How it Works
Allied Telesis
Loading...
AT-S62
User Manual
372 pgs3.45 Mb0
User Manual
656 pgs2.66 Mb0
User Manual
822 pgs4.8 Mb1
User Manual
335 pgs3.58 Mb0
User Manual
760 pgs5.18 Mb0
User Manual
420 pgs1.99 Mb0
User Manual
862 pgs7.42 Mb0
Table of contents
Loading...

Allied Telesis AT-S62 User Manual

Download
Page 1
Management Software
AT-S62
Menus Interface User’s Guide
AT-8500 Series Layer 2+ Fast Ethernet Switches
613-000124 Rev. B
Page 2
Copyright © 2006 Allied Telesyn, Inc.
All rights reserved. No part of this publication may be reproduced without prior written permission from Allied Telesyn, Inc.
Microsoft and Internet Explorer are registered trademarks of Microsoft Corporation. Netscape Navigator is a registered trademark of Netscape Communications Corporation. All other product names, company names, logos or other designations mentioned herein are trademarks or registered trademarks of their respective owners.
Allied Telesyn, Inc. reserves the right to make changes in specifications and other information contained in this document without prior written notice. The information provided herein is subject to change without notice. In no event shall Allied Telesyn, Inc. be liable for any incidental, special, indirect, or consequential damages whatsoever, including but not limited to lost profits, arising out of or related to this manual or the information contained herein, even if Allied Telesyn, Inc. has been advised of, known, or should have known, the possibility of such damages.
Page 3

Contents

Preface ............................................................................................................................................................ 21
How This Guide is Organized........................................................................................................................... 22
Document Conventions .................................................................................................................................... 23
Where to Find Web-based Guides ................................................................................................................... 24
Contacting Allied Telesyn ................................................................................................................................. 25
Online Support ........................................................................................................................................... 25
Email and Telephone Support.................................................................................................................... 25
Returning Products .................................................................................................................................... 25
For Sales or Corporate Information............................................................................................................ 25
Management Software Updates................................................................................................................. 25
New Features History ....................................................................................................................................... 26
Version 1.4.0 .............................................................................................................................................. 26
Chapter 1: Overview ...................................................................................................................................... 29
Management Overview..................................................................................................................................... 30
Local Management Session ............................................................................................................................. 31
Telnet Management Session............................................................................................................................ 32
Web Browser Management Session ................................................................................................................ 33
SNMP Management Session ........................................................................................................................... 34
Management Access Levels............................................................................................................................. 35
Section I: Basic Operations ...................................................................................... 37
Chapter 2: Starting a Local or Telnet Management Session ..................................................................... 39
Local Management Session ............................................................................................................................. 40
Starting a Local Management Session ...................................................................................................... 41
Enhanced Stacking .................................................................................................................................... 43
Quitting a Local Session ............................................................................................................................ 43
Telnet Management Session............................................................................................................................ 44
Starting a Telnet Management Session ..................................................................................................... 44
Quitting a Telnet Management Session ..................................................................................................... 45
Saving Your Parameter Changes..................................................................................................................... 46
Ports 49R and 50R on the AT-8550GB and AT-8550SP Switches .................................................................. 47
Chapter 3: Basic Switch Parameters ........................................................................................................... 49
When Does a Switch Need an IP Address? ..................................................................................................... 50
How Do You Assign an IP Address?.......................................................................................................... 51
Configuring an IP Address and Switch Name .................................................................................................. 52
Activating the BOOTP or DHCP Client Software.............................................................................................. 55
Rebooting a Switch........................................................................................................................................... 57
Configuring the Manager and Operator Passwords ......................................................................................... 58
Changing the Manager or Operator Password .......................................................................................... 58
Resetting the Manager Password.............................................................................................................. 59
Setting the System Time .................................................................................................................................. 61
Configuring the Console Startup Mode ............................................................................................................ 65
Configuring the Console Timer......................................................................................................................... 66
3
Page 4
Contents
Enabling or Disabling the Telnet Server ........................................................................................................... 67
Setting the Baud Rate of the RS-232 Terminal Port ......................................................................................... 68
Setting Fan Control ........................................................................................................................................... 69
Enabling and Disabling Fan Control ........................................................................................................... 69
Displaying Fan Control Status .................................................................................................................... 70
Pinging a Remote System ................................................................................................................................72
Returning the AT-S62 Software to the Factory Default Values......................................................................... 73
Retaining the System Files.........................................................................................................................73
Deleting the System Files........................................................................................................................... 74
Viewing System Hardware and Software Information.......................................................................................76
Chapter 4: Enhanced Stacking .....................................................................................................................79
Enhanced Stacking Overview ........................................................................................................................... 80
Guidelines...................................................................................................................................................80
Setting a Switch’s Enhanced Stacking Status .................................................................................................. 83
Selecting a Switch in an Enhanced Stack......................................................................................................... 85
Returning to the Master Switch ......................................................................................................................... 87
Chapter 5: SNMPv1 and SNMPv2c Configuration ....................................................................................... 89
SNMPv1 and SNMPv2c Overview .................................................................................................................... 90
Default SNMP Community Strings ............................................................................................................. 92
Enabling or Disabling SNMP Management....................................................................................................... 93
Setting the Authentication Failure Trap............................................................................................................. 94
Creating an SNMP Community String .............................................................................................................. 95
Modifying a Community String .......................................................................................................................... 98
Deleting a Community String ..........................................................................................................................102
Displaying the SNMP Community Strings....................................................................................................... 103
Chapter 6: Port Parameters ........................................................................................................................105
Displaying Port Status.....................................................................................................................................106
Configuring Port Parameters ..........................................................................................................................109
Setting the Rate Limit......................................................................................................................................118
Displaying Port Statistics ................................................................................................................................120
Clearing Port Counters ...................................................................................................................................122
Chapter 7: MAC Address Table ..................................................................................................................123
MAC Address Overview..................................................................................................................................124
Displaying MAC Addresses ............................................................................................................................126
Adding Static Unicast and Multicast MAC Addresses.....................................................................................130
Deleting Unicast and Multicast MAC Addresses............................................................................................. 132
Deleting All Dynamic MAC Addresses ............................................................................................................ 133
Changing the Aging Time ...............................................................................................................................134
Chapter 8: Static and LACP Port Trunks ................................................................................................... 135
Port Trunk Overview ....................................................................................................................................... 136
Static Port Trunk Overview.......................................................................................................................136
LACP Trunk Overview .............................................................................................................................. 138
Load Distribution Methods........................................................................................................................144
Managing Static Port Trunks...........................................................................................................................147
Creating a Static Port Trunk ..................................................................................................................... 147
Modifying a Static Port Trunk ................................................................................................................... 150
Deleting a Static Port Trunk...................................................................................................................... 152
Managing LACP Trunks.................................................................................................................................. 154
Enabling or Disabling LACP ..................................................................................................................... 154
Setting a LACP System Priority................................................................................................................155
Creating an Aggregator ............................................................................................................................ 156
Modifying an Aggregator .......................................................................................................................... 158
4
Page 5
AT-S62 Management Software Menus Interface User’s Guide
Deleting an Aggregator ............................................................................................................................ 160
Displaying LACP Port or Aggregator Status ............................................................................................ 161
Chapter 9: Port Mirroring ............................................................................................................................ 165
Port Mirroring Overview.................................................................................................................................. 166
Creating a Port Mirror ..................................................................................................................................... 167
Disabling a Port Mirror.................................................................................................................................... 169
Section II: Advanced Operations ........................................................................... 171
Chapter 10: File System .............................................................................................................................. 173
File System Overview..................................................................................................................................... 174
File Naming Conventions ......................................................................................................................... 175
Working with Boot Configuration Files............................................................................................................ 176
Creating a Boot Configuration File ........................................................................................................... 176
Setting the Active Boot Configuration File................................................................................................ 179
Viewing a Boot Configuration File............................................................................................................ 180
Editing a Boot Configuration File.............................................................................................................. 182
Troubleshooting a Boot Configuration File............................................................................................... 182
Copying, Renaming, and Deleting System Files ............................................................................................ 183
Displaying System Files ................................................................................................................................. 185
Chapter 11: File Downloads and Uploads ................................................................................................. 187
Downloading a New AT-S62 Image File onto a Switch .................................................................................. 188
Guidelines ................................................................................................................................................ 188
Downloading an AT-S62 Image from a Local Management Session....................................................... 190
Downloading an AT-S62 Image from a Telnet Management Session ..................................................... 194
Uploading an AT-S62 Image File Switch to Switch ........................................................................................ 196
Guidelines ................................................................................................................................................ 196
Uploading an AT-S62 Configuration File Switch to Switch............................................................................. 199
Guidelines ................................................................................................................................................ 199
Downloading a System File ............................................................................................................................ 202
Guidelines ................................................................................................................................................ 202
Downloading a File from a Local Management Session .......................................................................... 203
Downloading a File from a Telnet Management Session......................................................................... 207
Uploading a System File................................................................................................................................. 209
Guidelines ................................................................................................................................................ 209
Uploading a File from a Local Management Session............................................................................... 210
Uploading a File from a Telnet Management Session ............................................................................. 213
Chapter 12: Event Log and Syslog Servers .............................................................................................. 215
Event Log and Syslog Server Overview ......................................................................................................... 216
Managing the Event Log................................................................................................................................. 217
Enabling or Disabling the Event Log ........................................................................................................ 217
Displaying the Event Log ......................................................................................................................... 218
Modifying the Event Log Full Action......................................................................................................... 222
Saving the Event Log ............................................................................................................................... 224
Clearing the Event Log............................................................................................................................. 224
Managing Syslog Server Definitions............................................................................................................... 225
Creating a Syslog Server Definition ......................................................................................................... 226
Modifying a Syslog Server Definition ....................................................................................................... 230
Deleting a Syslog Server Definition.......................................................................................................... 231
Displaying a Syslog Server Definition ...................................................................................................... 232
5
Page 6
Contents
Chapter 13: Classifiers ................................................................................................................................233
Classifier Overview ......................................................................................................................................... 234
Classifier Criteria ......................................................................................................................................235
Classifier Guidelines................................................................................................................................. 240
Creating a Classifier........................................................................................................................................241
Modifying a Classifier...................................................................................................................................... 244
Deleting a Classifier ........................................................................................................................................246
Deleting All Classifiers .................................................................................................................................... 247
Displaying Classifiers ......................................................................................................................................248
Chapter 14: Access Control Lists .............................................................................................................. 251
Access Control List (ACL) Overview ............................................................................................................... 252
Parts of an ACL ........................................................................................................................................ 253
Guidelines.................................................................................................................................................253
Examples.................................................................................................................................................. 254
Creating an ACL .............................................................................................................................................259
Modifying an ACL............................................................................................................................................261
Deleting an ACL..............................................................................................................................................263
Deleting All ACLs ............................................................................................................................................265
Displaying ACLs.............................................................................................................................................. 266
Chapter 15: Quality of Service .................................................................................................................... 267
Quality of Service Overview ............................................................................................................................268
Classifiers ................................................................................................................................................. 269
Flow Groups .............................................................................................................................................270
Traffic Classes.......................................................................................................................................... 270
Policies ..................................................................................................................................................... 270
QoS Policy Guidelines.............................................................................................................................. 271
Packet Processing.................................................................................................................................... 271
Bandwidth Allocation ................................................................................................................................272
Packet Prioritization.................................................................................................................................. 272
Replacing Priorities................................................................................................................................... 273
VLAN Tag User Priorities ......................................................................................................................... 273
DSCP Values............................................................................................................................................ 273
DiffServ Domains......................................................................................................................................273
Examples.................................................................................................................................................. 276
Managing Flow Groups................................................................................................................................... 283
Creating a Flow Group ............................................................................................................................. 283
Modifying a Flow Group............................................................................................................................ 285
Deleting a Flow Group.............................................................................................................................. 287
Displaying Flow Groups............................................................................................................................ 288
Managing Traffic Classes ...............................................................................................................................290
Creating a Traffic Class ............................................................................................................................ 290
Modifying a Traffic Class ..........................................................................................................................294
Deleting a Traffic Class ............................................................................................................................ 296
Displaying Traffic Classes ........................................................................................................................297
Managing Policies...........................................................................................................................................299
Creating a Policy ......................................................................................................................................299
Modifying a Policy..................................................................................................................................... 302
Deleting a Policy....................................................................................................................................... 303
Displaying Policies.................................................................................................................................... 304
Chapter 16: Class of Service ...................................................................................................................... 307
Class of Service Overview ..............................................................................................................................308
Scheduling................................................................................................................................................ 310
Configuring CoS..............................................................................................................................................313
6
Page 7
AT-S62 Management Software Menus Interface User’s Guide
Mapping CoS Priorities to Egress Queues ..................................................................................................... 316
Configuring Egress Scheduling ...................................................................................................................... 318
Displaying Port CoS Priorities ........................................................................................................................ 320
Chapter 17: IGMP Snooping ....................................................................................................................... 323
IGMP Snooping Overview .............................................................................................................................. 324
Configuring IGMP Snooping........................................................................................................................... 326
Displaying a List of Host Nodes...................................................................................................................... 329
Displaying a List of Multicast Routers............................................................................................................. 331
Chapter 18: Denial of Service Defenses .................................................................................................... 333
Denial of Service Defense Overview .............................................................................................................. 334
SYN Flood Attack..................................................................................................................................... 334
SMURF Attack ......................................................................................................................................... 335
Land Attack .............................................................................................................................................. 335
Teardrop Attack........................................................................................................................................ 337
Ping of Death Attack ................................................................................................................................ 337
IP Options Attack ..................................................................................................................................... 338
Mirroring Traffic ........................................................................................................................................ 338
Denial of Service Defense Guidelines...................................................................................................... 339
Enabling or Disabling Denial of Service Prevention ....................................................................................... 340
Chapter 19: Power Over Ethernet .............................................................................................................. 343
Power Over Ethernet Overview ...................................................................................................................... 344
PoE Implementation on the AT-8524POE Switch.................................................................................... 345
Power Budgeting...................................................................................................................................... 345
Port Prioritization...................................................................................................................................... 346
PoE Device Classes................................................................................................................................. 347
Setting the PoE Threshold.............................................................................................................................. 348
Configuring PoE Port Settings........................................................................................................................ 350
Displaying PoE Status and Settings ............................................................................................................... 352
Chapter 20: Networking Stack .................................................................................................................... 359
Managing the Address Resolution Protocol Table ......................................................................................... 360
Displaying the ARP Table ........................................................................................................................ 361
Deleting an ARP Entry ............................................................................................................................. 363
Deleting All ARP Entries .......................................................................................................................... 363
Configuring the ARP Table Timeout Value .............................................................................................. 364
Displaying the Routing Table.......................................................................................................................... 365
Displaying the TCP Connections Table.......................................................................................................... 367
Deleting a TCP Connection ............................................................................................................................ 370
Displaying the TCP Global Information Table ................................................................................................ 371
Section III: SNMPv3 Operations ........................................................................... 373
Chapter 21: SNMPv3 ................................................................................................................................... 375
SNMPv3 Overview ......................................................................................................................................... 376
SNMPv3 Authentication Protocols ........................................................................................................... 377
SNMPv3 Privacy Protocol ........................................................................................................................ 377
SNMPv3 MIB Views ................................................................................................................................. 378
SNMPv3 Storage Types........................................................................................................................... 379
SNMPv3 Message Notification................................................................................................................. 379
SNMPv3 Tables ....................................................................................................................................... 380
SNMPv3 Configuration Example.............................................................................................................. 384
Configuring the SNMPv3 Protocol.................................................................................................................. 385
Configuring the SNMPv3 User Table ............................................................................................................. 386
7
Page 8
Contents
Creating an SNMPv3 User Table Entry....................................................................................................386
Deleting an SNMPv3 User Table Entry .................................................................................................... 390
Modifying an SNMPv3 User Table Entry .................................................................................................. 391
Configuring the SNMPv3 View Table.............................................................................................................. 396
Creating an SNMPv3 View Table Entry....................................................................................................396
Deleting an SNMPv3 View Table Entry .................................................................................................... 399
Modifying an SNMPv3 View Table Entry.................................................................................................. 400
Configuring the SNMPv3 Access Table .......................................................................................................... 405
Creating an SNMPv3 Access Table Entry................................................................................................ 405
Deleting an SNMPv3 Access Table Entry ................................................................................................ 409
Modifying an SNMPv3 Access Table Entry .............................................................................................. 411
Configuring the SNMPv3 SecurityToGroup Table .......................................................................................... 421
Creating an SNMPv3 SecurityToGroup Table Entry ................................................................................421
Deleting an SNMPv3 SecurityToGroup Table Entry................................................................................. 424
Modifying an SNMPv3 SecurityToGroup Table Entry .............................................................................. 425
Configuring the SNMPv3 Notify Table ............................................................................................................429
