username: admin with no Password.

■ Monitor access level — Provides the user with read-only access.

32 CHAPTER 2: USING THE 3COM WEB INTERFACE

Accessing the 3Com

Web Interface

This section contains information on starting the 3Com Web interface.

To access the 3Com user interface:

1 Open an Internet browser.

2 Enter the device IP address in the address bar and press Enter. The Enter

Network Password Page opens:

Figure 6 Enter Network Password Page

3 Enter your user name and password. The device default factory settings is

configured with a User Name that is admin and a password that is blank. Passwords are case sensitive.

4 Click . The 3Com Web Interface Home Page opens:

Understanding the 3Com Web Interface 33

Figure 7 3Com Web Interface Home Page

Understanding the 3Com Web Interface

The 3Com Web Interface Home Page contains the following views:

■ Tab V ie w — Provides the device summary configuration located at

the top of the home page.

■ Tree V ie w — Provides easy navigation through the configurable

device features. The main branches expand to display the sub-features.

■ Port Indicators — Located under the Device View at the top of the

home page, the port indicators provide a visual representation of the ports on the front panel.

34 CHAPTER 2: USING THE 3COM WEB INTERFACE

Figure 8 Web Interface Components

The following table lists the user interface components with their corresponding numbers:

Table 6: Interface Components

View Description

1 Tree View Tree View provides easy navigation through the configurable

device features. The main branches expand to display the sub-features.

2 Tab View The Tab Area enables navigation through the different device

3 Web Interface Information

features. Click the tabs to view all the components under a spe cific feature.

Provides access to online help, and contains information about the Web Interface.

This section provides the following additional information:

■ Device Representation — Provides an explanation of the user

interface buttons, including both management buttons and task icons.

■ Using the 3Com Web Interface Management Buttons — Provides

instructions for adding, modifying, and deleting configuration parameters.

Understanding the 3Com Web Interface 35

Device

Representation

Using the 3Com Web

Interface

Management Buttons

The 3Com Web Interface Home Page contains a graphical panel representation of the device that appears within the Device View Tab.

To access the Device Representation:

1 Click Device Summary > Device View.

Figure 9 Device Representation

2 By selecting a specific port with your mouse, you can view the port

statistics.

For detailed information on configuring ports, please refer to Configuring Ports.

Configuration Management buttons and icons provide an easy method of configuring device information, and include the following:

T able 7: 3Com Web Interface Configuration Buttons

Button Button Name Description

Clear Logs Clears system logs.

Create

Apply

Delete

T able 8: 3Com Web Interface Information Tabs

Ta b Ta b N a me Description

Help Opens the online help.

Logout

Creates configuration entries.

Applies configuration changes to the device.

Deletes configuration settings.

Logs the user out and terminates the current session.

36 CHAPTER 2: USING THE 3COM WEB INTERFACE

Using Screen and Table Options

The 3Com Web interface contains screens and tables for configuring devices. This section contains the following topics:

■ Viewing Configuration Information

■ Adding Configuration Information

■ Modifying Configuration Information

■ Removing Configuration Information

Viewing Configuration Information

To view configuration information:

1 Click Port > Administration > Summary. The Port Settings Summary

Page opens:

Figure 10 Port Settings Summary Page

Using Screen and Table Options 37

Adding Configuration Information

User-defined information can be added to specific 3Com Web Interface pages, by opening the

IP Setup Page.

To configure IP Setup:

1 Click Administration > IP Setup. The IP Setup Page opens:

Figure 11 IP Setup Page

2 Enter requisite information in the text field.

3 Click . The IP information is configured, and the device is

updated.

38 CHAPTER 2: USING THE 3COM WEB INTERFACE

Modifying Configuration Information

1 Click Administration > System Access > Modify. The System Access

Modify Page opens:

Figure 12 System Access Modify Page

2 Modify the fields.

3 Click . The access fields are modified.

Using Screen and Table Options 39

Removing Configuration Information

1 Click Administration > System Access > Remove. The System Access

Remove Page opens:

Figure 13 System Access Remove Page

2 Select the user account to be deleted.

3 Click . The user account is deleted, and the device is updated.

40 CHAPTER 2: USING THE 3COM WEB INTERFACE

Saving the Configuration

Configuration changes are only saved to the device once the user saves the changes to the flash memory.

The Save Configuration tab allows the

latest configuration to be saved to the flash memory.

To save the device configuration:

1 Click Save Configuration. The Save Configuration Page opens:

Figure 14 Save Configuration Page

A message appears: The operation will save your configuration. Do you wish to continue?

2 Click . A Configuration is saved to flash memory successful

message appears.

3 Click . The configuration is saved.

Resetting the Device 41

Resetting the Device

The Reset Page enables resetting the device from a remote location.

To prevent the current configuration from being lost, use the Save Configuration Page to save all user-defined changes to the flash memory before resetting the device.

To reset the device:

1 Click Administration > Reset. The Reset Page opens:

Figure 15 Reset Page

2 Click . A confirmation message is displayed.

42 CHAPTER 2: USING THE 3COM WEB INTERFACE

3 Click . The device is reset, and a prompt for a user name and

password is displayed.

Figure 16 User Name and Password Page

4 Enter a user name and password to reconnect to the web interface.

Restoring Factory Defaults 43

Restoring Factory Defaults

The Restore option appears on the Reset Page. The Restore option restores device factory defaults.

To restore the device:

1 Click Administration > Reset. The Reset Page opens:

Figure 17 Reset Page

The Reset Page contains the following fields:

■ Initialize with Current IP Address — Resets the device with the

factory default settings, but maintains the current IP Address.

■ Initialize with Default IP Address — Resets the device with the

factory default settings, including the IP Address.

2 Click . The system is restored to factory defaults.

44 CHAPTER 2: USING THE 3COM WEB INTERFACE

Logging Off the Device

To log off the device:

1 Click . The Logout Page opens.

2 The following message appears:

3 Click . The 3Com Web Interface Home Page closes.

VIEWING BASIC SETTINGS

This section contains information for viewing basic settings. The 3Com Web Interface Home Page presents a device summary section that

provides the system administrator with the option to view essential information required for setting up and maintaining device settings.

The Device Summary Section contains the following views:

■ Viewing Device Settings

■ Viewing Color Keys

46 CHAPTER 3: VIEWING BASIC SETTINGS

Viewing Device

Settings

The Device Summary Page displays parameters for viewing general device information, including the system name, location, and contact, the system MAC Address, System Object ID, System Up Time, and MAC addresses, and both software, boot, and hardware versions.

To view the Device Summary Settings:

1 Click Device Summary. The Device Summary Page opens:

Figure 18 Device Summary Page

The Device Summary Page contains the following fields:

■ Product Description — Displays the device model number and name

■ System Name — Defines the user-defined device name. The field

length is 0-160 characters.

■ System Location — Defines the location where the system is

currently running. The field range is 0-160 characters.

■ System Contact — Defines the name of the contact person. The field

length is 0-160 characters.

■ Serial Number — Displays the device serial number.

■ Product 3C Number — Displays the 3Com device 3C number.

■ System Object ID — Displays the vendor’s authoritative identification

of the network management subsystem contained in the entity.

■ MAC Address — Displays the device MAC address.

■ System Up Time — Displays the amount of time since the most

recent device reset. The system time is displayed in the following format: Days, Hours, Minutes, and Seconds. For example, 41 days, 2 hours, 22 minutes and 15 seconds.

■ Software Version — Displays the installed software version number.

■ Boot Version — Displays the current boot version running on the

device.

■ Hardware Version — Displays the current hardware version of the

device.

■ Poll Now — Enables polling the ports for port information including

speed, utilization and port status.

48 CHAPTER 3: VIEWING BASIC SETTINGS

Viewing Color Keys The Color Key Page provides information regarding the RJ45 or SFP port

status on the device. The various colors key indicate the port status, speed and link of a selected port.

