Part No. 060202-10 , Rev. D
June 2007
Alcatel OS-LS-6200
User Guide
www.alcatel.com
An Alcatel service agreement brings your company the assurance of 7x24 no-excuses technical support. You’ll also receive regular software updates to maintain and maximize your Alcatel product’s features and functionality and on-site hardware replacement through our global network of highly qualified service delivery partners. Additionally, with 24-hour-a-day access to Alcatel’s Service and Support web page, you’ll be able to view and update any case (open or closed) that you have reported to Alcatel’s technical support, open a new case or access helpful release notes, technical bulletins, and manuals. For more information on Alcatel’s Service Programs, see our web page at www.ind.alcatel.com, call us at 1-800-995-2696, or email us at support@ind.alcatel.com.
This Manual documents Alcatel 6200 hardware and software.
The functionality described in this Manual is subject to change without notice.
Copyright© 2007 by Alcatel Internetworking, Inc. All rights reserved. This document may not be reproduced in whole or in part without the express written permission of Alcatel Internetworking, Inc.
Alcatel®and the Alcatel logo are registered trademarks of Compagnie Financiére Alcatel, Paris, France. OmniSwitch® and OmniStack® are registered trademarks of Alcatel Internetworking, Inc. Omni Switch/Router™, SwitchExpertSM, the Xylan logo are trademarks of Alcatel Internetworking, Inc. All other brand and product names are trademarks of their respective companies.
26801 West Agoura Road
Calabasas, CA 91301
(818)880-3500 FAX (818) 880-3505 info@ind.alcatel.com
US Customer Support-(800) 995-2696
International Customer Support-(818) 878-4507
Internet-http://eservice.ind.alcatel.com
Warning
This equipment has been tested and found to comply with the limits for Class A digital device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a
commercial environment. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instructions in this guide, may cause interference to radio communications. Operation of this equipment in a residential area is likely to cause interference, in which case the user will be required to correct the interference at his own expense.
The user is cautioned that changes and modifications made to the equipment without
approval of the manufacturer could void the user’s authority to operate this equipment. It is suggested that the user use only shielded and grounded cables to ensure compliance with FCC Rules.
This digital apparatus does not exceed the Class A limits for radio noise emissions from digital apparatus set out in the radio interference regulations of the Canadian department of communications.
Le present appareil numerique níemet pas de bruits radioelectriques depassant les limites applicables aux appareils numeriques de la Class A prescrites dans le reglement sur le brouillage radioelectrique edicte par le ministere des communications du Canada.
Utilice sólo adaptadores con las siguientes características eléctricas y que estén debidamente certificados de acuerdo a la legislación vigente. El uso de otros adaptadores podría dañar el dispositivo y anular la garantía además de provocar riesgos al usuario.
OS-LS-6224P
OS-LS-6248P
OS-LS-6224
OS-LS-6248
OS-LS-6224U
Adaptador:
OS-LS-6224P OS-LS-6248P OS-LS-6248 OS-LS-6224
Características de entrada: |
|
Características de salida: |
AC100/115/220/230V; 50/60Hz; 2.0/1.7/0.9/ |
DC 12V, 4.0A; -50V, 3.6A |
|
0.9A; Clase I |
|
DC 12V, 7.5A; -50V, 7.5A |
AC100/115/220/230V; 50/60Hz; 4.0/3.4/1.8/ |
||
1.8A; Clase I |
|
DC 12V, 4.5A |
AC 100/115/220/230V; 50/60Hz; 0.4/0.4/0.2/ |
||
0.2A; Clase I |
|
DC 12V, 4.5A |
AC100/115/220/230V; 50/60Hz; 0.6/0.6/0.4/ |
||
0.4A; Clase I |
|
DC 12V , 4.5A |
AC 100/115/220/230V 50/60Hz 1.0/1.0/0.5/ |
||
0.5A Clase I |
|
|
Modelo: |
Marca comercial: |
|
OS-LS-62BP-P |
3Y Power |
|
OS-LS-62BP-P |
Alcatel |
|
OS-LS-62BP-DC & OS-LS-62BP |
Accton & 3Y Power |
|
OS-LS-62BP-DC & OS-LS-62BP |
Accton & 3Y Power |
Contents
Contents |
|
Chapter 1: Introduction |
1 |
Key Features ........................................................................................................ |
1 |
Description of Software Features ......................................................................... |
3 |
System Defaults ................................................................................................... |
9 |
Chapter 2: Initial Configuration |
13 |
General Configuration Information ..................................................................... |
14 |
Auto-Negotiation |
15 |
Device Port Default Settings |
15 |
Booting the Switch .............................................................................................. |
16 |
Configuration Overview ...................................................................................... |
18 |
Initial Configuration ............................................................................................. |
18 |
Static IP Address and Subnet Mask |
18 |
User Name |
19 |
SNMP Community Strings |
19 |
Advanced Configuration ..................................................................................... |
21 |
Retrieving an IP Address From a DHCP Server |
21 |
Receiving an IP Address From a BOOTP Server |
22 |
Security Management and Password Configuration .......................................... |
23 |
Configuring Security Passwords Introduction |
23 |
Configuring an Initial Console Password |
24 |
Configuring an Initial Telnet Password |
24 |
Configuring an Initial SSH password |
24 |
Configuring an Initial HTTP Password |
25 |
Configuring an initial HTTPS Password |
25 |
Software Download and Reboot ......................................................................... |
25 |
Software Download through XModem |
25 |
Software Download Through TFTP Server |
26 |
Boot Image Download |
27 |
Startup Menu Functions ..................................................................................... |
28 |
Chapter 3: Configuring the Switch |
33 |
Using the Web Interface ..................................................................................... |
33 |
Navigating the Web Browser Interface ............................................................... |
33 |
Home Page |
33 |
Configuration Options |
34 |
Panel Display |
35 |
Main Menu |
35 |
Managing Device Information ............................................................................. |
36 |
Managing Stacking ............................................................................................. |
37 |
Understanding the Stack Topology |
38 |
Stacking Failover Topology |
38 |
v
Contents |
|
Stacking Members and Unit ID |
38 |
Removing and Replacing Stacking Members |
39 |
Exchanging Stacking Members |
40 |
Switching between the Stacking Master and the Secondary Master |
40 |
Configuring Stacking |
41 |
Resetting the Stack |
42 |
Managing System Logs ...................................................................................... |