Creating an SNMPv3 Notify Table Entry .................................................................................................. 429
Deleting an SNMPv3 Notify Table Entry...................................................................................................431
Modifying an SNMPv3 Notify Table Entry ................................................................................................432
Configuring the SNMPv3 Target Address Table ............................................................................................. 436
Creating an SNMPv3 Target Address Table Entry...................................................................................437
Deleting an SNMPv3 Target Address Table Entry ...................................................................................439
Modifying an SNMPv3 Target Address Table Entry .................................................................................440
Configuring the SNMPv3 Target Parameters Table........................................................................................ 449
Creating an SNMPv3 Target Parameters Table Entry ............................................................................. 450
Deleting an SNMPv3 Target Parameters Table Entry ..............................................................................453
Modifying an SNMPv3 Target Parameters Table Entry............................................................................ 454
Configuring the SNMPv3 Community Table ................................................................................................... 462
Creating an SNMPv3 Community Table Entry .........................................................................................463
Deleting an SNMPv3 Community Table Entry.......................................................................................... 466
Modifying an SNMPv3 Community Table Entry .......................................................................................467
Displaying SNMPv3 Table Menus .................................................................................................................. 472
Displaying the Display SNMPv3 User Table Menu .................................................................................. 472
Displaying the Display SNMPv3 View Table Menu ..................................................................................474
Displaying the Display SNMPv3 Access Table Menu .............................................................................. 475
Displaying the Display SNMPv3 SecurityToGroup Table Menu...............................................................476
Displaying the Display SNMPv3 Notify Table Menu................................................................................
Displaying the Display SNMPv3 Target Address Table Menu ................................................................. 478
Displaying the Display SNMPv3 Target Parameters Table Menu ............................................................479
Displaying the Display SNMPv3 Community Table Menu........................................................................480
.477
Section IV: Spanning Tree Protocols ..................................................................... 481
Chapter 22: Spanning Tree and Rapid Spanning Tree Protocols ........................................................... 483
STP and RSTP Overview ...............................................................................................................................484
Bridge Priority and the Root Bridge .......................................................................................................... 485
Mixed STP and RSTP Network ................................................................................................................ 491
Spanning Tree and VLANs.......................................................................................................................491
Enabling or Disabling a Spanning Tree Protocol ............................................................................................493
Configuring STP..............................................................................................................................................495
Configuring STP Bridge Settings.............................................................................................................. 495
Configuring STP Port Settings..................................................................................................................497
Displaying STP Port Settings ...................................................................................................................499
Configuring RSTP ........................................................................................................................................... 501
Configuring RSTP Bridge Settings ........................................................................................................... 501
8
Page 9
AT-S62 Management Software Menus Interface User’s Guide
Configuring RSTP Port Settings............................................................................................................... 503
Displaying Port RSTP Status ................................................................................................................... 505
Chapter 23: Multiple Spanning Tree Protocol ........................................................................................... 507
MSTP Overview.............................................................................................................................................. 508
Multiple Spanning Tree Instance (MSTI).................................................................................................. 509
VLAN and MSTI Associations .................................................................................................................. 512
Ports in Multiple MSTIs ............................................................................................................................ 512
Multiple Spanning Tree Regions.............................................................................................................. 513
MSTP with STP and RSTP ...................................................................................................................... 517
Summary of Guidelines............................................................................................................................ 517
Selecting MSTP as the Active Spanning Tree Protocol ................................................................................. 522
Configuring MSTP Bridge Settings................................................................................................................. 523
Configuring the CIST Priority.......................................................................................................................... 526
Creating, Deleting, and Modifying MSTIs ....................................................................................................... 528
Creating an MSTI..................................................................................................................................... 529
Deleting an MSTI .................................................................................................................................... 530
Modifying an MSTI ................................................................................................................................... 530
Associating VLANs to MSTI IDs ..................................................................................................................... 532
Adding VLAN Associations to an MSTI.................................................................................................... 533
Removing VLAN Associations from an MSTI........................................................................................... 534
Replacing VLAN Associations to an MSTI .............................................................................................. 534
Removing All VLAN Associations from an MSTI...................................................................................... 535
Configuring MSTP Port Settings..................................................................................................................... 536
Configuring Generic MSTP Port Settings................................................................................................. 536
Configuring MSTI-specific Port Parameters............................................................................................. 538
Displaying MSTP Port Settings and Status .................................................................................................... 541
Section V: Virtual LANs ......................................................................................... 543
Chapter 24: Port-based and Tagged Virtual LANs ................................................................................... 545
VLAN Overview .............................................................................................................................................. 546
Port-based VLAN Overview............................................................................................................................ 548
General Rules for Creating a Port-based VLAN ...................................................................................... 550
Drawbacks of Port-based VLANs............................................................................................................. 550
Port-based Example 1.............................................................................................................................. 551
Port-based Example 2.............................................................................................................................. 553
Tagged VLAN Overview ................................................................................................................................. 555
General Rules for Creating a Tagged VLAN............................................................................................ 556
Tagged VLAN Example............................................................................................................................ 557
Creating a Port-based or Tagged VLAN......................................................................................................... 559
Example of Creating a Port-based VLAN ....................................................................................................... 563
Example of Creating a Tagged VLAN ............................................................................................................ 564
Modifying a VLAN........................................................................................................................................... 565
Displaying VLANs........................................................................................................................................... 569
Deleting a VLAN ............................................................................................................................................. 571
Deleting All VLANs ......................................................................................................................................... 574
Displaying PVIDs............................................................................................................................................ 576
Enabling or Disabling Ingress Filtering ........................................................................................................... 577
Specifying a Management VLAN.................................................................................................................... 579
Chapter 25: GARP VLAN Registration Protocol ....................................................................................... 581
Basic Overview of GARP VLAN Registration Protocol (GVRP) ..................................................................... 582
Guidelines ................................................................................................................................................ 584
GVRP and Network Security.................................................................................................................... 585
GVRP-inactive Intermediate Switches ..................................................................................................... 586
9
Page 10
Contents
Technical Overview of Generic Attribute Registration Protocol (GARP).........................................................587
Configuring GVRP .......................................................................................................................................... 591
Enabling or Disabling GVRP on a Port ........................................................................................................... 593
Converting a Dynamic GVRP VLAN ...............................................................................................................596
Displaying GVRP Parameters and Statistics ..................................................................................................597
GVRP Counters........................................................................................................................................ 598
GVRP Database ....................................................................................................................................... 602
GIP Connected Ports Ring ....................................................................................................................... 603
GVRP State Machine ...............................................................................................................................604
Chapter 26: Multiple VLAN Modes ..............................................................................................................607
Multiple VLAN Mode Overview .......................................................................................................................608
802.1Q- Compliant Multiple VLAN mode..................................................................................................608
Non-802.1Q Compliant Multiple VLAN Mode ........................................................................................... 611
Selecting a VLAN Mode.................................................................................................................................. 612
Displaying VLAN Information .......................................................................................................................... 613
Chapter 27: Protected Ports VLANs ........................................................................................................... 615
Protected Ports VLAN Overview ..................................................................................................................... 616
Protected Ports VLAN Guidelines ............................................................................................................ 617
Creating a Protected Ports VLAN ................................................................................................................... 619
Modifying a Protected Ports VLAN ................................................................................................................. 622
Displaying a Protected Port VLAN ..................................................................................................................626
Deleting a Protected Ports VLAN.................................................................................................................... 628
Section VI: Port Security ........................................................................................631
Chapter 28: MAC Address-based Port Security ........................................................................................ 633
MAC Address-based Port Security Overview ................................................................................................. 634
Automatic..................................................................................................................................................634
Limited ...................................................................................................................................................... 634
Secured .................................................................................................................................................... 635
Locked ...................................................................................................................................................... 635
Invalid Frames and Intrusion Actions .......................................................................................................635
Guidelines.................................................................................................................................................636
Configuring MAC Address-based Port Security ..............................................................................................637
Displaying Port Security Levels ......................................................................................................................641
Chapter 29: 802.1x Port-based Network Access Control ......................................................................... 643
IEEE 802.1x Port-based Network Access Control Overview ..........................................................................644
Authentication Process.............................................................................................................................645
Port Roles................................................................................................................................................. 646
None Role.................................................................................................................................................646
Authenticator Role .................................................................................................................................... 646
Supplicant Role ........................................................................................................................................648
Authenticator Ports with Single and Multiple Supplicants.........................................................................649
Supplicant and VLAN Associations .......................................................................................................... 655
Guest VLAN..............................................................................................................................................657
RADIUS Accounting .................................................................................................................................658
General Steps........................................................................................................................................... 659
802.1x Port-based Network Access Control Guidelines ...........................................................................660
Setting Port Roles ........................................................................................................................................... 662
Enabling and Disabling 802.1x Port-based Network Access Control.............................................................. 664
Configuring Authenticator Port Parameters .................................................................................................... 665
Configuring Supplicant Port Parameters......................................................................................................... 671
Displaying the Port Access Parameters.......................................................................................................... 674
Configuring RADIUS Accounting ....................................................................................................................676
10
Page 11
AT-S62 Management Software Menus Interface User’s Guide
Section VII: Management Security ....................................................................... 679
Chapter 30: Web Server .............................................................................................................................. 681
Web Server Overview..................................................................................................................................... 682
Supported Protocols................................................................................................................................. 682
Configuring the Web Server ........................................................................................................................... 683
General Steps to Configuring the Web Server for Encryption ........................................................................ 685
General Steps for a Self-signed Certificate.............................................................................................. 685
General Steps for a Public or Private CA Certificate................................................................................ 685
Chapter 31: Encryption Keys ..................................................................................................................... 687
Basic Overview............................................................................................................................................... 688
Encryption Key Length ............................................................................................................................. 689
Encryption Key Guidelines ....................................................................................................................... 689
Technical Overview ........................................................................................................................................ 690
Data Encryption........................................................................................................................................ 690
Data Authentication.................................................................................................................................. 692
Key Exchange Algorithms ........................................................................................................................ 693
Creating an Encryption Key............................................................................................................................ 695
Deleting an Encryption Key ............................................................................................................................ 699
Modifying an Encryption Key .......................................................................................................................... 700
Exporting an Encryption Key .......................................................................................................................... 701
Importing an Encryption Key .......................................................................................................................... 703
Chapter 32: PKI Certificates and SSL ........................................................................................................ 705
Basic Overview............................................................................................................................................... 706
Types of Certificates ................................................................................................................................ 706
Distinguished Names ............................................................................................................................... 707
SSL and Enhanced Stacking ................................................................................................................... 709
Guidelines ................................................................................................................................................ 710
Technical Overview ........................................................................................................................................ 711
SSL Encryption ........................................................................................................................................ 711
User Verification....................................................................................................................................... 712
Authentication .......................................................................................................................................... 712
Public Key Infrastructure .......................................................................................................................... 713
Public Keys .............................................................................................................................................. 713
Message Encryption................................................................................................................................. 713
Digital Signatures..................................................................................................................................... 713
Certificates ............................................................................................................................................... 714
Elements of a Public Key Infrastructure................................................................................................... 715
Certificate Validation ................................................................................................................................ 715
Certificate Revocation Lists (CRLs) ......................................................................................................... 716
PKI Implementation.................................................................................................................................. 716
Creating a Self-signed Certificate................................................................................................................... 718
Adding a Certificate to the Database.............................................................................................................. 722
Modifying a Certificate .................................................................................................................................... 725
Deleting a Certificate ...................................................................................................................................... 727
Viewing a Certificate....................................................................................................................................... 728
Generating an Enrollment Request ................................................................................................................ 730
Installing CA Certificates onto a Switch.......................................................................................
Configuring PKI .............................................................................................................................................. 734
Configuring SSL ............................................................................................................................................. 735
................... 733
11
Page 12
Contents
Chapter 33: Secure Shell (SSH) Protocol .................................................................................................. 737
SSH Overview................................................................................................................................................. 738
Support for SSH ....................................................................................................................................... 738
SSH Server............................................................................................................................................... 739
SSH Clients .............................................................................................................................................. 739
SSH and Enhanced Stacking ................................................................................................................... 740
Guidelines.................................................................................................................................................741
General Steps to Configuring SSH...........................................................................................................741
Configuring the SSH Server............................................................................................................................742
Displaying SSH Information ............................................................................................................................ 744
Chapter 34: TACACS+ and RADIUS Authentication Protocols ............................................................... 747
TACACS+ and RADIUS Overview..................................................................................................................748
Guidelines.................................................................................................................................................749
Configuring TACACS+ Authentication Protocol Settings ................................................................................752
Configuring RADIUS Authentication Protocol Settings ...................................................................................755
Displaying RADIUS Status and Settings.........................................................................................................758
Chapter 35: Management Access Control List .......................................................................................... 759
Management ACL Security Overview .............................................................................................................760
Parts of a Management ACE....................................................................................................................760
Management ACL Guidelines................................................................................................................... 761
Examples.................................................................................................................................................. 762
Enabling or Disabling the Management ACL .................................................................................................. 764
Creating an ACE ............................................................................................................................................. 766
Modifying an ACE ........................................................................................................................................... 768
Deleting an ACE ............................................................................................................................................. 770
Displaying the ACEs ....................................................................................................................................... 771
Appendix A: AT-S62 Default Settings ........................................................................................................ 773
Basic Switch Default Settings .........................................................................................................................774
Boot Configuration File Default Setting ....................................................................................................774
Management Access Default Settings......................................................................................................774
Management Interface Default Settings ...................................................................................................774
RS-232 Port Default Settings ...................................................................................................................775
SNTP Default Settings.............................................................................................................................. 775
Switch Administration Default Settings.....................................................................................................775
System Software Default Settings ............................................................................................................ 776
AT-8524POE Fan Control Default Setting................................................................................................ 776
Denial of Service Defense Default Settings ....................................................................................................777
Enhanced Stacking Default Setting ................................................................................................................778
Event Log Default Settings .............................................................................................................................779
GVRP Default Settings ...................................................................................................................................780
IGMP Snooping Default Settings ....................................................................................................................781
MAC Address-based Security Default Settings .............................................................................................. 782
Management Access Control List Default Setting........................................................................................... 783
PKI Default Settings........................................................................................................................................784
Port Configuration Default Settings................................................................................................................. 785
802.1x Port-Based Network Access Control Default Settings......................................................................
...786
Power Over Ethernet ......................................................................................................................................788
Class of Service ..............................................................................................................................................789
Server-Based Authentication Default Settings ................................................................................................790
Server-Based Authentication Default Settings .........................................................................................790
RADIUS Default Settings.......................................................................................................................... 790
TACACS+ Client Default Settings ............................................................................................................790
SNMP Default Settings ................................................................................................................................... 791
12
Page 13
AT-S62 Management Software Menus Interface User’s Guide
STP, RSTP, and MSTP Default Settings........................................................................................................ 792
Spanning Tree Switch Settings ................................................................................................................ 792
STP Default Settings................................................................................................................................ 792
RSTP Default Settings ............................................................................................................................. 792
MSTP Default Settings............................................................................................................................. 793
SSH Default Settings...................................................................................................................................... 794
SSL Default Settings ...................................................................................................................................... 795
VLAN Default Settings.................................................................................................................................... 796
Web Server Default Settings .......................................................................................................................... 797
Appendix B: SNMPv3 Configuration Examples ........................................................................................ 799
SNMPv3 Configuration Examples .................................................................................................................. 800
SNMPv3 Manager Configuration ............................................................................................................. 800
SNMPv3 Operator Configuration ............................................................................................................. 801
SNMPv3 Worksheet................................................................................................................................. 802
Appendix C: Standards and Features ....................................................................................................... 805
10/100Base-TX Twisted Pair Ports ................................................................................................................ 805
Fiber Optic Ports (AT-8516F/SC Switch)........................................................................................................ 805
Traffic Control ................................................................................................................................................. 805
Spanning Tree Protocols ................................................................................................................................ 806
Port Trunks ..................................................................................................................................................... 806
Virtual LANs.................................................................................................................................................... 806
IP Multicast ..................................................................................................................................................... 807
Port Security ................................................................................................................................................... 807
Management Access and Security ................................................................................................................. 807
Management MIBs ......................................................................................................................................... 808
System Monitoring.......................................................................................................................................... 808
Additional Features......................................................................................................................................... 808
Denial of Service Defenses ............................................................................................................................ 809
Management Access Methods ....................................................................................................................... 809
Management Interfaces.................................................................................................................................. 809
Index ............................................................................................................................................................. 811
13
Page 14
Contents
14
Page 15