To view color keys:

1 Click Device Summary > Color Key. The Color Key Page opens:

Figure 19 Color Key Page

The Color Key Page contains the following fields:

■ RJ45 — Displays the port status of the Registered Jack 45 (RJ45)

connections which are the physical interface used for terminating twisted pair type cable.

■ SFP — Displays the port status of the Small Form Factor (SFP) optical

transmitter modules that combine transmitter and receiver functions.

The table includes the color and the port status:

■ White — Unconnected. No link detected.

■ Yellow — Lower speed on 10/100/1000M port.

■ Green — Maximum speed 10/100/1000M RJ45 or RJ45

SFP. Indicates that a link was detected.

■ Light Blue — SX/LX SFP. Indicates that a link was detected.

■ Light Gray — Port has been set to inactive by User or

Protocol.

■ Dark Blue — Port has been selected by user.

■ Red — Port or Transceiver has failed POST or Transceivers not

recognized.

MANAGING DEVICE SECURITY

The Management Security section provides information for configuring system access, defining RADIUS authentication, port-based authentication and defining access control lists.

This section includes the following topics:

■ Configuring System Access

■ Defining RADIUS Clients

■ Defining Port-Based Authentication (802.1X)

■ Defining Access Control Lists

■ Enabling Broadcast Storm

50 CHAPTER 4: MANAGING DEVICE SECURITY

Configuring System Access

Network administrators can users using the System Access Interface.

define users, passwords, and access levels for

The Multi-Session web feature is enabled on device and allows 10 users to be created and access the switch concurrently. Access levels provide read or read/write permissions to users for configuring the switch. Login information is managed in the local database. A unique password is required of each user. Two access levels exist on the 3Com Web Interface:

■ Management access level — Provides the user with read/write

access. There is always one management level user configured for the switch. The factory default user name is: admin with no password.

■ Monitor access level — Provides the user with read-only system

access.

This section contains the following topics:

■ Viewing System Access Settings

■ Defining System Access

■ Modifying System Access

■ Removing System Access

Configuring System Access 51

Viewing System

Access Settings

The System Access Summary Page displays

the current users and access

levels defined on the device.

To view System Access settings:

1 Click Administration > System Access > Summary. The System Access

Summary Page opens:

Figure 20 System Access Summary Page

The System Access Summary Page contains the following fields:

■ User Name — Displays the user name. The possible predefined field

value is:

■ Admin — Displays the predefined administrative user name.

■ Access Level — Displays the user access level. The lowest user access

level is Monitor and the highest is Management.

■ Management — Provides the user with read and write access

rights.

■ Monitor — Provides the user with read access rights.

52 CHAPTER 4: MANAGING DEVICE SECURITY

Defining System

Access

The System Access Setup Page allows network administrators to

define users, passwords, and access levels for users using the System Access Interface.

Monitor users have no access to this page.

To define System Access:

1 Click Administration > System Access > Setup. The System Access

Setup Page opens:

Figure 21 System Access Setup Page

The System Access Setup Page contains the following fields:

■ User Name — Defines the user name.

■ Access Level — Defines the user access level. The lowest user access

level is Monitor and the highest is Management.

■ Management — Provides users with read and write access rights.

■ Monitor — Provides users with read access rights.

■ Password — Defines the user password. User passwords can contain

up to 10 characters.

■ Confirm Password — Verifies the password.

2 Define the fields. 3 Click . The user is created, and the device is updated.

Configuring System Access 53

Modifying System

Access

The System Access Modify Page allows network administrators to

modify users, passwords, and access levels for users using the System Access Interface.

Monitor users have no access to this page.

To modify System Access:

1 Click Administration > System Access > Modify. The System Access

Modify Page opens:

Figure 22 System Access Modify Page

The System Access Modify Page contains the following fields:

■ User Name — Displays the user name.

■ Access Level — Specifies the user access level. The lowest user access

level is Monitoring and the highest is Management.

■ Management — Provides users with read and write access rights.

■ Monitor — Provides users with read access rights.

■ Password Modify — Enables modifying a password for an existing

user.

■ Password — Defines the local user password. Local user passwords

can contain up to 10 characters.

■ Confirm Password — Verifies the password.

2 Select a User Name whose settings are to be modified. 3 Modify the fields. 4 Click . The user settings are modified, and the device is updated.

54 CHAPTER 4: MANAGING DEVICE SECURITY

Removing System

Access

The System Access Remove Page allows network administrators to remove users from the System Access Interface.

Monitor users have no access to this page.

To r em o v e u s e rs :

1 Click Administration > System Access > Remove. The System Access

Remove Page opens:

Figure 23 System Access Remove Page

The System Access Remove Page contains the following fields:

Remove User(s) — Users to be removed can be selected from the list below.

■ User Name — Displays the user name.

■ Access Level — Displays the user access level. The lowest user access

level is Monitoring and the highest is Management.

■ Management — Provides users with read and write access rights.

■ Monitoring — Provides users with read access rights.

2 Select the Users to be deleted.

The last user with management access may not be deleted.

3 Click . The Users are deleted, and the device is updated.

Defining RADIUS Clients 55

Defining RADIUS Clients

Remote Authorization Dial-In User Service (RADIUS) servers provide additional security for networks. RADIUS servers provide a centralized authentication method for 802.1X.

The default parameters are user-defined, and are applied to newly defined RADIUS servers. If new default parameters are not defined, the system default values are applied to newly defined RADIUS servers.

Monitor users have no access to this page.

To configure the RADIUS client:

1 Click Security > RADIUS Client > Setup. The Radius Client Setup Page

opens:

Figure 24 Radius Client Setup Page

The Radius Client Setup Page contains the following fields:

■ Primary Server — Defines the RADIUS Primary Server authentication

fields.

■ Backup Server — Defines the RADIUS Backup Server authentication

fields.

■ Host IP Address — Defines the RADIUS Server IP address.

56 CHAPTER 4: MANAGING DEVICE SECURITY

■ Authentication Port — Defines the authentication port. The

authentication port is used to verify the RADIUS server authentication. The authentication port default is 1812.

■ Number of Retries — Defines the number of transmitted requests

sent to the RADIUS server before a failure occurs. Possible field values are 1-10. The default value is 3.

■ Timeout for Reply — Defines the amount of time (in seconds) the

device waits for an answer from the RADIUS server before retrying the query, or switching to the next server. Possible field values are 1-30. The default value is 3.

■ Dead Time — Defines the default amount of time (in minutes) that a

RADIUS server is bypassed for service requests. The range is 0-2000. The default value is 0.

■ Key String — Defines the default key string used for authenticating

and encrypting all RADIUS-communications between the device and the RADIUS server. This key must match the RADIUS encryption.

2 Define the fields.

3 Click . The RADIUS client is enabled, and the system is updated.

Defining Port-Based Authentication (802.1X) 57

Defining Port-Based Authentication (802.1X)

Port-based authentication authenticates users on a per-port basis via an external server. Only authenticated and approved system users can transmit and receive data. Ports are authenticated via the RADIUS server using the Extensible Authentication Protocol (EAP). Port-based authentication includes:

■ Authenticators — Specifies the device port which is authenticated

before permitting system access.

■ Supplicants — Specifies the host connected to the authenticated

port requesting to access the system services.

■ Authentication Server — Specifies the server that performs the

authentication on behalf of the authenticator, and indicates whether the supplicant is authorized to access system services.

Port-based authentication creates two access states:

■ Controlled Access — Permits communication between the

supplicant and the system, if the supplicant is authorized.

■ Uncontrolled Access — Permits uncontrolled communication

regardless of the port state.

This section includes the following topics:

■ Viewing 802.1X Authentication

■ Defining 802.1X Authentication

58 CHAPTER 4: MANAGING DEVICE SECURITY

Viewing 802.1X

Authentication

The 802.1X Summary Page allows the network administrator to view port-based authentication settings.

To view Port-based Authentication:

1 Click Security > 802.1X > Summary. The 802.1X Summary Page opens:

Figure 25 802.1X Summary Page

The 802.1X Summary Page contains the following fields:

■ Port — Displays a list of interfaces.

