Accton Technology VS4512, VS4512DC User Manual

VDSL Switch-VS4512 VDSL Switch-VS4512DC

Management Guide

VDSL Switch-V4512

VDSL Switch (with AC power connector) supporting 12 VDSL lines, with 2 Slots for Optional 1000BASE-SX, 1000BASE-LX, 1000BASE-T or 1000BASE-X GBIC uplink modules

VDSL Switch-VS4512DC

VDSL Switch (with DC power connector) supporting 12 VDSL lines, with 2 Slots for Optional 1000BASE-SX, 1000BASE-LX, 1000BASE-T or 1000BASE-X GBIC uplink modules

No part of this document may be copied or reproduced in any form or by any means without the prior written consent of Accton Technology Corporation.

Accton makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability, quality, or fitness for any particular purpose. The information in this document is subject to change without notice. Accton reserves the right to make revisions to this publication without obligation to notify any person or entity of any such changes.

International Headquarters

No. 1 Creation Road III, Science-based Industrial Park Hsinchu 300, Taiwan Phone: 886-3-5770-270 Fax: 886-3-5770-267 Internet: support@accton.com.tw

Europe Headquarters

Edificio Conata II, Calle Fructuós Gelabert 6-8, 2

08970 - Sant Joan Despí, Barcelona, Spain. Phone: +34-93-477-4920 Fax: +34-93-477-3774

, 4a,

Asia Pacific Headquarters

1 Claymore Drive #08-05/06 Orchard Towers (Rear Block) Singapore 229594 Phone: +65 238 6556 Fax: +65 238 6466 Internet: www.acctontech.com

Accton is a trademark of Accton Technology Corporation. Other trademarks or brand names mentioned herein are trademarks or registered trademarks of their respective companies.

VS4512 VS4512DC F1.0.4.0 E122003-R02 150000041800A

Contents

Chapter 1: Introduction 1-1

Key Features 1-1 Description of Software Features 1-2 System Defaults 1-5

Chapter 2: Initial Configuration 2-1

Connecting to the Switch 2-1

Configuration Options 2-1 Required Connections 2-2 Remote Connections 2-3

Basic Configuration 2-3

Console Connection 2-3 Setting Passwords 2-4 Setting an IP Address 2-4

Manual Configuration 2-4 Dynamic Configuration 2-5

Enabling SNMP Management Access 2-6

Community Strings 2-6 Trap Receivers 2-7

Saving Configuration Settings 2-7

Managing System Files 2-8

Chapter 3: Configuring the Switch 3-1

Using the Web Interface 3-1 Navigating the Web Browser Interface 3-2

Home Page 3-2 Configuration Options 3-2 Panel Display 3-3 Main Menu 3-3

Basic Configuration 3-7

Displaying System Information 3-7 Displaying Switch Hardware/Software Versions 3-9 Displaying Bridge Extension Capabilities 3-10 Setting the Switch’s IP Address 3-11

Manual Configuration 3-12

Using DHCP/BOOTP 3-13 Fan Status 3-14 Managing Firmware 3-14

Downloading System Software from a Server 3-15

Contents

Saving or Restoring Configuration Settings 3-16

Downloading Configuration Settings from a Server 3-16 Setting the Startup Configuration File 3-17

Copying the Running Configuration to a File 3-17 Resetting the System 3-18 Setting the System Clock 3-18

Configuring SNTP 3-18

Setting the Time Zone 3-19

Simple Network Management Protocol 3-20

Setting Community Access Strings 3-21 Specifying Trap Managers and Trap Types 3-22 Filtering Addresses for SNMP Client Access 3-23

User Authentication. 3-24

Configuring the Logon Password 3-24 Configuring Local/Remote Logon Authentication 3-25 Telnet Settings 3-28 Configuring HTTPS 3-28

Replacing the Default Secure-site Certificate 3-29 Configuring the Secure Shell 3-30 Configuring Port Security 3-31 Configuring 802.1x Port Authentication 3-33

Displaying 802.1x Global Settings 3-34

Configuring 802.1x Global Settings 3-36

Configuring Port Authorization Mode 3-37

Displaying 802.1x Statistics 3-38

Port Configuration 3-39

Displaying Connection Status 3-39 Configuring Interface Connections 3-42 Creating Trunk Groups 3-44

Statically Configuring a Trunk 3-45

Enabling LACP on Selected Ports 3-46 Setting Broadcast Storm Thresholds 3-48 Configuring Port Mirroring 3-49 Configuring Rate Limits 3-50 Showing Port Statistics 3-51

VDSL Configuration 3-56

VDSL Global Configuration 3-56 VDSL Port Configuration 3-58 VDSL Port Link Status 3-61 Displaying VDSL Port Ethernet Statistics 3-64 VDSL Line Configuration 3-65 Displaying VDSL Interface Information 3-66 VDSL Performance Monitor Information 3-69 Monitoring VDSL Performance History 3-72

Contents

Address Table Settings 3-73

Setting Static Addresses 3-73 Displaying the Address Table 3-74 Changing the Aging Time 3-75

