Page 1
GigaX3112 Series
Layer 3 Managed Switch
User Manual
Page 2
E2460
Second Edition V2
February 2006
Copyright © 2006 ASUSTeK COMPUTER INC.
of this manual, including the products and software described in it, may be
reproduced, transmitted, transcribed, stored in a retrieval system, or translated
into any language in any form or by any means, except documentation kept by
the purchaser for backup purposes, without the express written permission of
ASUSTeK COMPUTER INC. (ASUS).
Product warranty or service will not be extended if: (1) the product is repaired,
modified or altered, unless such repair, modification of alteration is authorized in
writing by ASUS; or (2) the serial number of the product is defaced or missing.
ASUS provides this manual “as is” without warranty of any kind, either express
or implied, including but not limited to the implied warranties or conditions of
merchantability or fitness for a particular purpose. In no event shall ASUS,
its directors, officers, employees, or agents be liable for any indirect, special,
incidental, or consequential damages (including damages for loss of profits,
loss of business, loss of use or data, interruption of business and the like), even
if ASUS has been advised of the possibility of such damages arising from any
defect or error in this manual or product.
Specifications and information contained in this manual are furnished for
informational use only, and are subject to change at any time without notice,
and should not be construed as a commitment by ASUS. ASUS assumes no
responsibility or liability for any errors or inaccuracies that may appear in this
manual, including the products and software described in it.
Products and corporate names appearing in this manual may or may not be
registered trademarks or copyrights of their respective companies, and are used
only for identification or explanation and to the ownersʼ benefit, without intent to
infringe.
All Rights Reserved. No part
Page 3
GigaX3112 Series Layer 3 Managed Switch
Federal Communications Commission Statement
This device complies with Part 15 of the FCC Rules. Operation is subject to the
following two conditions:
• This device may not cause harmful interference, and
• This device must accept any interference received including interference
that may cause undesired operation.
This equipment has been tested and found to comply with the limits for a Class
B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed
to provide reasonable protection against harmful interference in a residential
installation. This equipment generates, uses and can radiate radio frequency
energy and, if not installed and used in accordance with manufacturerʼs
instructions, may cause harmful interference to radio communications. However,
there is no guarantee that interference will not occur in a particular installation. If
this equipment does cause harmful interference to radio or television reception,
which can be determined by turning the equipment off and on, the user is
encouraged to try to correct the interference by one or more of the following
measures:
• Re-orient or relocate the receiving antenna.
• Increase the separation between the equipment and receiver.
• Connect the equipment to an outlet on a circuit different from that to which
the receiver is connected.
• Consult the dealer or an experienced radio/TV technician for help.
WARNING!
graphics card is required to assure compliance with FCC regulations. Changes
or modifications to this unit not expressly approved by the party responsible for
compliance could void the userʼs authority to operate this equipment.
The use of shielded cables for connection of the monitor to the
Canadian Department of Communications Statement
This digital apparatus does not exceed the Class B limits for radio noise
emissions from digital apparatus set out in the Radio Interference Regulations of
the Canadian Department of Communications.
This class B digital apparatus complies with Canadian ICES-003.
i
Page 4
GigaX3112 Series Layer 3 Managed Switch
ASUS contact information
ASUSTeK COMPUTER INC. (Asia-Pacific)
Address 150 Li-Te Road, Peitou, Taipei, Taiwan 112
Telephone +886-2-2894-3447
Web site www.asus.com.tw
Technical Support
Telephone (MB/Component) +886-2-2890-7121 (English)
(Notebook) +886-2-2890-7122 (English)
(Server/PC) +886-2-2890-7123 (English)
Support fax +886-2-2890-7698
ASUS COMPUTER INTERNATIONAL (America)
Address 44370 Nobel Drive, Fremont, CA 94538, USA
Fax +1-502-933-8713
E-mail: tmd1@asus.com
Web site: usa.asus.com
Technical Support
Telephone (General) +1-502-995-0883
(Notebook) +1-877-918-ASUS (2787)
Fax +1-502-933-8713
Support e-mail: tsd@asus.com
ASUS COMPUTER GmbH (Germany and Austria)
Address Harkort Str. 25, D-40880 Ratingen, Germany
Telephone +49-2102-95990
Fax +49-2102-959911
Online contact www.asuscom.de/sales
Technical Support
Telephone +49-2102-95990
Fax +49-2102-959911
Online support www.asuscom/de/support
Web site www.asuscom.de/news
ASUS COMPUTER (Middle East and North Africa)
Address P.O. Box 64133, Dubai, U.A.E.
Telephone +9714-283-1774
Fax +9714-283-1775
Web site www.ASUSarabia.com
ii
Page 5
GigaX3112 Series Layer 3 Managed Switch
Table of contents
1 Introduction ......................................................................... 1
1.1 L2/L3 managed switching features ............................................. 1
1.2 Conventions used in this document ........................................... 3
1.2.1 Notations ....................................................................................... 3
1.2.2 Typography .................................................................................... 3
1.2.3 Symbols ......................................................................................... 3
2 Getting to know the GigaX3112(F) ..................................... 4
2.1 Package contents ....................................................................... 4
2.2 Front panel ................................................................................. 5
2.3 Rear panel .................................................................................. 6
2.4 Technical specifications .............................................................. 7
3 Quick Start Guide ................................................................ 8
3.1 Part 1 — Installing the hardware ................................................ 8
3.1.1 Installing the switch on a flat surface ............................................. 8
3.1.2 Mounting the switch on a rack ....................................................... 8
3.2 Part 2 — Setting up the switch ................................................... 8
3.2.1 Connect the console port ............................................................... 8
3.2.2 Connect to the computers or a LAN .............................................. 9
3.2.3 Attach the RPS module ................................................................ 9
3.2.4 Attach the power adapter ............................................................. 9
3.3 Part 3 — Basic switch setting for management .........................................10
3.3.1 Setting up through the console port ............................................. 10
3.3.2 Setting up through the web interface ........................................... 12
4 Management with the web interface ................................ 14
4.1 Log into web user interface ...................................................... 14
4.2 Functional layout ........................................................................ 15
4.2.1 Menu navigation tips .................................................................... 17
iii
Page 6
GigaX3112 Series Layer 3 Managed Switch
4.2.2 Commonly used buttons and icons ............................................. 17
4.3 System pages ........................................................................... 18
4.3.1 Management ................................................................................ 18
4.3.2 IP Setup ....................................................................................... 18
4.3.3 Reboot ........................................................................................ 19
4.3.4 Firmware upgrade ....................................................................... 19
4.4 Physical interface ..................................................................... 20
4.5 Bridge ......................................................................................... 21
4.5.1 Spanning tree ..............................................................................21
4.5.1.1 STP Status .......................................................................... 21
4.5.1.2 Current Roots ...................................................................... 22
4.5.1.3 Bridge Parameters .............................................................. 23
4.5.1.4 Port Parameters .................................................................. 23
4.5.2 Link aggregation static ................................................................. 24
4.5.3 LACP ...........................................................................................26
4.5.4 Mirroring ...................................................................................... 27
4.5.5 Static multicast ............................................................................ 28
4.5.6 IGMP snooping ............................................................................ 28
4.5.7 Traffic control ............................................................................... 30
4.5.8 Dynamic addresses ..................................................................... 30
4.5.9 Static addresses .......................................................................... 31
4.5.10 VLAN Configuration ..................................................................... 32
4.5.11 GVRP .......................................................................................... 33
4.5.12 QoS and CoS .............................................................................. 34
4.5.12.1 802.1p Priority ..................................................................... 34
4.5.12.2 CoS queue mapping ........................................................... 35
4.5.12.3 QoS Bandwidth ................................................................... 36
4.6 L3 Switch .................................................................................... 36
4.6.1 Interface ....................................................................................... 36
iv
Page 7
GigaX3112 Series Layer 3 Managed Switch
4.6.2 Static Route ................................................................................. 38
4.6.3 RIP ............................................................................................... 38
4.6.3.1 Basic ................................................................................... 38
4.6.3.2 Passive Interface ................................................................ 39
4.6.3.3 RIP Version ......................................................................... 39
4.6.4 OSPF ........................................................................................... 40
4.6.4.1 Basic ................................................................................... 40
4.6.4.2 Interface ............................................................................. 41
4.6.4.3 Area ................................................................................... 42
4.6.5 Multicast Route ............................................................................ 42
4.6.5.1 M-Route .............................................................................. 42
4.6.5.2 DVMRP ............................................................................... 43
4.6.6 VRRP ........................................................................................... 44
4.7 SNMP ....................................................................................... 46
4.7.1 Community table .......................................................................... 46
4.7.2 Host table .................................................................................... 46
4.7.3 Trap setting .................................................................................. 47
4.7.4 SNMPv3 VGU Table .................................................................... 47
4.7.4.1 VACM View ......................................................................... 47
4.7.4.2 VACM Group ....................................................................... 48
4.7.4.3 USM User ........................................................................... 49
4.8 Filter pages ............................................................................... 50
4.8.1 Filter set ....................................................................................... 50
4.8.2 Filter attach .................................................................................. 52
4.9 Security .................................................................................... 53
4.9.1 Port Access Control ..................................................................... 53
4.9.2 Dial-In User .................................................................................. 55
4.9.3 RADIUS ....................................................................................... 56
4.9.4 Port Security ................................................................................ 57
v
Page 8
GigaX3112 Series Layer 3 Managed Switch
4.9.4.1 Port Configuration ............................................................... 57
4.9.4.2 Port Status .......................................................................... 58
4.9.4.3 Secure MAC Address .......................................................... 59
4.10 Traffic chart ............................................................................... 60
4.10.1 Traffic comparison ....................................................................... 60
4.10.2 Error Group Chart ........................................................................ 60
4.10.3 Historical status ........................................................................... 61
4.11 Save configuration ................................................................... 62
5 Console interface .............................................................. 63
5.1 Power On Self Test .................................................................... 63
5.1.1 Boot ROM command mode ......................................................... 63
5.1.2 Boot ROM commands ................................................................. 64
5.2 Login and logout ....................................................................... 65
5.3 CLI commands ......................................................................... 66
5.3.1 User account .............................................................................. 66
5.3.1.1 Add user .............................................................................. 66
5.3.1.2 Delete user .......................................................................... 66
5.3.2 Backup and Restore ................................................................... 66
5.3.2.1 Backup start-up configuration file ........................................ 66
5.3.2.2 Restore start-up configuration file ....................................... 66
5.3.3 System Management Configuration ........................................... 67
5.3.3.1 Firmware upgrade ............................................................... 67
5.3.3.2 configure terminal ............................................................... 67
5.3.3.3 enable ................................................................................. 67
5.3.3.4 disable ................................................................................. 67
5.3.3.5 end ...................................................................................... 67
5.3.3.6 exit ...................................................................................... 67
5.3.3.7 help ..................................................................................... 68
5.3.3.8 Host name .......................................................................... 68
vi
Page 9
GigaX3112 Series Layer 3 Managed Switch
5.3.3.9 System Contact .................................................................. 68
5.3.3.10 System Location ................................................................. 68
5.3.3.11 IP Address and Network Mask ............................................ 69
5.3.3.12 Default Gateway ................................................................. 69
5.3.3.13 reboot .................................................................................. 69
5.3.3.14 reload default-config file ...................................................... 69
5.3.3.15 show running-config ............................................................ 69
5.3.3.16 write memory ...................................................................... 70
5.3.3.17 Assign a new user account ................................................. 70
5.3.3.18 Delete a new user account ................................................. 70
5.3.4 Physical interface commands ...................................................... 70
5.3.4.1 Interface mode .................................................................... 70
5.3.4.2 Interface duplex .................................................................. 70
5.3.4.3 Interface flow control ........................................................... 71
5.3.4.4 Show L2 interface .............................................................. 71
5.3.5 IP interface .................................................................................. 71
5.3.5.1 show vlan name string ........................................................ 71
5.3.5.2 Create a vlan entry .............................................................. 71
5.3.5.3 interface vlan VLAN-ID ....................................................... 72
5.3.5.4 ip address ........................................................................... 72
5.3.5.5 ip helper-address ................................................................ 72
5.3.5.6 ip ospf ................................................................................ 72
5.3.5.7 ip pim ................................................................................. 72
5.3.5.8 ip rip ................................................................................... 72
