Dell PowerConnect 5548p User Manual

Download

Dell PowerConnect

5500 Series

System User Guide

Regulatory Models: PowerConnect 5524, 5524P, 5548, 5548P

Notes, Cautions, and Warnings

NOTE: A NOTE indicates important information that helps you

make better use of your system.

CAUTION: A CAUTION indicates potential damage to

hardware or loss of data if instructions are not followed.

WARNING: A WARNING indicates a potential for property

damage, personal injury, or death.

____________________

Reproduction of these materials in any manner whatsoever without the written permission of Dell Inc. is strictly forbidden.

Trademarks used in this text: Dell™, the DELL logo, and PowerConn ect™ are trademarks of Dell Inc.; Intel®, Pentium®, and Celeron® are registered trademarks of Intel Corporation in the U.S. and other countries; Microsoft® and Windows® are either trademarks or registered trademarks of Microsoft Corporation in the United States and/or other countries.

Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products. Dell Inc. disclaims any proprietary interest in trademarks and trade names other than its own.

Regulatory Models PC5524, PC5524P, PC5548 and PC5548P

May 2012 A05

FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\Maintenance

Projects\Dell Contax\Dell_ContaxUG_PrintTOC.fm

1 Preface . . . . . . . . . . . . . . . . . . . . . . . . . . 13

2 Features. . . . . . . . . . . . . . . . . . . . . . . . . . 14

IP Version 6 (IPv6) Support . . . . . . . . . . . . . . . 15

Stack Support

Power over Ethernet

. . . . . . . . . . . . . . . . . . . . . . 15

. . . . . . . . . . . . . . . . . . . 15

Green Ethernet . . . . . . . . . . . . . . . . . . . . . . 16

Head of Line Blocking Prevention

Flow Control Support (IEEE 802.3X)

. . . . . . . . . . . . 16

. . . . . . . . . . . 16

Back Pressure Support . . . . . . . . . . . . . . . . . 16

Virtual Cable Testing (VCT)

Auto-Negotiation

. . . . . . . . . . . . . . . . . . . . 17

. . . . . . . . . . . . . . . 17

MDI/MDIX Support. . . . . . . . . . . . . . . . . . . . 17

MAC Address Supported Features

Layer 2 Features

. . . . . . . . . . . . . . . . . . . . . 19

. . . . . . . . . . . 17

IGMP Snooping . . . . . . . . . . . . . . . . . . . . . 19

Port Mirroring

Broadcast Storm Control

. . . . . . . . . . . . . . . . . . . . . . 19

. . . . . . . . . . . . . . . . 19

VLAN Supported Features . . . . . . . . . . . . . . . . 20

Contents

FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\Maintenance

Projects\Dell Contax\Dell_ContaxUG_PrintTOC.fm

Spanning Tree Protocol Features . . . . . . . . . . . . 21

Link Aggregation

. . . . . . . . . . . . . . . . . . . . . 23

Quality of Service Features . . . . . . . . . . . . . . . 23

Device Management Features

Security Features

. . . . . . . . . . . . . . . . . . . . 28

. . . . . . . . . . . . . . 24

Port Profile (CLI Macro) . . . . . . . . . . . . . . . . . 30

DHCP Server

Protected Ports

. . . . . . . . . . . . . . . . . . . . . . . 31

. . . . . . . . . . . . . . . . . . . . . . 31

iSCSI Optimization . . . . . . . . . . . . . . . . . . . . 31

Proprietary Protocol Filtering

. . . . . . . . . . . . . . 31

3 Hardware Description . . . . . . . . . . . . . . 33

Device Models . . . . . . . . . . . . . . . . . . . . . . 34

Device Structure . . . . . . . . . . . . . . . . . . . . . 34

LED Definitions

. . . . . . . . . . . . . . . . . . . . . . 38

4 Stacking Overview. . . . . . . . . . . . . . . . . 43

4 Contents

Power Supplies

. . . . . . . . . . . . . . . . . . . . . 42

Stack Overview . . . . . . . . . . . . . . . . . . . . . 44

Stack Members and Unit IDs

. . . . . . . . . . . . . . 47

FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\Maintenance

Projects\Dell Contax\Dell_ContaxUG_PrintTOC.fm

5 Configuring the Switch . . . . . . . . . . . . . . 54

Configuration Work Flow . . . . . . . . . . . . . . . . 55

Connecting the Switch to the Terminal . . . . . . . . . 56

Booting the Switch

Configuring the Stack

. . . . . . . . . . . . . . . . . . . 57

. . . . . . . . . . . . . . . . . . 58

Configuration Using the Setup Wizard . . . . . . . . . 58

6 Advanced Switch Configuration . . . . . . . 63

Using the CLI . . . . . . . . . . . . . . . . . . . . . . . 64

Accessing the Device Through the CLI

. . . . . . . . . 67

Retrieving an IP Address . . . . . . . . . . . . . . . . 68

Security Management and Password Configuration

Configuring Login Banners

. . . . . . . . . . . . . . . 74

. . 71

Startup Menu Procedures . . . . . . . . . . . . . . . . 76

Software Download

. . . . . . . . . . . . . . . . . . . 79

7 Using Dell OpenManage Administrator. . 83

Starting the Application . . . . . . . . . . . . . . . . . 84

Understanding the Interface. . . . . . . . . . . . . . . 84

Using the Switch Administrator Buttons

Field Definitions

. . . . . . . . . . . . . . . . . . . . . 89

. . . . . . . . 87

Common GUI Features . . . . . . . . . . . . . . . . . . 89

Contents

FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\Maintenance

Projects\Dell Contax\Dell_ContaxUG_PrintTOC.fm

GUI Terms. . . . . . . . . . . . . . . . . . . . . . . . . 90

CLI Commands

. . . . . . . . . . . . . . . . . . . . . . 90

8 Network Security. . . . . . . . . . . . . . . . . . 92

Port Security . . . . . . . . . . . . . . . . . . . . . . . 93

. . . . . . . . . . . . . . . . . . . . . . . . . . . 98

ACLs

ACL Binding

. . . . . . . . . . . . . . . . . . . . . . 118

Proprietary Protocol Filtering . . . . . . . . . . . . . 120

Time Range

Dot1x Authentication

. . . . . . . . . . . . . . . . . . . . . . . 122

. . . . . . . . . . . . . . . . . . 127

9 Configuring System Information . . . . . . 150

General Switch Information . . . . . . . . . . . . . . 151

Time Synchronization

. . . . . . . . . . . . . . . . . . . . . . . . . . . 188

Logs

. . . . . . . . . . . . . . . . . 162

6 Contents

IP Addressing . . . . . . . . . . . . . . . . . . . . . 202

Diagnostics

Management Security

. . . . . . . . . . . . . . . . . . . . . . . 248

. . . . . . . . . . . . . . . . . 254

DHCP Server . . . . . . . . . . . . . . . . . . . . . . 290

. . . . . . . . . . . . . . . . . . . . . . . . . . 307

SNMP

File Management

. . . . . . . . . . . . . . . . . . . . 330

Stack Management . . . . . . . . . . . . . . . . . . 361

FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\Maintenance

Projects\Dell Contax\Dell_ContaxUG_PrintTOC.fm

sFlow . . . . . . . . . . . . . . . . . . . . . . . . . . 369

10 Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . 378

Overview . . . . . . . . . . . . . . . . . . . . . . . . . 379

Jumbo Frames . . . . . . . . . . . . . . . . . . . . . . 382

Green Ethernet Configuration

Protected Ports

. . . . . . . . . . . . . . . . . . . . . 388

. . . . . . . . . . . . . . 384

Port Profile . . . . . . . . . . . . . . . . . . . . . . . . 391

Port Configuration

LAG Configuration

. . . . . . . . . . . . . . . . . . . . 397

. . . . . . . . . . . . . . . . . . . . 403

Storm Control . . . . . . . . . . . . . . . . . . . . . . 408

Port Mirroring

. . . . . . . . . . . . . . . . . . . . . . 411

11 Address Tables . . . . . . . . . . . . . . . . . . . 416

Overview . . . . . . . . . . . . . . . . . . . . . . . . . 417

Static Addresses. . . . . . . . . . . . . . . . . . . . . 418

Dynamic Addresses

. . . . . . . . . . . . . . . . . . . 421

12 GARP . . . . . . . . . . . . . . . . . . . . . . . . . . . 424

GARP Overview . . . . . . . . . . . . . . . . . . . . . 425

GARP Timers . . . . . . . . . . . . . . . . . . . . . . . 426

Contents

FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\Maintenance

Projects\Dell Contax\Dell_ContaxUG_PrintTOC.fm

13 Spanning Tree . . . . . . . . . . . . . . . . . . . . 428

Spanning Tree Protocol Overview . . . . . . . . . . . 429

Global Settings. . . . . . . . . . . . . . . . . . . . . 431

STP Port Settings

STP LAG Settings

. . . . . . . . . . . . . . . . . . . . 436

. . . . . . . . . . . . . . . . . . . . 441

Rapid Spanning Tree . . . . . . . . . . . . . . . . . . 444

Multiple Spanning Tree

. . . . . . . . . . . . . . . . 448

14 VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . 459

Virtual LAN Overview . . . . . . . . . . . . . . . . . 460

VLAN Membership . . . . . . . . . . . . . . . . . . . 465

Port Settings

LAGs Settings

Protocol Groups . . . . . . . . . . . . . . . . . . . . 477

Protocol Port

GVRP Parameters

Private VLAN . . . . . . . . . . . . . . . . . . . . . . 487

. . . . . . . . . . . . . . . . . . . . . . 468

. . . . . . . . . . . . . . . . . . . . . 474

. . . . . . . . . . . . . . . . . . . . . . 481

. . . . . . . . . . . . . . . . . . . 483

15 Link Aggregation . . . . . . . . . . . . . . . . . . 500

8 Contents

Voice VLAN

. . . . . . . . . . . . . . . . . . . . . . . 491

Link Aggregation Overview . . . . . . . . . . . . . . 501

LACP Parameters. . . . . . . . . . . . . . . . . . . . 503

FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\Maintenance

Projects\Dell Contax\Dell_ContaxUG_PrintTOC.fm

LAG Membership . . . . . . . . . . . . . . . . . . . . 506

16 Multicast . . . . . . . . . . . . . . . . . . . . . . . . 508

Multicast Support Overview. . . . . . . . . . . . . . . 509

Global Parameters . . . . . . . . . . . . . . . . . . . . 511

Bridge Multicast Groups

Bridge Multicast Forward All

. . . . . . . . . . . . . . . . 513

. . . . . . . . . . . . . . 517

IGMP Snooping . . . . . . . . . . . . . . . . . . . . . 519

Unregistered Multicast

Multicast TV VLAN

. . . . . . . . . . . . . . . . . 525

. . . . . . . . . . . . . . . . . . . . 527

17 LLDP . . . . . . . . . . . . . . . . . . . . . . . . . . . 531

LLDP Overview. . . . . . . . . . . . . . . . . . . . . . 532

LLDP Properties

LLDP Port Settings

MED Network Policy . . . . . . . . . . . . . . . . . . 540

LLDP MED Port Settings

Neighbors Information

. . . . . . . . . . . . . . . . . . . . . 533

. . . . . . . . . . . . . . . . . . . . 537

. . . . . . . . . . . . . . . . . 543

. . . . . . . . . . . . . . . . . . 548

18 Dynamic ARP Inspection . . . . . . . . . . . . 551

Dynamic ARP Inspection Overview . . . . . . . . . . . 552

Global Settings

. . . . . . . . . . . . . . . . . . . . . . 553

Contents

FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\Maintenance

Projects\Dell Contax\Dell_ContaxUG_PrintTOC.fm

Dynamic ARP Inspection List . . . . . . . . . . . . . 555

Dynamic ARP Inspection Entries

. . . . . . . . . . . 557

VLAN Settings . . . . . . . . . . . . . . . . . . . . . 559

Trusted Interfaces

. . . . . . . . . . . . . . . . . . . 561

19 DHCP Snooping . . . . . . . . . . . . . . . . . . . 563

DHCP Snooping . . . . . . . . . . . . . . . . . . . . 564

DHCP Relay. . . . . . . . . . . . . . . . . . . . . . . 577

20 iSCSI Optimization . . . . . . . . . . . . . . . . . 584

Optimizing iSCSI Overview . . . . . . . . . . . . . . 585

Global Parameters

iSCSI Targets . . . . . . . . . . . . . . . . . . . . . . 591

iSCSI Sessions

Configuring iSCSI Using CLI

. . . . . . . . . . . . . . . . . . . 588

. . . . . . . . . . . . . . . . . . . . . 593

. . . . . . . . . . . . . . 595

21 Statistics/RMON . . . . . . . . . . . . . . . . . . 596

10 Contents

Table Views . . . . . . . . . . . . . . . . . . . . . . 597

RMON Components

. . . . . . . . . . . . . . . . . . . . . . . . . . 633

Charts

. . . . . . . . . . . . . . . . . . 615

FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\Maintenance

Projects\Dell Contax\Dell_ContaxUG_PrintTOC.fm

22 Quality of Service . . . . . . . . . . . . . . . . . 640

QoS Features and Components . . . . . . . . . . . . . 641

General. . . . . . . . . . . . . . . . . . . . . . . . . . 643

QoS Basic Mode

QoS Advanced Mode

QoS Statistics . . . . . . . . . . . . . . . . . . . . . . 688

. . . . . . . . . . . . . . . . . . . . . 659

. . . . . . . . . . . . . . . . . . 668

Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . 695

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 710

Revision History . . . . . . . . . . . . . . . . . . . . . . 727

Contents

FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\Maintenance

Projects\Dell Contax\Dell_ContaxUG_PrintTOC.fm

12 Contents

Preface

PowerConnect 5524/5548 and PowerConnect 5524P/5548P are stackable, advanced multi-layer devices.