Figures

Chapter 2: Starting a Local or Telnet Management Session..................................................................... 39
Figure 1: Connecting a Terminal or PC to the RS232 Terminal Port....................................................................................41
Figure 2: Command Prompt .................................................................................................................................................42
Figure 3: Main Menu.............................................................................................................................................................42
Chapter 3: Basic Switch Parameters ........................................................................................................... 49
Figure 4: System Administration Menu.................................................................................................................................52
Figure 5: System Configuration Menu ..................................................................................................................................53
Figure 6: System Utilities Menu............................................................................................................................................57
Figure 7: Passwords Configuration Menu.............................................................................................................................58
Figure 8: Configure System Time Menu...............................................................................................................................62
Figure 9: Console (Serial/Telnet) Configuration Menu .........................................................................................................65
Figure 10: Fan Control Configuration Menu .........................................................................................................................70
Figure 11: Show Fan Control Status.....................................................................................................................................71
Figure 12: System Information Menu....................................................................................................................................76
Figure 13: System Hardware Information Menu...................................................................................................................77
Chapter 4: Enhanced Stacking..................................................................................................................... 79
Figure 14: Enhanced Stacking Example...............................................................................................................................82
Figure 15: Enhanced Stacking Menu ...................................................................................................................................84
Figure 16: Stacking Services Menu......................................................................................................................................85
Chapter 5: SNMPv1 and SNMPv2c Configuration ...................................................................................... 89
Figure 17: SNMP Configuration Menu..................................................................................................................................93
Figure 18: SNMPv1 & SNMPv2c Community Menu.............................................................................................................95
Figure 19: Modify SNMP Community Menu .........................................................................................................................98
Figure 20: Display SNMP Community Menu ......................................................................................................................103
Chapter 6: Port Parameters ........................................................................................................................ 105
Figure 21: Port Configuration Menu....................................................................................................................................106
Figure 22: Port Status Menu...............................................................................................................................................106
Figure 23: Port Configuration (Port) Menu..........................................................................................................................109
Figure 24: Head of Line Blocking .......................................................................................................................................113
Figure 25: Flow Control Menu ............................................................................................................................................114
Figure 26: Back Pressure Menu .........................................................................................................................................115
Figure 27: Rate Limiting Menu............................................................................................................................................119
Figure 28: Port Statistics Menu...........................................................................................................................................120
Chapter 7: MAC Address Table.................................................................................................................. 123
Figure 29: MAC Address Tables Menu...............................................................................................................................126
Figure 30: Display Unicast MAC Addresses Menu.............................................................................................................126
Figure 31: Display All Menu - Unicast MAC Addresses......................................................................................................127
Figure 32: Display All Menu - Multicast MAC Addresses ...................................................................................................128
Figure 33: Configure MAC Addresses Menu......................................................................................................................130
Chapter 8: Static and LACP Port Trunks................................................................................................... 135
Figure 34: Static Port Trunk Example.................................................................................................................................136
Figure 35: Example of Multiple Aggregators for Multiple Aggregate Trunks ......................................................................139
Figure 36: Example of an Aggregator with Multiple Trunks................................................................................................140
15
Page 16
Figures
Figure 37: Port Trunking and LACP Menu..........................................................................................................................148
Figure 38: Static Port Trunking Menu .................................................................................................................................148
Figure 39: Create Trunk Menu............................................................................................................................................149
Figure 40: Modify Trunk Menu............................................................................................................................................151
Figure 41: LACP (IEEE 8023ad) Configuration Menu ........................................................................................................155
Figure 42: Create LACP (IEEE 8023ad) Aggregator Menu ................................................................................................157
Figure 43: Modify LACP (IEEE 8023ad) Aggregator Menu ................................................................................................159
Figure 44: LACP (IEEE 802.3ad Port Status Menu ............................................................................................................162
Figure 45: LACP (IEEE 802.3ad) Aggregator Status Menu................................................................................................162
Chapter 9: Port Mirroring ............................................................................................................................ 165
Figure 46: Port Mirroring Menu #1......................................................................................................................................167
Figure 47: Port Mirroring Menu #2......................................................................................................................................167
Chapter 10: File System .............................................................................................................................. 173
Figure 48: File Operations Menu ........................................................................................................................................177
Figure 49: View File Menu ..................................................................................................................................................181
Figure 50: List Files Menu...................................................................................................................................................186
Chapter 11: File Downloads and Uploads ................................................................................................. 187
Figure 51: Downloads and Uploads Menu..........................................................................................................................190
Figure 52: Local Management Window ..............................................................................................................................192
Figure 53: Send File Window..............................................................................................................................................192
Figure 54: XModem File Send Window ..............................................................................................................................193
Figure 55: Local Management Window ..............................................................................................................................205
Figure 56: Send File Window..............................................................................................................................................206
Figure 57: XModem File Send Window ..............................................................................................................................206
Figure 58: Local Management Window ..............................................................................................................................212
Figure 59: Receive File Window .........................................................................................................................................212
Chapter 12: Event Log and Syslog Servers............................................................................................... 215
Figure 60: Event Log Menu ................................................................................................................................................218
Figure 61: Event Log Example............................................................................................................................................221
Figure 62: Configure Log Outputs Menu.............................................................................................................................223
Figure 63: Syslog Server Configuration Menu ....................................................................................................................226
Figure 64: Configure Log Outputs Menu with a Syslog Server Definition...........................................................................230
Chapter 13: Classifiers ................................................................................................................................ 233
Figure 65: User Priority and VLAN Fields within an Ethernet Frame..................................................................................236
Figure 66: ToS field in an IP Header...................................................................................................................................237
Figure 67: Classifier Configuration Menu............................................................................................................................241
Figure 68: Create Classifier Menu (Page 1) .......................................................................................................................242
Figure 69: Create Classifier Menu (Page 2) .......................................................................................................................242
Figure 70: Show Classifiers Menu ......................................................................................................................................248
Chapter 14: Access Control Lists .............................................................................................................. 251
Figure 71: ACL Example 1..................................................................................................................................................254
Figure 72: ACL Example 2..................................................................................................................................................255
Figure 73: ACL Example 3..................................................................................................................................................256
Figure 74: ACL Example 4..................................................................................................................................................257
Figure 75: ACL Example 5..................................................................................................................................................257
Figure 76: ACL Example 6..................................................................................................................................................258
Figure 77: Access Control Lists (ACL) Menu......................................................................................................................259
Figure 78: Create ACL Menu..............................................................................................................................................259
Figure 79: Modify ACL Menu ..............................................................................................................................................261
Figure 80: Destroy ACL Menu ............................................................................................................................................263
Figure 81: Show Classifiers Menu ......................................................................................................................................266
16
Page 17
AT-S62 Management Software Menus Interface User’s Guide
Chapter 15: Quality of Service ................................................................................................................... 267
Figure 82: DiffServ Domain Example .................................................................................................................................274
Figure 83: QoS Voice Application Example........................................................................................................................276
Figure 84: QoS Video Application Example........................................................................................................................278
Figure 85: QoS Critical Database Example ........................................................................................................................280
Figure 86: Policy Component Hierarchy Example ..............................................................................................................282
Figure 87: Quality of Service (QoS) menu..........................................................................................................................283
Figure 88: Flow Group Configuration Menu........................................................................................................................283
Figure 89: Create Flow Group Menu ..................................................................................................................................284
Figure 90: Modify Flow Group Menu ..................................................................................................................................286
Figure 91: Destroy Flow Group Menu.................................................................................................................................287
Figure 92: Show Flow Groups Menu ..................................................................................................................................288
Figure 93: Display Flow Group Detail Menu.......................................................................................................................289
Figure 94: Traffic Class Configuration Menu ......................................................................................................................290
Figure 95: Create Traffic Class Menu.................................................................................................................................291
Figure 96: Modify Traffic Class Menu.................................................................................................................................295
Figure 97: Destroy Traffic Class Menu ...............................................................................................................................296
Figure 98: Show Traffic Classes Menu...............................................................................................................................297
Figure 99: Policy Configuration Menu.................................................................................................................................299
Figure 100: Create Policy Menu .........................................................................................................................................300
Figure 101: Modify Policy Menu .........................................................................................................................................302
Figure 102: Show Policies Menu ........................................................................................................................................304
Chapter 16: Class of Service ...................................................................................................................... 307
Figure 103: Security and Services Menu............................................................................................................................313
Figure 104: Class of Service (CoS) Menu ..........................................................................................................................314
Figure 105: Configure Port COS Priorities Menu................................................................................................................314
Figure 106: Map CoS Priority to Egress Queue Menu .......................................................................................................316
Figure 107: Configure Egress Scheduling Menu................................................................................................................318
Figure 108: Show Port CoS Priorities Menu.......................................................................................................................320
Chapter 17: IGMP Snooping ....................................................................................................................... 323
Figure 109: Advanced Configuration Menu ........................................................................................................................326
Figure 110: IGMP Snooping Configuration Menu...............................................................................................................326
Figure 111: View Multicast Hosts List Menu.......................................................................................................................329
Figure 112: View Multicast Routers List Menu ...................................................................................................................331
Chapter 18: Denial of Service Defenses.................................................................................................... 333
Figure 113: Denial of Service (DoS) Menu.........................................................................................................................340
Figure 114: LAN IP Subnet Menu.......................................................................................................................................341
Figure 115: SYN Flood Configuration Menu.......................................................................................................................342
Chapter 19: Power Over Ethernet .............................................................................................................. 343
Figure 116: Power Over Ethernet Configuration Menu.......................................................................................................348
Figure 117: PoE Global Configuration Menu......................................................................................................................348
Figure 118: PoE Port Configuration Menu..........................................................................................................................350
Figure 119: PoE Status Menu ............................................................................................................................................352
Figure 120: PoE Global Status Menu .................................................................................................................................353
Figure 121: PoE Summary Ports Status Menu...................................................................................................................354
Figure 122: PoE Summary Ports Status Menu...................................................................................................................355
Figure 123: PoE Device Information...................................................................................................................................357
Chapter 20: Networking Stack.................................................................................................................... 359
Figure 124: Networking Stack Menu...................................................................................................................................361
Figure 125: Display ARP Table Menu ................................................................................................................................362
Figure 126: Display Route Table ........................................................................................................................................365
Figure 127: Display TCP Connections Table......................................................................................................................367
Figure 128: IP Address and TCP Port Number ..................................................................................................................368
Figure 129: Display TCP Global Information Table ............................................................................................................371
17
Page 18
Figures
Chapter 21: SNMPv3.................................................................................................................................... 375
Figure 130: MIB Tree..........................................................................................................................................................378
Figure 131: SNMPv3 User Configuration Process..............................................................................................................380
Figure 132: SNMPv3 Message Notification Process ..........................................................................................................381
Figure 133: Configure SNMPv3 Table Menu......................................................................................................................387
Figure 134: Configure SNMPv3 User Table Menu .............................................................................................................387
Figure 135: Modify SNMPv3 User Table Menu ..................................................................................................................391
Figure 136: Configure SNMPv3 View Table Menu .............................................................................................................397
Figure 137: Modify SNMPv3 View Table Menu ..................................................................................................................400
Figure 138: Configure SNMPv3 Access Table Menu .........................................................................................................406
Figure 139: Modify SNMPv3 Access Table Menu ..............................................................................................................412
Figure 140: Configure SNMPv3 SecurityToGroup Table Menu..........................................................................................422
Figure 141: Modify SNMPv3 SecurityToGroup Table Menu...............................................................................................426
Figure 142: Configure SNMPv3 Notify Table Menu............................................................................................................430
Figure 143: Modify SNMPv3 Notify Table Menu.................................................................................................................433
Figure 144: Configure SNMPv3 Target Address Table Menu ............................................................................................437
Figure 145: Modify SNMPv3 Target Address Table Menu .................................................................................................441
Figure 146: Configure SNMPv3 Target Parameters Table Menu .......................................................................................450
Figure 147: Modify SNMPv3 Target Parameters Table Menu ............................................................................................455
Figure 148: Configure SNMPv3 Community Table Menu...................................................................................................464
Figure 149: Modify SNMPv3 Community Table Menu........................................................................................................468
Figure 150: Display SNMPv3 Table Menu..........................................................................................................................473
Figure 151: Display SNMPv3 User Table Menu.................................................................................................................473
Figure 152: Display SNMPv3 View Table Menu.................................................................................................................474
Figure 153: Display SNMPv3 Access Table Menu .............................................................................................................475
Figure 154: Display SNMPv3 SecurityToGroup Table Menu..............................................................................................476
Figure 155: Display SNMPv3 Notify Table Menu................................................................................................................477
Figure 156: Display SNMPv3 Target Address Table Menu ................................................................................................478
Figure 157: Display SNMPv3 Target Parameters Table Menu...........................................................................................479
Figure 158: Display SNMPv3 Community Table Menu.......................................................................................................480
Chapter 22: Spanning Tree and Rapid Spanning Tree Protocols ........................................................... 483
Figure 159: Point-to-Point Ports..........................................................................................................................................490
Figure 160: Edge Port.........................................................................................................................................................490
Figure 161: Point-to-Point and Edge Port ...........................................................................................................................491
Figure 162: VLAN Fragmentation .......................................................................................................................................492
Figure 163: Spanning Tree Configuration Menu.................................................................................................................493
Figure 164: STP Menu........................................................................................................................................................495
Figure 165: STP Port Parameters Menu.............................................................................................................................498
Figure 166: Configure STP Port Settings Menu..................................................................................................................498
Figure 167: Display STP Port Configuration Menu.............................................................................................................500
Figure 168: RSTP Menu .....................................................................................................................................................501
Figure 169: RSTP Port Parameters Menu..........................................................................................................................504
Figure 170: Configure RSTP Port Settings Menu...............................................................................................................504
Chapter 23: Multiple Spanning Tree Protocol ........................................................................................... 507
Figure 171: VLAN Fragmentation with STP or RSTP .........................................................................................................509
Figure 172: MSTP Example of Two Spanning Tree Instances ..........................................................................................510
Figure 173: Multiple VLANs in a MSTI ...............................................................................................................................511
Figure 174: Multiple Spanning Tree Region .......................................................................................................................514
Figure 175: CIST and VLAN Guideline - Example 1...........................................................................................................518
Figure 176: CIST and VLAN Guideline - Example 2...........................................................................................................519
Figure 177: Spanning Regions - Example 1 .......................................................................................................................520
Figure 178: MSTP Menu.....................................................................................................................................................523
Figure 179: CIST Configuration Menu ................................................................................................................................526
Figure 180: MSTI Configuration Menu................................................................................................................................528
Figure 181: VLAN-MSTI Association Menu ........................................................................................................................533
Figure 182: MSTP Port Parameters Menu..........................................................................................................................536
Figure 183: Configure MSTP Port Settings Menu...............................................................................................................537
Figure 184: Configure Per Spanning Tree Port Settings Menu ..........................................................................................539
18
Page 19
AT-S62 Management Software Menus Interface User’s Guide
Chapter 24: Port-based and Tagged Virtual LANs ................................................................................... 545
Figure 185: Port-based VLAN - Example 1 ........................................................................................................................551
Figure 186: Port-based VLAN - Example 2 ........................................................................................................................553
Figure 187: Example of a Tagged VLAN............................................................................................................................557
Figure 188: VLAN Configuration Menu...............................................................................................................................559
Figure 189: Configure VLANs Menu...................................................................................................................................560
Figure 190: Create VLAN Menu .........................................................................................................................................560
Figure 191: Modify VLAN Menu..........................................................................................................................................565
Figure 192: Expanded Modify VLAN Menu ........................................................................................................................566
Figure 193: Show VLANs Menu .........................................................................................................................................569
Figure 194: Delete VLAN Menu..........................................................................................................................................571
Figure 195: Expanded Delete VLAN Menu.........................................................................................................................572
Figure 196: Show PVIDs & Priorities Menu........................................................................................................................576
Chapter 25: GARP VLAN Registration Protocol ....................................................................................... 581
Figure 197: GVRP Example ..............................................................................................................................................583
Figure 198: GARP Architecture .........................................................................................................................................588
Figure 199: GID Architecture .............................................................................................................................................589
Figure 200: GARP-GVRP Menu.........................................................................................................................................591
Figure 201: GVRP Port Parameters Menu .........................................................................................................................593
Figure 202: Configure GVRP Port Settings Menu ..............................................................................................................594
Figure 203: Display GVRP Port Configuration Menu..........................................................................................................594
Figure 204: Other GARP Port Parameters Menu ...............................................................................................................597
Figure 205: GVRP Counters Menu (page 1) ......................................................................................................................598
Figure 206: GVRP Counters Menu (page 2) ......................................................................................................................599
Figure 207: GVRP Database Menu....................................................................................................................................602
Figure 208: GIP Connected Ports Ring Menu ....................................................................................................................603
Figure 209: GVRP State Machine Menu (page 1) ..............................................................................................................604
Figure 210: Display GVRP State Machine Menu (page 2) .................................................................................................604
Chapter 26: Multiple VLAN Modes ............................................................................................................. 607
Figure 211: Show VLANs Menu, Multiple VLANS ..............................................................................................................613
Chapter 27: Protected Ports VLANs .......................................................................................................... 615
Figure 212: Create VLAN Menu .........................................................................................................................................619
Figure 213: Expanded Modify VLAN Menu ........................................................................................................................623
Figure 214: Show VLANs Menu .........................................................................................................................................626
Figure 215: Show VLANs Menu .........................................................................................................................................627
Figure 216: Delete VLAN Menu..........................................................................................................................................628
Figure 217: Expanded Delete VLAN Menu.........................................................................................................................629
Chapter 28: MAC Address-based Port Security ....................................................................................... 633
Figure 218: Port Security Menu..........................................................................................................................................637
Figure 219: Configure Port Security Menu #1 ....................................................................................................................637
Figure 220: Configure Port Security Menu #2 ....................................................................................................................639
Figure 221: Display Port Security Menu .............................................................................................................................641
Chapter 29: 802.1x Port-based Network Access Control ........................................................................ 643
Figure 222: Example of the Supplicant Role ......................................................................................................................648
Figure 223: Authenticator Port in Single Operating Mode with a Single Client...................................................................650
Figure 224: Single Operating Mode with Multiple Clients Using the Piggy-back Feature - Example 1 ..............................651
Figure 225: Single Operating Mode with Multiple Clients Using the Piggy-back Feature - Example 2 ..............................652
Figure 226: Single Operating Mode with Multiple Clients Using the Piggy-back Feature - Example 3 ..............................653
Figure 227: Authenticator Port in Multiple Operating Mode - Example 1............................................................................654
Figure 228: Authenticator Port in Multiple Operating Mode - Example 2............................................................................655
Figure 229: Port Access Control (802.1X) Menu ................................................................................................................662
Figure 230: Configure Port Access Role Menu ..................................................................................................................663
Figure 231: Configure Authenticator Menu.........................................................................................................................665
Figure 232: Configure Authenticator Port Access Parameters Menu .................................................................................666
Figure 233: Configure Supplicant Menu .............................................................................................................................671
19
Page 20
Figures
Figure 234: Configure Supplicant Port Access Parameters Menu......................................................................................672
Figure 235: Display Port Access Status Menu....................................................................................................................674
Figure 236: Radius Accounting Menu.................................................................................................................................676
Chapter 30: Web Server .............................................................................................................................. 681
Figure 237: Web Server Configuration Menu .....................................................................................................................683
Chapter 31: Encryption Keys...................................................................................................................... 687
Figure 238: Keys/Certificate Configuration Menu ...............................................................................................................695
Figure 239: Key Management Menu...................................................................................................................................696
Figure 240: Create Key Menu.............................................................................................................................................697
Figure 241: Export Key to File Menu ..................................................................................................................................701
Figure 242: Import Key From File Menu .............................................................................................................................703
Chapter 32: PKI Certificates and SSL ........................................................................................................ 705
Figure 243: Public Key Infrastructure (PKI) Configuration Menu ........................................................................................719
Figure 244: X509 Certificate Management Menu ...............................................................................................................719
Figure 245: Create Self-Signed Certificate Menu ...............................................................................................................720
Figure 246: Add Certificate Menu .......................................................................................................................................722
Figure 247: Modify Certificate Menu...................................................................................................................................725
Figure 248: View Certificate Details Menu (page 1) ...........................................................................................................728
Figure 249: View Certificate Details Menu (page 2) ...........................................................................................................729
Figure 250: Generate Enrollment Request Menu ...............................................................................................................731
Figure 251: Secure Socket Layer (SSL) Menu ...................................................................................................................735
Chapter 33: Secure Shell (SSH) Protocol .................................................................................................. 737
Figure 252: SSH Remote Management of a Slave Switch .................................................................................................740
Figure 253: Secure Shell (SSH) Menu................................................................................................................................742
Figure 254: Show Server Information Menu .......................................................................................................................744
Chapter 34: TACACS+ and RADIUS Authentication Protocols ............................................................... 747
Figure 255: Authentication Configuration Menu..................................................................................................................752
Figure 256: TACACS+ Client Configuration Menu .............................................................................................................753
Figure 257: RADIUS Client Configuration...........................................................................................................................756
Figure 258: RADIUS Server Configuration .........................................................................................................................757
Figure 259: Show Status Menu...........................................................................................................................................758
Chapter 35: Management Access Control List.......................................................................................... 759
Figure 260: Management ACL Configuration Menu ...........................................................................................................764
Figure 261: Modify Management ACL Entry.......................................................................................................................768
Figure 262: Display All Management ACL Entries Menu....................................................................................................771
20
Page 21

