Accton Technology ES5508 User Manual

Powered by Accton

ES5508
8 XFP Slot Layer 2
10 Gigabit Ethernet Switch

Management Guide

www.edge-core.com

Management Guide

10 Gigabit Ethernet Switch

Layer 2 Standalone Switch with
8 10GBASE XFP Slots, and
1 10/100BASE-TX RJ-45 Management Port

ES5508
F3.0.0.3 E042005-R01
149100022900A

Contents

Chapter 1: Introduction 1-1

Key Features 1-1
Description of Software Features 1-2
System Defaults 1-4

Chapter 2: Initial Configuration 2-1

Connecting to the Switch 2-1

Configuration Options 2-1
Required Connections 2-2
Remote Connections 2-3

Basic Configuration 2-3

Console Connection 2-3
Setting Passwords 2-4
Setting an IP Address 2-4

Manual Configuration 2-4
Dynamic Configuration 2-5

Enabling SNMP Management Access 2-6

Community Strings (for SNMP version 1 and 2c clients) 2-6
Trap Receivers 2-7
Configuring Access for SNMP Version 3 Clients 2-8

Saving Configuration Settings 2-8

Managing System Files 2-9

Chapter 3: Configuring the Switch 3-1

Using the Web Interface 3-1
Navigating the Web Browser Interface 3-2

Home Page 3-2
Configuration Options 3-3
Panel Display 3-3
Main Menu 3-4

Basic Configuration 3-9

Displaying System Information 3-9
Displaying Switch Hardware/Software Versions 3-10
Displaying Bridge Extension Capabilities 3-12
Setting the Switch’s IP Address 3-13

Manual Configuration 3-14

Using DHCP/BOOTP 3-15
Configuring Support for Jumbo Frames 3-16
Managing Firmware 3-17

Downloading System Software from a Server 3-18

v

Contents

Saving or Restoring Configuration Settings 3-20

Downloading Configuration Settings from a Server 3-21
Console Port Settings 3-22
Telnet Settings 3-24
Configuring Event Logging 3-26

System Log Configuration 3-26

Remote Log Configuration 3-27

Displaying Log Messages 3-29

Sending Simple Mail Transfer Protocol Alerts 3-29
Resetting the System 3-31
Setting the System Clock 3-32

Configuring SNTP 3-32

Setting the Time Zone 3-33

Simple Network Management Protocol 3-34

Enabling the SNMP Agent 3-35
Setting Community Access Strings 3-36
Specifying Trap Managers and Trap Types 3-37
Configuring SNMPv3 Management Access 3-39

Setting a Local Engine ID 3-40

Specifying a Remote Engine ID 3-40

Configuring SNMPv3 Users 3-41

Configuring Remote SNMPv3 Users 3-43

Configuring SNMPv3 Groups 3-45

Setting SNMPv3 Views 3-49

User Authentication 3-50

Configuring User Accounts 3-50
Configuring Local/Remote Logon Authentication 3-52
Configuring HTTPS 3-55

Replacing the Default Secure-site Certificate 3-56
Configuring the Secure Shell 3-57

Generating the Host Key Pair 3-58

Configuring the SSH Server 3-60
Configuring Port Security 3-62
Configuring 802.1X Port Authentication 3-64

Displaying 802.1X Global Settings 3-65

Configuring 802.1X Global Settings 3-66

Configuring Port Settings for 802.1X 3-66

Displaying 802.1X Statistics 3-69
Filtering IP Addresses for Management Access 3-71

Access Control Lists 3-73

Configuring Access Control Lists 3-73

Setting the ACL Name and Type 3-74

Configuring a Standard IP ACL 3-74

Configuring an Extended IP ACL 3-75

Configuring a MAC ACL 3-78

vi

Contents

Configuring ACL Masks 3-80

Specifying the Mask Type 3-80
Configuring an IP ACL Mask 3-81
Configuring a MAC ACL Mask 3-83

Binding a Port to an Access Control List 3-84

Port Configuration 3-85

Displaying Connection Status 3-85
Configuring Interface Connections 3-88
Creating Trunk Groups 3-90

Statically Configuring a Trunk 3-91
Enabling LACP on Selected Ports 3-92
Configuring LACP Parameters 3-94
Displaying LACP Port Counters 3-97
Displaying LACP Settings and Status for the Local Side 3-98

Displaying LACP Settings and Status for the Remote Side 3-100
Setting Broadcast Storm Thresholds 3-101
Configuring Port Mirroring 3-103
Configuring Rate Limits 3-104
Showing Port Statistics 3-105

Address Table Settings 3-109

Setting Static Addresses 3-109
Displaying the Address Table 3-110
Changing the Aging Time 3-112

Spanning Tree Algorithm Configuration 3-112

Displaying Global Settings 3-113
Configuring Global Settings 3-116
Displaying Interface Settings 3-120
Configuring Interface Settings 3-123
Configuring Multiple Spanning Trees 3-125
Displaying Interface Settings for MSTP 3-129
Configuring Interface Settings for MSTP 3-130

