Allied Telesis AT-S62 User Manual

Management Software
AT-S62
Menus Interface User’s Guide
AT-8500 Series Layer 2+ Fast Ethernet Switches
613-000124 Rev. B
Copyright © 2006 Allied Telesyn, Inc.
All rights reserved. No part of this publication may be reproduced without prior written permission from Allied Telesyn, Inc.
Microsoft and Internet Explorer are registered trademarks of Microsoft Corporation. Netscape Navigator is a registered trademark of Netscape Communications Corporation. All other product names, company names, logos or other designations mentioned herein are trademarks or registered trademarks of their respective owners.
Allied Telesyn, Inc. reserves the right to make changes in specifications and other information contained in this document without prior written notice. The information provided herein is subject to change without notice. In no event shall Allied Telesyn, Inc. be liable for any incidental, special, indirect, or consequential damages whatsoever, including but not limited to lost profits, arising out of or related to this manual or the information contained herein, even if Allied Telesyn, Inc. has been advised of, known, or should have known, the possibility of such damages.

Contents

Preface ............................................................................................................................................................ 21
How This Guide is Organized........................................................................................................................... 22
Document Conventions .................................................................................................................................... 23
Where to Find Web-based Guides ................................................................................................................... 24
Contacting Allied Telesyn ................................................................................................................................. 25
Online Support ........................................................................................................................................... 25
Email and Telephone Support.................................................................................................................... 25
Returning Products .................................................................................................................................... 25
For Sales or Corporate Information............................................................................................................ 25
Management Software Updates................................................................................................................. 25
New Features History ....................................................................................................................................... 26
Version 1.4.0 .............................................................................................................................................. 26
Chapter 1: Overview ...................................................................................................................................... 29
Management Overview..................................................................................................................................... 30
Local Management Session ............................................................................................................................. 31
Telnet Management Session............................................................................................................................ 32
Web Browser Management Session ................................................................................................................ 33
SNMP Management Session ........................................................................................................................... 34
Management Access Levels............................................................................................................................. 35
Section I: Basic Operations ...................................................................................... 37
Chapter 2: Starting a Local or Telnet Management Session ..................................................................... 39
Local Management Session ............................................................................................................................. 40
Starting a Local Management Session ...................................................................................................... 41
Enhanced Stacking .................................................................................................................................... 43
Quitting a Local Session ............................................................................................................................ 43
Telnet Management Session............................................................................................................................ 44
Starting a Telnet Management Session ..................................................................................................... 44
Quitting a Telnet Management Session ..................................................................................................... 45
Saving Your Parameter Changes..................................................................................................................... 46
Ports 49R and 50R on the AT-8550GB and AT-8550SP Switches .................................................................. 47
Chapter 3: Basic Switch Parameters ........................................................................................................... 49
When Does a Switch Need an IP Address? ..................................................................................................... 50
How Do You Assign an IP Address?.......................................................................................................... 51
Configuring an IP Address and Switch Name .................................................................................................. 52
Activating the BOOTP or DHCP Client Software.............................................................................................. 55
Rebooting a Switch........................................................................................................................................... 57
Configuring the Manager and Operator Passwords ......................................................................................... 58
Changing the Manager or Operator Password .......................................................................................... 58
Resetting the Manager Password.............................................................................................................. 59
Setting the System Time .................................................................................................................................. 61
Configuring the Console Startup Mode ............................................................................................................ 65
Configuring the Console Timer......................................................................................................................... 66
3
Contents
Enabling or Disabling the Telnet Server ........................................................................................................... 67
Setting the Baud Rate of the RS-232 Terminal Port ......................................................................................... 68
Setting Fan Control ........................................................................................................................................... 69
Enabling and Disabling Fan Control ........................................................................................................... 69
Displaying Fan Control Status .................................................................................................................... 70
Pinging a Remote System ................................................................................................................................72
Returning the AT-S62 Software to the Factory Default Values......................................................................... 73
Retaining the System Files.........................................................................................................................73
Deleting the System Files........................................................................................................................... 74
Viewing System Hardware and Software Information.......................................................................................76
Chapter 4: Enhanced Stacking .....................................................................................................................79
Enhanced Stacking Overview ........................................................................................................................... 80
Guidelines...................................................................................................................................................80
Setting a Switch’s Enhanced Stacking Status .................................................................................................. 83
Selecting a Switch in an Enhanced Stack......................................................................................................... 85
Returning to the Master Switch ......................................................................................................................... 87
Chapter 5: SNMPv1 and SNMPv2c Configuration ....................................................................................... 89
SNMPv1 and SNMPv2c Overview .................................................................................................................... 90
Default SNMP Community Strings ............................................................................................................. 92
Enabling or Disabling SNMP Management....................................................................................................... 93
Setting the Authentication Failure Trap............................................................................................................. 94
Creating an SNMP Community String .............................................................................................................. 95
Modifying a Community String .......................................................................................................................... 98
Deleting a Community String ..........................................................................................................................102
Displaying the SNMP Community Strings....................................................................................................... 103
Chapter 6: Port Parameters ........................................................................................................................105
Displaying Port Status.....................................................................................................................................106
Configuring Port Parameters ..........................................................................................................................109
Setting the Rate Limit......................................................................................................................................118
Displaying Port Statistics ................................................................................................................................120
Clearing Port Counters ...................................................................................................................................122
Chapter 7: MAC Address Table ..................................................................................................................123
MAC Address Overview..................................................................................................................................124
Displaying MAC Addresses ............................................................................................................................126
Adding Static Unicast and Multicast MAC Addresses.....................................................................................130
Deleting Unicast and Multicast MAC Addresses............................................................................................. 132
Deleting All Dynamic MAC Addresses ............................................................................................................ 133
Changing the Aging Time ...............................................................................................................................134
Chapter 8: Static and LACP Port Trunks ................................................................................................... 135
Port Trunk Overview ....................................................................................................................................... 136
Static Port Trunk Overview.......................................................................................................................136
LACP Trunk Overview .............................................................................................................................. 138
Load Distribution Methods........................................................................................................................144
Managing Static Port Trunks...........................................................................................................................147
Creating a Static Port Trunk ..................................................................................................................... 147
Modifying a Static Port Trunk ................................................................................................................... 150
Deleting a Static Port Trunk...................................................................................................................... 152
Managing LACP Trunks.................................................................................................................................. 154
Enabling or Disabling LACP ..................................................................................................................... 154
Setting a LACP System Priority................................................................................................................155
Creating an Aggregator ............................................................................................................................ 156
Modifying an Aggregator .......................................................................................................................... 158
4
AT-S62 Management Software Menus Interface User’s Guide
Deleting an Aggregator ............................................................................................................................ 160
Displaying LACP Port or Aggregator Status ............................................................................................ 161
Chapter 9: Port Mirroring ............................................................................................................................ 165
Port Mirroring Overview.................................................................................................................................. 166
Creating a Port Mirror ..................................................................................................................................... 167
Disabling a Port Mirror.................................................................................................................................... 169
Section II: Advanced Operations ........................................................................... 171
Chapter 10: File System .............................................................................................................................. 173
File System Overview..................................................................................................................................... 174
File Naming Conventions ......................................................................................................................... 175
Working with Boot Configuration Files............................................................................................................ 176
Creating a Boot Configuration File ........................................................................................................... 176
Setting the Active Boot Configuration File................................................................................................ 179
Viewing a Boot Configuration File............................................................................................................ 180
Editing a Boot Configuration File.............................................................................................................. 182
Troubleshooting a Boot Configuration File............................................................................................... 182
Copying, Renaming, and Deleting System Files ............................................................................................ 183
Displaying System Files ................................................................................................................................. 185
Chapter 11: File Downloads and Uploads ................................................................................................. 187
Downloading a New AT-S62 Image File onto a Switch .................................................................................. 188
Guidelines ................................................................................................................................................ 188
Downloading an AT-S62 Image from a Local Management Session....................................................... 190
Downloading an AT-S62 Image from a Telnet Management Session ..................................................... 194
Uploading an AT-S62 Image File Switch to Switch ........................................................................................ 196
Guidelines ................................................................................................................................................ 196
Uploading an AT-S62 Configuration File Switch to Switch............................................................................. 199
Guidelines ................................................................................................................................................ 199
Downloading a System File ............................................................................................................................ 202
Guidelines ................................................................................................................................................ 202
Downloading a File from a Local Management Session .......................................................................... 203
Downloading a File from a Telnet Management Session......................................................................... 207
Uploading a System File................................................................................................................................. 209
Guidelines ................................................................................................................................................ 209
Uploading a File from a Local Management Session............................................................................... 210