Preface

This guide contains instructions on how to configure an AT-8500 Series Layer 2+ Fast Ethernet Switch using the menus interface in the AT-S62 management software.
For instructions on how to manage the switch from the web browser interface or the command line interface, refer to the AT-S62 Web Browser
Interface User’s Guide and the AT-S62 Command Line Interface User’s Guide. These guides are available from the Allied Telesyn web site.
This preface contains the following sections:
“How This Guide is Organized” on page 22
“Document Conventions” on page 23
“Where to Find Web-based Guides” on page 24
“Contacting Allied Telesyn” on page 25
“New Features History” on page 26
Caution
The software described in this documentation contains certain cryptographic functionality and its export is restricted by U.S. law. As of this writing, it has been submitted for review as a “retail encryption item” in accordance with the Export Administration Regulations, 15 C.F.R. Part 730-772, promulgated by the U.S. Department of Commerce, and conditionally may be exported in accordance with the pertinent terms of License Exception ENC (described in 15 C.F.R. Part 740.17). In no case may it be exported to Cuba, Iran, Iraq, Libya, North Korea, Sudan, or Syria. If you wish to transfer this software outside the United States or Canada, please contact your local Allied Telesyn sales representative for current information on this product’s export status.
21
Page 22
Preface

How This Guide is Organized

This manual is divided into the following sections.
Section I: Basic Operations
The chapters in this section explain how to perform basic switch operations, such as setting port parameters, creating port trunks, and viewing the MAC address table.
Section II: Advanced Operations
The chapters in this section explain some of the more advanced operations, such as using the file system, downloading and uploading files, and configuring Quality of Service.
Section III: SNMPv3 Operations
The chapter in this section explains how to configure the switch for SNMPv3. (The instructions for SNMPv1 and SNMPv2 are in Section 1, Basic Operations.)
Section IV: Spanning Tree Protocols
The chapters in this section explain the Spanning Tree, Rapid Spanning Tree, and Multiple Spanning Tree Protocols.
Section V: Virtual LANs
The chapters in this section explain port-based and tagged VLANs, GVRP, multiple VLAN modes, and protected ports VLANs.
Section VI: Port Security
The chapters in this section explain MAC address-based port security and
802.1x port-based access control.
Section VII: Management Security
The chapters in this section explain the management security features, such as the Secure Sockets Layer (SSL) and the Secure Shell (SSH) protocols.
22
Page 23

Document Conventions

This document uses the following conventions:
AT-S62 Management Software Menus Interface User’s Guide
Note
Notes provide additional information.
Caution
Cautions inform you that performing or omitting a specific action may result in equipment damage or loss of data.
Warning
Warnings inform you that performing or omitting a specific action may result in bodily injury.
23
Page 24
Preface

Where to Find Web-based Guides

The installation and user guides for all Allied Telesyn products are available in Portable Document Format (PDF) from on our web site at
www.alliedtelesyn.com. You can view the documents on-line or
download them onto a local workstation or server.
24
Page 25
AT-S62 Management Software Menus Interface User’s Guide

Contacting Allied Telesyn

This section provides Allied Telesyn contact information for technical support as well as sales or corporate information.

Online Support You can request technical support online by accessing the Allied Telesyn

Knowledge Base from the following web site: www.alliedtelesyn.com/kb. You can use the Knowledge Base to submit questions to our technical support staff and review answers to previously asked questions.
Email and Telephone
Support
Returning
Products
For Sales or
Corporate
Information
Management
Software Updates
For Technical Support via email or telephone, refer to the Support & Services section of the Allied Telesyn web site: www.alliedtelesyn.com.
Products for return or repair must first be assigned a Return Materials Authorization (RMA) number. A product sent to Allied Telesyn without a RMA number will be returned to the sender at the sender’s expense.
To obtain a RMA number, contact Allied Telesyn’s Technical Support at our web site: www.alliedtelesyn.com.
You can contact Allied Telesyn for sales or corporate information at our web site: www.alliedtelesyn.com. To find the contact information for your country, select Contact Us -> Worldwide Contacts.
You can download new releases of management software for our managed products from either of the following Internet sites:
Allied Telesyn web site: www.alliedtelesyn.com
Allied Telesyn FTP server: ftp://ftp.alliedtelesyn.com
To download new software from the Allied Telesyn FTP server using your workstation’s command prompt, you need FTP client software and you must log in to the server. Enter “anonymous” as the user name and your email address for the password.
25
Page 26
Preface

New Features History

The following subsection contains the new features in the AT-S62 management software.

Version 1.4.0 Table 1 lists the new features in version 1.4.0 of the AT-S62 management

software.
Table 1. New Features in AT-S62 Version 1.4.0
Change Chapter and Procedure
Fan Control Feature for the AT-8524POE Switch
New feature. Chapter 3, “Basic Switch Parameters” on page 49
New procedure:
“Setting Fan Control” on page 69
Quality of Service - Flow Groups and Traffic Classes
Added the following new parameters to
Chapter 15, “Quality of Service” on page 267
QoS flow groups and traffic classes:
ToS parameter for replacing the
Type of Service field of IPv4
Modified procedures:
“Creating a Flow Group” on page 283
packets.
Move ToS to Priority parameter for
replacing the value in the 802.1p priority field with the value in the
“Modifying a Flow Group” on page 285
“Creating a Traffic Class” on page 290
“Modifying a Traffic Class” on page 294
ToS priority field in IPv4 packets.
Move Priority to ToS parameter for
replacing the value in the ToS priority field with the 802.1p priority field in IPv4 packets.
Quality of Service - Policies
Added the following new parameters to
Chapter 15, “Quality of Service” on page 267
QoS policies:
ToS, Move ToS to Priority, and
Move Priority to ToS, as defined
Modified procedures:
“Creating a Policy” on page 299
above.
Send to Mirror Port parameter for
“Modifying a Policy” on page 302
copying traffic to a destination mirror port.
26
Page 27
Table 1. New Features in AT-S62 Version 1.4.0 (Continued)
Change Chapter and Procedure
802.1x Port-based Network Access Control
AT-S62 Management Software Menus Interface User’s Guide
Added the following new features to
802.1x authenticator ports:
Supplicant mode for supporting
multiple supplicants on an authenticator port. For background information, see “Authenticator Ports with Single and Multiple Supplicants” on page 649.
Guest VLAN. For background
information, see “Guest VLAN” on page 657.
VLAN Assignment and Secure
VLAN for supporting dynamic VLAN assignments from a RADIUS authentication server for supplicant accounts. For background information, see “Supplicant and VLAN Associations” on page 655.
MAC address-based authentication
as an alternative to 802.1x username and password authentication. For background information, refer to “Authentication Modes” on page 646.
Chapter 29, “802.1x Port-based Network Access Control” on page 643
Modified procedure:
“Configuring Authenticator Port Parameters” on
page 665
Management Access Control List
Simplified the menu interface for managing the access control entries in the Management ACL.
Chapter 35, “Management Access Control List” on page 759
Modified procedures:
“Creating an ACE” on page 766
“Modifying an ACE” on page 768
“Deleting an ACE” on page 770
27
Page 28
Preface
28
Page 29

Chapter 1

Overview

This chapter reviews the functions of the AT-S62 management software, the types of management sessions supported by the switch, and the management access levels. This chapter contains the following sections:
“Management Overview” on page 30
“Local Management Session” on page 31
“Telnet Management Session” on page 32
“Web Browser Management Session” on page 33
“SNMP Management Session” on page 34
“Management Access Levels” on page 35
29
Page 30
Chapter 1: Overview

Management Overview

The AT-S62 management software allows you to monitor and adjust the operating parameters of an AT-8500 Series switch and includes the following features:
Basic operations such as configuring port and switch parameters,
enhanced stacking, SNMPv1 and v2c, trunking, and mirroring
Advanced operations including file uploads and downloads, event
logging, traffic classifiers, access control lists, denial of service defense, Quality of Service (QoS), Class of Service (CoS), and IGMP snooping
SNMPv3
Spanning tree protocols including STP, RSTP, and MSTP
Virtual LANs
Port security options such as 802.1x Port-based Network Access
Control and MAC address security levels
Management security including encryption keys, PKI, SSL, Secure
Shell, TACACS+, RADIUS, and management access control lists
The AT-S62 management software is preinstalled on the switch with default settings for all operating parameters. If the default settings are adequate for your network, you can use the device as an unmanaged switch by connecting it to your network, as explained in the hardware installation guide, and powering on the switch.
Note
The default settings for the management software can be found in Appendix A, “AT-S62 Default Settings” on page 773.
To actively manage a switch, you must connect to its management software. There are two general ways to connect to a switch:
Locally using the RS232 Terminal Port on the switch
Remotely using the Telnet protocol, the Secure Shell (SSH) protocol,
or a web browser
The AT-S62 management software has three management interfaces. There is a menus interface, a command line interface, and a web browser interface. You can use the menus interface or the command line interface when managing the switch locally through the RS232 Terminal Port or remotely using the Telnet or SSH protocol. You use the web browser interface to manage the device with a web browser.
30
The following sections in this chapter briefly describe the different types of management sessions.
Page 31

Local Management Session

To establish a local management session with an AT-8500 Series switch, you connect a terminal or a PC with a terminal emulator program to the RS232 Terminal Port on the switch, using the straight-through RS-232 management cable included with the unit. The RS232 Terminal Port is located on the front panel of the AT-8516F/SC, AT-8524M, and AT-8524POEswitches and the back panel of the AT-8550GB and AT-8550SP switches.
This type of management session is referred to as “local” because you must be physically close to the switch, such as in the wiring closet where the device is located.
Note
For instructions on starting a local management session, refer to “Starting a Local Management Session” on page 41.
AT-S62 Management Software Menus Interface User’s Guide
A switch does not need an Internet Protocol (IP) address for you to manage it locally. You can start a local management session on a switch at any time and it will not affect the forwarding of frames by the device.
If you assign an AT-8500 Series switch an IP address and designate it as a master switch of an enhanced stack, you can manage all of the switches in the enhanced stack, all from the same local management session.
Note
For further information on enhanced stacking, refer to “Enhanced Stacking Overview” on page 80.
31
Page 32
Chapter 1: Overview

Telnet Management Session

You can remotely manage the switch from a workstation on your network using the Telnet application protocol. This type of management session is referred to in this guide as a remote management session because you do not have to be in the wiring closet where the switch is located.
To establish a Telnet management session with a switch, there must be at least one enhanced stacking switch in the subnet with an IP address. Only one switch in a subnet needs to have an IP address. Once you have established a Telnet management session with the switch that has an IP address, you can use the enhanced stacking feature of the management software to access all other enhanced stacking switches that reside in the same subnet.
Note
For further information on enhanced stacking, refer to “Enhanced Stacking Overview” on page 80.
Note
For instructions on how to start a Telnet management session, refer to “Starting a Telnet Management Session” on page 44.
A Telnet management session gives you access to nearly all of a switch’s operating parameters. You can perform nearly all the same functions from a Telnet management session as you can from a local management session.
32
Page 33

Web Browser Management Session

You can also use a web browser from a management workstation on your network to manage a switch. This too is referred to as remote management because you can be anywhere on your network when managing the device.
This method of management, as with Telnet management, requires that the switch have an IP address or be part of an enhanced stack. Starting a web browser management session on a master switch of an enhanced stack allows you to manage all of the switches in the same enhanced stack, all from the same management session.
Note
For further information on the web browser interface, refer to the AT-S62 Web Browser Interface User’s Guide.
AT-S62 Management Software Menus Interface User’s Guide
33
Page 34
Chapter 1: Overview

SNMP Management Session

Another way to remotely manage the switch is with an SNMP management program. AT-S62 software supports SNMPv1, SNMPv2c, and SNMPv3. You need to be familiar with Management Information Base (MIB) objects to configure a switch using SNMP management.
The AT-S62 software supports the following MIBs:
SNMP MIB-II (RFC 1213)
Bridge MIB (RFC 1493)
SNMPv3 (RFC 2571-6)
User-based Security Model (USM) for SNMPv3 (RFC 2574)
Interface Group MIB (RFC 2863)
Ethernet MIB (RFC 1643)
Remote Network MIB (RFC 1757)
Allied Telesyn managed switch MIB
You must download the Allied Telesyn managed switch MIB files (atiChassisSwitch.mib and atiStackinginfo.mib) from the Allied Telesyn web site and compile the files with your SNMP program. For instructions on how to compile the MIB file with your SNMP program, refer to your SNMP management documentation.
For information about how to configure SNMP communities using a local or Telnet management session, see Chapter 5, “SNMPv1 and SNMPv2c Configuration” on page 89 and Chapter 21, “SNMPv3” on page 375.
Note
SNMP management can use the enhanced stacking feature through the private MIB (atiStackinginfo.mib). See Chapter 4, “Enhanced Stacking” on page 79.
34
Page 35

Management Access Levels

There are two levels of management access in the AT-S62 management software: Manager and Operator. Manager access gives you the power to view and configure all of a switch’s operating parameters. Operator access only allows you to view the operating parameters; you cannot change any values.
The switch has two default login accounts. For Manager access, the login name is “manager” and the default password is “friend”. For Operator access, the login name is “operator” and the default password is also “operator”. The usernames and passwords are case-sensitive.
You can create new Manager and Operator accounts with the RADIUS and TACACS+ authentication protocols, as explained in Chapter 34, “TACACS+ and RADIUS Authentication Protocols” on page 747.
AT-S62 Management Software Menus Interface User’s Guide
35
Page 36
Chapter 1: Overview
36
Page 37

Section I

Basic Operations

The chapters in this section cover a variety of basic switch features and functions. The chapters include:
Chapter 2: “Starting a Local or Telnet Management Session” on
page 39
Chapter 3: “Basic Switch Parameters” on page 49
Chapter 4: “Enhanced Stacking” on page 79
Chapter 5: “SNMPv1 and SNMPv2c Configuration” on page 89
Chapter 6: “Port Parameters” on page 105
Chapter 7: “MAC Address Table” on page 123
Chapter 8: “Static and LACP Port Trunks” on page 135
Chapter 9: “Port Mirroring” on page 165
Section I: Basic Operations 37
Page 38
38 Section I: Basic Operations
Page 39

Chapter 2

Starting a Local or Telnet Management Session

This chapter contains the procedures for starting a local or Telnet management session on an AT-8500 Series switch. The sections in the chapter are:
“Local Management Session” on page 40
“Telnet Management Session” on page 44
“Saving Your Parameter Changes” on page 46
“Ports 49R and 50R on the AT-8550GB and AT-8550SP Switches” on
page 47
Section I: Basic Operations 39
Page 40
Chapter 2: Starting a Local or Telnet Management Session