VLAN Configuration 3-132

IEEE 802.1Q VLANs 3-132

Enabling or Disabling GVRP (Global Setting) 3-135

Displaying Basic VLAN Information 3-135

Displaying Current VLANs 3-136

Creating VLANs 3-137

Adding Static Members to VLANs (VLAN Index) 3-138

Adding Static Members to VLANs (Port Index) 3-140

Configuring VLAN Behavior for Interfaces 3-141
Configuring Private VLANs 3-143

Enabling Private VLANs 3-143

Configuring Uplink and Downlink Ports 3-144
Configuring Protocol-Based VLANs 3-144

Configuring Protocol Groups 3-145

vii

Contents

Mapping Protocols to VLANs 3-146

Class of Service Configuration 3-147

Layer 2 Queue Settings 3-147

Setting the Default Priority for Interfaces 3-147
Mapping CoS Values to Egress Queues 3-149
Selecting the Queue Mode 3-151
Setting the Service Weight for Traffic Classes 3-151

Layer 3/4 Priority Settings 3-153

Mapping Layer 3/4 Priorities to CoS Values 3-153
Selecting IP Precedence/DSCP Priority 3-153
Mapping IP Precedence 3-154
Mapping DSCP Priority 3-155
Mapping IP Port Priority 3-157
Mapping CoS Values to ACLs 3-158

Multicast Filtering 3-159

IGMP Protocol 3-160
Layer 2 IGMP (Snooping and Query) 3-160

Configuring IGMP Snooping and Query Parameters 3-161
Displaying Interfaces Attached to a Multicast Router 3-163
Specifying Static Interfaces for a Multicast Router 3-164
Displaying Port Members of Multicast Services 3-165
Assigning Ports to Multicast Services 3-166

Configuring Domain Name Service 3-167

Configuring General DNS Service Parameters 3-167
Configuring Static DNS Host to Address Entries 3-169
Displaying the DNS Cache 3-171

Chapter 4: Command Line Interface 4-1

Using the Command Line Interface 4-1

Accessing the CLI 4-1
Console Connection 4-1
Telnet Connection 4-1

Entering Commands 4-3

Keywords and Arguments 4-3
Minimum Abbreviation 4-3
Command Completion 4-3
Getting Help on Commands 4-3

Showing Commands 4-4
Partial Keyword Lookup 4-5
Negating the Effect of Commands 4-5
Using Command History 4-5
Understanding Command Modes 4-5
Exec Commands 4-6
Configuration Commands 4-6

viii

Contents

Command Line Processing 4-7
Command Groups 4-8
Line Commands 4-9

line 4-10

login 4-11

password 4-12

timeout login response 4-12

exec-timeout 4-13

password-thresh 4-14

silent-time 4-14

databits 4-15

parity 4-16

speed 4-16

stopbits 4-17

disconnect 4-17

show line 4-18
General Commands 4-19

enable 4-19

disable 4-20

configure 4-20

show history 4-21

reload 4-21

end 4-22

exit 4-22

quit 4-23
System Management Commands 4-23

Device Designation Commands 4-24

prompt 4-24
hostname 4-24

User Access Commands 4-25

username 4-25
enable password 4-26

IP Filter Commands 4-27

management 4-27
show management 4-28

Web Server Commands 4-29

ip http port 4-29
ip http server 4-29
ip http secure-server 4-30
ip http secure-port 4-31

Telnet Server Commands 4-32

ip telnet server 4-32

Secure Shell Commands 4-32

ip ssh server 4-35
ip ssh timeout 4-35

ix

Contents

ip ssh authentication-retries 4-36
ip ssh server-key size 4-36
delete public-key 4-37
ip ssh crypto host-key generate 4-37
ip ssh crypto zeroize 4-38
ip ssh save host-key 4-39
show ip ssh 4-39
show ssh 4-39
show public-key 4-40

Event Logging Commands 4-41

logging on 4-42
logging history 4-42
logging host 4-43
logging facility 4-44
logging trap 4-44
clear log 4-45
show logging 4-46
show log 4-47

SMTP Alert Commands 4-48

logging sendmail host 4-48
logging sendmail level 4-49
logging sendmail source-email 4-49
logging sendmail destination-email 4-50
logging sendmail 4-50
show logging sendmail 4-51

Time Commands 4-51

sntp client 4-52
sntp server 4-52
sntp poll 4-53
show sntp 4-54
clock timezone 4-54
calendar set 4-55
show calendar 4-55

System Status Commands 4-56

show startup-config 4-56
show running-config 4-58
show system 4-60
show users 4-61
show version 4-61

Frame Size Commands 4-62

jumbo frame 4-62

Flash/File Commands 4-63

copy 4-63
delete 4-65
dir 4-66

x

Contents

whichboot 4-67

boot system 4-67
Authentication Commands 4-68

Authentication Sequence 4-69

authentication login 4-69
authentication enable 4-70

RADIUS Client 4-71

radius-server host 4-71
radius-server port 4-72
radius-server key 4-72
radius-server retransmit 4-73
radius-server timeout 4-73
show radius-server 4-73

