Allied Telesis AT-S63 User Manual

◆

Management Software

AT-S63

Features Guide

AT-S63 Version 2.2.0 for the AT-9400 Layer 2+ Switches AT-S63 Version 3.0.0 for the AT-9400 Basic Layer 3 Switches

613-000801 Rev. A

Microsoft and Internet Explorer are registered trademarks of Microsoft Corporation. Netscape Navigator is a registered trademark of Netscape Communications Corporation. All other product names, company names, logos or other designations mentioned herein are trademarks or registered trademarks of their respective owners.

Allied Telesis, Inc. reserves the right to make changes in specifications and other information contained in this document without prior written notice. The information provided herein is subject to change without notice. In no event shall Allied Telesis, Inc. be liable for any incidental, special, indirect, or consequential damages whatsoever, including but not limited to lost profits, arising out of or related to this manual or the information contained herein, even if Allied Telesis, Inc. has been advised of, known, or should have known, the possibility of such damages.

Preface ............................................................................................................................................................ 17

How This Guide is Organized........................................................................................................................... 18

Product Documentation .................................................................................................................................... 20

Where to Go First ............................................................................................................................................. 21

Starting a Management Session ...................................................................................................................... 22

Document Conventions .................................................................................................................................... 23

Where to Find Web-based Guides ................................................................................................................... 24

Contacting Allied Telesis .................................................................................................................................. 25

Online Support ........................................................................................................................................... 25

Email and Telephone Support.................................................................................................................... 25

Returning Products .................................................................................................................................... 25

Sales or Corporate Information.................................................................................................................. 25

Management Software Updates................................................................................................................. 25

Section I: Basic Operations ...................................................................................... 27

Chapter 1: Overview ...................................................................................................................................... 29

Layer 2+ and Basic Layer 3 Switches .............................................................................................................. 30

AT-S63 Management Software ........................................................................................................................ 35

Management Interfaces and Features.............................................................................................................. 36

Management Access Methods ......................................................................................................................... 41

Local Management Sessions ..................................................................................................................... 41

Remote Telnet Sessions ............................................................................................................................ 41

Remote Secure Shell (SSH) Sessions....................................................................................................... 41

Remote Web Browser Session .................................................................................................................. 41

Remote SNMP Management ..................................................................................................................... 42

Manager Access Levels ................................................................................................................................... 43

Installation and Management Configurations ................................................................................................... 44

Stand-alone Switch .................................................................................................................................... 44

Enhanced Stacking .................................................................................................................................... 44

Stacking ..................................................................................................................................................... 44

IP Configuration................................................................................................................................................ 46

Redundant Twisted Pair Ports.......................................................................................................................... 47

History of New Features ................................................................................................................................... 49

Version 3.0.0 .............................................................................................................................................. 49

Version 2.1.0 .............................................................................................................................................. 50

Version 2.0.0 .............................................................................................................................................. 50

Version 1.3.0 .............................................................................................................................................. 51

Version 1.2.0 .............................................................................................................................................. 52

Contents

Chapter 2: Enhanced Stacking .....................................................................................................................55

Supported Platforms ......................................................................................................................................... 56

Overview ...........................................................................................................................................................57

Master and Slave Switches...............................................................................................................................58

Common VLAN ................................................................................................................................................. 59

Master Switch and the Local Interface .............................................................................................................. 60

Slave Switches.................................................................................................................................................. 61

Enhanced Stacking Compatibility ..................................................................................................................... 62

Enhanced Stacking Guidelines ......................................................................................................................... 63

General Steps ................................................................................................................................................... 64

Chapter 3: SNMPv1 and SNMPv2c ............................................................................................................... 65

Supported Platforms ......................................................................................................................................... 66

Overview ...........................................................................................................................................................67

Community String Attributes ............................................................................................................................. 68

Community String Name ............................................................................................................................68

Access Mode .............................................................................................................................................. 68

Operating Status......................................................................................................................................... 68

Open or Closed Access Status...................................................................................................................68

Trap Receivers ...........................................................................................................................................68

Default SNMP Community Strings .................................................................................................................... 70

Chapter 4: MAC Address Table .................................................................................................................... 71

Overview ...........................................................................................................................................................72

Chapter 5: Static Port Trunks .......................................................................................................................75

Supported Platforms ......................................................................................................................................... 76

Overview ...........................................................................................................................................................77

Load Distribution Methods ................................................................................................................................78

Guidelines .........................................................................................................................................................80

Chapter 6: LACP Port Trunks ....................................................................................................................... 81

Supported Platforms ......................................................................................................................................... 82

Overview ...........................................................................................................................................................83

LACP System Priority ....................................................................................................................................... 87

Adminkey Parameter ........................................................................................................................................88

LACP Port Priority Value................................................................................................................................... 88

Load Distribution Methods ................................................................................................................................89

Guidelines .........................................................................................................................................................90

Chapter 7: Port Mirror ....................................................................................................................................93

Supported Platforms ......................................................................................................................................... 94

Overview ...........................................................................................................................................................95

Guidelines .........................................................................................................................................................95

Section II: Advanced Operations .............................................................................97

Chapter 8: File System ..................................................................................................................................99

Overview .........................................................................................................................................................100

Boot Configuration Files..................................................................................................................................101

File Naming Conventions................................................................................................................................102

Using Wildcards to Specify Groups of Files ....................................................................................................103

Chapter 9: Event Logs and the Syslog Client ...........................................................................................105

Supported Platforms ....................................................................................................................................... 106

Overview .........................................................................................................................................................107

Event Messages ............................................................................................................................................. 107

Syslog Client ................................................................................................................................................... 108