Local Management Session

To establish a local management session, you connect a terminal or PC with a terminal emulator program to the RS-232 terminal port on the switch. The RS232 Terminal Port is located on the front panel of the AT-8516F/SC, AT-8524M, and AT-8524POEswitches and the back panel of the AT-8550GB and AT-8550SP switches.
A local management session is so named because you must be close to the switch, usually within a few meters, to start this type of management session, meaning you must be in the wiring closet where the switch is located.
A switch does not need an IP address to be managed from a local management session, and a local management session will not interfere with the switch’s forwarding of packets.
Starting a local management session on a switch configured as a Master switch allows you to manage all the switches in the same enhanced stack. This relieves you of having to start a separate local management session for each switch, simplifying network management.
Starting a local management session on a switch that is not part of an enhanced stack or that is a slave switch allows you to manage just that switch.
Note
For information on enhanced stacking, refer to “Enhanced Stacking Overview” on page 80.
40 Section I: Basic Operations
Page 41
AT-S62 Management Software Menus Interface User’s Guide
Starting a Local
Management
Session
To start a local management session, perform the following procedure:
1. Connect one end of the straight-through RS232 management cable to the RS232 Terminal Port on the front panel of the switch.
AT-8524M
MODE
COL
100
FULL
ACT
Fast Ethernet Switch
STATUS
FAULT
MASTER
RPS
PWR
Figure 1. Connecting a Terminal or PC to the RS232 Terminal Port
2. Connect the other end of the cable to an RS-232 port on a terminal or PC with a terminal emulator program.
3. Configure the terminal or terminal emulator program as follows:
Baud rate: 9600 bps
Data bits: 8
Parity None
Stop bits: 1
Flow control: None
Note
The port settings are for a DEC VT100 or ANSI terminal, or an equivalent terminal emulator program.
Note
During boot up, the switch displays the following prompt: Press <CTRL>B to go to Boot Prompt. This message is intended for
manufacturing purposes only. (If you inadvertently display the boot prompt (=>), type boot and press Return to start the switch.)
4. When prompted, enter a username and password.
To configure the switch settings, enter “manager” as the user name. The default password for manager access is “friend”. To just view the
Section I: Basic Operations 41
Page 42
Chapter 2: Starting a Local or Telnet Management Session
settings, enter “operator” as the user name. The default password for operator access is “operator”. Usernames and passwords are case­sensitive. For information on the two access levels, refer to “Management Access Levels” on page 35. (For instructions on how to change a password, refer to “Configuring the Manager and Operator Passwords” on page 58.)
After logging on, you will see the window in Figure 2. This is the command prompt interface. You will see either a “#” symbol if you logged on as a manager or a “$” symbol if you logged on as an operator.
Allied Telesyn Ethernet Switch AT-8524M - AT-S62
#
<No System Name>
Figure 2. Command Prompt
For instructions on how to use the command line interface, refer to the AT-S62 Command Line User’s Guide, which is available from the Allied Telesyn web site.
5. To display the menu interface, type menu at the command prompt.
The Main Menu is shown in Figure 3.
Allied Telesyn Ethernet Switch AT-8524M - AT-S62
User: Manager 11:20:02 02-Jan-2006
1 - Port Configuration 2 - VLAN Configuration 3 - Spanning Tree Configuration 4 - MAC Address Tables 5 - System Administration 6 - Advanced Configuration 7 - Security and Services 8 - Enhanced Stacking
<No System Name>
Main Menu
C - Command Line Interface
Q - Quit
Enter your selection?
Figure 3. Main Menu
To select a menu item, type the corresponding letter or number.
Pressing the Esc key or typing the letter R in a submenu, returns you to the previous menu.
42 Section I: Basic Operations
Page 43
AT-S62 Management Software Menus Interface User’s Guide
Enhanced
Stacking
Quitting a Local
Session
When you start a local management session on a switch configured as a Master switch, you can manage all the switches in the enhanced stack from the same management session. This saves you the time and trouble of having to start a separate local management session each time you want to manage a switch in your network. It also saves you from having to go to the different wiring closets where the switches are located.
For information on enhanced stacking and how to manage different switches from the same management session, refer to Chapter 4, “Enhanced Stacking” on page 79.
To quit a local session, return to the Main Menu and type Q for Quit.
You should always exit from a management session when you are finished managing a switch. This can prevent unauthorized individuals from making changes to a switch’s configuration should you leave your management station unattended.
Note
You cannot run both a local management session and a Telnet management session on the same switch simultaneously. Failure to properly exit from a local or Telnet management session may block future management sessions.
Section I: Basic Operations 43
Page 44
Chapter 2: Starting a Local or Telnet Management Session

Telnet Management Session

You can use the Telnet application protocol from a workstation on your network to manage an AT-8500 Series switch. This type of management is referred to as remote management because you do not have to be physically close to the switch to start the session, such as with a local management session. Any workstation on your network that has the application protocol can be used to manage the unit.
In terms of functionally, there are almost no differences between managing a switch locally through the RS232 Terminal Port and remotely with the Telnet application protocol. You see the same menu selections and have nearly the same management capabilities.
To manage a switch using Telnet, it must have an IP address or be part of an enhanced stack.
Note
For background information on enhanced stacking, refer to “Enhanced Stacking Overview” on page 80.
Starting a Telnet
Management
Session
To start a Telnet management session, specify the IP address of the Master switch of the enhanced stack in the Telnet application protocol and enter a user name and password when prompted.
To configure a switch’s settings, enter “manager” as the user name. The default password for manager access is “friend”. To just view the settings, enter “operator” as the username. The default password for operator access is “operator”. User names and passwords are case-sensitive. For information on the two access levels, refer to “Management Access Levels” on page 35.
The management software displays the command line prompt shown in Figure 2 on page 42. For instructions on how to use the command line interface, refer to the AT-S62 Command Line User’s Guide, available from the Allied Telesyn web site.
To use the menu interface instead, type menu and press Return. The Main Menu of a Telnet management session is the same menu for a local management session, shown in Figure 3 on page 42. You can perform nearly all the same functions from a Telnet management session as you can from a local management session.
The menus also function the same. To make a selection, type its corresponding number of letter. To return to a previous menu, type R or press ESC.
44 Section I: Basic Operations
Page 45
AT-S62 Management Software Menus Interface User’s Guide
Note
You can run only one Telnet management session on a switch at a time. Additionally, you cannot run both a Telnet management session and a local management session on the same switch at the same time.
Quitting a Telnet
Management
Session
To end a Telnet management session, return to the Main Menu and type Q for Quit.
Section I: Basic Operations 45
Page 46
Chapter 2: Starting a Local or Telnet Management Session

Saving Your Parameter Changes

When you make a change to a switch parameter, the change is, in most cases, immediately activated on the switch as soon as you enter it. However, most parameter changes are initially saved only to temporary memory in the switch and will be lost the next time you reset or power cycle the unit. To permanently save your changes, you must select the S ­Save Configuration Changes option from the Main Menu. The switch saves your changes to its active configuration file. You should select that menu option whenever you have made a change to a switch parameter that you want the switch to retain even when it is reset or power cycled. If you do not see the option in the Main Menu, there are no parameter changes to be saved.
46 Section I: Basic Operations
Page 47
AT-S62 Management Software Menus Interface User’s Guide

Ports 49R and 50R on the AT-8550GB and AT-8550SP Switches

This section applies to the 10/100/1000Base-T twisted pair ports 49R and 50R and the SFP and GBIC slots on the AT-8550GB and AT-8550SP switches. Note the following when configuring these ports:
Twisted pair ports 49R and 50R change to the redundant status mode
when an SFP or GBIC module is installed and establishes a link with its end node. An SFP or GBIC port is only active while it has a valid link. At all other times the corresponding twisted pair port 49R or 50R is the active port.
A twisted pair port and its corresponding SFP or GBIC module share
the same configuration settings, including port settings, VLAN assignments, access control lists, and spanning tree. When an SFP or GBIC module becomes active, it operates with the same settings as its corresponding twisted pair port.
An exception is port speed: If you disable Auto-Negotiation on the
twisted pair port and set the speed and duplex mode manually, the speed reverts to Auto-Negotiation when you install an SFP or GBIC module and the module establishes a link with an end node.
Section I: Basic Operations 47
Page 48
Chapter 2: Starting a Local or Telnet Management Session
48 Section I: Basic Operations
Page 49

Chapter 3

Basic Switch Parameters

This chapter contains a variety of information and procedures. There is a discussion on when to assign an IP address to a switch and the different ways to do it. There are also procedures for resetting the switch, activating the switch default settings, and more.
Sections in the chapter include:
“When Does a Switch Need an IP Address?” on page 50
“Configuring an IP Address and Switch Name” on page 52
“Activating the BOOTP or DHCP Client Software” on page 55
“Rebooting a Switch” on page 57
“Configuring the Manager and Operator Passwords” on page 58
“Setting the System Time” on page 61
“Configuring the Console Startup Mode” on page 65
“Configuring the Console Timer” on page 66
“Enabling or Disabling the Telnet Server” on page 67
“Setting the Baud Rate of the RS-232 Terminal Port” on page 68
“Setting Fan Control” on page 69
“Pinging a Remote System” on page 72
“Returning the AT-S62 Software to the Factory Default Values” on
page 73
“Viewing System Hardware and Software Information” on page 76
Section I: Basic Operations 49
Page 50
Chapter 3: Basic Switch Parameters

When Does a Switch Need an IP Address?

One of the tasks to building or expanding a network is deciding which managed switches need to be assigned a unique IP address. The rule used to be that a managed switch needed an IP address if you wanted to manage it remotely, such as with the Telnet application protocol. However, if a network contained a lot of managed switches, having to assign each one an IP address was often cumbersome and time consuming. It was also often difficult keeping track of all the IP addresses.
The enhanced stacking feature of the AT-8000 Series, AT-8400 Series, and AT-9400 Series switches simplifies all this. With enhanced stacking, you only need to assign an IP address to one switch in each subnet in your network. The switch with the IP address is referred to as the Master switch of the enhanced stack. All switches in the same subnet share the IP address.
Starting a local or remote management session on the Master switch automatically gives you complete management access to all the other enhanced stacking switches in the same enhanced stack.
This feature has two primary benefits. First, it helps reduce the number of IP addresses you have to assign to your network devices. Second, it allows you to configure multiple switches through the same local or remote management session.
If your network consists of multiple subnets, you must assign a unique IP address to at least one switch in each subnet. The switch with the IP address will be the Master switch of that subnet.
When you assign a switch an IP address, you must also assign it a subnet mask. The switch uses the subnet mask to determine which portion of an IP address represents the network address and which the node address.
You must also assign the switch a gateway address if there is a router between the switch and the remote management workstation. This gateway address is the IP address of the router through which the switch and management station will communicate.
Note
For further information on enhanced stacking, refer to “Enhanced Stacking Overview” on page 80.
50 Section I: Basic Operations
Page 51
AT-S62 Management Software Menus Interface User’s Guide
How Do You
Assign an IP
Address?
After you have decided which, if any, switches on your network need an IP address, you must access the AT-S62 software on the switches and assign the addresses. There are two ways in which a switch can obtain an IP address.
The first method is for you to assign the IP configuration information manually. The procedure for this is explained in “Configuring an IP Address and Switch Name” on page 52. Initially assigning an IP address to a switch can only be done through a local management session.
The second method is for you to activate the BOOTP or DHCP client software on the switch and have the switch automatically download its IP configuration information from a BOOTP or DHCP server on your network. This procedure is explained in “Activating the BOOTP or DHCP Client Software” on page 55.
Section I: Basic Operations 51
Page 52
Chapter 3: Basic Switch Parameters

Configuring an IP Address and Switch Name

The procedure in this section explains how to manually assign an IP address, subnet mask, and gateway address to the switch from a local or Telnet management session. (If you want the switch to obtain its IP configuration from a DHCP or BOOTP server on your network, go to the procedure “Activating the BOOTP or DHCP Client Software” on page 55.)
This procedure also explains how to assign a name to the switch, along with the name of the administrator responsible for maintaining the unit and the location of the switch.
To manually set a switch’s IP address, perform the following procedure:
1. From the Main Menu, type 5 to select System Administration.
The System Administration menu is shown in Figure 4.
Allied Telesyn Ethernet Switch AT-8524M - AT-S62
Production Switch
User: Manager 11:20:02 02-Jan-2006
System Administration
1 - System Information 2 - System Configuration 3 - Console (Serial/Telnet) Configuration 4 - Web Server Configuration 5 - SNMP Configuration 6 - Authentication Configuration 7 - Management ACL 8 - Event Log 9 - System Utilities
R - Return to Previous Menu
Enter your selection?
Figure 4. System Administration Menu
2. From the System Administration menu, type 2 to select System Configuration.
52 Section I: Basic Operations
Page 53
AT-S62 Management Software Menus Interface User’s Guide
The System Configuration menu is shown in Figure 5.
Allied Telesyn Ethernet Switch AT-8524M - AT-S62
Production Switch
User: Manager 11:20:02 02-Jan-2006
System Configuration
1 - BOOTP/DHCP .............. DISABLE
2 - IP Address .............. 0.0.0.0
3 - Subnet Mask ............. 0.0.0.0
4 - Default Gateway ......... 0.0.0.0
5 - System Name ............. Production Switch
6 - Location ................ Bldg. 12 Rm. 201
7 - Administrator ........... Jane Smith
8 - Configure System Time 9 - Fan Control Configuration
A - ARP Cache Timeout ....... 400 seconds
R - Return to Previous Menu
Enter your selection?
Figure 5. System Configuration Menu
3. Adjust the parameters as desired.
Note
A change to any parameter in this menu, including the IP address, subnet mask, or gateway address, is activated immediately on the switch.
The parameters in the System Configuration menu are described below:
1 - BOOTP/DHCP
This selection activates and deactivates the BOOTP and DHCP client software on the switch. For information on this selection, refer to “Activating the BOOTP or DHCP Client Software” on page 55.
2 - IP Address
This parameter specifies the IP address of the switch. You must specify an IP address if you want the switch to function as the Master switch of an enhanced stack or if the switch is not part of an enhanced stack and you want to remotely manage it using a web browser, a Telnet utility, SSH, or an SNMP management program. The IP address must be entered in the format: xxx.xxx.xxx.xxx. The default value is
0.0.0.0. Alternatively, you can activate the BOOTP or DHCP client software and have the switch obtain its IP configuration from a BOOTP or DHCP server on your network. For instructions, refer to “Activating the BOOTP or DHCP Client Software” on page 55.
Section I: Basic Operations 53
Page 54
Chapter 3: Basic Switch Parameters
3 - Subnet Mask
This parameter specifies the subnet mask for the switch. You must specify a subnet mask if you assigned an IP address to the switch. The subnet mask must be entered in the format: xxx.xxx.xxx.xxx. The default value is 255.255.0.0.
4 - Default Gateway
This parameter specifies the default router’s IP address. This address is required if you intend to remotely manage the switch from a management station that is separated from the switch by a router. The address must be entered in the format: xxx.xxx.xxx.xxx. The default value is 0.0.0.0.
5 - System Name
This parameter specifies a name for the switch (for example, Sales Ethernet switch). The name is displayed at the top of the AT-S62 management menus and pages. The name can be from 1 to 39 characters. The name can include spaces and special characters, such as exclamation points and asterisks. The default is no name. This parameter is optional.
Note
Allied Telesyn recommends that you assign each switch a name. Names can help you identify the various switches in your network and help you avoid performing a configuration procedure on the wrong switch.
6 - Location
This parameter specifies the location of the switch, (for example, 4th Floor - rm 402B). The location can be from 1 to 39 characters. The location can include spaces and special characters, such as dashes and asterisks. The default is no location. This parameter is optional.
7 - Administrator
This parameter specifies the name of the network administrator responsible for managing the switch. The name can be from 1 to 39 characters. It can include spaces and special characters, such as dashes and asterisks. The default is no name. This parameter is optional.
Note
Option “8 - Configure System Time” is described in “Setting the System Time” on page 61. Option “9 - Fan Control Configuration” is described in “Setting Fan Control” on page 69.
4. After making changes, type R until you return to the Main Menu. Then type S to select Save Configuration Changes.
54 Section I: Basic Operations
Page 55
AT-S62 Management Software Menus Interface User’s Guide

Activating the BOOTP or DHCP Client Software

The BOOTP and DHCP application protocols can simplify network management by automatically assigning IP configuration information, such as IP addresses and subnet masks, to your network devices.
An AT-8500 Series switch contains the client software for these protocols and can obtain its IP configuration information from a BOOTP or DHCP server on your network. If you activate this feature, the switch seeks its IP address and other IP configuration information from a BOOTP or DHCP server on your network whenever you reset or power ON the device.
Review the following prior to activating the BOOTP or DHCP client:
The switch can be running either BOOTP or DHCP, but not both
simultaneously.
There must be a BOOTP or DHCP server residing on your network.
The BOOTP or DHCP server must be a member of the switch’s
management VLAN. The BOOTP or DHCP server must be communicating with the switch through a tagged or untagged port of the switch’s management VLAN. For further information, refer to “Specifying a Management VLAN” on page 579.
Any static IP address, subnet mask, or gateway address manually
assigned to the switch is deleted from the System Configuration menu and replaced with the value the switch receives from the BOOTP or DHCP server. If you later disable BOOTP or DHCP, these values are returned to their default settings.
BOOTP and DHCP services allow you to specify how the IP address is to be assigned to the switch. The choices are static and dynamic. If you choose static, the server always assigns the same IP address to the switch when the switch is reset or powered ON. This is the preferred configuration. Since the switch is always assign the same IP address, you will always know which IP address to use when you need to remotely manage the device.
If you choose dynamic, the server assigns any unused IP address that it has not already assigned to another device. This means that a switch might have a different IP address each time you reset or power cycle the device, making it difficult for you to remotely manage the unit.
Note
The BOOTP and DHCP client software is disabled by default on the switch.
Section I: Basic Operations 55
Page 56
Chapter 3: Basic Switch Parameters
To activate or deactivate the BOOTP or DHCP client software, perform the following procedure:
1. From the Main Menu, type 5 to select System Administration.
The System Administration menu is shown in Figure 4 on page 52.
2. From the System Administration menu, type 2 to select System Configuration.
The System Configuration menu is shown in Figure 5 on page 53.
3. From the System Configuration menu, type 1 to select BOOTP/DHCP.
The following prompt is displayed:
DHCP/BOOTP/DISABLE (1-DHCP, 2-BOOTP, 3-DISABLE) :
4. Type 1 to activate DHCP, 2 to activate BOOTP, or 3 to disable both application protocols. The default is disabled.
Note
If you activate the BOOTP or DHCP client software, the switch immediately begins to query the network for the corresponding server. The switch continues to query the network for its IP configuration until it receives a response.
5. After making changes, type R until you return to the Main Menu. Then type S to select Save Configuration Changes.
56 Section I: Basic Operations
Page 57

