Dell PowerConnect 5548p User Manual

Dell PowerConnect
5500 Series

System User Guide

Regulatory Models: PowerConnect 5524, 5524P, 5548, 5548P
Notes, Cautions, and Warnings
NOTE: A NOTE indicates important information that helps you
make better use of your system.
hardware or loss of data if instructions are not followed.
WARNING: A WARNING indicates a potential for property
damage, personal injury, or death.
____________________
Information in this document is subject to change without notice. © 2012 Dell Inc. All rights reserved.
Reproduction of these materials in any manner whatsoever without the written permission of Dell Inc. is strictly forbidden.
Trademarks used in this text: Dell™, the DELL logo, and PowerConn ect™ are trademarks of Dell Inc.; Intel®, Pentium®, and Celeron® are registered trademarks of Intel Corporation in the U.S. and other countries; Microsoft® and Windows® are either trademarks or registered trademarks of Microsoft Corporation in the United States and/or other countries.
Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products. Dell Inc. disclaims any proprietary interest in trademarks and trade names other than its own.
Regulatory Models PC5524, PC5524P, PC5548 and PC5548P
May 2012 A05
FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\Maintenance
Projects\Dell Contax\Dell_ContaxUG_PrintTOC.fm

Table of Contents

1 Preface . . . . . . . . . . . . . . . . . . . . . . . . . . 13
2 Features. . . . . . . . . . . . . . . . . . . . . . . . . . 14
IP Version 6 (IPv6) Support . . . . . . . . . . . . . . . 15
Stack Support
Power over Ethernet
. . . . . . . . . . . . . . . . . . . . . . 15
. . . . . . . . . . . . . . . . . . . 15
Green Ethernet . . . . . . . . . . . . . . . . . . . . . . 16
Head of Line Blocking Prevention
Flow Control Support (IEEE 802.3X)
. . . . . . . . . . . . 16
. . . . . . . . . . . 16
Back Pressure Support . . . . . . . . . . . . . . . . . 16
Virtual Cable Testing (VCT)
Auto-Negotiation
. . . . . . . . . . . . . . . . . . . . 17
. . . . . . . . . . . . . . . 17
MDI/MDIX Support. . . . . . . . . . . . . . . . . . . . 17
MAC Address Supported Features
Layer 2 Features
. . . . . . . . . . . . . . . . . . . . . 19
. . . . . . . . . . . 17
IGMP Snooping . . . . . . . . . . . . . . . . . . . . . 19
Port Mirroring
Broadcast Storm Control
. . . . . . . . . . . . . . . . . . . . . . 19
. . . . . . . . . . . . . . . . 19
VLAN Supported Features . . . . . . . . . . . . . . . . 20
Contents
3
FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\Maintenance
Projects\Dell Contax\Dell_ContaxUG_PrintTOC.fm
Spanning Tree Protocol Features . . . . . . . . . . . . 21
Link Aggregation
. . . . . . . . . . . . . . . . . . . . . 23
Quality of Service Features . . . . . . . . . . . . . . . 23
Device Management Features
Security Features
. . . . . . . . . . . . . . . . . . . . 28
. . . . . . . . . . . . . . 24
Port Profile (CLI Macro) . . . . . . . . . . . . . . . . . 30
DHCP Server
Protected Ports
. . . . . . . . . . . . . . . . . . . . . . . 31
. . . . . . . . . . . . . . . . . . . . . . 31
iSCSI Optimization . . . . . . . . . . . . . . . . . . . . 31
Proprietary Protocol Filtering
. . . . . . . . . . . . . . 31
3 Hardware Description . . . . . . . . . . . . . . 33
Device Models . . . . . . . . . . . . . . . . . . . . . . 34
Device Structure . . . . . . . . . . . . . . . . . . . . . 34
LED Definitions
. . . . . . . . . . . . . . . . . . . . . . 38
4 Stacking Overview. . . . . . . . . . . . . . . . . 43
4 Contents
Power Supplies
. . . . . . . . . . . . . . . . . . . . . 42
Stack Overview . . . . . . . . . . . . . . . . . . . . . 44
Stack Members and Unit IDs
. . . . . . . . . . . . . . 47
FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\Maintenance
Projects\Dell Contax\Dell_ContaxUG_PrintTOC.fm
5 Configuring the Switch . . . . . . . . . . . . . . 54
Configuration Work Flow . . . . . . . . . . . . . . . . 55
Connecting the Switch to the Terminal . . . . . . . . . 56
Booting the Switch
Configuring the Stack
. . . . . . . . . . . . . . . . . . . 57
. . . . . . . . . . . . . . . . . . 58
Configuration Using the Setup Wizard . . . . . . . . . 58
6 Advanced Switch Configuration . . . . . . . 63
Using the CLI . . . . . . . . . . . . . . . . . . . . . . . 64
Accessing the Device Through the CLI
. . . . . . . . . 67
Retrieving an IP Address . . . . . . . . . . . . . . . . 68
Security Management and Password Configuration
Configuring Login Banners
. . . . . . . . . . . . . . . 74
. . 71
Startup Menu Procedures . . . . . . . . . . . . . . . . 76
Software Download
. . . . . . . . . . . . . . . . . . . 79
7 Using Dell OpenManage Administrator. . 83
Starting the Application . . . . . . . . . . . . . . . . . 84
Understanding the Interface. . . . . . . . . . . . . . . 84
Using the Switch Administrator Buttons
Field Definitions
. . . . . . . . . . . . . . . . . . . . . 89
. . . . . . . . 87
Common GUI Features . . . . . . . . . . . . . . . . . . 89
Contents
5
FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\Maintenance
Projects\Dell Contax\Dell_ContaxUG_PrintTOC.fm
GUI Terms. . . . . . . . . . . . . . . . . . . . . . . . . 90
CLI Commands
. . . . . . . . . . . . . . . . . . . . . . 90
8 Network Security. . . . . . . . . . . . . . . . . . 92
Port Security . . . . . . . . . . . . . . . . . . . . . . . 93
. . . . . . . . . . . . . . . . . . . . . . . . . . . 98
ACLs
ACL Binding
. . . . . . . . . . . . . . . . . . . . . . 118
Proprietary Protocol Filtering . . . . . . . . . . . . . 120
Time Range
Dot1x Authentication
. . . . . . . . . . . . . . . . . . . . . . . 122
. . . . . . . . . . . . . . . . . . 127
9 Configuring System Information . . . . . . 150
General Switch Information . . . . . . . . . . . . . . 151
Time Synchronization
. . . . . . . . . . . . . . . . . . . . . . . . . . . 188
Logs
. . . . . . . . . . . . . . . . . 162
6 Contents
IP Addressing . . . . . . . . . . . . . . . . . . . . . 202
Diagnostics
Management Security
. . . . . . . . . . . . . . . . . . . . . . . 248
. . . . . . . . . . . . . . . . . 254
DHCP Server . . . . . . . . . . . . . . . . . . . . . . 290
. . . . . . . . . . . . . . . . . . . . . . . . . . 307
SNMP
File Management
. . . . . . . . . . . . . . . . . . . . 330
Stack Management . . . . . . . . . . . . . . . . . . 361
FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\Maintenance
Projects\Dell Contax\Dell_ContaxUG_PrintTOC.fm
sFlow . . . . . . . . . . . . . . . . . . . . . . . . . . 369
10 Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . 378
Overview . . . . . . . . . . . . . . . . . . . . . . . . . 379
Jumbo Frames . . . . . . . . . . . . . . . . . . . . . . 382
Green Ethernet Configuration
Protected Ports
. . . . . . . . . . . . . . . . . . . . . 388
. . . . . . . . . . . . . . 384
Port Profile . . . . . . . . . . . . . . . . . . . . . . . . 391
Port Configuration
LAG Configuration
. . . . . . . . . . . . . . . . . . . . 397
. . . . . . . . . . . . . . . . . . . . 403
Storm Control . . . . . . . . . . . . . . . . . . . . . . 408
Port Mirroring
. . . . . . . . . . . . . . . . . . . . . . 411
11 Address Tables . . . . . . . . . . . . . . . . . . . 416
Overview . . . . . . . . . . . . . . . . . . . . . . . . . 417
Static Addresses. . . . . . . . . . . . . . . . . . . . . 418
Dynamic Addresses
. . . . . . . . . . . . . . . . . . . 421
12 GARP . . . . . . . . . . . . . . . . . . . . . . . . . . . 424
GARP Overview . . . . . . . . . . . . . . . . . . . . . 425
GARP Timers . . . . . . . . . . . . . . . . . . . . . . . 426
Contents
7
FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\Maintenance
Projects\Dell Contax\Dell_ContaxUG_PrintTOC.fm
13 Spanning Tree . . . . . . . . . . . . . . . . . . . . 428
Spanning Tree Protocol Overview . . . . . . . . . . . 429
Global Settings. . . . . . . . . . . . . . . . . . . . . 431
STP Port Settings
STP LAG Settings
. . . . . . . . . . . . . . . . . . . . 436
. . . . . . . . . . . . . . . . . . . . 441
Rapid Spanning Tree . . . . . . . . . . . . . . . . . . 444
Multiple Spanning Tree
. . . . . . . . . . . . . . . . 448
14 VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . 459
Virtual LAN Overview . . . . . . . . . . . . . . . . . 460
VLAN Membership . . . . . . . . . . . . . . . . . . . 465
Port Settings
LAGs Settings
Protocol Groups . . . . . . . . . . . . . . . . . . . . 477
Protocol Port
GVRP Parameters
Private VLAN . . . . . . . . . . . . . . . . . . . . . . 487
. . . . . . . . . . . . . . . . . . . . . . 468
. . . . . . . . . . . . . . . . . . . . . 474
. . . . . . . . . . . . . . . . . . . . . . 481
. . . . . . . . . . . . . . . . . . . 483
15 Link Aggregation . . . . . . . . . . . . . . . . . . 500
8 Contents
Voice VLAN
. . . . . . . . . . . . . . . . . . . . . . . 491
Link Aggregation Overview . . . . . . . . . . . . . . 501
LACP Parameters. . . . . . . . . . . . . . . . . . . . 503
FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\Maintenance
Projects\Dell Contax\Dell_ContaxUG_PrintTOC.fm
LAG Membership . . . . . . . . . . . . . . . . . . . . 506
16 Multicast . . . . . . . . . . . . . . . . . . . . . . . . 508
Multicast Support Overview. . . . . . . . . . . . . . . 509
Global Parameters . . . . . . . . . . . . . . . . . . . . 511
Bridge Multicast Groups
Bridge Multicast Forward All
. . . . . . . . . . . . . . . . 513
. . . . . . . . . . . . . . 517
IGMP Snooping . . . . . . . . . . . . . . . . . . . . . 519
Unregistered Multicast
Multicast TV VLAN
. . . . . . . . . . . . . . . . . 525
. . . . . . . . . . . . . . . . . . . . 527
17 LLDP . . . . . . . . . . . . . . . . . . . . . . . . . . . 531
LLDP Overview. . . . . . . . . . . . . . . . . . . . . . 532
LLDP Properties
LLDP Port Settings
MED Network Policy . . . . . . . . . . . . . . . . . . 540
LLDP MED Port Settings
Neighbors Information
. . . . . . . . . . . . . . . . . . . . . 533
. . . . . . . . . . . . . . . . . . . . 537
. . . . . . . . . . . . . . . . . 543
. . . . . . . . . . . . . . . . . . 548
18 Dynamic ARP Inspection . . . . . . . . . . . . 551
Dynamic ARP Inspection Overview . . . . . . . . . . . 552
Global Settings
. . . . . . . . . . . . . . . . . . . . . . 553
Contents
9
FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\Maintenance
Projects\Dell Contax\Dell_ContaxUG_PrintTOC.fm
Dynamic ARP Inspection List . . . . . . . . . . . . . 555
Dynamic ARP Inspection Entries
. . . . . . . . . . . 557
VLAN Settings . . . . . . . . . . . . . . . . . . . . . 559
Trusted Interfaces
. . . . . . . . . . . . . . . . . . . 561
19 DHCP Snooping . . . . . . . . . . . . . . . . . . . 563
DHCP Snooping . . . . . . . . . . . . . . . . . . . . 564
DHCP Relay. . . . . . . . . . . . . . . . . . . . . . . 577
20 iSCSI Optimization . . . . . . . . . . . . . . . . . 584
Optimizing iSCSI Overview . . . . . . . . . . . . . . 585
Global Parameters
iSCSI Targets . . . . . . . . . . . . . . . . . . . . . . 591
iSCSI Sessions
Configuring iSCSI Using CLI
. . . . . . . . . . . . . . . . . . . 588
. . . . . . . . . . . . . . . . . . . . . 593
. . . . . . . . . . . . . . 595
21 Statistics/RMON . . . . . . . . . . . . . . . . . . 596
10 Contents
Table Views . . . . . . . . . . . . . . . . . . . . . . 597
RMON Components
. . . . . . . . . . . . . . . . . . . . . . . . . . 633
Charts
. . . . . . . . . . . . . . . . . . 615
FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\Maintenance
Projects\Dell Contax\Dell_ContaxUG_PrintTOC.fm
22 Quality of Service . . . . . . . . . . . . . . . . . 640
QoS Features and Components . . . . . . . . . . . . . 641
General. . . . . . . . . . . . . . . . . . . . . . . . . . 643
QoS Basic Mode
QoS Advanced Mode
QoS Statistics . . . . . . . . . . . . . . . . . . . . . . 688
. . . . . . . . . . . . . . . . . . . . . 659
. . . . . . . . . . . . . . . . . . 668
Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . 695
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 710
Revision History . . . . . . . . . . . . . . . . . . . . . . 727
Contents
11
FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\Maintenance
Projects\Dell Contax\Dell_ContaxUG_PrintTOC.fm
12 Contents
1