5.3.6 RIP .............................................................................................. 73
5.3.6.1 router rip .............................................................................. 73
5.3.6.2 no router rip ......................................................................... 73
5.3.6.3 version ................................................................................ 73
5.3.6.4 network ............................................................................... 73
vii
Page 10
GigaX3112 Series Layer 3 Managed Switch
5.3.7 OSPF .......................................................................................... 73
5.3.7.1 router ospf ........................................................................... 73
5.3.7.2 router-id ............................................................................... 74
5.3.7.3 area ..................................................................................... 74
5.3.8 Multicast Route ............................................................................ 74
5.3.9 VRRP ........................................................................................... 74
5.3.10 Spanning Tree ............................................................................ 74
5.3.10.1 clear spanning-tree counters .............................................. 74
5.3.10.2 clear spanning-tree counters interface IFNAME ................. 74
5.3.10.3 default spanning-tree .......................................................... 75
5.3.10.4 show spanning-tree active .................................................. 75
5.3.10.5 spanning-tree enable and disable ....................................... 75
5.3.11 Link Aggregation ......................................................................... 75
5.3.11.1 trunk aggregation group ...................................................... 75
5.3.11.2 trunk load balancing ............................................................ 75
5.3.11.3 show aggregation-link trunk ................................................ 75
5.3.12 LACP .......................................................................................... 76
5.3.12.1 clear lacp counters .............................................................. 76
5.3.12.2 lacp aggregation-link trunk .................................................. 76
5.3.12.3 disable lacp aggregation-link trunk ..................................... 76
5.3.12.4 lacp port-priority .................................................................. 76
5.3.12.5 lacp system-priority ............................................................. 76
5.3.13 Mirroring ..................................................................................... 77
5.3.13.1 mirror mode ......................................................................... 77
5.3.13.2 mirror setting ....................................................................... 77
5.3.13.3 show mirror ......................................................................... 77
5.3.13.4 no mirror .............................................................................. 77
5.3.14 Static Multicast ........................................................................... 77
5.3.14.1 mac-address-table multicast ............................................... 77
viii
Page 11
GigaX3112 Series Layer 3 Managed Switch
5.3.14.2 no mac-address-table multicast .......................................... 78
5.3.14.3 show mac-address-table multicast ...................................... 78
5.3.15 IGMP Snooping .......................................................................... 78
5.3.15.1 default ip igmp snooping ..................................................... 78
5.3.15.2 ip igmp snooping ................................................................. 78
5.3.15.3 interval time ......................................................................... 78
5.3.16 Traffic Control ............................................................................. 79
5.3.16.1 storm-control ....................................................................... 79
5.3.16.2 no storm-control .................................................................. 79
5.3.16.3 show storm-control .............................................................. 79
5.3.17 Dynamic Addresses .................................................................... 79
5.3.17.1 clear dynamic mac-address ................................................ 79
5.3.17.2 aging time ........................................................................... 79
5.3.17.3 no aging time ...................................................................... 80
5.3.17.4 show mac-address-table aging-time ................................... 80
5.3.18 Static Addresses ......................................................................... 80
5.3.18.1 add static mac-address ....................................................... 80
5.3.18.2 show mac-address-table ..................................................... 80
5.3.19 VLAN .......................................................................................... 80
5.3.19.1 show vlan name string ........................................................ 80
5.3.19.2 vlan vid ................................................................................ 81
5.3.19.3 name string ......................................................................... 81
5.3.19.4 access vlan ......................................................................... 81
5.3.19.5 allowed VLANs .................................................................... 81
5.3.20 GVRP ......................................................................................... 81
5.3.20.1 clear gvrp statistics ............................................................. 81
5.3.20.2 default gvrp configuration .................................................... 82
5.3.20.3 gvrp mode ........................................................................... 82
5.3.20.4 show gvrp configuration ...................................................... 82
ix
Page 12
GigaX3112 Series Layer 3 Managed Switch
5.3.20.5 show gvrp statistics ............................................................. 82
5.3.21 CoS/QoS .................................................................................... 82
5.3.21.1 queue cos-map ................................................................... 82
5.3.21.2 show queue cos-map .......................................................... 82
5.3.21.3 qos mode ............................................................................83
5.3.21.4 show qos mode ................................................................... 83
5.3.21.5 qos egress bandwidth ......................................................... 83
5.3.22 SNMP ......................................................................................... 83
5.3.22.1 show rmon statistics ............................................................ 83
5.3.22.2 show snmp-server community ............................................ 83
5.3.22.3 snmp-server host ................................................................ 83
5.3.23 Filter ............................................................................................ 84
5.3.23.1 deny any host ...................................................................... 84
5.3.23.2 filter set ............................................................................... 84
5.3.23.3 filter conditions .................................................................... 84
5.3.23.4 filter attach .......................................................................... 84
5.3.24 Port Access Control .................................................................... 84
5.3.24.1 default system authentication control .................................. 84
5.3.24.2 dot1x default ....................................................................... 85
5.3.24.3 dot1x guest-vlan .................................................................. 85
5.3.24.4 dot1x initialize interface ....................................................... 85
5.3.24.5 dot1x max-req ..................................................................... 85
5.3.24.6 dot1x port-control ................................................................ 86
5.3.25 Dial-in User ................................................................................. 86
5.3.25.1 dot1x username password .................................................. 86
5.3.25.2 show dot1x user .................................................................. 86
5.3.26 RADIUS ...................................................................................... 86
5.3.26.1 RADIUS settings ................................................................. 86
5.3.26.2 show dot1x radius ............................................................... 86
x
Page 13
GigaX3112 Series Layer 3 Managed Switch
5.3.27 Port Security ............................................................................... 87
5.3.27.1 show port security ............................................................... 87
5.3.27.2 clear port security ................................................................ 87
5.3.27.3 switchport port-security ....................................................... 87
5.3.27.4 switchport port-security aging ............................................. 88
5.4 Miscellaneous commands .......................................................... 88
6 IP addresses, network masks, and subnets ................... 89
6.1 IP addresses ............................................................................ 89
6.1.1 Structure of an IP address ........................................................... 89
6.2 Subnet masks ............................................................................ 90
7 Troubleshooting ................................................................ 92
7.1 Diagnosing problems using IP utilities ....................................... 92
7.1.1 ping .............................................................................................. 92
7.1.2 nslookup ......................................................................................93
7.2 Replacing defective fans ............................................................ 94
Fan specifications ................................................................................... 95
7.3 Simple fixes ................................................................................ 96
8 Glossary ............................................................................. 98
9 Index ................................................................................. 104
xi
Page 14
GigaX3112 Series Layer 3 Managed Switch
1 Introduction
Congratulations on becoming the owner of the ASUS GigaX3112(F) L3 managed
switch! You may now manage your LAN (local area network) through a friendly
and powerful user interface.
This user guide tells you how to set up the GigaX3112(F) L3 managed switch,
and how to customize its configuration to get the most out of this product.
1.1 L2/L3 managed switching features
• Total 12 10/100/1000BASE-T auto-sensing Gigabit Ethernet switching ports
• Two(Gx3112) or twelve(Gx3112F) small form factor (SFP) Gigabit interface
converter (GBIC) slots
• Automatic MDI/MDIX support for 10/100/1000BASE-T ports
• Compliant with 802.3z and 802.3ab specifications
• 802.1D transparent bridge
• STP/RSTP/MSTP
• 16K MAC address cache with hardware-assisted aging
• 802.3x flow control
• 802.1Q-based tagged VLAN, up to 4096 VLANs
• 802.1p class of service, 8 queues per port
• IGMP snooping
• 802.3ad link aggregation (trunking), up to 32 trunk groups
• LACP
• GVRP
• Access Control List
• Rate Limiting, Granularity to 1Mbps
• Port Mirroring
• 802.1x
• Port Security
• DHCP Snooping
• DHCP Relay
• L3-Interface
1
Page 15
GigaX3112 Series Layer 3 Managed Switch
• Inter VLAN Routing
• RIP v1 and v2
• OSPFv2
• Static route management
• VRRP
• DVMRP
• PIM-DM
• RMON: support 4 groups (1, 2, 3, 9)
• SNMP v1, v2, v3
• MIB-II
• Enterprise MIB for PSU, fan, and system temperature, voltage
• Telnet/SSH remote login
• TFTP for firmware update and configuration backup
• Cisco Like CLI
• Web GUI
• LEDs for port link status
• LEDs system, redundant power supply (RPS), and fan status
2
Page 16
GigaX3112 Series Layer 3 Managed Switch
Note
Definition
Warning
1.2 Conventions used in this document
1.2.1 Notations
• Acronyms are defined the first time they appear in text and in the glossary.
• For brevity, the GigaX3112(F) switch is referred to as “the switch.”
• The terms LAN and network are used interchangeably to refer to a group of
Ethernet-connected computers at one site.
• The illustrations and web interface screens refer to both the GigaX 3112 and
GigaX 3112F models, except otherwise indicated.
1.2.2 Typography
• Italics are used to present the parameters for the command line interpreter.
• Boldface type text is used for items you select from menus and drop-down
lists, and text strings you type when prompted by the program.
1.2.3 Symbols
This document uses the following icons to call your attention to specific
instructions or explanations.
Provides clarification or additional information on the current
topic.
Explains terms or acronyms that may be unfamiliar to many
readers. These terms are also included in the Glossary.
Provides messages of high importance, including messages
relating to personal safety or system integrity.
3
Page 17
GigaX3112 Series Layer 3 Managed Switch
S
T
A
T
U
S
S
P
E
E
D
D
U
P
L
E
X
S
Y
S
T
E
M
R
P
S
F
A
N
1
1
9
7
5
3
1
1
2
1
0
8
6
4
2
1
1
1
2
U
S
B
C
O
N
S
O
L
E
R
S
2
3
2
1
3
5
7
9
1
1
2
4
6
8
1
0
1
2
2 Getting to know the GigaX3112(F)
2.1 Package contents
The GigaX switch package comes with the following items:
• GigaX 3112 (or GigaX 3112F) L3 managed switch
• AC Power cord
• Null modem cable for console interface (DB9)
• Rack installation kit (two brackets with six #6-32 screws)
• USB cable for console interface
• Installation CD-ROM
• Quick installation guide
Figure 1. GigaX3112 L3 managed switch package contents
4
Page 18
GigaX3112 Series Layer 3 Managed Switch
2.2 Front panel
The front panel includes LED indicators and system console. LED indicators
show the system, RPS, fan, and port status.
Figure 2. Front panel (GigaX 3112)
Table 1. Front panel labels and LEDs
No. Label Color Status Description
1 SYSTEM Green ON
Flashing
Amber ON
OFF
2 RPS Green ON
Amber ON
OFF
3 FAN Green ON
Amber ON
4 10/100/
1000 port
status
5 10/100/
1000 port
speed
Green ON
Flashing
OFF
Amber ON
Flashing
Green ON
Amber ON
OFF ON
Unit is powered on
Self-test, INIT, or downloading
Abnormal temperature or voltage
No power
The PSU is working properly and the switch
has a good redundant power supply
The PSU is abnormal and the switch is
powered by RPS
No power at all (system LED is also off), RPS
does not work properly or not installed (system
LED is on)
Both fans are working properly
Both or either one of the fans stopped
Link (RJ-45 or SFP) is present; port is enabled
Data is being transmitted/received
No Ethernet link
Link is present, but port is disabled either
manually or by spanning tree
Port is in one of the STP blocking, listening
and learning state
1000Mbps
100Mbps
10Mbps
5
Page 19
GigaX3112 Series Layer 3 Managed Switch
No. Label Color Status Description
6 Duplex
status
7 Console
USB
8 Console
RS232
Green ON
Amber ON
Full duplex
Simplex
USB port for console
RS-232 serial port for console
2.3 Rear panel
The switch rear panel contains the swappable fans and power connections.
Figure 3. Rear panel
Table 2. Rear panel labels
No. Label Description
1 Power Connects to the supplied power cord
2 RPS Redundant Power Supply connector
3 FAN1 – FAN2 Replaceable system fans
6
Page 20
GigaX3112 Series Layer 3 Managed Switch
2.4 Technical specifications
Table 3. Technical specifications
Physical
Dimensions
Power
Redundant
Power Supply
(RPS)
Environmental
Ranges
Replaceable
Fans
43.5mm(H) X 444 mm(W) X 322mm(D)
Input Consumption
100-240V AC/2.5A
50-60Hz
Input Output
100-240V AC/1.8A
50-60Hz
Temperature 0 to 40°C (32 to
Humidity 15 to 90% 0 to 95%
Altitude up to 10,000 ft
Dimensions Voltage and
40 x 40 x 20 mm 12VDC, 0.13A 8200RPM
< 65 watts
12V DC/12.5A
Operating Storage
-25 - 70°C
122°F)
(3,000m)
Current
(-40 to 158°F)
40,000 ft
(12,000m)
Speed:
7
Page 21
GigaX3112 Series Layer 3 Managed Switch
3 Quick Start Guide
This section provides the basic instructions to set up the GigaX environment.
Refer also to the GigaX Series Installation Guide.
Part 1 shows you how to install the GigaX on a flat surface or on a rack.
Part 2 provides instructions to set up the hardware.
Part 3 shows you how to configure basic settings on the GigaX.
Obtain the following information from your network administrator before proceeding:
IP address for the switch
Default gateway for the network
Network mask for this network
3.1 Part 1 — Installing the hardware
3.1.1 Installing the switch on a flat surface
The switch should be installed on a level surface that can support the weight
of the switches and their accessories. Attach four rubber pads on the marked
location on the bottom of the switch.
3.1.2 Mounting the switch on a rack
Attach brackets to each side of the switch and make the posts insert to the switch.
Insert and tighten two screws to securely attach the bracket to the rack on each side.
3.2 Part 2 — Setting up the switch
Connect the device to the power outlet, and your computer or network. See Figure 5.
3.2.1 Connect the console port
For console management, use an RS-232 (DB9) or a USB cable to connect the
switch. If you want to use WEB interface, connect your PC to the switch using
the Ethernet cable.
8
Page 22
GigaX3112 Series Layer 3 Managed Switch
Note
S
T
A
T
U
S
S
P
E
E
D
D
U
P
L
E
X
SYST
EM
RP
S
FA
N
11
9
7
5
3
1
12
10
8
6
4
2
1
1
1
2
U
S
B
C
O
N
S
O
L
E
R
S
2
3
2
1
3
5
7
9
1
1
2
4
6
8
1
0 1
2
S
T
A
T
US
S
P
E
E
D
D
U
P
L
E
X
S
Y
S
T
E
M
R
P
S
F
A
N
1
1
9
7
5
3
1
1
2
1
0
8
6
4
2
1
1
1
2
U
S
B
C
O
N
S
O
L
E
R
S
-2
32
1
3
5
7
9
1
1
2
4
6
8
10
12
Console
(USB)
Reduntant Power
Supply (RPS)
Expansion Switch/Hub
Client
Client
GigaX 31
12
Cat 5 (or better)
Network Cables
AC Power
RS232
USB
Console
(RS232)
3.2.2 Connect to the computers or a LAN
You can use Ethernet cable to connect computers directly to the switch ports.
You can also connect hubs/switches to the switch ports by Ethernet cables.
You can use either the crossover or straight-through Ethernet cable to connect
computers, hubs, or switches.
Use a twisted-pair Category 5 Ethernet cable to connect the
1000BASE-T port. Otherwise, the link speed can not reach
1Gbps.