Rebooting a Switch

AT-S62 Management Software Menus Interface User’s Guide
This procedure reboots the switch.
Note
Any configuration changes not save will be lost once the switch reboots. To save your configuration changes, return to the Main Menu and type S to select Save Configuration Changes.
To reboot the switch, perform the following procedure:
1. From the Main Menu, type 5 to select System Administration. The System Administration menu is shown in Figure 4 on page 52.
2. From the System Administration menu, type 9 to select System Utilities. The System Utilities menu is shown in Figure 6.
Allied Telesyn Ethernet Switch AT-8524M - AT-S62
Production Switch
User: Manager 11:20:02 02-Jan-2006
System Utilities
1 - File Operations 2 - Downloads and Uploads 3 - Ping a remote system 4 - Reset to Factory Defaults 5 - Reboot the switch 6 - Networking Stack
R - Return to Previous Menu
Enter your selection?
Figure 6. System Utilities Menu
3. From the System Utilities menu, type 5 to select Reboot the switch. The following prompt is displayed:
The switch is about to reboot. Do you want to proceed? [Yes/No] ->
4. Type Y to reboot the switch or N to cancel the procedure.
Caution
The switch does not forward traffic while it initializes its management software and reloads the active boot configuration file. This process can take several minutes to complete. Some packet traffic may be lost. When the switch is finished rebooting, you can reestablish your management session if you want to continue managing the unit.
Section I: Basic Operations 57
Page 58
Chapter 3: Basic Switch Parameters

Configuring the Manager and Operator Passwords

There are two levels of management access on an AT-8500 Series switch: manager and operator. When you log in as manager, you can view and configure all of a switch’s operating parameters. When you log in as an operator, you can only view the operating parameters; you cannot change any values.
You log in as a manager or an operator by entering the appropriate username and password when you start an AT-S62 management session. The default password for manager access is “friend”. The default password for operator access is “operator”. Passwords are case-sensitive.
This section contains these two procedures:
“Changing the Manager or Operator Password” on page 58
“Resetting the Manager Password” on page 59
The first procedure allows you to change a manager or operator password. The second allows you to bypass the manager password in the event you lose or forget it.
Changing the
Manager or
Operator
Password
To change the manager or operator password, perform the following procedure:
1. From the Main Menu, type 5 to select System Administration.
The System Administration menu is shown in Figure 4 on page 52.
2. From the System Administration menu, type 6 to select Authentication Configuration.
3. From the Authentication Configuration menu, type 5 to select Passwords Configuration.
The Passwords Configuration menu is shown in Figure 7.
Allied Telesyn Ethernet Switch AT-8524M - AT-S62
Production Switch
User: Manager 11:20:02 02-Jan-2006
Passwords Configuration
1 - Set Manager Password 2 - Set Operator Password
R - Return to Previous Menu
Enter your selection?
Figure 7. Passwords Configuration Menu
58 Section I: Basic Operations
Page 59
AT-S62 Management Software Menus Interface User’s Guide
4. Type 1 to change the Manager password or type 2 to change the Operator password.
5. When prompted, enter the current manager password. (This step does not apply for the operator password.)
6. When prompted, enter the new manager or operator password. The new password will be case-sensitive.
7. When prompted, re-enter the new password.
Note
A password can be from 0 to 16 alphanumeric characters. Passwords are case-sensitive. You should not use spaces or special characters, such as asterisks (*) or exclamation points (!), in a password if you will be managing the switch from a web browser. Many web browsers cannot handle special characters in passwords.
Resetting the
Manager
Password
This procedure explains how to reset the manager password if you lost or forgot it. Note the following about this feature:
You must perform this procedure from a local management session.
You cannot perform it through enhanced stacking or from a Telnet or web browser management session.
If the AT-S62 management software detects another active
management session when you perform this procedure, a message is displayed for the other user stating that the user will be logged off. Thus, this type of session takes precedence over any other user’s management session.
Caution
This procedure gives any person with physical access to the switch the ability to access its management software without having to provide a username and password. For this reason, all AT-8500 Series switches should be maintained in a locked wiring closet or other secure location to prevent unauthorized management access.
Note
This procedure requires resetting the switch. Some network traffic may be lost.
To reset the manager password on a switch, perform the following procedure:
1. Establish a local management session with the switch.
Section I: Basic Operations 59
Page 60
Chapter 3: Basic Switch Parameters
2. Reboot the switch. For instructions, refer to “Rebooting a Switch” on page 57.
3. When the switch displays “Press <Ctrl> B to go to Boot prompt,” type S or s.
The switch continues its normal boot up and initialization process. Once complete, the management software automatically logs you in with manager access and displays the command line prompt. You are not prompted for a login username or password.
4. Type menu to display the Main Menu.
5. Follow the procedure in “Changing the Manager or Operator Password” on page 58 to reset the manager password.
This completes the procedure for resetting the manager password. You can continue to manage the switch or you can quit from the management session. You must use the new password the next time you log on to the switch to start another management session.
60 Section I: Basic Operations
Page 61

Setting the System Time

This procedure explains how to set the switch’s date and time. Setting the date and time is a good idea if you plan to monitor the switch by viewing the events in the event log or if the events are going to be sent to a syslog server. The correct date and time is also important if the management software will be sending traps to your management workstation. Events and traps contain the date and time of when they occurred so that you know when they transpired. The current date and time is also important if you intend to use the Secure Sockets Layer (SSL) certificate feature described in Chapter 32, “PKI Certificates and SSL” on page 705, because certificates must contain the date and time of when they were created.
There are two ways to set the switch’s date and time. One method is to set it manually. The drawback to this approach is that the switch loses the information whenever it is reset or power cycled. This means that you must reset the values whenever you reset the device.
The second method uses the Simple Network Time Protocol (SNTP). The AT-S62 management software comes with the client version of this protocol. You can configure the AT-S62 software to obtain the current date and time from an SNTP or Network Time Protocol (NTP) server located on your network or the Internet.
AT-S62 Management Software Menus Interface User’s Guide
SNTP is a reduced version of the NTP. However, the SNTP client software in the AT-S62 management software is interoperable with NTP servers.
Note
The SNTP or NTP server must be a member of the management VLAN. The server must be communicating with the switch through an untagged or tagged port of the management VLAN.
To set the system time manually or to configure SNTP, do the following:
1. From the Main Menu, type 5 to select System Administration.
The System Administration menu is shown in Figure 4 on page 52.
2. From the System Administration menu, type 2 to select System Configuration.
The System Configuration menu is shown in Figure 5 on page 53.
3. From the System Configuration menu, type 8 to select Configure System Time.
Section I: Basic Operations 61
Page 62
Chapter 3: Basic Switch Parameters
User: Manager 11:20:02 02-Jan-2006
1 - System Time ................... 00:04:22 on 01-Jan-1980
2 - SNTP Status ................... Disabled
3 - SNTP Server ................... 0.0.0.0
4 - UTC Offset .................... +0
5 - Daylight Savings Time (DST) ... Enabled
6 - Poll Interval ................. 600 seconds
7 - Last Delta .................... +0 seconds
U - Update System Time R - Return to Previous Menu
Enter your selection?
The Configure System Time menu is shown in Figure 8.
Allied Telesyn Ethernet Switch AT-8524M - AT-S62
Production Switch
Configure System Time
Figure 8. Configure System Time Menu
4. To set the system time manually, do the following:
a. Type 1 to select System Time
The following prompt appears:
Enter new system time [hh:mm:ss] ->
b. Enter a new time for the system in the following format: hours,
minutes, and seconds all separated by colons.
The following prompt appears:
Enter new system date [dd-mm-yyyy] ->
c. Enter a new date for the system. Use two numbers to specify the
day and month. Use four numbers to specify the year. Separate the values with hyphens. For example, December 5, 2003 is specified 05-12-2003.
The new time and date are immediately activated on the switch.
5. To configure the switch to obtain its date and time from an SNTP or NTP server on your network or the Internet, do the following:
a. Type 3 to select SNTP Server to enter the IP address of an SNTP
server.
62 Section I: Basic Operations
Page 63
AT-S62 Management Software Menus Interface User’s Guide
Note
If the switch is obtaining its IP address and subnet mask from a DHCP sever, you can configure the DHCP server to provide the switch with an IP address of an NTP or SNTP server. If you configured the DHCP server to provide this address, then you do not need to enter it here, and you can skip ahead to Step C.
The following prompt is displayed:
Enter SNTP server IP address ->
b. Enter an IP address of an SNTP or NTP server.
c. Type 4 to select UTC Offset to specify the difference between the
UTC and local time.
Note
If the switch is using DHCP, it automatically attempts to determine this value. In this case, you do not need to configure a value for the UTC Offset parameter.
The following prompt is displayed:
Enter UTC Offset [-12 to 12] -> 0
d. Enter a UTC Offset time.
The default is 0 hours. The range is -12 to +12 hours.
e. Type 5 to select Daylight Savings Time (DST) to enable or disable
the switch’s ability to adjust its system time to daylight savings time. The following prompt is displayed:
Adjust for Daylight Savings Time (E - Enabled,
D - Disabled) ->
f. Select one of the following:
E - Enabled to allow the switch to adjust system time to daylight savings time. This is the default value.
D - Disabled to not allow the switch to adjust system time to daylight savings time.
Note
The switch does not set DST automatically. If the switch is in a locale that uses DST, you must remember to enable this in April when DST begins and disable it in October when DST ends. If the switch is in a locale that does not use DST, this option should be set to disabled all the time.
Section I: Basic Operations 63
Page 64
Chapter 3: Basic Switch Parameters
g. Type 6 - Poll Interval to specify the time interval between queries to
the SNTP server.
The following prompt is displayed:
Enter interval to poll SNTP server [60 to 1200]
-> 600
h. Enter the number of seconds the switch waits between polling the
SNTP or NTP server. The default is 600 seconds. The range is from 60 to 1200 seconds.
i. Type 2 to select SNTP Status to enable or disable the SNTP client.
The following prompt appears:
SNTP Status (E-Enabled, D-Disabled) ->
j. Select one of the following:
E - Enables the SNTP client software on the switch.
D - Disables the SNTP client software
Once enabled, the switch immediately polls the SNTP or NTP server for the current date and time. (The switch will also automatically poll the server whenever a change is made to any of the parameters in this menu, so long as SNTP is enabled.)
The Last Delta option in the menu displays the last adjustment that was applied to system time due to a drift in the system clock between two successive queries to the SNTP server. This is a read only field.
The U - Update System Time selection in the menu allows you to prompt the switch to poll the SNTP or NTP server for the current time and date. You can use this selection to update the time and date immediately rather than wait for the switch’s next polling period. This selection has no effect if you set the date and time manually.
6. After making changes, type R until you return to the Main Menu. Then type S to select Save Configuration Changes.
64 Section I: Basic Operations
Page 65

Configuring the Console Startup Mode

You can configure the AT-S62 software to initially display either the Main Menu or the command line interface prompt when you start a local, Telnet, or SSH management session. The default is the command line interface.
To change the console startup mode, perform the following procedure:
1. From the Main Menu, type 5 to select System Administration.
The System Administration menu is shown in Figure 4 on page 52.
2. From the System Administration menu, type 3 to select Console (Serial/Telnet) Configuration.
The Console (Serial/Telnet) Configuration menu is shown in Figure 9.
Allied Telesyn Ethernet Switch AT-8524M - AT-S62
Production Switch
AT-S62 Management Software Menus Interface User’s Guide
User: Manager 11:20:02 02-Jan-2006
Console (Serial/Telnet) Configuration
1 - Console Startup Mode ............ CLI
2 - Console Disconnect Interval ..... 10 minute(s)
3 - Console Baud Rate ............... 9600
4 - Telnet Server ................... Enabled
R - Return to Previous Menu
Enter your selection?
Figure 9. Console (Serial/Telnet) Configuration Menu
3. Type 1 to toggle Console Startup Mode between Menu and CLI. When set to Menu, a management session starts by displaying the Main Menu. When set to CLI, a management session starts with the command line interface prompt. The default is CLI.
4. After making changes, type R until you return to the Main Menu. Then type S to select Save Configuration Changes.
A change to the console startup mode takes effect the next time you start a management session.
Section I: Basic Operations 65
Page 66
Chapter 3: Basic Switch Parameters

Configuring the Console Timer

The AT-S62 management software uses the console timer, also referred to as the console disconnect interval, to automatically end inactive local and remote management sessions. The management software automatically ends a local or remote management session if a management session is inactive for the length of time specified by the console timer. For example, specifying two minutes for the console timer causes the AT-S62 management software to automatically end a management session if it does not detect any activity from the local or remote management station after two minutes.
This security feature prevents unauthorized individuals from using your management station should you step away from your system while configuring a switch. The default for the console timeout value is 10 minutes.
To adjust the console timer, do the following:
1. From the Main Menu, type 5 to select System Administration.
The System Administration menu is shown in Figure 4 on page 52.
2. From the System Administration menu, type 3 to select Console (Serial/Telnet) Configuration.
The Console (Serial/Telnet) Configuration menu is shown in Figure 9 on page 65.
3. From the Console (Serial/Telnet) Configuration menu, type 2 to select Console Disconnect Interval and, when prompted, enter a new console timer value. The range is 1 to 60 minutes. The default is 10 minutes.
A change to the console timer is immediately activated on the switch.
4. After making changes, type R until you return to the Main Menu. Then type S to select Save Configuration Changes.
66 Section I: Basic Operations
Page 67

Enabling or Disabling the Telnet Server

This procedure explains how to enable or disable the Telnet server on the switch. You might disable the server to prevent individuals from managing the switch with the Telnet application protocol or if you intend to use the Secure Shell (SSH) protocol.
Note
You cannot disable the Telnet server if there is an active Telnet management session on the switch.
To enable or disable the Telnet server, do the following procedure:
1. From the Main Menu, type 5 to select System Administration.
The System Administration menu is shown in Figure 4 on page 52.
2. From the System Administration menu, type 3 to select Console (Serial/Telnet) Configuration.
AT-S62 Management Software Menus Interface User’s Guide
The Console (Serial/Telnet) Configuration menu is shown in Figure 9 on page 65.
3. Type 4 to toggle Telnet Server between Enabled and Disabled. The default is enabled.
A change to the Telnet server is immediately activated on the switch.
4. After making the change, type R until you return to the Main Menu. Then type S to select Save Configuration Changes.
Section I: Basic Operations 67
Page 68
Chapter 3: Basic Switch Parameters

Setting the Baud Rate of the RS-232 Terminal Port

The default baud rate of the RS-232 Terminal Port on the switch is 9600 bps. To change the baud rate, do the following:
1. From the Main Menu, type 5 to select System Administration.
The System Administration menu is shown in Figure 4 on page 52.
2. From the System Administration menu, type 3 to select Console (Serial/Telnet) Configuration.
The Console (Serial/Telnet) Configuration menu is shown in Figure 9 on page 65.
3. From the Console (Serial/Telnet) Configuration menu, type 3 to select Console Baud Rate.
The following message is displayed:
Supported baud rates are: 1200, 2400, 4800, 9600, 19200, 38400, 57600, or 115200 Enter new baud rate value --> [1200 to 115200]
4. Type the desired baud rate value and press Return.
The following message is displayed:
Baud rate changed to [baud rate you typed] bps. Please change your terminal baud rate correspondingly. Press <Enter> to continue.
Note
If you are running a local management session, be sure to change your terminal’s baud rate.
A change to the baud rate is automatically saved to permanent memory in the switch. You do not need to use the Save Configuration Changes option in the Main Menu to permanently save this change.
68 Section I: Basic Operations
Page 69

Setting Fan Control

The AT-8524POE switch has a fan control feature that automatically adjusts the speed of four of its five cooling fans based on the ambient temperature of the room or wiring closet where the unit is installed and the load requirements of the PoE devices connected to the ports on the device. The lower the ambient temperature and load requirements of the powered devices, the lower the fan speed required by the system to maintain proper cooling.
The purpose of this feature is to decrease fan noise from the unit by taking advantage of building and networking environments where a reduction in fan speed will not compromise system cooling. A decrease in fan noise can lessen the chance of the switch being an annoyance to individuals when the device is installed in a public or work area.
When the fan control feature is deactivated, the default setting, the cooling fans operate at maximum speed at all times. When activated, fan speeds are continuously adjusted according to the ambient temperature as measured at the point where the air enters the cooling vents on the side of the switch, and the current load requirement of the PoE devices.
AT-S62 Management Software Menus Interface User’s Guide
Enabling and
Disabling Fan
Control
The four cooling fans controlled by this feature operate as a unit and have an operating range of approximately 5,000 to 11,000 RPM. The fans are operated at full speed when the ambient temperature reaches
40° C (104°
F) or the PoE load exceeds 8.5 amps.
If a fan in a switch fails when the fan control feature is activated, the switch proportionally increases the speed of the remaining operational fans to compensate for the failed fan.
The fifth cooling fan is not controlled by this feature and operates are full speed at all times.
To enable or disable fan control, perform the following procedure:
1. From the Main Menu, type 5 to select System Administration.
2. From the System Administration menu, type 2 to select System Configuration.
3. From the System Configuration menu, type 9 to select Fan Control Configuration.
Section I: Basic Operations 69
Page 70
Chapter 3: Basic Switch Parameters
The Fan Control Configuration menu is shown in Figure 10.
Allied Telesyn Ethernet Switch AT-8524POE - AT-S62
Production Switch
User: Manager 11:20:02 02-Jan-2006
Fan Control Configuration
1 - Fan Control ...................... Off
2 - Show Fan Control Status
R - Return to Previous Menu
Enter your selection?
Figure 10. Fan Control Configuration Menu
4. Type 1 to toggle the fan control feature On or Off. The default setting is
.
Off
A change to the status of the fan control feature is immediately implemented on the switch.
Displaying Fan
Control Status
5. After making the change, type R until you return to the Main Menu. Then type S to select Save Configuration Changes.
To view the status of the fan control feature and the cooling fans in the AT-8524POE switch, perform the following procedure:
1. From the Main Menu, type 5 to select System Administration.
2. From the System Administration menu, type 2 to select System Configuration.
3. From the System Configuration menu, type 9 to select Fan Control Configuration.
The Fan Control Configuration menu is shown in Figure 10.
4. Type 2 to select Show Fan Control Status.
70 Section I: Basic Operations
Page 71
AT-S62 Management Software Menus Interface User’s Guide
Figure 11 illustrates the fan control information.
Allied Telesyn Ethernet Switch AT-8524POE - AT-S62
Production Switch
User: Manager 11:20:02 02-Jan-2006
Show Fan Control Status
Fan Control Mode: Off
Speed
Fan# RPM % Status
------------------------------------------­1 10700 100 Ok 2 10750 100 Ok 3 10700 100 Ok 4 10700 100 Ok 5 6200 100 Ok
Temperature = 24 C, PoE Current Load = 2.2 Amps (Max. 8.5)
U - Update System Time R - Return to Previous Menu
Enter your selection?
Figure 11. Show Fan Control Status
The information is defined here:
Fan Control Mode - The status of the fan control feature. If Off, the
feature is disabled and all fans are operating at their maximum possible speed. If On, the feature is activated and the switch is adjusting the speed of the fans, as dictated by the ambient temperature and PoE load requirements.
Fan# - The fan number. The system has five cooling fans. Fans 1 to 4
can be managed by the fan control feature. Fan 5 operates at its highest possible speed at all times.
RPM - The current speed of the fan in revolutions per minute (RPM).
The highest speed is approximately 11,000 RPM for fans 1 to 4 and 6,500 RPM for fan 5. RPM is displayed in increments of 100. The minimum operating speed for a fan is 4,000 RPM. A fan falling below or unable to attain that speed is considered as failed.
% - The speed of the fan as a percentage of its highest possible
operating speed.
Status - A status message.
Temperature - The ambient air temperature measured where the air
enters the cooling vents of the switch.
PoE Current Load - The total current load of the PoE devices.
Section I: Basic Operations 71
Page 72
Chapter 3: Basic Switch Parameters