TACACS+ Client 4-74

tacacs-server host 4-74
tacacs-server port 4-75
tacacs-server key 4-75
show tacacs-server 4-76

Port Security Commands 4-76

port security 4-77

802.1X Port Authentication 4-78
dot1x system-auth-control 4-79
dot1x default 4-79
dot1x max-req 4-79
dot1x port-control 4-80
dot1x operation-mode 4-80
dot1x re-authenticate 4-81
dot1x re-authentication 4-81
dot1x timeout quiet-period 4-82
dot1x timeout re-authperiod 4-82
dot1x timeout tx-period 4-83
show dot1x 4-83

Access Control List Commands 4-86

IP ACLs 4-87

access-list ip 4-88
access-list ip extended fragment-auto-mask 4-89
permit, deny (Standard ACL) 4-89
permit, deny (Extended ACL) 4-90
show ip access-list 4-92
access-list ip mask-precedence 4-92
mask (IP ACL) 4-93
show access-list ip mask-precedence 4-96
ip access-group 4-97
show ip access-group 4-97
map access-list ip 4-98

xi

Contents

show map access-list ip 4-98
match access-list ip 4-99
show marking 4-100

MAC ACLs 4-100

access-list mac 4-101
permit, deny (MAC ACL) 4-102
show mac access-list 4-103
access-list mac mask-precedence 4-104
mask (MAC ACL) 4-104
show access-list mac mask-precedence 4-106
mac access-group 4-107
show mac access-group 4-107
map access-list mac 4-108
show map access-list mac 4-108
match access-list mac 4-109

ACL Information 4-110

show access-list 4-110
show access-group 4-110

SNMP Commands 4-111

snmp-server 4-111
show snmp 4-112
snmp-server community 4-113
snmp-server contact 4-113
snmp-server location 4-114
snmp-server host 4-114
snmp-server enable traps 4-116
snmp-server engine-id 4-117
show snmp engine-id 4-118
snmp-server view 4-119
show snmp view 4-120
snmp-server group 4-120
show snmp group 4-121
snmp-server user 4-122
show snmp user 4-124

Interface Commands 4-125

interface 4-125
description 4-126
speed-duplex 4-126
negotiation 4-127
capabilities 4-128
shutdown 4-129
switchport broadcast packet-rate 4-129
clear counters 4-130
show interfaces status 4-130
show interfaces counters 4-131

xii

Contents

show interfaces switchport 4-132

Mirror Port Commands 4-134

port monitor 4-134
show port monitor 4-135

Rate Limit Commands 4-136

rate-limit 4-136

Link Aggregation Commands 4-137

channel-group 4-138
lacp 4-139
lacp system-priority 4-140
lacp admin-key (Ethernet Interface) 4-141
lacp admin-key (Port Channel) 4-141
lacp port-priority 4-142
show lacp 4-143

Address Table Commands 4-146

mac-address-table static 4-147
clear mac-address-table dynamic 4-148
show mac-address-table 4-148
mac-address-table aging-time 4-149
show mac-address-table aging-time 4-149

Spanning Tree Commands 4-150

spanning-tree 4-151
spanning-tree mode 4-151
spanning-tree forward-time 4-152
spanning-tree hello-time 4-153
spanning-tree max-age 4-153
spanning-tree priority 4-154
spanning-tree pathcost method 4-155
spanning-tree transmission-limit 4-155
spanning-tree mst-configuration 4-156
mst vlan 4-156
mst priority 4-157
name 4-157
revision 4-158
max-hops 4-159
spanning-tree spanning-disabled 4-159
spanning-tree cost 4-160
spanning-tree port-priority 4-161
spanning-tree edge-port 4-161
spanning-tree portfast 4-162
spanning-tree link-type 4-163
spanning-tree mst cost 4-163
spanning-tree mst port-priority 4-164
spanning-tree protocol-migration 4-165
show spanning-tree 4-166

xiii

Contents

show spanning-tree mst configuration 4-168

VLAN Commands 4-168

Editing VLAN Groups 4-168

vlan database 4-169
vlan 4-169

Configuring VLAN Interfaces 4-170

interface vlan 4-170
switchport mode 4-171
switchport acceptable-frame-types 4-172
switchport ingress-filtering 4-172
switchport native vlan 4-173
switchport allowed vlan 4-174
switchport forbidden vlan 4-175

Displaying VLAN Information 4-175

show vlan 4-176

Configuring Private VLANs 4-177

pvlan 4-177
show pvlan 4-178

Configuring Protocol-based VLANs 4-178

protocol-vlan protocol-group (Configuring Groups) 4-179
protocol-vlan protocol-group (Configuring Interfaces) 4-179
show protocol-vlan protocol-group 4-180
show interfaces protocol-vlan protocol-group 4-181

GVRP and Bridge Extension Commands 4-181

bridge-ext gvrp 4-182
show bridge-ext 4-182
switchport gvrp 4-183
show gvrp configuration 4-183
garp timer 4-184
show garp timer 4-185