Spanning Tree Algorithm Configuration 3-76

Displaying Global Settings 3-77 Configuring Global Settings 3-79 Displaying Interface Settings 3-81 Configuring Interface Settings 3-84

VLAN Configuration 3-86

Overview 3-86

Assigning Ports to VLANs 3-87

Forwarding Tagged/Untagged Frames 3-88 Displaying Basic VLAN Information 3-88 Displaying Current VLANs 3-89 Creating VLANs 3-91 Adding Static Members to VLANs (VLAN Index) 3-92 Adding Static Members to VLANs (Port Index) 3-93 Configuring VLAN Behavior for Interfaces 3-94 Configuring Private VLANs 3-96

Enabling Private VLANs 3-97

Configuring Uplink and Downlink Ports 3-97

Class of Service Configuration 3-98

Setting the Default Priority for Interfaces 3-98 Mapping CoS Values to Egress Queues 3-100 Selecting the Queue Mode 3-101 Setting the Service Weight for Traffic Classes 3-102 Mapping Layer 3/4 Priorities to CoS Values 3-103 Selecting IP Precedence/DSCP Priority 3-103 Mapping IP Precedence 3-104 Mapping DSCP Priority 3-105 Mapping IP Port Priority 3-107 Copy Priority Settings 3-108

Multicast Filtering 3-109

Layer 2 IGMP (Snooping and Query) 3-109

Configuring IGMP Snooping and Query Parameters 3-110

Displaying Interfaces Attached to a Multicast Router 3-111

Specifying Static Interfaces for a Multicast Router 3-112

Displaying Port Members of Multicast Services 3-113

Assigning Ports to Multicast Services 3-114

iii

Contents

Chapter 4: Command Line Interface 4-1

Using the Command Line Interface 4-1

Accessing the CLI 4-1 Console Connection 4-1 Telnet Connection 4-1

Entering Commands 4-3

Keywords and Arguments 4-3 Minimum Abbreviation 4-3 Command Completion 4-3 Getting Help on Commands 4-3

Showing Commands 4-4 Partial Keyword Lookup 4-4 Negating the Effect of Commands 4-5 Using Command History 4-5 Understanding Command Modes 4-5 Exec Commands 4-5 Configuration Commands 4-6 Command Line Processing 4-7

Command Groups 4-8 Line Commands 4-9

line 4-9 login 4-10 password 4-11 exec-timeout 4-12 password-thresh 4-12 silent-time 4-13 databits 4-14 parity 4-14 speed 4-15 stopbits 4-16 disconnect 4-16 show line 4-17

General Commands 4-17

enable 4-18 disable 4-18 configure 4-19 show history 4-19 reload 4-20 end 4-21 exit 4-21 quit 4-21

System Management Commands 4-22

Device Designation Commands 4-22

prompt 4-23

hostname 4-23

Contents

User Access Commands 4-24

username 4-24 enable password 4-25

IP Filter Commands 4-26

management 4-26 show management 4-27

Web Server Commands 4-28

ip http port 4-28 ip http server 4-28 ip http secure-server 4-29 ip http secure-port 4-30 ip telnet server 4-30

Secure Shell Commands 4-31

ip ssh server 4-31 ip ssh timeout 4-32 ip ssh authentication-retries 4-33 disconnect ssh 4-33 show ip ssh 4-34 show ssh 4-34

Event Logging Commands 4-35

logging on 4-35 logging history 4-36 logging host 4-37 logging facility 4-37 logging trap 4-38 clear logging 4-38 show logging 4-39

SMTP Alert Commands 4-40

logging sendmail host 4-41 logging sendmail level 4-41 logging sendmail source-email 4-42 logging sendmail destination-email 4-42 logging sendmail 4-43 show logging sendmail 4-43

Time Commands 4-44

sntp client 4-44 sntp server 4-45 sntp poll 4-46 sntp broadcast client 4-47 show sntp 4-47 clock timezone 4-48 calendar set 4-48 show calendar 4-49

Contents

System Status Commands 4-49

show startup-config 4-49

show running-config 4-51

show system 4-53

show users 4-53

show version 4-54

Flash/File Commands 4-55

copy 4-55 delete 4-57 dir 4-58 whichboot 4-59 boot system 4-59

Authentication Commands 4-60

Authentication Sequence 4-60

authentication login 4-60 RADIUS Client 4-61

radius-server host 4-61

radius-server port 4-62

radius-server key 4-62

radius-server retransmit 4-63

radius-server timeout 4-63

show radius-server 4-64 TACACS+ Client 4-64

tacacs-server host 4-64

tacacs-server port 4-65

tacacs-server key 4-65

show tacacs-server 4-66 Port Security Commands 4-66

port security 4-67

802.1x Port Authentication 4-68

authentication dot1x default 4-68

dot1x default 4-69

dot1x max-req 4-69

dot1x port-control 4-70

dot1x operation-mode 4-70

dot1x re-authenticate 4-71

dot1x re-authentication 4-71

dot1x timeout quiet-period 4-71

dot1x timeout re-authperiod 4-72

dot1x timeout tx-period 4-72

show dot1x 4-73

Contents

SNMP Commands 4-76

snmp-server community 4-76 snmp-server contact 4-77 snmp-server location 4-77 snmp-server host 4-78 snmp-server enable traps 4-79 snmp ip filter 4-80 show snmp 4-81