Preface

PowerConnect 5524/5548 and PowerConnect 5524P/5548P are stackable, advanced multi-layer devices.
This guide contains the information needed for installing, configuring, and maintaining the device through the web-based management system, called the OpenManage Switch Administrator.
This guide describes how to configure each system through the web-based management system and through CLI commands.
The
CLI Reference Guide,
provides additional information about the CLI commands.
which is available on the Documentation CD,
Dell PowerConnect 55xx Systems User Guide 13
2

Features

This section describes the features of the PowerConnect 5524/P and 5548/P switches.
For a complete list of all updated device features, see the latest software version Release Notes.
This section contains the following topics:
IP Version 6 (IPv6) Support
•Stack Support
Power over Ethernet
Green Ethernet
Head of Line Blocking Prevention
Flow Control Support (IEEE 802.3X)
•Back Pressure Support
Virtual Cable Testing (VCT)
Auto-Negotiation
MDI/MDIX Support
MAC Address Supported Features
Layer 2 Features
IGMP Snooping
Port Mirroring
Broadcast Storm Control
•VLAN Supported Features
Spanning Tree Protocol Features
Link Aggregation
Quality of Service Features
Quality of Service Features
Device Management Features
Dell PowerConnect 55xx Systems User Guide 14
Security Features
•DHCP Server
•Protected Ports
iSCSI Optimization
Proprietary Protocol Filtering

IP Version 6 (IPv6) Support

The device functions as an IPv6-compliant host, as well as an IPv4 host (also known as dual stack). This enables device operation in a pure IPv6 network as well as in a combined IPv4/IPv6 network.
For more information, see "IP Addressing" on page 202.