Priority Commands 4-185

Priority Commands (Layer 2) 4-186

queue mode 4-186
switchport priority default 4-187
queue bandwidth 4-188
queue cos-map 4-188
show queue mode 4-189
show queue bandwidth 4-190
show queue cos-map 4-190

Priority Commands (Layer 3 and 4) 4-191

map ip port (Global Configuration) 4-191
map ip port (Interface Configuration) 4-191
map ip precedence (Global Configuration) 4-192
map ip precedence (Interface Configuration) 4-193
map ip dscp (Global Configuration) 4-193

xiv

Contents

map ip dscp (Interface Configuration) 4-194
show map ip port 4-195
show map ip precedence 4-196
show map ip dscp 4-196

Multicast Filtering Commands 4-197

IGMP Snooping Commands 4-198

ip igmp snooping 4-198
ip igmp snooping vlan static 4-198
ip igmp snooping version 4-199
show ip igmp snooping 4-199
show mac-address-table multicast 4-200

IGMP Query Commands (Layer 2) 4-201

ip igmp snooping querier 4-201
ip igmp snooping query-count 4-201
ip igmp snooping query-interval 4-202
ip igmp snooping query-max-response-time 4-202
ip igmp snooping router-port-expire-time 4-203

Static Multicast Routing Commands 4-204

ip igmp snooping vlan mrouter 4-204
show ip igmp snooping mrouter 4-205

IP Interface Commands 4-205

Basic IP Configuration 4-205

ip address 4-206
ip default-gateway 4-207

ip dhcp restart 4-207

show ip interface 4-208
show ip redirects 4-208
ping 4-209

DNS Commands 4-210

ip host 4-210
clear host 4-211
ip domain-name 4-211
ip domain-list 4-212
ip name-server 4-213
ip domain-lookup 4-214
show hosts 4-215
show dns 4-215
show dns cache 4-216
clear dns cache 4-216

xv

Contents

Appendix A: Software Specifications A-1

Software Features A-1
Management Features A-2
Standards A-2
Management Information Bases A-3

Appendix B: Troubleshooting B-1

Problems Accessing the Management Interface B-1
Using System Logs B-2

Glossary

Index

xvi

Tables

Table 1-1 Key Features 1-1
Table 1-2 System Defaults 1-4
Table 3-1 Web Page Configuration Buttons 3-3
Table 3-2 Switch Main Menu 3-4
Table 3-3 Logging Levels 3-26
Table 3-4 SNMPv3 Security Models and Levels 3-35
Table 3-5 Supported Notification Messages 3-46
Table 3-6 HTTPS System Support 3-55
Table 3-7 802.1X Statistics 3-69
Table 3-8 LACP Port Counters 3-97
Table 3-9 LACP Internal Configuration Information 3-98
Table 3-10 LACP Neighbor Configuration Information 3-100
Table 3-11 Port Statistics 3-105
Table 3-12 Mapping CoS Values to Egress Queues 3-149
Table 3-13 CoS Priority Levels 3-149
Table 3-14 Mapping IP Precedence 3-154
Table 3-15 Mapping DSCP Priority 3-155
Table 3-16 Egress Queue Priority Mapping 3-158
Table 4-1 General Command Modes 4-5
Table 4-2 Configuration Command Modes 4-7
Table 4-3 Keystroke Commands 4-7
Table 4-4 Command Group Index 4-8
Table 4-5 Line Commands 4-9
Table 4-6 General Commands 4-19
Table 4-7 System Management Commands 4-23
Table 4-8 Device Designation Commands 4-24
Table 4-9 User Access Commands 4-25
Table 4-10 Default Login Settings 4-25
Table 4-11 IP Filter Commands 4-27
Table 4-12 Web Server Commands 4-29
Table 4-13 HTTPS System Support 4-30
Table 4-14 Telnet Server Commands 4-32
Table 4-15 Secure Shell Commands 4-33
Table 4-16 show ssh - display description 4-40
Table 4-17 Event Logging Commands 4-41
Table 4-18 Logging Levels 4-43
Table 4-19 show logging flash/ram - display description 4-46
Table 4-20 show logging trap - display description 4-47
Table 4-21 SMTP Alert Commands 4-48
Table 4-22 Time Commands 4-51
Table 4-23 System Status Commands 4-56