Uploading a File from a Telnet Management Session ............................................................................. 213
Chapter 12: Event Log and Syslog Servers .............................................................................................. 215
Event Log and Syslog Server Overview ......................................................................................................... 216
Managing the Event Log................................................................................................................................. 217
Enabling or Disabling the Event Log ........................................................................................................ 217
Displaying the Event Log ......................................................................................................................... 218
Modifying the Event Log Full Action......................................................................................................... 222
Saving the Event Log ............................................................................................................................... 224
Clearing the Event Log............................................................................................................................. 224
Managing Syslog Server Definitions............................................................................................................... 225
Creating a Syslog Server Definition ......................................................................................................... 226
Modifying a Syslog Server Definition ....................................................................................................... 230
Deleting a Syslog Server Definition.......................................................................................................... 231
Displaying a Syslog Server Definition ...................................................................................................... 232
5
Contents
Chapter 13: Classifiers ................................................................................................................................233
Classifier Overview ......................................................................................................................................... 234
Classifier Criteria ......................................................................................................................................235
Classifier Guidelines................................................................................................................................. 240
Creating a Classifier........................................................................................................................................241
Modifying a Classifier...................................................................................................................................... 244
Deleting a Classifier ........................................................................................................................................246
Deleting All Classifiers .................................................................................................................................... 247
Displaying Classifiers ......................................................................................................................................248
Chapter 14: Access Control Lists .............................................................................................................. 251
Access Control List (ACL) Overview ............................................................................................................... 252
Parts of an ACL ........................................................................................................................................ 253
Guidelines.................................................................................................................................................253
Examples.................................................................................................................................................. 254
Creating an ACL .............................................................................................................................................259
Modifying an ACL............................................................................................................................................261
Deleting an ACL..............................................................................................................................................263
Deleting All ACLs ............................................................................................................................................265
Displaying ACLs.............................................................................................................................................. 266
Chapter 15: Quality of Service .................................................................................................................... 267
Quality of Service Overview ............................................................................................................................268
Classifiers ................................................................................................................................................. 269
Flow Groups .............................................................................................................................................270
Traffic Classes.......................................................................................................................................... 270
Policies ..................................................................................................................................................... 270
QoS Policy Guidelines.............................................................................................................................. 271
Packet Processing.................................................................................................................................... 271
Bandwidth Allocation ................................................................................................................................272
Packet Prioritization.................................................................................................................................. 272
Replacing Priorities................................................................................................................................... 273
VLAN Tag User Priorities ......................................................................................................................... 273
DSCP Values............................................................................................................................................ 273
DiffServ Domains......................................................................................................................................273
Examples.................................................................................................................................................. 276
Managing Flow Groups................................................................................................................................... 283
Creating a Flow Group ............................................................................................................................. 283
Modifying a Flow Group............................................................................................................................ 285
Deleting a Flow Group.............................................................................................................................. 287
Displaying Flow Groups............................................................................................................................ 288
Managing Traffic Classes ...............................................................................................................................290
Creating a Traffic Class ............................................................................................................................ 290
Modifying a Traffic Class ..........................................................................................................................294
Deleting a Traffic Class ............................................................................................................................ 296
Displaying Traffic Classes ........................................................................................................................297
Managing Policies...........................................................................................................................................299
Creating a Policy ......................................................................................................................................299
Modifying a Policy..................................................................................................................................... 302
Deleting a Policy....................................................................................................................................... 303
Displaying Policies.................................................................................................................................... 304
Chapter 16: Class of Service ...................................................................................................................... 307
Class of Service Overview ..............................................................................................................................308
Scheduling................................................................................................................................................ 310
Configuring CoS..............................................................................................................................................313
6
AT-S62 Management Software Menus Interface User’s Guide
Mapping CoS Priorities to Egress Queues ..................................................................................................... 316
Configuring Egress Scheduling ...................................................................................................................... 318
Displaying Port CoS Priorities ........................................................................................................................ 320
Chapter 17: IGMP Snooping ....................................................................................................................... 323
IGMP Snooping Overview .............................................................................................................................. 324
Configuring IGMP Snooping........................................................................................................................... 326
Displaying a List of Host Nodes...................................................................................................................... 329
Displaying a List of Multicast Routers............................................................................................................. 331
Chapter 18: Denial of Service Defenses .................................................................................................... 333
Denial of Service Defense Overview .............................................................................................................. 334
SYN Flood Attack..................................................................................................................................... 334
SMURF Attack ......................................................................................................................................... 335
Land Attack .............................................................................................................................................. 335
Teardrop Attack........................................................................................................................................ 337
Ping of Death Attack ................................................................................................................................ 337
IP Options Attack ..................................................................................................................................... 338
Mirroring Traffic ........................................................................................................................................ 338
Denial of Service Defense Guidelines...................................................................................................... 339
Enabling or Disabling Denial of Service Prevention ....................................................................................... 340
Chapter 19: Power Over Ethernet .............................................................................................................. 343
Power Over Ethernet Overview ...................................................................................................................... 344
PoE Implementation on the AT-8524POE Switch.................................................................................... 345
Power Budgeting...................................................................................................................................... 345
Port Prioritization...................................................................................................................................... 346
PoE Device Classes................................................................................................................................. 347
Setting the PoE Threshold.............................................................................................................................. 348
Configuring PoE Port Settings........................................................................................................................ 350
Displaying PoE Status and Settings ............................................................................................................... 352
Chapter 20: Networking Stack .................................................................................................................... 359
Managing the Address Resolution Protocol Table ......................................................................................... 360
Displaying the ARP Table ........................................................................................................................ 361
Deleting an ARP Entry ............................................................................................................................. 363
Deleting All ARP Entries .......................................................................................................................... 363
Configuring the ARP Table Timeout Value .............................................................................................. 364
Displaying the Routing Table.......................................................................................................................... 365
Displaying the TCP Connections Table.......................................................................................................... 367
Deleting a TCP Connection ............................................................................................................................ 370
Displaying the TCP Global Information Table ................................................................................................ 371
Section III: SNMPv3 Operations ........................................................................... 373
Chapter 21: SNMPv3 ................................................................................................................................... 375
SNMPv3 Overview ......................................................................................................................................... 376
SNMPv3 Authentication Protocols ........................................................................................................... 377
SNMPv3 Privacy Protocol ........................................................................................................................ 377
SNMPv3 MIB Views ................................................................................................................................. 378
SNMPv3 Storage Types........................................................................................................................... 379
SNMPv3 Message Notification................................................................................................................. 379
SNMPv3 Tables ....................................................................................................................................... 380
SNMPv3 Configuration Example.............................................................................................................. 384
Configuring the SNMPv3 Protocol.................................................................................................................. 385
Configuring the SNMPv3 User Table ............................................................................................................. 386
7
Contents
Creating an SNMPv3 User Table Entry....................................................................................................386
Deleting an SNMPv3 User Table Entry .................................................................................................... 390
Modifying an SNMPv3 User Table Entry .................................................................................................. 391
Configuring the SNMPv3 View Table.............................................................................................................. 396
Creating an SNMPv3 View Table Entry....................................................................................................396
Deleting an SNMPv3 View Table Entry .................................................................................................... 399
Modifying an SNMPv3 View Table Entry.................................................................................................. 400
Configuring the SNMPv3 Access Table .......................................................................................................... 405
Creating an SNMPv3 Access Table Entry................................................................................................ 405
Deleting an SNMPv3 Access Table Entry ................................................................................................ 409
Modifying an SNMPv3 Access Table Entry .............................................................................................. 411
Configuring the SNMPv3 SecurityToGroup Table .......................................................................................... 421
Creating an SNMPv3 SecurityToGroup Table Entry ................................................................................421
Deleting an SNMPv3 SecurityToGroup Table Entry................................................................................. 424
Modifying an SNMPv3 SecurityToGroup Table Entry .............................................................................. 425
Configuring the SNMPv3 Notify Table ............................................................................................................429
Creating an SNMPv3 Notify Table Entry .................................................................................................. 429