Stack Support

The system supports up to eight units with two fixed HDMI stacking ports. The HDMI ports are 1.3a specification, Category 2 High Speed cables, 340 MHz (10.2 Gbit/s).
it is recommended to use HDMI cable version 1.4
The stacking feature supports the following features:
Fast-link failover
Software auto-synch.
Improved response time to events, such as master failover
Auto-numbering algorithm when choosing unit number
For more information, see "Stacking Overview" on page 43

Power over Ethernet

Power over Ethernet (PoE) provides power to devices over existing LAN cabling, without updating or modifying the network infrastructure. When PoE is used, the network devices do not have to be placed next to a power source. PoE can be used in the following applications:
IP Phones
Wireless Access Points
Dell PowerConnect 55xx Systems User Guide 15
•IP Gateways
•PDAs
Audio and video remote monitoring
For more information, see "Power over Ethernet" on page 157.

Green Ethernet

Green Ethernet, also known as Energy Efficient Ethernet (EEE), is an effort to make networking equipment environmentally friendly, by reducing the power usage of Ethernet connections.
The Short-Reach method, which reduces power over Ethernet cables shorter than 40m, is supported by the device.
For more information, see "Green Ethernet Configuration" on page 384.

Head of Line Blocking Prevention

Head of Line (HOL) blocking results in traffic delays and frame loss caused by traffic competing for the same egress port resources. To prevent HOL blocking, the device queues packets, and packets at the head of the queue are forwarded before packets at the end of the queue.

Flow Control Support (IEEE 802.3X)

Flow control enables lower-speed devices to communicate with higher-speed devices, by requesting that the higher-speed device refrain from sending packets. Transmissions are temporarily halted to prevent buffer overflows.
For more information, see "Flow Control" on page 380.

Back Pressure Support

On half-duplex links, the receiving port prevents buffer overflows by occupying the link so that it is unavailable for additional traffic.
For more information, see "Protected Ports" on page 388.
16 Dell PowerConnect 55xx Systems User Guide

Virtual Cable Testing (VCT)

VCT detects and reports copper link cabling faults, such as open cables and cable shorts.
For more information, see "Diagnostics" on page 248.

Auto-Negotiation

Auto-negotiation enables the device to advertise modes of operation. The auto-negotiation function enables an exchange of information between two devices that share a point-to-point link segment, and automatically configures both devices to take maximum advantage of their transmission capabilities.
The PowerConnect 5500 series enhances auto-negotiation by providing port advertisement. Port advertisement enables the system administrator to configure the port speeds that are advertised.
For more information, see "Port Configuration" on page 397 or "LAG Configuration" on page 403.

MDI/MDIX Support

Standard wiring for end stations is known as Media-Dependent Interface (MDI), and standard wiring for hubs and switches is known as Media- Dependent Interface with Crossover (MDIX).
If auto-negotiation is enabled, the device automatically detects whether the cable connected to an RJ-45 port is MDIX (crossed) or MDI (straight). This enables both types to be used interchangeably.
If auto-negotiation is not enabled, only MDI (straight) cables can be used.
For more information, see "Port Configuration" on page 397 or "LAG Configuration" on page 403.

MAC Address Supported Features

MAC Address Capacity Support

The device supports up to 16K MAC addresses and it reserves specific MAC addresses for system use.
Dell PowerConnect 55xx Systems User Guide 17

Static MAC Entries

MAC entries can be manually entered in the Bridging Table, as an alternative to learning them from incoming frames. These user-defined entries are not subject to aging, and are preserved across resets and reboots.
For more information, see "Static Addresses" on page 418.

Self-Learning MAC Addresses

The device enables controlled MAC address learning from incoming packets. The MAC addresses are stored in the Bridging Table.
For more information, see "Dynamic Addresses" on page 421.

Automatic Aging for MAC Addresses

MAC addresses from which no traffic is received for a given period, are aged out. This prevents the Bridging Table from overflowing.
For more information, see "Dynamic Addresses" on page 421.

VLAN-Aware MAC-Based Switching

The device always performs VLAN-aware bridging. Classic bridging (IEEE802.1D), in which frames are forwarded based only on their destination MAC address, is not performed. However, a similar functionality can be configured for untagged frames. Frames addressed to a destination MAC address that is not associated with any port are flooded to all ports of the relevant VLAN.

MAC Multicast Support

Multicast service is a limited Broadcast service that enables one-to-many and many-to-many connections for information distribution. In Layer 2 Multicast service, a single frame is addressed to a specific Multicast address, from which copies of the frame are transmitted to the relevant ports. When Multicast groups are statically enabled, you can set the destination port of registered groups, as well as define the behavior of unregistered Multicast frames.
For more information, see "Multicast" on page 508.
18 Dell PowerConnect 55xx Systems User Guide

Layer 2 Features

IGMP Snooping

Internet Group Membership Protocol (IGMP) Snooping examines IGMP frame contents, when they are forwarded by the device from work stations to an upstream Multicast router. From the frame, the device identifies work stations configured for Multicast sessions, and which Multicast routers are sending Multicast frames. The IGMP Querier simulates the behavior of a Multicast router. This enables snooping of the Layer 2 Multicast domain even if there is no Multicast router.
For more information, see "IGMP Snooping" on page 519.

Port Mirroring

Port mirroring monitors network traffic by forwarding copies of incoming and outgoing packets from a monitored port to a monitoring port. Users specify which target port receives copies of all traffic passing through a specified source port.
For more information, see "Port Mirroring" on page 411.

Broadcast Storm Control

Storm Control enables limiting the number of Multicast and Broadcast frames accepted by and forwarded by the device.
When Layer 2 frames are forwarded, Broadcast and Multicast frames are flooded to all ports on the relevant VLAN. This occupies bandwidth, and loads all nodes connected on all ports.
For more information, see "Storm Control" on page 408.
Dell PowerConnect 55xx Systems User Guide 19

VLAN Supported Features

VLAN Support

VLANs are collections of switching ports that comprise a single Broadcast domain. Packets are classified as belonging to a VLAN, based on either the VLAN tag or on a combination of the ingress port and packet contents. Packets sharing common attributes can be grouped in the same VLAN.
For more information, see "VLANs" on page 459.

Port-Based Virtual LANs (VLANs)

Port-based VLANs classify incoming packets to VLANs, based on their ingress port.
For more information, see "Defining VLAN Membership Using CLI Commands" on page 466.

Full 802.1Q VLAN Tagging Compliance

IEEE 802.1Q defines an architecture for virtual, bridged LANs, the services provided in VLANs, and the protocols and algorithms involved in the provision of these services.
For more information, see "Virtual LAN Overview" on page 460.

GVRP Support

GARP VLAN Registration Protocol (GVRP) provides IEEE 802.1Q­compliant VLAN pruning and dynamic VLAN creation on 802.1Q trunk ports. When GVRP is enabled, the device registers and propagates VLAN membership on all ports that are part of the active underlying Spanning Tree Protocol topology.
For more information, see "GVRP Parameters" on page 483.

Voice VLAN

Voice VLAN enables network administrators to enhance VoIP service by configuring ports to carry IP voice traffic from IP phones on a specific VLAN. VoIP traffic has a preconfigured OUI prefix in the source MAC address. Network administrators can configure VLANs from which voice IP traffic is
20 Dell PowerConnect 55xx Systems User Guide
forwarded. Non-VoIP traffic is dropped from the Voice VLAN in Auto-Voice VLAN Secure mode. Voice VLAN also provides QoS to VoIP, ensuring that the quality of voice does not deteriorate if the IP traffic is received unevenly.
For more information, see "Voice VLAN" on page 491.