This guide contains the information needed for installing, configuring, and maintaining the device through the web-based management system, called the OpenManage Switch Administrator.

This guide describes how to configure each system through the web-based management system and through CLI commands.

The

CLI Reference Guide,

provides additional information about the CLI commands.

which is available on the Documentation CD,

Dell PowerConnect 55xx Systems User Guide 13

Features

This section describes the features of the PowerConnect 5524/P and 5548/P switches.

For a complete list of all updated device features, see the latest software version Release Notes.

This section contains the following topics:

• IP Version 6 (IPv6) Support

•Stack Support

• Power over Ethernet

• Green Ethernet

• Head of Line Blocking Prevention

• Flow Control Support (IEEE 802.3X)

•Back Pressure Support

• Virtual Cable Testing (VCT)

• Auto-Negotiation

• MDI/MDIX Support

• MAC Address Supported Features

• Layer 2 Features

• IGMP Snooping

• Port Mirroring

• Broadcast Storm Control

•VLAN Supported Features

• Spanning Tree Protocol Features

• Link Aggregation

• Quality of Service Features

• Device Management Features

Dell PowerConnect 55xx Systems User Guide 14

• Security Features

•DHCP Server

•Protected Ports

• iSCSI Optimization

• Proprietary Protocol Filtering

IP Version 6 (IPv6) Support

The device functions as an IPv6-compliant host, as well as an IPv4 host (also known as dual stack). This enables device operation in a pure IPv6 network as well as in a combined IPv4/IPv6 network.

For more information, see "IP Addressing" on page 202.

Stack Support

The system supports up to eight units with two fixed HDMI stacking ports. The HDMI ports are 1.3a specification, Category 2 High Speed cables, 340 MHz (10.2 Gbit/s).

it is recommended to use HDMI cable version 1.4

The stacking feature supports the following features:

• Fast-link failover

• Software auto-synch.

• Improved response time to events, such as master failover

• Auto-numbering algorithm when choosing unit number

For more information, see "Stacking Overview" on page 43

Power over Ethernet

Power over Ethernet (PoE) provides power to devices over existing LAN cabling, without updating or modifying the network infrastructure. When PoE is used, the network devices do not have to be placed next to a power source. PoE can be used in the following applications:

• IP Phones

• Wireless Access Points

Dell PowerConnect 55xx Systems User Guide 15

•IP Gateways

•PDAs

• Audio and video remote monitoring

For more information, see "Power over Ethernet" on page 157.

Green Ethernet

Green Ethernet, also known as Energy Efficient Ethernet (EEE), is an effort to make networking equipment environmentally friendly, by reducing the power usage of Ethernet connections.

The Short-Reach method, which reduces power over Ethernet cables shorter than 40m, is supported by the device.

For more information, see "Green Ethernet Configuration" on page 384.

Head of Line Blocking Prevention

Head of Line (HOL) blocking results in traffic delays and frame loss caused by traffic competing for the same egress port resources. To prevent HOL blocking, the device queues packets, and packets at the head of the queue are forwarded before packets at the end of the queue.

Flow Control Support (IEEE 802.3X)

Flow control enables lower-speed devices to communicate with higher-speed devices, by requesting that the higher-speed device refrain from sending packets. Transmissions are temporarily halted to prevent buffer overflows.

For more information, see "Flow Control" on page 380.

Back Pressure Support

On half-duplex links, the receiving port prevents buffer overflows by occupying the link so that it is unavailable for additional traffic.

For more information, see "Protected Ports" on page 388.

16 Dell PowerConnect 55xx Systems User Guide

Virtual Cable Testing (VCT)

VCT detects and reports copper link cabling faults, such as open cables and cable shorts.

For more information, see "Diagnostics" on page 248.

Auto-Negotiation

Auto-negotiation enables the device to advertise modes of operation. The auto-negotiation function enables an exchange of information between two devices that share a point-to-point link segment, and automatically configures both devices to take maximum advantage of their transmission capabilities.

The PowerConnect 5500 series enhances auto-negotiation by providing port advertisement. Port advertisement enables the system administrator to configure the port speeds that are advertised.

For more information, see "Port Configuration" on page 397 or "LAG Configuration" on page 403.

MDI/MDIX Support

Standard wiring for end stations is known as Media-Dependent Interface (MDI), and standard wiring for hubs and switches is known as Media- Dependent Interface with Crossover (MDIX).

If auto-negotiation is enabled, the device automatically detects whether the cable connected to an RJ-45 port is MDIX (crossed) or MDI (straight). This enables both types to be used interchangeably.

If auto-negotiation is not enabled, only MDI (straight) cables can be used.

For more information, see "Port Configuration" on page 397 or "LAG Configuration" on page 403.

MAC Address Supported Features

MAC Address Capacity Support

The device supports up to 16K MAC addresses and it reserves specific MAC addresses for system use.

Dell PowerConnect 55xx Systems User Guide 17

Static MAC Entries

MAC entries can be manually entered in the Bridging Table, as an alternative to learning them from incoming frames. These user-defined entries are not subject to aging, and are preserved across resets and reboots.

For more information, see "Static Addresses" on page 418.

Self-Learning MAC Addresses

The device enables controlled MAC address learning from incoming packets. The MAC addresses are stored in the Bridging Table.

For more information, see "Dynamic Addresses" on page 421.

Automatic Aging for MAC Addresses

MAC addresses from which no traffic is received for a given period, are aged out. This prevents the Bridging Table from overflowing.

For more information, see "Dynamic Addresses" on page 421.

VLAN-Aware MAC-Based Switching

The device always performs VLAN-aware bridging. Classic bridging (IEEE802.1D), in which frames are forwarded based only on their destination MAC address, is not performed. However, a similar functionality can be configured for untagged frames. Frames addressed to a destination MAC address that is not associated with any port are flooded to all ports of the relevant VLAN.

MAC Multicast Support

Multicast service is a limited Broadcast service that enables one-to-many and many-to-many connections for information distribution. In Layer 2 Multicast service, a single frame is addressed to a specific Multicast address, from which copies of the frame are transmitted to the relevant ports. When Multicast groups are statically enabled, you can set the destination port of registered groups, as well as define the behavior of unregistered Multicast frames.

For more information, see "Multicast" on page 508.

18 Dell PowerConnect 55xx Systems User Guide

Layer 2 Features

IGMP Snooping

Internet Group Membership Protocol (IGMP) Snooping examines IGMP frame contents, when they are forwarded by the device from work stations to an upstream Multicast router. From the frame, the device identifies work stations configured for Multicast sessions, and which Multicast routers are sending Multicast frames. The IGMP Querier simulates the behavior of a Multicast router. This enables snooping of the Layer 2 Multicast domain even if there is no Multicast router.

For more information, see "IGMP Snooping" on page 519.

Port Mirroring

Port mirroring monitors network traffic by forwarding copies of incoming and outgoing packets from a monitored port to a monitoring port. Users specify which target port receives copies of all traffic passing through a specified source port.

For more information, see "Port Mirroring" on page 411.

Broadcast Storm Control

Storm Control enables limiting the number of Multicast and Broadcast frames accepted by and forwarded by the device.

When Layer 2 frames are forwarded, Broadcast and Multicast frames are flooded to all ports on the relevant VLAN. This occupies bandwidth, and loads all nodes connected on all ports.

For more information, see "Storm Control" on page 408.

Dell PowerConnect 55xx Systems User Guide 19

VLAN Supported Features

VLAN Support

VLANs are collections of switching ports that comprise a single Broadcast domain. Packets are classified as belonging to a VLAN, based on either the VLAN tag or on a combination of the ingress port and packet contents. Packets sharing common attributes can be grouped in the same VLAN.

For more information, see "VLANs" on page 459.

Port-Based Virtual LANs (VLANs)

Port-based VLANs classify incoming packets to VLANs, based on their ingress port.

For more information, see "Defining VLAN Membership Using CLI Commands" on page 466.

Full 802.1Q VLAN Tagging Compliance

IEEE 802.1Q defines an architecture for virtual, bridged LANs, the services provided in VLANs, and the protocols and algorithms involved in the provision of these services.

For more information, see "Virtual LAN Overview" on page 460.

GVRP Support

GARP VLAN Registration Protocol (GVRP) provides IEEE 802.1Qcompliant VLAN pruning and dynamic VLAN creation on 802.1Q trunk ports. When GVRP is enabled, the device registers and propagates VLAN membership on all ports that are part of the active underlying Spanning Tree Protocol topology.

For more information, see "GVRP Parameters" on page 483.

Voice VLAN

Voice VLAN enables network administrators to enhance VoIP service by configuring ports to carry IP voice traffic from IP phones on a specific VLAN. VoIP traffic has a preconfigured OUI prefix in the source MAC address. Network administrators can configure VLANs from which voice IP traffic is

20 Dell PowerConnect 55xx Systems User Guide

forwarded. Non-VoIP traffic is dropped from the Voice VLAN in Auto-Voice VLAN Secure mode. Voice VLAN also provides QoS to VoIP, ensuring that the quality of voice does not deteriorate if the IP traffic is received unevenly.

For more information, see "Voice VLAN" on page 491.

Guest VLAN

Guest VLAN provides limited network access to unauthorized ports. If a port is denied network access via port-based authorization, but the Guest VLAN is enabled, the port receives limited network access through the Guest VLAN.

For more information, see "Dot1x Authentication" on page 127.

Private VLAN

The Private VLAN feature provides Layer 2 isolation between ports that share the same Broadcast domain, or in other words, it creates a point-tomultipoint Broadcast domain. The ports can be located anywhere in the Layer 2 network (compared to the Protected Ports feature, where the ports must be in the same stack).

For more information, see "Private VLAN" on page 487.

Multicast TV VLAN

The Multicast TV VLAN feature provides the ability to supply multicast transmissions to Layer 2-isolated subscribers, without replicating the multicast transmissions for each subscriber VLAN. The subscribers are the only receivers of the multicast transmissions.

For more information, see "Multicast TV VLAN" on page 527.

Spanning Tree Protocol Features

Spanning Tree Protocol (STP)

802.1d Spanning tree is a standard Layer 2 switch requirement that enables bridges to automatically prevent and resolve Layer 2 forwarding loops. Switches exchange configuration messages using specifically-formatted frames, and selectively enable and disable forwarding on ports.

For more information, see "Spanning Tree" on page 428.

Dell PowerConnect 55xx Systems User Guide 21

Fast Link

STP can take 30–60 seconds to converge. During this time, STP detects possible loops, enabling time for status changes to propagate and for relevant devices to respond. This period of 30-60 seconds is considered too long a response time for many applications. The Fast Link option bypasses this delay, and can be used in network topologies, where forwarding loops do not occur.

For more information on enabling Fast Link for ports and LAGs, see "STP

Port Settings" on page 436

"Static Addresses" on page 418.

IEEE 802.1w Rapid Spanning Tree

Spanning Tree takes 30–60 seconds for each host to decide whether its ports are actively forwarding traffic. Rapid Spanning Tree (RSTP) detects uses of network topologies to enable faster convergence, without creating forwarding loops.

For more information, see "Spanning Tree" on page 428.

IEEE 802.1s Multiple Spanning Tree

Multiple Spanning Tree (MSTP) operation maps VLANs into STP instances. MSTP provides a different load balancing scenario. Packets assigned to various VLANs are transmitted along different paths within MSTP Regions (MST Regions). Regions are one or more MSTP bridges by which frames can be transmitted. The standard lets administrators assign VLAN traffic to unique paths.

For more information, see "Spanning Tree" on page 428.

STP BPDU Guard

BPDU Guard is used as a security mechanism, to protect the network from invalid configurations.

BPDU Guard is usually used either when fast link ports (ports connected to clients) are enabled or when the STP feature is disabled. When it is enabled on a port, the port is shut down if a BPDU message is received and an appropriate SNMP trap is generated.

For more information, see "Spanning Tree" on page 428.