AT-S63 Management Software Features Guide

Chapter 10: Classifiers ................................................................................................................................ 109

Supported Platforms....................................................................................................................................... 110

Overview......................................................................................................................................................... 111

Classifier Criteria ............................................................................................................................................ 113

Guidelines....................................................................................................................................................... 118

Chapter 11: Access Control Lists .............................................................................................................. 119

Supported Platforms....................................................................................................................................... 120

Overview......................................................................................................................................................... 121

Parts of an ACL .............................................................................................................................................. 123

Guidelines....................................................................................................................................................... 124

Examples........................................................................................................................................................ 125

Chapter 12: Class of Service ...................................................................................................................... 131

Supported Platforms....................................................................................................................................... 132

Overview......................................................................................................................................................... 133

Scheduling...................................................................................................................................................... 136

Strict Priority Scheduling.......................................................................................................................... 136

Weighted Round Robin Priority Scheduling ............................................................................................. 136

Chapter 13: Quality of Service ................................................................................................................... 139

Supported Platforms....................................................................................................................................... 140

Overview......................................................................................................................................................... 141

Classifiers ....................................................................................................................................................... 143

Flow Groups ................................................................................................................................................... 144

Traffic Classes................................................................................................................................................ 145

Policies ........................................................................................................................................................... 146

QoS Policy Guidelines.................................................................................................................................... 147

Packet Processing.......................................................................................................................................... 148

Bandwidth Allocation ...................................................................................................................................... 148

Packet Prioritization........................................................................................................................................ 148

Replacing Priorities......................................................................................................................................... 150

VLAN Tag User Priorities ............................................................................................................................... 150

DSCP Values.................................................................................................................................................. 150

DiffServ Domains............................................................................................................................................ 151

Examples........................................................................................................................................................ 153

Voice Applications.................................................................................................................................... 153

Video Applications.................................................................................................................................... 155

Critical Database...................................................................................................................................... 157

Policy Component Hierarchy.................................................................................................................... 158

Chapter 14: Denial of Service Defenses .................................................................................................... 161

Supported Platforms....................................................................................................................................... 162

Overview......................................................................................................................................................... 163

SYN Flood Attack ........................................................................................................................................... 164

Smurf Attack ................................................................................................................................................... 165

Land Attack..................................................................................................................................................... 166

Teardrop Attack .............................................................................................................................................. 168

Ping of Death Attack....................................................................................................................................... 169

IP Options Attack..............................................................................................................

.............................. 170

Mirroring Traffic .............................................................................................................................................. 171

Denial of Service Defense Guidelines ............................................................................................................ 172

Contents

Section III: Snooping Protocols ..............................................................................173

Chapter 15: IGMP Snooping ....................................................................................................................... 175

Supported Platforms ....................................................................................................................................... 176

Overview .........................................................................................................................................................177

Chapter 16: MLD Snooping .........................................................................................................................179

Supported Platforms ....................................................................................................................................... 180

Overview .........................................................................................................................................................181

Chapter 17: RRP Snooping .........................................................................................................................183

Supported Platforms ....................................................................................................................................... 184

Overview .........................................................................................................................................................185

Guidelines .......................................................................................................................................................186

Chapter 18: Ethernet Protection Switching Ring Snooping .................................................................... 187

Supported Platforms ....................................................................................................................................... 188

Overview .........................................................................................................................................................189

Restrictions ..................................................................................................................................................... 191

Guidelines .......................................................................................................................................................193

Section IV: SNMPv3 ................................................................................................ 195

Chapter 19: SNMPv3 .................................................................................................................................... 197

Supported Platforms ....................................................................................................................................... 198

Overview .........................................................................................................................................................199

SNMPv3 Authentication Protocols .................................................................................................................. 200

SNMPv3 Privacy Protocol............................................................................................................................... 201

SNMPv3 MIB Views........................................................................................................................................202

SNMPv3 Storage Types .................................................................................................................................204

SNMPv3 Message Notification .......................................................................................................................205

SNMPv3 Tables .............................................................................................................................................. 206

SNMPv3 User Table................................................................................................................................. 208

SNMPv3 View Table................................................................................................................................. 208

SNMPv3 Access Table............................................................................................................................. 208

SNMPv3 SecurityToGroup Table ............................................................................................................. 208

SNMPv3 Notify Table ...............................................................................................................................209

SNMPv3 Target Address Table................................................................................................................209

SNMPv3 Target Parameters Table .......................................................................................................... 209

SNMPv3 Community Table ...................................................................................................................... 209

SNMPv3 Configuration Example ....................................................................................................................210

Section V: Spanning Tree Protocols ......................................................................211

Chapter 20: Spanning Tree and Rapid Spanning Tree Protocols ........................................................... 213

Supported Platforms ....................................................................................................................................... 214

Overview .........................................................................................................................................................215

Bridge Priority and the Root Bridge ................................................................................................................ 216

Path Costs and Port Costs .......................................................................................................................217

Port Priority............................................................................................................................................... 218

Forwarding Delay and Topology Changes...................................................................................................... 220

Hello Time and Bridge Protocol Data Units (BPDU)................................................................................. 220

Point-to-Point and Edge Ports .................................................................................................................. 221

Mixed STP and RSTP Networks ..................................................................................................................... 223

Spanning Tree and VLANs .............................................................................................................................224

AT-S63 Management Software Features Guide

Chapter 21: Multiple Spanning Tree Protocol ........................................................................................... 225

Supported Platforms....................................................................................................................................... 226

Overview......................................................................................................................................................... 227

Multiple Spanning Tree Instance (MSTI) ........................................................................................................ 228

MSTI Guidelines ............................................................................................................................................. 232

VLAN and MSTI Associations ........................................................................................................................ 233

