Asante Technologies 40240-40480-10G User Manual

Download

IntraCore 40240/40480-10G

Layer 3 Gigabit Stackable Ethernet Switch

User’s Manual

IC40240-10G/IC40480-10G

(P/N 99-00837/99-00836)

User’s Manual

sante Networks

47709 Fremont Blvd., Fremont, CA 94538 USA

SALES

408-435-8388

TECHNICAL SUPPORT

408-435-8388: Worldwide

www.asante.com/support

support@asante.com

Copyright © 2009 Asante. All rights reserved. No part of this document, or any associated artwork, product design, or design concept may be copied or reproduced in whole or in part by any means without the express written consent of

sante. Asante and IntraCore are registered trademarks and the Asante logo, AsanteCare, Auto-Uplink, and IntraCare are trademarks of Asante. All other brand names or product names are trademarks or registered trademarks of their respective holders. All features and specifications are subject to change without prior notice. Rev. D7.9 7/4/2009

Management Guide

IntraCore 40240-10G Gigabit Ethernet Switch

• Stackable Layer 3 Switch

• 20 10/100/1000BASE-T (RJ-45) Ports,

• 4 Gigabit Combination Ports (RJ-45/SFP),

• 2 10-Gigabit Extender Module Slots,

• 2 Stacking Ports

IntraCore 40480-10G Gigabit Ethernet Switch

• Stackable Layer 3 Switch

• 44 10/100/1000BASE-T (RJ-45) Ports,

• 4 Gigabit Combination Ports (RJ-45/SFP),

• 2 10-Gigabit Extender Module Slots,

• 2 Stacking Ports

IC40240-10G (99-00837) IC40480-10G (99-00836)

About This Manual

Purpose

This guide gives specific information on how to operate and use the management functions of the switch.

Audience

The guide is intended for use by network administrators who are responsible for operating and maintaining network equipment; consequently, it assumes a basic working knowledge of general switch functions, the Internet Protocol (IP), and Simple Network Management Protocol (SNMP).

Conventions

The following conventions are used throughout this guide to show information: Note: Emphasizes important information or calls your attention to related features or instructions. Caution: Alerts you to a potential hazard that could cause loss of data, or damage the system or equipment.

Warning: Alerts you to a potential hazard that could cause personal injury.

Related Publications

The following publication details the hardware features of the switch, including the physical and performance-related characteristics, and how to install the switch: The Installation Guide Also, as part of the switch’s software, there is an online web-based help that describes all management related features.

Revision History

This section summarizes the changes in each revision of this manual.

June 2009 Revision

This is the first release of this manual.

Contents

Section I: Getting Started

Chapter 1: Introduction 1-1

Key Features 1-1 Description of Software Features 1-2 System Defaults 1-7

Chapter 2: Initial Configuration 2-1

Connecting to the Switch 2-1

Configuration Options 2-1 Required Connections 2-2 Remote Connections 2-3

Stack Operations 2-3

Selecting the Stack Master 2-3 Selecting the Backup Unit 2-4 Recovering from Stack Failure or Topology Change 2-4

Broken Link for Line and Wrap-around Topologies 2-4 Resilient IP Interface for Management Access 2-5

Resilient Configuration 2-5 Renumbering the Stack 2-5 Ensuring Consistent Code is Used Across the Stack 2-5

Basic Configuration 2-6

Console Connection 2-6 Setting Passwords 2-7 Setting an IP Address 2-7

Manual Configuration 2-8

Dynamic Configuration 2-11 Enabling SNMP Management Access 2-13

Community Strings (for SNMP version 1 and 2c clients) 2-13

Trap Receivers 2-14

Configuring Access for SNMP Version 3 Clients 2-15

Managing System Files 2-15

Saving Configuration Settings 2-16

Section II: Switch Management

Chapter 3: Configuring the Switch 3-1

Using the Web Interface 3-1 Navigating the Web Browser Interface 3-2

Home Page 3-2 Configuration Options 3-3 Panel Display 3-3

iii

Contents

Main Menu 3-4

Chapter 4: Basic Management Tasks 4-1

Displaying System Information 4-1 Displaying Switch Hardware/Software Versions 4-3 Displaying Bridge Extension Capabilities 4-4 Setting the Switch’s IP Address (IP Version 4) 4-5

Manual Configuration 4-7 Using DHCP/BOOTP 4-8

Setting the Switch’s IP Address (IP Version 6) 4-9

Configuring an IPv6 Address 4-9 Configuring an IPv6 General Network Prefix 4-15

Configuring Neighbor Detection Protocol and Static Entries 4-17 Configuring Support for Jumbo Frames 4-21 Managing Firmware 4-21

Downloading System Software from a Server 4-22 Saving or Restoring Configuration Settings 4-24

Downloading Configuration Settings from a Server 4-25 Console Port Settings 4-26 Telnet Settings 4-28 Configuring Event Logging 4-30

System Log Configuration 4-30

Remote Log Configuration 4-31

Displaying Log Messages 4-33

Sending Simple Mail Transfer Protocol Alerts 4-33 Renumbering the Stack 4-35 Resetting the System 4-36 Setting the System Clock 4-36

Setting the Current Time 4-37

Configuring SNTP 4-37

Setting the Time Zone 4-39

Configuring Summer Time 4-40

Chapter 5: Simple Network Management Protocol 5-1

Enabling the SNMP Agent 5-2 Setting Community Access Strings 5-3 Specifying Trap Managers and Trap Types 5-4 Configuring SNMPv3 Management Access 5-7

Setting a Local Engine ID 5-7

Specifying a Remote Engine ID 5-8

Configuring SNMPv3 Users 5-9

Configuring Remote SNMPv3 Users 5-11

Configuring SNMPv3 Groups 5-13

Setting SNMPv3 Views 5-17

Contents

Chapter 6: User Authentication 6-1

Configuring User Accounts 6-1 Configuring Local/Remote Logon Authentication 6-2 Configuring HTTPS 6-5

Replacing the Default Secure-site Certificate 6-7

Configuring the Secure Shell 6-8

Generating the Host Key Pair 6-10 Importing User Public Keys 6-12

Configuring the SSH Server 6-14 Configuring Port Security 6-16 Configuring 802.1X Port Authentication 6-18

Displaying 802.1X Global Settings 6-19

Configuring 802.1X Global Settings 6-20

Configuring Port Settings for 802.1X 6-20

Displaying 802.1X Statistics 6-24 Filtering IP Addresses for Management Access 6-26

Chapter 7: Access Control Lists 7-1

Configuring Access Control Lists 7-1

Setting the ACL Name and Type 7-1

Configuring a Standard IPv4 ACL 7-2

Configuring an Extended IPv4 ACL 7-3

Configuring a MAC ACL 7-6

Configuring a Standard IPv6 ACL 7-7

Configuring an Extended IPv6 ACL 7-8 Binding a Port to an Access Control List 7-11

Chapter 8: Port Configuration 8-1

Displaying Connection Status 8-1 Configuring Interface Connections 8-3 Creating Trunk Groups 8-6

Statically Configuring a Trunk 8-7

Enabling LACP on Selected Ports 8-8

Configuring LACP Parameters 8-10

Displaying LACP Port Counters 8-13

Displaying LACP Settings and Status for the Local Side 8-14

Displaying LACP Settings and Status for the Remote Side 8-16 Setting Broadcast Storm Thresholds 8-17 Configuring Port Mirroring 8-19 Configuring Rate Limits 8-20 Showing Port Statistics 8-22

Chapter 9: Address Table Settings 9-1

Setting Static Addresses 9-1 Displaying the Address Table 9-2 Changing the Aging Time 9-4

Contents

Chapter 10: Spanning Tree Algorithm 10-1

Displaying Global Settings 10-3 Configuring Global Settings 10-6 Displaying Interface Settings 10-10 Configuring Interface Settings 10-13 Configuring Multiple Spanning Trees 10-16 Displaying Interface Settings for MSTP 10-19 Configuring Interface Settings for MSTP 10-20

Chapter 11: VLAN Configuration 11-1

IEEE 802.1Q VLANs 11-1

Enabling or Disabling GVRP (Global Setting) 11-4 Displaying Basic VLAN Information 11-4 Displaying Current VLANs 11-5 Creating VLANs 11-6 Adding Static Members to VLANs (VLAN Index) 11-7 Adding Static Members to VLANs (Port Index) 11-9 Configuring VLAN Behavior for Interfaces 11-10

Configuring IEEE 802.1Q Tunneling 11-12

Enabling QinQ Tunneling on the Switch 11-16 Adding an Interface to a QinQ Tunnel 11-17

Configuring Private VLANs 11-18

Enabling Private VLANs 11-19 Configuring Uplink and Downlink Ports 11-19

Configuring Protocol-Based VLANs 11-20

Configuring Protocol Groups 11-20 Mapping Protocols to VLANs 11-21

Chapter 12: Link Layer Discovery Protocol 12-1

Setting Basic LLDP Timing Attributes 12-1 Configuring LLDP Interface Attributes 12-3 Displaying LLDP Local Device Information 12-5 Displaying LLDP Remote Port Information 12-8 Displaying LLDP Remote Information Details 12-9 Displaying Device Statistics 12-11 Displaying Detailed Device Statistics 12-13

Chapter 13: Class of Service 13-1

Layer 2 Queue Settings 13-1

Setting the Default Priority for Interfaces 13-1 Mapping CoS Values to Egress Queues 13-3 Selecting the Queue Mode 13-5 Setting the Service Weight for Traffic Classes 13-6

Layer 3/4 Priority Settings 13-7

Mapping Layer 3/4 Priorities to CoS Values 13-7 Selecting IP Precedence/DSCP Priority 13-7

Contents

Mapping IP Precedence 13-8

Mapping DSCP Priority 13-10

Mapping IP Port Priority 13-11

Chapter 14: Quality of Service 14-1

Configuring Quality of Service Parameters 14-1

Configuring a Class Map 14-2

Creating QoS Policies 14-4

Attaching a Policy Map to Ingress Queues 14-7

Chapter 15: Multicast Filtering 15-1

Layer 2 IGMP (Snooping and Query) 15-2

Configuring IGMP Snooping and Query Parameters 15-3

Enabling IGMP Immediate Leave 15-5

Displaying Interfaces Attached to a Multicast Router 15-6

Specifying Static Interfaces for a Multicast Router 15-7

Displaying Port Members of Multicast Services 15-8

Assigning Ports to Multicast Services 15-9

Chapter 16: Domain Name Service 16-1

Configuring General DNS Service Parameters 16-1 Configuring Static DNS Host to Address Entries 16-3 Displaying the DNS Cache 16-5

Chapter 17: Dynamic Host Configuration Protocol 17-1

Configuring DHCP Relay Service 17-1 Configuring the DHCP Server 17-2

Enabling the Server, Setting Excluded Addresses 17-3

Configuring Address Pools 17-4

Displaying Address Bindings 17-9

Chapter 18: Configuring Router Redundancy 18-1

Virtual Router Redundancy Protocol 18-2

Configuring VRRP Groups 18-2

Displaying VRRP Global Statistics 18-7

Displaying VRRP Group Statistics 18-8

Chapter 19: IP Routing 19-1

Overview 19-1

Initial Configuration 19-1 IP Switching 19-2

Routing Path Management 19-3

Routing Protocols 19-4 Basic IP Interface Configuration 19-4 Configuring IP Routing Interfaces 19-5 Address Resolution Protocol 19-8

Basic ARP Configuration 19-9

Configuring Static ARP Addresses 19-11

vii

Contents

Displaying Dynamically Learned ARP Entries 19-12 Displaying Local ARP Entries 19-13 Displaying ARP Statistics 19-14

Displaying Statistics for IP Protocols 19-16

IP Statistics 19-16 ICMP Statistics 19-17 UDP Statistics 19-19

TCP Statistics 19-20 Configuring Static Routes 19-21 Displaying the Routing Table 19-22

Chapter 20: Unicast Routing 20-1

Configuring the Routing Information Protocol 20-2

Configuring General Protocol Settings 20-3

Specifying Network Interfaces for RIP 20-5

Configuring Network Interfaces for RIP 20-6

Redistributing Routing Information from Other Domains 20-9

Displaying RIP Information and Statistics 20-11 Configuring the Open Shortest Path First Protocol 20-14

Configuring General Protocol Settings 20-15

Configuring OSPF Areas 20-19

Configuring Area Ranges (Route Summarization for ABRs) 20-23

Configuring OSPF Interfaces 20-25

Configuring Virtual Links 20-29

Configuring Network Area Addresses 20-31

Configuring Summary Addresses (for External AS Routes) 20-33

Redistributing External Routes 20-35

Configuring NSSA Settings 20-36

Displaying Link State Database Information 20-38

Displaying Information on Border Routers 20-40

Displaying Information on Neighbor Routers 20-41

Section III: Command Line Interface

Chapter 21: Overview of the Command Line Interface 21-1

Using the Command Line Interface 21-1

Accessing the CLI 21-1

Console Connection 21-1

Telnet Connection 21-1 Entering Commands 21-3

Keywords and Arguments 21-3

Minimum Abbreviation 21-3

Command Completion 21-3

Getting Help on Commands 21-3

Showing Commands 21-4

viii

Contents

Partial Keyword Lookup 21-5 Negating the Effect of Commands 21-5 Using Command History 21-5 Understanding Command Modes 21-6 Exec Commands 21-6 Configuration Commands 21-7 Command Line Processing 21-9

Command Groups 21-10

Chapter 22: General Commands 22-1

enable 22-1 disable 22-2 configure 22-2 show history 22-3 reload 22-4 prompt 22-4 end 22-4 exit 22-5 quit 22-5

Chapter 23: System Management Commands 23-1

Device Designation Commands 23-1

hostname 23-1 switch renumber 23-2

System Status Commands 23-3

show startup-config 23-3 show running-config 23-5 show system 23-7 show users 23-8 show version 23-8

Frame Size Commands 23-9

jumbo frame 23-9

File Management Commands 23-10

copy 23-11 delete 23-13 dir 23-14 whichboot 23-15 boot system 23-16

Line Commands 23-17

line 23-17 login 23-18 password 23-19 timeout login response 23-20 exec-timeout 23-20 password-thresh 23-21 silent-time 23-22

Contents

databits 23-22

parity 23-23

speed 23-23

stopbits 23-24

disconnect 23-24

show line 23-25 Event Logging Commands 23-26

logging on 23-26

logging history 23-27

logging host 23-28

logging facility 23-28

logging trap 23-29

clear log 23-29

show logging 23-30

show log 23-31 SMTP Alert Commands 23-32

logging sendmail host 23-32

logging sendmail level 23-33

logging sendmail source-email 23-33

logging sendmail destination-email 23-34

logging sendmail 23-34

show logging sendmail 23-35 Time Commands 23-35

sntp client 23-36

sntp server 23-37

sntp poll 23-37

sntp update-time 23-38

show sntp 23-38

clock timezone 23-39

clock timezone-predefined 23-39

clock summer-time (date) 23-40

clock summer-time (predefined) 23-41

clock summer-time (recurring) 23-42

show clock 23-43

calendar set 23-44

show calendar 23-44

Chapter 24: SNMP Commands 24-1

snmp-server 24-2 show snmp 24-2 snmp-server community 24-3 snmp-server contact 24-4 snmp-server location 24-4 snmp-server host 24-5 snmp-server enable traps 24-7

Contents

snmp-server engine-id 24-8 show snmp engine-id 24-9 snmp-server view 24-10 show snmp view 24-11 snmp-server group 24-11 show snmp group 24-12 snmp-server user 24-14 show snmp user 24-15

Chapter 25: User Authentication Commands 25-1

User Account Commands 25-1

username 25-2 enable password 25-3

Authentication Sequence 25-4

authentication login 25-4 authentication enable 25-5

RADIUS Client 25-6

radius-server host 25-6 radius-server port 25-7 radius-server key 25-7 radius-server retransmit 25-8 radius-server timeout 25-8 show radius-server 25-8

TACACS+ Client 25-9

tacacs-server host 25-9 tacacs-server port 25-10 tacacs-server key 25-10 show tacacs-server 25-11

Web Server Commands 25-11

ip http port 25-11 ip http server 25-12 ip http secure-server 25-12 ip http secure-port 25-13

Telnet Server Commands 25-14

ip telnet server 25-14

Secure Shell Commands 25-15

ip ssh server 25-17 ip ssh timeout 25-18 ip ssh authentication-retries 25-19 ip ssh server-key size 25-19 delete public-key 25-20 ip ssh crypto host-key generate 25-20 ip ssh crypto zeroize 25-21 ip ssh save host-key 25-21 show ip ssh 25-22

Contents

show ssh 25-22

show public-key 25-23 Port Security Commands 25-24

port security 25-25

802.1X Port Authentication 25-26

dot1x system-auth-control 25-27

dot1x default 25-27

dot1x max-req 25-27

dot1x port-control 25-28

dot1x operation-mode 25-29

dot1x re-authenticate 25-30

dot1x re-authentication 25-30

dot1x timeout quiet-period 25-31

dot1x timeout re-authperiod 25-31

dot1x timeout tx-period 25-32

show dot1x 25-32 Management IP Filter Commands 25-35

management 25-35

show management 25-36

Chapter 26: Access Control List Commands 26-1

IPv4 ACLs 26-1

access-list ip 26-2

permit, deny (Standard IPv4 ACL) 26-2

permit, deny (Extended IPv4 ACL) 26-3

show ip access-list 26-5

ip access-group 26-6

show ip access-group 26-6 IPv6 ACLs 26-7

access-list ipv6 26-7

permit, deny (Standard IPv6 ACL) 26-8

permit, deny (Extended IPv6 ACL) 26-9

show ipv6 access-list 26-11

ipv6 access-group 26-11

show ipv6 access-group 26-12 MAC ACLs 26-12

access-list mac 26-12

permit, deny (MAC ACL) 26-13

show mac access-list 26-15

mac access-group 26-15

show mac access-group 26-16 ACL Information 26-16

show access-list 26-16

show access-group 26-17

xii

Contents

Chapter 27: Interface Commands 27-1

interface 27-1 description 27-2 speed-duplex 27-3 negotiation 27-4 capabilities 27-4 flowcontrol 27-5 media-type 27-6 shutdown 27-7 switchport broadcast packet-rate 27-7 clear counters 27-8 show interfaces status 27-9 show interfaces counters 27-10 show interfaces switchport 27-11

Chapter 28: Link Aggregation Commands 28-1

channel-group 28-2 lacp 28-3 lacp system-priority 28-4 lacp admin-key (Ethernet Interface) 28-5 lacp admin-key (Port Channel) 28-6 lacp port-priority 28-6 show lacp 28-7

Chapter 29: Mirror Port Commands 29-1

port monitor 29-1 show port monitor 29-2

Chapter 30: Rate Limit Commands 30-1

rate-limit 30-1

Chapter 31: Address Table Commands 31-1

mac-address-table static 31-1 clear mac-address-table dynamic 31-2 show mac-address-table 31-3 mac-address-table aging-time 31-4 show mac-address-table aging-time 31-4

Chapter 32: LLDP Commands 32-1

lldp 32-2 lldp holdtime-multiplier 32-3 lldp notification-interval 32-3 lldp refresh-interval 32-4 lldp reinit-delay 32-5 lldp tx-delay 32-5 lldp admin-status 32-6 lldp notification 32-6

xiii

Contents

lldp basic-tlv management-ip-address 32-7 lldp basic-tlv port-description 32-8 lldp basic-tlv system-capabilities 32-8 lldp basic-tlv system-description 32-9 lldp basic-tlv system-name 32-9 lldp dot1-tlv proto-ident 32-10 lldp dot1-tlv proto-vid 32-10 lldp dot1-tlv pvid 32-11 lldp dot1-tlv vlan-name 32-11 lldp dot3-tlv link-agg 32-12 lldp dot3-tlv mac-phy 32-12 lldp dot3-tlv max-frame 32-13 lldp dot3-tlv poe 32-13 show lldp config 32-14 show lldp info local-device 32-15 show lldp info remote-device 32-16 show lldp info statistics 32-18