43 |
Enabling System Logs |
43 |
Viewing Memory Logs |
45 |
Viewing the Device FLASH Logs |
47 |
Remote Log Configuration |
48 |
Configuring SNTP ............................................................................................... |
51 |
Polling for Unicast Time Information |
51 |
Polling for Anycast Time Information |
51 |
Polling For Broadcast Time Information |
52 |
Defining SNTP Global Settings |
52 |
Defining SNTP Authentication |
53 |
Defining SNTP Servers |
54 |
Defining SNTP Interface Settings |
56 |
Configuring System Time ................................................................................... |
57 |
Configuring Daylight Savings Time |
57 |
Managing System Files ...................................................................................... |
61 |
Downloading System Files |
62 |
Uploading System Files |
64 |
Copying Files |
65 |
Active Image |
66 |
TCAM Resources ............................................................................................... |
67 |
Configuring Interfaces ......................................................................................... |
69 |
Configuring Interface Connections |
69 |
Creating Trunks (LAGs) |
72 |
Configuring LACP |
73 |
Displaying Port Statistics .................................................................................... |
75 |
Interface Statistics |
76 |
Etherlike Statistics |
77 |
Configuring IP Information .................................................................................. |
80 |
Defining IP Addresses |
80 |
Defining Default Gateways |
81 |
Configuring DHCP |
82 |
Configuring ARP |
83 |
Configuring Domain Name Service .................................................................... |
85 |
Configuring General DNS Server Parameters |
86 |
Configuring Static DNS Host to Address Entries |
87 |
Configuring SNMP .............................................................................................. |
88 |
Enabling SNMP |
89 |
Defining SNMP Users |
90 |
vi
Contents
Defining SNMP Group Profiles |
92 |
Defining SNMP Views |
93 |
Defining SNMP Communities |
95 |
Defining SNMP Notification Recipients |
96 |
Defining SNMP Notification Global Parameters |
98 |
Defining SNMP Notification Filters |
100 |
Configuring User Authentication ....................................................................... |
101 |
Defining Local Users Passwords |
101 |
Defining Line Passwords |
102 |
Defining Enable Passwords |
103 |
Configuring Authentication Methods ................................................................ |
104 |
Defining Access Profiles |
104 |
Defining Profile Rules |
107 |
Defining Authentication Profiles |
109 |
Mapping Authentication Methods |
112 |
Defining TACACS+ Methods |
114 |
Defining RADIUS Settings |
115 |
Managing RMON Statistics .............................................................................. |
118 |
Viewing RMON Statistics |
118 |
Defining RMON History Control |
120 |
Viewing the RMON History Table |
121 |
Defining RMON Events Control |
124 |
Viewing the RMON Events Logs |
125 |
Defining RMON Alarms |
126 |
Alcatel Mapping Adjacency Protocol (AMAP) ................................................... |
128 |
Configuring AMAP |
128 |
Viewing Adjacent Devices |
130 |
Configuring LLDP ............................................................................................. |
131 |
Defining LLDP Port Settings |
132 |
Defining Media Endpoint Discovery Network Policy |
133 |
Defining LLDP MED Port Settings |
134 |
Viewing the LLDP Neighbor Information |
135 |
Viewing Neighbor Information Details |
136 |
Managing Power-over-Ethernet Devices .......................................................... |
139 |
Defining PoE System Information |
139 |
Defining PoE Interfaces |
140 |
Device Diagnostic Tests ................................................................................... |
142 |
Configuring Port Mirroring |
142 |
Viewing Integrated Cable Tests |
144 |
Viewing Optical Transceivers |
145 |
Viewing Device Health |
147 |
Configuring Traffic Control ............................................................................... |
149 |
Enabling Storm Control |
149 |
Configuring Port Security |
151 |
802.1X Port-Based Authentication ................................................................... |
153 |
vii
Contents |
|
Advanced Port-Based Authentication |
154 |
Defining Network Authentication Properties |
155 |
Defining Port Authentication |
157 |
Modify Port Authentication Page |
158 |
Configuring Multiple Hosts |
160 |
Defining Authentication Hosts |
162 |
Viewing EAP Statistics |
164 |
Defining Access Control Lists ........................................................................... |
167 |
Configuring Access Control Lists |
167 |
Binding Device Security ACLs |
168 |
Defining IP Based Access Control Lists |
169 |
Defining MAC Based Access Control Lists |
171 |
DHCP Snooping ............................................................................................... |
173 |
DHCP Snooping Properties |
174 |
Defining DHCP Snooping on VLANs |
175 |
Defining Trusted Interfaces |
176 |
Binding Addresses to the DHCP Snooping Database |
177 |
Configuring Option 82 ....................................................................................... |
178 |
Dynamic ARP Inspection .................................................................................. |
179 |
ARP Inspection Properties |
180 |
ARP Inspection Trusted Interface Settings |
181 |
Defining ARP Inspection List |
182 |
Assigning ARP Inspection VLAN Settings |
183 |
IP Source Guard ............................................................................................... |
184 |
Configuring IP Source Guard Properties |
185 |
Defining IP Source Guard Interface Settings |
185 |
Adding Interfaces to the IP Source Guard Database |
186 |
Defining the Forwarding Database ................................................................... |
188 |
Defining Static Forwarding Database Entries |
188 |
Defining Dynamic Forwarding Database Entries |
189 |
Configuring Spanning Tree ............................................................................... |
191 |
Defining Spanning Tree |
192 |
Defining STP on Interfaces |
194 |
Defining Rapid Spanning Tree |
197 |
Defining Multiple Spanning Tree |
199 |
Defining MSTP Instance Settings |
200 |
Defining MSTP Interface Settings |
201 |
Configuring VLANs ........................................................................................... |
204 |
Assigning Ports to VLANs |
204 |
Tagged/Untagged VLANs |
206 |
Displaying Basic VLAN Information |
206 |
Defining VLAN Membership |
207 |
Defining VLAN Interface Settings |
210 |
Defining Customer Mapping for Multicast TV |
211 |
Mapping CPE VLANs |
212 |
viii
Contents
Defining VLAN Groups ..................................................................................... |
213 |
Configuring MAC Based VLAN Groups |
213 |
Configuring Subnet Based VLAN Groups |
214 |