Ports in Multiple MSTIs................................................................................................................................... 234

Multiple Spanning Tree Regions .................................................................................................................... 235

Region Guidelines.................................................................................................................................... 237

Common and Internal Spanning Tree (CIST) .......................................................................................... 238

MSTP with STP and RSTP ...................................................................................................................... 238

Summary of Guidelines .................................................................................................................................. 239

Associating VLANs to MSTIs.......................................................................................................................... 241

Connecting VLANs Across Different Regions ................................................................................................ 243

Section VI: Virtual LANs ....................................................................................... 245

Chapter 22: Port-based and Tagged VLANs ............................................................................................. 247

Supported Platforms....................................................................................................................................... 248

Overview......................................................................................................................................................... 249

Port-based VLAN Overview............................................................................................................................ 251

VLAN Name ............................................................................................................................................. 251

VLAN Identifier ......................................................................................................................................... 251

Untagged Ports ........................................................................................................................................ 252

Port VLAN Identifier ................................................................................................................................. 252

Guidelines to Creating a Port-based VLAN.............................................................................................. 253

Drawbacks of Port-based VLANs............................................................................................................. 253

Port-based Example 1.............................................................................................................................. 254

Port-based Example 2.............................................................................................................................. 255

Tagged VLAN Overview ................................................................................................................................. 257

Tagged and Untagged Ports .................................................................................................................... 258

Port VLAN Identifier ................................................................................................................................. 258

Guidelines to Creating a Tagged VLAN ................................................................................................... 258

Tagged VLAN Example............................................................................................................................ 259

Chapter 23: GARP VLAN Registration Protocol ....................................................................................... 261

Supported Platforms....................................................................................................................................... 262

Overview......................................................................................................................................................... 263

Guidelines....................................................................................................................................................... 266

GVRP and Network Security .......................................................................................................................... 267

GVRP-inactive Intermediate Switches............................................................................................................ 268

Generic Attribute Registration Protocol (GARP) Overview............................................................................. 269

Chapter 24: Multiple VLAN Modes ............................................................................................................. 273

Supported Platforms....................................................................................................................................... 274

Overview......................................................................................................................................................... 275

802.1Q- Compliant Multiple VLAN Mode........................................................................................................ 276

Non-802.1Q Compliant Multiple VLAN Mode ................................................................................................. 278

Chapter 25: Protected Ports VLANs .......................................................................................................... 279

Supported Platforms....................................................................................................................................... 280

Overview......................................................................................................................................................... 281

Guidelines....................................................................................................................................................... 283

Contents

Chapter 26: MAC Address-based VLANs ..................................................................................................285

Supported Platforms ....................................................................................................................................... 286

Overview .........................................................................................................................................................287

Egress Ports ................................................................................................................................................... 288

VLANs That Span Switches............................................................................................................................ 291

VLAN Hierarchy .............................................................................................................................................. 293

Steps to Creating a MAC Address-based VLAN............................................................................................. 294

Guidelines .......................................................................................................................................................295

Section VII: Routing ................................................................................................ 297

Chapter 27: Internet Protocol Version 4 Packet Routing ......................................................................... 299

Supported Platforms ....................................................................................................................................... 300

Overview .........................................................................................................................................................301

Routing Interfaces ...........................................................................................................................................303

VLAN ID (VID) ..........................................................................................................................................304

Interface Numbers ....................................................................................................................................304

IP Address and Subnet Mask ................................................................................................................... 304

Interface Names..............................................................................................................................................306

Static Routes................................................................................................................................................... 307

Routing Information Protocol (RIP) ................................................................................................................. 309

Default Routes ................................................................................................................................................311

Equal-cost Multi-path (ECMP) Routing ...........................................................................................................312

Routing Table.................................................................................................................................................. 314

Address Resolution Protocol (ARP) Table ...................................................................................................... 315

Internet Control Message Protocol (ICMP) .....................................................................................................316

Routing Interfaces and Management Features............................................................................................... 318

Network Servers .......................................................................................................................................318

Enhanced Stacking...................................................................................................................................319

Remote Telnet, SSH, and Web Browser Management Sessions ............................................................ 319

Pinging a Remote Device ......................................................................................................................... 320

DHCP or BOOTP Server ..........................................................................................................................320

Local Interface ................................................................................................................................................ 321

AT-9408LC/SP AT-9424T/GB, and AT-9424T/SP Switches...........................................................................322

Local Interface ..........................................................................................................................................322

ARP Table ................................................................................................................................................322

Default Gateway .......................................................................................................................................323

Routing Command Example ...........................................................................................................................324

Creating the VLANs.................................................................................................................................. 325

Creating the Routing Interfaces................................................................................................................325

Adding a Static Route and Default Route................................................................................................. 326

Adding RIP ...............................................................................................................................................327

Selecting the Local Interface .................................................................................................................... 327

Non-routing Command Example..................................................................................................................... 328

Upgrading from AT-S63 Version 1.3.0 or Earlier ............................................................................................ 330

Chapter 28: BOOTP Relay Agent ................................................................................................................ 331

Supported Platforms ....................................................................................................................................... 332

Overview .........................................................................................................................................................333

Guidelines .......................................................................................................................................................335

Chapter 29: Virtual Router Redundancy Protocol .................................................................................... 337

Supported Platforms ....................................................................................................................................... 338

Overview .........................................................................................................................................................339

Master Switch ................................................................................................................................................. 340

Backup Switches.............................................................................................................................................341

AT-S63 Management Software Features Guide

Interface Monitoring........................................................................................................................................ 342

Port Monitoring ............................................................................................................................................... 343

VRRP on the Switch ....................................................................................................................................... 344