xvii

Tables

Table 4-24 Frame Size Commands 4-62
Table 4-25 Flash/File Commands 4-63
Table 4-26 File Directory Information 4-66
Table 4-27 Authentication Commands 4-68
Table 4-28 Authentication Sequence Commands 4-69
Table 4-29 RADIUS Client Commands 4-71
Table 4-30 TACACS+ Client Commands 4-74
Table 4-31 Port Security Commands 4-76
Table 4-32 802.1X Port Authentication Commands 4-78
Table 4-33 Access Control List Commands 4-87
Table 4-34 IP ACL Commands 4-87
Table 4-35 Egress Queue Priority Mapping 4-98
Table 4-36 MAC ACL Commands 4-100
Table 4-37 Mapping CoS Values to MAC ACLs 4-108
Table 4-38 ACL Information Commands 4-110
Table 4-39 SNMP Commands 4-111
Table 4-40 show snmp engine-id - display description 4-118
Table 4-41 show snmp view - display description 4-120
Table 4-42 show snmp group - display description 4-122
Table 4-43 show snmp user - display description 4-124
Table 4-44 Interface Commands 4-125
Table 4-45 show interfaces switchport - display description 4-133
Table 4-46 Mirror Port Commands 4-134
Table 4-47 Rate Limit Commands 4-136
Table 4-48 Link Aggregation Commands 4-137
Table 4-49 show lacp counters - display description 4-143
Table 4-50 show lacp internal - display description 4-144
Table 4-51 show lacp neighbors - display description 4-145
Table 4-53 Address Table Commands 4-146
Table 4-52 show lacp sysid - display description 4-146
Table 4-54 Spanning Tree Commands 4-150
Table 4-55 VLAN Commands 4-168
Table 4-56 Editing VLAN Groups 4-168
Table 4-57 Configuring VLAN Interfaces 4-170
Table 4-58 Displaying VLAN Information 4-175
Table 4-59 Private VLAN Commands 4-177
Table 4-60 Protocol-based VLAN Commands 4-178
Table 4-61 GVRP and Bridge Extension Commands 4-181
Table 4-62 Priority Commands 4-185
Table 4-63 Priority Commands (Layer 2) 4-186
Table 4-64 Default CoS Priority Levels 4-189
Table 4-65 Priority Commands (Layer 3 and 4) 4-191
Table 4-66 Mapping IP Precedence to CoS Values 4-193
Table 4-67 Mapping IP DSCP to CoS Values 4-194
Table 4-68 Multicast Filtering Commands 4-197

xviii

Tables

Table 4-69 IGMP Snooping Commands 4-198
Table 4-70 IGMP Query Commands (Layer 2) 4-201
Table 4-71 Static Multicast Routing Commands 4-204
Table 4-72 Basic IP Configuration Commands 4-205
Table 4-73 DNS Commands 4-210
Table 4-74 show dns cache - display description 4-216
Table B-1 Troubleshooting Chart B-1

xix

Tables

xx

Figures

Figure 3-1 Home Page 3-2
Figure 3-2 Front Panel Indicators 3-3
Figure 3-3 System Information 3-9
Figure 3-4 Switch Information 3-11
Figure 3-5 Displaying Bridge Extension Configuration 3-12
Figure 3-6 IP Interface Configuration - Manual 3-14
Figure 3-7 Default Gateway 3-14
Figure 3-8 IP Interface Configuration - DHCP 3-15
Figure 3-9 Configuring Support for Jumbo Frames 3-16
Figure 3-10 Copy Firmware 3-18
Figure 3-11 Setting the Startup Code 3-18
Figure 3-12 Deleting Files 3-19
Figure 3-13 Downloading Configuration Settings for Start-Up 3-21
Figure 3-14 Setting the Startup Configuration Settings 3-21
Figure 3-15 Configuring the Console Port 3-23
Figure 3-16 Configuring the Telnet Interface 3-25
Figure 3-17 System Logs 3-27
Figure 3-18 Remote Logs 3-28
Figure 3-19 Displaying Logs 3-29
Figure 3-20 Enabling and Configuring SMTP Alerts 3-30
Figure 3-21 Resetting the System 3-31
Figure 3-22 SNTP Configuration 3-32
Figure 3-23 Clock Time Zone 3-33
Figure 3-24 Enabling the SNMP Agent 3-35
Figure 3-25 Configuring SNMP Community Strings 3-36
Figure 3-26 Configuring SNMP Trap Managers 3-39
Figure 3-27 Setting the SNMPv3 Engine ID 3-40
Figure 3-28 Setting an Engine ID 3-41
Figure 3-29 Configuring SNMPv3 Users 3-42
Figure 3-30 Configuring Remote SNMPv3 Users 3-44
Figure 3-31 Configuring SNMPv3 Groups 3-48
Figure 3-32 Configuring SNMPv3 Views 3-49
Figure 3-33 User Accounts 3-51
Figure 3-34 Authentication Server Settings 3-54
Figure 3-35 HTTPS Settings 3-56
Figure 3-36 SSH Host-Key Settings 3-59
Figure 3-37 SSH Server Settings 3-61
Figure 3-38 Port Security 3-63
Figure 3-39 802.1X Global Information 3-65
Figure 3-40 802.1X Global Configuration 3-66
Figure 3-41 802.1X Port Configuration 3-67