Deleting an SNMPv3 Notify Table Entry...................................................................................................431
Modifying an SNMPv3 Notify Table Entry ................................................................................................432
Configuring the SNMPv3 Target Address Table ............................................................................................. 436
Creating an SNMPv3 Target Address Table Entry...................................................................................437
Deleting an SNMPv3 Target Address Table Entry ...................................................................................439
Modifying an SNMPv3 Target Address Table Entry .................................................................................440
Configuring the SNMPv3 Target Parameters Table........................................................................................ 449
Creating an SNMPv3 Target Parameters Table Entry ............................................................................. 450
Deleting an SNMPv3 Target Parameters Table Entry ..............................................................................453
Modifying an SNMPv3 Target Parameters Table Entry............................................................................ 454
Configuring the SNMPv3 Community Table ................................................................................................... 462
Creating an SNMPv3 Community Table Entry .........................................................................................463
Deleting an SNMPv3 Community Table Entry.......................................................................................... 466
Modifying an SNMPv3 Community Table Entry .......................................................................................467
Displaying SNMPv3 Table Menus .................................................................................................................. 472
Displaying the Display SNMPv3 User Table Menu .................................................................................. 472
Displaying the Display SNMPv3 View Table Menu ..................................................................................474
Displaying the Display SNMPv3 Access Table Menu .............................................................................. 475
Displaying the Display SNMPv3 SecurityToGroup Table Menu...............................................................476
Displaying the Display SNMPv3 Notify Table Menu................................................................................
Displaying the Display SNMPv3 Target Address Table Menu ................................................................. 478
Displaying the Display SNMPv3 Target Parameters Table Menu ............................................................479
Displaying the Display SNMPv3 Community Table Menu........................................................................480
.477
Section IV: Spanning Tree Protocols ..................................................................... 481
Chapter 22: Spanning Tree and Rapid Spanning Tree Protocols ........................................................... 483
STP and RSTP Overview ...............................................................................................................................484
Bridge Priority and the Root Bridge .......................................................................................................... 485
Mixed STP and RSTP Network ................................................................................................................ 491
Spanning Tree and VLANs.......................................................................................................................491
Enabling or Disabling a Spanning Tree Protocol ............................................................................................493
Configuring STP..............................................................................................................................................495
Configuring STP Bridge Settings.............................................................................................................. 495
Configuring STP Port Settings..................................................................................................................497
Displaying STP Port Settings ...................................................................................................................499
Configuring RSTP ........................................................................................................................................... 501
Configuring RSTP Bridge Settings ........................................................................................................... 501
8
AT-S62 Management Software Menus Interface User’s Guide
Configuring RSTP Port Settings............................................................................................................... 503
Displaying Port RSTP Status ................................................................................................................... 505
Chapter 23: Multiple Spanning Tree Protocol ........................................................................................... 507
MSTP Overview.............................................................................................................................................. 508
Multiple Spanning Tree Instance (MSTI).................................................................................................. 509
VLAN and MSTI Associations .................................................................................................................. 512
Ports in Multiple MSTIs ............................................................................................................................ 512
Multiple Spanning Tree Regions.............................................................................................................. 513
MSTP with STP and RSTP ...................................................................................................................... 517
Summary of Guidelines............................................................................................................................ 517
Selecting MSTP as the Active Spanning Tree Protocol ................................................................................. 522
Configuring MSTP Bridge Settings................................................................................................................. 523
Configuring the CIST Priority.......................................................................................................................... 526
Creating, Deleting, and Modifying MSTIs ....................................................................................................... 528
Creating an MSTI..................................................................................................................................... 529
Deleting an MSTI .................................................................................................................................... 530
Modifying an MSTI ................................................................................................................................... 530
Associating VLANs to MSTI IDs ..................................................................................................................... 532
Adding VLAN Associations to an MSTI.................................................................................................... 533
Removing VLAN Associations from an MSTI........................................................................................... 534
Replacing VLAN Associations to an MSTI .............................................................................................. 534
Removing All VLAN Associations from an MSTI...................................................................................... 535
Configuring MSTP Port Settings..................................................................................................................... 536
Configuring Generic MSTP Port Settings................................................................................................. 536
Configuring MSTI-specific Port Parameters............................................................................................. 538
Displaying MSTP Port Settings and Status .................................................................................................... 541
Section V: Virtual LANs ......................................................................................... 543
Chapter 24: Port-based and Tagged Virtual LANs ................................................................................... 545
VLAN Overview .............................................................................................................................................. 546
Port-based VLAN Overview............................................................................................................................ 548
General Rules for Creating a Port-based VLAN ...................................................................................... 550
Drawbacks of Port-based VLANs............................................................................................................. 550
Port-based Example 1.............................................................................................................................. 551
Port-based Example 2.............................................................................................................................. 553
Tagged VLAN Overview ................................................................................................................................. 555
General Rules for Creating a Tagged VLAN............................................................................................ 556
Tagged VLAN Example............................................................................................................................ 557
Creating a Port-based or Tagged VLAN......................................................................................................... 559
Example of Creating a Port-based VLAN ....................................................................................................... 563
Example of Creating a Tagged VLAN ............................................................................................................ 564
Modifying a VLAN........................................................................................................................................... 565
Displaying VLANs........................................................................................................................................... 569
Deleting a VLAN ............................................................................................................................................. 571
Deleting All VLANs ......................................................................................................................................... 574
Displaying PVIDs............................................................................................................................................ 576
Enabling or Disabling Ingress Filtering ........................................................................................................... 577
Specifying a Management VLAN.................................................................................................................... 579
Chapter 25: GARP VLAN Registration Protocol ....................................................................................... 581
Basic Overview of GARP VLAN Registration Protocol (GVRP) ..................................................................... 582
Guidelines ................................................................................................................................................ 584
GVRP and Network Security.................................................................................................................... 585
GVRP-inactive Intermediate Switches ..................................................................................................... 586
9
Contents
Technical Overview of Generic Attribute Registration Protocol (GARP).........................................................587
Configuring GVRP .......................................................................................................................................... 591
Enabling or Disabling GVRP on a Port ........................................................................................................... 593
Converting a Dynamic GVRP VLAN ...............................................................................................................596
Displaying GVRP Parameters and Statistics ..................................................................................................597
GVRP Counters........................................................................................................................................ 598
GVRP Database ....................................................................................................................................... 602
GIP Connected Ports Ring ....................................................................................................................... 603
GVRP State Machine ...............................................................................................................................604
Chapter 26: Multiple VLAN Modes ..............................................................................................................607
Multiple VLAN Mode Overview .......................................................................................................................608
802.1Q- Compliant Multiple VLAN mode..................................................................................................608
Non-802.1Q Compliant Multiple VLAN Mode ........................................................................................... 611
Selecting a VLAN Mode.................................................................................................................................. 612
Displaying VLAN Information .......................................................................................................................... 613
Chapter 27: Protected Ports VLANs ........................................................................................................... 615
Protected Ports VLAN Overview ..................................................................................................................... 616
Protected Ports VLAN Guidelines ............................................................................................................ 617
Creating a Protected Ports VLAN ................................................................................................................... 619
Modifying a Protected Ports VLAN ................................................................................................................. 622
Displaying a Protected Port VLAN ..................................................................................................................626
Deleting a Protected Ports VLAN.................................................................................................................... 628
Section VI: Port Security ........................................................................................631
Chapter 28: MAC Address-based Port Security ........................................................................................ 633
MAC Address-based Port Security Overview ................................................................................................. 634
Automatic..................................................................................................................................................634
Limited ...................................................................................................................................................... 634
Secured .................................................................................................................................................... 635
Locked ...................................................................................................................................................... 635
Invalid Frames and Intrusion Actions .......................................................................................................635
Guidelines.................................................................................................................................................636
Configuring MAC Address-based Port Security ..............................................................................................637
Displaying Port Security Levels ......................................................................................................................641
Chapter 29: 802.1x Port-based Network Access Control ......................................................................... 643
IEEE 802.1x Port-based Network Access Control Overview ..........................................................................644
Authentication Process.............................................................................................................................645
Port Roles................................................................................................................................................. 646
None Role.................................................................................................................................................646
Authenticator Role .................................................................................................................................... 646
Supplicant Role ........................................................................................................................................648
Authenticator Ports with Single and Multiple Supplicants.........................................................................649
Supplicant and VLAN Associations .......................................................................................................... 655
Guest VLAN..............................................................................................................................................657
RADIUS Accounting .................................................................................................................................658
General Steps........................................................................................................................................... 659
802.1x Port-based Network Access Control Guidelines ...........................................................................660
Setting Port Roles ........................................................................................................................................... 662
Enabling and Disabling 802.1x Port-based Network Access Control.............................................................. 664
Configuring Authenticator Port Parameters .................................................................................................... 665
Configuring Supplicant Port Parameters......................................................................................................... 671
Displaying the Port Access Parameters.......................................................................................................... 674
Configuring RADIUS Accounting ....................................................................................................................676
10