Chapter 33: Spanning Tree Commands 33-1

spanning-tree 33-2 spanning-tree mode 33-2 spanning-tree forward-time 33-4 spanning-tree hello-time 33-4 spanning-tree max-age 33-5 spanning-tree priority 33-6 spanning-tree pathcost method 33-6 spanning-tree transmission-limit 33-7 spanning-tree mst-configuration 33-7 mst vlan 33-8 mst priority 33-9 name 33-9 revision 33-10 max-hops 33-11 spanning-tree spanning-disabled 33-11 spanning-tree cost 33-12 spanning-tree port-priority 33-13 spanning-tree edge-port 33-13 spanning-tree portfast 33-14 spanning-tree link-type 33-15 spanning-tree mst cost 33-16 spanning-tree mst port-priority 33-17 spanning-tree protocol-migration 33-17 show spanning-tree 33-18 show spanning-tree mst configuration 33-20

xiv

Contents

Chapter 34: VLAN Commands 34-1

GVRP and Bridge Extension Commands 34-1

bridge-ext gvrp 34-2 show bridge-ext 34-2 switchport gvrp 34-3 show gvrp configuration 34-3 garp timer 34-4 show garp timer 34-5

Editing VLAN Groups 34-5

vlan database 34-5 vlan 34-6

Configuring VLAN Interfaces 34-7

interface vlan 34-7 switchport mode 34-8 switchport acceptable-frame-types 34-9 switchport ingress-filtering 34-9 switchport native vlan 34-10 switchport allowed vlan 34-11 switchport forbidden vlan 34-12

Displaying VLAN Information 34-12

show vlan 34-13

Configuring IEEE 802.1Q Tunneling 34-14

dot1q-tunnel system-tunnel-control 34-15 switchport dot1q-tunnel mode 34-15 switchport dot1q-tunnel tpid 34-16 show dot1q-tunnel 34-17

Configuring Private VLANs 34-18

pvlan 34-18 show pvlan 34-19

Configuring Protocol-based VLANs 34-20

protocol-vlan protocol-group (Configuring Groups) 34-20 protocol-vlan protocol-group (Configuring Interfaces) 34-21 show protocol-vlan protocol-group 34-22 show interfaces protocol-vlan protocol-group 34-22

Chapter 35: Class of Service Commands 35-1

Priority Commands (Layer 2) 35-1

queue mode 35-2 switchport priority default 35-3 queue bandwidth 35-4 queue cos-map 35-4 show queue mode 35-5 show queue bandwidth 35-6 show queue cos-map 35-6

Contents

Priority Commands (Layer 3 and 4) 35-7

map ip port (Global Configuration) 35-7

map ip port (Interface Configuration) 35-8

map ip precedence (Global Configuration) 35-8

map ip precedence (Interface Configuration) 35-9

map ip dscp (Global Configuration) 35-10

map ip dscp (Interface Configuration) 35-10

show map ip port 35-11

show map ip precedence 35-12

show map ip dscp 35-13

Chapter 36: Quality of Service Commands 36-1

class-map 36-2 match 36-3 rename 36-4 description 36-4 policy-map 36-5 class 36-5 set 36-6 police 36-7 service-policy 36-8 show class-map 36-9 show policy-map 36-9 show policy-map interface 36-10

Chapter 37: Multicast Filtering Commands 37-1

IGMP Snooping Commands 37-1

ip igmp snooping 37-1

ip igmp snooping vlan static 37-2

ip igmp snooping version 37-2

ip igmp snooping immediate-leave 37-3

show ip igmp snooping 37-4

show mac-address-table multicast 37-4 IGMP Query Commands 37-5

ip igmp snooping querier 37-5

ip igmp snooping query-count 37-6

ip igmp snooping query-interval 37-7

ip igmp snooping query-max-response-time 37-7

ip igmp snooping router-port-expire-time 37-8 Static Multicast Routing Commands 37-9

ip igmp snooping vlan mrouter 37-9

show ip igmp snooping mrouter 37-10

Chapter 38: Domain Name Service Commands 38-1

ip host 38-1 clear host 38-2

xvi

Contents

ip domain-name 38-3 ip domain-list 38-3 ip name-server 38-4 ip domain-lookup 38-5 show hosts 38-6 show dns 38-7 show dns cache 38-7 clear dns cache 38-8

Chapter 39: DHCP Commands 39-1

DHCP Client 39-1

ip dhcp client-identifier 39-1 ip dhcp restart client 39-2

DHCP Relay 39-3

ip dhcp restart relay 39-3 ip dhcp relay server 39-4

DHCP Server 39-5

service dhcp 39-5 ip dhcp excluded-address 39-6 ip dhcp pool 39-6 network 39-7 default-router 39-8 domain-name 39-8 dns-server 39-9 next-server 39-9 bootfile 39-10 netbios-name-server 39-10 netbios-node-type 39-11 lease 39-11 host 39-12 client-identifier 39-13 hardware-address 39-14 clear ip dhcp binding 39-14 show ip dhcp binding 39-15

Chapter 40: Router Redundancy Commands 40-1

Virtual Router Redundancy Protocol Commands 40-1

vrrp ip 40-2 vrrp authentication 40-3 vrrp priority 40-3 vrrp timers advertise 40-4 vrrp preempt 40-5 show vrrp 40-6 show vrrp interface 40-8 show vrrp router counters 40-9 show vrrp interface counters 40-9

xvii

Contents

clear vrrp router counters 40-10

clear vrrp interface counters 40-10

Chapter 41: IP Interface Commands 41-1

Basic IP Configuration 41-1

ip address 41-3

ip default-gateway 41-4

show ip interface 41-5

show ip redirects 41-5

ping 41-6

ipv6 enable 41-7

ipv6 general-prefix 41-8

show ipv6 general-prefix 41-9

ipv6 address 41-9

ipv6 address autoconfig 41-10

ipv6 address eui-64 41-12

ipv6 address link-local 41-13

show ipv6 interface 41-14

ipv6 default-gateway 41-17

show ipv6 default-gateway 41-17

ipv6 mtu 41-18

show ipv6 mtu 41-19

show ipv6 traffic 41-19

clear ipv6 traffic 41-25

ping ipv6 41-25

ipv6 neighbor 41-26

ipv6 nd dad attempts 41-27

ipv6 nd ns interval 41-29

show ipv6 neighbors 41-30

clear ipv6 neighbors 41-32 Address Resolution Protocol (ARP) 41-32

arp 41-32

arp timeout 41-33

clear arp-cache 41-34

show arp 41-34

ip proxy-arp 41-35

Chapter 42: IP Routing Commands 42-1

Global Routing Configuration 42-1

ip routing 42-1

ip route 42-2

clear ip route 42-3

show ip route 42-3

show ip host-route 42-4

show ip traffic 42-5

xviii

Contents

Routing Information Protocol (RIP) 42-5

router rip 42-6 default-metric 42-7 timers basic 42-8 network 42-9 neighbor 42-9 version 42-10 redistribute 42-11 ip rip receive version 42-12 ip rip send version 42-13 ip split-horizon 42-14 ip rip authentication key 42-14 ip rip authentication mode 42-15 show rip globals 42-16 show ip rip 42-16

Open Shortest Path First (OSPF) 42-18

router ospf 42-19 router-id 42-20 compatible rfc1583 42-20 default-information originate 42-21 timers spf 42-22 area range 42-23 area default-cost 42-24 summary-address 42-24 redistribute 42-25 network area 42-26 area stub 42-27 area nssa 42-28 area virtual-link 42-30 ip ospf authentication 42-32 ip ospf authentication-key 42-33 ip ospf message-digest-key 42-34 ip ospf cost 42-35 ip ospf dead-interval 42-36 ip ospf hello-interval 42-36 ip ospf priority 42-37 ip ospf retransmit-interval 42-38 ip ospf transmit-delay 42-38 show ip ospf 42-39 show ip ospf border-routers 42-40 show ip ospf database 42-41 show ip ospf interface 42-49 show ip ospf neighbor 42-50 show ip ospf summary-address 42-51 show ip ospf virtual-links 42-51

xix

Contents

Section IV: Appendices

Appendix A: Software Specifications A-1

Software Features A-1 Management Features A-2 Standards A-2 Management Information Bases A-3

Appendix B: Troubleshooting B-1

Problems Accessing the Management Interface B-1 Using System Logs B-2

Glossary

Index

Tables

Table 1-1 Key Features 1-1 Table 1-2 System Defaults 1-7 Table 3-1 Web Page Configuration Buttons 3-3 Table 3-2 Switch Main Menu 3-4 Table 4-1 Logging Levels 4-30 Table 5-1 SNMPv3 Security Models and Levels 5-2 Table 5-2 Supported Notification Messages 5-14 Table 6-1 HTTPS System Support 6-6 Table 6-2 802.1X Statistics 6-24 Table 8-1 LACP Port Counters 8-13 Table 8-2 LACP Internal Configuration Information 8-14 Table 8-3 LACP Neighbor Configuration Information 8-16 Table 8-4 Port Statistics 8-22 Table 10-4 Recommended STA Path Cost Range 10-14 Table 10-5 Default STA Path Costs 10-14 Table 10-9 Recommended STA Path Cost Range 10-21 Table 10-10 Default STA Path Costs 10-21 Table 13-1 Mapping CoS Values to Egress Queues 13-3 Table 13-2 CoS Priority Levels 13-3 Table 13-3 Mapping IP Precedence 13-8 Table 13-4 Mapping DSCP Priority 13-10 Table 19-1 Address Resolution Protocol 19-8 Table 19-2 ARP Statistics 19-14 Table 19-3 IP Statistics 19-16 Table 19-4 ICMP Statistics 19-17 Table 19-5 USP Statistics 19-19 Table 19-6 TCP Statistics 19-20 Table 20-1 RIP Information and Statistics 20-11 Table 21-1 General Command Modes 21-6 Table 21-2 Configuration Command Modes 21-8 Table 21-3 Keystroke Commands 21-9 Table 21-4 Command Group Index 21-10 Table 22-1 General Commands 22-1 Table 23-1 System Management Commands 23-1 Table 23-2 Device Designation Commands 23-1 Table 23-3 System Status Commands 23-3 Table 23-4 Frame Size Commands 23-9 Table 23-5 Flash/File Commands 23-10 Table 23-6 File Directory Information 23-15 Table 23-7 Line Commands 23-17 Table 23-8 Event Logging Commands 23-26 Table 23-9 Logging Levels 23-27

xxi

Ta b le s

Table 23-10 show logging flash/ram - display description 23-30 Table 23-11 show logging trap - display description 23-31 Table 23-12 SMTP Alert Commands 23-32 Table 23-13 Time Commands 23-35 Table 24-1 SNMP Commands 24-1 Table 24-2 show snmp engine-id - display description 24-9 Table 24-3 show snmp view - display description 24-11 Table 24-4 show snmp group - display description 24-13 Table 24-5 show snmp user - display description 24-15 Table 25-1 Authentication Commands 25-1 Table 25-2 User Access Commands 25-1 Table 25-3 Default Login Settings 25-2 Table 25-4 Authentication Sequence Commands 25-4 Table 25-5 RADIUS Client Commands 25-6 Table 25-6 TACACS+ Client Commands 25-9 Table 25-7 Web Server Commands 25-11 Table 25-8 HTTPS System Support 25-13 Table 25-9 Telnet Server Commands 25-14 Table 25-10 Secure Shell Commands 25-15 Table 25-11 show ssh - display description 25-22 Table 25-12 Port Security Commands 25-24 Table 25-13 802.1X Port Authentication Commands 25-26 Table 25-14 IP Filter Commands 25-35 Table 26-1 Access Control List Commands 26-1 Table 26-2 IPv4 ACL Commands 26-1 Table 26-3 IPv6 ACL Commands 26-7 Table 26-4 MAC ACL Commands 26-12 Table 26-5 ACL Information Commands 26-16 Table 27-1 Interface Commands 27-1 Table 27-2 show interfaces switchport - display description 27-11 Table 28-1 Link Aggregation Commands 28-1 Table 28-2 show lacp counters - display description 28-8 Table 28-3 show lacp internal - display description 28-8 Table 28-4 show lacp neighbors - display description 28-9 Table 28-5 show lacp sysid - display description 28-10 Table 29-1 Mirror Port Commands 29-1 Table 30-1 Rate Limit Commands 30-1 Table 31-1 Address Table Commands 31-1 Table 33-1 Spanning Tree Commands 33-1 Table 33-2 Recommended STA Path Cost Range 33-12 Table 33-3 Default STA Path Costs 33-12 Table 34-1 VLAN Commands 34-1 Table 34-2 GVRP and Bridge Extension Commands 34-1 Table 34-3 Commands for Editing VLAN Groups 34-5 Table 34-4 Commands for Configuring VLAN Interfaces 34-7

xxii

Ta b le s

Table 34-5 Commands for Displaying VLAN Information 34-12 Table 34-7 Private VLAN Commands 34-18 Table 34-8 Protocol-based VLAN Commands 34-20 Table 35-1 Priority Commands 35-1 Table 35-2 Priority Commands (Layer 2) 35-1 Table 35-3 Default CoS Priority Levels 35-5 Table 35-4 Priority Commands (Layer 3 and 4) 35-7 Table 35-5 Mapping IP Precedence to CoS Values 35-9 Table 35-6 Mapping IP DSCP to CoS Values 35-11 Table 36-1 Quality of Service Commands 36-1 Table 37-1 Multicast Filtering Commands 37-1 Table 37-2 IGMP Snooping Commands 37-1 Table 37-3 IGMP Query Commands 37-5 Table 37-4 Static Multicast Routing Commands 37-9 Table 38-1 DNS Commands 38-1 Table 38-2 show dns cache - display description 38-7 Table 39-1 DHCP Commands 39-1 Table 39-2 DHCP Client Commands 39-1 Table 39-3 DHCP Relay Commands 39-3 Table 39-4 DHCP Server Commands 39-5 Table 40-1 Router Redundancy Commands 40-1 Table 40-2 VRRP Commands 40-1 Table 40-3 show vrrp - display description 40-7 Table 40-4 show vrrp brief - display description 40-8 Table 41-1 IP Interface Commands 41-1 Table 41-2 Basic IP Configuration Commands 41-1 Table 41-3 show ipv6 interface - display description 41-15 Table 41-4 show ipv6 mtu - display description 41-19 Table 41-5 show ipv6 traffic - display description 41-21 Table 41-6 show ipv6 neighbors - display description 41-31 Table 41-7 Address Resolution Protocol Commands 41-32 Table 42-1 IP Routing Commands 42-1 Table 42-2 Global Routing Configuration Commands 42-1 Table 42-3 show ip route - display description 42-4 Table 42-4 show ip host-route - display description 42-4 Table 42-5 Routing Information Protocol Commands 42-5 Table 42-6 show rip globals - display description 42-16 Table 42-7 show ip rip - display description 42-17 Table 42-8 Open Shortest Path First Commands 42-18 Table 42-9 show ip ospf - display description 42-39 Table 42-10 show ip ospf border-routers - display description 42-40 Table 42-11 show ip ospf database - display description 42-42 Table 42-12 show ip ospf asbr-summary - display description 42-43 Table 42-13 show ip ospf database-summary - display description 42-44 Table 42-14 show ip ospf external - display description 42-45

xxiii

Ta b le s

Table 42-15 show ip ospf network - display description 42-46 Table 42-16 show ip ospf router - display description 42-47 Table 42-17 show ip ospf summary - display description 42-48 Table 42-18 show ip ospf interface - display description 42-49 Table 42-19 show ip ospf neighbor - display description 42-50 Table 42-20 show ip ospf virtual-links - display description 42-51 Table B-1 Troubleshooting Chart B-1

xxiv

Figures

Figure 3-1 Home Page 3-2 Figure 3-2 Front Panel Indicators 3-3 Figure 4-1 System Information 4-2 Figure 4-2 Switch Information 4-3 Figure 4-3 Displaying Bridge Extension Configuration 4-5 Figure 4-4 IPv4 Interface Configuration - Manual 4-7 Figure 4-5 Default Gateway 4-7 Figure 4-6 IPv4 Interface Configuration - DHCP 4-8 Figure 4-7 IPv6 Interface Configuration 4-14 Figure 4-8 IPv6 General Prefix Configuration 4-16 Figure 4-9 IPv6 Neighbor Detection and Neighbor Cache 4-19 Figure 4-10 Configuring Support for Jumbo Frames 4-21 Figure 4-11 Copy Firmware 4-22 Figure 4-12 Setting the Startup Code 4-23 Figure 4-13 Deleting Files 4-23 Figure 4-14 Downloading Configuration Settings for Start-Up 4-25 Figure 4-15 Setting the Startup Configuration Settings 4-25 Figure 4-16 Configuring the Console Port 4-27 Figure 4-17 Configuring the Telnet Interface 4-29 Figure 4-18 System Logs 4-31 Figure 4-19 Remote Logs 4-32 Figure 4-20 Displaying Logs 4-33 Figure 4-21 Enabling and Configuring SMTP Alerts 4-34 Figure 4-22 Renumbering the Stack 4-36 Figure 4-23 Resetting the System 4-36 Figure 4-24 Current Time 4-37 Figure 4-25 SNTP Configuration 4-38 Figure 4-26 Clock Time Zone 4-39 Figure 4-27 Summer Time 4-41 Figure 5-1 Enabling the SNMP Agent 5-2 Figure 5-2 Configuring SNMP Community Strings 5-3 Figure 5-3 Configuring SNMP Trap Managers 5-6 Figure 5-4 Setting the SNMPv3 Engine ID 5-7 Figure 5-5 Setting an Engine ID 5-8 Figure 5-6 Configuring SNMPv3 Users 5-10 Figure 5-7 Configuring Remote SNMPv3 Users 5-12 Figure 5-8 Configuring SNMPv3 Groups 5-16 Figure 5-9 Configuring SNMPv3 Views 5-17 Figure 6-1 User Accounts 6-2 Figure 6-2 Authentication Server Settings 6-4 Figure 6-3 HTTPS Settings 6-6 Figure 6-4 HTTPS Settings 6-7

xxv

Figures

Figure 6-5 SSH Host-Key Settings 6-11 Figure 6-6 SSH User Public-Key Settings 6-13 Figure 6-7 SSH Server Settings 6-15 Figure 6-8 Port Security 6-17 Figure 6-9 802.1X Global Information 6-19 Figure 6-10 802.1X Global Configuration 6-20 Figure 6-11 802.1X Port Configuration 6-22 Figure 6-12 802.1X Port Statistics 6-25 Figure 6-13 IP Filter 6-27 Figure 7-1 Selecting ACL Type 7-2 Figure 7-2 ACL Configuration - Standard IPv4 7-3 Figure 7-3 ACL Configuration - Extended IPv4 7-5 Figure 7-4 ACL Configuration - MAC 7-7 Figure 7-5 ACL Configuration - Standard IPv6 7-8 Figure 7-6 ACL Configuration - Extended IPv6 7-10 Figure 7-7 ACL Port Binding 7-11 Figure 8-1 Port - Port Information 8-1 Figure 8-2 Port - Port Configuration 8-5 Figure 8-3 Static Trunk Configuration 8-7 Figure 8-4 LACP Trunk Configuration 8-9 Figure 8-5 LACP - Aggregation Port 8-11 Figure 8-6 LACP - Port Counters Information 8-13 Figure 8-7 LACP - Port Internal Information 8-15 Figure 8-8 LACP - Port Neighbors Information 8-16 Figure 8-9 Port Broadcast Control 8-18 Figure 8-10 Mirror Port Configuration 8-19 Figure 8-11 Rate Limit Configuration 8-21 Figure 8-12 Port Statistics 8-25 Figure 9-1 Static Addresses 9-2 Figure 9-2 Dynamic Addresses 9-3 Figure 9-3 Address Aging 9-4 Figure 10-1 STA Information 10-4 Figure 10-2 STA Global Configuration 10-9 Figure 10-3 STA Port Information 10-12 Figure 10-6 STA Port Configuration 10-15 Figure 10-7 MSTP VLAN Configuration 10-17 Figure 10-8 MSTP Port Information 10-19 Figure 10-11 MSTP Port Configuration 10-21 Figure 11-1 Globally Enabling GVRP 11-4 Figure 11-2 VLAN Basic Information 11-4 Figure 11-3 VLAN Current Table 11-5 Figure 11-4 VLAN Static List - Creating VLANs 11-7 Figure 11-5 VLAN Static Table - Adding Static Members 11-8 Figure 11-6 VLAN Static Membership by Port 11-9 Figure 11-7 VLAN Port Configuration 11-11