DHCP Commands 4-82

DHCP Client 4-82

ip dhcp client-identifier 4-82 ip dhcp restart client 4-83

Interface Commands 4-84

interface 4-84 description 4-85 speed-duplex 4-85 negotiation 4-86 capabilities 4-87 flowcontrol 4-88 shutdown 4-89 switchport broadcast packet-rate 4-89 clear counters 4-90 show interfaces status 4-91 show interfaces counters 4-92 show interfaces switchport 4-93

Mirror Port Commands 4-95

port monitor 4-95 show port monitor 4-96

Rate Limit Commands 4-97

rate-limit 4-97

Link Aggregation Commands 4-98

channel-group 4-99 lacp 4-99

VDSL Commands 4-101

efm profile global 4-102 efm profile 4-103 efm reset 4-104 efm shutdown 4-104 efm rdl 4-105 efm interleave 4-106 efm noise-margin 4-107 efm rate-adapt 4-108 efm pbo 4-109 show controllers ethernet-controller 4-109 show controllers efm actual 4-111

vii

Contents

show controllers efm admin 4-112 show controllers efm profile 4-112 show controllers efm status 4-114 show controllers efm remote ethernet mode 4-115 show controllers efm-noise-margin 4-116 show controllers efm channel-performance 4-117 show controllers efm line-table 4-117 show controllers efm phy-table 4-118 show controllers efm channel-table 4-119 show controllers efm current-performance 4-120

Address Table Commands 4-122

mac-address-table static 4-122 clear mac-address-table dynamic 4-123 show mac-address-table 4-123 mac-address-table aging-time 4-124 show mac-address-table aging-time 4-125

Spanning Tree Commands 4-125

spanning-tree 4-126 spanning-tree mode 4-126 spanning-tree forward-time 4-127 spanning-tree hello-time 4-128 spanning-tree max-age 4-128 spanning-tree priority 4-129 spanning-tree pathcost method 4-130 spanning-tree transmission-limit 4-130 spanning-tree cost 4-131 spanning-tree port-priority 4-132 spanning-tree edge-port 4-132 spanning-tree portfast 4-133 spanning-tree link-type 4-134 spanning-tree protocol-migration 4-135 show spanning-tree 4-135

VLAN Commands 4-137

Editing VLAN Groups 4-137

vlan database 4-137

vlan 4-138 Configuring VLAN Interfaces 4-139

interface vlan 4-139

switchport mode 4-140

switchport acceptable-frame-types 4-140

switchport ingress-filtering 4-141

switchport native vlan 4-142

switchport allowed vlan 4-142 Displaying VLAN Information 4-143

show vlan 4-143

viii

Contents

Configuring Private VLANs 4-144

pvlan 4-144 show pvlan 4-145

Bridge Extension Commands 4-146

show bridge-ext 4-146

Priority Commands 4-147

Priority Commands (Layer 2) 4-147

switchport priority default 4-147 queue mode 4-148 queue bandwidth 4-149 queue cos-map 4-150 show queue mode 4-151 show queue bandwidth 4-151 show queue cos-map 4-151

Priority Commands (Layer 3 and 4) 4-152

map ip precedence (Global Configuration) 4-152 map ip precedence (Interface Configuration) 4-153 map ip dscp (Global Configuration) 4-153 map ip dscp (Interface Configuration) 4-154 map ip port (Global Configuration) 4-155 map ip port (Interface Configuration) 4-155 show map ip precedence 4-156 show map ip dscp 4-156 show map ip port 4-157

Multicast Filtering Commands 4-158

IGMP Snooping Commands 4-158

ip igmp snooping 4-158 ip igmp snooping vlan static 4-159 ip igmp snooping version 4-159 show ip igmp snooping 4-160 show mac-address-table multicast 4-161

IGMP Query Commands (Layer 2) 4-161

ip igmp snooping querier 4-162 ip igmp snooping query-count 4-162 ip igmp snooping query-interval 4-163 ip igmp snooping query-max-response-time 4-163 ip igmp snooping router-port-expire-time 4-164

Static Multicast Routing Commands 4-165

ip igmp snooping vlan mrouter 4-165 show ip igmp snooping mrouter 4-166

Contents

IP Interface Commands 4-166

Basic IP Configuration 4-166

ip address 4-167

ip default-gateway 4-168

show ip interface 4-168

show ip redirects 4-169

ping 4-169

Appendix A: Software Specifications A-1

Software Features A-1 Management Features A-2 Standards A-2 Management Information Bases A-3

Appendix B: Troubleshooting C-1

Glossary

Index

Chapter 1: Introduction

The switch provides a broad range of features for Layer 2 switching. It includes a management agent that allows you to configure the features listed in this manual. The default configuration can be used for most of the features provided by this switch. However, there are many options that you should configure to maximize the switch’s performance for your particular network environment.