AT-S62 Management Software Menus Interface User’s Guide
Section VII: Management Security ....................................................................... 679
Chapter 30: Web Server .............................................................................................................................. 681
Web Server Overview..................................................................................................................................... 682
Supported Protocols................................................................................................................................. 682
Configuring the Web Server ........................................................................................................................... 683
General Steps to Configuring the Web Server for Encryption ........................................................................ 685
General Steps for a Self-signed Certificate.............................................................................................. 685
General Steps for a Public or Private CA Certificate................................................................................ 685
Chapter 31: Encryption Keys ..................................................................................................................... 687
Basic Overview............................................................................................................................................... 688
Encryption Key Length ............................................................................................................................. 689
Encryption Key Guidelines ....................................................................................................................... 689
Technical Overview ........................................................................................................................................ 690
Data Encryption........................................................................................................................................ 690
Data Authentication.................................................................................................................................. 692
Key Exchange Algorithms ........................................................................................................................ 693
Creating an Encryption Key............................................................................................................................ 695
Deleting an Encryption Key ............................................................................................................................ 699
Modifying an Encryption Key .......................................................................................................................... 700
Exporting an Encryption Key .......................................................................................................................... 701
Importing an Encryption Key .......................................................................................................................... 703
Chapter 32: PKI Certificates and SSL ........................................................................................................ 705
Basic Overview............................................................................................................................................... 706
Types of Certificates ................................................................................................................................ 706
Distinguished Names ............................................................................................................................... 707
SSL and Enhanced Stacking ................................................................................................................... 709
Guidelines ................................................................................................................................................ 710
Technical Overview ........................................................................................................................................ 711
SSL Encryption ........................................................................................................................................ 711
User Verification....................................................................................................................................... 712
Authentication .......................................................................................................................................... 712
Public Key Infrastructure .......................................................................................................................... 713
Public Keys .............................................................................................................................................. 713
Message Encryption................................................................................................................................. 713
Digital Signatures..................................................................................................................................... 713
Certificates ............................................................................................................................................... 714
Elements of a Public Key Infrastructure................................................................................................... 715
Certificate Validation ................................................................................................................................ 715
Certificate Revocation Lists (CRLs) ......................................................................................................... 716
PKI Implementation.................................................................................................................................. 716
Creating a Self-signed Certificate................................................................................................................... 718
Adding a Certificate to the Database.............................................................................................................. 722
Modifying a Certificate .................................................................................................................................... 725
Deleting a Certificate ...................................................................................................................................... 727
Viewing a Certificate....................................................................................................................................... 728
Generating an Enrollment Request ................................................................................................................ 730
Installing CA Certificates onto a Switch.......................................................................................
Configuring PKI .............................................................................................................................................. 734
Configuring SSL ............................................................................................................................................. 735
................... 733
11
Contents
Chapter 33: Secure Shell (SSH) Protocol .................................................................................................. 737
SSH Overview................................................................................................................................................. 738
Support for SSH ....................................................................................................................................... 738
SSH Server............................................................................................................................................... 739
SSH Clients .............................................................................................................................................. 739
SSH and Enhanced Stacking ................................................................................................................... 740
Guidelines.................................................................................................................................................741
General Steps to Configuring SSH...........................................................................................................741
Configuring the SSH Server............................................................................................................................742
Displaying SSH Information ............................................................................................................................ 744
Chapter 34: TACACS+ and RADIUS Authentication Protocols ............................................................... 747
TACACS+ and RADIUS Overview..................................................................................................................748
Guidelines.................................................................................................................................................749
Configuring TACACS+ Authentication Protocol Settings ................................................................................752
Configuring RADIUS Authentication Protocol Settings ...................................................................................755
Displaying RADIUS Status and Settings.........................................................................................................758
Chapter 35: Management Access Control List .......................................................................................... 759
Management ACL Security Overview .............................................................................................................760
Parts of a Management ACE....................................................................................................................760
Management ACL Guidelines................................................................................................................... 761
Examples.................................................................................................................................................. 762
Enabling or Disabling the Management ACL .................................................................................................. 764
Creating an ACE ............................................................................................................................................. 766
Modifying an ACE ........................................................................................................................................... 768
Deleting an ACE ............................................................................................................................................. 770
Displaying the ACEs ....................................................................................................................................... 771
Appendix A: AT-S62 Default Settings ........................................................................................................ 773
Basic Switch Default Settings .........................................................................................................................774
Boot Configuration File Default Setting ....................................................................................................774
Management Access Default Settings......................................................................................................774
Management Interface Default Settings ...................................................................................................774
RS-232 Port Default Settings ...................................................................................................................775
SNTP Default Settings.............................................................................................................................. 775
Switch Administration Default Settings.....................................................................................................775
System Software Default Settings ............................................................................................................ 776
AT-8524POE Fan Control Default Setting................................................................................................ 776
Denial of Service Defense Default Settings ....................................................................................................777
Enhanced Stacking Default Setting ................................................................................................................778
Event Log Default Settings .............................................................................................................................779
GVRP Default Settings ...................................................................................................................................780
IGMP Snooping Default Settings ....................................................................................................................781
MAC Address-based Security Default Settings .............................................................................................. 782
Management Access Control List Default Setting........................................................................................... 783
PKI Default Settings........................................................................................................................................784
Port Configuration Default Settings................................................................................................................. 785
802.1x Port-Based Network Access Control Default Settings......................................................................
...786
Power Over Ethernet ......................................................................................................................................788
Class of Service ..............................................................................................................................................789
Server-Based Authentication Default Settings ................................................................................................790
Server-Based Authentication Default Settings .........................................................................................790
RADIUS Default Settings.......................................................................................................................... 790
TACACS+ Client Default Settings ............................................................................................................790
SNMP Default Settings ................................................................................................................................... 791
12
AT-S62 Management Software Menus Interface User’s Guide
STP, RSTP, and MSTP Default Settings........................................................................................................ 792
Spanning Tree Switch Settings ................................................................................................................ 792
STP Default Settings................................................................................................................................ 792
RSTP Default Settings ............................................................................................................................. 792
MSTP Default Settings............................................................................................................................. 793
SSH Default Settings...................................................................................................................................... 794
SSL Default Settings ...................................................................................................................................... 795
VLAN Default Settings.................................................................................................................................... 796
Web Server Default Settings .......................................................................................................................... 797
Appendix B: SNMPv3 Configuration Examples ........................................................................................ 799
SNMPv3 Configuration Examples .................................................................................................................. 800
SNMPv3 Manager Configuration ............................................................................................................. 800
SNMPv3 Operator Configuration ............................................................................................................. 801
SNMPv3 Worksheet................................................................................................................................. 802
Appendix C: Standards and Features ....................................................................................................... 805
10/100Base-TX Twisted Pair Ports ................................................................................................................ 805
Fiber Optic Ports (AT-8516F/SC Switch)........................................................................................................ 805
Traffic Control ................................................................................................................................................. 805
Spanning Tree Protocols ................................................................................................................................ 806
Port Trunks ..................................................................................................................................................... 806
Virtual LANs.................................................................................................................................................... 806
IP Multicast ..................................................................................................................................................... 807
Port Security ................................................................................................................................................... 807
Management Access and Security ................................................................................................................. 807
Management MIBs ......................................................................................................................................... 808
System Monitoring.......................................................................................................................................... 808
Additional Features......................................................................................................................................... 808
Denial of Service Defenses ............................................................................................................................ 809
Management Access Methods ....................................................................................................................... 809
Management Interfaces.................................................................................................................................. 809
Index ............................................................................................................................................................. 811
13
Contents
14