xxvi

Figures

Figure 11-1 802.1Q Tunnel Status and Ethernet Type 11-16 Figure 11-2 Tunnel Port Configuration 11-18 Figure 11-8 Private VLAN Status 11-19 Figure 11-9 Private VLAN Link Status 11-19 Figure 11-10 Protocol VLAN Configuration 11-21 Figure 11-11 Protocol VLAN Port Configuration 11-22 Figure 12-4 LLDP Configuration 12-2 Figure 12-5 LLDP Port Configuration 12-4 Figure 12-6 LLDP Local Device Information 12-7 Figure 12-7 LLDP Remote Port Information 12-8 Figure 12-8 LLDP Remote Information Details 12-10 Figure 12-9 LLDP Device Statistics 12-12 Figure 12-10 LLDP Device Statistics Details 12-13 Figure 13-1 Default Port Priority 13-2 Figure 13-2 Traffic Classes 13-4 Figure 13-3 Queue Mode 13-5 Figure 13-4 Queue Scheduling 13-6 Figure 13-5 IP Precedence/DSCP Priority Status 13-8 Figure 13-6 IP Precedence Priority 13-9 Figure 13-7 IP DSCP Priority 13-10 Figure 13-8 IP Port Priority Status 13-11 Figure 13-9 IP Port Priority 13-12 Figure 14-1 Configuring Class Maps 14-3 Figure 14-2 Configuring Policy Maps 14-6 Figure 14-3 Service Policy Settings 14-7 Figure 15-1 IGMP Configuration 15-4 Figure 15-1 IGMP Immediate Leave 15-5 Figure 15-2 Multicast Router Port Information 15-6 Figure 15-3 Static Multicast Router Port Configuration 15-7 Figure 15-4 IP Multicast Registration Table 15-8 Figure 15-5 IGMP Member Port Table 15-9 Figure 16-1 DNS General Configuration 16-2 Figure 16-2 DNS Static Host Table 16-4 Figure 16-3 DNS Cache 16-5 Figure 17-1 DHCP Relay Configuration 17-2 Figure 17-2 DHCP Server General Configuration 17-3 Figure 17-3 DHCP Server Pool Configuration 17-6 Figure 17-4 DHCP Server Pool - Network Configuration 17-7 Figure 17-5 DHCP Server Pool - Host Configuration 17-8 Figure 17-6 DHCP Server - IP Binding 17-9 Figure 18-1 VRRP Group Configuration 18-5 Figure 18-2 VRRP Group Configuration Detail 18-6 Figure 18-3 VRRP Global Statistics 18-7 Figure 18-4 VRRP Group Statistics 18-9 Figure 19-1 IP Global Settings 19-5

xxvii

Figures

Figure 19-2 IP Routing Interface 19-7 Figure 19-3 ARP General 19-10 Figure 19-4 ARP Static Addresses 19-11 Figure 19-5 ARP Dynamic Addresses 19-13 Figure 19-6 ARP Other Addresses 19-14 Figure 19-7 ARP Statistics 19-15 Figure 19-8 IP Statistics 19-17 Figure 19-9 ICMP Statistics 19-18 Figure 19-10 UDP Statistics 19-19 Figure 19-11 TCP Statistics 19-20 Figure 19-12 IP Static Routes 19-22 Figure 19-13 IP Routing Table 19-23 Figure 20-1 RIP General Settings 20-4 Figure 20-2 RIP Network Addresses 20-5 Figure 20-3 RIP Interface Settings 20-8 Figure 20-4 RIP Redistribution Configuration 20-10 Figure 20-5 RIP Statistics 20-12 Figure 20-6 OSPF General Configuration 20-18 Figure 20-7 OSPF Area Configuration 20-22 Figure 20-8 OSPF Range Configuration 20-24 Figure 20-9 OSPF Interface Configuration 20-28 Figure 20-10 OSPF Interface Configuration - Detailed 20-28 Figure 20-11 OSPF Virtual Link Configuration 20-30 Figure 20-12 OSPF Network Area Address Configuration 20-32 Figure 20-13 OSPF Summary Address Configuration 20-34 Figure 20-14 OSPF Redistribute Configuration 20-36 Figure 20-15 OSPF NSSA Settings 20-37 Figure 20-16 OSPF Link State Database Information 20-39 Figure 20-17 OSPF Border Router Information 20-40 Figure 20-18 OSPF Neighbor Information 20-41

xxviii

Getting Started

Chapter 1: Introduction

This switch provi des a broa d range of features for L ayer 2 sw itching and Layer 3 routing. It includes a manage ment a gent that allows you t o configu re the featu res listed in this manual. The defa ult conf iguration can be used for most o f the feat ures provided by this switch. Howeve r, there ar e many options th at you s hould conf igure to maximize the switch’s performance for your parti cular network environm ent.

Key Features

Table 1-1 Key Features

Feature

Configuration Backup

and Restore

Authentication

Access Control Lists

DHCP Client, Relay

and Server

DNS

Port Configuratio n

Rate Limiting

Port Mirroring

Port Trunking

Broadcast Storm

Control

Address Table

IP Version 4 and 6

IEEE 802.1D Bridge

Store-and-Forward

Switching

Description

Backup to TFTP server

Console, Telnet, web – User name / password, RADIUS, TACACS+ Web – HTTPS Telnet – SSH SNMP v1/2c - Com m unit y st rin gs SNMP version 3 – MD5 or SHA password Port – IEEE 802.1X, MAC address filtering

Supports up to 256 ACLs, 96 MAC rules, 96 IP rules, and 96 IPv6 rules Supported

Client and Proxy service Speed and duplex mode and flow control Input and output rate limiting per port One or more ports mirrored to single analysis port Supports up to 32 trunks using either static or dynamic trunking (LACP) Supported

Up to 16K MAC addresses in the forwarding table, 1024 static MAC addresses; Up to 2K IPv4 and 1K IPv6 entries in the host table, 4K entries in the ARP cache; 256 IPv4 and 256 IPv6 entries in the IP routing table, 64 static IP routes; 32 IP interfaces

Supports IPv4 and IPv6 addressing, management, and QoS Supports dynamic data switching and addresses learning Supported to ensure wire-speed switching while eliminating bad frames

1-1

Introduction

Table 1-1 Key Features (Continued)

Feature Description

Spanning Tree Supports standard STP, Rapid Spanning Tree Protocol (RSTP), and Multiple Algorithm Spanning Trees (MSTP)

Virtual LANs Up to 256 using IEEE 802.1Q, port-based, protocol-based, or private VLANs Traffic Prioritization Default port priority, traffic class map, queue scheduling, IP Precedence, or

Qualify of Service Supports Differentiated Services (DiffServ) Router Redundancy Router backup is provided wit h the Virtual Router Redundancy Protocol (VRR P) IP Routing Routing Information Protocol (RIP), Open Shortest Path First (OSPF), static routes ARP Static and dynamic address configuration, proxy ARP Multicast Filtering Supports IGMP snooping and query

Differentiated Services Code Point (DSCP), and TCP/ UD P P ort

Description of Software Features

The switch provides a w ide range o f a dvanced performan ce enhanc ing features . Flow control eliminate s the loss of packets due to bottle necks cause d by port saturation. Broadcast storm sup pression pr events bro adcast tra ffic stor ms from engulfing the network. U ntagged ( port-bas ed), tagge d, and p rotocol-bas ed VLANs , plus support for automa tic GV RP VLA N reg istra tion p ro vide tr affic se cu rit y and efficient use of network bandwidth. CoS priori ty queueing ensures the minimum delay for moving real-tim e multime dia data acro ss the networ k. While mu lticast filtering provides support for real- time n etwork appli cations. Some of the management features are briefly desc ribed belo w.

Configuration Backup and Restore

settings to a file on a TFTP serv er, an d lat er d ownlo ad this fi le t o r estore the s witc h configuration settings.

Authentication

port, Telnet or web browser. User names and passwords can be configured locally or can be verified via a remote authentication server (i.e., RAD IUS or TAC ACS+) . Port-based authentication is also supp orted via the IEEE 802.1X protocol. This protocol uses Extensible Authenticati on Protocol o ver LANs (EA POL) to request user credentials from the 80 2.1X client, and th en uses the EA P between the s witch and the authentication server to veri fy the cli ent’s ri ght to ac cess the ne twork via an authentication server (i.e., RADIUS server).

Other authentication optio ns inclu de HTT PS fo r se cure m anagem en t acces s via the web, SSH for secure management access over a Telnet-e quivalent co nnectio n, SNMP Version 3, IP address filtering for SNMP/web/Telnet managem ent acce ss, and MAC address filte ring for port acc ess .

– This sw itch a uthentic ates m anag ement a cc ess vi a the co nso le

– You can save the current confi guration

1-2

Description of Software Features

Access Control Lists

address, protocol, TCP/UDP port number or TCP con trol code) or any frames (based on MA C addre ss or Ether net type). AC Ls can by used to im prove performance by blocking unne cessary network tra ffic or to i mplement secu rity controls by restricting access to specifi c networ k resources or proto cols.

DHCP Server and DHCP Relay

addresses to host devices. Since DHCP uses a broadcast mechanism, a DHCP server and its clie nt must ph ysically resi de on the sam e subnet. Since it is not practical to have a DHCP s erver o n every su bnet, D HCP Rel ay is also su pporte d to allow dynamic configuration of local clients from a DHCP server located in a different network.

Port Configuration

flow control used on specific p orts, or use auto-negot iation to dete ct the con nection settings used by the attached device . Use the full-du plex mode on ports wh enever possible to double the th ro ughp ut o f swit ch con ne ctions. F low contr ol sh ould also be enabled to control network traff ic during periods of co ngestion a nd prevent the l oss of packets when port buffer thre sholds are exceede d. The switc h supports f low control based o n the IEEE 802.3x stan dard.

Rate Limiting

received on an interface. Rate limiting is c onfigure d on interfa ces at the edge of a network to limit traffic into o r out o f the netwo rk . Traffic that falls within the rate limit is transmitted, while packets that exce ed the acceptable a mount of traffic a re d ro pped.

Port Mirroring

monitor port. You can then attac h a protocol analy zer or RMO N probe to this po rt to perform traffic analysis and verify connection integr ity.

Port Trunking

be manually set up or dynamicall y configu red usin g IEEE 802 .3-2005 (for merly IEEE 802.3ad) Link Aggregation Cont rol P rotocol (LAC P). The additio nal ports dramatically increase the th roughpu t across any connecti on, and provid e redundancy by taki ng over the load if a port in th e trunk sh ould fail. The switch supports up to 32 tr unks.

Broadcast Storm Control

overwhelming the network. W hen enabled on a port, the level of broadc ast traffi c passing through the port is restricted. If br oadcast traffi c rises abov e a pre-def ined threshold, it will be throttled until the level falls back ben eath the thresho ld.

Static Addresses

switch. Static addresses are b ound to the a ssigned inter face an d will not be moved. When a static address i s seen o n a nother in terface, the add ress will be ign ored and will not be written to the addre ss table. Static addre sses can be used to prov ide network securit y by restrict ing access for a known h ost to a spe cific port.

– ACLs provide packet filtering for IP frames (based on

– A DHCP s erver is pro vided to assign IP

– You can manually c onfigure th e speed and duplex mode, and

– This feature controls the maxi mum rate for tra ffic transmi tted or

– The switch can unobt rusively mirr or traffic fro m any port to a

– Ports can be combined into an aggreg ate connecti on. Tru nks can

– Broadcast suppres sion pre vents broa dcast traffic from

– A static address can be assigne d to a spe cific inte rface on th is

1-3

Introduction

IEEE 802.1D Bridge

address table facilitates data switching by lear ning addresses, and the n filteri ng or forwarding traffic based on th is inform ation. T he addres s table su pports u p to 16K addresses.

Store-and-Forward Switching

before forwarding th em to anoth er por t. This ensure s that all frames are a standard Ethernet size and have bee n verified fo r accu racy with the cy clic redun dancy chec k (CRC). This prevents bad frames fr om en tering th e netwo rk and wa sting bandw idth.

To avoid dropping frames on cong ested ports, the swit ch provides 2 MB for frame buffering. This buffer can q ueu e pa ck ets aw a it ing tra nsm is sion o n congested networks.

Spanning Tree Algorithm

Spanning Tree Protocol (STP, IEEE 802.1D) – This protocol provides loop detection. When there are multiple physica l pa th s betw e en segm ents , thi s pr otoc ol wil l ch oose a single path and disable al l other s to ens ure t hat o nl y one rou te ex ists be twe en any two stations on the network . This prevent s the creation of net work loops . Howeve r, if the chosen path should fail for a ny reason, a n alte rnate path will b e activat ed to maintain the connection .

Rapid Spanning Tree Protocol (RSTP, IEEE 802.1w) – This protocol reduces the convergence time f or netwo rk topology changes to ab out 3 to 5 second s, co mpared to 30 seconds or more for the older IE EE 802.1D STP standard. It is intended as a complete replacem ent for STP, but can still inte roperate with switches runn ing the older standard by automatically reconfig uring po rts to STP-compliant mod e if they detect STP protocol message s from attache d devices.

Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) – This protocol is a direct extension of RSTP. It can provide an independent spanning tree for different VLAN s. It simplifies network man age men t, p rovi des for ev en fa ster co nv ergen ce than RSTP by limiting the size of ea ch region, and pr events V LAN membe rs from being segmented from the re st of the g roup (as some time s oc cu rs with I EE E 8 02 .1 D S TP).

Virtual LANs

of network nodes that share the same collision domain rega rdless of the ir physical location or connection point in the network . The switch s upports tagge d VLANs based on the IEEE 80 2.1Q stand ard. Memb ers of VLAN groups can be dynamica lly learned via GVRP, or ports can be man ually assign ed to a specif ic set of VLA Ns. This allows the switch to rest rict tra ffic to the VLAN gro ups to wh ich a user ha s been assigned. By segmenti ng your netw ork into VLANs, you can:

• Eliminate broadcast storms which severely degrade performance in a flat network.

• Simplify network management for node changes/moves by remotely configuring VLAN membership for any po rt, rath er t han h aving to manua lly change t he ne t work connection.

• Provide data security by restricting all traffic to the originating VLAN, ex cep t where a connection is explicitly defin ed via the sw itch’s routi ng service.

– The switch supports IEEE 802 .1D tran sparent bridgi ng. The

– The switch copie s each frame in to its m emo ry

– The switch supports these spanning tre e protocol s:

– The switch supports up to 25 5 VLANs. A Virtual LAN is a collect ion

1-4

Description of Software Features

• Use private VLANs to re strict traffic to pa ss only between data po rt s and the u plin k

ports, thereby isolating ad jacent ports within the same VLAN , and allowing you to limit the total number of VLA Ns that nee d to be config ured.

• Use protocol VLANs to rest rict traffic to specified interfa ces based on proto col type.

Traffic Prioritization

level of service, using eight p riority queue s with strict or Weighted Round Ro bin Queuing. It uses IEEE 802.1p and 802.1Q tags to prioritize incoming traffic based on input from the end-station application. These fun ctions can be used to provide independent priorities for delay-sensitive data and be st-effort data.

This switch also supports sever al common met hods of prioritizing layer 3/4 traffic to meet application require ments. Traffic can b e prioritized based on the priority bi ts in the IP frame’s Type of Service (ToS ) octet or the nu mber of the TCP/UDP port. When these services are enab led, the p riorities are mapped to a Class of Service value by the switch, and the traffic th en sent to the corr esponding output queu e.

IP Routing

throughput, the switch forwards all traffic pa ssing within the same segme nt, and routes only traffic that passes between differen t subnetwor ks. The wi re-spee d routing provided by th is switch lets yo u easily link network seg ments or VLA Ns together without having to deal with the bottlenecks or configuration hassles normally associated with co nventional routers .

Routing for unicast traffic is supported with the Routing Information Protocol (RIP) and the Open Shortest Path Fi rst (O SPF) protoco l.

RIP – This protocol uses a dista nce-vec tor appr oach to rout ing. Route s are determined on the basis of mi nimizing the distanc e vector, or hop co unt, which serves as a rough estimate of transmissio n cost.

OSPF – This ap proach use s a link stat e rout ing proto col to g ene rate a s hortest -path tree, then builds up its rou ting ta ble based on this tree. OSPF prod uces a more stable network because the participating routers act on network changes predictably and simultaneously, converging on the best route more quickly th an RIP.

Router Redundancy

virtual IP address to support a primary router and multiple backup routers. The backups can be configured to take over the w orkloa d if the mast er fails or to load share the traffic. The primary go al of this p roto col i s to al lo w a ho st de vice wh ich ha s been configured with a fixed gateway to maintain netw ork conne ctivity in case the primary gateway goes down.

Address Resolution Protocol

between IP addresses and M AC (i.e., har dwa re) addr esses. This switch s upports conventional ARP, which lo cates the MAC ad dress corresp onding to a give n IP address. Th is allows the s witc h to use IP addr esses for routing decisi ons and the corresponding MAC addresses to forward packets from one hop to the next. You can configure either static or dynamic entr ies in th e ARP cach e.

Proxy ARP allows hosts that d o not support routing to determine the MAC address of a device on anoth er netwo rk o r subne t. Wh en a host se nds an AR P reque st for a

– The switch provides Layer 3 IP routing. To main tain a high rat e of

– This switch prioritizes each packet ba sed on t he requi red

– The Virtual Router Redu ndancy Protocol (VRRP) uses a

– The switch uses ARP and Proxy AR P to convert

1-5

Introduction

remote network , the switch checks to see if it has the be st route. If it does, it sends its own MAC address to the host. The host th en sends traffic for t he remote destination via the switc h, which uses its own rout ing table to re ach the de stination on the other network.

Quality of Service

management mechanisms us ed for prio ritiz ing netw ork re sources to m eet the requirements of specific traffi c types on a per-h op basi s. Each packet is class ified upon entry into the n etwork based on acces s lists, IP Prec edenc e or DSCP va lues, or VLAN lists. Using access l ists allows you sele ct traffic based on La yer 2, La yer 3, or Layer 4 information contained in each packet. Based on network policies, different kinds of traffic can be ma rked for di fferent kind s of fo rwardin g.

Multicast Filtering

ensure that it does not int erfere with n ormal netwo rk traffic and to gua rantee real-time delivery by setting the required priority leve l fo r th e designated VLAN . T he switch uses IGMP Snooping a nd Query to m anag e multic ast group re gistration.

– Differentiated Services (DiffServ) p rovides pol icy-base d

– Specific multicast traff ic can be as signed t o its own VL AN to

1-6

System Defaults

The switch’s system defaults are provide d in the config uration file “Factory_Default_Config.cfg .” To re set the s witch defau lts, this file s hould be se t as the startup configuration file (page 4-24).

The following table lists some of the basic system defaults.