3.2.3 Attach the RPS module
Connect your RPS module to the RPS jack and make sure the other end of the
RPS is connected to the power cord. Connect to the power cord to a grounded
power outlet.
3.2.4 Attach the power adapter
Connect the AC power cord to the POWER receptacle on the back of the switch
and plug the other end of the power cord into a wall outlet or a power strip.
Check the front LED indicators with the description in Table 4. If the LEDs light
up as described, the switch hardware is working properly.
Figure 4.Overview of hardware connections
9
Page 23
GigaX3112 Series Layer 3 Managed Switch
Table 4. LED Indicators
No. LED Description
1 System Solid green indicates that the device is turned on. If this
light is off, check if the power adapter is attached to the
switch and plugged into a power source.
2 Switch ports
[1] to [12]
3 RPS Solid green indicates that the device has successfully
4 Fan Solid green indicates that all fans work properly
Solid green indicates that the device can communicate
with the LAN, or flashing when the device is sending or
receiving data from your LAN computer.
installed an RPS module.
3.3 Part 3 — Basic switch setting for management
After completing the hardware connections, configure the basic settings for your
switch. You can manage the switch using the following methods:
• Web interface: the switch has a set of pages to allow to you manage it using
Java®-enabled IE6.0 or higher version.
• Command Line Interface: use console port to manage the switch.
3.3.1 Setting up through the console port
Use the supplied crossover RS-232 cable to connect to the console port on the
front right corner of the switch. This port is a male DB-9 connector, implemented
as a data terminal equipment (DTE) connection. Tighten the retaining screws on
the cable to secure it on the connector. Connect the other end of the cable to a
PC running terminal emulation software. e.g Hyper Terminal.
Use the supplied USB cable to connect to a PC. You have to install the USB
driver from the switch CD-ROM before the USB can work properly. The USB
drivers will simulate an additional COM port under Windows Me/2K/XP OS.
Make sure the settings of your terminal emulation software as follows:
Choose the appropriate serial port number
Set the data baud rate to 9600
Set the data format to no parity, 8 data bits and 1 stop bit
No flow control
Set VT100 for emulation mode
After setting up the terminal, you can see the prompt “ASUS login:” on the terminal.
10
Page 24
GigaX3112 Series Layer 3 Managed Switch
Note
The default user name is “admin” without password.
You can change the password at any time through CLI (see
section 5.31). To protect your switch from unauthorized access,
you must change the default password as soon as possible.
Follow these steps to assign an IP address to the switch:
Type “enable”.
Type “configure terminal”, new prompt is “ASUS(config)#”.
Type “interface vlan 1”, the prompt is “ASUS (config-if)#”.
Type “ip address <your ip address> <your network mask>”. For example, if
your switch IP is 192.168.1.1 and the network mask is 255.255.255.0. Then
you should type “ip address 192.168.1.1/24”.
Type “end”, it will return to previous level with prompt “ASUS#”.
Type “write memory”, the changes will be applied and written to
configuration file.
Type “reboot”.
If the switch has to be managed across networks, then a default gateway or a
static route entry is required. Follow these steps to assign a default gateway or
static route entry to the switch:
Entering “ASUS#”.
Type “show running-configuration” to view current configuration. If
incorrect route entry has been set, you should type “no ip route
0.0.0.0/0 192.168.1.254” to remove it.
Type “configure terminal”, new prompt is “ASUS(config)#”.
Type “no ip route 0.0.0.0/0 192.168.1.254” to clear default route.
Type “ip route 0.0.0.0/0 192.168.1.2” to set your default route.
Type “end”
Type “write memory”.
Figure 5. Login and IP setup screen
11
Page 25
GigaX3112 Series Layer 3 Managed Switch
Note
3.3.2 Setting up through the web interface
To successfully connect your PC to the switch, your PC must have a valid IP
in your network. Contact your network administrator to obtain a valid IP for the
switch. If you wish to change the default IP address of the switch, follow section
3.3.1 to change the IP address.
If Ja va Runtime Environment is not i nst all ed on your PC, Your PC will
automatically downloads and installs it. It means that your PC should be able
to reach the web site. If the Internet is not available, you should prepare it on
diskette and install it.
From any PC connected to the network that the switch can access, open your
Web browser (Internet Explorer), and type the following URL in the address/
location box, and press <Enter>:
http://192.168.1.1
This is the factory default IP address of the switch.
A login screen appears, as shown in Figure 6.
Figure 6. Login screen
Enter your user name and password, and then click to enter the Configuration
Manager. Use the following defaults the first time you log into this interface:
Default User Name: admin
Default Password: <none>
You can change the password at any time (see section 6.3.1).
The browser will download java applet from the switch and it will
take a little time.
12
Page 26
GigaX3112 Series Layer 3 Managed Switch
Note
To setup a new IP address, click “System”, select IP Setup. Fill in the IP address,
network mask and default gateway, then click OK.
If your new address is different from the default, the browser wonʼt be able to
update the switch status window or retrieve any page. This is normal. You have
to retype the new IP address in the address/location box, and press <Enter>.
The WEB link returns.
A login window appears immediately after you click OK. See the figures on the
next page.
Note that the GigaX 3112 and GigaX 3112F models have the
same web interface, except for the front panel image on top of
the screen (see figures on the next page).
The following sections show only Gx3112F image as example to
configure both GigaX3112 and GigaX3112F model.
Figure 7. IP setup (GigaX 3112F)
13
Page 27
GigaX3112 Series Layer 3 Managed Switch
4 Management with the web interface
The switch provides Web pages that allow switch management through the
Internet. The program is designed to work best with Microsoft Internet Explorer®
6.0, or later versions.
4.1 Log into web user interface
From a PC, open your web browser, type the following in the web address (or
location) box, and press <Enter>:
http://192.168.1.1
This is the factory default IP address for the switch. A login screen displays,
as shown in Figure 8.
Figure 8. Configuration manager login screen
Enter your user name and password, then click OK.
Use the following defaults the first time you log into the program. You can
change the password at any time through CLI interface (see section 6.3.1).
Default User Name:
Default Password:
The home page appears each time you log into the program. See Figure 9.
14
admin
none
Page 28
GigaX3112 Series Layer 3 Managed Switch
Figure 9. Home page (GigaX 3112F)
4.2 Functional layout
Typical web page consists of three separate frames. The top frame has a switch
logo and front panel as shown in Figures 10 and 11. This frame remains on the
top of the browser window all the times and updates the LED status periodically.
See Table 4 for the LED definitions. See Table 5 for the color status description.
Figure 10. Top frame (GigaX 3112F)
Figure 11. Top frame (GigaX 3112)
Figure 12. Port Selection Panel (GigaX 3112F)
15
Page 29
GigaX3112 Series Layer 3 Managed Switch
Figure 13. Selection Panel (GigaX 3112)
Table 5. Port color description
Port Color Description
Green port Ethernet link is established
Black No Ethernet link
Amber port Link is present but port is disabled manually or by spanning tree
Clicking on the port icon of the switch displays the port configuration in the lower
right frame.
The left frame, a menu frame as shown in Figure 14, contains all the features
available for switch configuration. These features are grouped into categories,
e.g. System, Bridge, etc. You can click on any of these to display a specific
configuration page.
16
Figure 14. Expanded menu list
Page 30
GigaX3112 Series Layer 3 Managed Switch
The right frame displays configuration pages or graphics for the statistics. See
section 4.3 for details.
4.2.1 Menu navigation tips
• To expand a contracted group of related menus, click on the corresponding
group.
• To contract an expanded group of related menus: click on the corresponding
group name.
• To open a specific configuration page, click on the desired menu item.
4.2.2 Commonly used buttons and icons
The following table describes the function for each button and icon used in the
application.
Table 6. Commonly used buttons and icons
Button/Icon Function
Stores any changes you have made on the current page.
Re-displays the current page with updated statistics or settings.
Modifies the existing configuration in the system, e.g. a static
route or a filter ACL rule and etc.
Clears all input fields and waiting for new settings
Adds the existing configuration to the system, e.g. a static MAC
address or a firewall ACL rule and etc.
Modifies the selected entry
Deletes the selected item, e.g. a static route or a filter ACL rule
and etc.
Query a specific status.
Detaches the feature from all ports on selection panel
Attaches the feature to all ports on selection panel
17
Page 31
GigaX3112 Series Layer 3 Managed Switch
4.3 System pages
System pages include Management, IP Setup, Reboot, and Firmware Update
function.
4.3.1 Management
The
Management
Model Name:
MAC Address:
System Name:
System Contact
System Location
To save any changes and make it effective immediately, click
to refresh the setting, as shown in Figure 15.
page contains the following information:
product name
switch MAC address
user assigned name to identify the system (editable)
(editable)
(editable)
Figure 15. Management page
4.3.2 IP Setup
The IP Setup page contains the following information:
IP Address:
Network Mask:
Default Gateway:
To save any changes and make it effective immediately, click
to refresh the setting, as shown in Figure 16.
IP address for the switch
Network mask for this network
Default gateway for this network
OK
OK
. Use
. Use
Reload
Reload
18
Page 32
4.3.3 Reboot
Warning
Warning
GigaX3112 Series Layer 3 Managed Switch
Figure 16. IP Setup page
The Reboot page contains a
button. Clicking the button reboots the system.
Reboot
Rebooting the system stops the network traffic and terminates
the Web interface connection.
4.3.4 Firmware upgrade
The Firmware page contains the following information:
Hardware Version:
Boot ROM Version:
Firmware Version:
number will be updated after the firmware update.
Enter the TFTP server IP address and firmware file name. Click
update the switch firmware. See Figure 17 for reference. For example,
TFTP Server:
File Name:
Clicking the upload button loads the assigned firmware to the
switch, then reboot system after a successful firmware update.
You have to re-login to web interface again.
If the upgrade is performed under bootrom mode, Start-Up
configuration file will be lost.
We strongly recommend you to backup “startup-config” before
upgrading.
shows the hardware revision number.
shows the version of the boot code
shows the current running firmware version. This
Upgrade
192.168.1.155
3112Single-v10.img
to
19
Page 33
GigaX3112 Series Layer 3 Managed Switch
Figure 17. Firmware upgrade page
4.4 Physical interface
The
Physical Interface
configure the port in following fields in Interface Configuration Window:
select the port to configure
Port:
disable/enable the port
Status:
set the speed and duplex mode
Mode:
Flow Control:
DHCP-Snooping :
Snooping :
Select the corresponding port number and configure the port setting, then
click on the
display window. However, the new settings do not take effect until the “Save
Configuration” is executed.
Runtime Status Window:
Ethernet Link:
STP Status:
Duplex:
Speed:
Flow Control:
mechanism
assign the selected port to be untrusted or trusted port
Modify
the duplex mode
link speed
displays the Ethernet port status in real time. You can
enable/disable 802.3x flow control mechanism
enable/disable DHCP snooping function
button. The field you change will update the content of the
displays the following information for each port
the link is connected or not connected.
the STP status
the setting value to enable or disable 802.3x flow control
20
Page 34
GigaX3112 Series Layer 3 Managed Switch
Figure 18. Physical interface 1
Figure 18. Physical interface 2
4.5 Bridge
Th e Bri dge pag e gr oup contain s mos t lay er 2 configu rati ons, like link
aggregation, STP, etc.
4.5.1 Spanning tree
The page configures three types of Spanning Tree Protocol.
4.5.1.1 STP Status
The first page “STP Status” can disable or enable STP. There are three modes
STP, RSTP and MSTP can be enabled. If MSTP is enabled, the following four
attributes are enabled at the same time:
Region Name:
Revision:
Instance ID:
map multiple VLANs into a single STP instance.
VLAN Group:
given instance
An alphanumeric configuration name
A configuration revision number
A STP instance, you can configure MSTP on your switch to
A group associates each of the potential 4094 VLANs to the
21
Page 35
GigaX3112 Series Layer 3 Managed Switch
Figure 20. Spanning tree – STP Satus
4.5.1.2 Current Roots
It shows the information of current root bridge which include
MAC Address of root bridge
Priority of root bridge
Maximum age of root bridge
Hello timer of root bridge
Forwarding delay timer of root bridge
Path cost of root bridge
22
Figure 21. Spanning tree – Current Roots
Page 36
GigaX3112 Series Layer 3 Managed Switch
4.5.1.3 Bridge Parameters
The spanning-tree parameters of BPDU transmission can be configured on this
panel:
Hello Time:
Max Age:
Forward Delay:
Bridge Priority:
Transmission Limit:
(or M-record) with a cost of 0 and the transmission limit set to the maximum
value.
the interval between the generation of configuration BPDU
a timeout value to be used by all Bridges in the LAN
a timeout value to be used by all bridges in the LAN
the switch priority in the LAN
The root switch of the instance always sends a BPDU
Figure 22. Spanning tree – Bridge Parameters
4.5.1.4 Port Parameters
This page contains a display window to show the current configuration for each
port. You can select a port then edit it. Click
for spanning-tree. The following fields are available:
Instance ID(MSTP Only):
MSTP on your switch to map multiple VLANs into a single STP instance.
Priority:
high priority. The port with lower priority is more likely to be blocked by STP
if a network loop is detected. The valid value is from 0 to 255.
Path Cost:
to be blocked by STP if a network loop is detected.
Link Type:
of the interface: a full-duplex port is considered to have a point-to-point
connection; a half-duplex port is considered to have a shared connection.
sets the port priority in the switch. Low numeric value indicates a
the valid value is from 1 to 65535. The higher cost is more likely
By default, the link type is determined from the duplex mode
a spanning-tree instance, you can configure
to change the port setting
Modify
23
Page 37
GigaX3112 Series Layer 3 Managed Switch
Edge Port:
should enable it only on ports that connect to a single end station.
Click OK to effect the settings. Click
An edge port is the same as a Port Fast-enabled port, and you
to refresh the settings to current value.