Pinging a Remote System

You can instruct the switch to ping a remote device on your network. This procedure is useful in determining whether a valid link exists between the switch and another device. Note the following before performing the procedure:
The switch must have an IP address.
The device being pinged must be a member of the management
VLAN. This means the device must be communicating with the switch through an untagged or tagged port of the management VLAN.
To instruct the switch to ping a network device, perform the following procedure:
1. From the Main Menu, type 5 to select System Administration.
The System Administration menu is shown in Figure 4 on page 52.
2. From the System Administration menu, type 9 to select System Utilities.
The System Utilities menu is shown in Figure 6 on page 57.
3. For the System Utilities menu, type 3 to select Ping a Remote System.
The following prompt is displayed:
Please enter an IP address ->
4. Enter the IP address of the end node you want the switch to ping.
The results of the ping command are displayed on the screen.
5. To stop the ping, press any key.
72 Section I: Basic Operations
Page 73
AT-S62 Management Software Menus Interface User’s Guide

Returning the AT-S62 Software to the Factory Default Values

There are two procedures for returning the settings on a switch to the factory default values. The first returns the switch’s settings to the default values, but retains all files in the switch’s file system (i.e., configuration files, SSL certificates, event logs, etc). The second method deletes all the files in the file system, including all configuration files. The AT-S62 software default values can be found in Appendix A, “AT-S62 Default Settings” on page 773.
Retaining the
System Files
This procedure returns all operating parameters on the switch back to their default values, but retains the files in the file system. Review the following before performing this procedure:
A switch’s IP address and subnet mask, if assigned, are deleted.
All port-based and tagged VLANs are deleted.
All files in the AT-S62 file system are retained.
All encryption keys stored in the key database are retained.
The contents of the active boot configuration file is retained. To reset
the file back to the default settings, you need to reestablish your management session after the switch reboots at the completion of this procedure and select Save Configuration Changes. Otherwise, the switch will revert back to the previous configuration the next time you reset the unit.
Caution
This procedure results in a switch reset. The switch will not forward traffic while it initializes its operating software, a process that can take approximately 20 seconds to complete. Some network traffic may be lost.
To return the AT-S62 software to the default settings while retaining the files in the file system, perform the following procedure:
1. From the Main Menu, type 5 to select System Administration.
The System Administration menu is shown in Figure 4 on page 52.
2. From the System Administration menu, type 9 to select System Utilities.
The System Utilities menu is shown in Figure 6 on page 57.
3. For the System Utilities menu, type 4 to select Reset to Factory Defaults.
Section I: Basic Operations 73
Page 74
Chapter 3: Basic Switch Parameters
The following prompt is displayed:
This operation requires a switch reboot. Continue?
[Yes/No] ->
4. Type Y for yes or N to cancel the procedure.
If you respond with yes, the following prompt is displayed:
Do you want to reset serial baud rate to 9600 bps?
[Yes/No] ->
5. Typing Y for yes will change the baud rate of the RS232 Terminal Port to its default value of 9600 bps. Typing N leaves the baud rate at its current setting.
The following prompt is displayed:
NOTE: Please save configuration after reboot in
order to make the configuration changes permanent!!!
Waiting for background file operations to complete
.....
Deleting the
System Files
Rebooting the Switch .....
Once the reset process is complete, the unit is again operating with its default settings.
6. Reestablish your management session.
7. From the Main Menu, type S to select Save Configuration Changes. This step returns the active boot configuration file back to the default settings. If you omit this step, the switch will revert back to the prior configuration the next time you reset or power cycle the unit.
This procedure deletes all of the files in the switch’s file system and resets the switch. This process returns the switch’s operating parameters to their default settings.
Note
To return the switch to its default setting without deleting the files in the file system, perform the procedure “Retaining the System Files” on page 73.
Please note the following before performing this procedure:
A switch’s IP address and subnet mask, if assigned, are deleted.
All port-based and tagged VLANs are deleted.
All files in the AT-S62 file system are deleted.
All encryption keys stored in the key database are deleted.
74 Section I: Basic Operations
Page 75
AT-S62 Management Software Menus Interface User’s Guide
The current speed setting of the RS232 console port on the switch is
retained.
Caution
This procedure results in a switch reset. The switch will not forward traffic while it initializes its operating software, a process that takes approximately 20 seconds to complete. Some network traffic may be lost.
To delete all files from the file system and return the switch’s operating parameters to the default settings, perform the following procedure:
1. From the Main Menu, type 5 to select System Administration.
2. Form the System Administration menu, type 9 to select System Utilities.
3. For the System Utilities menu, type 1 to select File Operations.
4. From the File Operations menu, type 9 to select Format Flash Drive.
The following prompt is displayed:
This command will format the flash drive and requires a switch reboot.
Do you want to continue ? [Yes/No] ->
5. Type Y to proceed or N to cancel the procedure.
If you type Y for yes, the switch deletes all of the files in the file system and then resets. After the system has reinitialized, all switch settings are returned to their default settings.
Section I: Basic Operations 75
Page 76
Chapter 3: Basic Switch Parameters

Viewing System Hardware and Software Information

The procedure in this section displays hardware and software information about the switch. The information includes the switch’s serial number and MAC address, as well as the status of the power supply and fan.
To display this information, perform the following procedure:
1. From the Main Menu, type 5 to select System Administration.
The System Administration menu is shown in Figure 4 on page 52.
2. From the System Administration menu, type 1 to select System Information.
The System Information menu is shown in Figure 12.
Allied Telesyn Ethernet Switch AT-8524M - AT-S62
Production Switch
User: Manager 11:20:02 02-Jan-2006
System Information
MAC Address ..... 00:30:84:01:00:00 IP Address ....... 167.11.11.11
Model Name ...... AT-8524M Subnet Mask ...... 255.255.255.0
Serial Number ... S05525A023600000 Gateway .......... 0.0.0.0
System Up Time ... 6D:11H:47M:34S
Bootloader ...... ATS62_LOADER v1.2.0 Build Date ....... Nov 14 2005 15:56:24
Application ..... ATS62 v1.4.0 Build Date ....... Jan 13 2006 17:57:17
System Name ..... Production Switch
Administrator ... John Doe
Location ........ Bldg. 5, Floor 4
H - System Hardware Status U - Uplink Information
R - Return to Previous Menu
Enter your selection?
Figure 12. System Information Menu
You cannot change the information in this menu.
3. To display system hardware information, type H to select System Hardware Status.
76 Section I: Basic Operations
Page 77
AT-S62 Management Software Menus Interface User’s Guide
The System Hardware Information menu is shown in Figure 13.
Allied Telesyn Ethernet Switch AT-8524M - AT-S62
Production Switch
User: Manager 11:20:02 02-Jan-2006
System Hardware Status
System 1.8V Power ............... 1.79V
System 2.5V Power ............... 2.53V
System 3.3V Power ............... 3.30V
System 5V Power ................. 5.07V
System Temperature (Celsius) .... 30C
System Fan 1 Speed .............. 4720 RPM
System Fan 2 Speed .............. Off
Main Power Supply ............... AC - On
Redundant Power Supply .......... Not Present
U - Update Display R - Return to Previous Menu
Enter your selection?
Figure 13. System Hardware Information Menu
You cannot change the information in this menu. Note the following:
The number of fans vary by model. The AT-8516F/MT, AT-8516F/
SC, and AT-8524M switches have one fan, the AT-8524POE switch has five fans, and the AT-8550GB and AT-8550SP switches have two fans.
The Redundant Power Supply status will be “Not Present” if the
switch is not connected to an RPS unit. if the switch is connected to an RPS unit, the status will be “On,” even when the RPS module itself is powered off.
Section I: Basic Operations 77
Page 78
Chapter 3: Basic Switch Parameters
78 Section I: Basic Operations
Page 79

Chapter 4

Enhanced Stacking

This chapter explains the enhanced stacking feature. The sections in this chapter include:
“Enhanced Stacking Overview” on page 80
“Setting a Switch’s Enhanced Stacking Status” on page 83
“Selecting a Switch in an Enhanced Stack” on page 85
“Returning to the Master Switch” on page 87
Section I: Basic Operations 79
Page 80
Chapter 4: Enhanced Stacking

Enhanced Stacking Overview

The enhanced stacking feature can make it easier for you to manage the AT-8500 Series switches in your network. It offers the following benefits:
You can manage up to 24 switches from one local or remote
management session. This eliminates the need of having to initiate a separate management session with each switch in your network.
The switches can share the same IP address. This reduces the
number of IP addresses you have to assign to your network devices for remote management.
Remotely managing a new switch in your network is simplified. You
simply connect it to your network. Once connected to the network, you can begin to manage it immediately from any workstation in your network.

Guidelines There are a few guidelines to keep in mind when implementing enhanced

stacking for your network:
An enhanced stack cannot span subnets.
All of the switches in an enhanced stack must use the same
Management VLAN. For information about Management VLANs, refer to “Specifying a Management VLAN” on page 579.
You can create multiple enhanced stacks within a subnet by assigning
the switches to different Management VLANs.
An enhanced stack must have at least one master switch.
The master switch can be any switch that supports enhanced stacking,
such as an AT-8000 Series, AT-8400 Series, AT-8500 Series, or AT-9400 Series switch.
You should assign the master switch an IP address and subnet mask.
Note
No IP address is required if you intend to manage an enhanced stack solely through the RS232 Terminal Port on a master switch. However, remote management of a stack using Telnet, a web browser, or an SNMP application does require assigning a master switch an IP address and subnet mask.
You must set a master switch’s stacking status to Master. For
instructions, refer to “Setting a Switch’s Enhanced Stacking Status” on page 83.
The enhanced stacking feature uses the IP address 172.16.16.16. Do
not assign this address to any device if you intend to use the enhanced stacking feature.
80 Section I: Basic Operations
Page 81
AT-S62 Management Software Menus Interface User’s Guide
There are three basic steps to implementing this feature on your network:
1. You must select a switch to function as the master switch of the enhanced stack.
The master switch can be any switch that supports enhanced stacking, such as an AT-8000 Series, AT-8400 Series, AT-8500 Series, or AT-9400 Series switch. For networks that consist of more than one subnet, there must be at least one master switch in each subnet.
It is recommended that each enhanced stack have two master switches, each assigned a unique IP address. That way, should you remove one of the master switches from the network, such as for maintenance, you all still be able to remotely manage the switches in the stack using the other master switch.
2. You should assign each master switch a unique IP address and a subnet mask.
A master switch should have a unique IP address and a subnet mask. The other switches in an enhanced stack, referred to as slave switches, do not need an IP address. If an enhanced stack will have more than one master switch, you should assign each master switch a unique IP address.
You can set the IP address manually or activate the BOOTP or DHCP service on the master switch and have the switch obtain its IP information from a BOOTP or DHCP server on your network. Initially assigning an IP address or activating the BOOTP and DHCP services can only be performed through a local management session of the master switch.
For instructions on how to set the IP address manually, refer to “Configuring an IP Address and Switch Name” on page 52. For instructions on activating the BOOTP or DHCP service, refer to “Activating the BOOTP or DHCP Client Software” on page 55.
Note
No IP address is required if you intend to manage an enhanced stack solely through the RS232 Terminal Port on a master switch. However, remote management using Telnet, a web browser, or an SNMP application does require assigning a master switch an IP address and subnet mask.
3. Change the enhanced stacking status of the master switch to Master.
This is explained in “Setting a Switch’s Enhanced Stacking Status” on page 83.
Section I: Basic Operations 81
Page 82
Chapter 4: Enhanced Stacking
Master 1
IP Address
149.32.11.22
Master 2
IP Address
149.32.11.16
Figure 14 is an example of the enhanced stacking feature.
Subnet A
RS-232 TERMINAL PORT
FAULT
Router
MASTER
PWR
Subnet B
Master 1
IP Address
149.32.09.18
Master 2
IP Address
149.32.09.24
Figure 14. Enhanced Stacking Example
The example consists of a network of two subnets interconnected with a router. Two AT-8524M switches in each subnet have been selected as the master switches of their respective subnets, and each has been assigned a unique IP address.
To manage the switches of a subnet, you can start a local or remote management session on one of the master switches in the subnet. You would then have management access to all enhanced stacking switches in the same subnet.
82 Section I: Basic Operations
Page 83
AT-S62 Management Software Menus Interface User’s Guide

Setting a Switch’s Enhanced Stacking Status

The enhanced stacking status of the switch can be master switch, slave switch, or unavailable. Each status is described below:
Master switch - A master switch of a stack can be used to manage all
the other switches in a subnet. Once you establish a local or remote management session with the Master switch, you can access and manage all the switches in the stack.
A master switch should have a unique IP address. You can manually
assign a master switch an IP address or activate the BOOTP or DHCP client software on the switch.
Slave switch - A slave switch can be remotely managed through a
master switch. It does not need an IP address or subnet mask. This is the default setting.
Unavailable - A switch with an unavailable stacking status cannot be
remotely managed through a master switch. A switch with this designation can be managed locally. To be managed remotely, a switch with an unavailable stacking status must be assigned a unique IP address.
Note
You cannot change the stacking status of a switch through enhanced stacking. If a switch does not have an IP address or subnet mask, such as a slave switch, you must use a local management session to set its stacking status. If the switch has an IP address and subnet mask, such as a master switch, you can use either a local or remote management session.
To adjust a switch’s enhanced stacking status, perform the following procedure:
1. From the Main Menu, type 8 to select Enhanced Stacking.
Section I: Basic Operations 83
Page 84
Chapter 4: Enhanced Stacking
User: Manager 11:20:02 02-Jan-2006
1 - Switch State-(M)aster/(S)lave/(U)navailable.... Master
2 - Stacking Services
R - Return to Previous Menu
Enter your selection?
The Enhanced Stacking menu is shown in Figure 15.
Allied Telesyn Ethernet Switch AT-8524M - AT-S62
Production Switch
Enhanced Stacking
Figure 15. Enhanced Stacking Menu
The menu displays the current status of the switch at the end of selection “1 - Switch State.” For example, the switch’s current status in the figure above is Master.
Note
The “2 - Stacking Services” selection in the menu is displayed only on master switches.
2. To change a switch’s stacking status, type 1 to select Switch State.
The following prompt is displayed.
Enter new setup (M/S/U) ->
3. Type M to change the switch to a master switch, S to make it a slave switch, or U to make the switch unavailable. Press Return.
A change to the status is immediately activated on the switch.
4. After making changes, type R until you return to the Main Menu. Then type S to select Save Configuration Changes.
84 Section I: Basic Operations
Page 85

Selecting a Switch in an Enhanced Stack

Before you perform a procedure on a switch in an enhanced stack, you should first check to be sure that you are performing it on the correct switch. If you assigned system names to your switches, this should be easy. The name of the switch being managed is always displayed at the top of every management menu.
When you start a local or remote management session on the Master switch of an enhanced stack, you are by default addressing that particular switch. The management tasks that you perform affect only the master switch.
To manage a slave switch or another Master switch in the stack, you need to select it from the management software.
To select a switch to manage in an enhanced stack, perform the following procedure:
AT-S62 Management Software Menus Interface User’s Guide
1. From the Main Menu, type 8 to select Enhanced Stacking.
2. From the Enhanced Stacking menu, type 2 to select Stacking Services.
Note
The Stacking Services selection is only available on a Master switch.
The Stacking Services menu is shown in Figure 16.
Allied Telesyn Ethernet Switch AT-8524M - AT-S62
Production Switch
User: Manager 11:20:02 02-Jan-2006
Stacking Services
Switch Software Switch
Num MAC Address Name Mode Version Model
-------------------------------------------------------------
1 - Get/Refresh List of Switches 2 - Sort Switches in New Order 3 - Access Switch 4 - Load Image/Bootloader File 5 - Load Configuration File
R - Return to Previous Menu
Enter your selection?
Figure 16. Stacking Services Menu
Section I: Basic Operations 85
Page 86
Chapter 4: Enhanced Stacking
3. Type 1 to select Get/Refresh List of Switches.
The Master switch polls the subnet for all slave and Master switches that are a part of the enhanced stack and displays a list of the switches in the Stacking Services menu.
The Master switch on which you started the management session is not included in the list, nor are any switches with an enhanced stacking status of Unavailable.
By default, the switches are sorted in the menu by MAC address. You can sort the switches by name using the selection 2 - Sort Switches in New Order.
Note
Menu option “4 - Load Image/Bootloader File” uploads the AT-S62 image from the Master switch to another AT-8500 Series switch in the enhanced stack. The option is explained in “Uploading an AT-S62 Image File Switch to Switch” on page 196. Option “5 - Load Configuration File” allows you to upload a configuration file from a Master switch to another AT-8500 Series switch. This option is explained in “Uploading an AT-S62 Configuration File Switch to Switch” on page 199.
4. To manage a new switch, type 3 to select Access Switch.
A prompt similar to the following is displayed:
Enter the switch number -> [1 to 24}
5. Type the number of the switch in the list you want to manage.
6. Enter the appropriate username and password for the switch.
The Main Menu of the selected switch is displayed. You now can manage the switch. Any management tasks you perform affect only the selected switch.
86 Section I: Basic Operations
Page 87