Configuring Protocol Based VLAN Groups |
215 |
Mapping Groups to VLANs |
216 |
Defining GARP |
217 |
Defining GVRP |
219 |
Viewing GVRP Statistics |
220 |
Multicast Filtering ............................................................................................ |
223 |
Defining IGMP Snooping |
223 |
Specifying Static Interfaces for a Multicast Group |
225 |
Displaying Interfaces Attached to a Multicast Router |
227 |
Configuring Multicast TV |
228 |
Defining Multicast TV Membership |
229 |
Configuring Triple Play ..................................................................................... |
230 |
Configuring Quality of Service .......................................................................... |
231 |
Access Control Lists |
232 |
Mapping to Queues |
233 |
QoS Modes |
234 |
Enabling QoS |
235 |
Defining Global Queue Settings |
236 |
Defining Bandwidth Settings |
237 |
Configuring VLAN Rate Limit |
239 |
Mapping CoS Values to Queues |
240 |
Mapping DSCP Values to Queues |
241 |
Defining Basic QoS Settings |
242 |
Defining QoS DSCP Rewriting Settings |
243 |
Defining QoS DSCP Mapping Settings |
244 |
Defining QoS Class Maps |
245 |
Defining Policies |
246 |
Defining Tail Drop |
248 |
Viewing the Policy Table |
248 |
Viewing Policy Bindings |
250 |
Chapter 4: Command Line Interface |
253 |
Using the Command Line Interface .................................................................. |
253 |
Accessing the CLI |
253 |
Console Connection |
253 |
Telnet Connection |
253 |
Entering Commands ......................................................................................... |
255 |
Keywords and Arguments |
255 |
Minimum Abbreviation |
255 |
Command Completion |
255 |
Getting Help on Commands |
255 |
ix
Contents |
|
Partial Keyword Lookup |
257 |
Negating the Effect of Commands |
257 |
Using Command History |
257 |
Understanding Command Modes |
257 |
Exec Commands |
258 |
Configuration Commands |
258 |
Command Line Processing |
259 |
Command Groups ............................................................................................ |
261 |
802.1x Commands ............................................................................................ |
263 |
aaa authentication dot1x |
264 |
dot1x system-auth-control |
265 |
dot1x port-control |
266 |
dot1x re-authentication |
267 |
dot1x timeout re-authperiod |
268 |
dot1x re-authenticate |
269 |
dot1x timeout quiet-period |
269 |
dot1x timeout tx-period |
270 |
dot1x max-req |
271 |
dot1x timeout supp-timeout |
272 |
dot1x timeout server-timeout |
273 |
show dot1x |
274 |
show dot1x users |
277 |
show dot1x statistics |
279 |
ADVANCED FEATURES |
281 |
dot1x auth-not-req |
281 |
dot1x multiple-hosts |
282 |
dot1x single-host-violation |
283 |
dot1x guest-vlan |
284 |
dot1x guest-vlan enable |
285 |
dot1x mac-authentication |
285 |
show dot1x advanced |
286 |
AAA Commands ............................................................................................... |
288 |
aaa authentication login |
288 |
aaa authentication enable |
290 |
login authentication |
291 |
enable authentication |
292 |
ip http authentication |
293 |
ip https authentication |
294 |
show authentication methods |
294 |
password |
296 |
enable password |
296 |
username |
297 |
show users accounts |
298 |
ACL Commands ............................................................................................... |
300 |
ip-access-list |
300 |
x
Contents
permit (ip) |
301 |
deny (IP) |
304 |
mac access-list |
306 |
permit (MAC) |
307 |
deny (MAC) |
308 |
service-acl |
310 |
show access-lists |
310 |
show interfaces access-lists |
311 |
Address Table Commands ............................................................................... |
313 |
bridge address |
314 |
bridge multicast filtering |
315 |
bridge multicast address |
316 |
bridge multicast forbidden address |
317 |
bridge multicast forward-all |
318 |
bridge multicast forbidden forward-all |
319 |
bridge aging-time |
320 |
clear bridge |
320 |
port security |
321 |
port security mode |
321 |
port security max |
322 |
port security routed secure-address |
323 |
show bridge address-table |
324 |
show bridge address-table static |
325 |
show bridge address-table count |
326 |
show bridge multicast address-table |
327 |
show bridge multicast address-table static |
328 |
show bridge multicast filtering |
329 |
show ports security |
330 |
show ports security addresses |
331 |
LLDP Commands ............................................................................................. |
333 |
lldp optional-tlv |
333 |
lldp med enable |
334 |
lldp med network-policy (global) |
334 |
lldp med network-policy (interface) |
335 |
lldp med location |
335 |
clear lldp rx |
336 |
show lldp configuration |
337 |
show lldp med configuration |
337 |
show lldp local |
338 |
show lldp neighbors |
340 |
AMAP Commands ............................................................................................ |
345 |
amap enable |
345 |
amap discovery time |
346 |
amap common time |
346 |
show amap |
346 |
xi
Contents |
|
Clock Commands ............................................................................................. |
348 |
|
349 |
clock set |
349 |
clock source |
350 |
clock timezone |
350 |
clock summer-time |
351 |
sntp authentication-key |
353 |
sntp authenticate |
353 |
sntp trusted-key |
354 |
sntp client poll timer |
355 |
sntp broadcast client enable |
356 |
sntp anycast client enable |
357 |
sntp client enable (Interface) |
357 |
sntp unicast client enable |
358 |
sntp unicast client poll |
359 |
sntp server |
360 |
show clock |
361 |
show sntp configuration |
362 |
show sntp status |
363 |
Configuration and Image File Commands ........................................................ |
365 |
copy |
365 |
delete |
368 |
dir |
369 |
more |
370 |
rename |
371 |
boot system |
372 |
show running-config |
373 |
show startup-config |
373 |
show bootvar |
374 |
Ethernet Configuration Commands .................................................................. |
376 |
interface ethernet |
376 |
interface range ethernet |
377 |
shutdown |
378 |
description |
379 |
speed |
380 |
duplex |
381 |
negotiation |
382 |
flowcontrol |
383 |
mdix |
383 |
back-pressure |
384 |
clear counters |
385 |
set interface active |
386 |
show interfaces advertise |
386 |
show interfaces configuration |
388 |
show interfaces status |
390 |
xii
Contents
show interfaces description |
392 |
show interfaces counters |
392 |
port storm-control broadcast enable |
395 |
port storm-control broadcast rate |
396 |
show ports storm-control |
397 |
GVRP Commands ............................................................................................ |
399 |
gvrp enable (Global) |
399 |
gvrp enable (Interface) |
400 |
garp timer |
401 |
gvrp vlan-creation-forbid |
402 |
gvrp registration-forbid |
402 |
clear gvrp statistics |
403 |
show gvrp configuration |
404 |
show gvrp statistics |
405 |
show gvrp error-statistics |
406 |