Table 1-2 System Defaults

Function

Console Port Connection

Authenticatio n

Web Management

Parameter

Baud Rate Data bits Stop bits Parity Local Console Timeout Privileged Exec Level

Normal Exec Level

Enable Privileged Exec from Normal Exec Level

RADIUS Authentica tion TACACS Authentication

802.1X Port Aut henticati on HTTPS SSH Port Security IP Filtering HTTP Server HTTP Port Number HTTP Secure Server HTTP Secure Po rt Numb er

Default

auto 8 1 none 0 (disabled) Username “admin”

Password “admin” Username “guest”

Password “guest” Password “super”

Disabled Disabled Disabled Enabled Disabled Disabled Disabled Enabled 80 Enabled 443

1-7

Introduction

Function

SNMP

Port Configuratio n

Rate Limiting Port Trunking

Broadcast Storm Protection

Spanning Tree Algorithm

Address Table Virtual LANs

Table 1-2 System Defaults

Parameter Default

SNMP Agent Enabled Community Strings “public” (read only)

Traps Authentication traps: enabled

SNMP V3 View: defaultview

Admin Status Enabled Auto-negotiation Enabled Flow Control Disabled Input and output limits Disabled Static Trunks None LACP (all ports) Disabled Status En abled (all ports) Broadcast Limit Rate 500 packets per second Status Enabled, RSTP

Fast Forwarding (Edge Port) Disabled Aging Time 300 se conds Default VLAN 1 PVID 1 Acceptable Frame Type All Ingress Filtering Disabled Switchport Mode (Egress Mode) Hybrid: tagged/untagged frames GVRP (global) Disabled GVRP (port interface) Disabled

(Continued)

“private” (read/write)

Link-up-down ev ents: e na bled

Group: public (re ad onl y); priv ate (rea d/w rite)

(Defaults: All values based on IEEE 802.1w)

1-8

System Defaults

Table 1-2 System Defaults

Function Parameter Default

Traffic Prioritization Ingress Port Priority 0

Queue Mode WRR Weighted Round R obin Queue: 0 1 2 3 4 5 6 7

IP Precedence Priority Disabled IP DSCP Priority Disabled IP Port Priority Dis abled

IP Settings Management. VLAN Any VLAN configured with an IP address

IP Address 0.0.0.0 Subnet Mask 255.0.0.0 Default Gateway 0.0.0.0 DHCP Client: Enabled

DNS Client/Proxy service: Disabled BOOTP Disabled ARP Enabled

Unicast Routing RIP Disabled

OSPF Disabled Router Redundancy VRRP Disabled Multicast Filtering IGMP Snooping Snooping: Enabled

System Log Status Enabled

Messages Logged Levels 0-7 (all)

Messages Logged to Flash Levels 0-3 SMTP Email Alerts Event Handler Enabled (but no server defined) SNTP Clock Synchronization Disabled

(Continued)

Weight: 1 2 4 6 8 10 12 14

Relay: Disabled Server: Disabled

Cache Timeout: 20 minutes Proxy: Disabled

Querier: Disa ble d

1-9

Introduction

1-10

Chapter 2: Initial Configuration

Connecting to the Switch

Configuration Options

The switch includes a built-in network management agent. The agent offers a variety of management options, including SNMP, RMO N (Groups 1, 2, 3 , 9) and a web-based interface . A PC may also be connec ted directly to th e switch for configuration and monitori ng via a command l ine interface (CLI).

Note:

An IPv4 address for this switch is obtained via DHCP by default. To change this address, see “Setting an IP Address” on page 2-7.

The switch’s HTTP web agent allows you to conf igure switch para meters, mon itor port connections, and disp lay statistics using a sta ndard web brows er such as Internet Explorer 5.x or above, Netscape 6.2 or above, and Mozilla Firefox 2.0.0.0 or above. The switc h’s web mana gement inte rface can be ac cessed fro m any computer attached to the netw ork.

The CLI program ca n be acce ssed by a dire ct connec tion to the RS-232 seria l console port on the switch, or remotely by a Tel net connect ion ove r the netw ork.

The switch’s management agent also suppor ts SNMP (Simpl e Network Management Protocol). This SNM P agent p ermits the switc h to be man aged from any system in th e network using network manage ment so ftware such as The switch’s web interfac e, CLI configu ration progra m, and SNM P agent allo w you to perform the following manageme nt fu nctions:

• Set user names and passwords

• Set an IP interface for any VLAN

• Configure SNMP parameters

• Enable/disa ble any port

• Set the speed /duplex m ode fo r any port

• Con figure the bandwidth of an y port by limi ting input or output ra tes

• Contr ol port access through IE EE 802.1 X security or sta tic addres s filterin g

• Filt er packet s using Access Cont rol Lists (A CLs)

• Configu re up to 255 IEEE 802.1Q VLA Ns

• Enable GVRP autom atic VLAN regist ration

• Configure IP rout ing for unicast tr affic

• Configure router redundancy

• Configure IG MP multi cast f ilteri ng

• Uploa d and downl oad syste m firmw are via TFTP

• Upload an d download sw itch conf iguration fi les via TFTP

HP Openview.

2-1

Initial Configuration

• Configure Spanning Tree parameters

• Con figure Class of Se rvice (C oS) priorit y queuing

• Configure up t o 6 static or LACP tru nks per swit ch, up to 32 per stack

• Enable port mirrorin g

• Set broad cast s torm c ontrol on any po rt

• Display system info rmatio n and statisti cs

• Configure an y sta ck uni t thr ough the s ame IP addre ss

Required Connections

The switch provid es an RS-232 serial por t that enab les a conne ction to a PC or terminal for monitoring and config uring the sw itch. A null-mod em consol e cable is provided wi th the swit ch.

Note:

When configuring a stack, connect to the console port on the Master unit.

Attach a VT100-compatible terminal , or a PC runnin g a termin al emulation prog ram to the switch. You can use the console cable provide d with this package, or use a null-modem cable that complies with the wiring assig nments sh own in the Installation Guide.

To connect a termin al to the console port, com plete the follo wing ste ps:

1. Connect the con sole cable t o the seria l port on a terminal, o r a PC run ning terminal emulation software, and tighten the captive retaining scre ws on the DB-9 connector.

2. Connect the other end of the cable to the RS-23 2 serial po rt on the s witch .

3. Mak e sure the terminal emula tion software i s set as follows:

• Select the appropriate serial port (COM port 1 or COM port 2).

• Set to any of t he follow ing bau d rates: 960 0, 19200, 38400, 5 7600, 1152 00

(Note: Set to 9600 baud if want to view all the system initialization messages.).

• Set the data format to 8 data bits, 1 stop bit, and no parity.

• Set flow control to none.

• Set the emula tion mode to VT100.

• When using HyperT erminal , select Te rmina l keys, no t Wind ows keys.

Notes: 1. Refer to “Line Com mands” on page 2 3-17 for a comple te des cription of

console configuratio n options.

Once you have set up the terminal correctly, the console login screen will be displayed.

For a description o f ho w to use the C LI, see “U sing the Com man d Line Inte rfac e” on page 21-1. For a list of all th e CLI comm ands and detailed infor mation o n using th e CLI, refer to “C ommand Groups” on page 21 -10.

2-2

Stack Operations

Remote Connections

Prior to accessing the switc h’s on board a gent v ia a network conn ection, you must first configure it with a valid IP address, subnet mask, and d efault gate way using a console connection, D HCP or BOOTP protocol.

An IPv4 address for this switch is obtained via DHCP b y default. To manu ally configure this address or enable dynamic address assignment via DHCP or BOOTP, see “Setting an IP Address” on page 2-7.

Notes: 1. This switch supports fou r concurrent Telnet/S SH sessio ns.

Each VLAN group can be assigned its own IP interface address (page 2-7). You can manage the stack via any IP interfa ce in the stack. In other words , the Master unit does not have to include an active port member of a VLAN interface used for management access.

3. Any VLAN group can be assigned an IP interface address (page 2-7) for managing the stack. Also, note that the Master unit does not hav e to include an active port member in the VLAN interface used for management access.

After configuring the switch ’s IP parameter s, you can acces s the onboa rd configuration program from anywhe re within the attached network . The onboa rd configuration program can be acces sed usin g Teln et from an y c omputer attached to the network. The switch can also be managed by any comp uter using a web browser (Internet Explore r 5.0 or above, Netscape 6.2 or above, or Mozilla Firefox

2.0.0.0 or above), or from a net work computer usi ng SNMP netwo rk manag ement software.

Note:

The onboard program only provides access to basic configuration functions. To access the full range of SNMP management functions, you must use SNMP-based network managem ent software.

Stack Operations

Up to eight 24-port or 48-po rt Giga bit s witc hes ca n be stack ed to gethe r a s desc ribe d in the Installation Guide. One u nit in the stack acts as the Mas ter for con figura tion tasks and firmware upgrade . All of t he other units function in Sla ve mode, but ca n automatically take over man agement of the stack if the Master un it fails.

To configure any unit in the stack, first verify the unit number from the front panel of the switch, and then selec t the a ppropriate unit numbe r from the web or con sole management interface.

Selecting the Stack Master

Note the following points ab out unit nu mbering:

• When the stac k is initiall y powered o n, the Ma ster unit is se lected bas ed on the following rules:

- If the Master/Slave push button is depressed on only one unit in the stack, that unit will serve as th e stack Maste r.

2-3

Initial Configuration

- If Master/Slave push button is depresse d on m ore than on e unit, the syste m will select the unit with the lowest MAC address from those with the push button depressed as the sta ck Master.

- If Master/Slave pu sh butt on is n ot d epres sed on any unit, t he syste m will se lec t the unit with the lowest MAC addre ss as the st ack Mas ter.

• When the stack is in it ia lly powered on, t he Master un it is designated as unit 1 for a ring topology. For a line topology, the stack is simply numbered fro m top to botto m, with the first unit in the stack designated at unit 1. This unit identification numb er appears on the Stack Unit ID LED on t he front pan el of the s witch. It can also be selected on the front panel gra phic of the we b interf ace, or f rom the CL I.

• If the Master unit fails and another unit takes over control of th e stack, th e unit numbering will not change.

• If a unit in the stack fails or is removed from the stack, the unit numbers w ill not change. This means that wh en you re place a un it in th e stack, the ori ginal configuration for the failed unit will be restored to the replacement unit.

• If a unit is removed from the stack and later reattached to the stack, it will reta in the original unit number obtaine d during sta cking.

• If a unit is removed from the stack , and powe red up as a s tand-alone un it, it will also retain the original unit number obtained durin g stacking.

Selecting the Backup Unit

Once the Master unit finishes boo ting up, it co ntinue s to synch ronize c onfiguration information to all of the Slave units in the stac k. If the Mas te r u nit fa ils or i s power ed off, a new master unit will b e select ed base d on the e lection rules describ ed in the preceding section. The backup un it elected to serve as the new stack Mas ter will take control of the stack without any loss of co nfigurat ion setting s. To ensure a logical fail over to next u nit dow n in the stack, place the Sl ave unit with the lowest MAC address di rectly b eneath the Master un it in the s tack.

Recovering from Stack Failure or Topology Change

When a link or unit in the stack f ails, a trap mes sage is se nt and a failure even t is logged. The stack will be rebooted after any syste m failure or to pology change. It takes two to three minutes to for the stack to reboot. If the Master un it fails, the backup unit will take over ope ratio ns as the new Master unit, rebo ot the stack, and then select another backu p unit after the sta ck finishe s rebootin g. Also note that powering down a unit or inserting a new unit in the stack will cause the stack to reboot. If a unit is rem oved from th e sta ck (due to a po wer d own or failure ) or a new unit added to the stack, the original un it IDs are not affected after re bootin g, and a new unit is assign ed the lowest availa ble unit ID.

Broken Link for Line and Wrap-around Topologies

All units in the stack must be connected via stac king cable. You ca n connect th e units in a simple c ascad e con figurat ion from the top to the bot tom unit. Us ing this kind of line topology, if any link or unit in the stack fails, the stack w ill be bro ken in

2-4

Stack Operations

two. The Stack Link LED on the u nit that is no longer receiv ing traff ic from the next unit up or down in the stack will begin flashing to indic ate that the stack link is b roken.

When the stack fails, a Ma ster unit is se lected from th e two stac k segmen ts, eith er the unit with the Master button d epre ssed, or the un it w ith the lo west MAC addre ss if the Master button is not dep ress ed on any un it. The stac k reboots and resume s operations. Howeve r, note that the IP ad dress will be t he same for any c ommon VLANs (with active port conne ctio ns) t ha t appe ar in bo th of th e ne w stac k s eg me nts. To resolve the conflicting IP addresses, you sho uld manually replac e the failed link or unit as soon as possible. If you are using a wrap- around stack t opology, a single point of failure in the stack will not cause t he stack to fail. It wo uld take two o r more points of failure to break the stack apart.

Note:

If a stack breaks apart, t he IP address will be the same for any common VLA Ns (with active port connections) that appear in both stack segments.

Resilient IP Interface for Management Access

The stack functions as one i ntegral syste m for manage ment and conf iguration purposes. You can th erefore manage the stack throu gh any I P interface c onfigured on the stack. The Maste r unit do es not even h ave to include an activ e port membe r in the VLAN interface u sed for manage ment acc ess. Howev er, if the u nit to which you normally connect for management access fails, and there are no active port members on the other units within this VLAN interface, then this IP address will no longer be available. To retain a constant IP addres s for manage ment a ccess acro ss fail over events, you shou ld inclu de po rt m embe rs o n se vera l un its wit hin the pr im ary VLAN used for stack management.

Resilient Configuration

If a unit in the stack fails, t he unit num bers wil l not cha nge. This means that w hen you replace a unit in the stack , the origi nal configu rati on for the failed un it will be restored to the replaceme nt unit. Th is applies to both the Mas ter and Slav e units .

Renumbering the Stack

The startup configuratio n file maps co nfiguration settin gs to ea ch switch in the stack based on the unit identification n umber. If the units are no longer numbere d sequentially after se veral topolo gy changes or f ailures, you can rese t the unit numbers using the “Ren umbering ” comman d in the w eb interface or CL I. Just remember to save the new conf iguration set tings to a startu p configurat ion file prior to powering off the stack Maste r.

Ensuring Consistent Code is Used Across the Stack

Consistent Runtime Code in Each S witch – The main boa rd runti me firmwa re version for ea ch unit in the sta ck must be th e sam e as the Master unit’s ru ntime firmware. After Auto-ID assignme nt is comp leted, th e Master un it checks th e image versions for consistency. If the firmware versions (i.e., runti me code ) configured for bootup on any slave units are not the sam e as those on th e Maste r Unit, the st ack

2-5

Initial Configuration

will operate in Special Sta cking Mode in which all backup unit s are disabled as described below :

• The master unit starts normal opera tion mo de in sta ndalone mode.

• The mast er unit can see all un its in the stac k and maint ain stack top ology.

• None of the other units ca n functio n (all po rts will be disable d).

• All user-in itiated c omman ds to conf igure t he non- funct ioning units a re d ropp ed. The master unit, however, will be able to communicate the following information to the non-functioning un its:

- Image downloads

- Stack topology information

- System configuration information already stored on the master.

In Special Stacking mode, the master unit displays warning messages whenever you log into the system thr ough the CLI t hat info rm you that an image downl oad is required.

You can use the CLI, web or SNMP to do wnload the runtime image from a TFTP server to the ma ster unit. The master uni t stores the image as its “N ext boot im age” and downloads the image to those backup units th at are runni ng a different ima ge version. For information on do wnloading firmwa re, se e “Ma naging Fir mware” on page 4-21 or “ Fil e Management Com man ds” on page 23- 10 .

Basic Configuration

Console Connection

The CLI program provides two diffe rent comm and lev els — norm al access le vel (Normal Exec) and privileged acces s level ( Privileged Exec). The comma nds available at the Normal Exec level are a limited sub set of thos e availa ble at the Privileged Exec le vel and al low you to only display inf ormation an d use basic utilities. To fully configure th e switch paramete rs, you m ust acce ss the CLI at the Privileged Ex ec le vel.

Note:

You can only access the console interface through the M aster unit in the stack.

Access to both CLI levels are controlled by user names and passwords. The switch has a default user name and password for each level. To l og into the CLI at the Privileged Exec level us ing the defa ult user name and pas sword, perfor m these steps:

To initiate your console connection, press <Enter>. Th e “User Acc ess Verification” procedure starts.

t the Username prompt, enter “a dmin.”

t the Password prompt, a ls o enter “a dmi n.” (Th e passw ord c haracter s are not

displayed on the console scre en.)

2-6

25-

Basic Configuration

4. The session is opened and the C LI dis plays the “C onsol e#” prompt indicatin g

you have acces s at the Priv ileged Exec leve l.

Setting Passwords

Note:

If this is your first time to log into the CLI pr ogram, you s hould define new passwords for both default user names using the “username” comm and, record them and put them in a safe place .

Passwords can con sist of up to 8 alph anumeric cha racter s and are case s ensitive . To prevent unauthoriz ed acc ess to the switc h, set th e pa ssw ord s as fo ll ow s:

1. Open the console interface with the default user name and password “admin” to

access the Privileged Exec level.

2. Type “configure” and pres s <Ent er>.

3. Type “username guest password 0 password,” for the Normal Exec level, where

password is your new password. Press <Enter>.

4. Type “username admin password 0 password ,” for the Priv ileged Exec leve l,

where password is your new password. Pre ss <Enter>.

Note:

‘0’ specifies a password in plain text, ‘7’ specifies a pas sword in en crypted form.

Username: admin Password:

CLI session with the 24/48 L3 GE Switch is opened. To end the CLI session, enter [Exit].

Console#configure Console(config)#username guest password 0 [password] Console(config)#username admin password 0 [password] Console(config)#

22-2

Setting an IP Address

You must establish IP address in formation for t he stack to obta in manage ment access through the ne twork. This can be do ne in eithe r of the fo llowing wa ys:

Manual

— You have to inpu t the in for mation, includ ing IP addr ess a nd s ub net mas k. If your manageme nt station is not in the sam e IP subn et as the sta ck’s maste r unit, you will also n eed to s pecify th e def ault gate way rou ter.

Dynamic

address allocation servers on the net work.

— The switch s ends IP con figuratio n requests t o BOOTP or DH CP

2-7

41-

Initial Configuration

Manual Configuration

You can manually assign an IP addres s to the switch. You may also n eed to specify a default gateway th at resides b etween thi s device and m anagemen t stations th at exist on another network segme nt (if routing is not enab led on this sw itch). Valid IP addresses consist o f four de cimal numb ers, 0 to 255, sepa rated by pe riods. Anything outside this f ormat w ill not be ac cepted b y the CLI p rogram.

Note:

An IPv4 address for this switch is obtained via DHCP by default.

Assigning an IPv4 Addr es s

Before you can assign an IP address t o the switch , you must ob tai n the follo wing information from your network admi nistrator:

• IP address for the switch

• Network mask for th is n etwork

• Default ga teway for the ne twork To assign an IPv4 address to the switch, co mplete the f ollowin g steps:

1. From the Global Configur ation mo de promp t, type “interface vlan 1” to access the interface-configuration mode. Press <En ter>.

2. Type “ip address ip-address netmask,” whe re “ip-ad dress ” is the switch IP address and “netmask” is the netwo rk mask for the ne twork . Press <Ent er>.

3. Type “exit” to return to the global configur ation mode p rompt . Press <En ter>.

4. To set the IP address of the default gatew a y fo r the ne two rk to whic h t he sw it ch belongs, type “ip default-gateway gateway,” where “gatewa y” is the I P ad dress of the default gateway. Press <Enter> .

Console(config)#interface vlan 1 Console(config-if)#ip address 192.168.1.5 255.255.255.0 Console(config-if)#exit Console(config)#ip default-gateway 192.168.1.254 Console(config)#

signing an IPv6 Addr es s

There are several ways to manually configure IPv6 addresses. This section describes how to config ure a “li nk local” a ddress f or connectiv ity within th e local subnet only, an d anoth er option that allows y ou to sp ecif y a “global u nica st” add ress by first configuring a networ k prefix for us e on a multi- segmen t netwo rk, and the n configuring the host address portion of th e addres s.

n IPv6 prefix or ad dress m ust be for matted acco rding t o RFC 2373 “ IPv6 ddressing Architecture,” using 8 colo n-separated 16- bit hexadecima l values. One

double colon may be used to indicate the appropriate number of zeros required to fill

27-1 41-3

2-8

41-

Basic Configuration

the undefined fields. For detailed in formation on the ot her ways to assign IPv6 addresses, see “Sett ing the Switch’s IP Add ress (IP Vers ion 6)” on page 4-9.

Link Local Addres s — All li nk-lo cal address es mu st be configur ed with a pref ix of FE80. Remember that this addr ess type ma kes the switch accessib le over I Pv6 for all devices attach ed to the sa me local s ubnet only. Also, if th e sw itch de tect s th at the address you configu red conflicts with that in use by an other devi ce on th e subnet, it will stop using the address in qu estion, and au tomatically gen erate a link local address that does not conflict with any other devices on the local subnet.

To configure an IP v6 link local address for the switch, complete the follo wing ste ps:

1. From the Global Configur ation mo de promp t, type “i nterface vlan 1” to access the interface-configuration mode. Press <En ter>.