Returning to the Master Switch

When you have finished managing a slave switch, return to the Main Menu of the slave switch and type Q for Quit. This returns you to the Stacking Services menu. Once you see that menu, you are again addressing the Master switch from where you started the management session.
You can either select another switch in the list to manage or, if you want to manage the Master switch, return to the master switch’s Main Menu by typing R twice.
AT-S62 Management Software Menus Interface User’s Guide
Section I: Basic Operations 87
Page 88
Chapter 4: Enhanced Stacking
88 Section I: Basic Operations
Page 89

Chapter 5

SNMPv1 and SNMPv2c Configuration

This chapter explains how to activate SNMP management on the switch and how to create, modify, and delete SNMPv1 and SNMPv2c community strings. Sections in the chapter include:
“SNMPv1 and SNMPv2c Overview” on page 90
“Enabling or Disabling SNMP Management” on page 93
“Setting the Authentication Failure Trap” on page 94
“Creating an SNMP Community String” on page 95
“Modifying a Community String” on page 98
“Deleting a Community String” on page 102
“Displaying the SNMP Community Strings” on page 103
Note
For instructions on SNMPv3, refer to Chapter 21, “SNMPv3” on page 375.
Section I: Basic Operations 89
Page 90
Chapter 5: SNMPv1 and SNMPv2c Configuration

SNMPv1 and SNMPv2c Overview

The Simple Network Management Program (SNMP) is another way for you to manage the switch. This type of management involves viewing and changing the management information base (MIB) objects on the device using an SNMP application program.
The AT-S62 management software supports SNMPv1, SNMPv2c, and SNMPv3. This chapter explains how to configure the switch’s software for SNMPv1 and SNMPv2c. For instructions on how to configure the switch for SNMPv3, refer to Chapter 21, “SNMPv3” on page 375.
The procedures in this chapter show you how to create and manage SNMPv1 and SNMPv2c community strings through which your SNMP application program at your management workstation accesses the switch’s MIB objects.
You can also configure SNMPv1 and SNMPv2c with the SNMPv3 Table menus described in Chapter 21, “SNMPv3” on page 375. However, because the SNMPv3 Table menus require a much more extensive configuration, Allied Telesyn recommends configuring SNMPv1 and SNMPv2c with the procedures in this chapter.
To manage a switch using an SNMP application program, you must do the following:
Activate SNMP management on the switch. The default setting for
SNMP management is disabled. The procedure for this can be found in “Enabling or Disabling SNMP Management” on page 93.
Load the Allied Telesyn MIBs for the switch onto your management
workstation containing the SNMP application program. The MIBs are available from the Allied Telesyn web site at www.alliedtelesyn.com.
To manage a switch using SNMP, you need to know the IP address of the switch or of a master switch and at least one of the switch’s community strings. A community string is a string of alphanumeric characters that gives you access to the switch.
A community string has several attributes that you can use to control who can use the string and what the string will allow a network management to do on the switch. The community string attributes are defined here.
Community String Name
You must give the community string a name. The name can be up to 32 alphanumeric characters. No spaces or special characters (such as /, #, or &) are allowed.
90 Section I: Basic Operations
Page 91
AT-S62 Management Software Menus Interface User’s Guide
Access Mode
This defines what the community string will allow a network manager to do. There are two access modes: Read and Read/Write. A community string with an access mode of Read can only be used to view but not change the MIB objects on a switch. A community string with a Read/Write access can be used to both view the MIB objects and change them.
Operating Status
A community string can be enabled or disabled. When disabled, no one can use it to access the switch. You might disable a community string if you suspect an unauthorized individual is using it to access the device. When a community string is enabled, it is available for use.
Open or Closed Access Status
You can use this feature to control which management stations on your network can use a community string. If you select the open access status, any network manager who knows the community string can use it. If you assign it a closed access status, then only those network managers working from particular workstations can use it. You specify the workstations by assigning their IP addresses to the community string. A closed community string can have up to eight IP addresses of management workstations assigned to it.
If you decide to activate SNMP management on the switch, it is a good idea to assign a closed status to all community strings that have a Read/ Write access mode and then assign the IP addresses of your management workstations to those strings. This helps reduce the chance of someone gaining management access to a switch through a community string and making unauthorized configuration changes.
Trap Receivers
A trap is a signal sent to one or more management workstations by the switch to indicate the occurrence of a particular operating event on the device. There are numerous operating events that can trigger a trap. For instance, resetting the switch or the failure of a cooling fan are two examples of occurrences that cause a switch to send a trap to the management workstations. You can use traps to monitor activities on the switch.
Trap receivers are the devices, typically management workstations or servers, that you want to receive the traps sent by the switch. You specify the trap receivers by their IP addresses. You assign the IP addresses to the community strings.
Each community string can have up to eight trap IP addresses.
It does not matter which community strings you assign your trap receivers. When the switch sends a trap, it looks at all the community strings and sends the trap to all trap receivers on all community strings. This is true even for community strings that have a access mode of only Read.
Section I: Basic Operations 91
Page 92
Chapter 5: SNMPv1 and SNMPv2c Configuration
If you are not interested in receiving traps, then you do not need to enter any IP addresses of trap receivers.
Default SNMP
Community
Strings
The AT-S62 management software provides two default community strings: public and private. The public string has an access mode of just Read and the private string has an access mode of Read/Write. If you activate SNMP management on the switch, you should delete or disable the private community string, which is a standard community string in the industry, or change its status from open to closed to prevent unauthorized changes to the switch.
92 Section I: Basic Operations
Page 93

Enabling or Disabling SNMP Management

To enable or disable SNMP management for the switch, perform the following procedure:
1. From the Main Menu, type 5 to select System Administration.
The System Administration menu is shown in Figure 4 on page 52.
2. From the System Administration menu, type 5 to select SNMP Configuration.
The SNMP Configuration menu is shown in Figure 17.
Allied Telesyn Ethernet Switch AT-8524M - AT-S62
Production Switch
User: Manager 11:20:02 02-Jan-2006
SNMP Configuration
1 - SNMP Status ........................ Disabled
2 - Authentication Failure Trap Status ..Disabled 3 - Configure SNMPv1 & SNMPv2c Community 4 - Display SNMPv1 & SNMPv2c Community 5 - Configure SNMPv3 Table 6 - Display SNMPv3 Table
AT-S62 Management Software Menus Interface User’s Guide
R - Return to Previous Menu
Enter your selection?
Figure 17. SNMP Configuration Menu
3. Type 1 to toggle the SNMP Status option between its two settings of Enabled and Disabled. When set to Disabled, the default, you cannot manage the switch using SNMP. When set to Enabled, you can manage the switch using SNMP.
A change to the SNMP status is immediately activated on the switch.
4. After making changes, type R until you return to the Main Menu. Then type S to select Save Configuration Changes.
Section I: Basic Operations 93
Page 94
Chapter 5: SNMPv1 and SNMPv2c Configuration

Setting the Authentication Failure Trap

As mentioned in the SNMP Overview section in this chapter, a trap is a message sent by the switch to a management workstation or server to signal an operating event, such as when the device is reset.
An authentication failure trap is similar to other the traps. It too signals an operating event on the switch. But this trap is somewhat special because it relates to SNMP management. A switch that sends this trap could be indicating an attempt by someone to gain unauthorized management access to the switch using an SNMP application program. There are two events that can cause a switch to send this trap:
An SNMP management station attempts to access the switch using an
incorrect or invalid community name.
An SNMP management station tried to access a closed access
community string, to which its IP address is not assigned.
Given the importance of this trap to the protection of your switch, the management software allows you to disable and enable it separately from the other traps. If you enable it, the switch will send this trap if either of the above events occur. If you disable it, the switch will not send this trap. The default is disabled.
If you enable this trap, be sure to add one or more IP addresses of trap receivers to the community strings so that the switch will know where to send the trap if it needs to.
To enable or disable the authentication trap, perform the following procedure:
1. From the Main Menu, type 5 to select System Administration.
The System Administration menu is shown in Figure 4 on page 52.
2. From the System Administration menu, type 5 to select SNMP Configuration.
The SNMP Configuration menu is shown in Figure 17 on page 93.
3. Type 2 to toggle Authentication Failure Trap Status between enabled and disabled. The default is disabled.
4. After making changes, type R until you return to the Main Menu. Then type S to select Save Configuration Changes.
94 Section I: Basic Operations
Page 95

Creating an SNMP Community String

To create a new SNMP community string, perform the following procedure:
1. From the Main Menu, type 5 to select System Administration.
The System Administration menu is shown in Figure 4 on page 52.
2. From the System Administration menu, type 5 to select SNMP Configuration.
The SNMP Configuration menu is shown in Figure 17 on page 93.
3. From the SNMP Configuration menu, type 3 to select Configure SNMPv1 & SNMPv2c Community.
The Configure SNMPv1 & SNMPv2c Community menu is shown in Figure 18.
AT-S62 Management Software Menus Interface User’s Guide
Allied Telesyn Ethernet Switch AT-8524M - AT-S62
Production Switch
User: Manager 11:20:02 02-Jan-2006
Configure SNMPv1 & SNMPv2c Community
Community Name AccessMode Status OpenAcc Manager IP Addr Trap Rec IP
-------------------------------------------------------------------­Private Read|Write Enabled Yes Public Read \Enabled Yes
1 - Create SNMP Community 2 - Delete SNMP Community 3 - Modify SNMP Community
U - Update Display R - Return to Previous Menu
Enter your selection?
Figure 18. SNMPv1 & SNMPv2c Community Menu
This menu lists the current community strings on the switch and their attributes. For attribute definitions, refer to “SNMPv1 and SNMPv2c Overview” on page 90.
4. Type 1 to select Create SNMP Community.
This prompt is displayed:
Enter SNMP Community Name:
Section I: Basic Operations 95
Page 96
Chapter 5: SNMPv1 and SNMPv2c Configuration
5. Enter the new SNMP community string. The name can be up to 32 alphanumeric characters. No spaces or special characters (such as /, #, or &) are allowed.
This prompt is displayed:
Enter Access Mode [R-Read Only, W-Read/Write]:
6. Specify the access mode for the new SNMP community string. If you specify Read, the community string will only allow you to view the MIB objects on the switch. If you specify Read/Write, the community string will allow you to both view and change the SNMP MIB objects on the switch. This prompt is displayed:
Enter Open Access Status [Y-Yes, N-No]:
7. Specify the open access status. If you enter Yes, any network manager who knows the community string can use it. If you respond with No, making it closed access, only those management workstations whose IP addresses you assign to the community string can use it. This prompt is displayed:
Enter SNMP Manager IP Addr:
8. If in Step 7 you responded with No making this a closed community string, specify the IP address of the management workstation that can use the string. A community string can have up to eight IP addresses of management workstations. But you can assign only one to it initially with this procedure. To add additional IP addresses, refer to “Modifying a Community String” on page 98.
If you assigned the community string an access status of open, leave this field blank by pressing Return.
This prompt is displayed:
Enter Trap Receiver IP Addr:
9. If you want the switch to send traps to a management workstation or server, enter the IP address of the node here. A community string can have up to eight IP addresses of trap receivers. But you can assign only one initially with this procedure. To add additional IP addresses, refer to “Modifying a Community String” on page 98.
If you do not want to add a IP address of a trap receiver to the community string, leave this field blank by pressing Return.
The AT-S62 software creates the new community string and adds it to the list in the SNMP Community menu. A new community string is immediately available for use to manage the switch.
96 Section I: Basic Operations
Page 97
AT-S62 Management Software Menus Interface User’s Guide
10. If desired, repeat this procedure starting with Step 4 to create additional community strings.
11. After making changes, type R until you return to the Main Menu. Then type S to select Save Configuration Changes.
Section I: Basic Operations 97
Page 98
Chapter 5: SNMPv1 and SNMPv2c Configuration

Modifying a Community String

To modify a community string, perform the following procedure:
1. From the Main Menu, type 5 to select System Administration.
The System Administration menu is shown in Figure 4 on page 52.
2. From the System Administration menu, type 5 to select SNMP Configuration.
The SNMP Configuration menu is shown in Figure 17 on page 93.
3. From the SNMP Configuration menu, type 3 to select Configure SNMPv1 &SNMPv2c Community.
The Configure SNMPv1 &SNMPv2c Community menu in shown in Figure 18 on page 95.
4. From the Configure SNMPv1 &SNMPv2c Community menu, type 3 to select Modify SNMP Community.
The Modify SNMP Community menu is shown in Figure 19.
Allied Telesyn Ethernet Switch AT-8524M - AT-S62
Production Switch
User: Manager 11:20:02 02-Jan-2006
Modify SNMPv1 & SNMPv2c Community
Community Name AccessMode Status OpenAcc Manager IP Addr Trap Rec IP
-------------------------------------------------------------------­Private Read|Write Enabled Yes Public Read Enabled Yes
1 - Add Attributes to Community 2 - Delete Attributes from Community 3 - Set Community Access Mode 4 - Set Community Status 5 - Set Community Open Access
U - Update Display R - Return to Previous Menu
Enter your selection:
Figure 19. Modify SNMP Community Menu
This menu lists the current community strings on the switch and their attributes. For attribute definitions, refer to “SNMPv1 and SNMPv2c Overview” on page 90.
98 Section I: Basic Operations
Page 99
AT-S62 Management Software Menus Interface User’s Guide
The menu options are described below:
1 - Add Attributes to Community
If a community string has a closed access mode, you can use this selection to add new IP addresses of management workstations that can use the string. You can also use this option to add IP addresses of new trap receivers. To use this option, do the following:
1. From the Modify SNMP Community menu, type 1 to select Add Attributes to Community. The following prompt is displayed:
Enter SNMP Community Name:
2. Enter the community string you want to modify. Community strings are case sensitive. This prompt is displayed:
Enter SNMP Manager IP Addr:
3. If you are modifying a community string with a closed access mode and you want to add an IP address of a management workstation to it, enter the workstation’s IP address at the prompt. Otherwise, just press Return. A community string can have a maximum of eight IP addresses, but you can add only one at a time with this procedure. This prompt is displayed:
Enter Trap Receiver IP Addr:
4. If you want the switch to send traps to a trap receiver, enter the IP address of the receiver at this prompt. Otherwise, just press Return.
The community string is modified and the Modify SNMP Configuration menu is displayed again.
5. Repeat this procedure to modify other community strings.
6. After making changes, type R until you return to the Main Menu. Then type S to select Save Configuration Changes.
2 - Delete Attributes from Community
Use this option to delete an IP address of a management workstation or a trap receiver from a community string. To use this option, do the following:
1. From the Modify SNMP Community menu, type 2 to select Delete Attributes from Community. The following prompt is displayed:
Enter SNMP Community Name:
2. Enter the community string you want to modify. Community strings are case sensitive. This prompt is displayed:
Enter SNMP Manager IP Addr:
Section I: Basic Operations 99
Page 100
Chapter 5: SNMPv1 and SNMPv2c Configuration
3. If you want to remove the IP address of a management workstation from the community string, enter the IP address at the prompt. Otherwise, just press Return. This prompt is displayed:
Enter Trap Receiver IP Addr:
4. If you want to remove the IP address of a trap receiver from the community string, enter the IP address at the prompt. Otherwise, just press Return.
5. After making changes, type R until you return to the Main Menu. Then type S to select Save Configuration Changes.
3 - Set Community Access Mode
Use this option to change a community string’s Read or Read/Write status. To use the selection, do the following:
1. From the Modify SNMP Community menu, type 3 to select Set Community Access Mode. The following prompt is displayed:
Enter SNMP Community Name:
2. Enter the community string you want to modify. Community strings are case sensitive. This prompt is displayed:
Enter Access Mode [R-Read Only, W-Read/Write]:
3. Type R to change the string’s status to Read only, or W for Read/Write. This confirmation prompt is displayed:
Do you want to change this Community Access Mode? (Y/N): [Yes/No] ->
4. Type Y to change the string’s access mode or N to cancel the change.
5. After making changes, type R until you return to the Main Menu. Then type S to select Save Configuration Changes.
4 - Set Community Status
Use this option to enable or disable a community string. When disabled, no one can use the community string to access the switch. To use the selection, do the following:
1. From the Modify SNMP Community menu, type 4 to select Set Community Status. The following prompt is displayed:
Enter SNMP Community Name:
2. Enter the community string you want to modify. Community strings are case sensitive. This prompt is displayed:
Enter Community Status [E-Enable, D-Disable]:
100 Section I: Basic Operations
Loading...
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use