IGMP Snooping Commands ............................................................................. |
408 |
ip igmp snooping (Global) |
408 |
ip igmp snooping (Interface) |
409 |
ip igmp snooping host-time-out |
410 |
ip igmp snooping mrouter-time-out |
410 |
ip igmp snooping leave-time-out |
411 |
ip igmp snooping multicast-tv |
412 |
ip igmp snooping querier enable |
413 |
ip igmp snooping querier address |
413 |
ip igmp snooping querier version |
414 |
show ip igmp snooping mrouter |
414 |
show ip igmp snooping interface |
415 |
show ip igmp snooping groups |
416 |
IP Addressing Commands ................................................................................ |
418 |
ip address |
418 |
ip address dhcp |
419 |
ip default-gateway |
420 |
show ip interface |
421 |
arp |
422 |
arp timeout |
423 |
clear arp-cache |
424 |
show arp |
424 |
ip domain-lookup |
425 |
ip domain-name |
426 |
ip name-server |
426 |
ip host |
427 |
clear host |
428 |
clear host dhcp |
429 |
show hosts |
429 |
LACP Commands ............................................................................................. |
431 |
xiii
Contents |
|
lacp system-priority |
431 |
lacp port-priority |
432 |
lacp timeout |
432 |
show lacp ethernet |
433 |
show lacp port-channel |
435 |
Line Commands ................................................................................................ |
437 |
line |
437 |
speed |
438 |
autobaud |
439 |
exec-timeout |
439 |
history |
440 |
history size |
440 |
terminal history |
441 |
terminal history size |
442 |
show line |
443 |
Management ACL Commands ......................................................................... |
445 |
management access-list |
445 |
permit (Management) |
446 |
deny (Management) |
447 |
management access-class |
448 |
show management access-list |
449 |
show management access-class |
450 |
PHY Diagnostics Commands ........................................................................... |
451 |
test copper-port tdr |
451 |
show copper-ports tdr |
452 |
show copper-ports cable-length |
452 |
show fiber-ports optical-transceiver |
453 |
Port Channel Commands ................................................................................. |
455 |
interface port-channel |
455 |
interface range port-channel |
455 |
channel-group |
456 |
show interfaces port-channel |
457 |
Port Monitor Commands ................................................................................... |
458 |
port monitor |
458 |
show ports monitor |
459 |
Power over Ethernet Commands ...................................................................... |
460 |
power inline |
460 |
power inline powered-device |
461 |
power inline priority |
462 |
power inline usage-threshold |
462 |
power inline traps enable |
463 |
show power inline |
464 |
QoS Commands ............................................................................................... |
467 |
qos |
468 |
show qos |
469 |
xiv
Contents
class-map |
469 |
show class-map |
470 |
match |
471 |
policy-map |
472 |
class |
472 |
rate-limit |
473 |
rate-limit (VLAN) |
474 |
show policy-map |
474 |
trust cos-dscp |
475 |
set |
476 |
police |
477 |
service-policy |
478 |
qos aggregate-policer |
478 |
show qos aggregate-policer |
480 |
police aggregate |
481 |
wrr-queue cos-map |
481 |
priority-queue out num-of-queues |
482 |
traffic-shape |
483 |
show qos interface |
484 |
qos wrr-queue threshold |
486 |
qos map dscp-dp |
487 |
qos map policed-dscp |
487 |
qos map dscp-queue |
488 |
qos trust (Global) |
489 |
qos trust (Interface) |
490 |
qos cos |
490 |
qos dscp-mutation |
491 |
qos map dscp-mutation |
492 |
show qos map |
493 |
RADIUS Commands ........................................................................................ |
495 |
radius-server host |
495 |
radius-server key |
497 |
radius-server retransmit |
497 |
radius-server source-ip |
498 |
radius-server timeout |
499 |
radius-server deadtime |
500 |
show radius-servers |
501 |
RMON Commands ........................................................................................... |
503 |
show rmon statistics |
503 |
rmon collection history |
505 |
show rmon collection history |
506 |
show rmon history |
507 |
rmon alarm |
510 |
show rmon alarm-table |
511 |
show rmon alarm |
512 |
xv
Contents |
|
rmon event |
514 |
show rmon events |
514 |
show rmon log |
515 |
rmon table-size |
517 |
SNMP Commands ............................................................................................ |
518 |
snmp-server community |
519 |
snmp-server view |
520 |
snmp-server group |
521 |
snmp-server user |
522 |
snmp-server engineID local |
523 |
snmp-server enable traps |
525 |
snmp-server filter |
525 |
snmp-server host |
526 |
snmp-server v3-host |
528 |
snmp-server trap authentication |
529 |
snmp-server contact |
529 |
snmp-server location |
530 |
snmp-server set |
531 |
show snmp |
531 |
show snmp engineid |
533 |
show snmp views |
534 |
show snmp groups |
535 |
show snmp filters |
536 |
show snmp users |
536 |
Spanning-Tree Commands ............................................................................... |
538 |
spanning-tree |
539 |
spanning-tree mode |
540 |
spanning-tree forward-time |
541 |
spanning-tree hello-time |
542 |
spanning-tree max-age |
543 |
spanning-tree priority |
544 |
spanning-tree disable |
544 |
spanning-tree cost |
545 |
spanning-tree port-priority |
546 |
spanning-tree portfast |
547 |
spanning-tree link-type |
548 |
spanning-tree pathcost method |
549 |
spanning-tree bpdu |
550 |
clear spanning-tree detected-protocols |
551 |
spanning-tree mst priority |
551 |
spanning-tree mst max-hops |
552 |
spanning-tree mst port-priority |
553 |
spanning-tree mst cost |
554 |
spanning-tree mst configuration |
556 |
instance (mst) |
556 |
xvi
Contents
name (mst) |
558 |
revision (mst) |
558 |
show (mst) |
559 |
exit (mst) |
561 |
abort (mst) |
561 |
spanning-tree guard root |
562 |
spanning-tree bpduguard |
563 |
dot1x bpdu |
563 |
show dot1x bpdu |
564 |
show spanning-tree |
564 |
SSH Commands ............................................................................................... |
580 |
ip ssh port |
580 |
ip ssh server |
581 |
crypto key generate dsa |
581 |
crypto key generate rsa |
582 |
ip ssh pubkey-auth |
583 |
crypto key pubkey-chain ssh |
584 |
user-key |
585 |
key-string |
586 |
show ip ssh |
587 |
show crypto key mypubkey |
588 |
show crypto key pubkey-chain ssh |
589 |
Syslog Commands ........................................................................................... |
591 |
logging on |
591 |
logging |
592 |
logging console |
593 |
logging buffered |
594 |
logging buffered size |
595 |
clear logging |
595 |
logging file |
596 |
clear logging file |
597 |
aaa logging |
597 |
file-system logging |
598 |
management logging |
598 |
show logging |
599 |
show logging file |
601 |
show syslog-servers |
603 |
System Management Commands .................................................................... |
604 |
ping |
604 |
traceroute |
606 |
telnet |
608 |