2. Type “ipv6 address” followed by up to 8 colon- separated 16-bit he xadeci mal values for th e ipv6-address sim ilar to th at shown in the exam ple, follo wed by the “link-local” command parameter. Then press <Enter >.

Console(config)#interface vlan 1 Console(config-if)#ipv6 address FE80::260:3EFF:FE11:6700

link-local Console(config-if)#end Console#show ipv6 interface Vlan 1 is up IPv6 is enable. Link-local address:

FE80::260:3EFF:FE11:6700/64 Global unicast address(es): Joined group address(es):

FF01::1/16

FF02::1/16

FF02::1:FF11:6700/104 MTU is 1500 bytes. ND DAD is enabled, number of DAD attemp ts: 1. ND retransmit interval is 1000 mill isecond s Console#

27-1

41-9

Address for Multi-segment N et work — B efore y ou c an a ssig n an IP v6 ad dre ss to the switch that will be used to connect to a multi-segme nt network, you must obta in th e following information from you r network admi nistrator:

• Prefix for this network

• IP addre ss for the switch

• Default ga teway for th e network For most networks that encom pass seve ral differen t subnets, it’s e asier to first

define a network prefix, a nd then con figure th e host add ress for th e switch. An IPv6 network prefix is composed of an IPv6- address and prefix length. The p refix length is the number of bits (fro m the le ft ) of the p re fix that form t he ne tw ork address, and is expressed as a decimal number. Fo r example, all IPv 6 address that start wi th the first byte of 73 (hexadecima l) could be e xpresse d as 73 :0:0:0:0:0:0:0/8 or 73 ::/8.

2-9

41-

Initial Configuration

To generate an IPv6 global unicast address for the switch using a general network prefix, complete the fo llowin g steps:

From the Global Configur ation mode prompt, ty pe “ipv6 gen eral prefix prefix-name ipv6-prefix/prefix-le ngth,” where the “prefix -name” is a labe l identifying the network segment, “ip v6-prefix” s pec ifies the high-order bits of the network address, a nd “pref ix len gth” ind icates th e ac tual n umbe r of bits used in the network prefix. Press <Ent er>.

From the global configu ration mode pro mpt, type “inte rface vlan 1 ” to access the interface-configuration mode. Press <En ter>.

From the interface prompt, type “ipv6 addre ss prefix-name ipv6-address/ prefix-length,” where “prefix-length” in dicates th e address bits used to form the network portion of the address . (The n etwork addr ess starts f rom the left of the general prefix a nd sho uld enco mpass some o f the ipv 6-addr ess bits .) The remaining bits are assigned to the host interface. Press <Enter>.

Type “exit” to return to the globa l configuration mode promp t. Press <En ter>.

To set the IP address of the IPv6 default ga teway for the network to whic h the switch belongs, type “ ipv6 de fau lt- gatew ay gateway,” where “ gatew ay” is the IPv6 address of the default gate way. Press <En ter> .

Console(config)#ipv6 general-prefix rd 2001:DB8:2222::/48 Console(config)#interface vlan 1 Console(config-if)#ipv6 address rd 0:0:0:7272::72/64 Console(config-if)#exit Console(config)ipv6 default-gateway 2001:DB8:2222:7272::254

41-17

Console(config)end Console#show ipv6 interface Vlan 1 is up IPv6 is enable. Link-local address:

FE80::200:E8FF:FE90:0/64

Global unicast address(es ):

2001:DB8:2222:7272::72 , subnet is 2001:D B8:2222:7272 ::/64

Joined group address(es):

FF01::1/16 FF02::1/16 FF02::1:FF72:64/104 FF02::1:FF90:0/104

MTU is 1500 bytes. ND DAD is enabled, number of DAD attempt s: 1. ND retransmit interval is 1000 milli seconds Console#show ipv6 default-gateway ipv6 default gateway:

001:DB8:2222:7272::254

41-8 27-1 41-9

41-14

2-10

Basic Configuration

Dynamic Configuration

Obtaining an IPv4 Address

If you select the “bootp” or “dhcp” option, IP will be enabled but will not function until a BOOTP or DHCP reply has b een rec eive d. Re qu ests wil l be s ent pe riod ic ally in a n effort to obtain IP configuration information. BOOTP and DHCP values can include the IP address, subnet mask, and default gateway. If the DHCP/BOOTP server is slow to respond, you m ay need to use the “ip dhcp res tart clie nt” com mand to re-start broadcasting servic e requ ests.

If the “bootp” or “dhcp” option is saved to the startup-config file (step 6), then the switch will start broadcasting se rvice requests a s soon as it is powe red on.

To automatically configure the switc h by com muni cating with BOOT P or D HC P address allocation s erver s on the netwo rk, co mplete the foll owing steps :

1. From the Global Configurat ion mode prom pt, ty pe “interfa ce vlan 1” to access the interface-configuration mode. Press <En ter>.

2. At the interface-configurat ion mode prompt , use one of the following commands:

• To obtain IP set tings via DHCP, typ e “ip addres s dhcp” an d press <Ente r>.

• To obtain IP settings via BOOTP, type “ip addre ss bootp ” and pres s <Enter>.

3. Type “end” to return to the Privi leged Exec m ode. Press <Enter>.

4. Type “ip dhcp restart client” to begin broadcasting service requests. Press <Enter>.

5. Wait a few minutes, and then c heck the IP con figuratio n settings by typin g the “show ip interface” co mmand. P ress <Enter>.

6. Then save your configuratio n changes by ty ping “copy running-conf ig startup-config.” Enter the startup file name and press <Enter>.

Console(config)#interface vlan 1 27-1 Console(config-if)#ip address dhcp 41-3 Console(config-if)#end Console#ip dhcp restart client 39-2 Console#show ip interface 41-5

IP address and netmask: 192.168. 1.54 255.2 55.255.0 o n VLAN 1,

and address mode: DHCP Console#copy running-config startup-config 23-11 Startup configuration file name []: startup \Write to FLASH Programming.

\Write to FLASH finish. Success.

2-11

41-

Initial Configuration

Obtaining an IPv6 Address

Link Local Address — Th ere are severa l wa ys to dy namic ally con figure IP v6 addresses. The simples t metho d is to automa tically gen erate a “link local ” address (identified by an address prefix of FE80). This address type m akes the sw itch accessible over IPv6 for a ll devices at tached to the sa me local s ubnet.

To generate an IPv6 link local address for t he switch, complete the follow ing steps :

1. From the Global Configur ation mo de promp t, type “interface vlan 1” to access the interface-configuration mode. Press <En ter>.

2. Type “ipv6 enable” and pr ess <Ente r>.

Console(config)#interface vlan 1 Console(config-if)#ipv6 enable Console(config-if)#end Console#show ipv6 interface Vlan 1 is up IPv6 is enable. Link-local address:

FE80::200:E8FF:FE90:0/64 Global unicast address(es ): Joined group address(es):

FF01::1/16

FF02::1/16

FF02::1:FF90:0/104 MTU is 1500 bytes. ND DAD is enabled, number of DAD attempts: 1. ND retransmit interval is 1000 milli seconds Console#

27-1 41-7

ddress for Multi-segment Ne twork — To generate an IPv6 addre ss that ca n be used in a network containing more t han one s ubnet, the switch can be configur ed to automatically generate a unique host ad dress based on the local subn et address prefix received in router advertisement messages. (DHCP for IPv6 will also be supported in future software releases.)

To dynamically ge nerate an IPv6 host addr ess for the sw itch, co mplete the fo llowing steps:

From the Global Configurati on mode prompt, type “interface vlan 1” t o acce ss the interface-configuration mode. Press <En ter>.

2-12

41-

Basic Configuration

2. From the interfa ce prompt , type “ipv6 add ress autoconfig” and press <Enter>.

Console(config)#interface vlan 1 Console(config-if)#ipv6 address autoconfig Console(config-if)#end Console#show ipv6 interface Vlan 1 is up IPv6 is enable. Link-local address:

FE80::212:CFFF:FE0B:4600/64

Global unicast address(es ):

2005::212:CFFF:FE0B:4600, subnet is 2005:0:0:0::/64

3FFE:501:FFFF:100:212:CFFF:FE0B:4600, subnet is 3FFE:501:FFFF:100::/64 Joined group address(es):

FF01::1/16

FF02::1/16

FF02::1:FF0B:4600/104 MTU is 1500 bytes. ND DAD is enabled, number of DAD attempt s: 1. ND retransmit interval is 1000 milli seconds Console#

27-1

41-10

Enabling SNMP Management Access

The switch can be configu red to acc ept manage ment co mmands fro m Simple Network Management Protocol (S NMP) application s such as H P OpenView. You can configure the sw itch to (1) respond to SNMP r equests or (2) genera te SNMP traps.

When SNMP managem ent stations sen d requests t o the switch (either to re turn information or to s et a parame ter), t he s witch pro vid es the reques ted da ta o r sets th e specified parameter. Th e switch can also be conf igured to send in formatio n to SNMP managers (without being requeste d by the managers) throug h trap messages, which inform the ma nag er that certa in eve nts have occurr ed.

The switch includes an SNMP a gent that su pports SN MP version 1, 2c, and 3 clients. To provide management access for ve rsion 1 or 2 c clie nts, you must s pecify a community string. The switch provides a de fault MIB View (i.e., an SNMPv3 construct) for the default “public” co mmunit y string that pro vides read access to the entire MIB tree, and a default view for the “p riva te” com munity string tha t prov ides read/write access to the entire MIB tree. However, you may ass ign ne w views to version 1 or 2c co mmunity strin gs that s uit your spe cific secur ity requi rements (see page 5-17).

Community Strings (for SNMP version 1 and 2c clients)

Community strings are used to control ma nageme nt access to S NMP ve rsion 1 and 2c stations, as well as to au thorize SNM P stations to receive t rap messages f rom the switch. You therefore need to assign community strings to specified users, and set the acce ss level.

2-13

24-

Initial Configuration

The default strings are:

• public - wit h re ad-on ly acces s. A uthori zed mana gement stat ions are onl y able to retrieve MIB objects.

•

private

- with read-write access. Authorized manage ment stations a re able to both

retrieve and modify MIB objects.

To prevent unauthorized access to the switch from SNMP version 1 or 2c clients, it is recommended that you ch ange the defa ult commun ity string s.

To configure a commu nity string, co mplete the fol low ing s teps :

1. From the Privileged Exec level glob al config uration mod e prompt, type

“snmp-server community string mode,” where “stri ng” is th e communi ty access string and “mode” is rw (read/write) or ro (read only). P ress <E nter>. (Note th at the default mode is re ad only.)

2. To remove an existing string, simply type “no sn mp-serve r commun ity string,”

where “string” is the c ommu nity a ccess string to remo ve. Press < Enter>.

Console(config)#snmp-server community admin rw Console(config)#snmp-server community private Console(config)#

Note:

If you do not intend to su pport acc ess to SNMP vers ion 1 and 2c c lients, we recommend that you delete both of the default community strings. If there are no community strings, then SNMP management access from SNMP v1 and v2c clients is disabled.

Trap Receivers

You can also specify SNMP stations that are to receive traps from the switch. To configure a trap receiver, use the “snm p -s er ver hos t” co m m and . Fr om the Privileged Exec level global configur ation mode prom pt, type :

“snmp-server host host-address community-string

[version {1 | 2 c | 3 {auth | noauth | priv }}]”

where “host-address” is the IP address for the trap receiver, “community-string” specifies acce ss rights for a version 1/2c host, o r is the us er name of a vers ion 3 host, “version” ind icates the SNMP client versio n, and “auth | noauth | priv” me ans that authentication, no aut hentication, o r authenticat ion and privac y is used for v3 clients. Then press <Enter>. For a more detail ed descri ption of these pa rameter s, see “snmp-server host” on page 24 -5. The follo wing exa mple creates a trap hos t for each type of SNM P client.

Console(config)#snmp-server host 10.1.19.23 batman Console(config)#snmp-server host 10.1.19.98 robin version 2c Console(config)#snmp-server host 10.1.19.34 barbie version 3 auth Console(config)#

2-14

Managing System Files

24-

Configuring Access for SNMP Version 3 Clients

To configure management access for SNMPv 3 clients, yo u need to first create a view that defines the po rtions of MIB that the cli ent ca n read or w rit e, a ss ig n t he v ie w to a group, and then assi gn the user to a group. The following ex ample creates on e view called “mib-2 ” that include s th e entire MIB- 2 tr ee branc h, a nd th en a noth er v iew that includes the IEEE 802.1d bridge MIB. It assigns these respective read and read/ write views to a g roup c all “r&d” a nd spe cifies gr oup a uthent icat ion v ia M D5 o r SHA. In the last step, it assigns a v3 u ser to this gro up , in d ica ti ng that M D5 wil l be us ed for authentication, provides the password “greenpe ace” for authentication , and the password “ein stien” for encr yption.

Console(config)#snmp-server view mib-2 1.3.6.1.2.1 included Console(config)#snmp-server view 802.1d 1.3.6.1.2.1.17 included Console(config)#snmp-server group r&d v3 auth mib-2 802.1d Console(config)#snmp-s erver user st eve group r& d v3 auth md5

greenpeace priv des56 einst ien

Console(config)#

For a more detailed explanation on how to configure the switch for access from SNMP v3 clients, refe r to “Simp le Network Managem ent Protoc ol” on page 5-1, or refer to the spec ific CLI co mmand s for SNM P starting on page 24-1.

24-10

24-11

Managing System Files

The switch’s flash memory supports three types of system files that can be managed by the CLI progra m, web inte rface, o r SNMP. The switc h’s file s yste m allo ws fi les to be uploaded and dow nloaded, c opied, deleted , and set as a start-up file.

The th ree types of f ile s ar e:

• Configuration — This fi le type stores sy stem confi guration infor mation and i s

created when configuration settings are sav ed. Saved configu ratio n files can be selected as a sy stem start -up file or can be uploade d via TFTP t o a server f or backup. The file named “F actory_Defau lt_Config.cfg” con tains all the system default settings and cannot be deleted from the system. If the system is booted with the factory default settings, the master u nit will also create a file name d “startup1.cfg” that contains system setting s for sta ck initializ ation, in cluding information about th e unit id entifier, MAC addre ss, and insta lled modu le type for each unit the stack. The configu ration setti ngs from th e factory def aults configuration file are copied to this file, whic h is then used to boot the stac k. See “Saving or Restoring Configuration Se ttings” on page 4-24 for more info rmation.

•

Operation Code

run-time code. This code runs the switch operatio ns and provide s the CLI an d web management interfaces. See “ Managing Fir mware” on page 4 -21 for more information.

— System software that is executed after bo ot-up, al so known as

2-15

Initial Configuration

• Diagnostic Code — Software t hat is run dur ing system b oot-up, also known as POST (Power On Self-Test).

Due to the size limit of the flash memor y, the switch s upports onl y two operatio n code files. However, you can h ave as many diagnostic c ode files an d config uration files as available flash me mo ry space allow s. The s witch ha s a to tal of 32 Mbyt es of flash memory for system files.

In the system flash memo ry, one file of each type must be s et as the start-up fil e. During a system boo t, the diag nostic and op eration co de files set as the start-up file are run, and then the start -up config uration file is loaded.

Note that configuration files should be downloaded using a file name that reflects the contents or usage of the file settings . If you do wnload direct ly to the ru nning-co nfig, the system will reboot, an d the set tings wi ll have to be copie d from the running-config to a perma nent file.

Saving Configuration Settings

Configuration commands only mo dify th e ru nning config uration fil e and are no t saved when the switch is reboot ed. To save all yo ur configu ration cha nges in nonvolatile storage, you must copy the r unning configurat ion file to the start-up configuration file using the “copy” command .

New startup configuration files must have a name specified. File names on the switch are case-s ensitive, can be fr om 1 to 31 c haracter s, must not contain slas hes (\ or /), and the leading letter of the file name must not be a period (.). (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”)

There can be more than one user- defined config uration file saved in the switch’s flash memory, but only o ne is de sign ated a s the “ startup ” file tha t is loa ded w hen th e switch boots. The new file as the startup file. To select a previousl y saved co nfigurat ion file, us e the

boot system confi g:

The maximum number of sav ed configu ration files depends on available flash memory, with each configuration file normall y requiring less than 20 kb ytes. Th e amount of available flas h memory can be che cked by using th e

copy running-conf ig startu p-config

<filename> command.

command always sets the

dir

command.

2-16

Managing System Files

To save the current configuration setting s, enter the fo llowin g comm and:

1. From the Privileged E xec m ode pro mpt, type “c opy ru nnin g-confi g

startup-config” and press <En ter>.

2. Enter the nam e of th e start-up fil e. Pre ss <Enter >.

Console#copy running-config startup-config Startup configuration file name []: startup \Write to FLASH Programming.

\Write to FLASH finish. Success.

Console#

23-11

2-17

Initial Configuration

2-18

Section II: Switch Management

This section describes the bas ic switch fe atures, along with a detailed descrip tion of how to configure each feature via a web browse r, and a br ief ex ample for t he Command Line Inte rface.

Configuring the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1

Basic Management Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1

Simple Network Management Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1

User Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1

Access Control Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1

Port Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1

Address Table Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1

Spanning Tree Algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-1

VLAN Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-1

Link Layer Discovery Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-1

Class of Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-1

Quality of Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-1

Multicast Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-1

Domain Name Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-1

Dynamic Host Configuration Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-1

Configuring Router Redundancy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-1

IP Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-1

Unicast Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-1

Switch Management

Chapter 3: Configuring the Switch

Using the Web Interface

This switch provides an embed ded HTTP web agent. Us ing a web bro wser you c an configure the switch and vie w statistics to monitor net work activi ty. The web ag ent can be accessed by any comput er on the ne twork using a stand ard web b rowser (Internet Explorer 5.0, Netscape 6.2, Mozilla Firefox 2.0.0.0, or more re cent versions).

Note:

You can also use the Command Line Interface (CLI) to manage the switch over a serial connection to the console port or via Telnet. F or more inform ation on using the CLI, refer to Chapter 21: “Over view of the Comma nd Line Interface. ”

Prior to acces sing the switch from a we b brow ser, b e su re y ou ha ve fi rst pe rfo rmed the following tas ks:

1. Co nfigure the sw itch with a v alid IP addres s, subnet mask, and d efault gat eway

using an out-of-band serial connection, BOOTP or DHCP protocol. (See “Setting an IP Address” on pag e 2-7.)

2. Set user names and password s using an out-of-ba nd serial c onnection . Access

to the web agent is con trolled by th e same user names and pa sswords as the onboard configuration prog ram. (See “Setting Passw ords ” on page 2 -7.)

3. After you enter a use r name and passw ord, you wi ll have acce ss to the system

configuration program .

Notes: 1. You are allowed three attempts to enter the cor rect password; on the third

failed attempt the current connection is terminated.

If you log into the web interface as g uest (Norm al Exec level), y ou can view the configuration settings or change the guest password. If you log in as “admin” (Privileged Exec level), you can change the settings on any page.

If the path between your manageme nt station and t his switch do es not pass through any device that uses the Spanning Tree Algorithm, then you can set the switch port attached to your management station to fast forwarding (i.e., enable Admin Edge Port) to improve the switch’s response tim e to management commands issued through the web interface. See “Configuring Interface Settings” on page 10-13.

3-1

Configuring the Switch

Navigating the Web Browser Interface

To access the web-browser interface you must first enter a user name and password. The administrator has Read/Write access to all configuration parameters and statistics. The default user name and password “admin” is used for the administrator.

Home Page

When your web browser connects with the switch’s web agent, the home page is displayed as shown below. The home page displays the Main Menu on the left side of the screen and System Information on the right side. The Main Menu links are used to navigate to other menus, and display configuration parameters and statistics.

Figure 3-1 Home Page

Note:

The examples in this chapter are based on the IC40480-10G. Other than the number of fixed ports, there are no other differences between the IC40240-10G and IC40480-10G. The panel graphics for both switch types are shown on the following page.

3-2

Navigating the Web Browser Interface

Configuration Options

Configurable parameters have a dialog box or a drop-down list. Once a configuration change has been made on a page, be sure to click on the Apply button to confirm the new setting. The following table summarizes the web page configuration buttons.