Section VIII: Port Security ..................................................................................... 347

Chapter 30: MAC Address-based Port Security ....................................................................................... 349

Supported Platforms....................................................................................................................................... 350

Overview......................................................................................................................................................... 351

Automatic ................................................................................................................................................. 351

Limited...................................................................................................................................................... 351

Secured.................................................................................................................................................... 352

Locked...................................................................................................................................................... 352

Invalid Frames and Intrusion Actions ............................................................................................................. 353

Guidelines....................................................................................................................................................... 354

Chapter 31: 802.1x Port-based Network Access Control ........................................................................ 355

Supported Platforms....................................................................................................................................... 356

Overview......................................................................................................................................................... 357

Authentication Process................................................................................................................................... 359

Port Roles....................................................................................................................................................... 360

None Role ................................................................................................................................................ 360

Authenticator Role.................................................................................................................................... 360

Supplicant Role ........................................................................................................................................ 362

Authenticator Ports with Single and Multiple Supplicants............................................................................... 363

Single Operating Mode ............................................................................................................................ 363

Multiple Operating Mode .......................................................................................................................... 367

Supplicant and VLAN Associations ................................................................................................................ 370

Single Operating Mode ............................................................................................................................ 371

Multiple Operating Mode .......................................................................................................................... 371

Supplicant VLAN Attributes on the RADIUS Server................................................................................. 371

Guest VLAN.................................................................................................................................................... 372

RADIUS Accounting ....................................................................................................................................... 373

General Steps................................................................................................................................................. 374

Guidelines....................................................................................................................................................... 375

Section IX: Management Security ......................................................................... 379

Chapter 32: Web Server .............................................................................................................................. 381

Supported Platforms....................................................................................................................................... 382

Overview......................................................................................................................................................... 383

Supported Protocols................................................................................................................................. 383

Configuring the Web Server for HTTP............................................................................................................ 384

Configuring the Web Server for HTTPS ......................................................................................................... 385

General Steps for a Self-signed Certificate.............................................................................................. 385

General Steps for a Public or Private CA Certificate................................................................................ 385

Chapter 33: Encryption Keys ..................................................................................................................... 387

Supported Platforms....................................................................................................................................... 388

Overview......................................................................................................................................................... 389

Encryption Key Length ................................................................................................................................... 390

Encryption Key Guidelines ............................................................................................................................. 391

Technical Overview ........................................................................................................................................ 392

Data Encryption........................................................................................................................................ 392

Data Authentication.................................................................................................................................. 394

Key Exchange Algorithms ........................................................................................................................ 395

Contents

Chapter 34: PKI Certificates and SSL ........................................................................................................397

Supported Platforms ....................................................................................................................................... 398

Overview .........................................................................................................................................................399

Types of Certificates ....................................................................................................................................... 399

Distinguished Names ...................................................................................................................................... 401

SSL and Enhanced Stacking ..........................................................................................................................403

Guidelines .......................................................................................................................................................404

Technical Overview.........................................................................................................................................405

SSL Encryption......................................................................................................................................... 405

User Verification .......................................................................................................................................406

Authentication........................................................................................................................................... 406

Public Key Infrastructure .......................................................................................................................... 407

Public Keys............................................................................................................................................... 407

Message Encryption .................................................................................................................................407

Digital Signatures ..................................................................................................................................... 407

Certificates................................................................................................................................................ 408

Elements of a Public Key Infrastructure ................................................................................................... 409

Certificate Validation................................................................................................................................. 410

Certificate Revocation Lists (CRLs)..........................................................................................................410

PKI Implementation .................................................................................................................................. 411

Chapter 35: Secure Shell (SSH) ..................................................................................................................413

Supported Platforms ....................................................................................................................................... 414

Overview .........................................................................................................................................................415

Support for SSH..............................................................................................................................................416

SSH Server ..................................................................................................................................................... 417

SSH Clients..................................................................................................................................................... 418

SSH and Enhanced Stacking..........................................................................................................................419

SSH Configuration Guidelines ........................................................................................................................421

General Steps to Configuring SSH .................................................................................................................422

Chapter 36: TACACS+ and RADIUS Protocols .........................................................................................423

Supported Platforms ....................................................................................................................................... 424

Overview .........................................................................................................................................................425

Guidelines .......................................................................................................................................................427

Chapter 37: Management Access Control List .......................................................................................... 431

Supported Platforms ....................................................................................................................................... 432

Overview .........................................................................................................................................................433

Parts of a Management ACE ..........................................................................................................................434

IP Address ................................................................................................................................................ 434

Mask ......................................................................................................................................................... 434

Application ................................................................................................................................................434

Guidelines .......................................................................................................................................................435

Examples ........................................................................................................................................................ 436

Appendix A: AT-S63 Management Software Default Settings ................................................................. 439

Address Resolution Protocol Cache ...............................................................................................................441

Boot Configuration File ...................................................................................................................................442

BOOTP Relay Agent .......................................................................................................................................443

Class of Service .............................................................................................................................................. 444

Denial of Service Defenses.............................................................................................................................445

802.1x Port-Based Network Access Control ...................................................................................................446

Enhanced Stacking ......................................................................................................................................... 448

Ethernet Protection Switching Ring (EPSR) Snooping ................................................................................... 449

Event Logs ...................................................................................................................................................... 450

GVRP.............................................................................................................................................................. 451

AT-S63 Management Software Features Guide

IGMP Snooping .............................................................................................................................................. 452

Internet Protocol Version 4 Packet Routing.................................................................................................... 453

MAC Address-based Port Security................................................................................................................. 454

MAC Address Table ....................................................................................................................................... 455

Management Access Control List................................................................................................................... 456