■ User Name — Displays the supplicant user name.

■ Admin Port Control — Displays the admin port authorization state.

■ ForceUnauthorized — Indicates that no client has access to the

port, even if it has 802.1X credentials and supports 802.1X authorization, or the port control is Auto but a client has not been authenticated via the port.

■ ForceAuthorized — Indicates that any client has full access to the

port, even if it does not have 802.1X credentials or support 802.1X authorization.

■ Auto — Indicates that the port control is Auto and a single client

has been authenticated via the port.

Defining Port-Based Authentication (802.1X) 59

■ Current Port Control — Displays the current port authorization state.

■ Guest VLAN — Indicates whether an unauthorized port is allowed to

join the Guest VLAN. The possible field values are:

■ Enable — Enables an unauthorized port to join the Guest VLAN.

■ Disable — Disables an unauthorized port to join the Guest VLAN.

■ Periodic Reauthentication — Indicates if periodic reauthentication is

enabled on the port.

■ Enable — Periodic reauthentication is enabled on the port.

■ Disable — Periodic reauthentication is disabled on the port. This is

the default.

■ Reauthentication Period — Displays the time span (in seconds) in

which the selected port is reauthenticated. The field default is 3600 seconds.

■ Authenticator State — Displays the current authenticator state.

■ Termination Cause — Indicates the reason for which the port

authentication was terminated.

60 CHAPTER 4: MANAGING DEVICE SECURITY

Defining 802.1X

Authentication

The 802.1X Setup Page contains information for configuring 802.1X global settings on the device and defining specific 802.1X setting for each port individually.

Monitor users have no access to this page.

To configure 802.1X Settings:

1 Click Security > 802.1X > Setup. The 802.1X Setup Page opens:

Figure 26 802.1X Setup Page

The 802.1X Setup Page contains the following fields:

802.1X Global Settings

■ Port Based Authentication State — Specifies if Port Authentication

is enabled on the device. The possible field values are:

■ Enable — Enables port-based authentication on the device.

■ Disable — Disables port-based authentication on the device. This is

the default value.

■ Authentication Method — Specifies the authentication method

used for port authentication. The possible field values are:

■ RADIUS — Provides port authentication using the RADIUS server.

■ RADIUS, None — Provides port authentication, first using the

RADIUS server. If the port is not authenticated, then no authentication method is used, and the session is permitted.

■ None — Indicates that no authentication method is used to

authenticate the port.

Defining Port-Based Authentication (802.1X) 61

■ Enable Guest VLAN — Provides limited network access to authorized

ports. If a port is denied network access via port-based authorization, but the Guest VLAN is enabled, the port receives limited network access. For example, a network administrator can use Guest VLANs to deny network access via port-based authentication, but grant Internet access to unauthorized users.

■ Guest VLAN ID — Specifies the guest VLAN ID.

802.1X Port Settings

■ Admin Port Control — Specifies the admin port authorization state.

■ Auto — Enables port based authentication on the device. The

interface moves between an authorized or unauthorized state based on the authentication exchange between the device and the client.

■ Force Authorized — Places the interface into an authorized state

without being authenticated. The interface re-sends and receives normal traffic without client port based authentication.

■ Force Unauthorized — Denies the selected interface system access

by moving the interface into unauthorized state. The device cannot provide authentication services to the client through the interface.

■ Guest VLAN — Specifies whether the Guest VLAN is enabled on the

port. The possible field values are:

■ Enable — Enables using a Guest VLAN for unauthorized ports. If a

Guest VLAN is enabled, the unauthorized port automatically joins the VLAN selected from the Guest VLAN ID dropdown list.

■ Disable — Disables Guest VLAN on the port. This is the default.

■ Periodic Reauthentication — Enables periodic reauthentication on

the port.

■ Enable — Enables the periodic reauthentication on the port.

■ Disable — Disables the periodic reauthentication on the port.

■ Reauthentication Period — Defines the time span (in seconds) in

which the selected port is reauthenticated. The field default is 3600 seconds.

2 Define the fields.

3 Click . The 802.1X Settings are enabled, and the device is updated.

62 CHAPTER 4: MANAGING DEVICE SECURITY

Defining Access Control Lists

Access Control Lists (ACLs) allow network managers to define classification actions and rules for specific ingress ports. A network manager can configure an ACL on an ingress port so that packets are either admitted or denied entry. The user can also specify that when packets are denied entry, the ingress port is also disabled.

For example, an ACL rule is defined stating that port number 20 can receive TCP packets, however, if a UDP packet is received, the packet is dropped. ACLs are composed of access control entries (ACEs) that are made of the filters that determine traffic classifications.

The following are examples of filters that can be defined as ACEs:

■ Source Port IP Address and Wildcard Mask — Filters the packets

by the source port IP address and wildcard mask.

■ Destination Port IP Address and Wildcard Mask — Filters the

packets by the destination port IP address and wildcard mask.

■ ACE Priority — Filters the packets by the ACE priority.

■ Protocol — Filters the packets by the IP protocol.

■ DSCP — Filters the packets by the DiffServ Code Point (DSCP) value.

■ IP Precedence — Filters the packets by the IP Precedence.

■ Action — Indicates the action assigned to the packet matching the

ACL. Packets are forwarded or dropped. In addition, the port can be shut down, a trap can be sent to the network administrator, or packet is assigned rate limiting restrictions for forwarding.

This section includes the following topics:

■ Viewing MAC Based ACLs

■ Configuring MAC Based ACLs

■ Removing MAC Based ACLs

■ Viewing IP Based ACLs

■ Defining IP Based ACLs

■ Modifying IP Based ACLs

■ Removing IP Based ACLs

■ Viewing ACL Binding

■ Configuring ACL Binding

■ Removing ACL Binding

Defining Access Control Lists 63

Viewing MAC Based

ACLs

The MAC Based ACL Summary Page displays information regarding MAC Based ACLs configured on the device. Ports are reactivated from the Port Administration Setup Page.

To view MAC Based ACLs:

1 Click Device > ACL > MAC Based ACL > Summary. The MAC Based

ACL Summary Page opens:

Figure 27 MAC Based ACL Summary Page

The MAC Based ACL Summary Page contains the following fields:

■ ACL Name — Contains a list of the MAC-based ACLs.

■ Priority— Indicates the rule priority, which determines which rule is

matched to a packet on a first match basis.

■ Source Address — Indicates the source MAC address.

■ Source Mask — Indicates the source MAC address Mask.

■ Destination Address — Indicates the destination MAC address.

■ Destination Mask — Indicates the destination MAC address Mask.

■ VLAN ID — Matches the packet's VLAN ID to the ACL rule. The

possible field values are 1 to 4095.

■ CoS — Classifies traffic based on the CoS tag value.

■ CoS Mask — Displays the CoS mask used to filter CoS tags.

64 CHAPTER 4: MANAGING DEVICE SECURITY

■ Ethertype — Provides an identifier that differentiates between

various types of protocols.

■ Action — Indicates the ACL forwarding action. In addition, the port

can be shut down, a trap can be sent to the network administrator, or packet is assigned rate limiting restrictions for forwarding. The options are as follows:

■ Permit — Forwards packets which meet the ACL criteria.

■ Deny — Drops packets which meet the ACL criteria.

■ Shutdown — Drops packet that meets the ACL criteria, and

disables the port to which the packet was addressed. Ports are reactivated from the

Port Administration Setup Page.

Configuring MAC

Based ACLs

The MAC Based ACL Setup Page allows the network administrator to create and define rules for MAC-based ACLs.

Monitor users have no access to this page.

To configure MAC-based ACLs:

Click Device > ACL > MAC Based ACL > Setup. The MAC Based ACL Setup Page opens:

Figure 28 MAC Based ACL Setup Page

The MAC Based ACL Setup Page contains the following fields:

Defining Access Control Lists 65

■ Selection ACL — Selects an existing MAC-based ACL to which rules

are to be added.