Guest VLAN

Guest VLAN provides limited network access to unauthorized ports. If a port is denied network access via port-based authorization, but the Guest VLAN is enabled, the port receives limited network access through the Guest VLAN.
For more information, see "Dot1x Authentication" on page 127.

Private VLAN

The Private VLAN feature provides Layer 2 isolation between ports that share the same Broadcast domain, or in other words, it creates a point-to­multipoint Broadcast domain. The ports can be located anywhere in the Layer 2 network (compared to the Protected Ports feature, where the ports must be in the same stack).
For more information, see "Private VLAN" on page 487.

Multicast TV VLAN

The Multicast TV VLAN feature provides the ability to supply multicast transmissions to Layer 2-isolated subscribers, without replicating the multicast transmissions for each subscriber VLAN. The subscribers are the only receivers of the multicast transmissions.
For more information, see "Multicast TV VLAN" on page 527.

Spanning Tree Protocol Features

Spanning Tree Protocol (STP)

802.1d Spanning tree is a standard Layer 2 switch requirement that enables bridges to automatically prevent and resolve Layer 2 forwarding loops. Switches exchange configuration messages using specifically-formatted frames, and selectively enable and disable forwarding on ports.
For more information, see "Spanning Tree" on page 428.
Dell PowerConnect 55xx Systems User Guide 21

Fast Link

STP can take 30–60 seconds to converge. During this time, STP detects possible loops, enabling time for status changes to propagate and for relevant devices to respond. This period of 30-60 seconds is considered too long a response time for many applications. The Fast Link option bypasses this delay, and can be used in network topologies, where forwarding loops do not occur.
For more information on enabling Fast Link for ports and LAGs, see "STP
or
Port Settings" on page 436
"Static Addresses" on page 418.

IEEE 802.1w Rapid Spanning Tree

Spanning Tree takes 30–60 seconds for each host to decide whether its ports are actively forwarding traffic. Rapid Spanning Tree (RSTP) detects uses of network topologies to enable faster convergence, without creating forwarding loops.
For more information, see "Spanning Tree" on page 428.

IEEE 802.1s Multiple Spanning Tree

Multiple Spanning Tree (MSTP) operation maps VLANs into STP instances. MSTP provides a different load balancing scenario. Packets assigned to various VLANs are transmitted along different paths within MSTP Regions (MST Regions). Regions are one or more MSTP bridges by which frames can be transmitted. The standard lets administrators assign VLAN traffic to unique paths.
For more information, see "Spanning Tree" on page 428.

STP BPDU Guard

BPDU Guard is used as a security mechanism, to protect the network from invalid configurations.
BPDU Guard is usually used either when fast link ports (ports connected to clients) are enabled or when the STP feature is disabled. When it is enabled on a port, the port is shut down if a BPDU message is received and an appropriate SNMP trap is generated.
For more information, see "Spanning Tree" on page 428.
22 Dell PowerConnect 55xx Systems User Guide

Link Aggregation

Up to 32 Aggregated Links may be defined, each with up to eight member ports, to form a single Link Aggregated Group (LAG). This enables:
Fault tolerance protection from physical link disruption
Higher bandwidth connections
Improved bandwidth granularity
High bandwidth server connectivity
A LAG is composed of ports with the same speed, set to full-duplex operation.
For more information, see "LAG Configuration" on page 403.

Link Aggregation and LACP

LACP uses peer exchanges across links to determine, on an ongoing basis, the aggregation capability of various links, and continuously provides the maximum level of aggregation capability achievable between a given pair of devices. LACP automatically determines, configures, binds, and monitors the port binding within the system.
For more information, see "Link Aggregation" on page 500.

BootP and DHCP Clients

DHCP enables additional setup parameters to be received from a network server upon system startup. DHCP service is an on-going process. DHCP is an extension of BootP.
For more information, see "DHCP IPv4 Interface" on page 207.

Quality of Service Features

Class of Service 802.1p Support

The IEEE 802.1p signaling technique is an OSI Layer 2 standard for marking and prioritizing network traffic at the data link/MAC sub-layer. 802.1p traffic is classified and sent to the destination. No bandwidth reservations or limits
Dell PowerConnect 55xx Systems User Guide 23
are established or enforced. 802.1p is a spin-off of the 802.1Q (VLANs) standard. 802.1p establishes eight levels of priority, similar to the IP Precedence IP Header bit-field.

Advanced QoS

Frames that match an ACL and were permitted entrance are implicitly labeled with the name of the ACL that permitted their entrance. Advanced mode QoS actions defined in network policies can then be applied to these flows.
The switch can set DSCP values and map IPv6 DSCP to egress queues in the same way it does for IPv4. The switch detects IPv6 frames by the IPv6 ether­type.
For more information about Advanced QoS, see "QoS Advanced Mode" on page 668.

TCP Congestion Avoidance

The TCP Congestion Avoidance feature activates an algorithm that breaks up or prevents TCP global synchronization on a congested node, where the congestion is due to multiple sources sending packets with the same byte count.
For more information, see "The following is an example of the CLI commands:" on page 656.

Device Management Features

SNMP Alarms and Trap Logs

The system logs events with severity codes and timestamps. Events are sent as SNMP traps to a Trap Recipient List.
For more information, see "SNMP" on page 307
24 Dell PowerConnect 55xx Systems User Guide
.

SNMP Versions 1, 2, and 3

Simple Network Management Protocol (SNMP) over the UDP/IP protocol controls access to the system. A list of community entries is defined, each consisting of a community string and its access privileges. There are three levels of SNMP security: read-only, read-write, and super. Only a super user can access the Community table.
For more information, see "SNMP" on page 307.

Web-Based Management

Web-based management enables managing the system from any web browser. The system contains an Embedded Web Server (EWS) that serves HTML pages, through which the system can be monitored and configured. The system internally converts web-based input into configuration commands, MIB variable settings, and other management-related settings.

Management IP Address Conflict Notification

This feature validates the uniqueness of the switch's IP address, whether it is assigned manually or through DHCP. If the IP address is not unique, the switch performs actions according to the address type. If the IP address is static, see more information about this in "IPv4 Interface Parameters" on page 203. If the IP address is dynamic, see more information about this in"DHCP IPv4 Interface" on page 207.

Flow Monitoring (sflow)

The switch supports statistics collection, using a sampling technology called sFlow that is based on RFC 3176. The sFlow sampling technology is embedded within the switch, and provides the ability to continuously monitor traffic flows on some or all the interfaces simultaneously.
For more information, see "sFlow" on page 369.

Configuration File Download and Upload

The device configuration is stored in a configuration file. The configuration file includes both system-wide and port-specific device configuration. The system can display configuration files as a collection of CLI commands that are stored and manipulated as text files.
Dell PowerConnect 55xx Systems User Guide 25

Auto-Update of Configuration/Image File

This feature facilitates installation of new devices. When you enable the various auto-update options, the device automatically downloads a new image or configuration file when it receives its IP address from a TFTP server, and automatically reboots, using the image or configuration file it received.
For more information, see "Auto-Update/Configuration Feature" on page 331.

TFTP Trivial File Transfer Protocol

The device supports boot image, software, and configuration upload/download via TFTP.

USB File Transfer Protocol

The device supports boot image, software, and configuration upload/download via USB.

Remote Monitoring

Remote Monitoring (RMON) is an extension to SNMP that provides comprehensive network traffic monitoring capabilities. RMON is a standard MIB that defines MAC-layer statistics and control objects, enabling real-time information to be captured across the entire network.
For more information, see "Statistics/RMON" on page 596.

Command Line Interface

Command Line Interface (CLI) syntax and semantics conform as much as possible to common, industry standards. CLI is composed of mandatory and optional elements. The CLI interpreter provides command and keyword completion to assist users and save typing.