Figures

Chapter 2: Starting a Local or Telnet Management Session..................................................................... 39
Figure 1: Connecting a Terminal or PC to the RS232 Terminal Port....................................................................................41
Figure 2: Command Prompt .................................................................................................................................................42
Figure 3: Main Menu.............................................................................................................................................................42
Chapter 3: Basic Switch Parameters ........................................................................................................... 49
Figure 4: System Administration Menu.................................................................................................................................52
Figure 5: System Configuration Menu ..................................................................................................................................53
Figure 6: System Utilities Menu............................................................................................................................................57
Figure 7: Passwords Configuration Menu.............................................................................................................................58
Figure 8: Configure System Time Menu...............................................................................................................................62
Figure 9: Console (Serial/Telnet) Configuration Menu .........................................................................................................65
Figure 10: Fan Control Configuration Menu .........................................................................................................................70
Figure 11: Show Fan Control Status.....................................................................................................................................71
Figure 12: System Information Menu....................................................................................................................................76
Figure 13: System Hardware Information Menu...................................................................................................................77
Chapter 4: Enhanced Stacking..................................................................................................................... 79
Figure 14: Enhanced Stacking Example...............................................................................................................................82
Figure 15: Enhanced Stacking Menu ...................................................................................................................................84
Figure 16: Stacking Services Menu......................................................................................................................................85
Chapter 5: SNMPv1 and SNMPv2c Configuration ...................................................................................... 89
Figure 17: SNMP Configuration Menu..................................................................................................................................93
Figure 18: SNMPv1 & SNMPv2c Community Menu.............................................................................................................95
Figure 19: Modify SNMP Community Menu .........................................................................................................................98
Figure 20: Display SNMP Community Menu ......................................................................................................................103
Chapter 6: Port Parameters ........................................................................................................................ 105
Figure 21: Port Configuration Menu....................................................................................................................................106
Figure 22: Port Status Menu...............................................................................................................................................106
Figure 23: Port Configuration (Port) Menu..........................................................................................................................109
Figure 24: Head of Line Blocking .......................................................................................................................................113
Figure 25: Flow Control Menu ............................................................................................................................................114
Figure 26: Back Pressure Menu .........................................................................................................................................115
Figure 27: Rate Limiting Menu............................................................................................................................................119
Figure 28: Port Statistics Menu...........................................................................................................................................120
Chapter 7: MAC Address Table.................................................................................................................. 123
Figure 29: MAC Address Tables Menu...............................................................................................................................126
Figure 30: Display Unicast MAC Addresses Menu.............................................................................................................126
Figure 31: Display All Menu - Unicast MAC Addresses......................................................................................................127
Figure 32: Display All Menu - Multicast MAC Addresses ...................................................................................................128
Figure 33: Configure MAC Addresses Menu......................................................................................................................130
Chapter 8: Static and LACP Port Trunks................................................................................................... 135
Figure 34: Static Port Trunk Example.................................................................................................................................136
Figure 35: Example of Multiple Aggregators for Multiple Aggregate Trunks ......................................................................139
Figure 36: Example of an Aggregator with Multiple Trunks................................................................................................140
15
Figures
Figure 37: Port Trunking and LACP Menu..........................................................................................................................148
Figure 38: Static Port Trunking Menu .................................................................................................................................148
Figure 39: Create Trunk Menu............................................................................................................................................149
Figure 40: Modify Trunk Menu............................................................................................................................................151
Figure 41: LACP (IEEE 8023ad) Configuration Menu ........................................................................................................155
Figure 42: Create LACP (IEEE 8023ad) Aggregator Menu ................................................................................................157
Figure 43: Modify LACP (IEEE 8023ad) Aggregator Menu ................................................................................................159
Figure 44: LACP (IEEE 802.3ad Port Status Menu ............................................................................................................162
Figure 45: LACP (IEEE 802.3ad) Aggregator Status Menu................................................................................................162
Chapter 9: Port Mirroring ............................................................................................................................ 165
Figure 46: Port Mirroring Menu #1......................................................................................................................................167
Figure 47: Port Mirroring Menu #2......................................................................................................................................167
Chapter 10: File System .............................................................................................................................. 173
Figure 48: File Operations Menu ........................................................................................................................................177
Figure 49: View File Menu ..................................................................................................................................................181
Figure 50: List Files Menu...................................................................................................................................................186
Chapter 11: File Downloads and Uploads ................................................................................................. 187
Figure 51: Downloads and Uploads Menu..........................................................................................................................190
Figure 52: Local Management Window ..............................................................................................................................192
Figure 53: Send File Window..............................................................................................................................................192
Figure 54: XModem File Send Window ..............................................................................................................................193
Figure 55: Local Management Window ..............................................................................................................................205
Figure 56: Send File Window..............................................................................................................................................206
Figure 57: XModem File Send Window ..............................................................................................................................206
Figure 58: Local Management Window ..............................................................................................................................212
Figure 59: Receive File Window .........................................................................................................................................212
Chapter 12: Event Log and Syslog Servers............................................................................................... 215
Figure 60: Event Log Menu ................................................................................................................................................218
Figure 61: Event Log Example............................................................................................................................................221
Figure 62: Configure Log Outputs Menu.............................................................................................................................223
Figure 63: Syslog Server Configuration Menu ....................................................................................................................226
Figure 64: Configure Log Outputs Menu with a Syslog Server Definition...........................................................................230
Chapter 13: Classifiers ................................................................................................................................ 233
Figure 65: User Priority and VLAN Fields within an Ethernet Frame..................................................................................236
Figure 66: ToS field in an IP Header...................................................................................................................................237
Figure 67: Classifier Configuration Menu............................................................................................................................241
Figure 68: Create Classifier Menu (Page 1) .......................................................................................................................242
Figure 69: Create Classifier Menu (Page 2) .......................................................................................................................242
Figure 70: Show Classifiers Menu ......................................................................................................................................248
Chapter 14: Access Control Lists .............................................................................................................. 251
Figure 71: ACL Example 1..................................................................................................................................................254
Figure 72: ACL Example 2..................................................................................................................................................255
Figure 73: ACL Example 3..................................................................................................................................................256
Figure 74: ACL Example 4..................................................................................................................................................257
Figure 75: ACL Example 5..................................................................................................................................................257
Figure 76: ACL Example 6..................................................................................................................................................258
Figure 77: Access Control Lists (ACL) Menu......................................................................................................................259
Figure 78: Create ACL Menu..............................................................................................................................................259
Figure 79: Modify ACL Menu ..............................................................................................................................................261
Figure 80: Destroy ACL Menu ............................................................................................................................................263
Figure 81: Show Classifiers Menu ......................................................................................................................................266
16
AT-S62 Management Software Menus Interface User’s Guide
Chapter 15: Quality of Service ................................................................................................................... 267
Figure 82: DiffServ Domain Example .................................................................................................................................274
Figure 83: QoS Voice Application Example........................................................................................................................276