resume |
611 |
reload |
612 |
hostname |
612 |
stack master |
613 |
xvii
Contents |
|
stack reload |
614 |
stack display-order |
614 |
show stack |
615 |
show users |
617 |
show sessions |
617 |
show system |
618 |
show version |
619 |
service cpu-utilization |
620 |
show cpu utilization |
621 |
TACACS+ Commands ...................................................................................... |
622 |
tacacs-server host |
622 |
tacacs-server key |
623 |
tacacs-server timeout |
624 |
tacacs-server source-ip |
625 |
show tacacs |
625 |
Triple Play Commands ..................................................................................... |
627 |
switchport customer vlan |
627 |
switchport customer multicast-tv vlan |
627 |
ip igmp snooping map cpe vlan |
628 |
show ip igmp snooping cpe vlans |
629 |
show ip igmp snooping interface |
629 |
DHCP Snooping, IP Source Guard and ARP Inspection Commands .............. |
631 |
ip dhcp snooping |
632 |
ip dhcp snooping vlan |
633 |
ip dhcp snooping trust |
634 |
ip dhcp information option allowed-untrusted |
634 |
ip dhcp information option |
635 |
ip dhcp snooping verify |
635 |
ip dhcp snooping database |
636 |
ip dhcp snooping database update-freq |
636 |
ip dhcp snooping binding |
637 |
clear ip dhcp snooping database |
638 |
show ip dhcp snooping |
638 |
show ip dhcp snooping binding |
639 |
ip source-guard (global) |
640 |
ip source-guard (interface) |
640 |
ip source-guard binding |
641 |
ip source-guard tcam retries-freq |
642 |
ip source-guard tcam locate |
643 |
show ip source-guard |
643 |
show ip source-guard inactive |
644 |
ip arp inspection |
645 |
ip arp inspection vlan |
646 |
ip arp inspection trust |
646 |
ip arp inspection validate |
647 |
xviii
Contents
ip arp inspection list create |
648 |
ip mac |
648 |
ip arp inspection list assign |
649 |
ip arp inspection logging interval |
650 |
show ip arp inspection |
650 |
show ip arp inspection list |
651 |
User Interface Commands ............................................................................... |
652 |
do |
652 |
enable |
653 |
disable |
654 |
login |
654 |
configure |
655 |
exit (Configuration) |
655 |
exit |
656 |
end |
657 |
help |
657 |
terminal datadump |
658 |
show history |
659 |
show privilege |
659 |
VLAN Commands ............................................................................................. |
661 |
vlan database |
662 |
vlan |
663 |
default-vlan vlan |
664 |
interface vlan |
664 |
interface range vlan |
665 |
name |
666 |
map protocol protocols-group |
666 |
switchport general map protocols-group vlan |
667 |
switchport mode |
668 |
switchport access vlan |
669 |
switchport trunk allowed vlan |
670 |
switchport trunk native vlan |
671 |
switchport general allowed vlan |
672 |
switchport general pvid |
673 |
switchport general ingress-filtering disable |
674 |
switchport general acceptable-frame-type tagged-only |
675 |
switchport forbidden vlan |
676 |
map mac macs-group |
677 |
switchport general map macs-group vlan |
677 |
map subnet subnets-group |
678 |
switchport general map subnets-group vlan |
679 |
switchport protected |
680 |
ip internal-usage-vlan |
681 |
show vlan |
682 |
show vlan internal usage |
683 |
xix
Contents |
|
show interfaces switchport |
684 |
switchport access multicast-tv vlan |
687 |
show vlan protocols-groups |
688 |
show vlan macs-groups |
688 |
show vlan subnets-groups |
689 |
show vlan multicast-tv |
690 |
Web Server Commands ................................................................................... |
691 |
ip http server |
691 |
ip http port |
692 |
ip http exec-timeout |
693 |
ip https server |
693 |
ip https port |
694 |
ip https exec-timeout |
695 |
crypto certificate generate |
695 |
crypto certificate request |
696 |
crypto certificate import |
698 |
ip https certificate |
699 |
show crypto certificate mycertificate |
699 |
show ip http |
700 |
show ip https |
701 |
Appendix A. Configuration Examples |
703 |
Configuring QinQ .............................................................................................. |
704 |
Configuring Customer VLANs using the CLI .................................................... |
707 |
Configuring Multicast TV .................................................................................. |
709 |
Configuring Customer VLANs ........................................................................... |
716 |
Configuring Customer VLANs Using the Web Interface ................................... |
716 |
Appendix B. Software Specifications |
721 |
Software Features ............................................................................................ |
721 |
Management Features ...................................................................................... |
722 |
Standards ......................................................................................................... |
722 |
Management Information Bases ....................................................................... |
723 |
Appendix C. Troubleshooting |
725 |
Problems Accessing the Management Interface .............................................. |
725 |
Using System Logs ........................................................................................... |
726 |
Appendix D. Glossary |
727 |
xx
|
|
|
|
|
|
|
|
|
Figures |
||
Figures |
|
|
|
|
|
|
|
|
|
|
|
Figure 2-1. |
Installation and Configuration |
14 |
|
|
|
Figure 2-2. |
Send File window |
29 |
|
|
|
Figure 3-3. |
Home Page |
34 |
|
|
|
Figure 3-4. |
Ports Panel |
35 |
|
|
|
Figure 3-5. |
System Information Page |
37 |
|
|
|
Figure 3-6. |
Stack Management Topology Page |
41 |
|
|
|
Figure 3-7. |
Stack Management - Reset Page |
42 |
|
|
|
Figure 3-8. |
Logs Settings Page |
44 |
|
||
Figure 3-9. |
Memory Page |
46 |
|
|
|
Figure 3-10. |
FLASH Logs Page |
48 |
|
|
|
Figure 3-11. |
Remote Log Page |
49 |
|
|
|
Figure 3-12. |
SNTP Configuration Page |
53 |
|
|
|
Figure 3-13. |
SNTP Authentication Page |
54 |
|
|
|
Figure 3-14. |
SNTP Servers Page |
55 |
|
|
|
Figure 3-15. |
SNTP Interface Page |
56 |
|
|
|
Figure 3-16. |
Clock Time Zone Page |
61 |
|
|
|
Figure 3-17. |
File Download Page |
63 |
|
|
|
Figure 3-18. |
File Upload Page |
65 |
|
|
|
Figure 3-19. |
Copy Files Page |
66 |
|
|
|
Figure 3-20. |
Active image Page |
67 |
|
|
|
Figure 3-21. |
TCAM Resources Page |
69 |
|
|
|
Figure 3-22. |
Interface Configuration Page |
71 |
|
|
|
Figure 3-23. |
LAG Membership Page |
73 |
|
|
|
Figure 3-24. |
Interface LACP Configuration Page |
75 |
|
|
|
Figure 3-25. |
Statistics Interface Page |
77 |
|
|
|
Figure 3-26. |
Statistics Etherlike Page |
78 |
|
|
|
Figure 3-27. |
IP Interface Page |
81 |
|
|
|
Figure 3-28. |
Default Gateway Page |
82 |
|
|
|
Figure 3-29. |
DHCP Page |
83 |
|
|
|
Figure 3-30. |
ARP Page |
84 |
|
|
|
Figure 3-31. |
DNS Server Page |
86 |
|
|
|
Figure 3-32. |
DNS Host Mapping Page |
88 |
|
|
|
Figure 3-33. |
Engine ID Page |
90 |
|
|
|
Figure 3-34. |
SNMP Users Page |
92 |
|
|
|
Figure 3-35. |
SNMP Groups Page |
93 |
|
|
|