Reload
Figure 23. Spanning tree – Port Parameters
4.5.2 Link aggregation static
The page configures the link aggregation static group (port trunking). The switch
provides maximum 32 link aggregation groups. This maximum can be achieved
on stacking configuration. For standalone GX3112 or GX3112F, the maximum
group is 6 since it supplies 12 ports only and up to 8 ports per group.
Port Selection Criterion:
ports of the link aggregation group according to source MAC address,
destination MAC address, source and destination MAC address, source IP
address, destination IP address, or source and destination IP address.
Trunk ID:
Port:
have to click on the icon to select the group members. The port can be
removed from the group by clicking the selected port again.
Click OK to make the setting send to the connected switch. Click
refresh the settings to current value. To make the configuration effective, go to
“Save Configuration” page, and click
You have to check the runtime link speed and duplex mode to make sure the
trunk is physically active. Go to Physical Interface and check the link mode in
the runtime status window for the trunk ports. If all the trunk members are in the
same speed and full duplex mode, then the trunk group is set up successfully.
If one of the members is not in the same speed or full duplex mode, the trunk
is not set correctly. Check the link partner and change the settings to have the
same speed and full duplex mode for all the members of your trunk group.
a number to identify the trunk group besides the group name
these port icons are listed the same way as on the front panel. You
the algorithm to distribute packets among the
to
Reload
.
Save
24
Page 38
GigaX3112 Series Layer 3 Managed Switch
Note
• All the ports in the link aggregation group MUST operate in fullduplex mode at the same speed.
• All the ports in the link aggregation group MUST be configured
in auto-negotiation mode or full duplex mode. This configuration
will make the full duplex link possible. If you set the ports in full
duplex force mode, then the link partner MUST have the same
setting. Otherwise the link aggregation could operate abnormally.
• All the ports in the link aggregation group MUST have the same
VLAN setting.
• All the ports in the link aggregation group are treated as a single
logical link. That is, if any member changes an attribute, the
others will change also. For example, a trunk group consists of
port 1 and 2. If the VLAN of port 1 changes, the VLAN of port 2
also changes with port 1
Figure 24. Link aggregation (GigaX 3112F)
25
Page 39
GigaX3112 Series Layer 3 Managed Switch
4.5.3 LACP
The page configures the LACP group (port trunking). The switch provides
maximum 32 link aggregation groups and up to 8 ports per group. This maximum
can be achieved on stacking configuration. For standalone GX3112 or GX3112F,
the maximum group is 6 since it supplies 12 ports only.The feature supplies five
statistics for verification.
Port Selection Criterion:
ports of the link aggregation group according to source MAC address,
destination MAC address, source and destination MAC address, source IP
address, destination IP address, or source and destination IP address.
Trunk ID:
Port:
have to click on the icon to select the group members. The port can be
removed from the group by clicking the selected port again.
a number to identify the trunk group besides the group name
these port icons are listed the same way as on the front panel. You
the algorithm to distribute packets among the
26
Figure 25. LACP (GigaX 3112F)
Page 40
GigaX3112 Series Layer 3 Managed Switch
Note
4.5.4 Mirroring
Mirroring, together with a network traffic analyzer, helps you monitor network
traffics. You can monitor the selected ports for egress or ingress packets.
Selects the mirrored port from selection panel. The selected port can
Mirror:
be mirrored for Ingress, Egress or Both of traffic.
Mirror Mode:
Stack ID:
Monitor Port:
ports.
Click OK to make the setting send to the switch (HTTP server). Click
refresh the settings to current value.
Enables or disables the mirror function for the selected group.
For standalone switch, only ID 1 is available.
Receives the copies of all the traffics in the selected mirrored
The monitor port can not belong to any link aggregation group.
The monitor port can not operate as a normal switch port. It does
not switch packets or do address learning.
to
Reload
Figure 26. Mirroring page (GigaX 3112F)
27
Page 41
GigaX3112 Series Layer 3 Managed Switch
4.5.5 Static multicast
This page can add multicast addresses into the multicast table. The switch
can hold up to 256 multicast entries. All the ports in the group will forward the
specified multicast packets to other ports in the group.
selects the port from selection panel. Or select an existing group
Port:
address from list panel to display
selects the VLAN group, it is VLAN-based feature
VLAN:
MAC Address:
assigns the priority for Class of Service
CoS:
Click OK to make the setting send to the switch (HTTP server). Click
refresh the settings to current value.
assigns the multicast address
Reload
to
Figure 27. Static multicast (GigaX 3112F)
4.5.6 IGMP snooping
IGMP snooping helps reduce the multicast traffics on the network by allowing
the IGMP snooping function to be turned on or off.
The first part provides the following settings,
Enable IGMP Snooping:
VLAN interfaces. By default, IGMP snooping is globally enabled on the
switch. When globally enabled or disabled, it is also enabled or disabled in
all existing VLAN interfaces.
If global snooping is disabled, you cannot enable VLAN snooping. If global
snooping is enabled, you can enable or disable VLAN snooping.
28
Globally enable IGMP snooping in all existing
Page 42
GigaX3112 Series Layer 3 Managed Switch
Last Member Query Interval:
Without Immediate Leave, when the switch
receives an IGMP leave message from a subscriber on a receiver port, it
sends out an IGMP query on that port and waits for IGMP group membership
reports. If no reports are received in a configured time period, the receiver
port is removed from multicast group membership.
The second part provides the following settings,
If global snooping is enabled, you can enable or disable VLAN
Status:
snooping.
Immediate leave:
When you enable IGMP Immediate-Leave processing, the
switch immediately removes a port when it detects an IGMP version 2 leave
message on that port. You should use the Immediate-Leave feature only
when there is a single host present on every port in the VLAN. Immediate
Leave is supported with only IGMP version 2 hosts.
(However, if the static entries occupy all 256 spaces, the IGMP snoop does
not work normally. The switch only allows 256-layer 2 multicast groups.)
Figure 28. IGMP snooping
29
Page 43
GigaX3112 Series Layer 3 Managed Switch
4.5.7 Traffic control
Traffic control prevents the switch bandwidth from flooding packets including
broadcast packets, multicast packets and the unicast packets because of
destination address lookup failure. The limit number is a threshold to limit
the total number of the checked type packets. For example, if broadcast and
multicast are enabled, the total traffic amount for those two types will not exceed
the limit value.
Selects an interface and assigns desirable settings, then click
Click OK to make the setting send to the switch (HTTP server). Click
refresh the settings to current value.
Modify
.
Reload
to
Figure 29. Traffic control
4.5.8 Dynamic addresses
This page displays the result of dynamic MAC address lookup by port, VLAN ID,
or specified MAC address. The dynamic address is the MAC address learned by
switch, it will age out from the address table if the address is not learned again
during the age time. User can set the age time by entering a valid number from
10 to 1,000,000 in seconds. Then click on OK to save the new age value.
To make the configuration effective, please go to “Save Configuration” page,
then click on
You can look up MAC addresses by checking the port, VLAN ID, or/and MAC
address, then click on the
the query.
30
Reload
.
. The address window will display the result of
Query
Page 44
GigaX3112 Series Layer 3 Managed Switch
Figure 30. Dynamic address
4.5.9 Static addresses
You can add a MAC address into the switch address table. The MAC address
added by this way will not age out from the address table. We call it static
address.
MAC Address:
VLAN ID:
Stack ID:
Port Selection:
Click on the
information. Then you will see the new added entry shows in the address
window. You can remove the existed address by selecting the entry with the
mouse, then clicking on
address entries. Click OK to save effective. Click
to current value. To make the configuration effective, go to “save configuration”
page, then click
enter the MAC address
enter the VLAN ID that the MAC belongs
For standalone switch, only ID 1 is available.
select the port, which the MAC belongs
when you create a new static MAC address by the above
Add
Save
Remove
.
. The
button updates the existed MAC
Modify
to refresh the settings
Reload
Figure 31. Static address
31
Page 45
GigaX3112 Series Layer 3 Managed Switch
4.5.10 VLAN Configuration
You can set up to 4094 VLAN groups and show VLAN group in this page.
VLAN1 is a default VLAN, which is created by system. It cannot be removed
at all. This feature prevents the switch from malfunctions. You can remove any
existed VLAN except the VLAN1.
You can assign the port to be a tagged port or an untagged port by toggling the
port button. There are three types of button in port selection panel:
“U” type:
packets.
“T” type:
“blank” type:
If one untagged port belongs to two or more VLAN groups at the same time, it
will confuse the switch and cause flooding traffics. To prevent it, the switch only
allows one untagged port belongs to one VLAN at the same time.
If you want to assign an untagged port from one VLAN to another, you have to
remove it from the original VLAN, or change it to be tagged in the original VLAN
first.
VLAN ID:
created
Name:
DHCP-Snooping :
Click OK to save the configuration. To make the configuration effective, go to the
“Save Configuration” page, then click
untagged port that will remove VLAN tags from the transmitted
All packets transmitted from this port will be tagged.
This port is not a member of the VLAN group.
this field requires user to enter the VLAN ID when a new VLAN is
this field requires user to assign a name for the VLAN
this field requires user to assign a name for the VLAN
.
Save
32
Figure 32. Tagged VLAN (GigaX 3112F)
Page 46
GigaX3112 Series Layer 3 Managed Switch
4.5.11 GVRP
Generic Attribute Registration Protocol (GARP) VLAN Registration Protocol
(GVRP) is an application defined in the IEEE 802.1Q standard that allows for the
control of VLANs.
GVRP will run only on 802.1Q trunk ports and is used primarily to prune traffic
from VLANs that does not need to be passed between trunking switches. There
are some parameters to configure GVRP:
GVRP Enable:
enable GVRP on the switch before you can configure the 802.1Q ports for
GVRP operation.
Port Mode:
GVRP must be configured on both sides of the trunk to work correctly.
Registration:
ports use GVRP join messages from neighboring switches to prune the
VLANs running across the 802.1Q trunk link. If the device on the other side
is not capable of sending GVRP messages, or if you do not want to allow the
switch to prune any of the VLANs, use the fixed mode. Fixed mode ports will
forward for all VLANs that exist in the switch database. Ports in forbidden
mode forward only for VLAN 1.
By default GVRP is not enabled for the switch. You must first
enables/disables GVRP on the individual 802.1Q trunk port.
By default GVRP ports are in normal registration mode. These
Figure 33. GVRP
Edit the following attributes as needed:
Joint Timer:
Leave Timer:
LeaveAll Timer:
Set value in centiseconds.
Set value in centiseconds.
Set value in centiseconds.
33
Page 47
GigaX3112 Series Layer 3 Managed Switch
Figure 34. GARP
4.5.12 QoS and CoS
4.5.12.1 802.1p Priority
Eight egress queues on all switch ports. These queues can either be configured
with the Weighted Round Robin (WRR) scheduling algorithm or configured with
one queue as a strict priority queue and the other queues for WRR. The strict
priority queue must be empty before the other queues are serviced. You can use
the strict priority queue for mission-critical and time-sensitive traffic. There are
three options:
First Come First Service:
High First:
Weighted Round Robin (WRR):
the ratio of the weights is the ratio of frequency in which the WRR scheduler
de-queues packets from each queue.
Click OK to save the configuration. To make the configuration effective, go to the
“Save Configuration” page, then click
Packetʼs priority depends on its CoS value
the first come frame has the highest priority
If WRR scheduling algorithm is enabled,
.
Save
34
Page 48
GigaX3112 Series Layer 3 Managed Switch
Figure 35. 802.1p Priority
4.5.12.2 CoS queue mapping
The switch supports eight egress queues for each port with a strict priority
scheduler. That is, each CoS value can map into one of the eight queues. The
queue eight has the highest priority to transmit the packets. Click OK to save the
configuration. To make the configuration effective, go to the “Save Configuration”
page, then click
priority.
.The CoS values range from 0 for low priority to 7 for high
Save
Figure 36. CoS Queue Mapping
35
Page 49
GigaX3112 Series Layer 3 Managed Switch
4.5.12.3 QoS Bandwidth
Some VLAN tag related field settings for each port are included in this page. It
includes:
Select a port from list window to configure
Port:
Ingress Bandwidth:
Egress Bandwidth:
Default CoS:
to this CoS value in the VLAN tagged
Click on
to save the configuration. To make the configuration effective, go to “Save
Configuration” page, and click
Modify
Maximum ingress bandwidth for selected port
Maximum egress bandwidth for selected port
every untagged packet received from this port will be assigned
to change the content in the port list window. Click on
.
Save
OK
Figure 37. QoS Bandwidth
4.6 L3 Switch
This function offers L3 interface and route entry configuration.
4.6.1 Interface
This function allows users to know the L3 interface status in real time. On the
other hand, users can configure the interface in following field:
Interface:
IP:
36
Select the interface to be configured (vlan1 is used by system).
Interface IP address
Page 50
GigaX3112 Series Layer 3 Managed Switch
Note
Interface Subnet mask
Mask:
Mac address of this interface
MAC:
up/down status of this interface
Status:
DHCP IP Helper Addr:
The DHCP Helper Address is the IP address of your
DHCP server.
Select the corresponding interface and configure the interface parameters then
click on the button. The field you changed will update the content in the display
window. To save any changes and make it effective immediately, click . Use to
refresh the setting.
There is one other catch with DHCP and VLANs. Because each
VLAN is a separate IP subnet, you must configure your DHCP
server to deliver IP addresses appropriate to each subnet.
With Windows 2000ʼs DHCP server, you do this by setting up
a separate DHCP realm for each VLAN. Not all DHCP servers
have this capability. If your existing DHCP server works only with
flat LANs, youʼll likely have to upgrade to a more sophisticated
package.
Figure 38. L3 Interface Configuration
Special Note:
It is strong recommended that each interface should have its
own VLAN. That means one VLAN should not be assigned for two interfaces.