The switch uses four frequency bands (two downstream and two upstream) for VDSL lines. These frequency bands conform to ANSI Plan 998. Details of the frequency bands are given in the table below.

Key Features

Feature Description

4-Band VDSL Total Bandwidth: 11.1 MHz

Bandwidth Allocation: Downstream 1 (0.9-3.75 MHz), Downstream 2 (5.2-8.5 MHz), Upstream 1 (3.75-5.2 MHz), Upstream 2 (8.5-12 MHz)

Configuration Backup and Restore

Authentication Console, Telnet, web – User name / password, RADIUS,

DHCP Client Supported

Port Configuration Speed, duplex mode and flow control

Rate Limiting Input and output rate limiting per port

Port Mirroring One or more ports mirrored to single analysis port

Port Trunking Supports 1 Gigabit trunk using either static or dynamic trunking

Broadcast Storm Control

Static Address Up to 8K MAC addresses in the forwarding table

IEEE 802.1D Bridge Supports dynamic data switching and addresses learning

Store-and-Forward Switching

Spanning Tree Protocol

Backup to TFTP server

TACACS+ Web – HTTPS; Telnet – SSH SNMP – Community strings, IP address filtering Port – IEEE 802.1x, MAC address filtering

(LACP)

Supported

Supported to ensure wire-speed switching while eliminating bad frames

Supports standard STP and Rapid Spanning Tree Protocol (RSTP)

1-1

Introduction

Feature Description

Virtual LANs Up to 255 using IEEE 802.1Q, port-based, or private VLANs

Traffic Prioritization Default port priority, traffic class map, queue scheduling,

Multicast Filtering Supports IGMP snooping and query

IP Precedence, or Differentiated Services Code Point (DSCP)

Description of Software Features

The switch provides a wide range of advanced performance enhancing features. Flow control eliminates the loss of packets due to bottlenecks caused by port saturation. Broadcast storm suppression prevents broadcast traffic storms from engulfing the network. Port-based VLANs provide traffic security and efficient use of network bandwidth. CoS priority queueing ensures the minimum delay for moving real-time multimedia data across the network. While multicast filtering provides support for real-time network applications. Some of the management features are briefly described below.

Configuration Backup and Restore – You can save the current configuration settings to a file on a TFTP server, and later download this file to restore the switch configuration settings.

Authentication – This switch authenticates management access via the console port, Telnet or web browser. User names and passwords can be configured locally or can be verified via a remote authentication server (i.e., RADIUS or TACACS+). Port-based authentication is also supported via the IEEE 802.1x protocol. This protocol uses the Extensible Authentication Protocol over LANs (EAPOL) to request user credentials from the 802.1x client, and then verifies the client’s right to access the network via an authentication server.

Other authentication options include HTTPS for secure management access via the web, SSH for secure management access over a Telnet-equivalent connection, IP address filtering for SNMP/web/Telnet management access, and MAC address filtering for port access.

Port Configuration – You can manually configure the speed, duplex mode, and flow control used on specific ports, or use auto-negotiation to detect the connection settings used by the attached device. Use the full-duplex mode on ports whenever possible to double the throughput of switch connections. Flow control should also be enabled to control network traffic during periods of congestion and prevent the loss of packets when port buffer thresholds are exceeded. The switch supports flow control based on the IEEE 802.3x standard.

Rate Limiting – This feature controls the maximum rate for traffic transmitted or received on an interface. Rate limiting is configured on interfaces at the edge of a network to limit traffic into or out of the network. Traffic that falls within the rate limit is transmitted, while packets that exceed the acceptable amount of traffic are dropped.

1-2

Description of Software Features

Port Mirroring – The switch can unobtrusively mirror traffic from any port to a monitor port. You can then attach a protocol analyzer or RMON probe to this port to perform traffic analysis and verify connection integrity.

Port Trunking – Ports can be combined into an aggregate connection. Trunks can be manually set up or dynamically configured using IEEE 802.3ad Link Aggregation Control Protocol (LACP). The additional ports dramatically increase the throughput across any connection, and provide redundancy by taking over the load if a port in the trunk should fail. The switch supports one trunk with two Gigabit optional module ports.

Broadcast Storm Control – Broadcast suppression prevents broadcast traffic from overwhelming the network. When enabled on a port, the level of broadcast traffic passing through the port is restricted. If broadcast traffic rises above a pre-defined threshold, it will be throttled until the level falls back beneath the threshold.

Static Addresses – A static address can be assigned to a specific interface on this switch. Static addresses are bound to the assigned interface and will not be moved. When a static address is seen on another interface, the address will be ignored and will not be written to the address table. Static addresses can be used to provide network security by restricting access for a known host to a specific port.