Table 3-1 Web Page Configuration Buttons

Button Action

Apply Sets specified values to the system. Revert Cancels specified values and restores current values prior to pressing Apply. Help Links directly to web help.

Notes: 1.

To ensure proper screen refresh, be sure that Internet Explorer is configured so that the setting “Check for newer versions of stored pages” reads “Every visit to the page”. Internet Explorer 6.x and earlier: This option is available under the menu “Tools / Internet Options / General / Temporary Internet Files / Settings”. Internet Explorer 7.x: This option is available under “Tools / Internet Options / General / Browsing History / Settings / Temporary Internet Files”.

You may have to manually refresh the screen after making configuration changes by pressing the browser’s refresh button.

Panel Display

The web agent displays an image of the switch’s ports. The Mode can be set to display different information for the ports, including Active (i.e., up or down), Duplex (i.e., half or full duplex), or Flow Control (i.e., with or without flow control). Clicking on the image of a port opens the Port Configuration page as described on page 8-3.

IC40240-10G

IC40480-10G

Figure 3-2 Front Panel Indicators

3-3

Configuring the Switch

Main Menu

Using the onboard web agent, you can de fine system parame ters, manage an d control the switch, and a ll its ports , or monit or netwo rk condit ions. The foll owing table briefly describes the selec tions av ailab le from th is progr am.

Table 3-2 Switch Main Menu

System

System Informat ion Switch Information

Bridge Extension IP Configuration IPv6 Configurati on

IPv6 Configuration IPv6 General Prefix

IPv6 ND Neighbor Jumbo Frames File Management

Copy Operation

Delete

Set Startup Line

Console

Telnet Log

Logs

System Logs

Remote Logs

SMTP Renumbering Renumbers the units in the stack Reset Restarts the switch

Description

Provides basic system description, including contact information Shows the numb er of ports, hard war e/fir mw are ver sion

numbers, and power status Shows the bridge extension parameters Sets the IPv4 address for management access Configures IPv6 interface addresses and static neighbors Configures IPv6 interface address and protocol settings Configures IPv6 general prefix for network portion of addresses Configures IPv6 neighbor discover protocol and static neighbors Enables support for jumbo frames

A lows the transfer and copying files Allows deletion of files from the flash memory Sets the startup file

Sets console port connection parameters Sets Telnet connection parameters

Sends error messages to a logging process Stores and displays error messages Configures the logging of messages to a remote logging process Sends an SMTP client message to a participating serv er

Page

4-1 4-1 4-3

4-4 4-5 4-9

4-9 4-15 4-17 4-21 4-21 4-22 4-22 4-22 4-26 4-26 4-28 4-30 4-33 4-30 4-31 4-33 4-35 4-36

3-4

Navigating the Web Browser Interface

Table 3-2 Switch Main Menu

Menu Description Page

SNTP Simple Network Time Protocol

Current Time Configuration Time Zone Summer Time

SNMP

Configuration Agent Status SNMPv3

Engine ID Remote Engine ID Users Remote Users Groups Views

Security

User Accounts Authentication Settings HTTPS Settings SSH

Settings Host-Key Settings User Public-Key Settings

Port Security

802.1X Port authentication Information Displays global configuration settings Configuration Configures global configuration parameters Port Configuration Sets the authentication mode for individual ports Statistics Displays protocol statistics for the selected port

ACL Access Control Lists

Configuration Configures packet filtering based on IP or MAC addresses Port Binding Binds a port to the specified ACL

Sets the time for the system clock Configures SNTP client settings, including a list of servers Sets the local time zone for the system clock Configures summer-tim e settings Simple Network Management Protocol Configures community strings and related trap functions Enables or disables SNMP

Sets the SNMP v3 engine ID Sets the SNMP v3 engine ID on a remote device Configures SNMP v3 users Configures SNMP v3 users on a remote device 5-11 Configures SNMP v3 groups Configures SNMP v3 views

Configures user names, passwords, and access levels Configures authentication sequence, RADIUS and TACACS Configures secure HTTP settings Secure Shell Configures Secure Shell server settings Generates the host key pair (public and private) Imports and manages user RSA and DSA public keys Configures per port security, including status, response for

security breach, and maximum allowed MAC addresses

(Continued)

4-36 4-36 4-37 4-39 4-40

5-1 5-3 5-2 5-7 5-7 5-8 5-9

5-13 5-17

6-1 6-1 6-2 6-5

6-8 6-14 6-10 6-12 6-16

6-18 6-19 6-20 6-20 6-24

7-1

7-1 7-11

3-5

Configuring the Switch

Table 3-2 Switch Main Menu

IP Filter

Port

Port Information Trunk Information Port Configuration Trunk Configuration Trunk Membership LACP

Configuration Aggregation Port Port Counters Information Port Internal Information

Port Neighbors Information Port Broadcast Control Trunk Broadcast Control Mirror Port Configuration Rate Limit

Input Port Configuration

Input Trunk Configuration

Output Port Configuration

Output Trunk Configuration Port Statistics

Address Table

Static Addresses Dynamic Addresses Address Aging

Spanning Tree

STA

Information Displays STA values used for the bridge

Configuration Configures global bridge settings for STP, RSTP and MSTP

Port Information Displays individual port settings for STA

Trunk Information Displays individual trunk settings for STA

Description

Configures IP addresses that are allowed management

access

Displays port connection status Displays trunk connection status Configures port connection settings Configures trunk connection settings Specifies ports to grou Allows ports to dynamically join trunks Configures parameters for link aggregation group members 8-10 Displays statistics for LACP protocol messages 8-13 Dis

plays settings and operational state for the local side 8-14 Displays settings and operational state for the remote side Sets the broadcast storm threshold for each port Sets the broadcast storm threshold for each trunk Sets the source and target ports for mirroring

Sets the input rate limit for each port Sets the input rate limit for each trunk Sets the output rate limit for each port Sets the output rate limit for each trunk Lists Ethernet and RMON port statistics

Displays entries for interface, address or VLAN Displays or edits static entries in the Address Table Sets timeout for dynamically learned entries

Spanning Tree Algorithm

(Continued)

p into static trunks

Page

6-26

8-1 8-1 8-1 8-3 8-3 8-7 8-8 8-8

8-16 8-17 8-17 8-19 8-20 8-20 8-20 8-20 8-20 8-22

9-1

9-2 9-4

10-1

10-3

10-6 10-10 10-10

3-6

Navigating the Web Browser Interface

Table 3-2 Switch Main Menu

Menu Description Page

Port Configuration Configures individual port settings for STA 10-13 Trunk Configuration Configures individua l trunk settings for STA 10-13

MSTP Multiple Spanning Tree Algorithm

VLAN Configura tion

Port Information Trunk Information Port Configuratio n Trunk Configuration

VLAN

802.1Q VLAN GVRP Status Basic Informatio n Current Table

Static List Static Table Static Membership by Port

Port Configuratio n Trunk Configuration

802.1Q Tunnel Configuration

Tunnel Port Conf igurati on Tunnel Trunk Configuration

Private VLAN

Status Link Status

Protocol VLA N

Configuration Port Configuratio n

Configures priority and VLANs for a spanning tree instance 10-16 Displays port settings for a specified MST instance 10-19 Displays trunk settings for a specified MST instance 10-19 Configures port settings for a specified MST instance 10-20 Configures trunk settings for a specified MST instance 10-20

Enables GVRP VLAN registration protocol 11-4 Displays information on the VLAN type supported by this switch Shows the current port members of each VLAN and whether or

not the port is tagged or untagged Used to create or remove VLAN groups Modifies the settings for an existing VLAN Configures membership type for interfaces, including tagged,

untagged or forbidden Specifies default PVID and VLAN attributes Specifies default trunk VID and VLAN attributes Enables 802.1Q (QinQ) Tunneling

Sets the tunnel mode for an interface Sets the tunnel mode for an interface

Enables or disables the private VLAN Configures the p rivat e VLA N

Creates a protocol group, specifying the supported protocols Maps a protocol group to a VLAN 11-21

(Continued)

11-1 11-1

11-4

11-5

11-6

11-7

11-9

11-10 11-10 11-16

11-17 11-17 11-18 11-19 11-19 11-20 11-20

3-7

Configuring the Switch

Table 3-2 Switch Main Menu

Menu Description Page

LLDP

Configuration Port Configuratio n Trunk Configuration Local Information Remote Port I nfo rm ati on

Remote Trunk Info rmat ion

Remote Information De tails

Device Statistics Device Statistics Details

Priority

Default Port P rio rit y Default Trunk Priority Traffic Classes Traffic Classes Statu s Queue Mode Queue Scheduling IP Precedence/

DSCP Priority Status IP Precedence P riori ty

IP DSCP Priority

IP Port Priority Status IP Port Priority

QoS Qualit y of Service

DiffServ

Class Map Policy Map Service Policy

Link Layer Discovery Protocol Configures global LLDP timing param eters Configures parameters for individual ports Configures parameters for trunks Displays LLDP information about the local d evi ce Displays LLDP information about a remote device connected to

a port on this switch Displays LLDP information about a remote device connected to

a trunk on this switch Displays detailed LLDP information about a remote de vic e

connected to this switch Displays LLDP statistics for all connected remote devices Displays LLDP statistics for remote devices on a selected port or

trunk

Sets the default priority for each port Sets the default priority for each trunk Maps IEEE 802.1p priority tags to output queues Enables/disables traffic class priorities (not implemented) Sets queue mode to strict priority or Weighted Round-Robin Configures Weighted Round Robin queueing Globally selects IP Precedence or DSCP Priority, or disables

both. Sets IP Type of Service priority, mapping the precedence tag to

a class-of-s ervic e val ue Sets IP Differentiated Services Code Point priority, mapping a

DSCP tag to a class-of-service value Globa ly enables or disables IP Port Priority Sets TCP/UDP port priority, defining the socket number and

associate d clas s- of- ser vice va l ue

Configure QoS classification criteria and service policies 14-1 Creates a class map for a type of traffic 14-2 Creates a policy map for multiple interfaces 14-4 Applies a policy map defined to an ingress port 14-7

(Continued)

12-11

12-13

13-10

13-11

12-1 12-1 12-3 12-3 12-5 12-8

12-8

12-9

13-1 13-1 13-1 13-3

13-5 13-6 13-7

13-8

14-1

3-8

Navigating the Web Browser Interface

Table 3-2 Switch Main Menu

Menu Description Page

IGMP Snooping Internet Group Management Protocol – Snooping

IGMP Configuration

IGMP Immediate Leave

Multicast Router Port Informat ion

Static Multicast Router Port Configuratio n

IP Multicast Registra tion Table

IGMP Member Port Table

DNS Domain Name Service

General Configuration Enables DNS; configures domain name and domain list; and

Static Host Table Configures static entries for domain name to address mapping Cache Displays cache entries discovered by designated name servers

DHCP Dynamic Host Configuration Proto col

Relay Configuration Specifies DHCP relay servers; enables or disables relay service Server Configures DHCP server parameters

General Enables DHCP server; configures excluded address range Pool Configuration Configure s address pools for network groups or a specific host IP Binding Displays addresses currently bound to DHCP clients

VRRP Virtual Router R edundancy Protocol

Group Configuration

Global Statistics Group Statistics

General

Global Settings Routing Interf ace

Enables multicast filtering; configures parameters for multicast query

Configures immediat e le ave f or m ultic ast se rvic es n o lo nger required

Displays the ports that are attached to a neighboring multicast router for each VLAN ID

Assigns ports that are attached to a neighboring multicast router

Displays all multicast groups active on this switch, including multicast IP addresses and VLAN ID

Indicates multicast addresses associated with the selected VLAN

specifies IP address of name servers for dynamic lookup

Configures VRRP g roups, in cludin g virtual inte rface ad dres s, advertisement interval, preemption, priority, and authentication

Displays global statistics for VRRP protocol packet errors Displays statistics for VRRP protocol events and errors on the

specified VRRP group and interface Internet Proto col

Enables or disables routing, specifies the default gateway Configures the IP interface for the specified VLAN 19-5

(Continued)

15-2 15-3

15-5

15-6

15-7

15-8

16-1 16-1

16-3 16-5 17-1 17-1 17-2 17-3 17-4 17-9 18-2 18-2

18-7 18-8

19-1 19-4 19-4

3-9

Configuring the Switch

Table 3-2 Switch Main Menu

Menu Description Page

ARP Address Resolution Protocol

General Sets the protocol timeout, and enables or disables proxy ARP for

Static Address es Dynamic Addresses Other Addresses Statistics

Statistics

ICMP

UDP

TCP

Routing

Static Routes Routing Tabl e

Routing Protocol

RIP Routing Information Protocol

General Settings

Network Add resses Interface Setting s

Redistribute C onfigu ration

Statistics

the specified VLAN Statically maps a physical address to an IP address Shows dynamically learned entries in the IP routing table Shows internal addresses used by the switch Shows statistics on ARP requests sent and received

Shows statistics for IP traffic, including the amount of traffic, address errors, routing, fragmentation and reassembly

Shows statistics for ICMP traffic, including the amount of traffic, protocol errors, and the number of echoes, timestamps, and address masks

Shows statistics for UDP, including the amount of traffic and errors

Shows statistics for TCP, including the amount of traffic and TCP connection activ ity

Configures a nd disp lay st ati c routi ng en t ries Shows all routing entries, including local, static and dynamic

routes

Enables or disables RIP, sets the global RIP version and timer values

Configures the network interfaces that will use RIP 20-5 Configures RIP p ara met ers for ea ch inte rfac e, incl udi ng s end

and receive versions, message loopback prevention, and authentication

Imports external routing i nformatio n from other routin g domain s into the autonomous system

Displays general information on update time, route changes and number of queries, as well as a list of statistics for known interfaces and neighbors

(Continued)

19-11 19-12 19-13 19-14 19-16 19-16

19-17

19-19

19-20

19-21 19-21 19-22

20-11

19-8 19-9

20-1 20-2 20-3

20-6

20-9

3-10

Navigating the Web Browser Interface

OSPF

General Configu rati on

Area Configuration Area Range Configuration Interface Conf ig urat ion

Virtual Link Conf iguratio n Network Area Address

Configuration Summary Address

Configuration Redistribute Co nfiguration NSSA Settings

Link State Database Information

Border Router Information

Neighbor Inform atio n

Table 3-2 Switch Main Menu

Description

Open Shortest Path First Enables or disables OSPF; also configures the Router ID and

various other global setting s Specifies rules for importing routes into each area Configures route summaries to advertise at an area boundary Shows area ID and designated router; also configures OSPF

protocol settings and authentication for each interface Configures a virtual link through a transit area to the backbone Defines OSPF areas and associated interfaces

Aggregates routes learned from other pro to cols for ad ver tising into other autonomous systems

Redistributes routes from one routing domain to another Configures settings for importing routes into or exporting routes

out of not-so-stubby areas Shows information about different OSPF Link Stat e

Advertisements (LSAs) stored in this router’s database Displays routing table entries for area border routers and

autonomous system boundary routers Displays information about neighboring routers on each

interface within an OSPF area

(Continued)

Page

20-14 20-15

20-19 20-23 20-25

20-29 20-31

20-33

20-35 20-36

20-38

20-40

20-41

3-11

Configuring the Switch

3-12

Chapter 4: Basic Management Tasks

This chapter descr ibe s the ba sic f unct ions req uired t o set up ma nage ment acc ess t o the switch, display or upgrade operating software, or reset the syste m.

Displaying System Information

You can easily identify the system by disp laying the device name, loca tion and contact information.

Field Attributes

• System Name – Name assi gned to th e switch system.

• Object ID – MIB II o bject ID for switch’s network man agemen t subsystem.

• Location – Spe cifies th e system locati on.

• Contact – Admini strator r esponsible f or the syste m.

• System Up Time – Lengt h of time the manageme nt agent has been up. These additional parameters are dis played f or the CLI.

• System Description – Brief desc ription of devi ce type.

• MAC Address – The physical lay er address for this switch.

• Web Server – Shows if management access via HTTP is enabled.

• Web Server Port – Shows t he TCP port numbe r used by the web interface.

• Web Secure Server – Sho ws if mana gement acc ess via HTTPS is enabled.

• Web Secure Server Port – Shows th e TCP por t used by th e HTTPS inte rface.

• Telnet Se rver – Shows if managem ent acces s via Teln et is enabled.

• Telnet Server Port – Shows the TCP port used by the Te lnet inte rface.

• Authentication L ogin – Shows t he user lo gin au thenti cation seque nce.

• Jumbo Fram e – Shows if jumb o frames ar e enabled.

• Jumbo Fra me Size – C onfigured s ize of jumb o fram e.

• POST Resu lt – Shows re sults of t he power-on se lf-test

4-1

Basic Management Tasks

Web

– Click System, System Informati on. Spe cify the system name, location, and contact information for the system administrator, then click Apply. (This page also includes a Telnet button that allows access to the Command Line Interface via Telnet.)

Figure 4-1 System Information

CLI

– Specify the hostname, location and contact information.

Console(config)#hostname R&D 5 23-1 Console(config)#snmp-server location WC 9 24-4 Console(config)#snmp-server contact Ted 24-4 Console(config)#exit Console#show system 23-7 System Description: 24/48 port 10/100 /1000 Stac kable Man aged Swit ch with

2 X 10G uplinks System OID String: 1.3.6.1.4.1.259.8.1.9 System Information

System Up Time: 0 days, 1 hours, 28 minutes, and 0.51 seconds

System Name: R&D 5

System Location: WC 9

System Contact: Ted

MAC Address (Unit1): 00-20-1A-DF-9C-A0

MAC Address (Unit2): 00-20-1A-DF-9E-C0

Web Server: Enabled

Web Server Port: 80

Web Secure Server: Enabled

Web Secure Server Port: 443

Telnet Server: Enable

Telnet Server Port: 23

Authentication Login: Local RADIUS None

Jumbo Frame: Disabled

Jumbo Frame Size: 1522

POST Result:

DUMMY Test 1 ................. PASS

DRAM Test .................... PASS

Timer Test ................... PASS

PCI Device 1 Test ............ PASS

I2C Bus Initialization ....... PASS

Fan Speed Test ............... PASS

Done All Pass. Console#

4-2

Displaying Switch Hardware/Software Versions

Displaying Switch Hardware/Software Ve rsions

Use the Switch Information page to displa y hardware/fi rmware ve rsion num bers for

the main board and manageme nt software, as well as th e power s tatus of th e

system.

Field Attributes

Main Board

• Serial Number – The serial num ber o f the switch .

• Number of Ports – Number of built-in ports.

• Hardwa re Ve rsio n – Hardware version of the main board.

• Internal P o wer Sta tu s – Displ ays the statu s of the in ternal power supp ly.

Management Software

• EPLD Version – Ve rsion num ber of EEPRO M Program mable Logic De vice.

• Loader Ver sion – Vers ion number of loader co de.

• Boot- ROM Versio n – Vers ion of Power- On Self-T est (POST ) and boot cod e.

• Ope ration Code Version – Version nu mber of runtime code.

• Role – Shows tha t this switch is operating as Maste r or Slave.

These additional parameters are dis played f or the CLI.

• Unit I D – Unit number in stack.

• Redundant Power Sta tus – Displa ys the statu s of the re dunda nt power su pply.

Web

– Click System, Switch In forma tion.

Figure 4-2 Switch Information

4-3

Basic Management Tasks

CLI

– Use the following comma nd to display v ersion infor mation.

Console#show version Unit 1

Serial Number: Hardware Version: EPLD Version: Number of Ports: Main Power Status: Redundant Power Status:

Agent (Master)

Unit ID: Loader Version: Boot ROM Version: Operation Code Version:

Console#

0000E8900001 R01

1.06 26 Up Not present

1.19.2.58

1.1.0.1 .1.0.2

23-8

Displaying Bridge Extension Capabilities

The Bridge MIB includes exte nsions for mana ged devices that suppor t Multicas t Filtering, Traffic Classes, and Virtual LANs. You can access these extensions to display default settings for the key variables.

Field Attributes

•

Extended Multicast Filtering Ser vices

of individual multicast addre sses base d on GMRP (GARP Multicast Regist ration Protocol).