Otherwise it will make some confusion while RIP enable. It is also recommended
that only one physical port should be assigned to the VLAN that used for L3
interface. Assign multiple ports to one L3 interface, the L3 traffic will always go
through the port with lowest ID. The traffic load sharing is not supported in this
release.
37
Page 51
GigaX3112 Series Layer 3 Managed Switch
4.6.2 Static Route
This function is used to add a routing entry into the switch routing table. The
routing entry added by this way will never be deleted by system. We call it static
route. Following parameters must be input
Destination:
Netmask:
Gateway IP:
Metric:
Click on
entry shows in the list window. You can remove the selected route by clicking
Remove
immediately.
Add
. The route added and removed will be stored in configuration file
Input destination ip address.
Input subnet mask of the destination.
Input gateway ip address.
Input metric (1-15).
when you add a new static route and you will see the new added
Figure 39. Configure Static Route
4.6.3 RIP
This function is used to switch on/off RIP routing protocol. Clicking will enable
configuration of Passive-Interfaces and RIP version (1/2/both). When RIP is
turned on, the switch will exchange routing information with neighbor switches
which also running RIP.
4.6.3.1 Basic
The RIP function can be enable/disable for all L3 interface. All active L3 interface
will be shown on the screen and you can enable/disable RIP function for each
interface.
38
Page 52
GigaX3112 Series Layer 3 Managed Switch
Used to enable/disable RIP function for a specific L3 interface
RIP is:
Figure 40. RIP Configuration
4.6.3.2 Passive Interface
If an interface neednʼt receive and forward routing updates, you should disable
the sending of routing updates on it. The particular subnet will continue advertise
other interfaces of routing updates. And routing updates from other routers on
that interface continue to be received and processed.
Passive Interface: Used to enable/disable passive interface function for a
specific L3 interface
Figure 41. RIP Passive Interface
4.6.3.3 RIP Version
ASUS L3 switch can support RIPv1, RIPv2 or Both.
Incoming Packet: Used to specify RIP version for the interpretation of incoming
RIP packet
Outgoing Packet:
neighbor router
Used to specify RIP version to send RIP packet to
39
Page 53
GigaX3112 Series Layer 3 Managed Switch
Figure 42. RIP Version
4.6.4 OSPF
This function is used to configure OSPF routing protocol. Clicking will enable
configuration of Interfaces and Virtual Link.
4.6.4.1 Basic
You can use OSPF basic command to add L3 interface to specific OSPF area.
IP Address :
to configure it as OSPF interface
Area :
All active L3 interfaces are displayed, you can select any one
Specify area ID for a specific L3 interface
40
Figure 43 OSPF Configuration
Page 54
GigaX3112 Series Layer 3 Managed Switch
4.6.4.2 Interface
This function is used to specify some protocol parameters for a specific OSPF
interface
Network Type:
Specify the cost for sending packet of this interface
Cost:
Priority:
Transmit Delay :
sending a link update packet
Hello Interval:
seconds is set as default value
Dead Interval:
received before declare its neighbor OSPF router is down, 40 seconds is set
as default value
Retran smit Interva l:
advertisement transmission
Support broadcast only
Set priority to help determine the OSPF DR and BDR for a network
Set the estimated number of seconds to wait before
Set the number of seconds between two hello packet, 10
Set the number of seconds after the last hello packet was
Specify number of seconds bet ween link state
Figure 44. OSPF Advanced Configuration 1
41
Page 55
GigaX3112 Series Layer 3 Managed Switch
4.6.4.3 Area
This function is used to configure OSPF areas
Select a Area:
Default Cost:
Used to specify characteristics of this area(normal, stub no summary
Stub:
and stub summary)
Range:
Virtual Link:
router-id of virtual link you want to establish is input on this field
Input area ID to be configured
Default cost for a stub area sending packet to outside world
Used to specify a set of network which belong to this OSPF area
Used to specify a virtual link configuration, the other end
Figure 45 OSPF Advanced Configuration 2
4.6.5 Multicast Route
This function is used to configure Multicast Route feature. It offers two different
methods including DVMRP and PIM-DM to establish multicast route. And, IGMP
will be automatically enabled/disabled with Multicast Route Protocol. It allows
hosts to communicate with their interest and desire data destined to a specific
multicast group. Multicast route protocol uses this information to build and
maintain multicast distributed tree.
4.6.5.1 M-Route
This command is used to configure IP multicast route mode and IGMP parameters.
Configure a multicast route protocol to run or disable.
Set the number of seconds between two query
Set response time when host reports its
42
IP Multicast Route Mode:
IGMP Version:
IGMP Query Interval:
packets. Default value is 125 sec.
IGMP Query-Max-Response:
multicast group. Default value is 10 sec.
Select which version IGMP run. Default value is V2.
Page 56
GigaX3112 Series Layer 3 Managed Switch
Note
When setting IGMP, select the corresponding interface to configure parameters
then click on the
button. The field you changed will update the content
Modify
in the display window. To save any changes and make it effective immediately,
click OK. Use
to refresh the setting.
Reload
Figure 46. M-Route Configuration
4.6.5.2 DVMRP
This function is used to configure DVMRP.
Network DVMRP is: Enable or disable DVMRP for specific network.
Select the corresponding “Network Address” to configure parameters then click
on the
display window. To save any changes and make it effective immediately, click
. Use
OK
button. The field you changed will update the content in the
Modify
to refresh the setting.
Reload
Before enabling, “IP Multicast Route Mode” in M-Route page
must choice “DVMRP”.
Figure 47. DVMRP Configuration
43
Page 57
GigaX3112 Series Layer 3 Managed Switch
Note
4.6.5.3 PIM-DM
This function is used to configure PIM-DM.
Enable or disable PIM-DM for specific interface.
Status:
Select the corresponding interface to configure parameters then click on the
button. The field you changed will update the content in the display
Modify
window. To save any changes and make it effective immediately, click OK. Use
to refresh the setting.
Reload
The system only support PIM-DM version 2.
Before enabling, “IP Multicast Route Mode” in M-Route page
must choice “PIM-DM”.
Figure 48. PIM-DM Configuration
4.6.6 VRRP
The Virtual Router Redundancy Protocol (VRRP) is designed to eliminate the
single point of failure inherent in the static default routed environment. VRRP
specifies an election protocol that dynamically assigns responsibility for a virtual
router to one of the VRRP routers on a LAN. The VRRP router controlling the IP
address(es) associated with a virtual router is called the Master, and forwards
packets sent to these IP addresses. The election process provides dynamic failover in the forwarding responsibility should the Master become unavailable. Any
of the virtual routerʼs IP addresses on a LAN can then be used as the default
first hop router by end-hosts. The advantage gained from using VRRP is a
higher availability default path without requiring configuration of dynamic routing
or router discovery protocols on every end-host.
Virtual ID:
used as the default gateway for one or several vlan
44
Virtual router ID, range 1 to 255. One virtual router ID can be
Page 58
GigaX3112 Series Layer 3 Managed Switch
Virtual IP:
Virtual IP address. It can be any one IP address which belongs to
the vlan to be managed. In general case, it can be the same as interface IP
address and you expect to act as master router.
Priority:
Virtual router priority. Range 1 to 254, default 100. Higher value
means higher priority. Priority value to be used by this VRRP router in
Master election for this virtual router. The value of 255 (decimal) is reserved
for the router that owns the IP addresses associated with the virtual router.
The value of 0 (zero) is reserved for Master router to indicate it is releasing
responsibility for the virtual router. The range 1-254 (decimal) is available
for VRRP routers backing up the virtual router.
Advertiseme nt Interva l
: Time interval between ADVERTISEME NTS
(seconds). Default is 1 second.
Preempt Mode:
Controls whether a higher priority Backup router preempts
a lower priority Master. Values are True to allow preemption and False to not
prohibit preemption. Default is True.
Figure 49. VRRP Configuration
45
Page 59
GigaX3112 Series Layer 3 Managed Switch
4.7 SNMP
This group offers the SNMP configuration including Community Table, Host
Table, and Trap Setting
4.7.1 Community table
You can type different community names and specify whether the community
has the privilege to do set action (write access) by checking the box. Click OK to
save the configuration permanently or
Figure 50. Community table
to refresh the page.
Reload
4.7.2 Host table
This page links host IP address to the community name that is entered in
Community Table page. Type an IP address and select the community name
from the drop-down list. Click OK to save the configuration permanently or
to refresh the page.
Reload
Figure 51. Host table
46
Page 60
GigaX3112 Series Layer 3 Managed Switch
4.7.3 Trap setting
By setting trap destination IP addresses and community names, you can enable
SNMP trap function to send trap packets in different versions (v1 or v2c). Click
to save the configuration permanently or
OK
to refresh the page.
Reload
Figure 52. Trap setting
4.7.4 SNMPv3 VGU Table
Thereʼre two articles presenting the new security features defined by SNMPv3.
The User-based Se cur ity Model (US M), which pro vid es authenti cat ion ,
encryption, and decryption of SNMPv3 packets. The View-based Access Control
Model (VACM), which provides access control. The followings are three related
pages. Click OK to save the configuration permanently or
page.
Reload
to refresh the
4.7.4.1 VACM View
VACM View is used to view the information of SNMPV3 VACM Group.
View Name:
View Type:
when View Subtree matches the Oid in the SNMPv3 message.
View Subtree:
the Oid to match the Oid in the SNMPv3 message. The match is good when
the subtree is shorter than the Oid in the SNMPv3 message.
Cl ick on
information. Then you will see the new added entry shows in the view window.
You can remove the existed views by selecting the entry with the mouse, then
clicking on Remove. The button updates the existed VACM View entries. Click
to save effective. Click
OK
make the configuration effective, please go to “Save Configuration” page, then
click on
Save
enter the security group name.
enter the View Type that the View belongs. Included or Excluded
enter the View Subtree that the View belongs. The Subtree is
w hen you cre ate a ne w VACM Vie w en try by t he a bove
Ad d
to refresh the settings to current value. To
Reload
.
47
Page 61
GigaX3112 Series Layer 3 Managed Switch
Figure 53. SNMPv3 VGU Table 1
4.7.4.2 VACM Group
VACM Group is used to configure the information of SNMPV3 VACM Group.
Group Name:
Read View Name:
related SNMP messages are Get,GetNext,GetBulk.
Write View Name:
related SNMP message is Set.
Notify View Name:
related SNMP messages are Trap,Report..
Security Model:
Any is suitable for v1,v2,v3. USM is SNMPv3 related.
Security level:
NoAuth, AuthNopriv, AuthPriv can be chosen..
Click on the
information. Then you will see the new added entry shows in the group window.
You can remove the existed group by selecting the entry with the mouse, then
clicking on
entries. Click OK to save effective. Click
value. To make the configuration effective, please go to “Save Configuration”
page, then click on
enter the security group name.
enter the Read View Name that the Group belongs. The
enter the Write View Name that the Group belongs. The
enter the Notify View Name that the Group belongs. The
enter the Security Model Name that the Group belongs.
enter the Security level Name that the Group belongs. Only
when you create a new VACM group entry by the above
Add
Remove
Save
. The
.
button updates the existed VACM Group
Modify
to refresh the settings to current
Reload
48
Page 62
GigaX3112 Series Layer 3 Managed Switch
Figure 54. SNMPv3 VGU Table 2
4.7.4.3 USM User
USM User is used to configure the information of SNMPV3 USM User.
User Name:
Group Name:
Auth Protocol:
belong. Only NoAuth ,MD5, SHA1 can be chosen. If the NoAuth is chosen,
there is no need to enter password.
Auth Password:
password needs at least 8 characters or digits.
Priv Protocol:
belong. Only NoPriv ,DES can be chosen. If the NoPriv is chosen, there is
no need to enter password.
Priv Password:
password needs at least 8 characters or digits.
Security level:
NoAuth, AuthNopriv, AuthPriv can be chosen.
Click on the
information. Then you will see the new added entry shows in the User window.
You can remove the existed User by selecting the entry with the mouse, then
clicking on
Click to save effective. Click
make the configuration effective, please go to “Save Configuration” page, then
click on
Save
User name of a specific security group
enter the security group name
enter the Auth Protocol that SNMP User and Security Group
enter the password that the Auth Protocol belongs. The
enter the Priv Protocol that SNMP User and Security Group
enter the password that the Priv Protocol belongs. The
enter the Security level Name that the Group belongs. Only
when you create a new USM User entry by the above
Add
Remove
.
. The
button updates the existed USM User entries.
Modify
to refresh the settings to current value. To
Reload
49
Page 63
GigaX3112 Series Layer 3 Managed Switch
Figure 55. SNMPv3 VGU Table 3
4.8 Filter pages
The switch can filter certain traffic types according to packet header information
from Layer 2 to Layer 4. Each filter set includes a couple of rules. You have to
attach the filter set to certain ports to make the filter work.
4.8.1 Filter set
The switch defines two modes of rules, one is MAC mode and the other is IP
mode. Only the same mode of rules can bundle together to form a filter set.
Each mode has different fields to configure. For example, you can use IP mode
rule to filter FTP packets.
You can check the MAC Filter and give a Name then add it. You also can check
the IP Filter and give an ID/Name then clicking on
configuration permanently or
editing.
Click on a filter set to select the set you want to edit or remove. Second, click
on
have to follow the rules to make a valid filter set.
One set consists of a type of rules. The rules having the same fields to filter
packets belong to one type. For example, two rules filter packets with two
destination IP addresses, then they are the same type. But a rule filtering source
IP address does not belong to the same type.
Four types of rules can apply to ports at the same time. If there are more than
four types, the system automatically disables the rules.
50
to enter the rule page, or click on
Edit
Reload
to refresh the page. Please click OK before
Remove
. Click OK to save the
Add
to remove the filter set. You
Page 64
GigaX3112 Series Layer 3 Managed Switch
Figure 56. Filter Set
The
Filter Rule
page provides options for rule modes, one is MAC rule and the
other is IP rule. If you did not enter the MAC address in the blank box, it means
the rule donʼt care the MAC value. In IP rule setup, you can enter any of the 5
types: source IP, destination IP, protocol, source application port and destination
application port. The Action field determines if the packet should be dropped or
forwarding when it matches the rule. If a packet matches two rules with different
action, the packet will follow the rule showed first in the rule list.