22 Dell PowerConnect 55xx Systems User Guide

Link Aggregation

Up to 32 Aggregated Links may be defined, each with up to eight member ports, to form a single Link Aggregated Group (LAG). This enables:

• Fault tolerance protection from physical link disruption

• Higher bandwidth connections

• Improved bandwidth granularity

• High bandwidth server connectivity

A LAG is composed of ports with the same speed, set to full-duplex operation.

For more information, see "LAG Configuration" on page 403.

Link Aggregation and LACP

LACP uses peer exchanges across links to determine, on an ongoing basis, the aggregation capability of various links, and continuously provides the maximum level of aggregation capability achievable between a given pair of devices. LACP automatically determines, configures, binds, and monitors the port binding within the system.

For more information, see "Link Aggregation" on page 500.

BootP and DHCP Clients

DHCP enables additional setup parameters to be received from a network server upon system startup. DHCP service is an on-going process. DHCP is an extension of BootP.

For more information, see "DHCP IPv4 Interface" on page 207.

Quality of Service Features

Class of Service 802.1p Support

The IEEE 802.1p signaling technique is an OSI Layer 2 standard for marking and prioritizing network traffic at the data link/MAC sub-layer. 802.1p traffic is classified and sent to the destination. No bandwidth reservations or limits

Dell PowerConnect 55xx Systems User Guide 23

are established or enforced. 802.1p is a spin-off of the 802.1Q (VLANs) standard. 802.1p establishes eight levels of priority, similar to the IP Precedence IP Header bit-field.

Advanced QoS

Frames that match an ACL and were permitted entrance are implicitly labeled with the name of the ACL that permitted their entrance. Advanced mode QoS actions defined in network policies can then be applied to these flows.

The switch can set DSCP values and map IPv6 DSCP to egress queues in the same way it does for IPv4. The switch detects IPv6 frames by the IPv6 ethertype.

For more information about Advanced QoS, see "QoS Advanced Mode" on page 668.

TCP Congestion Avoidance

The TCP Congestion Avoidance feature activates an algorithm that breaks up or prevents TCP global synchronization on a congested node, where the congestion is due to multiple sources sending packets with the same byte count.

For more information, see "The following is an example of the CLI commands:" on page 656.

Device Management Features

SNMP Alarms and Trap Logs

The system logs events with severity codes and timestamps. Events are sent as SNMP traps to a Trap Recipient List.

For more information, see "SNMP" on page 307

24 Dell PowerConnect 55xx Systems User Guide

SNMP Versions 1, 2, and 3

Simple Network Management Protocol (SNMP) over the UDP/IP protocol controls access to the system. A list of community entries is defined, each consisting of a community string and its access privileges. There are three levels of SNMP security: read-only, read-write, and super. Only a super user can access the Community table.

For more information, see "SNMP" on page 307.

Web-Based Management

Web-based management enables managing the system from any web browser. The system contains an Embedded Web Server (EWS) that serves HTML pages, through which the system can be monitored and configured. The system internally converts web-based input into configuration commands, MIB variable settings, and other management-related settings.

Management IP Address Conflict Notification

This feature validates the uniqueness of the switch's IP address, whether it is assigned manually or through DHCP. If the IP address is not unique, the switch performs actions according to the address type. If the IP address is static, see more information about this in "IPv4 Interface Parameters" on page 203. If the IP address is dynamic, see more information about this in"DHCP IPv4 Interface" on page 207.

Flow Monitoring (sflow)

The switch supports statistics collection, using a sampling technology called sFlow that is based on RFC 3176. The sFlow sampling technology is embedded within the switch, and provides the ability to continuously monitor traffic flows on some or all the interfaces simultaneously.

For more information, see "sFlow" on page 369.

Configuration File Download and Upload

The device configuration is stored in a configuration file. The configuration file includes both system-wide and port-specific device configuration. The system can display configuration files as a collection of CLI commands that are stored and manipulated as text files.

Dell PowerConnect 55xx Systems User Guide 25

Auto-Update of Configuration/Image File

This feature facilitates installation of new devices. When you enable the various auto-update options, the device automatically downloads a new image or configuration file when it receives its IP address from a TFTP server, and automatically reboots, using the image or configuration file it received.

For more information, see "Auto-Update/Configuration Feature" on page 331.

TFTP Trivial File Transfer Protocol

The device supports boot image, software, and configuration upload/download via TFTP.

USB File Transfer Protocol

The device supports boot image, software, and configuration upload/download via USB.

Remote Monitoring

Remote Monitoring (RMON) is an extension to SNMP that provides comprehensive network traffic monitoring capabilities. RMON is a standard MIB that defines MAC-layer statistics and control objects, enabling real-time information to be captured across the entire network.

For more information, see "Statistics/RMON" on page 596.

Command Line Interface

Command Line Interface (CLI) syntax and semantics conform as much as possible to common, industry standards. CLI is composed of mandatory and optional elements. The CLI interpreter provides command and keyword completion to assist users and save typing.

Syslog

Syslog is a protocol that enables event notifications to be sent to a set of remote servers, where they can be stored, examined, and acted upon. The system sends notifications of significant events in real time, and keeps a record of these events for after-the-fact usage.

For more information on Syslog, see "Logs" on page 188.

26 Dell PowerConnect 55xx Systems User Guide

SNTP

The Simple Network Time Protocol (SNTP) assures accurate network Ethernet Switch clock time synchronization up to the millisecond. Time synchronization is performed by a network SNTP server. Time sources are prioritized by strata. Strata define the distance from the reference clock. The higher the stratum (where zero is the highest), the more accurate the clock.

For more information, see "Time Synchronization" on page 162.

Domain Name System

Domain Name System (DNS) converts user-defined domain names into IP addresses. Each time a domain name is assigned, the DNS service translates the name into a numeric IP address. For example, www.ipexample.com is translated into 192.87.56.2. DNS servers maintain domain name databases containing their corresponding IP addresses.

For more information, see "Domain Name System" on page 235.

802.1ab (LLDP-MED)

The Link Layer Discovery Protocol (LLDP) enables network managers to troubleshoot, and enhances network management by discovering and maintaining network topologies over multi-vendor environments. LLDP discovers network neighbors by standardizing methods for network devices to advertise themselves to other systems, and to store discovered information. The multiple advertisement sets are sent in the packet Type Le n gt h Val u e (TLV) field. LLDP devices must support chassis and port ID advertisement, as well as system name, system ID, system description, and system capability advertisements.

LLDP Media Endpoint Discovery

by enabling various IP systems to co-exist on a single network LLDP. It provides detailed network topology information, emergency call service via IP phone location information, and troubleshooting information.

For more information, see "LLDP" on page 531.

(LLDP-MED) increases network flexibility

Dell PowerConnect 55xx Systems User Guide 27

Security Features

SSL

Secure Socket Layer (SSL) is an application-level protocol that enables secure transactions of data through privacy, authentication, and data integrity. It relies upon certificates and public and private keys.

Port-Based Authentication (Dot1x)

Port-based authentication enables authenticating system users on a per-port basis via an external server. Only authenticated and approved system users can transmit and receive data. Ports are authenticated via the Remote Authentication Dial-In User Service (RADIUS) server using the Extensible Authentication Protocol (EAP). Dynamic VLAN Assignment (DVA) enables network administrators to automatically assign users to VLANs during the RADIUS server authentication.

For more information, see "Dot1x Authentication" on page 127.

Locked Port Support

Locked Port increases network security by limiting access on a specific port to users with specific MAC addresses. These addresses are either manually defined or learned on that port. When a frame is seen on a locked port, and the frame source MAC address is not tied to that port, the protection mechanism is invoked.

For more information, see "Port Security" on page 93.

RADIUS Client

RADIUS is a client/server-based protocol. A RADIUS server maintains a user database that contains per-user authentication information, such as user name, password, and accounting information.

RADIUS Accounting

This feature enables recording device management sessions (Telnet, serial, and WEB but not SNMP) and/or 802.1x authentication sessions.

28 Dell PowerConnect 55xx Systems User Guide

Due to the complexity of 802.1x setup and configuration, many mistakes can be made that might cause loss of connectivity or incorrect behavior. The

802.1x Monitor mode enables applying 802.1x functionality to the switch, with all necessary RADIUS and/or domain servers active, without actually taking any action that may cause unexpected behavior. In this way, the user can test the 802.1x setup before actually applying it.

For more information, see "RADIUS" on page 284.

SSH

Secure Shell (SSH) is a protocol that provides a secure, remote connection to a device. SSH version 2 is currently supported. The SSH server feature enables an SSH client to establish a secure, encrypted connection with a device. This connection provides functionality that is similar to an inbound telnet connection. SSH uses RSA and DSA Public Key cryptography for device connections and authentication.

For more information, see "Security Management and Password Configuration" on page 71.

TACACS+

TACACS+ provides centralized security for validation of users accessing the device. TACACS+ provides a centralized, user management system, while still retaining consistency with RADIUS and other authentication processes.

For more information, see "TACACS+" on page 275.

Password Management

Password management provides increased network security and improved password control. Passwords for SSH, Telnet, HTTP, HTTPS, and SNMP access are assigned security features.

For more information, see "Password Management" on page 279.

The switch provides the ability to demand strong passwords, meaning that they must contain both upper and lower-case letters, numbers, and punctuation marks.

For more information, see "Password Management" on page 279.

Dell PowerConnect 55xx Systems User Guide 29

Access Control Lists (ACL)

Access Control Lists

actions and rules for specific ingress ports. Packets entering an ingress port with an active ACL, are either admitted or denied entry and the ingress port is disabled. If they are denied entry, the user can disable the port.

(ACL) enable network managers to define classification

Dynamic ACL/Dynamic Policy Assignment (DACL/DPA)

The network administrator can specify the user's ACL in the RADIUS server. After successful authentication, the user is assigned that ACL.

For more information, see "Network Security" on page 92.

DHCP Snooping

DHCP Snooping expands network security by providing firewall security between untrusted interfaces and DHCP servers. By enabling DHCP Snooping, network administrators can differentiate between trusted interfaces connected to end-users or DHCP servers and untrusted interfaces located beyond the network firewall.

For more information, see "DHCP Snooping" on page 564.

ARP Inspection

Dynamic ARP inspection is a security feature that validates ARP packets in a network. It intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindings. This capability protects the network from certain man-inthe-middle attacks.

Port Profile (CLI Macro)

Macros provide a convenient way to save and share a common configuration. A macro is a set of CLI commands with a unique name. When a macro is applied to a port, the CLI commands contained within it are executed and added to the Running Configuration file.

For more information, see "Dynamic ARP Inspection" on page 551.

30 Dell PowerConnect 55xx Systems User Guide

DHCP Server

Dynamic Host Configuration Protocol (DHCP) provides a means of passing configuration information (including the IP address of a TFTP server and a configuration file name) to hosts on a TCP/IP network. The switch can serve as a DHCP server or client.

For more information on the device serving as a DHCP server, see "DHCP Server" on page 290.

For more information on the device serving as a DHCP client, see "DHCP IPv4 Interface" on page 207.

Protected Ports

The Protected Ports feature provides Layer 2 isolation between interfaces (Ethernet ports and LAGs) that share the same Broadcast domain (VLAN) with other interfaces.

For more information, see "Protected Ports" on page 388.

iSCSI Optimization

iSCSI optimization provides the iSCSI flows with specific priority over other network traffic. In addition, the feature provides monitoring of iSCSI sessions.

For more information, see "iSCSI Optimization" on page 584.

Proprietary Protocol Filtering

This feature enables user control over the filtering of packets with proprietary protocols such as CDP, VTP, DTP, UDLD, PaGP, and SSTP. The user can select any combination of the protocols to be filtered, for example: CDP and VTP and UDLD.

For more information, see "Network Security" on page 92.

DHCP Relay and Option 82

A DHCP relay agent detects DHCP Broadcasts from DHCP clients and relays them to DHCP servers that may reside on different subnets.

Dell PowerConnect 55xx Systems User Guide 31

The relay agent information option (Option 82) in the DHCP protocol enables a DHCP relay agent to send additional client information, upon requesting an IP address.

Option 82 specifies the relaying switch's MAC address, the port identifier, and the VLAN that forwarded the packet.

For more information, see "DHCP Relay" on page 577.

Identifying a Switch via LED

The switch provides the ability to turn on a LED (through the GUI interface) on a specific unit or on all units in a stack for a specific length of time.

For more information, see Unit Identification (Location).

32 Dell PowerConnect 55xx Systems User Guide

Hardware Description

This section describes PowerConnect 5500 hardware.

It contains the following topics:

• Device Models

• Device Structure

• LED Definitions

• Power Supplies

Dell PowerConnect 55xx Systems User Guide 33

Device Models

The PowerConnect 5500 switches combine versatility with minimal management requirements. This series includes the following device types:

•

PowerConnect 5524

•

PowerConnect 5524P (with PoE)

ports, along with Power-over-Ethernet (PoE) support

•

PowerConnect 5548

•

PowerConnect 5548P (with PoE)

ports, along with Power-over-Ethernet (PoE) support

Each of these devices provides, in addition to the above ports, two HDMI ports, two SPF+ ports, an RS-232 console port, and a USB port, as shown in Figure 5-1.