IEEE 802.1D Bridge – The switch supports IEEE 802.1D transparent bridging. The address table facilitates data switching by learning addresses, and then filtering or forwarding traffic based on this information. The address table supports up to 8K addresses.

Store-and-Forward Switching – The switch copies each frame into its memory before forwarding them to another port. This ensures that all frames are a standard Ethernet size and have been verified for accuracy with the cyclic redundancy check (CRC). This prevents bad frames from entering the network and wasting bandwidth.

To avoid dropping frames on congested ports, the switch provides 8 MB for frame buffering. This buffer can queue packets awaiting transmission on congested networks.

Spanning Tree Protocol – The switch supports these spanning tree protocols:

Spanning Tree Protocol (STP, IEEE 802.1D) – This protocol adds a level of fault tolerance by allowing two or more redundant connections to be created between a pair of LAN segments. When there are multiple physical paths between segments, this protocol will choose a single path and disable all others to ensure that only one route exists between any two stations on the network. This prevents the creation of network loops. However, if the chosen path should fail for any reason, an alternate path will be activated to maintain the connection.

Rapid Spanning Tree Protocol (RSTP, IEEE 802.1w) – This protocol reduces the convergence time for network topology changes to about 10% of that required by the older IEEE 802.1D STP standard. It is intended as a complete replacement for STP, but can still interoperate with switches running the older standard by automatically reconfiguring ports to STP-compliant mode if they detect STP protocol messages from attached devices.

1-3

Introduction

Virtual LANs – The switch supports up to 255 VLANs. A Virtual LAN is a collection of network nodes that share the same collision domain regardless of their physical location or connection point in the network. The switch supports tagged VLANs based on the IEEE 802.1Q standard. Members of VLAN groups can be manually assigned to a specific set of VLANs. This allows the switch to restrict traffic to the VLAN groups to which a user has been assigned. By segmenting your network into VLANs, you can:

• Eliminate broadcast storms which severely degrade performance in a flat network.

• Simplify network management for node changes/moves by remotely configuring VLAN membership for any port, rather than having to manually change the network connection.

• Provide data security by restricting all traffic to the originating VLAN.

• Use private VLANs to restrict traffic to pass only between data ports and the uplink ports, thereby isolating adjacent ports within the same VLAN, and allowing you to limit the total number of VLANs that need to be configured.

Traffic Prioritization – This switch prioritizes each packet based on the required level of service, using four priority queues with strict or Weighted Round Robin Queuing. It uses IEEE 802.1p and 802.1Q tags to prioritize incoming traffic based on input from the end-station application. These functions can independent priorities for delay-sensitive data and best-effort data.

This switch also supports several common methods of prioritizing layer 3/4 traffic to meet application requirements. Traffic can be prioritized based on the priority bits in the IP frame’s Type of Service (ToS) octet. When these services are enabled, the priorities are mapped to a Class of Service value by the switch, and the traffic then sent to the corresponding output queue.

Multicast Filtering – Specific multicast traffic can be assigned to its own VLAN to ensure that it does not interfere with normal network traffic and to guarantee real-time delivery by setting the required priority level for the designated VLAN. The switch uses IGMP Snooping and Query to manage multicast group registration.

be used to provide

1-4

System Defaults

The switch’s system defaults are provided in the configuration file “Factory_Default_Config.cfg.” To reset the switch defaults, this file should be set as the startup configuration file (page 3-17).

The following table lists some of the basic system defaults.

Function Parameter Default

IP Settings Management VLAN 1

DHCP Enabled

BOOTP Disabled

User Specified Disabled

IP Address 0.0.0.0

Subnet Mask 255.0.0.0

Default Gateway 0.0.0.0

Console Port Connection

Authentication Privileged Exec Level Username “admin”

Baud Rate 9600

Data bits 8

Stop bits 1

Parity none

Local Console Timeout 0 (disabled)

Password “admin”

Normal Exec Level Username “guest”

Enable Privileged Exec from Normal Exec Level

RADIUS Authentication Disabled

TACACS Authentication Disabled

802.1x Port Authentication Disabled

SSL Enabled

HTTPS Enabled

SSH version 2.0 Enabled

Port Security Disabled

Password “guest”

Password “super”

1-5

Introduction

Function Parameter Default

Web Management HTTP Server Enabled

HTTP Port Number 80

HTTP Secure Server Enabled

HTTP Secure Port Number 443

SNMP Community Strings “public” (read only)

Traps Authentication traps: enabled

IP Filtering Disabled

Port Configuration Admin Status Enabled

Auto-negotiation Enabled

Flow Control Disabled

Port Capability 100BASE-TX –

Module Port Capability 1000BASE-T/SX/LX/LH –

Rate Limiting Input and output limits Disabled

Port Trunking Static Trunks None

LACP (all ports) Disabled

Broadcast Storm Protection

Spanning Tree Protocol

Address Table Aging Time 300 seconds

Virtual LANs Default VLAN 1

Status Enabled (all ports)