Manager and Operator Account ..................................................................................................................... 457

Multicast Listener Discovery Snooping........................................................................................................... 458

Public Key Infrastructure ................................................................................................................................ 459

Port Settings ................................................................................................................................................... 460

RJ-45 Serial Terminal Port ............................................................................................................................. 461

Router Redundancy Protocol Snooping ......................................................................................................... 462

Server-based Authentication (RADIUS and TACACS+)................................................................................. 463

Server-based Authentication.................................................................................................................... 463

RADIUS Client ......................................................................................................................................... 463

TACACS+ Client ...................................................................................................................................... 463

Simple Network Management Protocol .......................................................................................................... 464

Simple Network Time Protocol ....................................................................................................................... 465

Spanning Tree Protocols (STP, RSTP, and MSTP) ....................................................................................... 466

Spanning Tree Switch Settings ................................................................................................................ 466

Spanning Tree Protocol ........................................................................................................................... 466

Rapid Spanning Tree Protocol ................................................................................................................. 466

Multiple Spanning Tree Protocol.............................................................................................................. 467

Secure Shell Server........................................................................................................................................ 468

Secure Sockets Layer .................................................................................................................................... 469

System Name, Administrator, and Comments Settings ................................................................................. 470

Telnet Server .................................................................................................................................................. 471

Virtual Router Redundancy Protocol .............................................................................................................. 472

VLANs ............................................................................................................................................................ 473

Web Server..................................................................................................................................................... 474

Appendix B: SNMPv3 Configuration Examples ........................................................................................ 475

SNMPv3 Configuration Examples .................................................................................................................. 476

SNMPv3 Manager Configuration ............................................................................................................. 476

SNMPv3 Operator Configuration ............................................................................................................. 477

SNMPv3 Worksheet................................................................................................................................. 478

Appendix C: Features and Standards ....................................................................................................... 481

10/100/1000Base-T Twisted Pair Ports.......................................................................................................... 482

Denial of Service Defenses ............................................................................................................................ 482

Ethernet Protection Switching Ring Snooping................................................................................................ 482

Fiber Optic Ports (AT-9408LC/SP Switch) ..................................................................................................... 483

File System..................................................................................................................................................... 483

DHCP and BOOTP Clients............................................................................................................................. 483

Internet Protocol Multicasting ......................................................................................................................... 483

Internet Protocol Version 4 Routing................................................................................................................ 483

MAC Address Table ....................................................................................................................................... 484

Management Access and Security ................................................................................................................. 484

Management Access Methods ....................................................................................................................... 485

Management Interfaces.................................................................................................................................. 485

Management MIBs ......................................................................................................................................... 485

Port Security ................................................................................................................................................... 486

Port Trunking and Mirroring............................................................................................................................ 486

Spanning Tree Protocols ................................................................................................................................ 486

System Monitoring.......................................................................................................................................... 486

Traffic Control ................................................................................................................................................. 487

Virtual LANs.................................................................................................................................................... 487

Virtual Router Redundancy Protocol .............................................................................................................. 488

Contents

Appendix D: MIB Objects ............................................................................................................................ 489

Access Control Lists ....................................................................................................................................... 490

Class of Service .............................................................................................................................................. 491

Date, Time, and SNTP Client..........................................................................................................................492

Denial of Service Defenses.............................................................................................................................493

Enhanced Stacking ......................................................................................................................................... 494

GVRP.............................................................................................................................................................. 495

MAC Address Table........................................................................................................................................497

Management Access Control List ...................................................................................................................498

Miscellaneous ................................................................................................................................................. 499

Port Mirroring .................................................................................................................................................. 500

Quality of Service............................................................................................................................................501

Port Configuration and Status......................................................................................................................... 503

Spanning Tree ................................................................................................................................................504

Static Port Trunk ............................................................................................................................................. 505

VLANs............................................................................................................................................................. 506

Index .............................................................................................................................................................. 509

Figures

Figure 1: Static Port Trunk Example.....................................................................................................................................77

Figure 2: Example of Multiple Aggregators for Multiple Aggregate Trunks ..........................................................................84

Figure 3: Example of an Aggregator with Multiple Trunks....................................................................................................85

Figure 4: User Priority and VLAN Fields within an Ethernet Frame....................................................................................114

Figure 5: ToS field in an IP Header ....................................................................................................................................115

Figure 6: ACL Example 1 ...................................................................................................................................................125

Figure 7: ACL Example 2 ...................................................................................................................................................126

Figure 8: ACL Example 3 ...................................................................................................................................................127

Figure 9: ACL Example 4 ...................................................................................................................................................128

Figure 10: ACL Example 5 .................................................................................................................................................128

Figure 11: ACL Example 6 .................................................................................................................................................129

Figure 12: DiffServ Domain Example .................................................................................................................................151

Figure 13: QoS Voice Application Example........................................................................................................................154

Figure 14: QoS Video Application Example........................................................................................................................156

Figure 15: QoS Critical Database Example ........................................................................................................................157

Figure 16: Policy Component Hierarchy Example ..............................................................................................................159

Figure 17: Double Fault Condition in EPSR Snooping .......................................................................................................192

Figure 18: MIB Tree............................................................................................................................................................202

Figure 19: SNMPv3 User Configuration Process ...............................................................................................................206

Figure 20: SNMPv3 Message Notification Process ............................................................................................................207

Figure 21: Point-to-Point Ports ...........................................................................................................................................221

Figure 22: Edge Port ..........................................................................................................................................................222

Figure 23: Point-to-Point and Edge Port.............................................................................................................................222

Figure 24: VLAN Fragmentation.........................................................................................................................................224

Figure 25: VLAN Fragmentation with STP or RSTP...........................................................................................................229

Figure 26: MSTP Example of Two Spanning Tree Instances ............................................................................................230

Figure 27: Multiple VLANs in a MSTI..................................................................................................................................231

Figure 28: Multiple Spanning Tree Region .........................................................................................................................236

Figure 29: CIST and VLAN Guideline - Example 1.............................................................................................................241

Figure 30: CIST and VLAN Guideline - Example 2.............................................................................................................242

Figure 31: Spanning Regions - Example 1 .........................................................................................................................243

Figure 32: Port-based VLAN - Example 1 ..........................................................................................................................254

Figure 33: Port-based VLAN - Example 2 ..........................................................................................................................255

Figure 34: Example of a Tagged VLAN..............................................................................................................................259

Figure 35: GVRP Example ........................................................................................................