Figure 57. Filter rule in MAC mode
51
Page 65
GigaX3112 Series Layer 3 Managed Switch
Note
Note
Figure 58. Filter rule in IP mode
Two examples tell us about the how of IP provisioning:
1. Assign a dedicated IP
Type = subnet IP = 10.10.1.2 Wildcard = 0.0.0.0
2. Assign a subnet (a group of IP)
Type = subnet IP = 10.10.1.0 Wildcard = 0.0.0.255
4.8.2 Filter attach
A filter set is idle if you did not attach it to any ingress port. Use the Filter Attach
page to attach a filter set to ingress ports.
Click OK to save the configuration. To make the configuration effective, go to
the “Save Configuration” page, then click
page.
To attach a filter set to ports:
Attach to all ports: the filter set applies to all the ports of the system.
Attach to certain ports: you can specify the ingress ports to be applied.
Detach from all ports: remove all the filters from the attached ports.
You may not detach certain ports after issuing an “Attach All”
command. If you wish to detach ports, use the “Detach All”
command.
52
Save
, or click on
Reload
to refresh the
Page 66
GigaX3112 Series Layer 3 Managed Switch
Once the filter set is attached to the ingress ports, it will filter the packets
according to the ingress port and the packet fields in the rules. For example, a
set with a single rule to filter out destination MAC address 00:10:20:30:40:50
is attached to ingress port 3. A packet with destination MAC 00:10:20:30:40:50
from port 3 is not permitted.
Figure 59. Filter attach (GigaX 3112F)
4.9 Security
The switch supports the 802.1x port-based security feature. Only authorized
hosts are allowed to access the switch port. Traffic will be blocked from
unauthenticated host. Authentication can be provided via a RADIUS server or
the local database in the switch.
The switc h also suppor t s dyna m ic VALN ass i gnment throug h 802.1 x
authentication process. The VLAN information for the users/ports should be
configured in the authentication server properly before enabling this feature.
4.9.1 Port Access Control
Port Access Control is used to configure various 802.1x parameters. 802.1x
uses either RADIUS server or local database to authenticate port users.
The first part is the Bridge (Global) settings:
Sys-Auth-Control:
Authentication Method:
authenticate the port user.
The second part is the port settings. Please click when youʼre done with the
modifications:
Specify which port to configure from port list window.
Port:
Multi-host:
to use the port if ONE of the hosts passed the authentication. If disabled,
only ONE host is allowed to use the port.
checks it to enable the authentication
RADIUS or Local database can be used to
If enabled, ALL hosts connected to the selected port are allowed
53
Page 67
GigaX3112 Series Layer 3 Managed Switch
Authentication Control:
If “ForceAuthorized” is selected, the selected
port is forced authorized. Thus, traffic from all hosts is allowed to pass.
Otherwise, if “ForceUnauthorized” is selected, the selected port is blocked
and no traffic can go through. If “Auto” is selected, the behavior of the
selected port is controlled by 802.1x protocol. All ports should be set to “Auto”
under normal conditions.
Reauthentication:
Once enabled, the switch will try to authenticate the port
user again when the re-authentication time is up.
ReAuthentication Time:
If “Reauthentication” is enabled, this is the time
period the switch uses to re-send authentication request to the port user (see
above).
Quiet Period:
If authentication failed, the switch waits upon this time period
before sending another authentication request to the port user.
Retransmission Time:
If the port user failed to respond to authentication
request from the switch, the switch waits upon this time period before
sending another authentication request to the port user.
Max Reauthent Attempt:
Retry count if the port user failed to respond to
authentication requests from the switch.
Guest Vlan:
Click OK to make the settings permanent. Click
Specify a guest VLAN to clients that are not 802.1x-capable.
Reload
to refresh the settings to
current value.
54
Page 68
GigaX3112 Series Layer 3 Managed Switch
Figure 60. Port Access Control
4.9.2 Dial-In User
Dial-in User is used to define users in the local database of the switch.
User Name:
Password:
Confirm Password:
V
lan ID:
Please click
modifications. Click
OK to make the settings permanent. Click
current value.
New user name.
Password for the new user.
Enter the password again.
Specify the VLAN ID assigned to the 802.1x-authenticated clients.
to add the new user. Click
Add
Remove
when you want to remove the selected user. Click
when youʼre done with the
Modify
to refresh the settings to
Reload
55
Page 69
GigaX3112 Series Layer 3 Managed Switch
Note
Figure 61. Dial-In user
4.9.3 RADIUS
In order to use external RADIUS server, the following parameters are required to
be setup:
Authentication Server IP: The IP address of the RADIUS server.
Authentication Server Port: The port number for the RADIUS server is
listening to.
Authentication Server Key: The key is used for communications between
GigaX and the RADIUS server.
Confirm Authentication Key: Re-type the key entered above.
The VLAN of the RADIUS server connected to the switch must
be the same as the VLAN of the system management interface.
Click OK to make the settings permanent. Click
current value.
56
Reload
to refresh the settings to
Page 70
GigaX3112 Series Layer 3 Managed Switch
Figure 62. RADIUS
4.9.4 Port Security
Th e swit ch als o sup p orts por t secu rity feat ure. It enab l es a sys t emʼs
administrator to control who can connect to their network. You can use the
port security feature to restrict input to an interface by limiting and identifying
MAC addressed of the stations allowed to access the port. When you assign
secure MAC addresses to a secure port, the port does not forward with source
addresses outside the group of defined addresses. This decreases the possibility
that a non-authorized device can use our network for malicious purposes.
4.9.4.1 Port Configuration
The page is used to configure port security configuration.
First, you must select a port by clicking it from the following table. Then, begin to
set the port configuration. Please click when youʼre done with the modifications:
Enable or disable port security feature.
Admin:
Violation Mode:
happens. If “Shutdown” is selected, the port becomes blocking state and
system logs a syslog message, and increments the violation counter. If
“Restrict” is selected, a syslog message is logged, and the violation counter
increments. If “Protect” is selected, you are not notified that a security
violation has occurred.
Max MAC Address:
this port. It is between 1 and 132 and the total number in the system is 1024.
It decides the port behavior when security violation
The maximum numbers of secure MAC addresses on
57
Page 71
GigaX3112 Series Layer 3 Managed Switch
Aging Time:
corresponding dynamic secure MAC address will be removed from secure
MAC address table. The valid range is 0 to 1440(mins). If the time is equal
to 0, the aging mechanism is disabled for this port.
Aging Type:
addresses are aged out. If “Absolute” is selected, the secure addresses on
the port are deleted after the specified aging time. If “Inactivity” is selected,
the secure addresses in the port are deleted only if there is no data traffic
from the secure source MAC address for the specified time period.
Click OK to make the settings permanent. Click
current value.
The aging time for this port. After the expiration of the time, the
The aging type determines the action when the secure MAC
Reload
to refresh the settings to
Figure 63. Port Security
4.9.4.2 Port Status
This page shows the current port status, MAC address counts, static MAC
address counts, and violation count.
Port has five statuses:
NoOper:
SecureUp:
SecureDown:
when port security is configured to be enabled but could not be enabled due
to certain reasons such as conflict with other features.
Restrict:
violation mode is ʻrestrictʼ.
Shutdown:
violation when the violation mode is ʻshutdownʼ.
58
This indicates port security on the port is configured to disabled.
This indicates port security is operational.
This indicates port security is not operational. This happens
This indicates that the port occurs port security violation when the
This indicates that the port is shutdown due to port security
Page 72
GigaX3112 Series Layer 3 Managed Switch
When some port status is “Shutdown”, you can click it and select “Re-Start” to
“Yes”. It will restart the port and change status to “SecureUp”. Please click when
youʼre done with the modification.
Click OK to make the settings permanent. Click
current value.
Reload
to refresh the settings to
Figure 64. Port Status
4.9.4.3 Secure MAC Address
Secure MAC Address offers three functions for user management:
You can select a port by “Port Selection” field. After click “Query”
Query:
button, it will show all MAC addresses on this port.
User can select some port by “Port Selection” field, and input a MAC
Add:
address to add on “MAC Address” field. After push “Add” button, the MAC
address will add on the selected port and the type of the MAC is static.
Remove:
some port. Selecting a MAC from list and pushing “Remove” button, it will be
removed immediately.
You can use “Query” function to display all the MAC addresses on
Figure 65. Secure MAC Address
59
Page 73
GigaX3112 Series Layer 3 Managed Switch
4.10 Traffic chart
The Statistics Chart pages provide network flow in different charts. You can
specify the period time to refresh the chart. You can monitor the network traffic
amount in different graphic chart by these pages. Most MIB-II counters are
displayed in these charts.
Click
Auto Refresh
You can differentiate the statistics or ports by selecting
to let the browser to draw the graphic chart. Each new Draw will reset the
Draw
statistics display.
4.10.1 Traffic comparison
This page shows the one statistics item for all the ports in one graphic chart.
Specify the statistics item to display and click the
you the update data and refresh the graphic periodically.
to set the period for retrieving new data from the switch.
Finally, click on
Color.
, the browser will show
Draw
Figure 66. Traffic comparison
4.10.2 Error Group Chart
Selecting the
window shows you all the discards or error counts for the specified port. The
data is updated periodically.
60
and display
Port
, then clicking the
Color
, the statistics
Draw
Page 74
GigaX3112 Series Layer 3 Managed Switch
Figure 67. Error Group Chart
4.10.3 Historical status
You can display information for different ports and statistics items in this chart.
Since this shows the history of the statistics information, the line chart keeps the
old data even it is refreshed.
Figure 68. Historical status
61
Page 75
GigaX3112 Series Layer 3 Managed Switch
Note
4.11 Save configuration
Click OK to make the settings permanent.The setting also takes effective after a
successful save.
Sometimes you may want to reset the switch configuration, you can click on to
reset the configuration file to factory default. Of course, a system reboot will
follow this restoration process.
You will lose all the configurations when you choose to restore
the factory default configurations.
Figure 69. Save configuration
62
Page 76
GigaX3112 Series Layer 3 Managed Switch
Note
5 Console interface
This chapter describes how to use console interface to configure the switch. The
switch provides RS232 and USB connectors to connect your PC. Use a terminal
emulator on your PC such as HyperTerminal and command line interpreter to
configure the switch. You have to set up the terminal emulator with baud rate
9600, 8 bit data, no parity, and 1 stop bit, and no flow control.
Once you enter CLI mode, type “?” will display all available command help
messages. This is very useful when you are not familiar with the CLI commands.
All the CLI commands are case sensitive.
5.1 Power On Self Test
POST is executing during the system booting time. It tests system memory, LED
and hardware chips on the switchboard. It displays system information as the
result of system test and initialization. You can ignore the information until the
prompt, “ASUS login:” appears.
Figure 70. CLI interface
5.1.1 Boot ROM command mode
During the POST process, you can enter a “Boot ROM Command” mode by
pressing <ENTER> key. Enter the “?” key to show the help messages for all
available commands.
Although the commands are h elpful in some situation, we
STRONGLY suggest users not to use them if you donʼt know the
command function.
63
Page 77
GigaX3112 Series Layer 3 Managed Switch
Figure 71. Boot ROM command mode
5.1.2 Boot ROM commands
The followings are two types of boot ROM commands,
• “command”: The current settings will be displayed.
• “command” with new setting: The current setting will be replaced by specified
new setting.
Table 7. Boot ROM commands
Command Parameters Usage Notes
baudrate Baud Rate 9600
38400
57600
115200
64
You have to set up the terminal
emulator with the same baud
rate to make the work
Page 78
GigaX3112 Series Layer 3 Managed Switch
Command Parameters Usage Notes
bdinfo none none print Board Info structure
echo string none echo the string to console
ethaddr none none get MAC address
gatewayip IP address xxx.xxx.xxx.xxx set gateway IP address
go none none boot firmware image
? or help none none print online help
imls none none list all images found in flash
ipaddr IP address xxx.xxx.xxx.xxx set tftp client IP address
loadbx none none load binary file over
serial line (X modem)
netmask mask xxx.xxx.xxx.xxx set network mask
ping host xxx.xxx.xxx.xxx send ICMP ECHO_REQUEST
to network host
pwd none none reset switch password
reset none none perform reset of the CPU
serverip IP address xxx.xxx.xxx.xxx set tftp server IP address
slot slot 1, 2, auto select boot slot to boot
tftpboot filename Example:
3112single.img
version none none print monitor version
load image via network
using TFTP protocol
5.2 Login and logout
To enter the CLI mode, you have to give a valid user name and password. As
the first time login, you can enter “admin” as the user name (without password).
For security reason, please change the user name and password after login.
Once you forget the use name and password, you may contact ASUS support
team or restore the default user account in the Boot ROM Command mode –
“pwd”. If you take the second choice, the default user “admin” will be restored.
You type “exit” to leave the CLI mode safely. This action allows you to secure the
CLI mode. The next user has to do login again with authorized user name and
password.
65
Page 79
GigaX3112 Series Layer 3 Managed Switch
Note
5.3 CLI commands
The switch provides CLI commands for all managed functions. You can follow
the instructions and set up the switch correctly as easily as using WEB interface
to configure the switch.
Always use “?” or “list” to get the available commands list and
help.
Always use “end” to get back to the root directory(enable mode).
5.3.1 User account
5.3.1.1 Add user
Add a new user or modify an existing userʼs password.
CLI Syntax:
Example:
5.3.1.2 Delete user
Delete an existing user.
CLI Syntax:
Example:
add user user-name password
ASUS# add admin 123
delete user user-name
ASUS# delete user admin
5.3.2 Backup and Restore
5.3.2.1 Backup start-up configuration file
Backup the start-up configuration file “Quagga.conf” of the switch to TFTP server.