NOTE: 10/100/1000Mbps Baset-T ports are also known as Gigabit ports or G ports.

— Provides 24 10/100/1000Mbps Base-T ports

— Provides 24 10/100/1000Mbps Base-T

— Provides 48 10/100/1000Mbps Base-T ports

— Provides 24 10/100/1000Mbps Base-T

Device Structure

This section describes the structure of the devices.

It contains the following topics:

• Front Panel

• Buttons and LEDs

•Back Panel

• Ventilation System

• System LEDs

•Port LEDs

34 Dell PowerConnect 55xx Systems User Guide

Front Panel

Console

SPF+ Ports

USB Port

HDMI Ports

Giga Ports (even numbered)

Port

Giga Ports (odd numbered)

Figure 5-1 shows the front panel of the PowerConnect 5548 device with its various ports labelled. The PowerConnect 5524 device from the PowerConnect 5548 device in that there are 24 G ports and not 48.

Figure 5-2 shows the buttons/LEDs on the right side in greater detail.

Figure 3-1. PowerConnect 5548 Ports

The following ports are found on the devices.

• 24/48 G Ports

•

Two X G Po rts

These are 10 Gigabit ports, designated as 1000Base-X-SFP+. The SFP+ ports are fiber transceivers designated as 10000 Base-SX or LX. They include TWSI (Two-Wire Serial Interface) and internal EPROM.

(also known as Small Form Factor Plugable (SFP)+ Ports)

• RS-232 Console Port

This port is used for a terminal connection for debugging and software downloads. The default baud rate is 9,600 bps. The baud rate can be configured from 2400 bps up to 115,200 bps.

•Two HDMI Ports

The HDMI ports are 1.3a specification, category 2 high-speed cables, 340 MHz (10.2 Gbit/s). They are used for stacking purposes.

Dell PowerConnect 55xx Systems User Guide 35

NOTE: it is recommended to use HDMI cable version 1.4

Power Status

Fan

RPS

Reset

Stacking Unit ID

Master

Port LEDs

Console Port

•Single USB Port

This port is used for firmware upgrade from a USB device.

Buttons and LEDs

LEDs on Front Panel

Figure 5-2 shows the extreme, right-hand part of the front panel, which contains buttons and LEDs, in addition to ports.

Figure 3-2. Button/LED Panel

These LEDs are described in Table 5-1 and Table 5-2.

Reset Button

The PowerConnect 5500 switches have a reset button, located on the front panel that is used for manual reset (reboot) of the device.

The single reset circuit of the switch is activated by power-up or low-voltage conditions.

36 Dell PowerConnect 55xx Systems User Guide

The Reset button does not extend beyond the unit’s front, and it must be

RPS

A/C Power Supply

Locator

MPS

A/C Power Supply

FanFan

activated with a pin.

Back Panel

The back panel of the non-PoE models, shown in Figure 5-3, contains a Redundant Power Supply (RPS) connector, Location LED, and power connector.

The back panel of the PoE models, shown in Figure 5-4, contains a Modular Power Supply (MPS) connector, Location LED, power connector, and two fan outlets.

Figure 3-3. PowerConnect 5524/48 Back Panel

Figure 3-4. PowerConnect 5524/48/P Back Panel

The elements on the back panel are used as follows:

•

Locator LED

— This LED is lit when the Unit Identification feature is selected. See "Unit Identification (Location)" on page 367 for more information about this feature.

•

RPS/MPS

on page 42

— Connector for auxiliary power supply.

for more information.

Dell PowerConnect 55xx Systems User Guide 37

See "Power Supplies

•

A/C Power Supply

" on page 42

— Fan outlets.

•

Supplies

Fans

— Connector for AC power supply.

for more information.

See "Ventilation System

" on page 38

See "Power

for more

information.

Ventilation System

The PowerConnect 5500/P switches have two built-in fans. Operation can be verified by observing the LED that indicates if one or more fans are faulty (see Table 5-1).

The fan outlets are shown in Figure 5-4.

LED Definitions

The front panel contains light emitting diodes (LEDs) that indicate the status of links, power supplies, fans, and system diagnostics.

These are described below.

System LEDs

The system LEDs of the PowerConnect 5500 devices provide information about the power supplies, fans, thermal conditions, and diagnostics. Figure 5-2 shows the location of the system LEDS on the device.

Table 5-1 describes the meaning of the colors of the system LEDs.

Table 3-1. System LED Indicators

LED Color Description

Power Supply (PWR)

Status Green Static The switch is operating normally.

Green Static The switch is turned on.

Green Flashing The Locator function is enabled.

Off The switch is turned off.

Green Flashing The switch is booting.

Red Static A critical system error has occurred.

Red Flashing A non-critical system error has occurred.

38 Dell PowerConnect 55xx Systems User Guide

Table 3-1. System LED Indicators (Continued)

LED Color Description

Stacking No. Indicates the unit ID of the device in the

stack.

Modular/Redundan cy Power Supply (MPS/RPS)

Locator Green Flashing Locator function is enabled.

Master Green Static The device is a master unit.

Fan (FAN) Green Static All device fans are operating normally.

Green Static The MPS/RPS is currently operating.

Red Static The MPS/RPS failed.

Off The MPS/RPS is not plugged in.

Green Static Locator function is disabled.

Off The device is not a master unit.

Red Static One or more of the device fans are not

operating.

Dell PowerConnect 55xx Systems User Guide 39

Port LEDs

LNK

ACT/PoE

LNK

ACT/PoE

Gigabit Ports

Each Giga port has two LEDs associated with it. The speed/link (LNK) LED is located on the left side of the port, while the activity/PoE LED is located on the right side of the port. The activity/PoE LED is labelled ACT in non-PoE devices, and is labelled PoE in PoE-enabled devices, as shown in Figure 5-5.

Figure 3-5. Giga Port LEDs

Table 5-2 describes the LED indications for the Gigabit ports:

Table 3-2. Giga Port s on non-PoE-enabled Devices LEDs

LED Color Description

LNK Green Flashing Link is up and the port is either transmitting

or receiving at 1000 Mbs.

Yellow Flashing Link is up and the port is either transmitting

or receiving data at 100 Mbps.

Solid green

ACT Green Flashing There is activity on the port.

Solid amber

OFF The port is currently not operating.

Off There is no activity on the port.

Link is up high speed.

Link is up at lower speeds.

40 Dell PowerConnect 55xx Systems User Guide

Table 5-3 describes the LED indications for Gigabit ports on PoE-enabled devices.

Table 3-3. Giga Port s on PoE-enabled Devices LEDs

LED Color Description

LNK Flashing green Link is up and the port is either transmitting or

receiving at 1000 Mbs.

Flashing amber Link is up and the port is either transmitting or

receiving data at 100 Mbps.

Solid green

Solid amber

Off Port is currently not operating.

PoE Flashing green There is activity on the port and the PoE is off.

Flashing amber There is activity on the port and the PoE is on.

Amber solid There is no activity on the port and the PoE power is

Off There is no activity on the port and the PoE is off.

Link is up high speed.

Link is up at lower speeds.

on.

HDMI Port LEDs

The HDMI ports have a Speed/link (LNK) LED on their left side and an activity (ACT) LED on their right side.

Table 5-4 describes the HDMP port LEDs:

Table 3-4. HDMI (Stacking) Port LEDs

LED Color Description

Speed/Link Solid green Port is linked to device.

Off Port is currently not operating.

ACT Flashing green Port is either transmitting or receiving.

Off Port is not transmitting or receiving.

Dell PowerConnect 55xx Systems User Guide 41

SFP LEDs

The SFP+ ports each have two LEDs, marked as LNK and ACT, associated with them. Figure 5-5 describes these LEDs.

Table 3-5. SFP Port LEDs

LED Color Description

LNK Solid green Link is at highest speed.

Solid amber Link is at lowest speed.

Off Port is currently not linked.

ACT Flashing green Port is either transmitting or receiving.

Stack ID LED

The front panel of the device contains a Stack ID panel used to display the Unit ID for the Stack Master and members, as shown in Figure 5-2.

Power Supplies

The device has an internal power supply unit (AC unit) and a connector to connect PowerConnect 5500/P devices to a PowerConnect EPS-470 unit, or to a PowerConnect MPS-600 unit.

The PowerConnect 5500/P devices have the following internal power supplies:

• 24 Port non-PoE devices —

• 48 Port non-PoE devices —

• 24/48 Port PoE devices —

Operation with both power supply units is regulated through load sharing. Power supply LEDs indicate the status of the power supply.

The AC power supply unit operates from 90 to 264 VAC, 47 to 63 Hz. The AC power supply unit uses a standard connector. A LED, shown in Figure 5-3, indicates whether the AC unit is connected.

When the device is connected to a supplementary power source, the probability of failure in the event of a power outage decreases.

54 Watt

100 Watt

600 Watt

42 Dell PowerConnect 55xx Systems User Guide

Stacking Overview

This section describes how the Stacking feature of the PowerConnect 5500 series functions.

It contains the following topics:

• Stack Overview

• Stack Members and Unit IDs

Dell PowerConnect 55xx Systems User Guide 43

Stack Overview

The PowerConnect 5500 Stacking feature provides multiple switch management through a single switch, so that all units in the stack are treated as if they were a single switch. All stack members are accessed through the management IP address, through which the stack is managed.

Each switch is a member in a stack, although the stack may consist of only a single switch.

Up to eight units can be stacked.

This section covers the following topics:

• Stack Operation Modes

• Stacking Units

•Stack Topology

Stack Operation Modes

All stacks must have a Master unit, and may have a Master Backup unit. All other units are connected to the stack as members (slaves).

A unit in the stack can be in one of the following modes:

•

Stack Master

addition, it runs configures and manages all other units in the stack. All protocols run in the context of the Master unit. It is responsible for updating and synchronizing the

The Stack Master detects and reconfigures the ports with minimal operational impact in the event of:

— Runs the fully operational software of a switch. In

Master Backup

Unit failure

Inter-unit stacking link failure

Unit insertion

Unit removal

When the Master unit boots, or when inserting or removing a stack member, the Master unit initiates a stacking discovering process.

44 Dell PowerConnect 55xx Systems User Guide

•

Slave Unit

applications running on the Master’s CPU to control and manage the resources of the slave unit.

•

Master Backup

addition, continuously monitors the existence and operation of the stack master. If the master unit fails, the master-backup unit assumes the Master Backup role.

— Runs a slave version of the software that enables the

— Runs as a slave unit, as described above, and in

Stacking Units

PowerConnect 5500 series switches use two HDMI 10G ports for stacking.

To connect the units in the stack:

Insert one end of an HDMI cable into the left-hand HDMI port on the unit at the top of the stack and the other end into the right-hand HDMI port of the unit immediately below it (this is called crossover).

Repeat this process until all units are connected.

(Optional) Connect the left-hand HDMI port of the unit at the bottom of the stack to the right-hand HDMI port of the unit at the top of the stack. This step provides increased bandwidth and redundancy.

Dell PowerConnect 55xx Systems User Guide 45

The results of this process are shown in Figure .

HDMI Ports

Figure 4-1. Stacking Ring Topology

46 Dell PowerConnect 55xx Systems User Guide

Stack Topology

The PowerConnect 5500 series systems operates in a ring or chain topology.

Ring Topology

In a ring topology all units in the stack are connected to each other, forming a circle. Each unit in the stack accepts data and sends it to the unit to which it is attached. The packet continues through the stack until it reaches its destination. The system discovers the optimal path on which to send traffic.

Figure shows units of a stack connected in a ring topology.

Stacking Failover Topology - Chain Topology

Difficulties occur when a unit in the ring becomes non-functional, or a link is severed. In this case, the system automatically switches to a chain topology, without any system downtime.

In chain topology, each unit in the stack is connected to neighboring unit except for the last unit, which is not connected to any other unit.

In the chain topology, the stack continues to function as long as there is a master- or backup-enabled unit in each segment of the stack.

When the ring topology is switched to chain topology, an SNMP message is automatically generated, but no stack management action is required. The unit that failed must be repaired to restore full stacking operation in the ring topology.

After the stacking issues are resolved, the units can be reconnected without interruption, and the ring topology is restored.

Stack Members and Unit IDs

This section describes how to configure the stack.

It contains the following topics:

• Adding a Unit to the Stack

• Assigning Unit IDs

• Selecting the Master and Master Backup Units

• Switching from the Master to the Master Backup

• Replacing Stacking Members

Dell PowerConnect 55xx Systems User Guide 47

• Loading Software onto Stack Members

• Rebooting the Stack

• Managing Configuration Files on the Stack

Adding a Unit to the Stack

The recommended procedure to add a unit to a stack is as follows:

Place the powered-off unit in its physical place in the stack, and insert the stacking link in the unit (but do not connect it to the rest of the stack).