xxi

Figures

Figure 3-42 802.1X Port Statistics 3-70
Figure 3-43 IP Filter 3-72
Figure 3-44 Selecting ACL Type 3-74
Figure 3-45 ACL Configuration - Standard IP 3-75
Figure 3-46 ACL Configuration - Extended IP 3-77
Figure 3-47 ACL Configuration - MAC 3-79
Figure 3-48 Selecting ACL Mask Types 3-80
Figure 3-49 ACL Mask Configuration - IP 3-82
Figure 3-50 ACL Mask Configuration - MAC 3-83
Figure 3-51 ACL Port Binding 3-85
Figure 3-52 Port - Port Information 3-86
Figure 3-53 Port - Port Configuration 3-89
Figure 3-54 Static Trunk Configuration 3-91
Figure 3-55 LACP Trunk Configuration 3-93
Figure 3-56 LACP - Aggregation Port 3-95
Figure 3-57 LACP - Port Counters Information 3-97
Figure 3-58 LACP - Port Internal Information 3-99
Figure 3-59 LACP - Port Neighbors Information 3-100
Figure 3-60 Port Broadcast Control 3-102
Figure 3-61 Mirror Port Configuration 3-103
Figure 3-62 Rate Limit Configuration 3-104
Figure 3-63 Port Statistics 3-108
Figure 3-64 Static Addresses 3-110
Figure 3-65 Dynamic Addresses 3-111
Figure 3-66 Address Aging 3-112
Figure 3-67 STA Information 3-115
Figure 3-68 STA Global Configuration 3-119
Figure 3-69 STA Port Information 3-122
Figure 3-70 STA Port Configuration 3-125
Figure 3-71 MSTP VLAN Configuration 3-127
Figure 3-72 MSTP Port Information 3-129
Figure 3-73 MSTP Port Configuration 3-131
Figure 3-74 Globally Enabling GVRP 3-135
Figure 3-75 VLAN Basic Information 3-135
Figure 3-76 VLAN Current Table 3-136
Figure 3-77 VLAN Static List - Creating VLANs 3-138
Figure 3-78 VLAN Static Table - Adding Static Members 3-139
Figure 3-79 VLAN Static Membership by Port 3-140
Figure 3-80 VLAN Port Configuration 3-142
Figure 3-81 Private VLAN Status 3-143
Figure 3-82 Private VLAN Link Status 3-144
Figure 3-83 Protocol VLAN Configuration 3-145
Figure 3-84 Protocol VLAN Port Configuration 3-146
Figure 3-85 Default Port Priority 3-148
Figure 3-86 Traffic Classes 3-150

xxii

Figures

Figure 3-87 Queue Mode 3-151
Figure 3-88 Queue Scheduling 3-152
Figure 3-89 IP Precedence/DSCP Priority Status 3-153
Figure 3-90 IP Precedence Priority 3-154
Figure 3-91 IP DSCP Priority 3-156
Figure 3-92 IP Port Priority Status 3-157
Figure 3-93 IP Port Priority 3-157
Figure 3-94 ACL CoS Priority 3-159
Figure 3-95 IGMP Configuration 3-162
Figure 3-96 Multicast Router Port Information 3-163
Figure 3-97 Static Multicast Router Port Configuration 3-164
Figure 3-98 Displaying Port Members of Multicast Services 3-165
Figure 3-99 Specifying Multicast Port Membership 3-166
Figure 3-100 DNS General Configuration 3-168
Figure 3-101 DNS Static Host Table 3-170
Figure 3-102 DNS Cache 3-171

xxiii

Figures

xxiv

Chapter 1: Introduction

This switch provides a broad range of features for Layer 2 switching. It includes a
management agent that allows you to configure the features listed in this manual.
The default configuration can be used for most of the features provided by this
switch. However, there are many options that you should configure to maximize the
switch’s performance for your particular network environment.

Key Features

Table 1-1 Key Features

Feature Description

Configuration Backup
and Restore

Authentication Console, Telnet, web – User name / password, RADIUS, TACACS+

Access Control Lists Supports up to 32 IP or MAC ACLs

DHCP Client Supported

DNS Client and proxy service

Port Configuration Speed and duplex mode

Rate Limiting Input and output rate limiting per port

Port Mirroring One or more ports mirrored to single analysis port

Port Trunking Supports up to 4 trunks using either static or dynamic trunking (LACP)

Broadcast Storm
Control

Address Table Up to 16K MAC addresses in forwarding table

IEEE 802.1D Bridge Supports dynamic data switching and addresses learning

Store-and-Forward
Switching

Spanning Tree
Algorithm

Virtual LANs Up to 255 using IEEE 802.1Q, port-based, protocol-based, or private VLANs

Traffic Prioritization Default port priority, traffic class map, queue scheduling, IP Precedence, or

Multicast Filtering Supports IGMP snooping and query

Backup to TFTP server

Web – SSL/HTTPS; Telnet – SSH
SNMP v1/2c - Community strings
SNMP version 3 – MD5 or SHA password
Port – IEEE 802.1X, MAC address filtering

Supported

Supported to ensure wire-speed switching while eliminating bad frames

Supports standard STP, Rapid Spanning Tree Protocol (RSTP), and Multiple
Spanning Trees (MSTP)

Differentiated Services Code Point (DSCP), and TCP/UDP Port

1-1

Introduction

1

Description of Software Features

The switch provides a wide range of advanced performance enhancing features.
Broadcast storm suppression prevents broadcast traffic storms from engulfing the
network. Untagged (port-based), tagged, and protocol-based VLANs, plus support
for automatic GVRP VLAN registration provide traffic security and efficient use of
network bandwidth. CoS priority queueing ensures the minimum delay for moving
real-time multimedia data across the network. While multicast filtering provides
support for real-time network applications. Some of the management features are
briefly described below.