■ Create ACL — Defines a new user-defined MAC-based Access

Control List.

Add Rules to ACL

■ Priority — Sets the rule priority, which determines which rule is

matched to a packet on a first-match basis. The possible field values are 1-2147483647.

■ Source MAC Address — Matches the source MAC address to which

packets are addressed to the rule.

■ Source Mask — Defines the source MAC Address wildcard mask.

Wildcards are used to mask all or part of a source MAC address. Wildcard masks specify which bits are used and which are ignored. A wildcard mask of FF:FF:FF:FF:FF:FF indicates that no bit is important. A wildcard of 00.00.00.00.00.00.00 indicates that all bits are important. For example, if the source MAC address is 00:AB:22:11:33:00 and the wildcard mask is 00:00:00:00:00:FF, the first five bytes of the MAC are used, while the last byte is ignored. For the source MAC address 00:AB:22:11:33:00, this wildcard mask matches all MAC addresses in the range 00:AB:22:11:33:00 to 00:AB:22:11:33:FF.

■ Destination MAC Address — Matches the destination MAC address

to which packets are addressed to the rule.

■ Destination Mask — Defines the destination MAC Address wildcard

mask. Wildcards are used to mask all or part of a destination MAC address. Wildcard masks specify which bits are used and which are ignored. A wildcard mask of FF:FF:FF:FF:FF:FF indicates that no bit is important. A wildcard mask of 00.00.00.00.00.00 indicates that all bits are important. For example, if the destination MAC address is 00:AB:22:11:33:00 and the wildcard mask is 00:00:00:00:00:FF, the first five bytes of the MAC are used, while the last byte is ignored. For the destination MAC address 00:AB:22:11:33:00, this wildcard mask matches all MAC addresses in the range 00:AB:22:11:33:00 to 00:AB:22:11:33:FF.

■ VLAN ID — Matches the packet's VLAN ID to the rule. The possible

field values are 1 to 4093.

■ CoS — Classifies traffic based on the CoS tag value.

■ CoS Mask — Defines the CoS mask used to classify network traffic.

66 CHAPTER 4: MANAGING DEVICE SECURITY

■ Ethertype — Provides an identifier that differentiates between

various types of protocols.

■ Action — Specifies the ACL forwarding action. In addition, the port

can be shut down, a trap can be sent to the network administrator, or packet is assigned rate limiting restrictions for forwarding. The options are as follows:

■ Permit — Forwards packets which meet the ACL criteria.

■ Deny — Drops packets which meet the ACL criteria.

■ Shutdown — Drops packet that meets the ACL criteria, and

disables the port to which the packet was addressed. Ports are reactivated from the

To create a new MAC-based ACL:

1 Select Create ACL.

2 Enter the name of the new ACL.

3 Click . The new ACL is created, and the device is updated.

To define a new MAC-based ACL rule:

Port Administration Setup Page.

1 Select Selection ACL.

2 Select the ACL from the list.

3 Define the fields for the new ACL rule.

4 Click . The new MAC-based ACL rule settings are configured,

and the device is updated.

Defining Access Control Lists 67

Modifying MAC

Based ACLs

The MAC Based ACL Modify Page allows the network administrator to modify an existing MAC-based ACL rule.

Monitor users have no access to this page.

To modify a MAC-based ACL rule:

1 Click Device > ACL > MAC Based ACL > Modify. The MAC Based ACL

Modify Page opens:

Figure 29 MAC Based ACL Modify Page

The MAC Based ACL Modify Page contains the following fields:

■ Select ACL — Selects the ACL to be modified.

■ Select Rule — Selects the rule to be modified for the selected ACL.

Modify

■ Priority — Defines the rule priority, which determines which rule is

matched to a packet on a firstmatch basis.

■ Source MAC Address — Defines the source MAC address to which

packets are addressed to the rule.

■ Source Mask — Defines the source MAC Address wildcard mask.

68 CHAPTER 4: MANAGING DEVICE SECURITY

For example, if the source MAC address is E0:3B:4A:C2:CA:E2 and the wildcard mask is 00:00:00:00:00:FF, the first five bytes of the MAC are used, while the last byte is ignored. For the source MAC address E0:3B:4A:C2:CA:E2, this wildcard mask matches all MAC addresses in the range E0:3B:4A:C2:CA:00 to E0:3B:4A:C2:CA:FF.

■ Destination MAC Address — Matches the destination MAC address

to which packets are addressed to the rule.

■ Destination Mask — Defines the destination MAC Address wildcard

mask. Wildcards are used to mask all or part of a destination MAC address. Wildcard masks specify which bits are used and which are ignored. A wildcard mask of FF:FF:FF:FF:FF indicates that no bit is important. A wildcard mask of 00.00.00.00.00.00 indicates that all bits are important. For example, if the destination MAC address is E0:3B:4A:C2:CA:E2 and the wildcard mask is 00:00:00:00:00:FF, the first five bytes of the MAC are used, while the last byte is ignored. For the destination MAC address E0:3B:4A:C2:CA:E2, this wildcard mask matches all MAC addresses in the range E0:3B:4A:C2:CA:00 to E0:3B:4A:C2:CA:FF.

■ VLAN ID — Matches the packet's VLAN ID to the rule. The possible

field values are 1 to 4093.

■ CoS — Classifies traffic based on the CoS tag value.

■ CoS Mask — Defines the CoS mask used to classify network traffic.

■ Ethertype — Defines an identifier that differentiates between various

types of protocols.

■ Action — Selects the ACL forwarding action. In addition, the port can

be shut down, a trap can be sent to the network administrator, or packet is assigned rate limiting restrictions for forwarding. The options are as follows:

■ Permit — Forwards packets which meet the ACL criteria.

■ Deny — Drops packets which meet the ACL criteria.

■ Shutdown — Drops packet that meets the ACL criteria, and

disables the port to which the packet was addressed. Ports are reactivated from the

Port Administration Setup Page.

2 Define the fields.

3 Click . The MAC-based ACL rule settings are modified, and the

device is updated.

Defining Access Control Lists 69

Removing MAC Based

ACLs

The MAC Based ACL Remove Page allows the user to remove MAC-based ACLs or MAC-based ACL rules.

Monitor users have no access to this page.

Click Device > ACL > MAC Based ACL > Remove. The MAC Based ACL Remove Page opens:

Figure 30 MAC Based ACL Remove Page

The MAC Based ACL Remove Page contains the following fields:

■ ACL Name — Selects a MAC-based ACL for removal.

■ Remove ACL — Enables the ACL to be removed.

■ Checkbox (unnamed) — When checked, selects the rule for removal.

The top checkbox is used to select all rules for removal.

■ Priority — Indicates the rule priority, which determines which rule is

matched to a packet on a firstmatch basis.

■ Source Address — Matches the source MAC address to which

packets are addressed to the rule.

■ Destination Address — Matches the destination MAC address to

which packets are addressed to the rule.

■ VLAN ID — Matches the packet's VLAN ID to the rule. The possible

field values are 1 to 4093.

■ CoS — Classifies Class of Service of the packet.

70 CHAPTER 4: MANAGING DEVICE SECURITY

■ CoS Mask — Displays the wildcard mask bits to be applied to the

CoS.

■ Ethertype — Provides an identifier that differentiates between

various types of protocols.

■ Action — Indicates the ACL forwarding action. In addition, the port

can be shut down, a trap can be sent to the network administrator, or packet is assigned rate limiting restrictions for forwarding. The options are as follows:

■ Permit — Forwards packets which meet the ACL criteria.

■ Deny — Drops packets which meet the ACL criteria.

■ Shutdown — Drops packet that meets the ACL criteria, and

disables the port to which the packet was addressed. Ports are reactivated from the

To remove MAC-based ACLs:

1 Select the ACL Name to be deleted.

2 Check Remove ACL.

Port Administration Setup Page.

3 Click . The selected ACL is deleted, and the device is updated.

To remove MAC-based ACL rules:

1 Select the ACL Name containing the rules to be deleted.

2 For each rule to be removed, check the box to the left of the row in the

rules table. To remove all rules, the topmost box may be checked.