Figure 84: QoS Video Application Example........................................................................................................................278
Figure 85: QoS Critical Database Example ........................................................................................................................280
Figure 86: Policy Component Hierarchy Example ..............................................................................................................282
Figure 87: Quality of Service (QoS) menu..........................................................................................................................283
Figure 88: Flow Group Configuration Menu........................................................................................................................283
Figure 89: Create Flow Group Menu ..................................................................................................................................284
Figure 90: Modify Flow Group Menu ..................................................................................................................................286
Figure 91: Destroy Flow Group Menu.................................................................................................................................287
Figure 92: Show Flow Groups Menu ..................................................................................................................................288
Figure 93: Display Flow Group Detail Menu.......................................................................................................................289
Figure 94: Traffic Class Configuration Menu ......................................................................................................................290
Figure 95: Create Traffic Class Menu.................................................................................................................................291
Figure 96: Modify Traffic Class Menu.................................................................................................................................295
Figure 97: Destroy Traffic Class Menu ...............................................................................................................................296
Figure 98: Show Traffic Classes Menu...............................................................................................................................297
Figure 99: Policy Configuration Menu.................................................................................................................................299
Figure 100: Create Policy Menu .........................................................................................................................................300
Figure 101: Modify Policy Menu .........................................................................................................................................302
Figure 102: Show Policies Menu ........................................................................................................................................304
Chapter 16: Class of Service ...................................................................................................................... 307
Figure 103: Security and Services Menu............................................................................................................................313
Figure 104: Class of Service (CoS) Menu ..........................................................................................................................314
Figure 105: Configure Port COS Priorities Menu................................................................................................................314
Figure 106: Map CoS Priority to Egress Queue Menu .......................................................................................................316
Figure 107: Configure Egress Scheduling Menu................................................................................................................318
Figure 108: Show Port CoS Priorities Menu.......................................................................................................................320
Chapter 17: IGMP Snooping ....................................................................................................................... 323
Figure 109: Advanced Configuration Menu ........................................................................................................................326
Figure 110: IGMP Snooping Configuration Menu...............................................................................................................326
Figure 111: View Multicast Hosts List Menu.......................................................................................................................329
Figure 112: View Multicast Routers List Menu ...................................................................................................................331
Chapter 18: Denial of Service Defenses.................................................................................................... 333
Figure 113: Denial of Service (DoS) Menu.........................................................................................................................340
Figure 114: LAN IP Subnet Menu.......................................................................................................................................341
Figure 115: SYN Flood Configuration Menu.......................................................................................................................342
Chapter 19: Power Over Ethernet .............................................................................................................. 343
Figure 116: Power Over Ethernet Configuration Menu.......................................................................................................348
Figure 117: PoE Global Configuration Menu......................................................................................................................348
Figure 118: PoE Port Configuration Menu..........................................................................................................................350
Figure 119: PoE Status Menu ............................................................................................................................................352
Figure 120: PoE Global Status Menu .................................................................................................................................353
Figure 121: PoE Summary Ports Status Menu...................................................................................................................354
Figure 122: PoE Summary Ports Status Menu...................................................................................................................355
Figure 123: PoE Device Information...................................................................................................................................357
Chapter 20: Networking Stack.................................................................................................................... 359
Figure 124: Networking Stack Menu...................................................................................................................................361
Figure 125: Display ARP Table Menu ................................................................................................................................362
Figure 126: Display Route Table ........................................................................................................................................365
Figure 127: Display TCP Connections Table......................................................................................................................367
Figure 128: IP Address and TCP Port Number ..................................................................................................................368
Figure 129: Display TCP Global Information Table ............................................................................................................371
17
Figures
Chapter 21: SNMPv3.................................................................................................................................... 375
Figure 130: MIB Tree..........................................................................................................................................................378
Figure 131: SNMPv3 User Configuration Process..............................................................................................................380
Figure 132: SNMPv3 Message Notification Process ..........................................................................................................381
Figure 133: Configure SNMPv3 Table Menu......................................................................................................................387
Figure 134: Configure SNMPv3 User Table Menu .............................................................................................................387
Figure 135: Modify SNMPv3 User Table Menu ..................................................................................................................391
Figure 136: Configure SNMPv3 View Table Menu .............................................................................................................397
Figure 137: Modify SNMPv3 View Table Menu ..................................................................................................................400
Figure 138: Configure SNMPv3 Access Table Menu .........................................................................................................406
Figure 139: Modify SNMPv3 Access Table Menu ..............................................................................................................412
Figure 140: Configure SNMPv3 SecurityToGroup Table Menu..........................................................................................422
Figure 141: Modify SNMPv3 SecurityToGroup Table Menu...............................................................................................426
Figure 142: Configure SNMPv3 Notify Table Menu............................................................................................................430
Figure 143: Modify SNMPv3 Notify Table Menu.................................................................................................................433
Figure 144: Configure SNMPv3 Target Address Table Menu ............................................................................................437
Figure 145: Modify SNMPv3 Target Address Table Menu .................................................................................................441
Figure 146: Configure SNMPv3 Target Parameters Table Menu .......................................................................................450
Figure 147: Modify SNMPv3 Target Parameters Table Menu ............................................................................................455
Figure 148: Configure SNMPv3 Community Table Menu...................................................................................................464
Figure 149: Modify SNMPv3 Community Table Menu........................................................................................................468
Figure 150: Display SNMPv3 Table Menu..........................................................................................................................473
Figure 151: Display SNMPv3 User Table Menu.................................................................................................................473
Figure 152: Display SNMPv3 View Table Menu.................................................................................................................474
Figure 153: Display SNMPv3 Access Table Menu .............................................................................................................475
Figure 154: Display SNMPv3 SecurityToGroup Table Menu..............................................................................................476
Figure 155: Display SNMPv3 Notify Table Menu................................................................................................................477
Figure 156: Display SNMPv3 Target Address Table Menu ................................................................................................478
Figure 157: Display SNMPv3 Target Parameters Table Menu...........................................................................................479
Figure 158: Display SNMPv3 Community Table Menu.......................................................................................................480
Chapter 22: Spanning Tree and Rapid Spanning Tree Protocols ........................................................... 483
Figure 159: Point-to-Point Ports..........................................................................................................................................490
Figure 160: Edge Port.........................................................................................................................................................490
Figure 161: Point-to-Point and Edge Port ...........................................................................................................................491
Figure 162: VLAN Fragmentation .......................................................................................................................................492
Figure 163: Spanning Tree Configuration Menu.................................................................................................................493
Figure 164: STP Menu........................................................................................................................................................495
Figure 165: STP Port Parameters Menu.............................................................................................................................498
Figure 166: Configure STP Port Settings Menu..................................................................................................................498
Figure 167: Display STP Port Configuration Menu.............................................................................................................500
Figure 168: RSTP Menu .....................................................................................................................................................501
Figure 169: RSTP Port Parameters Menu..........................................................................................................................504
Figure 170: Configure RSTP Port Settings Menu...............................................................................................................504
Chapter 23: Multiple Spanning Tree Protocol ........................................................................................... 507
Figure 171: VLAN Fragmentation with STP or RSTP .........................................................................................................509
Figure 172: MSTP Example of Two Spanning Tree Instances ..........................................................................................510
Figure 173: Multiple VLANs in a MSTI ...............................................................................................................................511
Figure 174: Multiple Spanning Tree Region .......................................................................................................................514