Configuration Backup and Restore – You can save the current configuration
settings to a file on a TFTP server, and later download this file to restore the switch
configuration settings.

Authentication – This switch authenticates management access via the console
port, Telnet or web browser. User names and passwords can be configured locally or
can be verified via a remote authentication server (i.e., RADIUS or TACACS+).
Port-based authentication is also supported via the IEEE 802.1X protocol. This
protocol uses Extensible Authentication Protocol over LANs (EAPOL) to request
user credentials from the 802.1X client, and then uses the EAP between the switch
and the authentication server to verify the client’s right to access the network via an
authentication server (i.e., RADIUS server).

Other authentication options include HTTPS for secure management access via the
web, SSH for secure management access over a Telnet-equivalent connection,
SNMP Version 3, IP address filtering for SNMP/web/Telnet management access,
and MAC address filtering for port access.

Access Control Lists – ACLs provide packet filtering for IP frames (based on
address, protocol, TCP/UDP port number or TCP control code) or any frames
(based on MAC address or Ethernet type). ACLs can by used to improve
performance by blocking unnecessary network traffic or to implement security
controls by restricting access to specific network resources or protocols.

Rate Limiting – This feature controls the maximum rate for traffic transmitted or
received on an interface. Rate limiting is configured on interfaces at the edge of a
network to limit traffic into or out of the network. Traffic that falls within the rate limit is
transmitted, while packets that exceed the acceptable amount of traffic are dropped.

Port Mirroring – The switch can unobtrusively mirror traffic from any port to a
monitor port. You can then attach a protocol analyzer or RMON probe to this port to
perform traffic analysis and verify connection integrity.

Port Trunking – Ports can be combined into an aggregate connection. Trunks can
be manually set up or dynamically configured using IEEE 802.3-2002 (formerly
IEEE 802.3ad) Link Aggregation Control Protocol (LACP). The additional ports
dramatically increase the throughput across any connection, and provide
redundancy by taking over the load if a port in the trunk should fail. The switch
supports up to 4 trunks.

1-2

Description of Software Features

Broadcast Storm Control – Broadcast suppression prevents broadcast traffic from
overwhelming the network. When enabled on a port, the level of broadcast traffic
passing through the port is restricted. If broadcast traffic rises above a pre-defined
threshold, it will be throttled until the level falls back beneath the threshold.

Static Addresses – A static address can be assigned to a specific interface on this
switch. Static addresses are bound to the assigned interface and will not be moved.
When a static address is seen on another interface, the address will be ignored and
will not be written to the address table. Static addresses can be used to provide
network security by restricting access for a known host to a specific port.

IEEE 802.1D Bridge – The switch supports IEEE 802.1D transparent bridging. The
address table facilitates data switching by learning addresses, and then filtering or
forwarding traffic based on this information. The address table supports up to 16K
addresses.

Store-and-Forward Switching – The switch copies each frame into its memory
before forwarding them to another port. This ensures that all frames are a standard
Ethernet size and have been verified for accuracy with the cyclic redundancy check
(CRC). This prevents bad frames from entering the network and wasting bandwidth.

To avoid dropping frames on congested ports, the switch provides 256 KB for frame
buffering. This buffer can queue packets awaiting transmission on congested
networks.

Spanning Tree Algorithm – The switch supports these spanning tree protocols:

Spanning Tree Protocol (STP, IEEE 802.1D) – This protocol provides loop detection
and recovery by allowing two or more redundant connections to be created between
a pair of LAN segments. When there are multiple physical paths between segments,
this protocol will choose a single path and disable all others to ensure that only one
route exists between any two stations on the network. This prevents the creation of
network loops. However, if the chosen path should fail for any reason, an alternate
path will be activated to maintain the connection.

Rapid Spanning Tree Protocol (RSTP, IEEE 802.1w) – This protocol reduces the
convergence time for network topology changes to about 3 to 5 seconds, compared
to 30 seconds or more for the older IEEE 802.1D STP standard. It is intended as a
complete replacement for STP, but can still interoperate with switches running the
older standard by automatically reconfiguring ports to STP-compliant mode if they
detect STP protocol messages from attached devices.

Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) – This protocol is a direct
extension of RSTP. It can provide an independent spanning tree for different VLANs.
It simplifies network management, provides for even faster convergence than RSTP
by limiting the size of each region, and prevents VLAN members from being
segmented from the rest of the group (as sometimes occurs with IEEE 802.1D STP).