Power up the unit, and set the correct Unit ID, as described below.

Reboot the unit and connect it to the rest of the stack through the stack link.

Assigning Unit IDs

Each unit in the stack has a unique ID that defines the unit’s position and function in the stack, as shown in Figure 5-2.

The unit that is assigned Unit ID 1 is the Master unit, by default. The unit that is assigned Unit ID 2 is the Master Backup unit.

When you power-up the stack, each unit is assigned a unique Unit ID. This is displayed on the front panel of the unit, as shown in Figure 5-2.

The Unit ID of each unit can be either automatically assigned or manually assigned, as described in step 1 to step 4 below.

To assign IDs to the units in the stack, do the following for each unit in the stack:

Connect the unit to the terminal.

48 Dell PowerConnect 55xx Systems User Guide

Turn on the unit to begin auto boot and press enter the

Start Up

menu.

Return

Esc

to abort and

Startup Menu [1]Download Software [2]Erase Flash File [3]Password Recovery Procedure [4]Set Terminal Baud-Rate [5]Stack Menu [6]Back

Select

Stack Menu

to open the

Stack Menu

[1]Show Unit Stack ID [2]Set Unit Stack ID [3]Back

Select

Set Unit Stack ID.

Enter either a Unit ID for manual assignment or

0 to indicate that the unit ID will be assigned automatically.

NOTE: The entire stack should be connected, as shown in Figure 6-1, before

powering up the units.

Selecting the Master and Master Backup Units

A unit is master-enabled if it assigned Unit ID 1 and Unit 2. All other units in the stack (slaves) have unit IDs of 3-8.

The stack master assignment is performed during the configuration boot process. One master-enabled stack member is elected as Master, and the other master-enabled stack member is selected as

Master Backup

to the following decision process:

• A master is selected from the set of the two Master-enabled units. Priority is given to the lowest unit ID, but also takes into account the amount of time the unit is UP (Up Time) as follows:

Dell PowerConnect 55xx Systems User Guide 49

, according

– When a master-enabled unit is inserted to a running stack, (or when

Master and Backup master both start at the same time), they exchange each other’s UP TIME (the time since they powered up). If the time difference is smaller than 10 minutes, the unit with the lowest unit ID is elected; otherwise, the unit with the longest UP time is elected.

– If a Master-enabled unit (with ID 1 or 2) is inserted into an

operational stack, it will be elected as a backup master.

– If a Master unit and/or a backup Master unit is removed from the

stack and the user wishes to configure one of the slave units (numbered 3-8) to be a Master backup, the user must reset the unit’s ID. This can be done as follows:

• If there is a Master-enabled unit in the stack: Do -

renumber

2 (through CLI or GUI). This makes the nth unit a

switch

master-enabled unit.

• If there is no Master-enabled unit in the stack: Press the reset button on the unit to be master-enabled, and assign it a unit ID= 1 using the boot menu.

• The user can

force

a master-enabled unit to be the master unit of the stack, even if the master election process did not select it. This is done by switching over to the backup unit.

NOTE: Two stacking member are considered the same age if they were

inserted within a ten minute interval, for example, if Unit 2 is inserted in the first minute of a ten-minute cycle, and Unit 1 is inserted in fifth minute of the same cycle, the units are considered to be the same age.

NOTE: If two stack members are discovered to have the same Unit ID, only

the older unit is included in the stack. The stack continues to function and a message is sent notifying that a unit failed to join the stack.

The Stack Master and the Warm Standby ensures that the

Master Backup

maintain a Warm Standby. The

takes over for the Stack

Master if a failover occurs, so that the stack continues to operate normally.

During the Warm Standby, the Master and the

Master Backup

are synchronized with the static configuration. When the Stacking Master is configured, it must synchronize the

Master Backup

. The dynamic

50 Dell PowerConnect 55xx Systems User Guide

configuration is not saved, for example, dynamically-learned MAC addresses are not saved, but dynamic information is learned quickly and automatically by network traffic.

Switching from the Master to the Master Backup

The Master Backup replaces the Stack Master if one or more of the following events occur:

• The Stack Master fails or is removed from the stack.

• Links from the Stack Master to the stacking members fails.

• User performs soft switchover via the Web interface or the CLI.

Switching between the Stack Master and the Master Backup results in limited service loss. Dynamic tables are relearned if a failure occurs. The Running Configuration file is synchronized between Stack Master and the Master Backup, and continues running on the Master Backup.

Replacing Stacking Members

If a unit is removed from the stack, and replaced with a unit with the same unit ID, the stack member is configured with the original unit configuration.

Otherwise, if the new unit has either more or fewer ports than the previous unit, the results depend on the device type of the new and original units, as defined in Table 6-1:

Table 4-1. Port Configurations when Replacing Units

New Unit Original Unit New Port Configuration

5548P or 5548 5548P or 5548 Port configurations remain the same.

5524 or 5524P The first 24 Giga (GE) ports receive the

respective 5524/P 24 GE port configurations. The 10 G port configurations remain the same.

Dell PowerConnect 55xx Systems User Guide 51

Table 4-1. Port Configurations when Replacing Units (Continued)

New Unit Original Unit New Port Configuration

5524P or 5524 5548P or 5548 The PowerConnect 5524/P 24 Gigabit

ports receives the first 24 Giga 5548/P port configurations. The 10 Giga port configurations remain the same. The remaining ports receive the default port configuration.

5524P or 5524 Port configurations remain the same.

Loading Software onto Stack Members

Software can be downloaded to all units simultaneously, or to the master unit alone. If software is only loaded to the master unit, when new software is selected, and the Master is rebooted, the Master updates the software on the remaining units.

In this way, all units in the stack run the same software version.

Rebooting the Stack

Whenever a reboot occurs, topology discovery is performed, and the Master learns all units IDs in the stack.

Configuration files are changed only through explicit user configuration, and are not automatically modified when units are added, removed or reassigned unit IDs.

Each time the system reboots, the Startup Configuration file in the Master unit is used to configure the stack.

Managing Configuration Files on the Stack

The Startup Configuration and Running Configuration file are stored on the stack master.

Each port in the stack is referenced in the configuration files by its port type and unit ID/0/port number, for example "gi1/0/24", which means Giga port 24 on unit 1 (the middle 0 is reserved for future use).

Configuration files are managed from the Stack Master, including:

• Saving to flash memory

52 Dell PowerConnect 55xx Systems User Guide

• Uploading configuration files to an external TFTP server/HTTP client

• Downloading configuration files from an external TFTP server/HTTP client

• Download/upload through the USB port

NOTE: Stack configuration for all configured ports is saved, even if the stack

is reset and/or the ports are no longer present.

Dell PowerConnect 55xx Systems User Guide 53

Configuring the Switch

This section describes the configuration that must be performed after the switch is installed and connected to power supplies. Additional advanced functions are described in "Advanced Switch Configuration" on page 63.

NOTE: Before proceeding further, read the release notes for this product. You can

download the release notes from the Dell Support website at support.dell.com.

NOTE: We recommend that you obtain the most recent revision of the user

documentation from the Dell Support website at support.dell.com.

It contains the following topics:

• Configuration Work Flow

• Connecting the Switch to the Terminal

• Booting the Switch

•Configuring the Stack

• Configuration Using the Setup Wizard

Dell PowerConnect 55xx Systems User Guide 54

Configuration Work Flow

To configure the switches:

For each switch in the stack:

Connect it to a terminal, as described in the "Connecting the Switch to the Terminal" on page 56.

Boot the switch, as described in the "Booting the Switch" on page 57.

Assign a unit ID to the switch, as described in "Assigning Unit IDs" on page 48.

Connect the units in the stack to each other, as described in "Configuring the Stack" on page 58.

Connect the Master unit to the terminal, reboot the unit and the Setup Wizard is run automatically, as described in "Configuration Using the Setup Wizard" on page 58.

Respond to the Setup Wizard prompts.

Continue managing the switch, either through the console or Telnet, using the CLI or the web GUI.

Dell PowerConnect 55xx Systems User Guide 55

Connecting the Switch to the Terminal

Console Port

The switch is configured and monitored through a terminal desktop system that runs terminal emulation software. The switch connects to the terminal through the console port.

To connect the switch to a terminal:

Connect an RS-232 cable to a VT100-compatible terminal or the serial connector of a desktop system running terminal emulation software.

Connect the RS-232 cable to the switch console port on the front panel of the switch (see Figure 7-1) using an 8-pin RJ-45 male connector.

Figure 5-1. Front-Panel Console Port

Set the terminal emulation software as follows:

Select the appropriate serial port to connect to the switch.

Set the data rate to 9600 baud.

Set the data format to 8 data bits, 1 stop bit, and no parity.

Set Flow Control to

Select VT100 for Emulation mode within your communication software.

Select Terminal keys for Function, Arrow, and Ctrl keys. Ensure that the setting is for Terminal keys (

non

not

Windows keys).

NOTE: You can connect a console to the console port on any unit in the stack, but

stack management is performed only from the stack master (Unit ID 1 or 2).

56 Dell PowerConnect 55xx Systems User Guide

Booting the Switch

Power Status

Fan

RPS

After the local terminal is connected, turn on power. The switch then goes through power-on self-test (POST). POST runs every time the switch is started and checks hardware components, to determine if the switch is operational before completely booting. If the system detects a critical problem, the boot process stops. If POST passes successfully, a valid executable image is loaded into RAM. POST messages are displayed on the terminal and indicate test success or failure.

The boot process runs for approximately 40-45seconds.

When the boot process completes, the following LEDs are lit, as shown in Figure 7-2:

•Power

• Status

• Fan (should be green)

• RPS (if it is being used)

Figure 5-2. Initial LEDs

Dell PowerConnect 55xx Systems User Guide 57

Configuring the Stack

The switch is always considered to be a stack of switches even if the stack only contains a single switch. If there is more than one switch in the stack, each switch must be configured individually. See "Assigning Unit IDs" on page 48 for instructions on how to configure the stack.

Configuration Using the Setup Wizard

The Setup Wizard guides you through the initial switch configuration to get the system up and running as quickly as possible. Note that you can skip the Setup Wizard and configure the switch manually through the CLI.

The Setup Wizard configures the following fields:

• SNMP Community String and SNMP Management System IP address (optional)

• Username and password

• Management switch IP address

• IP subnet mask

• Default gateway IP address

NOTE: The Setup Wizard assumes the following:

• The PowerConnect switch was never configured before and is in the same

state as when you received it.

• The PowerConnect switch booted successfully.

• The console connection is established and the console prompt is displayed on

the screen of a VT100 terminal switch.

Connect the Master unit to a terminal. You can identify the Master unit by the illuminated Master LED on the front panel of the switch (see Figure 5-2).

To configure the system using the Setup Wizard:

Obtain the following information from the network administrator:

• SNMP Community String and SNMP Management System IP

address (optional)

• Username and password

58 Dell PowerConnect 55xx Systems User Guide

• The IP address to be assigned to the VLAN 1 interface through which the switch is to be managed (by default, every external and internal port is a member of the VLAN 1)

• The IP subnet mask for the network

• The default gateway (next hop router) IP address for configuring the default route

Boot the Master unit. The system automatically prompts you to use the Setup Wizard.

The Setup Wizard displays the following information:

Welcome to Dell Easy Setup Wizard The Setup Wizard guides you through the initial

switch configuration and gets you up and running easily and quickly. You can skip the Setup Wizard and enter CLI mode to manually configure the switch. The system will prompt you with a default answer; by pressing Enter, you accept the default value.

You must respond to the next question to run the Setup Wizard within 60 seconds, otherwise the system will continue with normal operation using the default system configuration.

Would you like to enter the Setup Wizard (you must answer this question within 60 seconds)? (Y/N)

Enter [Y] to run the wizard. If you enter [N] or if you do not respond

within 60 seconds, the Setup Wizard automatically exits and the CLI console prompt appears.

If you enter [Y] the wizard provides interactive guidance through the initial switch configuration.

The following information is displayed:

You can exit the Setup Wizard at any time by entering [ctrl+Z].

The system is not set up for SNMP management by default.

Dell PowerConnect 55xx Systems User Guide 59

To manage the switch using SNMP (required for Dell Network Manager) you can:

•

Setup the initial SNMP version 2 account now.

•

Return later and set up the SNMP version account. For more information on setting up a SNMP version 2 account, see the user documentation.

Would you like to set up the SNMP management interface now? [Y/N]

Enter [N] to skip to Step7 or enter [Y] to continue the Setup Wizard. If you enter [Y] the following information is displayed:

To set up the SNMP management account you must specify the management system IP address and the "community string" or password that the particular management system uses to access the switch. The wizard automatically assigns the highest access level [Privilege Level 15] to this account.