Figure 36: GARP Architecture ............................................................................................................................................270

Figure 37: GID Architecture................................................................................................................................................271

Figure 38: Example of a MAC Address-based VLAN Spanning Switches .........................................................................291

Figure 39: Example of the Supplicant Role ........................................................................................................................362

Figure 40: Authenticator Port in Single Operating Mode with a Single Client.....................................................................364

Figure 41: Single Operating Mode with Multiple Clients Using the Piggy-back Feature - Example 1 ................................365

Figure 42: Single Operating Mode with Multiple Clients Using the Piggy-back Feature - Example 2 ................................366

Figure 43: Single Operating Mode with Multiple Clients Using the Piggy-back Feature - Example 3 ................................367

Figure 44: Authenticator Port in Multiple Operating Mode - Example 1..............................................................................368

Figure 45: Authenticator Port in Multiple Operating Mode - Example 2..............................................................................369

Figure 46: SSH Remote Management of a Slave Switch ...................................................................................................419

.........................................264

Figures

Tables

Table 1: AT-9400 Switch Features ......................................................................................................................................31

Table 2: Management Interfaces and Features ...................................................................................................................36

Table 3: Twisted Pair Ports Matched with GBIC and SFP Slots ..........................................................................................47

Table 4: New Features in AT-S63 Version 3.0.0 .................................................................................................................49

Table 5: New Features in AT-S63 Version 2.1.0 .................................................................................................................50

Table 6: New Features in AT-S63 Version 2.0.0 .................................................................................................................50

Table 7: New Features in AT-S63 Version 1.3.0 .................................................................................................................51

Table 8: New Features in AT-S63 Version 1.2.0 .................................................................................................................52

Table 9: File Extensions and File Types ............................................................................................................................102

Table 10: Default Mappings of IEEE 802.1p Priority Levels to Priority Queues ................................................................134

Table 11: Customized Mappings of IEEE 802.1p Priority Levels to Priority Queues .........................................................134

Table 12: Example of Weighted Round Robin Priority ......................................................................................................137

Table 13: Example of a Weight of Zero for Priority Queue 7 .............................................................................................137

Table 14: Bridge Priority Value Increments .......................................................................................................................216

Table 15: STP Auto-Detect Port Costs ..............................................................................................................................217

Table 16: STP Auto-Detect Port Trunk Costs ....................................................................................................................218

Table 17: RSTP Auto-Detect Port Costs ...........................................................................................................................218

Table 18: RSTP Auto-Detect Port Trunk Costs .................................................................................................................218

Table 19: Port Priority Value Increments ...........................................................................................................................219

Table 20: 802.1Q-Compliant Multiple VLAN Example .......................................................................................................276

Table 21: Mappings of MAC Addresses to Egress Ports Example ....................................................................................288

Table 22: Revised Example of Mappings of MAC Addresses to Egress Ports ..................................................................289

Table 23: Example of a MAC Address-based VLAN Spanning Switches ..........................................................................292

Table 24: ICMP Messages Implemented on the AT-9400 Switch .....................................................................................316

Table 25: IPv4 Routing Example .......................................................................................................................................324

Table 26: Access Control Lists (AtiStackSwitch MIB) ........................................................................................................490

Table 27: CoS Scheduling (AtiStackSwitch MIB) ..............................................................................................................491

Table 28: CoS Priority to Egress Queue Mappings (AtiStackSwitch MIB) ........................................................................491

Table 29: CoS Packet Weights of Egress Queues (AtiStackSwitch MIB) .........................................................................491

Table 30: CoS Port Settings (AtiStackSwitch MIB) ............................................................................................................491

Table 31: Date, Time, and SNTP Client (AtiStackSwitch MIB) ....................................................................

Table 32: LAN Address and Subnet Mask (AtiStackSwitch MIB) ......................................................................................493

Table 33: Denial of Service Defenses (AtiStackSwitch MIB) .............................................................................................493

Table 34: Switch Mode and Discovery (AtiStackInfo MIB) ................................................................................................494

Table 35: Switches of an Enhanced Stack (AtiStackInfo MIB) ..........................................................................................494

Table 36: GVFP Switch Configuration (AtiStackSwitch MIB) ............................................................................................495

Table 37: GVRP Port Configuration (AtiStackSwitch MIB) ................................................................................................495

Table 38: GVRP Counters (AtiStackSwitch MIB) ..............................................................................................................495

Table 39: MAC Address Table (AtiStackSwitch MIB) ........................................................................................................497

Table 40: Static MAC Address Table (AtiStackSwitch MIB) ..............................................................................................497

Table 41: Management Access Control List Status (AtiStackSwitch MIB) ........................................................................498

Table 42: Management Access Control List Entries (AtiStackSwitch MIB) .......................................................................498

Table 43: System Reset (AtiStackSwitch MIB) ..................................................................................................................499

Table 44: Local Interface (AtiStackSwitch MIB) .................................................................................................................499