Figure 3-36. |
SNMP Views Page |
94 |
|
|
|
Figure 3-37. |
SNMP Communities Page |
96 |
|
|
|
Figure 3-38. |
SNMP Trap Station Management Page |
98 |
|
|
|
Figure 3-39. |
SNMP Global Trap Settings Page |
99 |
|
|
|
Figure 3-40. |
Trap Filter Settings Page |
100 |
|
|
|
Figure 3-41. |
Local Users Page |
102 |
|
|
|
Figure 3-42. |
Line Page |
103 |
|
|
xxi
Figures
Figure 3-43. |
Enable Page |
104 |
Figure 3-44. Access Profiles Page |
107 |
|
Figure 3-45. Profiles Rules Page |
109 |
|
Figure 3-46. Authentication Profiles Page |
110 |
|
Figure 3-47. Authentication Mapping Page |
113 |
|
Figure 3-48. |
TACACS+ Page |
115 |
Figure 3-49. |
RADIUS Page |
117 |
Figure 3-50. RMON Statistics Page |
119 |
|
Figure 3-51. History Control Page |
121 |
|
Figure 3-52. History Table Page |
122 |
|
Figure 3-53. Events Control Page |
125 |
|
Figure 3-54. Events Logs Page |
126 |
|
Figure 3-55. |
Alarm Page |
128 |
Figure 3-56. AMAP Settings Page |
129 |
|
Figure 3-57. AMAP Adjacencies Page |
130 |
|
Figure 3-58. LLDP Properties Page |
132 |
|
Figure 3-59. LLDP Port Settings Page |
133 |
|
Figure 3-60. MED Networking Policy Page |
134 |
|
Figure 3-61. MED Port Settings Page |
135 |
|
Figure 3-62. LLDP Neighbor Information Page |
136 |
|
Figure 3-63. Details Neighbor Information Page |
138 |
|
Figure 3-64. |
Properties Page |
140 |
Figure 3-65. PoE Interface Page |
142 |
|
Figure 3-66. Port Mirroring Page |
144 |
|
Figure 3-67. Copper Cable Page |
145 |
|
Figure 3-68. Optical Transceiver Page |
146 |
|
Figure 3-69. |
Health Page |
148 |
Figure 3-70. Storm Control Page |
150 |
|
Figure 3-71. Port Security Page |
153 |
|
Figure 3-72. System Information Page |
156 |
|
Figure 3-73. Port Authentication Page |
160 |
|
Figure 3-74. Multiple Hosts Page |
162 |
|
Figure 3-75. Authentication Host Page |
163 |
|
Figure 3-76. |
Statistics Page |
166 |
Figure 3-77. ACL Binding Page |
169 |
|
Figure 3-78. IP Based ACL Page |
171 |
|
Figure 3-79. MAC Based ACL Page |
173 |
|
Figure 3-80. DHCP Snooping Properties Page |
175 |
|
Figure 3-81. VLAN Settings Page |
176 |
|
Figure 3-82. Trusted Interface Page |
177 |
|
Figure 3-83. Binding Database Page |
178 |
|
Figure 3-84. DHCP Option 82 Page |
179 |
|
Figure 3-85. ARP Inspection Properties Page |
181 |
|
Figure 3-86. ARP Inspection Trusted Interface Page |
182 |
|
Figure 3-87. |
ARP Inspection List Page |
183 |
xxii
|
|
|
|
|
|
|
|
Figures |
|
Figure 3-88. |
VLAN Settings Page |
184 |
|
|
Figure 3-89. |
IP Source Guard Properties Page |
185 |
|
|
Figure 3-90. |
Interface Settings Page |
186 |
|
|
Figure 3-91. |
IP Source Guard Binding Database Page |
187 |
|
|
Figure 3-92. |
Static Addresses Page |
189 |
|
|
Figure 3-93. |
Dynamic Addresses Page |
190 |
|
|
Figure 3-94. |
STP General Page |
194 |
|
|
Figure 3-95. |
Interface Configuration Page |
197 |
|
|
Figure 3-96. |
RSTP Page |
199 |
|
|
Figure 3-97. |
MSTP General Page |
200 |
|
|
Figure 3-98. |
MSTP Instance Settings Page |
201 |
|
|
Figure 3-99. |
MSTP Interface Settings Page |
203 |
|
|
Figure 3-100. |
VLAN Basic Information Page |
207 |
|
|
Figure 3-101. |
Current Table Page |
209 |
|
|
Figure 3-102. |
Interface Configuration Page |
211 |
|
|
Figure 3-103. |
Customer Multicast TV VLAN Page |
212 |
|
|
Figure 3-104. |
CPE VLANs Mapping Page |
213 |
|
|
Figure 3-105. |
MAC-Based Groups Page |
214 |
|
|
Figure 3-106. |
Subnet-Based Groups Page |
215 |
|
|
Figure 3-107. |
Protocol Based Groups Page |
216 |
|
|
Figure 3-108. |
Mapping Groups to VLAN Page |
217 |
|
|
Figure 3-109. |
GARP Configuration Page |
218 |
|
|
Figure 3-110. |
GVRP Parameters Page |
220 |
|
|
Figure 3-111. |
GVRP Statistics Page |
221 |
|
|
Figure 3-112. |
IGMP Snooping Page |
225 |
|
|
Figure 3-113. |
Multicast Group Page |
226 |
|
|
Figure 3-114. |
Multicast Forward All Page |
228 |
|
|
Figure 3-115. |
IGMP Snooping Mapping Page |
229 |
|
|
Figure 3-116. |
Multicast TV Membership Page |
230 |
|
|
Figure 3-117. |
CoS Mode Page |
236 |
|
|
Figure 3-118. |
Queue Priority Page |
237 |
|
|
Figure 3-119. |
Bandwidth Configuration Page |
239 |
|
|
Figure 3-120. |
VLAN Rate Limit Page |
240 |
|
|
Figure 3-121. |
CoS to Queue Page |
241 |
|
|
Figure 3-122. |
DSCP Priority Page |
242 |
|
|
Figure 3-123. |
QoS General Page |
243 |
|
|
Figure 3-124. |
DSCP Rewrite Page |
244 |
|
|
Figure 3-125. |
DSCP Mapping Page |
245 |
|
|
Figure 3-126. |
Class Map Page |
246 |
|
|
Figure 3-127. |
Aggregate Policer Page |
247 |
|
|
Figure 3-128. |
Tail Drop Page |
248 |
|
|
Figure 3-129. |
Policy Table Page |
249 |
|
|
Figure 3-130. |
Policy Binding Page |
251 |
|
|
Figure 1. |
VLAN Basic Information Page |
704 |
|
|
Figure 2. |
Add 802.1q VLAN Page |
705 |
|
xxiii
Figures
Figure 3. |
VLAN Interface Configuration Page |
705 |
Figure 4. |
Modify VLAN Interface Configuration Page |
706 |
Figure 5. |
VLAN Current Table |
707 |
Figure 6. |
QinQ Configuration Example |
707 |
Figure 7. |
Triple Play Configuration |
709 |
Figure 8. |
Add VLAN Membership Page |
712 |
Figure 9. |
CPE VLAN Mapping Page |
713 |
Figure 10. |
CPE VLAN Mapping Page |
714 |
Figure 11. |
VLAN Interface Settings Page |
715 |
Figure 12. |
Customer Multicast TV VLAN Page |
716 |
Figure 13. |
VLAN Basic Information Page |
717 |
Figure 14. |
Add VLAN Page |
717 |
Figure 15. |
VLAN Interface Configuration Page |
718 |
Figure 16. |
Modify VLAN Interface Configuration Page |
718 |
Figure 17. |
VLAN Current Table |
719 |
xxiv
The OmniStack® 6200 series has seven platforms:
•OS-LS-6212 – Ethernet based switch with 12 RJ-45 10/100Base-TX ports, two Gigabit combo uplink ports (with SFP or 10/100/1000Base-TX interfaces) and two ports full-duplex Gigabit stacking
•OS-LS-6212P – Ethernet based switch with 12 RJ-45 10/100Base-TX ports providing standard-based Power over Ethernet, two Gigabit combo uplink ports (with SFP or 10/ 100/1000Base-TX interfaces) and two ports full-duplex Gigabit stacking
•OS-LS-6224 – Ethernet based switch with 24 RJ-45 10/100Base-TX ports, two Gigabit combo uplink ports (with SFP or 10/100/1000Base-TX interfaces) and two ports full-duplex Gigabit stacking (optional DC power source)
•OS-LS-6224P – Ethernet based switch with 24 RJ-45 10/100Base-TX ports providing standard-based Power over Ethernet, two Gigabit combo uplink ports (with SFP or 10/100/1000Base-TX interfaces) and two ports full-duplex Gigabit stacking
•OS-LS-6248 – Ethernet based switch with 48 RJ-45 10/100Base-TX ports, two Gigabit combo uplink ports (with SFP or 10/100/1000Base-TX interfaces) and two ports full-duplex Gigabit stacking (optional DC power source)
•OS-LS-6248P – Ethernet based switch with 48 RJ-45 10/100Base-TX ports providing standard-based Power over Ethernet, two Gigabit combo uplink ports (with SFP or 10/100/1000Base-TX interfaces) and two ports full-duplex Gigabit stacking
•OS-LS-6224U – Ethernet based switch with 24 100Base-FX external SFP ports, two Gigabit combo ports with assicuated Mini-GBIC slots or RJ-45 ports and two 1000Base-T stacking ports
All devices have a management port which is used for debugging and management purposes.