You can use Dell Network Manager or other management interfaces to change this setting later and to add additional management system later. For more information on adding management systems, see the user documentation.

To add a management station: Please enter the SNMP community string to be used:

Enter the SNMP community string. You can use the default name "public"

Please enter the IP address of the Management System (A.B.C.D) or wildcard (0.0.0.0) to manage from any Management Station:[0.0.0.0].

Enter the SNMP Management System IP.

Set up user account privilege level, as follows:

The following information is displayed:

Now we need to set up your initial privilege (Level 15) user account. This account is used to login to the CLI and Web interface. You may set up

60 Dell PowerConnect 55xx Systems User Guide

other accounts and change privilege levels later. For more information on setting up user accounts and changing privilege levels, see the user documentation.

To set up a user account: Enter the user name: Please enter the user password: Please reenter the user password:

Enter the following:

• User name, for example "admin"

• Password and password confirmation.

Press

Enter

The following information is displayed:

Next, an IP address is setup. The IP address is defined on the default VLAN (VLAN 1). This is the IP address you use to access the Telnet, Web interface, or SNMP interface for the switch.

To set up an IP address: Please enter the IP address of the device

(A.B.C.D): Please enter the IP subnet mask (A.B.C.D or nn):

Enter the management IP address and IP subnet mask, for example

192.168.2.100 as the IP address and 255.255.255.0 as the IP subnet mask.

Press

Enter

The following information is displayed:

Finally, set up the default gateway. Please enter the IP address of the gateway from

which this network is reachable (e.g. 192.168.2.1).Default gateway (A.B.C.D):[0.0.0.0]

Dell PowerConnect 55xx Systems User Guide 61

Enter the default gateway.

Press

Enter

. The following is displayed (example):

This is the configuration information that has been collected:

SNMP Interface = "Dell Network Manager"@192.168.2.10

User Account setup = admin Password = ********** Management IP address = 192.168.2.100

255.255.255.0 Default Gateway = 192.168.2.1

The following information is displayed:

If the information is correct, please select (Y) to save the configuration and copy to the start-up configuration file. If the information is incorrect, select (N) to discard configuration and restart the wizard: [Y/N]

Enter [N] to restart the wizard or enter [Y] to complete the Setup Wizard.

If you enter [Y] the following is displayed:

Configuring SNMP management interface.

Configuring user account.......

Configuring IP and subnet......

Thank you for using Dell Easy Setup Wizard. You will now enter CLI mode.

The CLI prompt is displayed. You have finished the initial configuration.

After the initial configuration is complete, you can manage the switch from the connected console port using the CLI or remotely through the management interface, using Telnet or the Web GUI. See the

PowerConnect 5500 Series User Guide

62 Dell PowerConnect 55xx Systems User Guide

found on the Documentation CD.

Dell

Advanced Switch Configuration

This section describes how to perform various configuration operations through the CLI.

It includes the following topics:

•Using the CLI

• Accessing the Device Through the CLI

• Retrieving an IP Address

• Security Management and Password Configuration

• Configuring Login Banners

• Startup Menu Procedures

• Software Download

Dell PowerConnect 55xx Systems User Guide 63

Using the CLI

This section provides some general information for using the CLI.

For a complete description of CLI commands, refer to the Dell PowerConnect 55xx Systems

Command Mode Overview

The CLI is divided into command modes, each with a specific command set. Entering a question mark at the terminal prompt displays a list of commands available for that particular command mode.

In each mode, a specific command is used to navigate from one mode to another.

These modes are described below.

User EXEC Mode

During CLI session initialization, the CLI is in User EXEC mode. Only a limited subset of commands is available in User EXEC mode. This level is reserved for tasks that do not change the terminal configuration and is used to access configuration sub-systems.

After logging into the device, User EXEC command mode is enabled. The user-level prompt consists of the host name followed by the angle bracket (>). For example:

NOTE: The default host name is console unless it has been modified during

initial configuration.

The User EXEC commands enable connecting to remote devices, changing terminal settings on a temporary basis, performing basic tests, and listing system information.

To list the User EXEC commands, enter a question mark at the command prompt.

To enter the next level, Privileged EXEC mode, a password is required (if configured).

console>

CLI Reference Guide

Privileged EXEC Mode

Privileged EXEC mode provides access to the device global configuration.

64 Dell PowerConnect 55xx Systems User Guide

Privileged access can be protected, to prevent unauthorized access and to secure operating parameters. Passwords are displayed on the screen, and are case-sensitive.

NOTE: The enable command is only necessary if you login with privilege level less

than 15.

To access and list the Privileged EXEC mode commands:

At the prompt type

When a password prompt displays, enter the password and press

<Enter>

enable and press

<Enter>

The Privileged EXEC mode prompt displays as the device host name followed by #. For example:

console#

To list the Privileged EXEC commands, type a question mark at the command prompt.

To return from Privileged EXEC mode to User EXEC mode, type and press

<Enter>

disable

The following example illustrates accessing privileged EXEC mode and then returning to the User EXEC mode:

console> enable Enter Password: ****** console# console# disable console>

Use the exit command to return to a previous mode.

To configure the device, enter the next level, Global Configuration mode.

Global Configuration Mode

The

Global Configuration mode manages device configuration on a global level. Global Configuration commands apply to system features, rather than a specific protocol or interface.

Dell PowerConnect 55xx Systems User Guide 65

To access Global Configuration mode, at the Privileged EXEC Mode prompt, type configure and press <Enter>. The Global Configuration mode displays as the device host name followed by (config) and the pound sign #.

console# configure console(configure)#

To list the Global Configuration commands, enter a question mark at the command prompt.

The following example illustrates how to access Global Configuration mode and return back to the Privileged EXEC mode:

console# console# configure console(config)# exit console#

Interface Configuration Mode

The Interface Configuration mode configures the device at the physical interface level (port, VLAN, or LAG). Interface commands that require subcommands have another level, called the Subinterface Configuration mode. A password is not required to access this level.

The following example, places the CLI in Interface Configuration mode on port 1/0/1. The sntp command is then applied to that port.

console# configure console(config)# interface gi1/0/1 console(config-if)# sntp client enable

To run a command in a mode, which does not contain it, use do before the command, as in the following example:

console# configure console(config)# interface gi1/0/1 console(config-if)# sntp client enable console(config-if)# do show sntp configuration

66 Dell PowerConnect 55xx Systems User Guide

Accessing the Device Through the CLI

You can manage the device using CLI commands, over a direct connection to the terminal console, or via a Telnet connection.

Direct Connection

Connect the device to the console and enter the CLI commands upon receiving a prompt.

Telnet Connection

Telnet is a terminal emulation TCP/IP protocol. RS-232 terminals can be virtually connected to the local device through a TCP/IP protocol network. Telnet is an alternative to a local login terminal, where a remote login is required.

The device supports up to four simultaneous Telnet sessions. All CLI commands can be used over a Telnet session.

If access is via a Telnet connection, ensure that the device has an IP address and that software has been downloaded to the device.

To start a Telnet session:

Select

Start > Run

The

Run

window opens.

Ty p e

cmd.

The

cmd

window opens.

In the

cmd

window, type

The Telnet session begins.

Telnet <IP address> <Enter>

Dell PowerConnect 55xx Systems User Guide 67

Retrieving an IP Address

Receiving an IP Address from a DHCP Server

When using the DHCP protocol to retrieve an IP address, the device acts as a DHCP client. When the device is reset, the DHCP command is saved in the configuration file, but the IP address is not.

To retrieve an IP address from a DHCP server, perform the following steps:

Select and connect any port to a DHCP server or to a subnet that has a DHCP server on it.

Type the following commands to use the selected port for receiving the IP address.

Assigning dynamic IP Addresses on a port:

console# configure console(config)# interface gi1/0/1 console(config-if)# ip address dhcp

Assigning a dynamic IP Addresses on a VLAN:

console# configure console(config)# interface vlan 1 console(config-if)# ip address dhcp

The interface receives the IP address automatically.

68 Dell PowerConnect 55xx Systems User Guide

To verify the IP address, type

show ip interface

at the system prompt, as

shown in the following example.

console# show ip interface

IP Address I/F Type Directed Precedence Status

Broadcast

----------------- --------- -------- -------- -------- -----

0.0.0.0/32 gi2/0/1 DHCP disable No Valid

10.5.234.232/24 vlan 1 Static disable No Valid

When configuring/receiving IP addresses through DHCP and BOOTP (an older version of DHCP), the configuration received from these servers includes the IP address and may include the subnet mask and default gateway.

NOTE: It is not necessary to delete the device configuration to retrieve an IP

address from the DHCP server.

NOTE: When copying configuration files, avoid using a configuration file that

contains an instruction to enable DHCP on an interface that connects to the same DHCP server, or to one with an identical configuration. In this instance, the device retrieves the new configuration file and boots from it. The device then enables DHCP, as instructed in the new configuration file, and the DHCP instructs it to reload the same file.

NOTE: If you configure a DHCP IP address, this address is dynamically retrieved,

and the ip address dhcp command is saved in the configuration file. In the event of master failure, the backup will again attempt to retrieve a DHCP address. This could result in one of the following:

• The same IP address may be assigned.

• A different IP address may be assigned, which could result in loss of

connectivity to the management station.

• The DHCP server may be down, which would result in IP address retrieval

failure, and possible loss of connectivity to the management station.

Receiving an IP Address From a BOOTP Server

The standard BOOTP protocol is supported and enables the device to automatically download its IP host configuration from any standard BOOTP server in the network. In this case, the device acts as a BOOTP client.

Dell PowerConnect 55xx Systems User Guide 69

To retrieve an IP address from a BOOTP server:

Select and connect any port to a BOOTP server or subnet containing such a server.

At the system prompt, enter the

delete startup configuration

command to

delete the Startup Configuration from flash.

The device reboots with no configuration and in 60 seconds starts sending BOOTP requests. The device receives the IP address automatically.

NOTE: When the device reboot begins, any input at the ASCII terminal or keyboard

automatically cancels the BOOTP process before completion and the device does not receive an IP address from the BOOTP server.

The following example illustrates the process:

console> enable console# delete startup-config Startup file was deleted console# reload You haven’t saved your changes. Are you sure you want to

continue (Y/N) [N]? This command will reset the whole system and disconnect

your current session. Do you want to continue (Y/N) [N]? ************************************************ /* the device reboots */

To display the IP address, enter the show ip interface command.

The device is now configured with an IP address.

70 Dell PowerConnect 55xx Systems User Guide

Security Management and Password Configuration

System security is handled through the Authentication, Authorization, and Accounting (AAA) mechanism that manages user access rights, privileges, and management methods. AAA uses both local and remote user databases. Data encryption is handled through the SSH mechanism.

Passwords can be configured for the following services:

•Terminal

•Telnet

•SSH

•HTTP

•HTTPS

NOTE: When creating a user name, the default priority is 1, which provides access

but not configuration rights. A priority of 15 must be set to enable access and configuration rights to the device. Although user names can be assigned privilege level 15 without a password, it is recommended to always assign a password. If there is no specified password, privileged users can access the Web interface with any password.

NOTE: Passwords can be secured by using password management commands to

force aging out of passwords, or expiration of passwords. For more information, see "Management Security" on page 254.

Initial Configuration and Password Recovery

The system is delivered without a default password, and all passwords must be defined by the user. If a user-defined password is lost, a password recovery procedure can be invoked from the Startup menu. This procedure is applicable for the local terminal only and enables a single access to the device from the local terminal with no password entered.

The full mode of password recovery mechanism can be enabled/disabled through the CLI (service password-recovery command).

This affects password recovery in the following way:

•

Enabled:

access to the device without a password is enabled and all configuration and user files are retained.

When the password-recovery mechanism is invoked, one-time

Dell PowerConnect 55xx Systems User Guide 71

•

Disabled:

When the password-recovery mechanism is invoked, one-time access to the device without a password is stilled enabled, however all configuration files (startup and backups) are removed and the following log message is generated to the terminal after boot process completed: “All configuration and user files were removed”

Configuring an Initial Terminal Password

To configure an initial terminal password, enter the following commands:

console(config)# aaa authentication login default line console(config)# aaa authentication enable default line console(config)# line console console(config-line)# login authentication default console(config-line)# enable authentication default console(config-line)# password george

Configuring an Initial Telnet Password

To configure an initial Telnet password, enter the following commands:

console(config)# aaa authentication login default line console(config)# aaa authentication enable default line console(config)# line telnet console(config-line)# login authentication default console(config-line)# enable authentication default console(config-line)# password bob

72 Dell PowerConnect 55xx Systems User Guide

Configuring an Initial SSH Password

To configure an initial SSH password, enter the following commands:

console(config)# aaa authentication login default line console(config)# aaa authentication enable default line console(config)# line ssh console(config-line)# login authentication default console(config-line)# enable authentication default console(config-line)# password jones

Configuring an Initial HTTP Password

To configure an initial HTTP password, enter the following commands:

console(config)# ip http authentication aaa loginauthentication local

console(config)# username admin password user1 privilege 15

Configuring an Initial HTTPS Password

To configure an initial HTTPS password, enter the following commands:

console(config)# ip http authentication aaa loginauthentication local

console(config)# username admin password user1 privilege 15

Enter the following commands once when configuring use of a terminal, a Telnet, or an SSH session, for an HTTPS session.