Table 45: Saving the Configuration and Returning to Default Settings (AtiStackSwitch MIB) ...........................................499

Table 46: Port Mirroring (AtiStackSwitch MIB) ..................................................................................................................500

Table 47: Flow Groups (AtiStackSwitch MIB) ....................................................................................................................501

Table 48: Traffic Classes (AtiStackSwitch MIB) ................................................................................................................501

Table 49: Policies (AtiStackSwitch MIB) ............................................................................................................................502

......................492

Tables

Table 50: Port Configuration and Status (AtiStackSwitch MIB) ........................................................................................503

Table 51: Spanning Tree (AtiStackSwitch MIB) .................................................................................................................504

Table 52: Static Port Trunks (AtiStackSwitch MIB) ...........................................................................................................505

Table 53: VLAN Table (AtiStackSwitch MIB) .....................................................................................................................506

Table 54: VLAN Table (AtiStackSwitch MIB) .....................................................................................................................506

Table 55: VLAN Mode and Uplink Port (AtiStackSwitch MIB) ...........................................................................................506

Table 56: PVID Table (AtiStackSwitch MIB) ......................................................................................................................507

Preface

This guide describes the features of the AT-9400 Layer 2+ and Basic Layer 3 Gigabit Ethernet Switches and the AT-S63 Management Software.

This preface contains the following sections:

 “How This Guide is Organized” on page 18

 “Product Documentation” on page 20

 “Where to Go First” on page 21

 “Starting a Management Session” on page 22

 “Document Conventions” on page 23

 “Where to Find Web-based Guides” on page 24

 “Contacting Allied Telesis” on page 25

Caution

The software described in this documentation contains certain cryptographic functionality and its export is restricted by U.S. law. As of this writing, it has been submitted for review as a “retail encryption item” in accordance with the Export Administration Regulations, 15 C.F.R. Part 730-772, promulgated by the U.S. Department of Commerce, and conditionally may be exported in accordance with the pertinent terms of License Exception ENC (described in 15 C.F.R. Part 740.17). In no case may it be exported to Cuba, Iran, Iraq, Libya, North Korea, Sudan, or Syria. If you wish to transfer this software outside the United States or Canada, please contact your local Allied Telesis sales representative for current information on this product’s export status.

Preface

How This Guide is Organized

This guide has the following sections and chapters:

 Section I: Basic Operations

Chapter 1, “Overview” on page 29

Chapter 2, “Enhanced Stacking” on page 55

Chapter 3, “SNMPv1 and SNMPv2c” on page 65

Chapter 4, “MAC Address Table” on page 71

Chapter 5, “Static Port Trunks” on page 75

Chapter 6, “LACP Port Trunks” on page 81

Chapter 7, “Port Mirror” on page 93

 Section II: Advanced Operations

Chapter 8, “File System” on page 99

Chapter 9, “Event Logs and the Syslog Client” on page 105

Chapter 10, “Classifiers” on page 109

Chapter 11, “Access Control Lists” on page 119

Chapter 12, “Class of Service” on page 131

Chapter 13, “Quality of Service” on page 139

Chapter 14, “Denial of Service Defenses” on page 161

 Section III: Snooping Protocols

Chapter 15, “IGMP Snooping” on page 175

Chapter 16, “MLD Snooping” on page 179

Chapter 17, “RRP Snooping” on page 183

Chapter 18, “Ethernet Protection Switching Ring Snooping” on page 187

 Section IV: SNMPv3

Chapter 19, “SNMPv3” on page 197

AT-S63 Management Software Features Guide

 Section V: Spanning Tree Protocols

Chapter 20, “Spanning Tree and Rapid Spanning Tree Protocols” on page 213

Chapter 21, “Multiple Spanning Tree Protocol” on page 225

 Section VI: Virtual LANs

Chapter 22, “Port-based and Tagged VLANs” on page 247

Chapter 23, “GARP VLAN Registration Protocol” on page 261

Chapter 24, “Multiple VLAN Modes” on page 273

Chapter 25, “Protected Ports VLANs” on page 279

Chapter 26, “MAC Address-based VLANs” on page 285

 Section VII: Routing

Chapter 27, “Internet Protocol Version 4 Packet Routing” on page 299

Chapter 28, “BOOTP Relay Agent” on page 331

Chapter 29, “Virtual Router Redundancy Protocol” on page 337

 Section VIII: Port Security

Chapter 30, “MAC Address-based Port Security” on page 349

Chapter 31, “802.1x Port-based Network Access Control” on page 355

 Section IX: Management Security

Chapter 32, “Web Server” on page 381

Chapter 33, “Encryption Keys” on page 387

Chapter 34, “PKI Certificates and SSL” on page 397

Chapter 35, “Secure Shell (SSH)” on page 413

Chapter 36, “TACACS+ and RADIUS Protocols” on page 423

Chapter 37, “Management Access Control List” on page 431

 Appendices

Appendix A, “AT-S63 Management Software Default Settings” on page 439

Appendix B, “SNMPv3 Configuration Examples” on page 475

Appendix C, “Features and Standards” on page 481

Appendix D, “MIB Objects” on page 489

Preface

Product Documentation

For overview information on the features of the AT-9400 Switch and the AT-S63 Management Software, refer to:

 AT-S63 Management Software Features Guide

(PN 613-000801)

For instructions on starting a local or remote management session, refer to:

 Starting an AT-S63 Management Session Guide

(PN 613-000817)

For instructions on installing or managing stand-alone switches, refer to:

 AT-9400 Gigabit Ethernet Switch Installation Guide

(PN 613-000357)

 AT-S63 Management Software Menus Interface User’s Guide

(PN 613-50570-00)

 AT-S63 Management Software Command Line Interface User’s Guide

(PN 613-50571-00)

 AT-S63 Management Software Web Browser Interface User’s Guide

(PN 613-50592-00)

For instructions on installing or managing a stack of AT-9400 Basic Layer 3 Switches and the AT-StackXG Stacking Module, refer to:

 AT-9400 Stack Installation Guide

(PN 613-000796)

 AT-S63 Stack Command Line Interface User’s Guide

(PN 613-000777)

Where to Go First

AT-S63 Management Software Features Guide

Allied Telesis recommends that you read Chapter 1, “Overview” on page 29 in this guide before you begin to manage the switch for the first time. There you will find a variety of basic information about the unit and the management software, like the two levels of manager access levels and the different types of management sessions.