3 Click . The selected MAC-based ACL rules are deleted, and the

device is updated.

Defining Access Control Lists 71

Viewing IP Based

ACLs

The IP Based ACL Summary Page displays information regarding IP-based ACLs configured on the device.

To view IP-based ACLs:

1 Click Device > ACL > IP Based ACL > Summary. The IP Based ACL

Summary Page opens:

Figure 31 IP Based ACL Summary Page

The IP Based ACL Summary Page contains the following fields:

■ ACL Name — Contains a list of the IP Based ACLs.

■ Priority — Indicates the rule priority, which determines which rule is

matched to a packet on a first-match basis. The possible field values are 1-2147483647, with 1 being the highest priority.

■ Protocol — Indicates the protocol in the rule to which the packet is

matched.

■ Destination Port — Indicates the destination port that is matched

packets. Enabled only when TCP or UDP are selected in the Protocol list.

■ Source Port — Indicates the source port that is matched packets.

Enabled only when TCP or UDP are selected in the Protocol list.

■ Flag Set — Indicates the TCP flag to which the packet is mapped.

■ ICMP Type — Indicates the ICMP message type for filtering ICMP

packets.

72 CHAPTER 4: MANAGING DEVICE SECURITY

■ ICMP Code — Indicates the ICMP message code for filtering ICMP

packets. ICMP packets that are filtered by ICMP message type can also be filtered by the ICMP message code.

■ IGMP Type — Indicates the IGMP message type filter.

■ Source Address — Matches the source IP address to which packets

are addressed to the ACL.

■ Source Mask — Indicates the source IP address mask.

■ Destination Address — Matches the destination IP address to which

packets are addressed to the ACL.

■ Destination Mask — Indicates the destination IP address mask.

■ DSCP — Matches the packet DSCP value to the ACL. Either the DSCP

value or the IP Precedence value is used to match packets to ACLs.

■ IP - Prec. — Indicates matching ip-precedence with the packet IP

precedence value.

■ Action — Indicates the ACL forwarding action. In addition, the port

can be shut down, a trap can be sent to the network administrator, or packet is assigned rate limiting restrictions for forwarding. The options are as follows:

Defining IP Based

ACLs

■ Permit — Forwards packets which meet the ACL criteria.

■ Deny — Drops packets which meet the ACL criteria.

■ Shutdown — Drops packet that meets the ACL criteria, and

disables the port to which the packet was addressed. Ports are reactivated from the

Port Administration Setup Page.

Access Control Lists (ACL) allow network managers to define classification actions and rules for specific ingress ports. Your switch supports up to 256 ACLs. Packets entering an ingress port, with an active ACL, are either admitted or denied entry. If they are denied entry, the user can disable the port. ACLs are composed of access control entries (ACEs) that are made of the filters that determine traffic classifications. The total number of ACEs that can be defined in all ACLs together is 256.

Defining Access Control Lists 73

Monitor users have no access to this page.

To configure IP-based ACLs:

Click Device > ACL > IP Based ACL > Setup. The IP Based ACL Setup Page opens:

Figure 32 IP Based ACL Setup Page

The IP Based ACL Setup Page contains the following fields:

■ Selection ACL — Selects an existing IP-based ACL to which rules are

to be added.

■ Create ACL — Defines a new user-defined IP-based ACL.

Add Rules to ACL

■ Priority — Defines the ACL priority. ACLs are checked on the first fit

basis. The ACL priority defines the ACL order in the ACL list.

■ Protocol — Defines the protocol in the rule to which the packet is

matched. The possible fields are:

■ Select from List — Selects a protocol from a list by which packets

are matched to the rule.

■ Protocol ID — Adds user-defined protocols by which packets are

matched to the rule. Each protocol has a specific protocol number which is unique. The possible field range is 0-255.

74 CHAPTER 4: MANAGING DEVICE SECURITY

■ Source Port — Defines the source port that is used for matched

packets. Enabled only when TCP or UDP are selected in the Protocol list. The field value is either user defined or Any. If Any is selected the IP based ACL is applied to any source port.

■ Destination Port — Defines the destination port that is used for

matched packets. Enabled only when TCP or UDP are selected in the Protocol list. The field value is either user defined or Any. If Any is selected, the IP based ACL is applied to any destination port.

■ TCP Flags — If checked, enables configuration of TCP flags matched

to the packet. The possible fields are:

■ Urg — Urgent pointer field significant. The urgent pointer points to

the sequence number of the octet following the urgent data.

■ Ack — Acknowledgement field significant. The acknowledgement

field is the byte number of the next byte that the sender expects to receive from the receiver.

■ Psh — Push (send) the data as soon as possible, without buffering.

This is used for interactive traffic.

■ Rst — Reset the connection. This invalidates the sequence numbers

and aborts the session between the sender and receiver.

■ Syn — Synchronize Initial Sequence Numbers (ISNs). This is used to

initialize a new connection.

■ Fin — Finish. This indicates there is no more data from the sender.

This marks a normal closing of the session between the sender and receiver.

For each TCP flag, the possible field values are:

■ Set — Enables the TCP flag.

■ Unset — Disables the TCP flag.

■ Don’t Care — Does not check the packet’s TCP flag.

■ ICMP — If checked, enables filtering ICMP packets for an ICMP

message type. The possible values are:

■ Select from List — Selects an ICMP message type from a list.

■ ICMP Type — Specifies an ICMP message type.

■ Any — Does not filter for an ICMP message type.

Defining Access Control Lists 75

■ ICMP Code — If checked, enables specifying an ICMP message code

for filtering ICMP packets. ICMP packets that are filtered by ICMP message type can also be filtered by the ICMP message code.

■ IGMP — If checked, enables filtering IGMP packets for an IGMP

message type. The possible values are:

■ Select from List — Selects an IGMP message type from a list.

■ IGMP Type — Specifies an IGMP message type.

■ Any — Does not filter for an IGMP message type.

■ Source IP Address — If selected, enables matching the source port IP

address to which packets are addressed to the rule, according to a wildcard mask. The field value is either user defined or Any. If Any is selected, accepts any source IP address and disables wildcard mask filtering.

■ Wild Card Mask — Defines the source IP address wildcard mask.

Wildcard masks specify which bits are used and which bits are ignored. A wildcard mask of 255.255.255.255 indicates that no bit is important. A wildcard mask of 0.0.0.0 indicates that all the bits are important. For example, if the source IP address is

149.36.184.198 and the wildcard mask is 0.0.0.255, the first three bytes of the IP address are matched, while the last eight bits are ignored. For the source IP address 149.36.184.198, this wildcard mask matches all IP addresses in the range 149.36.184.0 to

149.36.184.255. A wildcard mask must not contain leading zeroes. For example, a wildcard mask of 010.010.011.010 is invalid, but a wildcard mask of 10.10.11.10 is valid.

■ Destination IP Address — If selected, enables matching the

destination port IP address to which packets are addressed to the rule, according to a wildcard mask. The field value is either user defined or Any. If Any is selected, accepts any destination IP address and disables wildcard mask filtering.

■ Wild Card Mask — Indicates the destination IP Address wildcard

mask. Wildcards are used to mask all or part of a destination IP Address. Wildcard masks specify which bits are used and which bits are ignored. A wildcard mask of 255.255.255.255 indicates that no bit is important. A wildcard mask of 0.0.0.0 indicates that all bits are important. For example, if the destination IP address

149.36.184.198 and the wildcard mask is 0.0.0.255, the first three bytes of the IP address are matched, while the last eight bits are ignored. For the destination IP address 149.36.184.198, this

76 CHAPTER 4: MANAGING DEVICE SECURITY

wildcard mask matches all IP addresses in the range 149.36.184.0 to 149.36.184.255. A wildcard mask must not contain leading zeroes. For example, a wildcard mask of 010.010.011.010 is invalid, but a wildcard mask of 10.10.11.10 is valid.