Syslog

Syslog is a protocol that enables event notifications to be sent to a set of remote servers, where they can be stored, examined, and acted upon. The system sends notifications of significant events in real time, and keeps a record of these events for after-the-fact usage.
For more information on Syslog, see "Logs" on page 188.
26 Dell PowerConnect 55xx Systems User Guide

SNTP

The Simple Network Time Protocol (SNTP) assures accurate network Ethernet Switch clock time synchronization up to the millisecond. Time synchronization is performed by a network SNTP server. Time sources are prioritized by strata. Strata define the distance from the reference clock. The higher the stratum (where zero is the highest), the more accurate the clock.
For more information, see "Time Synchronization" on page 162.

Domain Name System

Domain Name System (DNS) converts user-defined domain names into IP addresses. Each time a domain name is assigned, the DNS service translates the name into a numeric IP address. For example, www.ipexample.com is translated into 192.87.56.2. DNS servers maintain domain name databases containing their corresponding IP addresses.
For more information, see "Domain Name System" on page 235.

802.1ab (LLDP-MED)

The Link Layer Discovery Protocol (LLDP) enables network managers to troubleshoot, and enhances network management by discovering and maintaining network topologies over multi-vendor environments. LLDP discovers network neighbors by standardizing methods for network devices to advertise themselves to other systems, and to store discovered information. The multiple advertisement sets are sent in the packet Type Le n gt h Val u e (TLV) field. LLDP devices must support chassis and port ID advertisement, as well as system name, system ID, system description, and system capability advertisements.
LLDP Media Endpoint Discovery
by enabling various IP systems to co-exist on a single network LLDP. It provides detailed network topology information, emergency call service via IP phone location information, and troubleshooting information.
For more information, see "LLDP" on page 531.
(LLDP-MED) increases network flexibility
Dell PowerConnect 55xx Systems User Guide 27

Security Features

SSL
Secure Socket Layer (SSL) is an application-level protocol that enables secure transactions of data through privacy, authentication, and data integrity. It relies upon certificates and public and private keys.

Port-Based Authentication (Dot1x)

Port-based authentication enables authenticating system users on a per-port basis via an external server. Only authenticated and approved system users can transmit and receive data. Ports are authenticated via the Remote Authentication Dial-In User Service (RADIUS) server using the Extensible Authentication Protocol (EAP). Dynamic VLAN Assignment (DVA) enables network administrators to automatically assign users to VLANs during the RADIUS server authentication.
For more information, see "Dot1x Authentication" on page 127.

Locked Port Support

Locked Port increases network security by limiting access on a specific port to users with specific MAC addresses. These addresses are either manually defined or learned on that port. When a frame is seen on a locked port, and the frame source MAC address is not tied to that port, the protection mechanism is invoked.
For more information, see "Port Security" on page 93.

RADIUS Client

RADIUS is a client/server-based protocol. A RADIUS server maintains a user database that contains per-user authentication information, such as user name, password, and accounting information.

RADIUS Accounting

This feature enables recording device management sessions (Telnet, serial, and WEB but not SNMP) and/or 802.1x authentication sessions.
28 Dell PowerConnect 55xx Systems User Guide
Due to the complexity of 802.1x setup and configuration, many mistakes can be made that might cause loss of connectivity or incorrect behavior. The
802.1x Monitor mode enables applying 802.1x functionality to the switch, with all necessary RADIUS and/or domain servers active, without actually taking any action that may cause unexpected behavior. In this way, the user can test the 802.1x setup before actually applying it.
For more information, see "RADIUS" on page 284.
SSH
Secure Shell (SSH) is a protocol that provides a secure, remote connection to a device. SSH version 2 is currently supported. The SSH server feature enables an SSH client to establish a secure, encrypted connection with a device. This connection provides functionality that is similar to an inbound telnet connection. SSH uses RSA and DSA Public Key cryptography for device connections and authentication.
For more information, see "Security Management and Password Configuration" on page 71.

TACACS+

TACACS+ provides centralized security for validation of users accessing the device. TACACS+ provides a centralized, user management system, while still retaining consistency with RADIUS and other authentication processes.
For more information, see "TACACS+" on page 275.

Password Management

Password management provides increased network security and improved password control. Passwords for SSH, Telnet, HTTP, HTTPS, and SNMP access are assigned security features.
For more information, see "Password Management" on page 279.
The switch provides the ability to demand strong passwords, meaning that they must contain both upper and lower-case letters, numbers, and punctuation marks.
For more information, see "Password Management" on page 279.
Dell PowerConnect 55xx Systems User Guide 29

Access Control Lists (ACL)

Access Control Lists
actions and rules for specific ingress ports. Packets entering an ingress port with an active ACL, are either admitted or denied entry and the ingress port is disabled. If they are denied entry, the user can disable the port.
(ACL) enable network managers to define classification

Dynamic ACL/Dynamic Policy Assignment (DACL/DPA)

The network administrator can specify the user's ACL in the RADIUS server. After successful authentication, the user is assigned that ACL.
For more information, see "Network Security" on page 92.

DHCP Snooping

DHCP Snooping expands network security by providing firewall security between untrusted interfaces and DHCP servers. By enabling DHCP Snooping, network administrators can differentiate between trusted interfaces connected to end-users or DHCP servers and untrusted interfaces located beyond the network firewall.
For more information, see "DHCP Snooping" on page 564.

ARP Inspection

Dynamic ARP inspection is a security feature that validates ARP packets in a network. It intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindings. This capability protects the network from certain man-in­the-middle attacks.

Port Profile (CLI Macro)

Macros provide a convenient way to save and share a common configuration. A macro is a set of CLI commands with a unique name. When a macro is applied to a port, the CLI commands contained within it are executed and added to the Running Configuration file.
For more information, see "Dynamic ARP Inspection" on page 551.
30 Dell PowerConnect 55xx Systems User Guide

DHCP Server

Dynamic Host Configuration Protocol (DHCP) provides a means of passing configuration information (including the IP address of a TFTP server and a configuration file name) to hosts on a TCP/IP network. The switch can serve as a DHCP server or client.
For more information on the device serving as a DHCP server, see "DHCP Server" on page 290.
For more information on the device serving as a DHCP client, see "DHCP IPv4 Interface" on page 207.

Protected Ports

The Protected Ports feature provides Layer 2 isolation between interfaces (Ethernet ports and LAGs) that share the same Broadcast domain (VLAN) with other interfaces.
For more information, see "Protected Ports" on page 388.

iSCSI Optimization

iSCSI optimization provides the iSCSI flows with specific priority over other network traffic. In addition, the feature provides monitoring of iSCSI sessions.
For more information, see "iSCSI Optimization" on page 584.

Proprietary Protocol Filtering

This feature enables user control over the filtering of packets with proprietary protocols such as CDP, VTP, DTP, UDLD, PaGP, and SSTP. The user can select any combination of the protocols to be filtered, for example: CDP and VTP and UDLD.
For more information, see "Network Security" on page 92.

DHCP Relay and Option 82

A DHCP relay agent detects DHCP Broadcasts from DHCP clients and relays them to DHCP servers that may reside on different subnets.
Dell PowerConnect 55xx Systems User Guide 31
The relay agent information option (Option 82) in the DHCP protocol enables a DHCP relay agent to send additional client information, upon requesting an IP address.
Option 82 specifies the relaying switch's MAC address, the port identifier, and the VLAN that forwarded the packet.
For more information, see "DHCP Relay" on page 577.