NOTE: In the Web browser, enable SSL 2.0 or greater for the page content to be

displayed.

console(config)# crypto certificate 1 generate keygenerate

console(config)# ip http secure-server

NOTE: HTTP and HTTPS services require privilege level 15 access and connect

directly to the configuration level access.

Dell PowerConnect 55xx Systems User Guide 73

Configuring Login Banners

Banners can be defined for each line, such as console and telnet) or for all lines. They are disabled by default.

The following types of banners can be defined:

•

Message-of-the-Day Banner (motd)

to the device, before login. The following defines a message-of-the-day for the console:

console# configure console(config)# line console console(config-line)# motd-banner console(config-line)# exit console (config)# banner motd * Welcome* console# do show banner motd Welcome Would you like to enable this banner to all lines?

(Y/N)[Y] Y console(config)#

— Displayed when the user connects

74 Dell PowerConnect 55xx Systems User Guide

•

before the user has logged in. The following defines a login banner for the console:

console# configure console(config)# line console console(config-line)# login-banner console(config-line)# exit console (config)# banner login * Please log in* console# do show banner login Would you like to enable this banner to all lines?

(Y/N)[Y] Y Please log in

Exec Banner — Displayed after successful login (in all privileged levels

• and in all authentication methods). The following defines an exec banner for the console:

console# configure console(config)# line console console(config-line)# exec-banner console(config-line)# exit console (config)# banner exec * Successfully logged in* Would you like to enable this banner to all lines?

(Y/N)[Y] Y console# do show banner exec Successfully logged in

Dell PowerConnect 55xx Systems User Guide 75

Startup Menu Procedures

The Startup menu enables performing various tasks, such as software download, flash handling and password recovery.

You can enter the Startup menu when booting the device. User input must be entered immediately after the POST test.

To enter the Startup menu:

• Turn the power on. After the auto-boot messages appear, the following menu is displayed:

Startup Menu [1]Download Software [2]Erase Flash File [3]Password Recovery Procedure [4]Set Terminal Baud-Rate [5]Stack menu [6]Back

The following sections describe the available Startup menu options.

NOTE: When selecting an option from the Startup menu, take time-out into

account. If no selection is made within 10 seconds (default), the device times out. This default value can be changed through the CLI.

Download Software - Option[1]

The software download procedure is used to replace corrupted files or upgrade system software, when the device does not have IP connectivity or when both software images of the device are corrupted and therefore you cannot use the web-based management system.

NOTE: it is highly recommended that, before loading via xmodem, the baud rate of

the device and terminal be set to 115200.

76 Dell PowerConnect 55xx Systems User Guide

To download software through the Startup menu:

From the Startup menu,

Downloading code using XMODEM !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

When using the HyperTerminal, click Menu Bar and select

In the

Filename

Ensure that the Xmodem protocol is selected in the

Press

Send

NOTE: After software download, the device reboots automatically.

field, enter the file path for the file to be downloaded.

. The software is downloaded.

press [1]

Send File

. The following prompt is displayed:

Tr an sf e r

on the HyperTerminal

Protocol

field.

Erase FLASH File - Option[2]

In some cases, the device Startup Configuration file must be erased. If the configuration is erased, all parameters configured via CLI, web-management or SNMP must be reconfigured.

To erase the device configuration in the Startup Configuration file:

From the Startup menu, displayed:

Warning! About to erase a Flash file. Are you sure (Y/N)?

Press Y. The following message is displayed.

Write Flash file name (Up to 8 characters, Enter for none.):

Enter

config

("config" is the standard name for the Startup configuration

file although you can use any name).

The following is displayed:

select [2]

. The following message is

File config (if present) will be erased after system initialization

======== Press Enter To Continue ========

Dell PowerConnect 55xx Systems User Guide 77

The configuration is erased when the system is reset.

Password Recovery - Option[3]

If a password is lost, the Password Recovery procedure can be called from the Startup menu. The procedure enables entry to the device a single time without entering a password.

To recover a lost password when entering the local terminal only:

From the

Continue the regular startup by logging in without a password.

Enter a new password or press 'ESC' to exit.

NOTE: To ensure device security, reconfigure passwords for applicable

management methods.

Startup

menu, select

[3]

Set Terminal Baud-Rate - Option[4]

To set the terminal baud-rate:

Ty p e

[4]

and press

2 Enter the new baud rate. The following is displayed:

Set new device baud-rate: 38,400

Note that after this step, your terminal will no longer respond. Adjust your terminal speed to the configured one.

<Enter>

Stack Menu - Option[5]

To configure the stack, type [5] and press <Enter>.

For more information, see "Assigning Unit IDs" on page 48.

78 Dell PowerConnect 55xx Systems User Guide

Software Download

This section contains instructions for downloading device software (system and boot images) through a TFTP server or USB port. The TFTP server must be configured before downloading the software.

Software Auto Synch in Stack

When several units are stacked, they must all run the same software version. When a new slave device is inserted into the stack, it is first checked for compatibility (meaning that the master can run firmware upgrade/downgrade to the slave unit), and if found compatible, its boot and image software versions are automatically updated with the Master’s. If the slave is found not compatible, it is shutdown.

A SYSLOG message is sent when a master synchronizes a slave's software.

System Image Download

When the device boots, it decompresses the system image from the flash memory area and runs it. When a new image is downloaded, it is saved in the other area allocated for the other system image copy.

On the next boot, the device decompresses and runs the image from the currently active system image.

A system image can be downloaded through a USB port or a TFTP server.

To download the system image from a TFTP server, ensure that an IP address is configured on one of the device ports and pings can be sent to the TFTP server. In addition, ensure that the file to be downloaded is saved on the TFTP server.

To download a system image through the USB port or TFTP server:

Enter the currently running on the device. The following is an example of the information that appears:

Unit SW version Boot version HW version

------ ------------------- ------------------- -------2 1.0.0.24 1.0.0.11

show version

command, to verify which software version is

console#

Dell PowerConnect 55xx Systems User Guide 79

Enter the

show bootvar

command, to verify which system image is currently active. The following is an example of the information that is displayed:

console# show bootvar Unit Image Filename Version Date Status

---- ----- --------- --------- --------------------- --------2 1 image-1 1.0.0.13 04-Aug-2010 08:27:30 Active* 2 2 image-2 1.0.0.12 29-Jul-2010 17:02:26 Not active console#

Enter the one of the following commands to copy a new system image to the current unit:

–

copy {tftp://|usb://}{tftp address}/{file name} image (current unit)

To copy a new system image to all units in the stack:

–

copy tftp://{tftp address}/{file name} unit://*/image

When the new image is downloaded, it is saved in the area allocated for the other copy of system image (image-2, as shown in the example). The following is an example of the information that appears:

console# copy tftp://176.215.31.3/file1.ros image Accessing file ‘file1’ on 176.215.31.3Ö Loading file1 from 176.215.31.3: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Copy took 00:01:11 [hh:mm:ss]

Exclamation symbols indicate that a copying process is in progress. Each symbol (!) corresponds to 512 bytes transferred successfully. A period indicates that the copying process is timed out. Many periods in a row indicate that the copying process failed.

80 Dell PowerConnect 55xx Systems User Guide

Select the image for the next boot by entering the After this command, enter the copy indicated as a parameter in the

show bootvar

boot system

command.

command to verify that the

command is selected for

the next boot.

The following is an example of the information that appears:

console# boot system image-2 console# show bootvar Images currently available on the Flash Image-1 active Image-2 not active (selected for next boot)

If the image for the next boot is not selected by entering the boot system command, the system boots from the currently active image.

Enter the reload command. The following message is displayed:

console# reload This command will reset the whole system and

disconnect your current session. Do you want to continue (y/n) [n]?

Enter Y. The device reboots.

Boot Image Download

Loading a new boot image from the TFTP server or USB port, updates the boot image. The boot image is loaded when the device is powered on. A user has no control over the boot image copies.

To download a boot image through the TFTP server:

Dell PowerConnect 55xx Systems User Guide 81

Enter the

show version

command to verify which software version is currently running on the device. The following is an example of the information that appears:

console# show version Unit SW version Boot version HW version

----- -------------- ----------------- ---------2 1.0.0.24 1.0.0.11 console#

Enter the

name} boot

copy {tftp://|usb://}{tftp address}/{file

command to copy the boot image to the device. The

following is an example of the information that appears:

console# copy tftp://50.1.1.7/contax-10014.ros image 01-Oct-2006 11:57:35 %COPY-I-FILECPY: Files Copy - source URL

tftp://50.1.1.7/contax-10014.ros destination URL flash://image !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 01-Sep-2010 11:57:38 %INIT-I-Startup: Cold Startup !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 01-Sep-2010 11:59:05 %COPY-N-: The copy operation was completed

successfully! Copy: 5954757 bytes copied in 00:01:30 [hh:mm:ss]

Enter the reload command. The following message is displayed:

console# reload This command will reset the whole system and

disconnect your current session. Do you want to continue (Y/N) [N]?

Enter Y. The device reboots.

82 Dell PowerConnect 55xx Systems User Guide

Using Dell OpenManage Administrator

This section provides an introduction to the Dell OpenManage Switch Administrator user interface.

It contains the following topics:

• Starting the Application

• Understanding the Interface

• Using the Switch Administrator Buttons

• Field Definitions

• Common GUI Features

• CLI Commands

Dell PowerConnect 55xx Systems User Guide 83

Starting the Application

NOTE: Before starting the application the IP address must be defined. For more

information, see "Accessing the Device Through the CLI" on page 67.

Open a web browser.

Enter the device’s IP address in the address bar and press

When the

NOTE: Passwords are both case sensitive and alpha-numeric.

Click OK.

The

window displays, enter a user name and password.

Dell OpenManage Switch Administrator

home page displays.

<Enter>

Understanding the Interface

The home page contains the following views:

•

Tree view

provides an expandable view of the features and their components. The branches in the tree view can be expanded to view all the components under a specific feature, or retracted to hide the feature's components. By dragging the vertical bar to the right, the tree area can be expanded to display the full name of a component.

Device View

• view provides information about device ports, current configuration and status, table information, and feature components. For further information, see "Device Representation" on page 85

Components List

• contains a list of the feature components. When a feature is expanded, the GUI page for that feature is displayed.

•

Information Buttons

access to information about the device and access to Dell Support. For more information, see "Information Buttons" on page 87.

— Located on the left side of the home page, the tree view

— Located in on the top center of the home page, the device

— Located in the bottom center of the home page,

— Located at the top of the home page, provide

84 Dell PowerConnect 55xx Systems User Guide

Device Representation

Stacking Unit ID

Giga Ports (odd numbered)

Giga Ports (even numbered)

The home page contains a graphical representation of the units in the stack’s front panels. Figure 9-1 displays the 5548 model, but the display for the other models are similar.

Figure 7-1. PowerConnect Device Port Indicators

The graphic display on the home page displays the Unit ID and port indicators that specify whether a specific port is currently active. Table 9-1 describes the port colors that are displayed and their meaning:

Table 7-1. Port Colors

Component Description

Amber The port is currently connected at 100 Mbps.

Green The port is currently connected at 1000 Mbps

Grey The port is currently disconnected

NOTE: For more information about LEDs, see "LED Definitions" on page 38.

To configure a port double-click on its icon.

Only ports that are physically present are displayed in the PowerConnect OpenManage Switch Administrator home page, and can be configured through the web management system. Non-present ports can be configured through the CLI or SNMP interfaces.

Port Representation

Ports are referred to in the notation: [gi/te]x/0/z, where:

Dell PowerConnect 55xx Systems User Guide 85

• gi—Giga port

• te —Ten Giga port

•x — Unit ID

•z — Port number

86 Dell PowerConnect 55xx Systems User Guide

Using the Switch Administrator Buttons

This section describes the buttons found on the OpenManage Switch Administrator interface.

Information Buttons

Table 9-2 describes the information buttons that provide access to online support and online help, as well as information about the OpenManage Switch Administrator interfaces. These are displayed at the top of each page.

Table 7-2. Information Buttons

Button Description

Support Opens the Dell Support page at support.dell.com

About Contains the version and build number and Dell copyright

information.

Logout Opens the Log Out window.

Device Management Icons

Table 9-3 describes the device management buttons.

Table 7-3. Device Management Icons

Button Icon Description

Apply&Save Saves changes to the Running and Startup Configuration

files.

Help Open online help. The online help pages are

context-sensitive. For example, if the IP Addressing page is open, the help topic for that page is displayed when Help is clicked.