Broadcast Limit Rate 500 packets per second

Status Enabled

Fast Forwarding (Edge Port) Disabled

PVID 1

“private” (read/write)

Link-up-down events: enabled

10 Mbps half duplex 10 Mbps full duplex 100 Mbps half duplex 100 Mbps full duplex Full-duplex flow control disabled Symmetric flow control disabled

1000 Mbps full duplex Full-duplex flow control disabled Symmetric flow control disabled

(Defaults: All values based on IEEE 802.1w)

1-6

Function Parameter Default

Acceptable Frame Type All

Ingress Filtering Disabled

Switchport Mode (Egress Mode)

Traffic Prioritization Ingress Port Priority 0

Weighted Round Robin Queue: 0:1

IP Precedence Priority Disabled

IP DSCP Priority Disabled

IP Settings IP Address 0.0.0.0

Subnet Mask 255.0.0.0

Default Gateway 0.0.0.0

DHCP Client: Disabled

BOOTP Disabled

DNS Server Lookup Disabled

Multicast Filtering IGMP Snooping Snooping: Enabled

System Log Status Enabled

Messages Logged Levels 0-7 (all)

Messages Logged to Flash Levels 0-3

SMTP Email Alerts Event Handler Disabled

SNTP Clock Synchronization Disabled

Hybrid: tagged/untagged frames

1:4 2:16 3:64

Querier: Enabled

System Defaults

1-7

Introduction

1-8

Chapter 2: Initial Configuration

Connecting to the Switch

Configuration Options

The switch includes a built-in network management agent. The agent offers a variety of management options, including SNMP, RMON and a Web-based interface. A PC may also be connected directly to the switch for configuration and monitoring via a command line interface (CLI).

Note: The IP address for this switch is assigned by DHCP by default. To change this

address, see “Setting an IP Address” on page 2-4.

The switch’s HTTP Web agent allows you to configure switch parameters, monitor port connections, and display statistics using a standard Web browser such as Netscape Navigator version 6.2 and higher or Microsoft IE version 5.0 and higher. The switch’s Web management interface can be accessed from any computer attached to the network.

The CLI program can be accessed by a direct connection to the RS-232 serial console port on the switch, or remotely by a Telnet connection over the network.

The switch’s management agent also supports SNMP (Simple Network Management Protocol). This SNMP agent permits the switch to be managed from any system in the network using network management software such as HP OpenView.

The switch’s Web interface, CLI configuration program, and SNMP agent allow you to perform the following management functions:

• Set user names and passwords for up to 16 users

• Set an IP interface for a management VLAN

• Configure SNMP parameters

• Enable/disable any port

• Set the speed/duplex mode for any port

• Configure the bandwidth of any port by limiting input or output rates

• Configure up to 255 IEEE 802.1Q VLANs

• Configure IGMP multicast filtering

• Upload and download system firmware via TFTP

• Upload and download switch configuration files via TFTP

• Configure Spanning Tree parameters

• Configure Class of Service (CoS) priority queuing

• Configure one trunk with two Gigabit optional module ports

• Enable port mirroring

2-1

Initial Configuration

• Globally set broadcast storm control

• Display system information and statistics

Required Connections

The switch provides an RS-232 serial port that enables a connection to a PC or terminal for monitoring and configuring the switch. A null-modem console cable is provided with the switch.

Attach a VT100-compatible terminal, or a PC running a terminal emulation program to the switch. You can use the console cable provided with this package, or use a null-modem cable that complies with the wiring assignments shown in the Installation Guide.

To connect a terminal to the console port, complete the following steps:

1. Connect the console cable to the serial port on a terminal, or a PC running

terminal emulation software, and tighten the captive retaining screws on the DB-9 connector.

2. Connect the other end of the cable to the RS-232 serial port on the switch.

3. Make sure the terminal emulation software is set as follows:

• Select the appropriate serial port (COM port 1 or COM port 2).

• Set to any of the following baud rates: 9600, 19200, 38400, 57600, 115200 (Note: Set to 9600 baud if want to view all the system initialization messages.)

• Set the data format to 8 data bits, 1 stop bit, and no parity.

• Set flow control to none.

• Set the emulation mode to VT100.

• When using HyperTerminal, select Terminal keys, not Windows keys.

Notes: 1. When using HyperTerminal with Microsoft® Windows® 2000, make sure that

you have Windows 2000 Service Pack 2 or later installed. Windows 2000 Service Pack 2 fixes the problem of arrow keys not functioning in HyperTerminal’s VT100 emulation. See www.microsoft.com for information on Windows 2000 service packs.

2. Refer to “Line Commands” on page 4-9 for a complete description of console configuration options.

3. Once you have set up the terminal correctly, the console login screen will be displayed.

For a description of how to use the CLI, see “Using the Command Line Interface” on page 4-1. For a list of all the CLI commands and detailed information on using the CLI, refer to “Command Groups” on page 4-8.

2-2

Basic Configuration

Remote Connections

Prior to accessing the switch’s onboard agent via a network connection, you must first configure it with a valid IP address, subnet mask, and default gateway using a console connection, DHCP or BOOTP protocol.