CLI Syntax:
Example:
5.3.2.2 Restore start-up configuration file
Restore the start-up configuration file “Quagga.conf” of the switch from TFTP
server.
CLI Syntax:
Example:
66
copy startup-config tftp: URL
ASUS# copy startup-config tftp: 192.168.8.56
copy tftp: URL startup-config
ASUS# copy tftp: 192.168.1.2 startup-config
Page 80
GigaX3112 Series Layer 3 Managed Switch
Note
5.3.3 System Management Configuration
5.3.3.1 Firmware upgrade
Upgrading new firmware into switch.
CLI Syntax:
Ex amp le:
3112single.img
5.3.3.2 configure terminal
Use the write configuration command on the switch to configuration.
CLI Syntax:
Example:
5.3.3.3 enable
Entering enable mode and turn on privileged mode command.
CLI Syntax:
Example:
archive download-sw /overwrite tftp: ImageFile
AS US# archive d ownload-sw /ov erw rite tftp:1 92. 168.1.3 /
Note: We strongly recommend you to backup “startup-config”
before upgrading.
configure terminal
ASUS# configure terminal
enable
ASUS# enable
5.3.3.4 disable
Turning off privileged mode and back to user mode.
CLI Syntax:
Example:
disable
ASUS# disable
5.3.3.5 end
This command let user end current mode and down to enable mode.
CLI Syntax:
Example:
end
ASUS# end
5.3.3.6 exit
This command let user exit current mode and down to previous mode.
CLI Syntax:
Example:
exit
ASUS# exit
67
Page 81
GigaX3112 Series Layer 3 Managed Switch
5.3.3.7 help
This command lists all of the command of the operation mode.
CLI Syntax:
Example:
Example:
list
ASUS# list
ASUS# ?
5.3.3.8 Host name
Displays the given name of the switch. This is an RFC-1213 defined MIB object
in System Group, and provides administrative information on the managed node.
CLI Syntax:
Example:
If you put a name in the name description field, the switch system name changes
to the new one.
hostname WORD
(config)# hostname Switch
5.3.3.9 System Contact
Displays the detail information of contact about the switch. This is an RFC-1213
defined MIB object in System Group, and provides contact information on the
managed node.
CLI Syntax:
Example:
If you put the contact description in the contact description field, the switch
contact will change to the new one.
snmp-server contact DWORD
(config)# snmp-server contact fae@loop.com.tw
5.3.3.10 System Location
Displays the physical location of the switch. This is an RFC-1213 defined MIB object
in System Group, and provides the location information on the managed node.
CLI Syntax:
Example:
Type in the location description in the location description field to change the
location.
68
snmp-server location DWORD
(config)# snmp-server location Loop-Taipei
Page 82
GigaX3112 Series Layer 3 Managed Switch
Figure 72. SYS commands
5.3.3.11 IP Address and Network Mask
Displays the IP address for the switch. This IP address is used for manageable
purpose, i.e.; network applications such as, http server, SNMP server, tftp server,
ssh and telnet server of the switch are all using this IP address in interface
vlan1.
CLI Syntax:
Example:
(config-if)# ip address 192.168.20.121/24
ip address A.B.C.D/M
(config)# interface vlan 1
5.3.3.12 Default Gateway
Displays the IP address of the default gateway. This field is necessary if the
switch network contains one or more routers.
CLI Syntax:
Example:
ip route A.B.C.D/M (A.B.C.D|INTERFACE)
(config)# ip route 0.0.0.0/0 192.168.1.2
5.3.3.13 reboot
Use this command to reboot the system.
CLI Syntax:
Example:
reboot
reboot
5.3.3.14 reload default-config file
Use this command to copy a default-config file to replace the current one.
CLI Syntax:
Example:
reload default-config file
ASUS# reload default-config file
5.3.3.15 show running-config
To show running-config fule.
CLI Syntax:
Example:
show running-config
ASUS# show running-config
69
Page 83
GigaX3112 Series Layer 3 Managed Switch
5.3.3.16 write memory
Use the write file configuration command on the switch stack or standalone
switch to write configuration to the file.
CLI Syntax:
Example:
write memory
ASUS# write memory
5.3.3.17 Assign a new user account
Add a user, which is named tony and its password is tony123456
CLI Syntax:
Example:
add user WORD WORD
add user tony tony123456
5.3.3.18 Delete a new user account
Delete a user account, which is named tony.
CLI Syntax:
Example:
delete user WORD
delete user tony
5.3.4 Physical interface commands
5.3.4.1 Interface mode
Use the auto-negotiation configuration command on the switch to set autonegotiation status of the port.
CLI Syntax:
Example:
(config-if)# auto-negotiation
This example shows how to use the auto-negotiation configuration command on
the switch to enable auto-negotiation mode.
auto-negotiation
(config)# interface gi1/0/2
5.3.4.2 Interface duplex
Use the duplex configuration command on the switch to set duplex status of the
port.
CLI Syntax:
Example:
(config-if)# duplex full
This example shows how to use the duplex configuration command on the
switch to set full-duplex on the interface.
70
duplex (full| half)
(config)# interface gi1/0/2
Page 84
GigaX3112 Series Layer 3 Managed Switch
5.3.4.3 Interface flow control
Use the flow control configuration command on the switch to set flow control
status of the port.
CLI Syntax:
Example:
(config-if)# flowcontrol both on
This example shows how to use the flow control configuration command on the
switch to set flow control both on.
flowcontrol (rx| tx | both) (on|off)
(config)# interface gi1/0/2
5.3.4.4 Show L2 interface
Use the show l2_interface command on the switch to show l2 interface status.
CLI Syntax:
Example:
show l2_interfaces IFNAME
ASUS# show l2_interface gi1/0/2
5.3.5 IP interface
5.3.5.1 show vlan name string
Use the show vlan user EXEC command to display the parameters for all
configured VLANs or one VLAN (if the VLAN ID or name is specified) on the
switch.
CLI Syntax:
Example:
Note: The vlan1 is for system purpose, for example, for firmware upgrade,
management, and so on.
show vlan name string
ASUS# show vlan VLAN1
5.3.5.2 Create a vlan entry
Use the vlan vid command to create vlan entry on the switch. Use the name
string command to create vlan entry with string on the switch.
CLI Syntax:
Example:
(config-vlan)# name vlan3
vlan id
(config)# vlan 3
71
Page 85
GigaX3112 Series Layer 3 Managed Switch
5.3.5.3 interface vlan VLAN-ID
This command changes the operation to vlan interface command mode.
CLI Syntax:
Example:
interface vlan VLAN-ID
interface vlan 1
5.3.5.4 ip address
This command sets the ip address for specific interface.
CLI Syntax:
Example:
Note: It wonʼt show you the interface name. Please keep in mind, which you are
configuring.
ip address A.B.C.D/M
(config-if)# ip address 192.168.20.121/24
5.3.5.5 ip helper-address
This command is used to enable the function of DHCP relay for specific interface
CLI Syntax:
Example:
ip helper-address A.B.C.D
(config-if)# ip helper-address 192.168.1.180
5.3.5.6 ip ospf
This command is used to setup OSPF interface parameters
CLI Syntax:
Example:
ip ospf
(config-if)# ip ospf
5.3.5.7 ip pim
This command is used to setup PIM-DM interface parameters
CLI Syntax:
E
xample:
ip pim
(config-if)# ip pim dense-mode
5.3.5.8 ip rip
This command is used to setup RIP interface parameters
CLI Syntax:
Example:
72
ip rip
(config-if)# ip rip
Page 86
GigaX3112 Series Layer 3 Managed Switch
5.3.6 RIP
5.3.6.1 router rip
The router rip command is necessary to enable RIP. To disable RIP, use the no
router rip command. RIP must be enabled before carrying out any of the RIP
commands.
CLI Syntax:
Example:
5.3.6.2 no router rip
Disable RIP.
CLI Syntax:
Example:
5.3.6.3 version
RIP can be configured to process either Version 1 or Version 2 packets, the
default mode is Version 2.
CLI Syntax:
Example:
router rip
(config)# router rip
no router rip
(config)# no router rip
version 1|2
(config-router)# version 1
5.3.6.4 network
Set the RIP enable interface by network. The interfaces which have addresses
matching with network are enabled.
CLI Syntax:
Example:
network A.B.C.D/M
(config-router)# network 35.0.0.0/8
5.3.7 OSPF
5.3.7.1 router ospf
Enable or disable the OSPF process. ospfd does not yet support multiple OSPF
processes. So you can not specify an OSPF process number.
CLI Syntax:
Example:
router ospf
(config)# router ospf
73
Page 87
GigaX3112 Series Layer 3 Managed Switch
5.3.7.2 router-id
Assigning an OSPF router-id in IP address format.
CLI Syntax:
Example:
ospf router-id a.b.c.d
(config-router)# ospf router-id 10.0.0.3
5.3.7.3 area
Set the OSPF area ID.
CLI Syntax:
Example:
network a.b.c.d/m area a.b.c.d
(config-router)# network 102.192.2/24 area 192.192.2.254
5.3.8 Multicast Route
Enable or disable the function of multicast route which include DVMRP and PIM-DM.
CLI Syntax:
Example:
ip multicast-routing ROUTING-PROTOCOL
(config-router)# ip multicast-routing PIM-DM
5.3.9 VRRP
Enable or disable the function of VRRP for specific IP interface
CLI Syntax:
Example:
standby VRID (1-255) ip a.b.c.d/m
(config-if)# standby 1 ip 192.168.1.1/24
5.3.10 Spanning Tree
5.3.10.1 clear spanning-tree counters
Use the clear spanning-tree counters configuration command on the switch to
clear spanning-tree statistics.
CLI Syntax:
Example:
5.3.10.2 clear spanning-tree counters interface IFNAME
Use the clear spanning-tree counters configuration command on the switch to
clear spanning-tree statistics on one interface.
CLI Syntax:
Example:
74
clear spanning-tree counters
ASUS# clear spanning-tree counters
clear spanning-tree counters interface IFNAME
ASUS# clear spanning-tree counters interface gi1/0/2
Page 88
GigaX3112 Series Layer 3 Managed Switch
5.3.10.3 default spanning-tree
This command sets spanning-tree parameter to default.
CLI Syntax:
Example:
default spanning-tree
ASUS# default spanning-tree forward-time
5.3.10.4 show spanning-tree active
To show spanning-tree active.
CLI Syntax:
Example:
show spanning-tree active
ASUS# show spanning-tree active
5.3.10.5 spanning-tree enable and disable
Enable/Disable the spanning tree.
CLI Syntax:
Example:
spanning-tree (enable|disable)
ASUS# spanning-tree disable
5.3.11 Link Aggregation
5.3.11.1 trunk aggregation group
Use the aggregation-link trunk group configuration command on the switch to
configure trunk aggregation group.
CLI Syntax:
Example:
aggregation-link trunk STACKID group <1-32> PORTLIST
ASUS#aggregation-link runk 1 group 1 1,2
5.3.11.2 trunk load balancing
Use the aggregation-link trunk group configuration command on the switch to
configure trunk load balancing by using source-based or destination-based
forwarding methods.
CLI Syntax:
(src-mac |dst-mac |src-dst-mac |src-ip |dst-ip |src-dst-ip)
Example:
aggregation-link trunk STACKID load-balance group <1-32>
ASUS#aggregation-link trunk 1 load-balance group 1
5.3.11.3 show aggregation-link trunk
To show aggregation-link trunk status.
CLI Syntax:
Example:
show aggregation-link trunk STACKID [GROUPID]
ASUS# show aggregation-link trunk 1 1
75
Page 89
GigaX3112 Series Layer 3 Managed Switch
5.3.12 LACP
5.3.12.1 clear lacp counters
Use the clear lacp counters configuration command on the switch to clear the
statistics for all aggregated port sets.
CLI Syntax:
Example:
5.3.12.2 lacp aggregation-link trunk
This command sets the Link Aggregation Control Protocol (LACP) operation
add/set for the trunk group ports on the switch.
CLI Syntax:
PORTLIST
Example:
5.3.12.3 disable lacp aggregation-link trunk
This command sets the Link Aggregation Control Protocol (LACP) operation
add/set or disable for the trunk group ports on the switch.
CLI Syntax:
Example:
clear lacp counters [STACKID]
clear lacp counters 1
lacp aggregation-link trunk STACKID (add|set) group <1-32>
ASUS# lacp aggregation-link trunk 1 set group 1 1,2
lacp aggregation-link trunk STACKID disable <1-12>
ASUS# lacp aggregation-link trunk 1 disable 2
5.3.12.4 lacp port-priority
This command sets the port priority for the Link Aggregation Control Protocol
(LACP) on the switch.
CLI Syntax:
Example:
(config-if)# lacp port-priority 1000
lacp port-priority <1-65535>
(config)# interface fa1/0/2
5.3.12.5 lacp system-priority
This command sets the system priority for the Link Aggregation Control Protocol
(LACP) on the switch.
CLI Syntax:
Example:
76
lacp system-priority <1-65535>
(config)# lacp system-priority 20000
Page 90
GigaX3112 Series Layer 3 Managed Switch
5.3.13 Mirroring
5.3.13.1 mirror mode
To set port mirror mode.
CLI Syntax:
Example:
5.3.13.2 mirror setting
This command mirrors the source interface list traffic to the destination interface.
The mirror type support received traffic, Transmitted traffic, or both.
CLI Syntax:
Example:
5.3.13.3 show mirror
To show current mirror features.
CLI Syntax:
Example:
5.3.13.4 no mirror
mirror mode
(config)# mirror mode l2
mirror IFLIST to IFNAME (rx|tx|both)
(config)# mirror gi1/0/3-5 to gi1/0/9 both
Show mirror
ASUS# show mirror
This command resets the source interfacesʼ received or transmitted traffic or
both the destination interface.