Identifying a Switch via LED

The switch provides the ability to turn on a LED (through the GUI interface) on a specific unit or on all units in a stack for a specific length of time.
For more information, see Unit Identification (Location).
32 Dell PowerConnect 55xx Systems User Guide

Hardware Description

This section describes PowerConnect 5500 hardware.
It contains the following topics:
Device Models
Device Structure
LED Definitions
Power Supplies
3
Dell PowerConnect 55xx Systems User Guide 33

Device Models

The PowerConnect 5500 switches combine versatility with minimal management requirements. This series includes the following device types:
PowerConnect 5524
PowerConnect 5524P (with PoE)
ports, along with Power-over-Ethernet (PoE) support
PowerConnect 5548
PowerConnect 5548P (with PoE)
ports, along with Power-over-Ethernet (PoE) support
Each of these devices provides, in addition to the above ports, two HDMI ports, two SPF+ ports, an RS-232 console port, and a USB port, as shown in Figure 5-1.
NOTE: 10/100/1000Mbps Baset-T ports are also known as Gigabit ports or G ports.
— Provides 24 10/100/1000Mbps Base-T ports
— Provides 24 10/100/1000Mbps Base-T
— Provides 48 10/100/1000Mbps Base-T ports
— Provides 24 10/100/1000Mbps Base-T

Device Structure

This section describes the structure of the devices.
It contains the following topics:
Front Panel
Buttons and LEDs
•Back Panel
Ventilation System
System LEDs
•Port LEDs
34 Dell PowerConnect 55xx Systems User Guide

Front Panel

Console
SPF+ Ports
USB Port
HDMI Ports
Giga Ports (even numbered)
Port
Giga Ports (odd numbered)
Figure 5-1 shows the front panel of the PowerConnect 5548 device with its various ports labelled. The PowerConnect 5524 device from the PowerConnect 5548 device in that there are 24 G ports and not 48.
Figure 5-2 shows the buttons/LEDs on the right side in greater detail.
Figure 3-1. PowerConnect 5548 Ports
The following ports are found on the devices.
24/48 G Ports
Two X G Po rts
These are 10 Gigabit ports, designated as 1000Base-X-SFP+. The SFP+ ports are fiber transceivers designated as 10000 Base-SX or LX. They include TWSI (Two-Wire Serial Interface) and internal EPROM.
(also known as Small Form Factor Plugable (SFP)+ Ports)
RS-232 Console Port
This port is used for a terminal connection for debugging and software downloads. The default baud rate is 9,600 bps. The baud rate can be configured from 2400 bps up to 115,200 bps.
•Two HDMI Ports
The HDMI ports are 1.3a specification, category 2 high-speed cables, 340 MHz (10.2 Gbit/s). They are used for stacking purposes.
Dell PowerConnect 55xx Systems User Guide 35
NOTE: it is recommended to use HDMI cable version 1.4
Power Status
Fan
RPS
Reset
Stacking Unit ID
Master
Port LEDs
Console Port
•Single USB Port
This port is used for firmware upgrade from a USB device.

Buttons and LEDs

LEDs on Front Panel
Figure 5-2 shows the extreme, right-hand part of the front panel, which contains buttons and LEDs, in addition to ports.
Figure 3-2. Button/LED Panel
These LEDs are described in Table 5-1 and Table 5-2.
Reset Button
The PowerConnect 5500 switches have a reset button, located on the front panel that is used for manual reset (reboot) of the device.
The single reset circuit of the switch is activated by power-up or low-voltage conditions.
36 Dell PowerConnect 55xx Systems User Guide
The Reset button does not extend beyond the unit’s front, and it must be
RPS
A/C Power Supply
Locator
Locator
MPS
A/C Power Supply
FanFan
activated with a pin.

Back Panel

The back panel of the non-PoE models, shown in Figure 5-3, contains a Redundant Power Supply (RPS) connector, Location LED, and power connector.
The back panel of the PoE models, shown in Figure 5-4, contains a Modular Power Supply (MPS) connector, Location LED, power connector, and two fan outlets.
Figure 3-3. PowerConnect 5524/48 Back Panel
Figure 3-4. PowerConnect 5524/48/P Back Panel
The elements on the back panel are used as follows:
Locator LED
— This LED is lit when the Unit Identification feature is selected. See "Unit Identification (Location)" on page 367 for more information about this feature.
RPS/MPS
on page 42
— Connector for auxiliary power supply.
for more information.
Dell PowerConnect 55xx Systems User Guide 37
See "Power Supplies
"
A/C Power Supply
" on page 42
— Fan outlets.
Supplies
Fans
— Connector for AC power supply.
for more information.
See "Ventilation System
" on page 38
See "Power
for more
information.

Ventilation System

The PowerConnect 5500/P switches have two built-in fans. Operation can be verified by observing the LED that indicates if one or more fans are faulty (see Table 5-1).
The fan outlets are shown in Figure 5-4.

LED Definitions

The front panel contains light emitting diodes (LEDs) that indicate the status of links, power supplies, fans, and system diagnostics.
These are described below.

System LEDs

The system LEDs of the PowerConnect 5500 devices provide information about the power supplies, fans, thermal conditions, and diagnostics. Figure 5-2 shows the location of the system LEDS on the device.
Table 5-1 describes the meaning of the colors of the system LEDs.
Table 3-1. System LED Indicators
LED Color Description
Power Supply (PWR)
Status Green Static The switch is operating normally.
Green Static The switch is turned on.
Green Flashing The Locator function is enabled.
Off The switch is turned off.
Green Flashing The switch is booting.
Red Static A critical system error has occurred.
Red Flashing A non-critical system error has occurred.
38 Dell PowerConnect 55xx Systems User Guide
Table 3-1. System LED Indicators (Continued)
LED Color Description
Stacking No. Indicates the unit ID of the device in the
stack.
Modular/Redundan cy Power Supply (MPS/RPS)
Locator Green Flashing Locator function is enabled.
Master Green Static The device is a master unit.
Fan (FAN) Green Static All device fans are operating normally.
Green Static The MPS/RPS is currently operating.
Red Static The MPS/RPS failed.
Off The MPS/RPS is not plugged in.
Green Static Locator function is disabled.
Off The device is not a master unit.
Red Static One or more of the device fans are not
operating.
Dell PowerConnect 55xx Systems User Guide 39

Port LEDs

LNK
ACT/PoE
LNK
ACT/PoE
Gigabit Ports
Each Giga port has two LEDs associated with it. The speed/link (LNK) LED is located on the left side of the port, while the activity/PoE LED is located on the right side of the port. The activity/PoE LED is labelled ACT in non-PoE devices, and is labelled PoE in PoE-enabled devices, as shown in Figure 5-5.
Figure 3-5. Giga Port LEDs
Table 5-2 describes the LED indications for the Gigabit ports:
Table 3-2. Giga Port s on non-PoE-enabled Devices LEDs
LED Color Description
LNK Green Flashing Link is up and the port is either transmitting
or receiving at 1000 Mbs.
Yellow Flashing Link is up and the port is either transmitting
or receiving data at 100 Mbps.
Solid green
ACT Green Flashing There is activity on the port.
Solid amber
OFF The port is currently not operating.
Off There is no activity on the port.
Link is up high speed.
Link is up at lower speeds.
40 Dell PowerConnect 55xx Systems User Guide
Table 5-3 describes the LED indications for Gigabit ports on PoE-enabled devices.
Table 3-3. Giga Port s on PoE-enabled Devices LEDs
LED Color Description
LNK Flashing green Link is up and the port is either transmitting or
receiving at 1000 Mbs.
Flashing amber Link is up and the port is either transmitting or
receiving data at 100 Mbps.
Solid green
Solid amber
Off Port is currently not operating.
PoE Flashing green There is activity on the port and the PoE is off.
Flashing amber There is activity on the port and the PoE is on.
Amber solid There is no activity on the port and the PoE power is
Off There is no activity on the port and the PoE is off.
Link is up high speed.
Link is up at lower speeds.
on.
HDMI Port LEDs
The HDMI ports have a Speed/link (LNK) LED on their left side and an activity (ACT) LED on their right side.
Table 5-4 describes the HDMP port LEDs:
Table 3-4. HDMI (Stacking) Port LEDs
LED Color Description
Speed/Link Solid green Port is linked to device.
Off Port is currently not operating.
ACT Flashing green Port is either transmitting or receiving.
Off Port is not transmitting or receiving.
Dell PowerConnect 55xx Systems User Guide 41
SFP LEDs
The SFP+ ports each have two LEDs, marked as LNK and ACT, associated with them. Figure 5-5 describes these LEDs.
Table 3-5. SFP Port LEDs
LED Color Description
LNK Solid green Link is at highest speed.
Solid amber Link is at lowest speed.
Off Port is currently not linked.
ACT Flashing green Port is either transmitting or receiving.
Stack ID LED
The front panel of the device contains a Stack ID panel used to display the Unit ID for the Stack Master and members, as shown in Figure 5-2.