■ Match DSCP — Matches the packet DSCP value to the ACL. Either

the DSCP value or the IP Precedence value is used to match packets to ACLs.

■ Match IP Precedence — Matches the packet IP Precedence value to

the rule. Either the DSCP value or the IP Precedence value is used to match packets to ACLs.

■ Action — Defines the ACL forwarding action. In addition, the port

can be shut down, a trap can be sent to the network administrator, or packet is assigned rate limiting restrictions for forwarding. The options are as follows:

■ Permit — Forwards packets which meet the ACL criteria.

■ Deny — Drops packets which meet the ACL criteria.

■ Shutdown — Drops packet that meets the ACL criteria, and

disables the port to which the packet was addressed. Ports are reactivated from the

Port Administration Setup Page.

To create a new IP-based ACL:

1 Select Create ACL.

2 Enter the name of the new ACL.

3 Click . The new ACL is created, and the device is updated.

To define a new IP-based ACL rule:

1 Select Selection ACL.

2 Select the ACL from the list.

3 Define the fields for the new ACL rule.

4 Click . The new IP-based ACL rule settings are configured,

and the device is updated.

Defining Access Control Lists 77

Modifying IP Based

ACLs

The IP Based ACL Modify Page allows the network administrator to modify IP Based ACL rules.

To modify an IP-based ACL rule:

1 Click Device > ACL > IP Based ACL > Modify. The IP Based ACL Modify

Page opens:

Monitor users have no access to this page.

Figure 33 IP Based ACL Modify Page

The IP Based ACL Modify Page contains the following fields:

■ Select ACL — Selects the ACL to be modified.

■ Select Rule — Displays a table of rules and their settings associated

with the selected ACL. Highlighting a rule allows the user to modify its settings in the Modify Rule section below.

Modify Rule

■ Priority — Defines the ACL priority. ACLs are checked on the first fit

basis. The ACL priority defines the ACL order in the ACL list.

■ Protocol — Defines the protocol in the rule to which the packet is

matched. The possible fields are:

78 CHAPTER 4: MANAGING DEVICE SECURITY

■ Select from List — Selects a protocol from a list by which packets

are matched to the rule.

■ Protocol ID — Adds user-defined protocols by which packets are

matched to the rule. Each protocol has a specific protocol number which is unique. The possible field range is 0-255.

■ Source Port — Enables creating an ACL based on a specific protocol.

■ Any — Enables creating an ACL based on any protocol.

■ Destination Port — Defines the destination port that is matched to

packets. Enabled only when TCP or UDP are selected in the Protocol list.

■ Any — Enables creating an ACL Based on any protocol.

■ TCP Flags — If checked, enables configuration of TCP flags matched

to the packet. The possible fields are:

■ Urg — Urgent pointer field significant. The urgent pointer points to

the sequence number of the octet following the urgent data.

■ Ack — Acknowledgement field significant. The acknowledgement

field is the byte number of the next byte that the sender expects to receive from the receiver.

■ Psh — Push (send) the data as soon as possible, without buffering.

This is used for interactive traffic.

■ Rst — Reset the connection. This invalidates the sequence numbers

and aborts the session between the sender and receiver.

■ Syn — Synchronize Initial Sequence Numbers (ISNs). This is used to

initialize a new connection.

■ Fin — Finish. This indicates there is no more data from the sender.

This marks a normal closing of the session between the sender and receiver.

For each TCP flag, the possible field values are:

■ Set — Enables the TCP flag.

■ Unset — Disables the TCP flag.

■ Don’t Care — Does not check the packet’s TCP flag.

Defining Access Control Lists 79

■ ICMP — If checked, enables filtering ICMP packets for an ICMP

message type. The possible values are:

■ Select from List — Selects an ICMP message type from a list.

■ ICMP Type — Specifies an ICMP message type.

■ Any — Does not filter for an ICMP message type.

■ ICMP Code — If checked, enables specifying an ICMP message code

for filtering ICMP packets. ICMP packets that are filtered by ICMP message type can also be filtered by the ICMP message code.

■ IGMP — If checked, enables filtering IGMP packets for an IGMP

message type. The possible values are:

■ Select from List — Selects an IGMP message type from a list.

■ IGMP Type — Specifies an IGMP message type.

■ Any — Does not filter for an IGMP message type.

■ Source IP Address — Matches the source IP address to which

packets are addressed to the rule.

■ Wild Card Mask — Defines the source IP address wildcard mask.

Wildcard masks specify which bits are used and which bits are ignored. A wildcard mask of 255.255.255.255 indicates that no bit is important. A wildcard of 0.0.0.0 indicates that all the bits are important. For example, if the source IP address 149.36.184.198 and the wildcard mask is 0.0.0.255, the first three bytes of the IP address are matched, while the last eight bits are ignored.

■ Destination IP Address — Matches the destination IP address to

which packets are addressed to the rule.

■ Wild Card Mask — Indicates the destination IP Address wildcard

149.36.184.198 and the wildcard mask is 0.0.255.255, the first two bytes of the IP address are used, while the last two bytes are ignored.

■ Match DSCP — Matches the packet DSCP value to the rule. Either the

DSCP value or the IP Precedence value is used to match packets to the rule.

80 CHAPTER 4: MANAGING DEVICE SECURITY

■ Match IP Precedence — Matches the packet IP Precedence value to

the rule. Either the DSCP value or the IP Precedence value is used to match packets to the rule.

■ Action — Selects the ACL forwarding action. In addition, the port can

be shut down, a trap can be sent to the network administrator, or packet is assigned rate limiting restrictions for forwarding. The options are as follows:

■ Permit — Forwards packets which meet the ACL criteria.

■ Deny — Drops packets which meet the ACL criteria.

■ Shutdown — Drops packet that meets the ACL criteria, and

disables the port to which the packet was addressed. Ports are reactivated from the

2 Select an ACL from the Select ACL list.

3 Highlight the rule to be modified.

4 Modify the fields in the Modify Rule section.

5 Click . The ACL rule is modified, and the device is updated.

Port Administration Setup Page.

Removing IP Based

ACLs

The IP Based ACL Remove Page allows the user to remove IP-based ACLs or IP-based ACL rules.

Monitor users have no access to this page.

Click Device > ACL > IP Based ACL > Remove. The IP Based ACL Remove Page opens:

Defining Access Control Lists 81

Figure 34 IP Based ACL Remove Page

The IP Based ACL Remove Page contains the following fields:

■ ACL Name — Selects an ACL name from a list of the IP-based ACLs.

■ Remove ACL — Enables the ACL to be removed.

■ Checkbox (unnamed) — When checked, selects the rule for removal.

The top checkbox is used to select all rules for removal.

■ Priority — Indicates the ACL priority, which determines which ACL is

matched to a packet on a first-match basis. The possible field values are 1-2147483647.

■ Protocol — Indicates the protocol in the rule to which the packet is

matched.

■ Destination Port — Displays the TCP/UDP destination port.

■ Source Port — Displays the TCP/UDP source port to which the ACL is

matched.

■ Flag Set — Indicates the TCP flag matched to the packet.

■ ICMP Type — Indicates the ICMP message type for filtering ICMP

packets.

■ ICMP Code — Indicates the ICMP message code for filtering ICMP

packets. ICMP packets that are filtered by ICMP message type can also be filtered by the ICMP message code.

■ IGMP Type — Indicates the IGMP message type filter.

82 CHAPTER 4: MANAGING DEVICE SECURITY

■ Source Address — Indicates the source IP address.

■ Source Mask — Indicates the source IP address mask.

■ Destination Address — Indicates the destination IP address.

■ Destination Mask — Indicates the destination IP address mask.

■ DSCP — Matches the packet DSCP value to the ACL. Either the DSCP

value or the IP Precedence value is used to match packets to ACLs.

■ IP - Prec. — Indicates matching ip-precedence with the packet IP

precedence value.