This guide is also your resource for background information on the features of the switch. You can refer here for the relevant concepts and guidelines when you configure a feature for the first time.

Preface

Starting a Management Session

For instructions on how to start a local or remote management session on the AT-9400 Switch, refer to the Starting an AT-S63 Management Session Guide.

Document Conventions

This document uses the following conventions:

AT-S63 Management Software Features Guide

Note

Notes provide additional information.

Caution

Cautions inform you that performing or omitting a specific action may result in equipment damage or loss of data.

Warning

Warnings inform you that performing or omitting a specific action may result in bodily injury.

Preface

Where to Find Web-based Guides

The installation and user guides for all Allied Telesis products are available in portable document format (PDF) on our web site at www.alliedtelesis.com. You can view the documents online or download them onto a local workstation or server.

AT-S63 Management Software Features Guide

Contacting Allied Telesis

This section provides Allied Telesis contact information for technical support as well as sales and corporate information.

Online Support You can request technical support online by accessing the Allied Telesis

Knowledge Base: http://kb.alliedteleisn.com. You can use the Knowledge Base to submit questions to our technical support staff and review answers to previously asked questions.

Email and Telephone

Support

Returning

Products

Sales or

Corporate

Information

Management

Software Updates

For Technical Support via email or telephone, refer to the Support & Services section of the Allied Telesis web site: www.alliedtelesis.com.

Products for return or repair must first be assigned a return materials authorization (RMA) number. A product sent to Allied Telesis without an RMA number will be returned to the sender at the sender’s expense.

To obtain an RMA number, contact Allied Telesis Technical Support through our web site: www.alliedtelesis.com.

You can contact Allied Telesis for sales or corporate information through our web site: www.alliedtelesis.com. To find the contact information for your country, select Contact Us -> Worldwide Contacts.

New releases of management software for our managed products are available from the following Internet sites:

 Allied Telesis web site: www.alliedtelesis.com

 Allied Telesis FTP server: ftp://ftp.alliedtelesis.com

FTP client software is required to download new software from the Allied Telesis FTP server using your workstation’s command prompt. Furthermore, you must log in to the server. The user name is “anonymous” and the password is your email address.

Preface

Section I

Basic Operations

The chapters in this section contain background information on basic switch features. The chapters include:

 Chapter 1, “Overview” on page 29

 Chapter 2, ”Enhanced Stacking” on page 55

 Chapter 3, ”SNMPv1 and SNMPv2c” on page 65

 Chapter 4, ”MAC Address Table” on page 71

 Chapter 5, ”Static Port Trunks” on page 75

 Chapter 6, “LACP Port Trunks” on page 81

 Chapter 7, ”Port Mirror” on page 93

Section I: Basic Operations 27

28 Section I: Basic Operations

Chapter 1 Overview

This chapter has the following sections:

 “Layer 2+ and Basic Layer 3 Switches” on page 30

 “AT-S63 Management Software” on page 35

 “Management Interfaces and Features” on page 36

 “Management Access Methods” on page 41

 “Manager Access Levels” on page 43

 “Installation and Management Configurations” on page 44

 “IP Configuration” on page 46

 “Redundant Twisted Pair Ports” on page 47

 “History of New Features” on page 49

Chapter 1: Overview

Layer 2+ and Basic Layer 3 Switches

The switches in the AT-9400 Gigabit Ethernet Series are divided into two groups:

 Layer 2+ Switches

– AT-9408LC/SP

– AT-9424T/GB

– AT-9424T/SP

 Basic Layer 3 Switches

– AT-9424T

– AT-9424Ts

– AT-9424Ts/XP

– AT-9448T/SP

– AT-9448Ts/XP

The switches of the two groups offer many of the same features and capabilities. However, there are a couple of significant differences. For instance, the Internet Protocol Version 4 packet routing feature is only supported on the Basic Layer 3 switches and is the reason for the group’s name. For a list of the supported features, refer to Table 1. The switches are numbered in the table as follows:

Layer 2+ switches:

 1 - AT-9408LC/SP

 2 - AT-9424T/GB

 3 - AT-9424T/SP

Basic Layer 3 switches:

 4 - AT-9424T

 5 - AT-9424Ts

 6 - AT-9424Ts/XP

 7 - AT-9448T/SP

 8 - AT-9448Ts/XP

The Stack column lists the features supported in a stack of Basic Layer 3 switches and the AT-StackXG Stacking Module. For more information, refer to “Stacking” on page 44.

(Y = supported feature)

+ 484 hidden pages

Allied Telesis AT-S63 User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

Contents

Figures

Tables

Preface

How This Guide is Organized

Product Documentation

Where to Go First

Starting a Management Session

Document Conventions

Where to Find Web-based Guides

Contacting Allied Telesis

Online Support You can request technical support online by accessing the Allied Telesis

Section I

Basic Operations

Chapter 1

Overview

Layer 2+ and Basic Layer 3 Switches