Figure 175: CIST and VLAN Guideline - Example 1...........................................................................................................518
Figure 176: CIST and VLAN Guideline - Example 2...........................................................................................................519
Figure 177: Spanning Regions - Example 1 .......................................................................................................................520
Figure 178: MSTP Menu.....................................................................................................................................................523
Figure 179: CIST Configuration Menu ................................................................................................................................526
Figure 180: MSTI Configuration Menu................................................................................................................................528
Figure 181: VLAN-MSTI Association Menu ........................................................................................................................533
Figure 182: MSTP Port Parameters Menu..........................................................................................................................536
Figure 183: Configure MSTP Port Settings Menu...............................................................................................................537
Figure 184: Configure Per Spanning Tree Port Settings Menu ..........................................................................................539
18
AT-S62 Management Software Menus Interface User’s Guide
Chapter 24: Port-based and Tagged Virtual LANs ................................................................................... 545
Figure 185: Port-based VLAN - Example 1 ........................................................................................................................551
Figure 186: Port-based VLAN - Example 2 ........................................................................................................................553
Figure 187: Example of a Tagged VLAN............................................................................................................................557
Figure 188: VLAN Configuration Menu...............................................................................................................................559
Figure 189: Configure VLANs Menu...................................................................................................................................560
Figure 190: Create VLAN Menu .........................................................................................................................................560
Figure 191: Modify VLAN Menu..........................................................................................................................................565
Figure 192: Expanded Modify VLAN Menu ........................................................................................................................566
Figure 193: Show VLANs Menu .........................................................................................................................................569
Figure 194: Delete VLAN Menu..........................................................................................................................................571
Figure 195: Expanded Delete VLAN Menu.........................................................................................................................572
Figure 196: Show PVIDs & Priorities Menu........................................................................................................................576
Chapter 25: GARP VLAN Registration Protocol ....................................................................................... 581
Figure 197: GVRP Example ..............................................................................................................................................583
Figure 198: GARP Architecture .........................................................................................................................................588
Figure 199: GID Architecture .............................................................................................................................................589
Figure 200: GARP-GVRP Menu.........................................................................................................................................591
Figure 201: GVRP Port Parameters Menu .........................................................................................................................593
Figure 202: Configure GVRP Port Settings Menu ..............................................................................................................594
Figure 203: Display GVRP Port Configuration Menu..........................................................................................................594
Figure 204: Other GARP Port Parameters Menu ...............................................................................................................597
Figure 205: GVRP Counters Menu (page 1) ......................................................................................................................598
Figure 206: GVRP Counters Menu (page 2) ......................................................................................................................599
Figure 207: GVRP Database Menu....................................................................................................................................602
Figure 208: GIP Connected Ports Ring Menu ....................................................................................................................603
Figure 209: GVRP State Machine Menu (page 1) ..............................................................................................................604
Figure 210: Display GVRP State Machine Menu (page 2) .................................................................................................604
Chapter 26: Multiple VLAN Modes ............................................................................................................. 607
Figure 211: Show VLANs Menu, Multiple VLANS ..............................................................................................................613
Chapter 27: Protected Ports VLANs .......................................................................................................... 615
Figure 212: Create VLAN Menu .........................................................................................................................................619
Figure 213: Expanded Modify VLAN Menu ........................................................................................................................623
Figure 214: Show VLANs Menu .........................................................................................................................................626
Figure 215: Show VLANs Menu .........................................................................................................................................627
Figure 216: Delete VLAN Menu..........................................................................................................................................628
Figure 217: Expanded Delete VLAN Menu.........................................................................................................................629
Chapter 28: MAC Address-based Port Security ....................................................................................... 633
Figure 218: Port Security Menu..........................................................................................................................................637
Figure 219: Configure Port Security Menu #1 ....................................................................................................................637
Figure 220: Configure Port Security Menu #2 ....................................................................................................................639
Figure 221: Display Port Security Menu .............................................................................................................................641
Chapter 29: 802.1x Port-based Network Access Control ........................................................................ 643
Figure 222: Example of the Supplicant Role ......................................................................................................................648
Figure 223: Authenticator Port in Single Operating Mode with a Single Client...................................................................650
Figure 224: Single Operating Mode with Multiple Clients Using the Piggy-back Feature - Example 1 ..............................651
Figure 225: Single Operating Mode with Multiple Clients Using the Piggy-back Feature - Example 2 ..............................652
Figure 226: Single Operating Mode with Multiple Clients Using the Piggy-back Feature - Example 3 ..............................653
Figure 227: Authenticator Port in Multiple Operating Mode - Example 1............................................................................654
Figure 228: Authenticator Port in Multiple Operating Mode - Example 2............................................................................655
Figure 229: Port Access Control (802.1X) Menu ................................................................................................................662
Figure 230: Configure Port Access Role Menu ..................................................................................................................663
Figure 231: Configure Authenticator Menu.........................................................................................................................665
Figure 232: Configure Authenticator Port Access Parameters Menu .................................................................................666
Figure 233: Configure Supplicant Menu .............................................................................................................................671
19
Figures
Figure 234: Configure Supplicant Port Access Parameters Menu......................................................................................672
Figure 235: Display Port Access Status Menu....................................................................................................................674
Figure 236: Radius Accounting Menu.................................................................................................................................676
Chapter 30: Web Server .............................................................................................................................. 681
Figure 237: Web Server Configuration Menu .....................................................................................................................683
Chapter 31: Encryption Keys...................................................................................................................... 687
Figure 238: Keys/Certificate Configuration Menu ...............................................................................................................695
Figure 239: Key Management Menu...................................................................................................................................696
Figure 240: Create Key Menu.............................................................................................................................................697
Figure 241: Export Key to File Menu ..................................................................................................................................701
Figure 242: Import Key From File Menu .............................................................................................................................703
Chapter 32: PKI Certificates and SSL ........................................................................................................ 705
Figure 243: Public Key Infrastructure (PKI) Configuration Menu ........................................................................................719
Figure 244: X509 Certificate Management Menu ...............................................................................................................719
Figure 245: Create Self-Signed Certificate Menu ...............................................................................................................720
Figure 246: Add Certificate Menu .......................................................................................................................................722
Figure 247: Modify Certificate Menu...................................................................................................................................725
Figure 248: View Certificate Details Menu (page 1) ...........................................................................................................728
Figure 249: View Certificate Details Menu (page 2) ...........................................................................................................729
Figure 250: Generate Enrollment Request Menu ...............................................................................................................731
Figure 251: Secure Socket Layer (SSL) Menu ...................................................................................................................735
Chapter 33: Secure Shell (SSH) Protocol .................................................................................................. 737
Figure 252: SSH Remote Management of a Slave Switch .................................................................................................740
Figure 253: Secure Shell (SSH) Menu................................................................................................................................742
Figure 254: Show Server Information Menu .......................................................................................................................744
Chapter 34: TACACS+ and RADIUS Authentication Protocols ............................................................... 747
Figure 255: Authentication Configuration Menu..................................................................................................................752
Figure 256: TACACS+ Client Configuration Menu .............................................................................................................753
Figure 257: RADIUS Client Configuration...........................................................................................................................756
Figure 258: RADIUS Server Configuration .........................................................................................................................757
Figure 259: Show Status Menu...........................................................................................................................................758
Chapter 35: Management Access Control List.......................................................................................... 759
Figure 260: Management ACL Configuration Menu ...........................................................................................................764
Figure 261: Modify Management ACL Entry.......................................................................................................................768
Figure 262: Display All Management ACL Entries Menu....................................................................................................771
20