■ Action — Indicates the ACL forwarding action. In addition, the port

can be shut down, a trap can be sent to the network administrator, or packet is assigned rate limiting restrictions for forwarding. The options are as follows:

■ Permit — Forwards packets which meet the ACL criteria.

■ Deny — Drops packets which meet the ACL criteria.

■ Shutdown — Drops packet that meets the ACL criteria, and

disables the port to which the packet was addressed. Ports are reactivated from the

Port Administration Setup Page.

To remove an IP-based ACL:

1 Select an ACL Name to be removed.

2 Check Remove ACL.

3 Click . The selected ACL is deleted, and the device is updated.

To remove IP-based ACL rules:

1 Select an ACL Name.

2 For each rule to be removed, check the box to the left of the row in the

rules table. To remove all rules, the topmost box may be checked.

3 Click . The selected ACL rules are deleted, and the device is

updated.

Defining Access Control Lists 83

Viewing ACL Binding The ACL Binding Summary Page displays the user-defined ACLs mapped

to the interfaces.

To view ACL Binding:

1 Click Device > ACL > ACL Binding > Summary. The ACL Binding

Summary Page opens:

Figure 35 ACL Binding Summary Page

The ACL Binding Summary Page contains the following fields:

■ Interface — Displays the port or LAG number to which the ACL is

bound.

■ ACL Name — Displays the name of the ACL which is bound to a

selected port.

84 CHAPTER 4: MANAGING DEVICE SECURITY

Configuring ACL

Binding

The ACL Binding Setup Page allows the network administrator to bind specific ports to MAC- or IP-based ACLs.

The monitor user has no access to this page.

To define ACL Binding:

1 Click Device > ACL > ACL Binding > Setup. The ACL Binding Setup

Page opens:

Figure 36 ACL Binding Setup Page

The ACL Binding Setup Page contains the following fields:

■ Select Port(s) — Selects the ports to be configured.

■ Bind ACL — Assigns an Access Control List to a port or LAG.

■ MAC-based ACL — Displays the MAC based ACL to which the

interface is assigned.

■ IP-based ACL — Displays the IP based ACL to which the interface is

assigned.

■ Select ACL — Selects the ACL from a list of previously defined Access

Control Lists to which the port or LAG can be bound. To bind an ACL to a LAG, the ACL should be bound to its port members.

2 Define the relevant fields.

3 Click . ACL Binding is defined, and the device is updated.

Defining Access Control Lists 85

Removing ACL

Binding

The ACL Binding Remove Page allows the network administrator to remove user-defined ACLs from a selected interface.

Monitor users have no access to this page.

To remove ACL Binding:

1 Click Device > ACL > ACL Binding > Remove. The ACL Binding Remove

Page opens:

Figure 37 ACL Binding Remove Page

The ACL Binding Remove Page contains the following fields:

■ Checkbox (unnamed) — Marks the ACL for removal.

■ Interface — Displays the port interface to which the ACL is bound.

■ ACL Name — Displays the name of ACL to be removed from the

selected port.

2 For each ACL to be removed, check the box to the left of the row in the

table. To remove all ACLs, the topmost box may be checked.

3 Click . The selected ACLs are removed, and the device is

updated.

86 CHAPTER 4: MANAGING DEVICE SECURITY

Enabling Broadcast Storm

Broadcast Storm limits the amount of Multicast and Broadcast frames accepted and forwarded by the device. When Layer 2 frames are forwarded, Broadcast and Multicast frames are flooded to all ports on the relevant VLAN. This occupies bandwidth, and loads all nodes on all ports.

A Broadcast Storm is a result of an excessive amount of broadcast messages simultaneously transmitted across a network by a single port. Forwarded message responses are heaped onto the network, straining network resources or causing the network to time out.

Broadcast Storm is enabled for all Gigabit ports by defining the packet type and the rate the packets are transmitted. The system measures the incoming Broadcast and Multicast frame rates separately on each port, and discards the frames when the rate exceeds a user-defined rate.

Packet threshold is ignored if Broadcast Storm Control is Disabled.

Enabling Broadcast Storm 87

Monitor users have no access to this page.

To define Broadcast Storm Traffic:

1 Click Device > Broadcast Storm > Setup. The Broadcast Storm Setup

Page opens:

Figure 38 Broadcast Storm Setup Page

The Broadcast Storm Setup Page contains the following fields:

■ Broadcast Storm Control — Defines whether forwarding Broadcast

packet types is enabled on the interface.

■ Disabled — Disables broadcast control on the selected port.

■ Broadcast — Enables broadcast control on the selected port.

■ Broadcast&Multicast — Enables broadcast and multicast control on

the selected port.

■ Packet Rate Threshold (3500-1000000) — Defines the maximum

rate (kilobits per second) at which broadcast-only or broadcast and multicast packets are forwarded. The range is 3,500-1,000,000. The default value is 3500.

2 Define the relevant fields.

3 Click . Broadcast Storm is configured, and the device is

updated.

MANAGING SYSTEM INFORMATION

This section contains information for configuring general system information, and includes the following:

■ Viewing System Description

■ Defining System Settings

■ Saving the Device Configuration

■ Resetting the Device

Viewing System

Description

The Device View Page displays parameters for configuring general device information, including the system name, location, and contact, the system MAC Address, System Object ID, System Up Time, and MAC addresses, and both software, boot, and hardware versions.

To view Device Summary Information:

1 Click Device Summary. The Device View Page opens.

Figure 39 Device View Page

The Device View Page contains the following fields:

■ Product Description — Displays the device model number and name

■ System Name — Defines the user-defined device name. The field

range is 0-160 characters.

■ System Location — Defines the location where the system is

currently running. The field range is 0-160 characters.

■ System Contact — Defines the name of the contact person. The field

range is 0-160 characters.

■ Serial Number — Displays the device serial number.

■ Product 3C Number — displays the 3Com device 3C number.

■ System Object ID — Displays the vendor’s authoritative identification

of the network management subsystem contained in the entity.

90 CHAPTER 5: MANAGING SYSTEM INFORMATION

■ MAC Address — Displays the device MAC address.

■ System Up Time — Displays the amount of time since the most

recent device reset. The system time is displayed in the following format: Days, Hours, Minutes, and Seconds. For example, 41 days, 2 hours, 22 minutes and 15 seconds.

■ Software Version — Displays the installed software version number.

■ Boot Version — Displays the current boot version running on the

device.

■ Hardware Version — Displays the current hardware version of the

device.

■ Poll Now — Enables polling the ports for port information including

speed, utilization and port status.

Defining System

Settings

The following section allows system administrators to configure advanced system settings. The section includes the following topics:

■ Configuring System Name

■ Configuring System Time

92 CHAPTER 5: MANAGING SYSTEM INFORMATION

Configuring System

Name

The System Name Page allows the Network Administrator to provide a user-defined system name, location, and contact information for the device.

Monitor users have read-only permissions on this page.

To configure the System Name:

1 Click Administration > System Name > System Name. The System

Name Page opens:

Figure 40 System Name Page

The System Name Page includes the following fields:

■ System Name — Defines the user-defined device name. The field

length is 0-100 characters.

■ System Location — Defines the location where the system is

currently running. The field length is 0-100 characters.

■ System Contact — Defines the name of the contact person. The field

length is 0-100 characters.

2 Define the fields.

3 Click . The System Name is enabled, and the device is updated.

Configuring System

Time

The System Time Setup Page contains fields for defining system time parameters for the local hardware clock. Daylight Savings Time can be enabled on the device.

Monitor users have limited permissions on this page.

To configure the System Time:

1 Click Administration > System Time > Setup. The System Time Setup

Page opens:

Figure 41 System Time Setup Page

The System Time Setup Page contains the following fields:

Local Settings

■ Hours — Sets the hour. The field range is 0-23.

■ Minutes — Sets the minutes. The field range is 0-59.

■ Seconds — Sets the seconds. The field range is 0-59.

■ Month — Sets the month. The field range is 1-12.

■ Day — Sets the day. The field range is 1-31.