•

Traffic Classes

– This switch provides mapping of user priorities to multiple traffic

classes. (Refer to “Clas s of Service” on page 13-1. )

• Static Entr y I ndividu al P ort – This switch allows s tatic filter ing for unicast and multicast addresses. (Ref er to “Setting Static Address es” on page 9-1.)

VLAN Learning

•

– This switch uses Independent VLAN Learning (IVL), where each

port maintains its own filtering database.

•

Configurable PVID Tagging

– This switch allows yo u to override the default Port VLAN ID (PVID used i n frame tag s) and egress stat us (VLAN-T agged or Untagged) on each port. (Refer to “VLAN Configu ratio n” on page 11 -1.)

•

Local VLAN Capable

– This switch does not support multiple local bridges outside

of the scope of 802.1Q defin ed VLANs.

GMRP

•

– GARP Multicast Registration Protocol (GMRP) allows network devices to register endstations with m ulticast grou ps. Th is switch do es not support G MRP; it uses the Internet Group Management Protoco l (IGMP) to provide auto matic multicast filtering.

– This switch does not support the filte ring

4-4

Setting the Switch’s IP Address (IP Version 4)

34-

Web

– Click System, Bridge Extension .

Figure 4-3 Displaying Bridge E xtensi on Con figu ration

CLI

– Enter the followi ng comman d.

Console#show bridge-ext

Max support VLAN numbers: 4096 Max support VLAN ID: 4093 Extended multicast filter ing servic es: No Static entry individual port: Yes VLAN learning: IVL Configurable PVID tagging: Yes Local VLAN capable: No Traffic classes: Enabled Global GVRP status: Disabled GMRP: Disabled

Console#

Setting the Switch’s IP Address

This section describes how to configure an initial IPv4 interface for management access over the netwo rk. This switc h suppo rts both IP v4 and IP v6, and ca n be managed throug h either of these addres s types. For info rmation on configur ing the switch with an IPv6 address, see “Setting the Swi tch’s IP Add ress (IP Version 6)” on page 4-9.

The IPv4 address for this stac k is obtained via DH CP by defaul t. To manually configure an address, you need to cha nge the stack’s default sett ings to values t hat are compatible with your netwo rk. You may also nee d to a establish a de fault gateway between the stack and managem ent statio ns that e xist on anothe r network segment (if ro uting is no t enabled on this stack).

You can manually configu re a specific IP addre ss, or direct the devic e to obtain an address from a BOOTP or DHCP server. Valid IP addres ses consist of fo ur decimal

(IP Version 4)

4-5

Basic Management Tasks

numbers, 0 to 255 , separate d by pe riods. Any thing outsi de this format w ill not be accepted by the CLI program.

Command Usage

• This section describes how to configure a single local interface for initial access to the stack. To config ure mult iple IP int erfaces on this stac k, you must set up an IP interface for each VLAN (page 19-4).

• To enable routing betwee n the dif ferent interf aces on this stack, you m ust enabl e IP routing (p age 1 9-4).

• To enable routi ng bet ween the interf aces defin ed on this sta ck a nd exter nal network interfaces, you must configu re static routes (pa ge 19- 21) or use d ynamic routing; i.e., either R IP or OSPF (page 20-2 and pag e 20-14, resp ectively).

• The precedence for config uring IP inte rface s is the IP / G enera l / Rou ting Inter fa ce menu (page 19-5), static routes (page 19-21), and then dynamic rou ting.

Command Attributes

• VLAN – ID of the config ured VLAN (1 -4093 ). By defa ult, all ports on the stac k are members of VLAN 1. Howe ver, the manage ment stat ion ca n be attached to a port belonging to any VLAN, as long as tha t VLAN has bee n assigned an IP addr ess.

• IP Address Mo de – Sp ecifies whether I P functi onality is enabled vi a manual configuration (Static), Dyn amic Host C onfiguration Pr otocol (D HCP), or Boot Protocol (BOOTP). If DHCP/BOOTP is enabled, IP will not function until a rep ly has been received from the server. Req uests will be bro adcast periodically by the switch for an IP address . (DHCP/ BOOTP value s can include the IP add ress, subnet mask, and default ga teway.)

• IP Address – Ad dr ess of the VL AN to which th e ma na gem e nt st a tion is attache d. (Note that you can manage the stack through any configured I P interface.) Valid IP addresses consist of four nu mbers, 0 to 255, sepa rated by periods. (Default: 0.0.0.0)

• Subnet Mask – This mas k identif ies the ho st addre ss bits used for ro uting to specific subnets. (Default: 255.0.0.0)

• Gateway IP Address – IP address of th e gateway route r between the stack and management stations that e xist on other networ k segments. (Default: 0.0.0.0 )

• MAC Address – The physica l layer addr ess for this switch.

4-6

Setting the Switch’s IP Address (IP Version 4)

Manual Configuration

Web

– Click IP, General, R outing Interface. Se lect the VLA N thro ugh which the management station is attached, set the IP Address Mode to “Static,” a nd spec ify a “Primary” interface. Enter the IP address, and s ubnet m ask, then click Apply.

Figure 4-4 IPv4 Inte rfac e C onfi gu rati on - M anual

Click IP, Global Settin g. If this stack and management s tations exist on other network segments, then specify the defau lt gateway, an d click Apply.

Figure 4-5 Default Gateway

CLI

– Specify the management interface, IP addres s and defau lt ga teway.

Console#config Console(config)#interface vlan 1 Console(config-if)#ip address 10.1.0.253 255.255.255.0 Console(config-if)#exit Console(config)#ip default-gateway 10.1.0.254 Console(config)#

27-1 41-3

41-4

4-7

41-

Basic Management Tasks

Using DHCP/BOOTP

If your network provides DHCP/BOO TP service s, you can conf igure the sta ck to be dynamically configured by the se services.

Web

– Click IP, General, Routing Interface. S pecify the VLA N to which the management station is attached, set the IP Address Mode to DHCP or BOOTP. Click Apply to save yo ur chan ge s. Th en click Re start DH CP to im me diat ely requ est a n ew address. Note that the stack will a lso broad cast a re quest for I P config uration settings on ea ch power re set.

Figure 4-6 IPv4 Interfac e C onf igu rati on - DH C P

Note:

If you lose your management connection, make a console connection to the Master unit and enter “show ip interface” to determine the new stack address.

CLI

– Specify the manag ement int erface, and set the IP a ddress m ode to DH CP or

BOOTP, and then enter the “ip dhcp restart client” command.

Console#config Console(config)#interface vlan 1 Console(config-if)#ip ad dress dhcp Console(config-if)#end Console#ip dhcp restart clie nt Console#show ip interface

Vlan 1 is up, addressing mode is DHCP

Interface address is 192.168.1.253, mask is 255.255.255.0, Primary MTU is 1500 bytes Proxy ARP is disabled Split horizon is enabled

Console#

27-1 41-3

39-2

4-8

39-

Setting the Switch’s IP Address (IP Version 6)

Renewing DCHP

specific period of time. If t he addres s expire s or the stac k is mo ved to ano ther network segment, you will lose management acce ss to the stack. In th is case, y ou can reboo t the sta ck o r su bmi t a clie nt req uest to restar t D HCP se rv ic e vi a the CL I.

Web – If the addres s assigned by DHCP is n o longer functi oning, you wil l not be able to renew the IP settings via the web interface. You can o nly restart D HCP service via the web interface if the cur rent address is still av ailable.

CLI

– Enter the following command to restart DHCP service.

Console#ip dhcp restart clie nt Console#

Setting the Switch’s IP Address

This section describes how to configure an initial IPv6 interface for management access over the netwo rk. This switc h suppo rts both IP v4 and IP v6, and ca n be managed throug h either of these addres s types. For info rmation on configur ing the switch with an IPv4 address, see “Setting the Swi tch’s IP Add ress (IP Version 4)” on page 4-5.

– DHCP may lease a ddresses to clients inde finitely or fo r a

(IP Version 6)

Configuring an IPv6 Address

IPv6 includes two di stinct addre ss types – link-loc al unicast a nd globa l unicast. A link-local addr ess makes the switch a ccessibl e over IPv6 fo r all devic es attac hed to the same local subn et. Manage ment tra ffic using this kind o f address canno t be passed by any router outside of the su bnet. A lin k-local address is easy to set up, and may be useful for simple netwo rks or basic troubleshoo ting ta sks. However , to connect to a larger network with multiple segments, the switch must be configured with a global unicast addres s. Both lin k-local an d global unica st addre ss types can either be manually configured or dyna mically as signed.

Command Usage

• This section describes how to configure a single local interface for initial access to the stack. To config ure mul tiple IP interface s on this stac k, you mu st set up an IP interface for each VLAN (page 19-4).

• To enable routing betwee n the dif ferent interf aces on this stack, you m ust enabl e IP routing (p age 1 9-4).

• To enable routin g between the interfaces de fined on thi s stack a nd external network interfaces, you must configu re static routes (pa ge 19- 21) or use d ynamic routing; i.e., either R IP or O SPF (page 2 0-2 and 2 0-14, resp ectively ).

• The precedence for config uring IP inte rface s is the IP / Gene ral / Rou ting Inte rfa ce menu (page 19-5), static routes (page 19-21), and then dynamic routing.

• All IPv6 addre sses mus t b e fo rmatt ed a ccord ing to RFC 2373 “I Pv6 A ddressi ng Architecture,” using 8 colon-sep arated 1 6-bit hexadec imal values. One doubl e colon may be used in th e addres s to indic ate the a ppropri ate numb er of zeros required to fill th e undefined fields.

4-9

Basic Management Tasks

• The switch must alw ays be conf igured wi th a link- local ad dress. Therefo re any configuration process that enables I Pv6 functi onality, or assigns a global u nicast address to the switch, will also automatically generate a link-local unicast address. The prefix length for a link-local address is fixed at 64 bits, a nd the host po rtion of the default address is based on the modified EUI-64 (Extended Universal Identifier) form of the interface identifier (i.e., the phys ical MAC address ). Alternatively , you can manually configure the link-lo cal add ress by e nterin g th e full a ddres s wi th the network prefix FE80.

• To con nec t to a lar ger net work wi th mu lt iple sub nets, y ou mu st confi gure a global unicast address. There are se veral alter natives to configu ring this address t ype:

- The global unicas t address ca n be automa tically c onfigu red by takin g the

network prefix from router advertise ments obse rved on the loca l interface , and using the modified EUI-64 form of the interface identifier to automatically create the host portion of the addre ss.

- It can be manually configur ed by specifying the entire network prefix and prefix

length, and usin g the EUI-64 form of the in terfac e identif ier to au tomatic ally create the low-order 64 bits in the host portion of the address.

- You can also ma nuall y configu re th e glob al un icas t addr ess by en teri ng t he full

address and prefix length.

- O r you can include a genera l prefix for t he networ k portion o f the addres s (as

described under “Configurin g an IPv6 Gene ral Ne twork Pre fix” on page 4-15) . When using this me thod, r ememb er that th e prefix le ngth spec ified on the IPv6 Configuration page must include both the length of the general prefix and any contiguous bits (f rom the left o f the spec ified address) that are added to the general prefix to form the e xtended ne twork portion of th e address.

• You can c onfigu re m u ltiple IPv6 gl obal un icast addr esse s per in terfac e, but onl y one link-local addre ss p er in terfac e.

• If a duplic ate link-loca l address is detected on the loca l segm ent, thi s interface is disabled and a warn ing mess age displa yed on the console. If a duplic ate global unicast address is detected on the network, th e address is disable d on this interface and a warning message di splayed on the consol e.

Command Attributes

• VLAN – ID of the config ured VLAN (1 -4093 ). By defa ult, al l ports on the stac k are members of VLAN 1. Howe ver, the manage ment stat ion ca n be attac hed to a por t belonging to any VLAN, as lon g as that VL AN has bee n assigne d an IP addr ess.

• IPv6 Address Proc essing – Enables IPv6 on an interface. Note that when an explicit address is ass igned to an in terface, IPv6 is auto matically en abled, and cannot be disab led until all as signed a ddresses have be en removed .

• IPv6 Interface Statu s – Shows if IP v6 interface address conf iguration s tate is stable (Enabled) or unstable (Stale) .

• IP v6 Defa ult G atew a y – Sets the IPv6 ad dress of the defau lt next hop route r to use when no other r outing informa tion is kno wn about an IPv6 add ress.

- The spec if i ed gateway is only va li d if r ou ti ng is dis abled using t h e I P / G en eral /

Global Settings screen (see page 19-4) or no other routing information is known

4-10

Setting the Switch’s IP Address (IP Version 6)

about the target addre ss. If IP rou ting is disabled , you must de fine a gateway if the target dev ice is locat ed in a differe nt subnet .

- If routing is enabled, you can still defi ne a stati c route us ing the I P / Rout ing / Static Routes screen ( see page 19-21) to ensure that t raffic to the desig nated address or subnet passes through a preferred gateway.

- An IPv6 default ga teway can o nly be succ essf ully set when a ne two rk in terfac e that directly conne cts to th e gateway h as been configu red on the switch.

• IPv6 MTU – Sets the size of the maximum transmission unit (MTU) for IPv6 packets sent on an interface . (Rang e: 1280-65 535 bytes , De fault: 15 00 bytes)

- If a non-defa ult valu e is config ured, an MTU option is included in the route r

advertisements sent from th is device. This optio n is provide d to ensure th at all nodes on a link use th e same MTU va lue in cases where the lin k MTU is not otherwise well know n.

- IPv6 routers do not fragment IPv6 packets forwarded from o ther route rs.

However, traffic originating from an end-station conne cted to an IPv6 route r ma y be fragmented.

- All devices on the same physical mediu m must use the same MTU in order to

operate correctly.

- IP v6 must be enabled on an in terfac e before the MTU can be set.

IPv6 Address Configuration Configuration Mode – Selects Auto Con figurat ion or Manual Configurati on.

• Auto Configuration – Ena bles sta teless autoc onfigu ration of IPv6 addre sses o n an interface and enables IPv6 fun ctionality on th e interface. The n etwork po rtion o f the address is based on prefixes received in IPv6 router advertisement messages, and the host portion is automatica lly generate d using the modi fied EUI-64 fo rm of the interface identifier (i.e., the s witch’ s MAC ad dress).

- If the router adver tisemen ts hav e the “other st ateful co nfiguratio n” flag set, the

switch will attempt to acquire other non-address configuration information (such as a default gateway) from a DHCP for IPv6 server.

•

Manual Configuration

address is assigned to an interf ace, IPv 6 is automa tically ena bled, a nd cannot be disabled until a ll assig ned add resse s have been re moved.

• IPv6 Ad dress – An IPv6 ad dress can be co nfigured in any of thes e ways:

- A link-local ad dress can b e man ually conf igured b y sp ecifying the ent ire address in the IPv 6 Address field, and selec ting th e Addre ss Type “Link Local.” The network prefix length is fixed at 64 bits a nd cannot b e changed.

- A global unicast addre ss can be con figured by spec ifying t he network pr efix and the length o f th e p re fix (i n th e IPv 6 A ddr ess field) , an d the n selec ti ng t he Address Type “EUI-64” to automatically create the host portion of the address in the low order 64 bits based on the modified EUI-64 interface identifier.

- A global unicast a ddress ca n be manually con figure d by spe cifyin g the full address and network prefix leng th (in the IP Address f ield), an d selecting th e Address Type “Others.”

– Enables IPv6 on an interface. Note that when an explicit

4-11

Basic Management Tasks

- A global unicast address can also be se t b y selecting a pre conf igured gen eral prefix for the network portion of the address from the Based on G eneral P refix scroll-down list and marki ng the check bo x next to this field to enable yo ur choice (see “Configuring an IPv6 General Network Prefix” on page 4-15), and then specifying t he addres s (in the IPv 6 Addres s field) and t he full net work prefix leng th (e.g., /64 append ed to the e nd of the sp ecified ad dress) wh ich includes the general prefi x and an y contiguo us bits startin g at the l eft of the address that are appended to th e network prefix.

Note About Prefix Length – To specify the prefix length, enter a forward slas h followed by a de cimal v alue in dicating how ma ny c on tiguou s bit s (st arting at th e left) of the address comp rise th e pref ix (i.e., the netwo rk p ortio n o f the ad dress ).

When used with a gene ral ne two rk p refi x to con figu re a glob al un icast ad dre ss, this length includes b oth that sp ec ified b y the gene ra l p re fix a nd a ny con tigu ou s prefix bits (start ing at the lef t of the sp ecif ied address) th at ex cee d th e len gth of the general prefix. If the prefix length specified by this parameter is shorter than the general prefix, then the length of the gen eral prefix takes preced ence.

•

Based on General Prefix

the address (see “Configuring an IPv6 Genera l Network Prefix ” on page 4-15). When configuring a gl obal unicast a ddress base d on a genera l network pr efix,

the prefix length include s both tha t specifi ed by the gene ral pr efix and any number of subsequent p refix bits that ex ceed the lengt h of the general prefix . Therefore, depending on the specified prefix length, some of the address bits entered in the IPv6 Add ress field may be appen ded to th e general pr efix. However, if the pref ix length is s horte r th an the g ene ra l pr efix, then the length of the general prefix takes precedence, and some of the address bit s ente red in the IPv6 Address fie ld will be ignore d.

• Address Ty pe – Defines the address type configured for this interfa ce.

• Link Local – Confi gures an IPv6 li nk-loca l address.

- The address p refix must b e FE80.

- You can configure only one li nk-loca l address per inte rface.

- The sp ecif ied addres s r ep la c es a l i nk-local add re ss th at was automa t ic ally

generated for the interface .

• EUI-64 (E xten ded U niversa l Ide ntifi er) – Co nfigur es a n I Pv6 a ddress for an interface using an EUI-64 in terface I D in the low ord er 64 bits.

- When using EUI-64 format for the low-order 64 bits in the host portion of the

address, the value e ntered in the I Pv6 Addre ss field includes t he networ k portion of the address, and the prefix length indicates ho w man y cont iguous bits (starting at the left) of th e a ddres s co mprise th e prefix (i.e ., the n etwork portion of the address ). Note tha t the value sp ecified in t he IPv6 Address field may include som e of the high -orde r host bits if the speci fied prefi x length is less than 64 bits. If the specified prefix length exceeds 64 bits, then the bits used in the network portion of the address will take precedence over the interface identifier.

- IPv6 addresses are 16 bytes long, of which the bottom 8 bytes typically form

a unique host id entifie r based o n the device’ s MAC address . The EUI-64

– Defines a general prefix for the n etwork seg men t of

4-12

Setting the Switch’s IP Address (IP Version 6)

specification is de signed for d evices t hat use an exten ded 8-byte MAC address. For devi ces that stil l use a 6- byte MAC a ddress (a lso know n as EUI-48 format), it mu st be convert ed into EUI-6 4 format by inve rting the universal/local b it in the add ress and ins erting the hexade cimal number FFFE between the upper an d lower th ree bytes of the MAC address .

For example, if a device had an EUI-48 add ress of 28- 9F-18-1 C-8 2-35, th e global/local bit must first be inverted to meet EUI-64 requirements (i.e., 1 for globally defined address es and 0 for locall y define d address es), changing 28 to 2A. Then t he two byt es FFFE are i nserted between t he OUI (i .e., organizationally unique identi fie r, or c ompa ny id entifier) and the rest of the address, resulting in a modified EUI-64 interface identifier of 2A-9F-18-FF-FE-1C-82-35.

- This host addressing method allows the same interface identifier to be used on multiple IP interfaces of a single device , as long as those interface s a re attached to different subnets.

• Others – System will automat ically detec t the addre ss type accordi ng to the address/prefix entered in the IPv6 Add ress field.

Current Address Table

• IPv6 Addre ss – IPv6 addre ss as signed to t his i nterface . In addition to the unicast add re ss es a ssig ne d t o an int erfa ce, a n od e is re qu ired t o

join the all-nodes multicast address es FF01:: 1 and FF 02::1 for all IP v6 node s within scope 1 (interface- local) and scope 2 (link-l ocal), respectiv ely.