Virtual LANs – The switch supports up to 255 VLANs. A Virtual LAN is a collection
of network nodes that share the same collision domain regardless of their physical
location or connection point in the network. The switch supports tagged VLANs
based on the IEEE 802.1Q standard. Members of VLAN groups can be dynamically

1

1-3

Introduction

1

learned via GVRP, or ports can be manually assigned to a specific set of VLANs.
This allows the switch to restrict traffic to the VLAN groups to which a user has been
assigned. By segmenting your network into VLANs, you can:

• Eliminate broadcast storms which severely degrade performance in a flat network.

• Simplify network management for node changes/moves by remotely configuring
VLAN membership for any port, rather than having to manually change the network
connection.

• Provide data security by restricting all traffic to the originating VLAN.

• Use private VLANs to restrict traffic to pass only between data ports and the uplink
ports, thereby isolating adjacent ports within the same VLAN, and allowing you to
limit the total number of VLANs that need to be configured.

• Use protocol VLANs to restrict traffic to specified interfaces based on protocol type.

Traffic Prioritization – This switch prioritizes each packet based on the required
level of service, using eight priority queues with strict or Weighted Round Robin
Queuing. It uses IEEE 802.1p and 802.1Q tags to prioritize incoming traffic based on
input from the end-station application. These functions can
independent priorities for delay-sensitive data and best-effort data.

This switch also supports several common methods of prioritizing layer 3/4 traffic to
meet application requirements. Traffic can be prioritized based on the priority bits in
the IP frame’s Type of Service (ToS) octet or the number of the TCP/UDP port.
When these services are enabled, the priorities are mapped to a Class of Service
value by the switch, and the traffic then sent to the corresponding output queue.

Multicast Filtering – Specific multicast traffic can be assigned to its own VLAN to
ensure that it does not interfere with normal network traffic and to guarantee
real-time delivery by setting the required priority level for the designated VLAN. The
switch uses IGMP Snooping and Query to manage multicast group registration.

be used to provide

System Defaults

The switch’s system defaults are provided in the configuration file
“Factory_Default_Config.cfg.” To reset the switch defaults, this file should be set as
the startup configuration file (page 3-21).

The following table lists some of the basic system defaults.

Table 1-2 System Defaults

Function Parameter Default

Console Port
Connection

1-4

Baud Rate auto

Data bits 8

Stop bits 1

Parity none

Local Console Timeout 0 (disabled)

Table 1-2 System Defaults (Continued)

Function Parameter Default

Authentication Privileged Exec Level Username “admin”

Normal Exec Level Username “guest”

Enable Privileged Exec from Normal
Exec Level

RADIUS Authentication Disabled

TACACS Authentication Disabled

802.1X Port Authentication Disabled

HTTPS Enabled

SSH Disabled

Port Security Disabled

IP Filtering Disabled

Web Management HTTP Server Enabled

HTTP Port Number 80

HTTP Secure Server Enabled

HTTP Secure Port Number 443

SNMP SNMP Agent Enabled

Community Strings “public” (read only)

Traps Authentication traps: enabled

SNMP V3 View: defaultview

Port Configuration Admin Status Enabled

Flow Control

Rate Limiting Input and output limits Disabled

Port Trunking Static Trunks None

LACP (all ports) Disabled

Broadcast Storm
Protection

Spanning Tree
Algorithm

Status Enabled

Broadcast Limit Rate 1042 packets per second

Status Enabled, MSTP

Fast Forwarding (Edge Port) Disabled

*

Password “admin”

Password “guest”

Password “super”

“private” (read/write)

Link-up-down events: enabled

Group: public (read only); private (read/write)

Disabled

(Defaults: All values based on IEEE 802.1s)

System Defaults

1

1-5

Introduction

1

Table 1-2 System Defaults (Continued)

Function Parameter Default

Address Table Aging Time 300 seconds

Virtual LANs Default VLAN 1

PVID 1

Acceptable Frame Type All

Ingress Filtering Disabled

Switchport Mode (Egress Mode) Hybrid: tagged/untagged frames

GVRP (global) Disabled

GVRP (port interface) Disabled

Traffic Prioritization Ingress Port Priority 0

Weighted Round Robin Queue: 0 1 2 3 4 5 6 7

IP Precedence Priority Disabled

IP DSCP Priority Disabled

IP Port Priority Disabled

IP Settings Management. VLAN Any VLAN configured with an IP address

IP Address 0.0.0.0

Subnet Mask 255.0.0.0

Default Gateway 0.0.0.0

DHCP Client: Enabled

DNS

BOOTP Disabled

Multicast Filtering IGMP Snooping Snooping: Enabled

System Log Status Enabled

Messages Logged Levels 0-7 (all)

Messages Logged to Flash Levels 0-3

SMTP Email Alerts Event Handler Enabled (but no server defined)

SNTP Clock Synchronization Disabled

Weight: 1 2 4 6 8 10 12 14

Querier: Disabled

* There are interoperability problems between Flow Control and Head-of-Line (HOL) blocking for the switch ASIC;

Flow Control is therefore not supported for this switch.

1-6