Power Supplies

The device has an internal power supply unit (AC unit) and a connector to connect PowerConnect 5500/P devices to a PowerConnect EPS-470 unit, or to a PowerConnect MPS-600 unit.
The PowerConnect 5500/P devices have the following internal power supplies:
24 Port non-PoE devices —
48 Port non-PoE devices —
24/48 Port PoE devices —
Operation with both power supply units is regulated through load sharing. Power supply LEDs indicate the status of the power supply.
The AC power supply unit operates from 90 to 264 VAC, 47 to 63 Hz. The AC power supply unit uses a standard connector. A LED, shown in Figure 5-3, indicates whether the AC unit is connected.
When the device is connected to a supplementary power source, the probability of failure in the event of a power outage decreases.
54 Watt
100 Watt
600 Watt
.
.
.
42 Dell PowerConnect 55xx Systems User Guide
4

Stacking Overview

This section describes how the Stacking feature of the PowerConnect 5500 series functions.
It contains the following topics:
Stack Overview
Stack Members and Unit IDs
Dell PowerConnect 55xx Systems User Guide 43

Stack Overview

The PowerConnect 5500 Stacking feature provides multiple switch management through a single switch, so that all units in the stack are treated as if they were a single switch. All stack members are accessed through the management IP address, through which the stack is managed.
Each switch is a member in a stack, although the stack may consist of only a single switch.
Up to eight units can be stacked.
This section covers the following topics:
Stack Operation Modes
Stacking Units
•Stack Topology

Stack Operation Modes

All stacks must have a Master unit, and may have a Master Backup unit. All other units are connected to the stack as members (slaves).
A unit in the stack can be in one of the following modes:
Stack Master
addition, it runs configures and manages all other units in the stack. All protocols run in the context of the Master unit. It is responsible for updating and synchronizing the
The Stack Master detects and reconfigures the ports with minimal operational impact in the event of:
— Runs the fully operational software of a switch. In
Master Backup
.
Unit failure
Inter-unit stacking link failure
Unit insertion
Unit removal
When the Master unit boots, or when inserting or removing a stack member, the Master unit initiates a stacking discovering process.
44 Dell PowerConnect 55xx Systems User Guide
Slave Unit
applications running on the Master’s CPU to control and manage the resources of the slave unit.
Master Backup
addition, continuously monitors the existence and operation of the stack master. If the master unit fails, the master-backup unit assumes the Master Backup role.
— Runs a slave version of the software that enables the
— Runs as a slave unit, as described above, and in

Stacking Units

PowerConnect 5500 series switches use two HDMI 10G ports for stacking.
To connect the units in the stack:
1
Insert one end of an HDMI cable into the left-hand HDMI port on the unit at the top of the stack and the other end into the right-hand HDMI port of the unit immediately below it (this is called crossover).
2
Repeat this process until all units are connected.
3
(Optional) Connect the left-hand HDMI port of the unit at the bottom of the stack to the right-hand HDMI port of the unit at the top of the stack. This step provides increased bandwidth and redundancy.
Dell PowerConnect 55xx Systems User Guide 45
The results of this process are shown in Figure .
HDMI Ports
F
r
o
n
t
P
a
n
e
l
HDMI Ports
F
r
o
n
t
P
a
n
e
l
HDMI Ports
F
r
o
n
t
P
a
n
e
l
F
r
o
n
t
P
a
n
e
l
HDMI Ports
Figure 4-1. Stacking Ring Topology
46 Dell PowerConnect 55xx Systems User Guide

Stack Topology

The PowerConnect 5500 series systems operates in a ring or chain topology.
Ring Topology
In a ring topology all units in the stack are connected to each other, forming a circle. Each unit in the stack accepts data and sends it to the unit to which it is attached. The packet continues through the stack until it reaches its destination. The system discovers the optimal path on which to send traffic.
Figure shows units of a stack connected in a ring topology.
Stacking Failover Topology - Chain Topology
Difficulties occur when a unit in the ring becomes non-functional, or a link is severed. In this case, the system automatically switches to a chain topology, without any system downtime.
In chain topology, each unit in the stack is connected to neighboring unit except for the last unit, which is not connected to any other unit.
In the chain topology, the stack continues to function as long as there is a master- or backup-enabled unit in each segment of the stack.
When the ring topology is switched to chain topology, an SNMP message is automatically generated, but no stack management action is required. The unit that failed must be repaired to restore full stacking operation in the ring topology.
After the stacking issues are resolved, the units can be reconnected without interruption, and the ring topology is restored.

Stack Members and Unit IDs

This section describes how to configure the stack.
It contains the following topics:
Adding a Unit to the Stack
Assigning Unit IDs
Selecting the Master and Master Backup Units
Switching from the Master to the Master Backup
Replacing Stacking Members
Dell PowerConnect 55xx Systems User Guide 47
Loading Software onto Stack Members
Rebooting the Stack
Managing Configuration Files on the Stack

Adding a Unit to the Stack

The recommended procedure to add a unit to a stack is as follows:
1
Place the powered-off unit in its physical place in the stack, and insert the stacking link in the unit (but do not connect it to the rest of the stack).
2
Power up the unit, and set the correct Unit ID, as described below.
3
Reboot the unit and connect it to the rest of the stack through the stack link.

Assigning Unit IDs

Each unit in the stack has a unique ID that defines the unit’s position and function in the stack, as shown in Figure 5-2.
The unit that is assigned Unit ID 1 is the Master unit, by default. The unit that is assigned Unit ID 2 is the Master Backup unit.
When you power-up the stack, each unit is assigned a unique Unit ID. This is displayed on the front panel of the unit, as shown in Figure 5-2.
The Unit ID of each unit can be either automatically assigned or manually assigned, as described in step 1 to step 4 below.
To assign IDs to the units in the stack, do the following for each unit in the stack:
1
Connect the unit to the terminal.
48 Dell PowerConnect 55xx Systems User Guide
2
Turn on the unit to begin auto boot and press enter the
Start Up
menu.
Return
or
Esc
to abort and
Startup Menu [1]Download Software [2]Erase Flash File [3]Password Recovery Procedure [4]Set Terminal Baud-Rate [5]Stack Menu [6]Back
3
Select
Stack Menu
to open the
Stack Menu
.
[1]Show Unit Stack ID [2]Set Unit Stack ID [3]Back
4
Select
Set Unit Stack ID.
Enter either a Unit ID for manual assignment or
0 to indicate that the unit ID will be assigned automatically.
NOTE: The entire stack should be connected, as shown in Figure 6-1, before
powering up the units.