The IP address for this switch is assigned by DHCP by default. To manually configure this address or enable dynamic address assignment via DHCP or BOOTP, see “Setting an IP Address” on page 2-4.

Note: This switch supports four concurrent Telnet sessions.

After configuring the switch’s IP parameters, you can access the onboard configuration program from anywhere within the attached network. The onboard configuration program can be accessed using Telnet from any computer attached to the network. The switch can also be managed by any computer using a web browser (Internet Explorer 5.0 or above, or Netscape Navigator 6.2 or above), or from a network computer using SNMP network management software.

Note: The onboard program only provides access to basic configuration functions. To

access the full range of SNMP management functions, you must use SNMP-based network management software.

Basic Configuration

Console Connection

The CLI program provides two different command levels — normal access level (Normal Exec) and privileged access level (Privileged Exec). The commands available at the Normal Exec level are a limited subset of those available at the Privileged Exec level and allow you to only display information and use basic utilities. To fully configure the switch parameters, you must access the CLI at the Privileged Exec level.

Access to both CLI levels are controlled by user names and passwords. The switch has a default user name and password for each level. To log into the CLI at the Privileged Exec level using the default user name and password, perform these steps:

1. To initiate your console connection, press <Enter>. The “User Access Verification” procedure starts.

2. At the Username prompt, enter “admin.”

3. At the Password prompt, also enter “admin.” (The password characters are not displayed on the console screen.)

4. The session is opened and the CLI displays the “Console#” prompt indicating you have access at the Privileged Exec level.

2-3

Initial Configuration

Setting Passwords

Note: If this is your first time to log into the CLI program, you should define new

passwords for both default user names using the “username” command, record them and put them in a safe place.

Passwords can consist of up to 8 alphanumeric characters and are case sensitive. To prevent unauthorized access to the switch, set the passwords as follows:

1. Open the console interface with the default user name and password “admin” to access the Privileged Exec level.

2. Type “configure” and press <Enter>.

3. Type “username guest password 0 password,” for the Normal Exec level, where password is your new password. Press <Enter>.

4. Type “username admin password 0 password,” for the Privileged Exec level, where password is your new password. Press <Enter>.

Username: admin Password:

CLI session with the VDSL 4Band Switch is opened. To end the CLI session, enter [Exit].

Console#configure Console(config)#username guest password 0 [password] Console(config)#username admin password 0 [password] Console(config)#

Setting an IP Address

You must establish IP address information for the switch to obtain management access through the network. This can be done in either of the following ways:

Manual — You have to input the information, including IP address and subnet mask. If your management station is not in the same IP subnet as the switch, you will also need to specify the default gateway router.

Dynamic — The switch sends IP configuration requests to BOOTP or DHCP address allocation servers on the network.

Manual Configuration

You can manually assign an IP address to the switch. You may also need to specify a default gateway that resides between this device and management stations that exist on another network segment. Valid IP addresses consist of four decimal numbers, 0 to 255, separated by periods. Anything outside this format will not be accepted by the CLI program.

Note: The IP address for this switch is assigned by DHCP by default.

2-4

Basic Configuration

Before you can assign an IP address to the switch, you must obtain the following information from your network administrator:

• IP address for the switch

• Default gateway for the network

• Network mask for this network

To assign an IP address to the switch, complete the following steps:

1. From the Privileged Exec level global configuration mode prompt, type “interface vlan 1” to access the interface-configuration mode. Press <Enter>.

2. Type “ip address ip-address netmask,” where “ip-address” is the switch IP address and “netmask” is the network mask for the network. Press <Enter>.

3. Type “exit” to return to the global configuration mode prompt. Press <Enter>.

4. To set the IP address of the default gateway for the network to which the switch belongs, type “ip default-gateway gateway,” where “gateway” is the IP address of the default gateway. Press <Enter>.

Console(config)#interface vlan 1 Console(config-if)#ip address 192.168.1.5 255.255.255.0 Console(config-if)#exit Console(config)#ip default-gateway 192.168.1.254 Console(config)#

Dynamic Configuration

If you select the “bootp” or “dhcp” option, IP will be enabled but will not function until a BOOTP or DHCP reply has been received. You therefore need to use the “ip dhcp restart client” command to start broadcasting service requests. Requests will be sent periodically in an effort to obtain IP configuration information. (BOOTP and DHCP values can include the IP address, subnet mask, and default gateway.)

If the “bootp” or “dhcp” option is saved to the startup-config file (step 6), then the switch will start broadcasting service requests as soon as it is powered on.

To automatically configure the switch by communicating with BOOTP or DHCP address allocation servers on the network, complete the following steps:

1. From the Global Configuration mode prompt, type “interface vlan 1” to access the interface-configuration mode. Press <Enter>.

2. At the interface-configuration mode prompt, use one of the following commands:

• To obtain IP settings via DHCP, type “ip address dhcp” and press <Enter>.