Preface

This guide contains instructions on how to configure an AT-8500 Series Layer 2+ Fast Ethernet Switch using the menus interface in the AT-S62 management software.
For instructions on how to manage the switch from the web browser interface or the command line interface, refer to the AT-S62 Web Browser
Interface User’s Guide and the AT-S62 Command Line Interface User’s Guide. These guides are available from the Allied Telesyn web site.
This preface contains the following sections:
“How This Guide is Organized” on page 22
“Document Conventions” on page 23
“Where to Find Web-based Guides” on page 24
“Contacting Allied Telesyn” on page 25
“New Features History” on page 26
Caution
The software described in this documentation contains certain cryptographic functionality and its export is restricted by U.S. law. As of this writing, it has been submitted for review as a “retail encryption item” in accordance with the Export Administration Regulations, 15 C.F.R. Part 730-772, promulgated by the U.S. Department of Commerce, and conditionally may be exported in accordance with the pertinent terms of License Exception ENC (described in 15 C.F.R. Part 740.17). In no case may it be exported to Cuba, Iran, Iraq, Libya, North Korea, Sudan, or Syria. If you wish to transfer this software outside the United States or Canada, please contact your local Allied Telesyn sales representative for current information on this product’s export status.
21
Preface

How This Guide is Organized

This manual is divided into the following sections.
Section I: Basic Operations
The chapters in this section explain how to perform basic switch operations, such as setting port parameters, creating port trunks, and viewing the MAC address table.
Section II: Advanced Operations
The chapters in this section explain some of the more advanced operations, such as using the file system, downloading and uploading files, and configuring Quality of Service.
Section III: SNMPv3 Operations
The chapter in this section explains how to configure the switch for SNMPv3. (The instructions for SNMPv1 and SNMPv2 are in Section 1, Basic Operations.)
Section IV: Spanning Tree Protocols
The chapters in this section explain the Spanning Tree, Rapid Spanning Tree, and Multiple Spanning Tree Protocols.
Section V: Virtual LANs
The chapters in this section explain port-based and tagged VLANs, GVRP, multiple VLAN modes, and protected ports VLANs.
Section VI: Port Security
The chapters in this section explain MAC address-based port security and
802.1x port-based access control.
Section VII: Management Security
The chapters in this section explain the management security features, such as the Secure Sockets Layer (SSL) and the Secure Shell (SSH) protocols.
22

Document Conventions

This document uses the following conventions:
AT-S62 Management Software Menus Interface User’s Guide
Note
Notes provide additional information.
Caution
Cautions inform you that performing or omitting a specific action may result in equipment damage or loss of data.
Warning
Warnings inform you that performing or omitting a specific action may result in bodily injury.
23
Preface

Where to Find Web-based Guides

The installation and user guides for all Allied Telesyn products are available in Portable Document Format (PDF) from on our web site at
www.alliedtelesyn.com. You can view the documents on-line or
download them onto a local workstation or server.
24
AT-S62 Management Software Menus Interface User’s Guide

Contacting Allied Telesyn

This section provides Allied Telesyn contact information for technical support as well as sales or corporate information.

Online Support You can request technical support online by accessing the Allied Telesyn

Knowledge Base from the following web site: www.alliedtelesyn.com/kb. You can use the Knowledge Base to submit questions to our technical support staff and review answers to previously asked questions.
Email and Telephone
Support
Returning
Products
For Sales or
Corporate
Information
Management
Software Updates
For Technical Support via email or telephone, refer to the Support & Services section of the Allied Telesyn web site: www.alliedtelesyn.com.
Products for return or repair must first be assigned a Return Materials Authorization (RMA) number. A product sent to Allied Telesyn without a RMA number will be returned to the sender at the sender’s expense.
To obtain a RMA number, contact Allied Telesyn’s Technical Support at our web site: www.alliedtelesyn.com.
You can contact Allied Telesyn for sales or corporate information at our web site: www.alliedtelesyn.com. To find the contact information for your country, select Contact Us -> Worldwide Contacts.
You can download new releases of management software for our managed products from either of the following Internet sites:
Allied Telesyn web site: www.alliedtelesyn.com
Allied Telesyn FTP server: ftp://ftp.alliedtelesyn.com
To download new software from the Allied Telesyn FTP server using your workstation’s command prompt, you need FTP client software and you must log in to the server. Enter “anonymous” as the user name and your email address for the password.
25
Preface

New Features History

The following subsection contains the new features in the AT-S62 management software.

Version 1.4.0 Table 1 lists the new features in version 1.4.0 of the AT-S62 management

software.
Table 1. New Features in AT-S62 Version 1.4.0
Change Chapter and Procedure
Fan Control Feature for the AT-8524POE Switch
New feature. Chapter 3, “Basic Switch Parameters” on page 49
New procedure:
“Setting Fan Control” on page 69
Quality of Service - Flow Groups and Traffic Classes
Added the following new parameters to
Chapter 15, “Quality of Service” on page 267
QoS flow groups and traffic classes:
ToS parameter for replacing the
Type of Service field of IPv4
Modified procedures:
“Creating a Flow Group” on page 283
packets.
Move ToS to Priority parameter for
replacing the value in the 802.1p priority field with the value in the
“Modifying a Flow Group” on page 285
“Creating a Traffic Class” on page 290
“Modifying a Traffic Class” on page 294
ToS priority field in IPv4 packets.
Move Priority to ToS parameter for
replacing the value in the ToS priority field with the 802.1p priority field in IPv4 packets.
Quality of Service - Policies
Added the following new parameters to
Chapter 15, “Quality of Service” on page 267
QoS policies:
ToS, Move ToS to Priority, and
Move Priority to ToS, as defined
Modified procedures:
“Creating a Policy” on page 299
above.
Send to Mirror Port parameter for
“Modifying a Policy” on page 302
copying traffic to a destination mirror port.
26
Table 1. New Features in AT-S62 Version 1.4.0 (Continued)
Change Chapter and Procedure
802.1x Port-based Network Access Control
AT-S62 Management Software Menus Interface User’s Guide
Added the following new features to
802.1x authenticator ports:
Supplicant mode for supporting
multiple supplicants on an authenticator port. For background information, see “Authenticator Ports with Single and Multiple Supplicants” on page 649.
Guest VLAN. For background
information, see “Guest VLAN” on page 657.
VLAN Assignment and Secure
VLAN for supporting dynamic VLAN assignments from a RADIUS authentication server for supplicant accounts. For background information, see “Supplicant and VLAN Associations” on page 655.
MAC address-based authentication
as an alternative to 802.1x username and password authentication. For background information, refer to “Authentication Modes” on page 646.
Chapter 29, “802.1x Port-based Network Access Control” on page 643
Modified procedure:
“Configuring Authenticator Port Parameters” on
page 665
Management Access Control List
Simplified the menu interface for managing the access control entries in the Management ACL.
Chapter 35, “Management Access Control List” on page 759
Modified procedures:
“Creating an ACE” on page 766
“Modifying an ACE” on page 768
“Deleting an ACE” on page 770
27
Preface
28

Chapter 1

Overview

This chapter reviews the functions of the AT-S62 management software, the types of management sessions supported by the switch, and the management access levels. This chapter contains the following sections:
“Management Overview” on page 30
“Local Management Session” on page 31
“Telnet Management Session” on page 32
“Web Browser Management Session” on page 33
“SNMP Management Session” on page 34
“Management Access Levels” on page 35
29
Chapter 1: Overview

Management Overview

The AT-S62 management software allows you to monitor and adjust the operating parameters of an AT-8500 Series switch and includes the following features:
Basic operations such as configuring port and switch parameters,
enhanced stacking, SNMPv1 and v2c, trunking, and mirroring
Advanced operations including file uploads and downloads, event
logging, traffic classifiers, access control lists, denial of service defense, Quality of Service (QoS), Class of Service (CoS), and IGMP snooping
SNMPv3
Spanning tree protocols including STP, RSTP, and MSTP
Virtual LANs
Port security options such as 802.1x Port-based Network Access
Control and MAC address security levels
Management security including encryption keys, PKI, SSL, Secure
Shell, TACACS+, RADIUS, and management access control lists
The AT-S62 management software is preinstalled on the switch with default settings for all operating parameters. If the default settings are adequate for your network, you can use the device as an unmanaged switch by connecting it to your network, as explained in the hardware installation guide, and powering on the switch.
Note
The default settings for the management software can be found in Appendix A, “AT-S62 Default Settings” on page 773.
To actively manage a switch, you must connect to its management software. There are two general ways to connect to a switch:
Locally using the RS232 Terminal Port on the switch
Remotely using the Telnet protocol, the Secure Shell (SSH) protocol,
or a web browser
The AT-S62 management software has three management interfaces. There is a menus interface, a command line interface, and a web browser interface. You can use the menus interface or the command line interface when managing the switch locally through the RS232 Terminal Port or remotely using the Telnet or SSH protocol. You use the web browser interface to manage the device with a web browser.
30
The following sections in this chapter briefly describe the different types of management sessions.
Loading...
+ 792 hidden pages