This switch provides a broad range of features for switching. It includes a management agent that allows you to configure the features listed in this manual. The default configuration can be used for most of the features provided by this switch. However, there are many options that you should configure to maximize the switch’s performance for your particular network environment.
|
Table 1-1. Key Features |
|
|
Feature |
Description |
|
|
Configuration Backup |
Backup to TFTP server |
and Restore |
|
|
|
1
1 Introduction
|
Table 1-1. Key Features |
|
|
Feature |
Description |
|
|
Authentication |
Console, Telnet, web – User name / password, RADIUS, TACACS+ |
|
Web – HTTPS; Telnet – SSH |
|
SNMP v1/2c - Community strings |
|
SNMP version 3 – MD5 or SHA password |
|
Port – IEEE 802.1x |
|
|
Access Control Lists |
Supports up to 1K IP or MAC ACLs |
|
|
DHCP Client |
Supported |
|
|
DNS Server |
Supported |
|
|
Port Configuration |
Speed, duplex mode and flow control |
|
|
Rate Limiting |
Input and output rate limiting per port |
|
|
Port Mirroring |
One or more ports mirrored to single analysis port |
|
|
Port Trunking |
Supports up to 8 trunks using either static or dynamic trunking (LACP) |
|
|
Broadcast Storm |
Supported |
Control |
|
|
|
Static Address |
Up to 16K MAC addresses in the forwarding table |
|
|
IEEE 802.1D Bridge |
Supports dynamic data switching and addresses learning |
|
|
Store-and-Forward |
Supported to ensure wire-speed switching while eliminating bad frames |
Switching |
|
|
|
Spanning Tree |
Supports standard STP, Rapid Spanning Tree Protocol (RSTP), Multiple Spanning |
Protocol |
Trees (MSTP). |
|
|
Virtual LANs |
Up to 255 using IEEE 802.1Q, port-based, protocol-based, or private VLANs GVRP |
|
|
Traffic Prioritization |
Default port priority, traffic class map, queue scheduling, IP Precedence, or |
|
Differentiated Services Code Point (DSCP) and TCP/UDP Port |
|
|
STP Root Guard |
Prevents devices outside the network core from being assigned the |
|
spanning tree root. |
|
|
STP BPDU Guard |
Used as a security mechanism to protect the network from invalid configurations. |
|
|
802.1x - MAC |
MAC authentication ensures that end-user stations meet security policies criteria, |
Authentication |
and protects networks from viruses. |
|
|
DHCP Snooping |
Expands network security by providing a firewall security between untrusted |
|
interfaces and DHCP servers. |
|
|
DHCP Option 82 |
Enables to add information for the DHCP server on request. |
|
|
IP Source Address |
Restricts IP traffic on non-routed, Layer 2 interfaces by filtering traffic. This feature |
Guard |
is based on the DHCP snooping binding database and on manually configured IP |
|
source bindings. |
|
|
ARP Inspection |
Classic Address Resolution Protocol is a TCP/IP protocol that translates IP |
|
addresses into MAC addresses. |
|
|
2
|
Description of Software Features |
|
|
|
1 |
||
|
|
|
|
|
Table 1-1. Key Features |
|
|
|
|
|
|
Feature |
Description |
|
|
|
|
|
|
LLDP-MED |
Increases network flexibility by allowing different IP systems to co-exist on a single |
|
|
|
network. |
|
|
|
|
|
|
QoS |
Supports Quality of Service (QoS). |
|
|
|
|
|
|
Multicast Filtering |
Supports IGMP snooping and query. |
|
|
|
|
|
|
Power over Ethernet |
Enables PoE support. |
|
|
|
|
|
|
Multicast TV VLAN |
Supplies multicast transmissions to L2-isolated subscribers, without replicating the |
|
|
|
multicast transmissions for each subscriber VLAN. |
|
|
|
|
|
|
IP Subnet-Based |
Packets are classified according to the packet’s source IP subnet in its IP header |
|
|
VLANs |
|
|
|
|
|
|
|
MAC-Based VLANs |
Packets are classified according to MAC address |
|
|
|
|
|
|
Jumbo Frames |
Support of mini jumbo frames allows forwarding of packets up to 1632 bytes. |
|
|
|
|
|
|
QinQ |
Allows network managers to add an additional tag to previously tagged packets |
|
|
|
|
|
|
Description of Software Features
The switch provides a wide range of advanced performance enhancing features. Flow control eliminates the loss of packets due to bottlenecks caused by port saturation. Broadcast storm suppression prevents broadcast traffic storms from engulfing the network. Port-based and protocol-based VLANs, plus support for automatic GVRP VLAN registration provide traffic security and efficient use of network bandwidth. CoS priority queueing ensures the minimum delay for moving real-time multimedia data across the network. While multicast filtering provides support for real-time network applications. Some of the management features are briefly described below.
Configuration Backup and Restore – You can save the current configuration settings to a file on a TFTP server, and later download this file to restore the switch configuration settings.
Authentication – This switch authenticates management access via the console port, Telnet or web browser. User names and passwords can be configured locally or can be verified via a remote authentication server (i.e., RADIUS or TACACS+). Port-based and MAC-based authentication is also supported via the IEEE 802.1x protocol. This protocol uses the Extensible Authentication Protocol over LANs (EAPOL) to request user credentials from the 802.1x client, and then verifies the client’s right to access the network via an authentication server.
Other authentication options include HTTPS for secure management access via the web, SSH for secure management access over a Telnet-equivalent connection, SNMP version 3, IP address filtering for SNMP/web/Telnet management access, and MAC address filtering for port access.
3
1 Introduction
MAC Address Capacity Support – The device supports up to 16K MAC addresses. The device reserves specific MAC addresses for system use.
Self-Learning MAC Addresses – The device enables automatic MAC addresses learning from incoming packets.