■ Yea r — Sets the year. The field range is 2000-2037.

94 CHAPTER 5: MANAGING SYSTEM INFORMATION

■ Daylight Saving — Enables setting automatic Daylight Savings Time

(DST) on the device, either on a non-recurring or recurring basis. In the non-recurring case, DST is configured to apply to one specific period of time only, defined by specifying the begin and end times, months, days, and years. Non-recurring settings need to be changed every year. In the recurring case, the year is not specified, so that the time and date settings apply to every year. The possible field values are:

■ USA — The device switches to DST at 2:00 a.m. from the second

Sunday in March, and reverts to standard time at 2:00 a.m. on the first Sunday of November.

■ European — The device switches to DST at 1:00 am on the last

Sunday in March and reverts to standard time at 1:00 am on the last Sunday in October. The European option applies to EU members, and other European countries using the EU standard.

■ Other — The DST definitions are user-defined based on the device

locality. If Other is selected, the From and To fields must be defined.

■ Time Set Offset — Sets the offset (in minutes) to be applied to the

system time at the beginning and end of DST. The default is 60 minutes. The field range is 1-1440.

■ From — Configures the non-recurring time and date on which DST

begins in countries other than the USA and Europe. The fields to set are:

■ Hours — The hour of the day at which DST begins. The field range

is 0-23.

■ Minutes — The minute of the hour at which DST begins. The field

range is 0-59.

■ Month — The month of the year in which DST begins. The field

range is 1-12.

■ Day — The day of the month at which DST begins. The field range

is 1-31.

■ Year — The year in which DST begins. The field range is

2000-2037.

■ To — Configures the non-recurring time and date on which DST ends

in countries other than the USA and Europe. The fields to set are:

■ Hours — The hour of the day at which DST ends. The field range is

0-23.

■ Minutes — The minute of the hour at which DST ends. The field

range is 0-59.

■ Month — The month of the year in which DST ends. The field

range is 1-12.

■ Day — The day of the month at which DST ends. The field range is

1-31.

■ Year — The year in which DST ends. The field range is 2000-2037.

■ Recurring — Enables user-defined DST for countries in which DST is

constant from year to year, other than the USA and Europe.

■ From — Configures the recurring time and date on which DST begins

every year. The fields to set are:

■ Day — Selects the weekday on which DST begins every year.

■ Week — Selects the week of the month from which DST begins

every year.

■ Month — Selects the month of the year in which DST begins every

year.

■ Time — The time of day at which DST begins every year. The field

format is HH:MM, where HH is the 2-digit hour and MM is the 2-digit minute.

■ To — Configures the recurring time and date on which DST ends

every year. The fields to set are:

■ Day — Selects the weekday on which DST ends every year.

■ Week — Selects the week of the month at which DST ends every

year.

■ Month — Selects the month of the year in which DST ends every

year.

■ Time — The time of day at which DST ends every year. The field

format is HH:MM, where HH is the 2-digit hour and MM is the 2-digit minute.

2 Define the Local Settings time and date fields.

3 To configure the device to automatically switch to DST, select Daylight

Saving and select USA, European, or Other. If you select Other:

a To configure DST parameters that recur every year, select Recurring. b Define the From and To fields.

4 Click . The time, date and DST settings are saved, and the device

is updated.

96 CHAPTER 5: MANAGING SYSTEM INFORMATION

Saving the Device

Configuration

The Save Configuration Page allows the latest device configuration to be saved to the flash memory.

Monitor users have no access to this page.

To save the device configuration:

1 Click Save Configuration. The Save Configuration Page opens:

Figure 42 Save Configuration Page

The following message appears:

The operation will save your configuration. Do you wish to continue?

2 Click . The latest device configuration is saved, and the device is

updated.

Resetting the Device The Reset Page enables resetting the device from a remote location.

To prevent the current configuration from being lost, save the current device configuration before resetting the device.

Monitor users have no access to this page.

To reset the device configuration:

1 Click Administration > Reset. The Reset Page opens:

Figure 43 Reset Page

The Reset Page contains the following fields:

■ Reset the device by pressing the ‘Reboot’ button. — Reboots the

device.

■ Return the device to factory default by pressing the “Initialize’

button — Returns the device to factory defaults. The possible values are:

■ Initialize with Current IP Address — Returns the device to factory

defaults, but maintains the current IP address.

■ Initialize with Default IP Address — Returns the device to factory

defaults, including the IP address.

2 Define the fields.

3 Click or . The device is reset.

CONFIGURING PORTS

This section contains information for configuring Port Settings, and includes the following sections:

■ Viewing Port Settings

■ Defining Port Settings

■ Viewing Port Details

Viewing Port Settings The Port Administration Summary Page permits the network manager to

view the current ports configuration. When configuring the port speed and port Duplex mode, please note the following:

■ Setting the port speed to 10/100/1000 and the Duplex mode to Half =

admin speed is = 10/100/1000 half and no advertisement.

■ Setting the port speed to 10/100/1000 and the Duplex mode to Full =

admin speed is = 10/100/1000 full and no advertisement.

■ Setting the port speed to 10/100/1000 and the Duplex mode to Auto

= admin speed is = Admin Advertisement = 10/100/1000 full and half.

■ Setting the port speed to Auto and Duplex mode to Half = Admin

Advertisement = 10+100+1000 half.

■ Setting the port speed to Auto and Duplex mode to Full = Auto -

Admin Advertisement = 10+100+1000 and Full.

■ Setting the port speed to 10/100/1000 and the Duplex mode to Auto

= Admin Advertisement = 10/100/1000 Full+Half.

100 CHAPTER 6: CONFIGURING PORTS

To view Port Settings:

1 Click Port > Administration > Summary. The Port Administration

Summary Page opens:

Figure 44 Port Administration Summary Page

The Port Administration Summary Page contains the following fields:

■ Port — Indicates the selected port number.

■ Port Status — Indicates whether the port is currently operational or

non-operational. The possible field values are:

■ Up — Indicates the port is currently operating.

■ Down — Indicates the port is currently not operating.

■ Suspended — Indicates the port has been shutdown through a

device security option

■ Port Speed — Displays the configured rate for the port. The port type

determines what speed setting options are available. Port speeds can only be configured when auto negotiation is disabled. The possible field values are:

3COM 2924-PWR User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

3Com® Baseline Switch 2924-PWR Plus

ABOUT THIS GUIDE

User Guide Overview

Intended Audience 5

Conventions Ta bl e 1 lists conventions that are used throughout this guide.

Related Documentation

CONTENTS

GETTING STARTED

About the Switch 2924-PWR

Front Panel Detail 15

LED Status Indicators

System Specifications

Installing the Switch

Setting Up for Management

Methods of Managing a Switch

■ Web Interface Management

SNMP Management You can manage a switch using any network management workstation

Switch Setup Overview

IP Configuration The switch’s IP configuration is determined automatically using DHCP, or

Using the Command Line Interface (CLI)

Setting Up Web Interface Management

Setting Up SNMP Management V1 or V2

Default Users and Passwords

Upgrading Software using the CLI

USING THE 3COM WEB INTERFACE

Starting the 3Com Web Interface

■ Multi-Session Web Connections

Understanding the 3Com Web Interface

Figure 9 Device Representation

Using Screen and Table Options

Saving the Configuration

Resetting the Device

Restoring Factory Defaults

Logging Off the Device

VIEWING BASIC SETTINGS

Viewing Color Keys The Color Key Page provides information regarding the RJ45 or SFP port

MANAGING DEVICE SECURITY

Configuring System Access

Defining RADIUS Clients

Defining Port-Based Authentication (802.1X)

Defining Access Control Lists

Viewing ACL Binding The ACL Binding Summary Page displays the user-defined ACLs mapped

Enabling Broadcast Storm

MANAGING SYSTEM INFORMATION

Resetting the Device The Reset Page enables resetting the device from a remote location.

CONFIGURING PORTS

Viewing Port Settings The Port Administration Summary Page permits the network manager to