CLI Syntax:
Example:
no mirror SRCIFLIST (rx|tx|both)
(config)# no mirror gi1/0/1,gi1/0/4 rx
5.3.14 Static Multicast
5.3.14.1 mac-address-table multicast
Use the ac-address-table multicast configuration command on the switch to add
multicast static addresses to the MAC address table.
CLI Syntax:
IFLIST
Example:
interface gi1/0/3 1
mac-address-table multicast MACADDR vlan VLANID interface
(config)# mac-address-table multicast 0100.5e11.1111 vlan 2
77
Page 91
GigaX3112 Series Layer 3 Managed Switch
5.3.14.2 no mac-address-table multicast
Use the no mac-address-table multicast configuration command on the switch
to remove multicast static port to the MAC address table.
CLI Syntax:
interface IFLIST
Example:
interface gi1/0/3 1
no mac-address-table multicast MACADDR vlan VLANID
(config)# no mac-address-table multicast 0100.5e11.1111 vlan 2
5.3.14.3 show mac-address-table multicast
Use the show mac-address-table multicast user EXEC command to display the
Layer 2 multicast entries for all VLANs. Use the command in privileged EXEC
mode to display specific multicast entries.
CLI Syntax:
Example:
show mac-address-table multicast
ASUS# show mac-address-table multicast
5.3.15 IGMP Snooping
5.3.15.1 default ip igmp snooping
This command sets ip igmp snooping feature to default.
CLI Syntax:
Example:
default ip igmp snooping
(config)# default ip igmp snooping
5.3.15.2 ip igmp snooping
This command sets the IGMP snooping function enabled globally.
CLI Syntax:
Example:
ip igmp snooping
(config)# ip igmp snooping
5.3.15.3 interval time
This command sets the interval time for the IGMP queries sent by switch.
CLI Syntax:
Example:
78
ip igmp snooping last-member-query-interval TIMEVALUE
(config)# ip igmp snooping last-member-query-interval 100
Page 92
GigaX3112 Series Layer 3 Managed Switch
5.3.16 Traffic Control
5.3.16.1 storm-control
Use the storm-control configuration command on the switch to set the limit rate
of the portʼs total bandwidth used by broadcast/dlf/multicast.
CLI Syntax:
Example:
5.3.16.2 no storm-control
Use the no storm-control configuration command on the switch to disable the
limit rate of the portʼs total bandwidth used by broadcast/dlf/multicast.
CLI Syntax:
Example:
5.3.16.3 show storm-control
Use the show storm-control configuration command on the switchto show the
limit rate of the portʼs total bandwidth used by broadcast/dlf/multicast.
CLI Syntax:
Example:
storm-control (broadcast|dlf|multicast) LIMIT_RATE
(config)# storm-control broadcast 25
no storm-control (broadcast|dlf|multicast)
(config-if)# no storm-control broadcast
show storm-control IFNAME (broadcast|dlf|multicast)
ASUS# show storm-control gi1/0/1 broadcast
5.3.17 Dynamic Addresses
5.3.17.1 clear dynamic mac-address
Use the write configuration command on the switch stack or standalone switch
to clear dynamic L2 MAC addresses in the database.
CLI Syntax:
Example:
5.3.17.2 aging time
Use the mac-address-table aging-time configuration command on the switch
stack or on a standalone switch to set the length of time that a dynamic entry
remains in the MAC address table after the entry is used or updated.
The real aging-time is the triple of the command input radix number.
CLI Syntax:
Example:
This example shows how to configure the mac-address-table aging-time to 300
seconds.
clear mac-address-table dynamic address MAC_ADDR
(config)# clear mac-address-table dynamic address 0000.1111.2222
mac-address-table aging-time <1-255>
(config)# mac-address-table aging-time 100
79
Page 93
GigaX3112 Series Layer 3 Managed Switch
5.3.17.3 no aging time
Disables the age timer of the mac-address-table.
CLI Syntax:
Example:
no mac-address-table aging-time
(config)# no mac-address-table aging-time
5.3.17.4 show mac-address-table aging-time
CLI Syntax:
Example:
show mac-address-table aging-time
ASUS# show mac-address-table aging-time
5.3.18 Static Addresses
5.3.18.1 add static mac-address
You can add a MAC address into the switch address table. The MAC address
added by this way will not age out from the address table. We call it static
address.
CLI Syntax:
IFNAME
Example:
mac-address-table static MAC_ADDR vlan VLANID interface
(config)# mac-address-table static 0000.1111.2222 1 gi1/0/2
5.3.18.2 show mac-address-table
It shows static and dynamic mac-address.
CLI Syntax:
Example:
show mac-address-table
ASUS# show mac-address-table
5.3.19 VLAN
5.3.19.1 show vlan name string
Use the show vlan user EXEC command to display the parameters for all
configured VLANs or one VLAN (if the VLAN ID or name is specified) on the
switch.
CLI Syntax:
Example:
80
show vlan name string
ASUS# show vlan name VLAN1
Page 94
GigaX3112 Series Layer 3 Managed Switch
5.3.19.2 vlan vid
Use the vlan vid command to create vlan entry on the switch.
CLI Syntax:
Example:
vlan vid
(config)# vlan 2
5.3.19.3 name string
Use the name string command to create vlan entry with string on the switch.
CLI Syntax:
Example:
name string
(config-vlan)# name VLAN2
5.3.19.4 access vlan
Set access mode characteristics of all interfaces and Set Virtual LAN.
CLI Syntax:
Example:
(config-if)# switchport access vlan 1
switchport access vlan <1-4094>
(config)# interface fa1/0/2
5.3.19.5 allowed VLANs
Use the switchport trunk allowed vlan configuration command on the switch
to add or remove the allowed VLANs that can receive and send traffic on this
interface in tagged format when in trunking mode
CLI Syntax:
Example:
(config-if)# switchport trunk allowed vlan add 1
switchport trunk allowed vlan (add|remove) VLANLIST
(config)# interface fa1/0/2
5.3.20 GVRP
5.3.20.1 clear gvrp statistics
Use the clear gvrp statistics configuration command on the switch to clear all the
GVRP statistics information on one or all interfaces.
CLI Syntax:
Example:
clear gvrp statistics [IFNAME]
ASUS# clear gvrp statistics gi1/0/2
81
Page 95
GigaX3112 Series Layer 3 Managed Switch
5.3.20.2 default gvrp configuration
This command sets the GVRP configuration to default.
CLI Syntax:
Example:
default gvrp configuration
ASUS# default gvrp configuration
5.3.20.3 gvrp mode
This command sets the GVRP feature globally enable or disable on the switch.
CLI Syntax:
Example:
gvrp mode (enable|disable)
ASUS# gvrp mode enable
5.3.20.4 show gvrp configuration
To show gvrp configuration IFNAME status.
CLI Syntax:
Example:
show gvrp configuration IFNAME
ASUS# show gvrp configuration gi1/0/1
5.3.20.5 show gvrp statistics
To show gvrp statistics IFNAME status.
CLI Syntax:
Example:
show gvrp statistics [IFNAME]
ASUS# show gvrp statistics gi1/0/1
5.3.21 CoS/QoS
5.3.21.1 queue cos-map
Use the queue cos-map configuration command on the switch to set which Cos
queue a given priority should map into.
CLI Syntax:
Example:
5.3.21.2 show queue cos-map
This command sets the GVRP configuration to default.
CLI Syntax:
Example:
82
queue cos-map PRIORITY QUEUE
ASUS# queue cos-map 1 3
show queue cos-map
(config)# show queue cos-map
Page 96
GigaX3112 Series Layer 3 Managed Switch
5.3.21.3 qos mode
This command sets qos mode to highfirst mode.
CLI Syntax:
Example:
qos mode high_first
(config)# qos mode high_first
5.3.21.4 show qos mode
This command shows the qos mode.
CLI Syntax:
Example:
show qos mode
(config)# show qos mode
5.3.21.5 qos egress bandwidth
This command used to set the Qos bandwidth informational parameter for the
outcoming packets.
CLI Syntax:
Example:
(config-if)# qos egress bandwidth 100 10
qos egress bandwidth LIMIT_RATE BURST_RATE
(config)# int gi1/0/2
5.3.22 SNMP
5.3.22.1 show rmon statistics
To show rmon statistics IFNAME status.
CLI Syntax:
Example:
show rmon statistics [IFNAME]
ASUS# show rmon statistics gi1/0/1
5.3.22.2 show snmp-server community
To show snmp-server community.
CLI Syntax:
Example:
show snmp-server community
ASUS# show snmp-server community
5.3.22.3 snmp-server host
This command sets the SNMP host information.
CLI Syntax:
Example:
snmp-server host A.B.C.D
(config)# snmp-server host 192.168.8.31
83
Page 97
GigaX3112 Series Layer 3 Managed Switch
5.3.23 Filter
5.3.23.1 deny any host
Use the deny MAC access list configuration command on the switch to prevent
non-IP traffic from being forwarded if the conditions are matched. Use the no form
of this command to remove a deny condition from the named MAC access list.
CLI Syntax:
Example:
5.3.23.2 filter set
This command define an extended MAC access list using a name , and enter
access-list configuration mode.
CLI Syntax:
Example:
5.3.23.3 filter conditions
This command specify one or more conditions denied or permitted to decide if
the packet is forwarded or dropped.
CLI Syntax:
Example:
deny any host MACADDR [VLANID]
(config)# deny any host c2f3.220a.12f4 1
mac access-list extended WORD
(config)# mac access-list extended mac_acl_1
(permit|deny) any any
(config)# permit any any
5.3.23.4 filter attach
This command is used to assign filter rule for specific port.
CLI Syntax:
Example:
mac access-group WORD in
(config-if)# mac access-group mac_acl_1 in
5.3.24 Port Access Control
5.3.24.1 default system authentication control
This command sets dot1x system authentication control to default.
CLI Syntax:
Example:
84
default dot1x system-auth-control
(config)# default dot1x system-auth-control
Page 98
GigaX3112 Series Layer 3 Managed Switch
5.3.24.2 dot1x default
This command reset the configurable 802.1x parameters to the default values.
CLI Syntax:
Example:
(config-if)# dot1x default
dot1x default
(config)# interface gi1/0/1
5.3.24.3 dot1x guest-vlan
Use the dot1x guest-vlan interface configuration command on the switch to
specify an active VLAN as an 802.1X guest VLAN. Use the no form of this
command to return to the default setting.
CLI Syntax:
Example:
(config-if)# dot1x guest-vlan 3
dot1x guest-vlan <1-255>
(config)# interface gi1/0/1
5.3.24.4 dot1x initialize interface
Use the dot1x initialize privileged EXEC command on the switch to manually
return the specified 802.1X-enabled interface to an unauthorized state before
initiating a new authentication session on the interface.
CLI Syntax:
Example:
dot1x initialize interface [IFNAME]
(config)# dot1x initialize interface gi1/0/1
5.3.24.5 dot1x max-req
Use the dot1x max-req interface configuration command on the switch to set the
maximum number of times that the switch sends an Extensible Authentication
Protocol (EAP)-request/identity frame (assuming that no response is received)
to the client before restarting the authentication process. Use the no form of this
command to return to the default setting.
CLI Syntax:
Example:
(config-if)# dot1x max-req 2
dot1x max-req <1-10>
(config)# interface fa1/0/1
85
Page 99
GigaX3112 Series Layer 3 Managed Switch
5.3.24.6 dot1x port-control
Use the dot1x port-control interface configuration command on the switch to
enable manual control of the authorization state of the port. Use the no form of
this command to return to the default setting.
CLI Syntax:
Example:
(config-if)# dot1x port-control force-authorized
dot1x port-control (auto|force-authorized| force-unauthorized)
(config)# interface gi1/0/1
5.3.25 Dial-in User
5.3.25.1 dot1x username password
Add user into local radius database.
CLI Syntax:
Example:
5.3.25.2 show dot1x user
Show dot1x dial-in user.
CLI Syntax:
Example:
dot1x username WORD password WORD
(config)# dot1x username test password 12345
show dot1x username
ASUS# show dot1x test
5.3.26 RADIUS
5.3.26.1 RADIUS settings
This command sets the radius server ip, radius key, and radius port for 802.1X
configuration.
CLI Syntax
Example:
5.3.26.2 show dot1x radius
Show dot1x radius server ip, radius key, and radius port for 802.1X configuration.
CLI Syntax:
Example:
86
: dot1x radius server-ip A.B.C.D key RADIUS_KEY [PORTID]
(config)# dot1x radius server-ip 192.168.1.38 key 123456 1812
show dot1x radius
ASUS# show dot1x radius
Page 100
GigaX3112 Series Layer 3 Managed Switch
5.3.27 Port Security
5.3.27.1 show port security
This command used to show the port security configuration, status and MAC
addresses information.
CLI Syntax:
Example:
ASUS# show port-security interface gi1/0/1
ASUS# show port-security address
ASUS# show port-security interface gi1/0/1 address
5.3.27.2 clear port security
This command used to clear port security dynamic MAC addresses.
CLI Syntax:
Example:
ASUS# clear port-security dynamic address 0023.1313.2313
ASUS# clear port-security dynamic interface gi1/0/1
show port-security [address] [interface IFNAME]
ASUS# show port-security
clear port-security dynamic [address MAC] | [interface IFNAME]
ASUS# clear port-security dynamic
5.3.27.3 switchport port-security
This command used to set the port security configuration, and MAC addresses.
CLI Syntax:
VALUE] | [violation {protect | restrict | shutdown}] | [reup]
Example:
(config-if)# switchport port-security
(config-if)# switchport port-security mac-address 0023.1313.2313
(config-if)# switchport port-security maximum 20
(config-if)# switchport port-security violation protect
(config-if)# switchport port-security reup
switchport port-security [mac-address MAC] | [maximum
(config)# interface gi1/0/1
87
Loading...