Automatic Aging for MAC Addresses – MAC addresses from which no traffic is received for a given period are aged out. This prevents the Bridging Table from overflowing.
Static MAC Entries – User defined static MAC entries are stored in the Bridging Table, in addition to the Self Learned MAC addresses.
VLAN-Aware MAC-based Switching – Packets arriving from an unknown source address are sent to the CPU. When source addresses are added to the Hardware Table, packets addressed to this address are then forwarded straight to corresponding port.
MAC Multicast Support – Multicast service is a limited broadcast service, which allows one-to-many and many-to-many connections for information distribution. Layer 2 multicast service is where a single frame is addressed to a specific multicast address, and copies of the frame transmitted to relevant all relevant ports.
Address Resolution Protocol – IP routing generally utilizes routers and Layer 3 switches to inter-communicate using various routing protocols to discover network topology and define Routing tables. Device Next-Hop MAC addresses are automatically derived by ARP. This includes directly attached end systems. Users can override and supplement this by defining additional ARP Table entries.
QinQ tagging – QinQ tagging allows network managers to add an additional tag to previously tagged packets. Adding additional tags to the packets helps create more VLAN space. The added tag provides an VLAN ID to each customer, this ensures private and segregated network traffic.
Port Configuration – You can manually configure the speed, duplex mode, and flow control used on specific ports, or use auto-negotiation to detect the connection settings used by the attached device. Use the full-duplex mode on ports whenever possible to double the throughput of switch connections. Flow control should also be enabled to control network traffic during periods of congestion and prevent the loss of packets when port buffer thresholds are exceeded. The switch supports flow control based on the IEEE 802.3x standard.
Rate Limiting – This feature controls the maximum rate for traffic transmitted or received on an interface. Rate limiting is configured on interfaces at the edge of a network to limit traffic into or out of the network. Traffic that falls within the rate limit is transmitted, while packets that exceed the acceptable amount of traffic are dropped.
Port Mirroring – The switch can unobtrusively mirror traffic from any port to a monitor port. You can then attach a protocol analyzer or RMON probe to this port to perform traffic analysis and verify connection integrity.
Port Trunking – Ports can be combined into an aggregate connection. Trunks can be manually set up or dynamically configured using IEEE 802.3ad Link Aggregation
4
Description of Software Features 1
Control Protocol (LACP). The additional ports dramatically increase the throughput across any connection, and provide redundancy by taking over the load if a port in the trunk should fail. The switch supports up to 6 trunks.
Broadcast Storm Control – Broadcast suppression prevents broadcast traffic from overwhelming the network. When enabled on a port, the level of broadcast traffic passing through the port is restricted. If broadcast traffic rises above a pre-defined threshold, it will be throttled until the level falls back beneath the threshold.
Static Addresses – A static MAC address can be assigned to a specific interface on this switch. Static addresses are bound to the assigned interface and will not be moved. When a static address is seen on another interface, the address will be ignored and will not be written to the address table. Static addresses can be used to provide network security by restricting access for a known host to a specific port.
STP BPDU Guard – Bridge Protocol Data Units (BPDU) Guard expands network adminstrator’s ablility to enforce STP borders and maintain STP topologies realibility. BPDU is utilized when Fast Link ports is enabled and/or if the Spanning Tree Protocol is disabled on ports. If a BPDU message is sent to a port on which STP is disabled, BPDU Guard shuts down the port, and generates a SNMP message.
STP Root Guard – Spanning Tree Root Guard is used to prevent an unauthorized device from becoming the root of a spanning tree. Root guard functionality enables detection and resolution of misconfigurations, while preventing loops or loss of connectivity.
802.1x - MAC Authentication – MAC authentication like the 802.1X allows network access to a device, for example, printers and IP phones, that do not have the 802.1X supplicant capability. MAC authentication uses the MAC address of the connecting device to grant or deny network access.
To support MAC authentication, the RADIUS authentication server maintains a database of MAC addresses for devices that require access to the network. In order for the feature to be active, 802.1x must be in auto-mode.
User then can enable the MAC authentication feature in one of following modes:
•MAC Only – Where only MAC authentication is enabled
•MAC + 802.1x (In that case 802.1x takes precedence)
The feature can be enabled per port. The port must be a member of a guest VLAN prior of activating the feature.
DHCP Snooping – DHCP Snooping expands network security by providing a firewall security between untrusted interfaces and DHCP servers. By enabling DHCP Snooping network administrators can identify between trusted interfaces connected to end-users or DHCP Servers, and untrusted interface located beyond the network firewall. DHCP Snooping creates and maintains a DHCP Snooping Table which contains information received from untrusted packets. Interfaces are untrusted if the packet is received from an interface from outside the network or from a interface beyond the network firewall.
5
1 Introduction
DHCP Option 82 – DHCP server can insert information into DHCP requests. The DHCP information is used to assign IP addresses to network interfaces.
IP Source Address Guard – IP source guard stops malignant network users from using unallocated network IP addresses. IP Source Guard ensures that only packets with an IP address stored in the DHCP Database are forwarded. IP address stored in the DHCP Snooping Database are either statically configured by the network administrator or are retrieved using DHCP. IP source guard can be enabled only on DHCP snooping untrusted interface.
Dynamic ARP Inspection – ARP Inspection eliminates man-in-the-middle attacks, where false ARP packets are inserted into the subnet. ARP requests and responses are inspected, and their MAC Address to IP Address binding is checked. Packets with invalid ARP Inspection Bindings are logged and dropped. Packets are classified as:
•Trusted — Indicates that the interface IP and MAC address are recognized, and recorded in the ARP Inspec-tion List. Trusted packets are forward without ARP Inspection.
•Untrusted — Indicates that the packet arrived from an interface that does not have a recognized IP and MAC addresses. The packet is checked for:
•Source MAC — Compares the packet’s source MAC address against the sender’s MAC address in the ARP request. This check is performed on both ARP requests and responses.
•Destination MAC — Compares the packet’s destination MAC address against the destination interface’s MAC address. This check is performed for ARP responses.
•IP Addresses — Compares the ARP body for invalid and unexpected IP addresses. Addresses include 0.0.0.0, 255.255.255.255, and all IP Multicast addresses. If the packet’s IP address was not found in the ARP Inspection List, and DHCP snooping is enabled for a VLAN, a search of the DHCP Snooping Database is performed. If the IP address is found the packet is valid, and is forwarded. ARP inspection is performed only on untrusted interfaces.
LLDP - The Link Layer Discovery Protocol (LLDP) allows network managers to troubleshoot and enhance network management by discovering and maintaining network topologies over multi-vendor environments. LLDP discovers network neighbors by standardizing methods for network devices to advertise themselves to other system, and to store discovered information. Device discovery information includes:
•Device Identification
•Device Capabilities
•Device Configuration
The advertising device transmits multiple advertisement message sets in a single LAN packet. The multiple advertisement sets are sent in the packet Type Length Value (TLV) field. LLDP devices must support chassis and port ID advertisement, as well as system name, system ID, system description, and system capability
6