Print Prints the Network Management System page and/or table

information.

Dell PowerConnect 55xx Systems User Guide 87

Table 7-3. Device Management Icons (Continued)

Refresh Refreshes device information from the Running

Configuration file.

88 Dell PowerConnect 55xx Systems User Guide

Field Definitions

Fields that are user-defined can contain between 1–159 characters, unless otherwise noted on the OpenManage Switch Administrator web page. All letters or characters can be used, except the following: "\ / : * ? < >"

Common GUI Features

Table 9-4 describes the common functions that can be performed on many GUI pages.

Table 7-4. Common GUI Elements

Button Description

Apply Save changes entered in GUI page to the Running

Configuration file.

Back Go to previous page.

Cancel Cancel changes entered in GUI page.

Clear All Counters Delete counters.

Clear Counters Delete selected counters.

Clear Log Delete entries from log.

Clear Statistics Delete statistics.

Copy parameters from

Copy parameters from port

Details Shows further details relevant to the current page.

Next Go to next page.

Query Run a query after query criteria have been entered.

Remove Remove checked elements in the page. If Select All is

Reset All Counters Delete all counters.

Restore Defaults Restores parameters entered in page to default values.

Copy the parameters from a selected row to the selected target rows.

Copy the parameters from a selected port to the selected target ports.

selected, all elements are removed.

Dell PowerConnect 55xx Systems User Guide 89

Table 7-4. Common GUI Elements (Continued)

Button Description

Te ln e t Opens a Telnet window. This only works in the Explorer 6 and

Firefox browsers.

GUI Terms

Each GUI page in the tree view is described in the following sections. A brief introduction is provided along with steps specifying how to enter information in the page. The following terms are used:

•

Enter

— Indicates that information may be entered in the field. It does

not imply that the field is mandatory.

•

Select

—Indicates that information may be selected from a drop-down list

or from radio buttons.

•

Displays

—Indicates that the field is display only.

CLI Commands

There are certain command entry conventions that apply to all commands. The following table describes these conventions.

Table 7-5. Common GUI Elements

Button Description

[ ] In a command line, square brackets indicate an optional

entry..

{ } In a command line, curly brackets indicate a selection of

compulsory parameters separated by the | character. One option must be selected. For example: flowcontrol {auto|on|off} means that for the flowcontrol command either auto, on, or off must be selected.

Italic Font

Bold Italic Font

<button-name> Any individual key on the keyboard. For example click

Indicates a parameter value.

Indicates a parameter key word.

<Enter>.

90 Dell PowerConnect 55xx Systems User Guide

Button Description

Ctrl+F4 Any combination of keys clicked simultaneously, for example:

Ctrl and F4.

Screen Display Indicates system messages and prompts appearing on the

console.

all

When a parameter is required to define a range of ports or parameters and all is an option, the default for the command is all when no parameters are defined. For example, the command interface range port-channel has the option of either entering a range of channels, or selecting all. When the command is entered without a parameter, it automatically defaults to all.

Dell PowerConnect 55xx Systems User Guide 91

Network Security

This section describes the various mechanisms for providing security on the switch.

It contains the following topics:

• Port Security

•ACLs

•ACL Binding

• Proprietary Protocol Filtering

•Absolute Time Range

• Time Range Recurrence

• Dot1x Authentication

92 Dell PowerConnect 55xx Systems User Guide

Port Security

Network security can be enhanced by limiting access on a port to users with specific MAC addresses. The MAC addresses can be dynamically learned, or they can be statically configured.

Port security has the following modes:

•

Classic Lock

packets that are received on specific ports. Access to the locked port is limited to users with specific MAC addresses. These addresses are either manually defined on the port, or learned on that port before it was locked.

Limited Dynamic Lock

• and the packet’s source MAC address is not tied to that port (either it was learned on a different port, or it is unknown to the system), a protection mechanism, which provides various options is invoked. Unauthorized packets arriving to a locked port are either:

–Forwarded

– Discarded with no trap

– Discarded with a trap

– The port is shutdown

Locked port security enables storing a list of MAC addresses in the configuration file. The MAC addresses are restored when the device is reset.

Disabled ports can be activated from the Port Configuration page.

— Locked port security monitors both received and learned

— When a packet is received on a locked port,

Dell PowerConnect 55xx Systems User Guide 93

To configure port security:

Click

Switching

Security: Summary

Figure 8-1. Port Security: Summary

Network Security > Port Security

page.

to display the

Security parameters are displayed for all ports or LAGs, depending on the selected interface type.

Port

To modify the security parameters for a port, select it, and click

Enter the following fields:

–

Interface

–

Current Port Status

–

Set Port

–

Learning Mode

is enabled only if

— Select the interface to be configured.

— Displays the current port status.

— Select to either lock or unlock the port.

— Set the locked port type. The

Locked

is selected in the

Set Port

options are:

•

Classic Lock

— Locks the port using the classic lock mechanism. The port is immediately locked, regardless of the number of addresses that have already been learned.

94 Dell PowerConnect 55xx Systems User Guide

Edit

Learning Mode

field. The possible

field

•

Limited Dynamic Lock

— Locks the port by deleting the dynamic MAC addresses associated with the port. The port learns up to the maximum addresses allowed on the port. Both relearning and aging MAC addresses are enabled.

Max Entries (0-128)

–

addresses that can be learned on the port. The enabled only if

Limited Dynamic Lock

–

Action on Violation

— Enter the maximum number of MAC

Max Entries

Locked

is selected in the

Set Port

mode is selected in

field, and the

Learning Mode

— Select the action to be applied to packets

field is

field.

arriving on a locked port. The possible options are:

•

Discard

Forward

— Discard the packets from any unlearned source.

— Forward the packets from an unknown source,

without learning the MAC address.

•

Shutdown

— Discard the packet from any unlearned source, and shut down the port. Ports remain shutdown until they are reactivated, or the device is reset.

–

Tr ap

— Enable/disable traps being sent when a packet is received on a

locked port.

–

Trap Frequency (1-1000000)

— Enter the amount of time (in

seconds) between traps.

Configuring Port Security Using CLI Commands

The following table summarizes the CLI commands for configuring port security.

Table 8-1. Port Security CLI Commands

CLI Command Description

set interface active

{[gigabitethernet|tengigabitethern et] interface|port-channel LAG-

number}

Dell PowerConnect 55xx Systems User Guide 95

Reactivates an interface that is shutdown due to port security reasons.

Table 8-1. Port Security CLI Commands (Continued)

CLI Command Description

port security max {max-addr} no port security max

port security mode {lock | maxaddresses }

no port security mode

port security [forward | discard | discard-shutdown] [trap seconds]

no port security

port security

[forward|discard|discard-shutdown] [trap seconds]

no port security show ports security

[[gigabitethernet|tengigabitethern et] port-number ]|port-channel

LAG-number]

Specifies the maximum number of MAC addresses that can be learned on the port.

Use the no form of this command to restore the default

Configures the port security learning mode.

Use the no form of this command to restore the default configuration.

Enables port security on an interface.

Use the no form of this command to disable port security on an interface.

Configures port security on an interface.

Use the no form of this command to disable port security.

Displays lock status of specified interface or of all interfaces.

96 Dell PowerConnect 55xx Systems User Guide

The following is an example of the CLI commands:

console # show ports security Port Status Learning Action Maximum Trap Frequency

------- -------- -------- -------- ------- ---- --------gi1/0/1 Disabled Max-Addresses - 10 - gi1/0/2 Disabled Lock - 1 - gi1/0/3 Disabled Lock - 1 - gi1/0/4 Disabled Lock - 1 - gi1/0/5 Disabled Lock - 1 - gi1/0/6 Disabled Lock - 1 - gi1/0/7 Disabled Lock - 1 - gi1/0/8 Disabled Lock - 1 - gi1/0/9 Disabled Lock - 1 - gi1/0/10Disabled Lock - 1 - gi1/0/11Disabled Lock - 1 - gi1/0/12Disabled Lock - 1 - -

Dell PowerConnect 55xx Systems User Guide 97

ACLs

This section describes Access Control Lists (ACLs), which enable defining classification actions and rules for specific ingress or egress ports.

It contains the following topics:

• ACL Overview

• MAC-Based ACLs

• MAC-Based ACEs

•IPv4-Based ACLs

•IPv4-Based ACEs

•IPv6-Based ACLs

•IPv6-Based ACEs

ACL Overview

Access Control Lists (ACLs) enable network managers to define classification actions and rules for specific ingress or egress ports. Packets entering an ingress or egress port, with an active ACL, are either admitted or denied entry. If entry is denied, the ingress or egress port may be disabled, for example, a network administrator defines an ACL rule that states that port number 20 can receive TCP packets, however, if a UDP packet is received, the packet is dropped.

ACLs are composed of Access Control Entries (ACEs) that are rules that determine traffic classifications. Each ACE is a single rule, and up to 256 rules may be defined on each ACL, and up to 3000 rules globally.

Rules are not only used for user configuration purposes, they are also used for features like DHCP Snooping, Protocol Group VLAN and iSCSI, so that not all 3000 rules are available for ACEs. It is expected that there will be at least 2000 rules available. If there are fewer rules available, this may be due to DHCP Snooping or iSCSI optimization. Reduce the number of entries in DHCP Snooping or reduce the max number of TCP connections in the iSCSI configuration in order to free rules for ACEs.

The following types of ACLs can be defined:

•

MAC-based ACL

•

IPv4-based ACL

— Examines Layer 2 fields only

—Examines the Layer 3 layer of IPv4 frames

98 Dell PowerConnect 55xx Systems User Guide

•

IPv6-based ACL

—Examines the Layer 3 layer of IPv6 frames

MAC-Based ACLs

To define a MAC-based ACL:

Click

Switching

MAC Based ACL: Summary

Figure 8-2. MAC Based ACL: Summary

Network Security > MAC Based ACL

to display the

page.

The currently-defined MAC-based ACLs are displayed.

To add a new ACL, click

Add ACL

Dell PowerConnect 55xx Systems User Guide 99

, and enter the name of the new ACL.

Configuring MAC-Based ACLs Using CLI Commands

The following table summarizes the CLI commands for configuring

MAC-based ACLs.

Table 8-2. MAC Based ACL CLI Commands

CLI Command Description

mac access-list extended aclname

no mac access-list extended aclname

show interfaces access-lists Displays access lists applied on

Defines an ACL and places the device in MAC-extended ACL configuration mode.

Use the no form of this command to remove the ACL.

interfaces.

The following is an example of some of the CLI commands:

console# show access-lists Extended IP access list ACL1 permit 234 172.30.40.1 0.0.0.0 any permit 234 172.30.8.8 0.0.0.0 any

100 Dell PowerConnect 55xx Systems User Guide

Dell PowerConnect 5548p User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

System User Guide

Table of Contents

Preface

Features

IP Version 6 (IPv6) Support

Stack Support

Power over Ethernet

Green Ethernet

Head of Line Blocking Prevention

Flow Control Support (IEEE 802.3X)

Back Pressure Support

Virtual Cable Testing (VCT)

Auto-Negotiation

MDI/MDIX Support

MAC Address Supported Features

MAC Address Capacity Support

Static MAC Entries

Self-Learning MAC Addresses

Automatic Aging for MAC Addresses

VLAN-Aware MAC-Based Switching

MAC Multicast Support

Layer 2 Features

IGMP Snooping

Port Mirroring

Broadcast Storm Control

VLAN Supported Features

VLAN Support

Port-Based Virtual LANs (VLANs)

Full 802.1Q VLAN Tagging Compliance

GVRP Support

Voice VLAN

Guest VLAN

Private VLAN

Multicast TV VLAN

Spanning Tree Protocol Features

Spanning Tree Protocol (STP)

Fast Link

IEEE 802.1w Rapid Spanning Tree

IEEE 802.1s Multiple Spanning Tree

STP BPDU Guard

Link Aggregation

Link Aggregation and LACP

BootP and DHCP Clients

Quality of Service Features

Class of Service 802.1p Support

Advanced QoS

TCP Congestion Avoidance

Device Management Features

SNMP Alarms and Trap Logs

SNMP Versions 1, 2, and 3

Web-Based Management

Management IP Address Conflict Notification

Flow Monitoring (sflow)

Configuration File Download and Upload

Auto-Update of Configuration/Image File

TFTP Trivial File Transfer Protocol

USB File Transfer Protocol

Remote Monitoring

Command Line Interface

Syslog

SNTP

Domain Name System

802.1ab (LLDP-MED)

Security Features

Port-Based Authentication (Dot1x)

Locked Port Support

RADIUS Client

RADIUS Accounting

TACACS+

Password Management

Access Control Lists (ACL)

Dynamic ACL/Dynamic Policy Assignment (DACL/DPA)

DHCP Snooping

ARP Inspection

Port Profile (CLI Macro)

DHCP Server