FF01::1/16 is the transient n ode-local multicast ad dress fo r all attached IP v6 nodes, and FF02::1/16 i s the link-loca l multicast address for all attached IPv 6 nodes. The node-local mu ltica st addres s is only u sed fo r loop back tra nsmis sion of multicast traffic. L ink-loca l multica st addres ses co ver the sa me type s as used b y link-local unicast addresses, inc luding all no des (FF02: :1), all router s (FF02 ::2), and solicited nodes (F F02::1:FFXX:XXX X) as des cribed below.

A node is also required to compute and join the associated solicited-node multicast addresses for every u nicast and anycast ad dress it i s assigned. IPv6 address es that differ only in the high-order bits, e.g . due to multip le high-orde r prefixes associated with different aggregations, w ill map to the same solicite d-node address, thereby reduc ing the numb er of mult icas t address es a node m ust joi n. In this example, FF02::1:FF90 :0/1 04 is the sol icite d-nod e m ult icast ad dr ess whi ch is formed by taking the low- order 24 bits o f the add ress and a ppend ing thos e bits to the prefi x.

Note that the solicited-node m ulticast ad dress (lin k-local s cope FF02) is used to resolve the MAC addre sses for neighbo r nodes sinc e IPv6 do es not support the broadcast method use d by the Address R esolution Pr otocol in IPv4.

• Addres s Type – Glob al, Link-lo cal or Multi cast.

• Configuration M ode – Show s if address is set manual ly or auto con figured.

4-13

Basic Management Tasks

Web

– Click System, IPv6 Configura tion, I Pv6 Con figurat ion. Set th e IPv6 de fault

gateway, specify the VLA N to co nfigure, en able I Pv6, and set the MT U. Th en e nter a global unicast or link-loc al address an d click Add I Pv6 Addres s.

Figure 4-7 IPv6 Interface Config uration

4-14

Setting the Switch’s IP Address (IP Version 6)

41-

CLI

– This example configures an IPv6 gateway, specifies the management

interface, configures a glo bal un icast ad dress, a nd then sets the MTU.

Console#config Console(config)#ipv6 default-gateway 2009:DB9:2229::240 Console(config)#ipv6 general-prefix rd 2009:DB9:2229::/48 Console(config)#interface vlan 1 Console(config-if)#ipv6 address rd 7279::79/64 Console(config-if)#ipv 6 mtu 1280 Console(config-if)#ipv6 enable Console(config-if)#end Console#show ipv6 default-gateway ipv6 default gateway: 2009:DB9:2229::240 Console#show ipv6 interface Vlan 1 is up IPv6 is enable. Link-local address:

FE80::200:E8FF:FE90:0/64

Global unicast address(es):

2009:DB9:2229::79, subnet is 2009:DB9:2229:0::/64

Joined group address(es):

FF01::1/16 FF02::1/16 FF02::1:FF00:79/104

FF02::1:FF11:4321/104 MTU is 1280 bytes. ND DAD is enabled, number of DAD attempts: 1. ND retransmit interval is 1000 mi lliseco nds Console#show ipv6 mtu MTU Since Destination Address 1400 00:04:21 5000:1::3 1280 00:04:50 FE80::203:A0FF:FED6:141D Console#

41-17

41-8 27-1 41-9

41-18

41-7

41-17

41-14

Configuring an IPv6 General Network Prefix

The IPv6 General Prefix page is use d to configu re genera l prefixe s that are subsequently used on th e IPv6 Conf iguration w eb page (see page 4-9) to sp ecify the network address portion of an in terfac e address .

Command Usage

• Prefix es may contain ze ro-val ue fields or en d in zeros .

• A general prefix holds a short prefi x that ind icates the hi gh-order b its used in the network portion of the address. Lo nger, mor e specific, pre fixes can be based on the general prefix to specify an y numb er of subn ets. When the genera l pre fix is changed, all of the more spec ific prefixe s based on this prefi x will also change.

Command Attributes

• Genera l Prefix Name – The label assigned to the general prefix.

• IPv6-Prefix/Prefix-length – The high -order bits of the network ad dress seg ment assigned to the general prefix. T he prefix must be fo rmatted a ccording to R FC 2373 “IPv6 Addressing Arc hi tect ur e,” u sing 8 co lo n-sep ar ated 16-bit hexade cim al values. One dou ble colo n may b e used in th e address to indic ate the approp riate number of zeros required to fill the u ndefine d fields.

4-15

41-

Basic Management Tasks

Follow the prefix by a forward slash and a decimal value indicating how many of the contiguous b its (from the left ) of the addr ess comp rise the pre fix (i.e ., the network portion of the add ress).

Web

– Click System, IPv6 Config uration, I Pv6 Ge nera l Pref ix. Click Add to open the

editing fields for a prefix entry. Enter a na me for the general prefix, t he valu e for the general prefix, and the prefix length. Then click Add to enable th e entry.

Figure 4-8 IPv6 General Prefix Configur ation

CLI

– This example cre ates a gen eral networ k prefix of 2009:DB9 :2229 ::/48.

Console(config)#ipv6 general-prefix rd 2009:DB9:2229::/48 Console(config)#end Console#show ipv6 general-prefix IPv6 general prefix: rd 2009:DB9:2229::/48 Console#

41-8

4-16

Setting the Switch’s IP Address (IP Version 6)

Configuring Neighbor Detection Protocol and Static Entries

IPv6 Neighbor Discovery Protocol supersed es IPv4 Add ress Resolution Protocol in IPv6 netwo rks. I Pv6 nod es on th e same n etwork s egment u se Ne ighbor Dis covery to discover each other's presence, to determine each other's link-layer addresses, to find routers and to maintain re achability info rmatio n about the paths to active neighbors. The key parameters used to facilitate this process are th e number of attempts made to verify wheth er or not a duplicate address exis ts on the sam e network segment, and the in terval betwee n neighbo r solicita tions used to ve rify reachability informa tion.

Command Attributes

Protocol Settings

• VLAN – VLAN ID (Range: 1-4093)

• IPv6 ND DAD Attem pts – The numb er of consec utive neig hbor solic itation messages sent on an interface during duplicate address detection. (Range: 0-600, Default: 1)

- Configuring a value of 0 disable s duplic ate addres s detectio n.

- Duplicate add ress d etec tion deter mi nes i f a new uni cas t IP v6 addre ss alrea dy

exists on the network be fore it is a ssigned to an inte rface.

- Duplicate addre ss d etecti on is sto pped on a ny inter fac e th at h as b een

suspended (see “Creating VLANs ” on page 11-6) . While an inte rface is suspended, all unicast IPv6 addre sses assig ned to that interfa ce are p laced in a “pending” state. Duplicate address detection is automatically restarted when the interface is administra tively re -activated .

- An interface that is re-activated restarts duplic ate address detection for all

unicast IPv6 addresses on t he interf ace. Whil e duplicate address de tection i s performed on the interface’s link-local address, the other IPv6 addresses remain in a “tentative” state. If no duplicate link-local address is found, duplicate address detection is st arted for the re maini ng IPv6 add resses.

- If a duplicate addres s is detecte d, it is set to “duplicate ” state, and a warning

message is sent to the console. If a duplicate link-local address is detected, IPv6 processes are disa bled on the inter face. If a du plicate gl obal u nica st addres s is detected, it is not use d. All conf igurat ion co mma nd s ass ociated with a duplicat e address remain configure d while the address is in “duplicate” state.

- If the link-lo ca l add ress fo r an interf ace is c han ged , d upl icate a ddr es s de te ctio n

is performed on the new li nk-local a ddress, but not for a ny of the IP v6 global unicast address es alr ea dy a sso ciated w i th t he inter face.

•

IPv6 ND NS Interval

messages on an interface. (Range: 10 00-3600000 milliseconds; Default: 1000 milliseconds is used for neighbor discov ery operations,

0 milliseconds is advertised in route r advertiseme nts)

- This attribute sp ecifies the interval betwee n transm itting neigh bor solicitat ion

messages when resolving an addre ss, or when probing the re achability of a neighbor. Therefore, avoid using very s hor t intervals for normal IPv6 operation s.

– The interval between transmitting IPv6 neighbo r solicitation

4-17

Basic Management Tasks

- When a non-default value is con figure d, the speci fied inter val is use d both for router advertisements a nd by th e ro uter itse lf.

Current Neighbor Cache Table

• IPv6 Addre ss – IPv 6 add ress of nei ghbor d evic e.

• Age – The time since the address was ver ified as reac hable (in mi nutes). A static entry is indicated by the val ue “Permanen t.”

• Link-layer Address – Physic al layer MAC addr ess.

• State – The current state for an entry. The following states are use d fo r dy nami c entries:

- INCMP (Incomp lete) - Addres s resolu tion is bei ng carried out on the entry.

A neighbor solicitati on mess age has been sent t o the mult icast ad dress of the target, but it has not yet return ed a neighb or advertise men t message.

- REACH (Reach able) - Positiv e confirmat ion was rece ived within t he last

ReachableTime interval that the forward path to the neighbo r was function ing. While in REACH state, the device takes no special act ion whe n sending packets.

- STALE - More than th e Reach ableTim e in terval h as elaps ed sin ce the las t

positive confirma tion was received that the f orwar d path wa s fun ctioning. While in STALE state, th e device t akes no acti on until a pa cket is sent .

- DELAY - More than th e Reachabl eTime interval has e lapsed sinc e the last

positive confirmation wa s received that th e forward path was functioning. A packet was sent within the last D ELAY_FI RST_PRO BE_TIM E inter val. If no reachability confirmation is received within this interval after entering the DELAY state, the switch will send a neig hbor s olic ita tion m ess ag e an d ch ang e the st ate to PROBE.

- PROBE - A reachability confirm ation is ac tively sou ght by res ending nei ghbor

solicitation messages every Retra nsTim er interva l until con firmation of reachability is receive d.

- ???? - Unknown state. The following states are use d for static en tries:

- INCMP (Incomp lete) -Th e interface fo r this entr y is down.

- REAC H (Reachable) - The interfa ce for this entry is up. Reacha bility detect ion

is not applied to stat ic entrie s in the IP v6 neighb or discovery cache.

• VLAN – VLAN interface from which the ad dre ss was re ached.

Adding Static Neighbors (IPv6 Neig hbor -- Add)

• IPv6 Address – The IPv6 address of a ne ighb or device th at can be re ached through one of the network interfaces configured on this switch. You can specify either a link-local or global unicast address fo rmatted according t o RFC 2373 “IPv6 Addressing Architecture,” using 8 colon-separated 16-bit hexadecimal values. One double colon may be used in the addres s to indica te the appropria te number of zeros required to fill the undefined fields.

• VLAN – VLA N ID (Range : 1 -4093 )

•

Hardware Address

address must be for matted as six hexad ecimal pairs sepa rated by hyphen s.

– The 48-bit MAC layer ad dress for th e neighbo r device. This

4-18

Setting the Switch’s IP Address (IP Version 6)

Web

– Click System, IPv6 Configuration, IPv6 ND Neighbor. To configure the Neighbor Detection protocol settings, sele ct a VLAN inter face, set the num ber of attempts allowed for duplica te addres s detection, se t the interv al for neighbor solicitation messages, a nd click Apply. To configure stat ic neighbor entrie s, click Add, fill in the IPv6 address , V LAN int erfac e and hardware address. Then click Add.

Figure 4-9 IPv6 Ne ig hbor Detection and Neighbor Cache

4-19

is3

[

Basic Management Tasks

CLI

– This example maps a static ent ry for a glob al unicast addre ss to a MAC

address.

Console(config)#interface vlan 1 Console(config-if)#ipv6 nd dad attempts 5 Console(config-if)#ipv6 nd ns-interval 30000 Console(config-if)#end Console#show ipv6 interface Vlan 1 is up IPv6 is enable. Link-local address:

FE80::1034:11FF:FE11:4321/64

Global unicast address(es):

2009:DB9:2229::79, subnet is 2009:DB9:2229:0::/64

Joined group address(es):

FF01::1/16 FF02::1/16 FF02::1:FF00:79/104

FF02::1:FF11:4321/104 MTU is 1280 bytes. ND DAD is enabled, number of DAD attempts: 5. ND retransmit interval Console#configure Console(config)#ipv6 neighbor 2009:0DB9::49A vlan 1

30-65-14-01-11-87 Console(config)#end Console#show ipv6 neighbors IPv6 Address Age Link-layer Addr State 2009:DB9:2229::77 Permanent 30-65-14-01-11-87 REACH Console#

0000milliseconds

27-1 41-27 41-29

41-26

41-30

Vlan

4-20

Configuring Support for Jumbo Frames

23-

Configuring Support for Jumbo Frames

The switch provides more efficient throug hput for la rge seq uential d ata transfers by supporting jumbo frames up to 9216 bytes. Com pared to sta ndard E thernet fr ames that run only up to 1.5 KB, using jumbo frames s ignificantly re duces the per -packet overhead required to process pr otocol enca psulation fiel ds.

Command Usage

To use jumbo frames, both the source and destina tion end node s (such as a computer or serve r) must support t his fea ture. Also, when t he con nection is operating at full duplex , a ll switch es in the n etwor k bet ween the tw o end no des must be able to accept the ex tended fra me size. An d for half-duplex connections, all devices in the collision do main would nee d to support jumbo frames .

Command Attributes

Jumbo Packet Status

Web

– Click System, Jumb o Frames. En able or disab le support for jumb o frame s,

and click Apply.

– Configures suppo rt fo r j umb o frames. (Default: D isab led)

Figure 4-10 Configuring Support for Jumbo Frames

CLI

– This example enables jumbo frames globally for the switch.

Console(config)#jumbo fr ame Console(config)#

Managing Firmware

You can upload/downloa d firmware to or from a TFTP se rver, or copy files to and from switch units in a stack. By saving runtim e code to a file on a TFTP server, t hat file can later be downloa ded to the s witc h to res tore ope rati on. You can a lso se t t he switch to use new firmware without overwriting the previous version. You must specify the method of file tra nsfer, a long w ith t he fi le t ype and fi le n ames as req uire d.

Command Attributes

• File Trans fer Method – Th e firmware co py operati on includes these opti ons:

- file to file – Co pies a file within the sw itch direct ory, assi gning it a new name.

- file to tftp – Copies a fi le from the swi tch to a TFTP se rver.

- tftp to file – Copies a fi le from a TFTP ser ver to th e switch .

- file to unit – Copies a fil e from this switc h to anoth er unit in the stack .

- unit to file – Copies a file from another unit in the stack to this switch.

4-21

Basic Management Tasks

• TFTP Server IP Address – The IP ad dress of a TFTP serv er.

• File Type – Spec ify opcode (operat ional code ) to copy fir mware .

• File N ame – The file name should not contain slashes (\ or /), the l eading lette r of the file name should no t b e a p e rio d (.), a nd t he ma ximum length for file names on the TFTP server is 127 ch aracters or 31 char acters for fil es on the swit ch. (Valid c haracte rs: A-Z, a-z , 0-9, “.”, “- ”, “_”)

• Source/Destination Uni t – Stack unit. (Range: 1 - 8)

Note:

Up to two copies of the system software (i.e., the runtime firmware) can be stored in the file directory on the switch. The currently designated startup version of this file cannot be deleted.

Downloading System Software from a S erver

When downloading runt ime code, you can spec ify the destin ation file na me to replace the curren t image, or first download the file us ing a differen t name fro m the current runtime co de file, an d then set the new file as the startup file .

Web

– Click System, File Management, Copy Operation. Select “tftp to file” as the file transfer method, enter the IP address of the TFTP server, set the file type to “opcode,” en ter the file n ame o f the so ft ware t o d own lo ad , s elect a fi le on the sw itc h to overwrite or specify a new file name, then clic k Apply. If you replac ed the cur rent firmware used for sta rtup and wa nt to s tart us ing the n ew o perat ion co de, r eboot t he system via the System/Res et menu.

Figure 4-11 Copy Firmware

4-22

Managing Firmware

If you download to a new destination fi le, go to the File Manag ement, Se t Start-Up menu, mark the o peration code f ile use d at startu p, and cl ick A ppl y. To star t the new firmware, reboot the system via the Sys tem/R ese t menu.

Figure 4-12 Setting the Startup Code

To delete a file select System, File Management, Delete. Select the file name from the given list b y checking the tick bo x and click Ap ply. Note that the file current ly designated as the startup code ca nnot be de lete d.

Figure 4-13 Deleting Files

CLI

– To download new firmware form a TFTP server, enter the IP addre ss of the TFTP server, select “config” as the file type, then en ter the source and destina tion file names. Whe n the file has finis hed download ing, set the ne w file to start up the system, and then restart the switch.

4-23

22-

Basic Management Tasks

To start th e new firmw are, ente r the “reloa d” c omman d or re boot the s ystem.

Console#copy tftp file TFTP server ip address: 10.1 .0.19 Choose file type:

1. config: 2. opcode: <1-2 >: 2

Source file name: V3.1.16.20.bix Destination file name : V 311620 \Write to FLASH Programming .

-Write to FLASH finish. Success. Console#config Console(config)#boot system opcode:V311620 Console(config)#exit Console#reload

23-11

23-16

Saving or Restoring Configurat ion Settings

You can upload/download configura tio n setting s to /from a TFT P se rver, or co py fi l es to and from switch units in a sta ck. The conf igur ation file ca n b e later d own lo ade d to restore the switch’s se ttings.

Command Attributes

• File Transfer Method – Th e configur ation co py operation inc ludes th ese opti ons:

- file to file – Co pies a file within the sw itch direct ory, assi gning it a new name.

- file to running- config – Copies a file in the switch to t he running co nfigurati on.

- file to startup-config – Copies a file in the switch to the startup configu ration.

- file to tftp – Copies a f ile from th e switch to a TFTP se rver.

- running-config to file – Copies the running configuration to a file.

- running-config to startup-config – Copies the runnin g config to the startup config.

- running-config to tftp – Copies the running configuration to a TFTP server.

- startup-config to file – Copies th e start up configurat ion to a file on the swi tch.

- startup-config to running-config – Copies the startup co nfig to t he run ning config.

- startup-config to tftp – Copies th e startup configurat ion to a TFTP serv er.

- tftp to file – Copies a fi le from a TFT P server to th e switch .

- tftp to running-config – Copies a file from a TF TP serv er to the running co nfig.

- tftp to startup-config – Copie s a file from a TFTP server to the startu p config.

- file to unit – Copies a fil e from this switc h to anoth er unit in the stack .

- unit to file – Copies a file from another unit in the stack to this switch.

• TFTP Server IP Address – T he IP address of a TFTP serv er.

• File T ype – Spe cify config (config uratio n) to copy con figuratio n settings .

• File Name — The configuration file name should not contain slashes ( \ or /), t he leading lette r of the file name should not be a period (.) , and the m aximum length for file names on the TFTP se rver is 1 27 charac ters or 31 chara cters fo r files on the switch. (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”)

• Source/Destination Uni t – Stack unit. (Range: 1 - 8)

4-24

Saving or Restoring Configuration Settings

Note:

The maximum num ber of us er-d efined conf igu ration files is limit ed only by available flash mem ory space .

Downloading Configuration Sett ings from a Server

You can download the config uratio n file under a new file name an d then set it as th e startup file, or you can spec if y th e c urre nt sta rtup co nf igu rati on f ile as t he de stinat ion file to directly replace it. Not e that the fi le “Facto ry_Defa ult_Config .cfg” ca n be copied to the TFTP server, but c annot be used as the de stination on the swit ch.

Web

– Click System, File Mana gement, Copy Opera tion. Choo se “tftp to startup-config ” or “tftp to file,” an d enter the IP add ress of t he TFTP serv er. Speci fy the name of the file t o download , select a fil e on the swit ch to overwrit e or specify a new file name, and then click Apply.

Figure 4-14 Downloading C onfigu rati on Set ting s fo r S tar t-Up

If you download to a n e w file name using “tftp to start u p-config” or “tftp to file,” the file is automatically set as the start-up config uration file. To u se the new set tings , re boo t the system via the S ystem/ Reset men u. You can also s elec t any conf igu ration file as the start-up configuration by using the Syste m/File Ma nagement/Set Start- Up page.

Figure 4-15 Setting the Startup Configuration Settin gs

4-25

Asante Technologies 40240-40480-10G User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

Description of Software Features

Basic Configuration

Navigating the Web Browser Interface

Saving or Restoring Configuration Settings