• To obtain IP settings via BOOTP, type “ip address bootp” and press <Enter>.

3. Type “end” to return to the Privileged Exec mode. Press <Enter>.

4. Type “ip dhcp restart client” to begin broadcasting service requests. Press <Enter>.

2-5

Initial Configuration

5. Wait a few minutes, and then check the IP configuration settings by typing the “show ip interface” command. Press <Enter>.

6. Then save your configuration changes by typing “copy running-config startup-config.” Enter the startup file name and press <Enter>.

Console(config)#interface vlan 1 Console(config-if)#ip address dhcp Console(config-if)#end Console#ip dhcp restart client Console#show ip interface IP address and netmask: 192.168.1.54 255.255.255.0 on VLAN 1, and address mode: User specified. Console#copy running-config startup-config Startup configuration file name []: startup \Write to FLASH Programming.

\Write to FLASH finish. Success.

Enabling SNMP Management Access

The switch can be configured to accept management commands from Simple Network Management Protocol (SNMP) applications such as HP OpenView. You can configure the switch to (1) respond to SNMP requests or (2) generate SNMP traps.

When SNMP management stations send requests to the switch (either to return information or to set a parameter), the switch provides the requested data or sets the specified parameter. The switch can also be configured to send information to SNMP managers (without being requested by the managers) through trap messages, which inform the manager that certain events have occurred.

Community Strings

Community strings are used to control management access to SNMP stations, as well as to authorize SNMP stations to receive trap messages from the switch. You therefore need to assign community strings to specified users or user groups, and set the access level.

The default strings are:

• public - with read-only access. Authorized management stations are only able to

retrieve MIB objects.

• private - with read-write access. Authorized management stations are able to both

retrieve and modify MIB objects.

Note: If you do not intend to utilize SNMP, we recommend that you delete both of the

default community strings. If there are no community strings, then SNMP management access to the switch is disabled.

To prevent unauthorized access to the switch via SNMP, it is recommended that you change the default community strings.

2-6

Basic Configuration

To configure a community string, complete the following steps:

1. From the Privileged Exec level global configuration mode prompt, type “snmp-server community string mode,” where “string” is the community access string and “mode” is rw (read/write) or ro (read only). Press <Enter>. (Note that the default mode is read only.)

2. To remove an existing string, simply type “no snmp-server community string,” where “string” is the community access string to remove. Press <Enter>.

Console(config)#snmp-server community admin rw Console(config)#snmp-server community private Console(config)#

Trap Receivers

You can also specify SNMP stations that are to receive traps from the switch.

To configure a trap receiver, complete the following steps:

1. From the Privileged Exec level global configuration mode prompt, type “snmp-server host host-address community-string,” where “host-address” is the IP address for the trap receiver and “community-string” is the string associated with that host. Press <Enter>.

2. In order to configure the switch to send SNMP notifications, you must enter at least one snmp-server enable traps command. Type “snmp-server enable traps type,” where “type” is either authentication or link-up-down. Press <Enter>.

Console(config)#snmp-server enable traps link-up-down Console(config)#

Saving Configuration Settings

Configuration commands only modify the running configuration file and are not saved when the switch is rebooted. To save all your configuration changes in nonvolatile storage, you must copy the running configuration file to the start-up configuration file using the “copy” command.

To save the current configuration settings, enter the following command:

1. From the Privileged Exec mode prompt, type “copy running-config startup-config” and press <Enter>.

2. Enter the name of the start-up file. Press <Enter>.

Console#copy running-config startup-config Startup configuration file name []: startup \Write to FLASH Programming. \Write to FLASH finish. Success.

Console#

2-7

Initial Configuration

Managing System Files

The switch’s flash memory supports three types of system files that can be managed by the CLI program, Web interface, or SNMP. The switch’s file system allows files to be uploaded and downloaded, copied, deleted, and set as a start-up file.

The three types of files are:

• Configuration — This file stores system configuration information and is created when configuration settings are saved. Saved configuration files can be selected as a system start-up file or can be uploaded via TFTP to a server for backup. A file named “Factory_Default_Config.cfg” contains all the system default settings and cannot be deleted from the system. See “Saving or Restoring Configuration Settings” on page 3-16 for more information.

• Operation Code — System software that is executed after boot-up, also known as run-time code. This code runs the switch operations and provides the CLI and Web management interfaces. See “Managing Firmware” on page 3-14 for more information.

• Diagnostic Code — Software that is run during system boot-up, also known as POST (Power On Self-Test).

Due to the size limit of the flash memory, the switch supports only two operation code files. However, you can have as many diagnostic code files and configuration files as available flash memory space allows.

In the system flash memory, one file of each type must be set as the start-up file. During a system boot, the diagnostic and operation code files set as the start-up file are run, and then the start-up configuration file is loaded.

Note that configuration files should be downloaded using a file name that reflects the contents or usage of the file settings. If you download directly to the running-config, the system will reboot, and the settings will have to be copied from the running-config to a permanent file.

2-8

+ 304 hidden pages