Selecting the Master and Master Backup Units

A unit is master-enabled if it assigned Unit ID 1 and Unit 2. All other units in the stack (slaves) have unit IDs of 3-8.
The stack master assignment is performed during the configuration boot process. One master-enabled stack member is elected as Master, and the other master-enabled stack member is selected as
Master Backup
to the following decision process:
A master is selected from the set of the two Master-enabled units. Priority is given to the lowest unit ID, but also takes into account the amount of time the unit is UP (Up Time) as follows:
Dell PowerConnect 55xx Systems User Guide 49
, according
When a master-enabled unit is inserted to a running stack, (or when
Master and Backup master both start at the same time), they exchange each other’s UP TIME (the time since they powered up). If the time difference is smaller than 10 minutes, the unit with the lowest unit ID is elected; otherwise, the unit with the longest UP time is elected.
If a Master-enabled unit (with ID 1 or 2) is inserted into an
operational stack, it will be elected as a backup master.
If a Master unit and/or a backup Master unit is removed from the
stack and the user wishes to configure one of the slave units (numbered 3-8) to be a Master backup, the user must reset the unit’s ID. This can be done as follows:
If there is a Master-enabled unit in the stack: Do -
renumber
2 (through CLI or GUI). This makes the nth unit a
switch
master-enabled unit.
If there is no Master-enabled unit in the stack: Press the reset button on the unit to be master-enabled, and assign it a unit ID= 1 using the boot menu.
The user can
force
a master-enabled unit to be the master unit of the stack, even if the master election process did not select it. This is done by switching over to the backup unit.
NOTE: Two stacking member are considered the same age if they were
inserted within a ten minute interval, for example, if Unit 2 is inserted in the first minute of a ten-minute cycle, and Unit 1 is inserted in fifth minute of the same cycle, the units are considered to be the same age.
n
NOTE: If two stack members are discovered to have the same Unit ID, only
the older unit is included in the stack. The stack continues to function and a message is sent notifying that a unit failed to join the stack.
The Stack Master and the Warm Standby ensures that the
Master Backup
Master Backup
maintain a Warm Standby. The
takes over for the Stack
Master if a failover occurs, so that the stack continues to operate normally.
During the Warm Standby, the Master and the
Master Backup
are synchronized with the static configuration. When the Stacking Master is configured, it must synchronize the
Master Backup
. The dynamic
50 Dell PowerConnect 55xx Systems User Guide
configuration is not saved, for example, dynamically-learned MAC addresses are not saved, but dynamic information is learned quickly and automatically by network traffic.

Switching from the Master to the Master Backup

The Master Backup replaces the Stack Master if one or more of the following events occur:
The Stack Master fails or is removed from the stack.
Links from the Stack Master to the stacking members fails.
User performs soft switchover via the Web interface or the CLI.
Switching between the Stack Master and the Master Backup results in limited service loss. Dynamic tables are relearned if a failure occurs. The Running Configuration file is synchronized between Stack Master and the Master Backup, and continues running on the Master Backup.

Replacing Stacking Members

If a unit is removed from the stack, and replaced with a unit with the same unit ID, the stack member is configured with the original unit configuration.
Otherwise, if the new unit has either more or fewer ports than the previous unit, the results depend on the device type of the new and original units, as defined in Table 6-1:
Table 4-1. Port Configurations when Replacing Units
New Unit Original Unit New Port Configuration
5548P or 5548 5548P or 5548 Port configurations remain the same.
5524 or 5524P The first 24 Giga (GE) ports receive the
respective 5524/P 24 GE port configurations. The 10 G port configurations remain the same.
Dell PowerConnect 55xx Systems User Guide 51
Table 4-1. Port Configurations when Replacing Units (Continued)
New Unit Original Unit New Port Configuration
5524P or 5524 5548P or 5548 The PowerConnect 5524/P 24 Gigabit
ports receives the first 24 Giga 5548/P port configurations. The 10 Giga port configurations remain the same. The remaining ports receive the default port configuration.
5524P or 5524 Port configurations remain the same.

Loading Software onto Stack Members

Software can be downloaded to all units simultaneously, or to the master unit alone. If software is only loaded to the master unit, when new software is selected, and the Master is rebooted, the Master updates the software on the remaining units.
In this way, all units in the stack run the same software version.

Rebooting the Stack

Whenever a reboot occurs, topology discovery is performed, and the Master learns all units IDs in the stack.
Configuration files are changed only through explicit user configuration, and are not automatically modified when units are added, removed or reassigned unit IDs.
Each time the system reboots, the Startup Configuration file in the Master unit is used to configure the stack.

Managing Configuration Files on the Stack

The Startup Configuration and Running Configuration file are stored on the stack master.
Each port in the stack is referenced in the configuration files by its port type and unit ID/0/port number, for example "gi1/0/24", which means Giga port 24 on unit 1 (the middle 0 is reserved for future use).
Configuration files are managed from the Stack Master, including:
Saving to flash memory
52 Dell PowerConnect 55xx Systems User Guide
Uploading configuration files to an external TFTP server/HTTP client
Downloading configuration files from an external TFTP server/HTTP client
Download/upload through the USB port
NOTE: Stack configuration for all configured ports is saved, even if the stack
is reset and/or the ports are no longer present.
Dell PowerConnect 55xx Systems User Guide 53
5

Configuring the Switch

This section describes the configuration that must be performed after the switch is installed and connected to power supplies. Additional advanced functions are described in "Advanced Switch Configuration" on page 63.
NOTE: Before proceeding further, read the release notes for this product. You can
download the release notes from the Dell Support website at support.dell.com.
NOTE: We recommend that you obtain the most recent revision of the user
documentation from the Dell Support website at support.dell.com.
It contains the following topics:
Configuration Work Flow
Connecting the Switch to the Terminal
Booting the Switch
•Configuring the Stack
Configuration Using the Setup Wizard
Dell PowerConnect 55xx Systems User Guide 54

Configuration Work Flow

To configure the switches:
1
For each switch in the stack:
a
Connect it to a terminal, as described in the "Connecting the Switch to the Terminal" on page 56.
b
Boot the switch, as described in the "Booting the Switch" on page 57.
c
Assign a unit ID to the switch, as described in "Assigning Unit IDs" on page 48.
2
Connect the units in the stack to each other, as described in "Configuring the Stack" on page 58.
3
Connect the Master unit to the terminal, reboot the unit and the Setup Wizard is run automatically, as described in "Configuration Using the Setup Wizard" on page 58.
4
Respond to the Setup Wizard prompts.
5
Continue managing the switch, either through the console or Telnet, using the CLI or the web GUI.
Dell PowerConnect 55xx Systems User Guide 55

Connecting the Switch to the Terminal

Console Port
The switch is configured and monitored through a terminal desktop system that runs terminal emulation software. The switch connects to the terminal through the console port.
To connect the switch to a terminal:
1
Connect an RS-232 cable to a VT100-compatible terminal or the serial connector of a desktop system running terminal emulation software.
2
Connect the RS-232 cable to the switch console port on the front panel of the switch (see Figure 7-1) using an 8-pin RJ-45 male connector.
Figure 5-1. Front-Panel Console Port
3
Set the terminal emulation software as follows:
a
Select the appropriate serial port to connect to the switch.
b
Set the data rate to 9600 baud.
c
Set the data format to 8 data bits, 1 stop bit, and no parity.
d
Set Flow Control to
e
Select VT100 for Emulation mode within your communication software.
f
Select Terminal keys for Function, Arrow, and Ctrl keys. Ensure that the setting is for Terminal keys (
non
e.
not
Windows keys).
NOTE: You can connect a console to the console port on any unit in the stack, but
stack management is performed only from the stack master (Unit ID 1 or 2).
56 Dell PowerConnect 55xx Systems User Guide

Booting the Switch

Power Status
Fan
RPS
After the local terminal is connected, turn on power. The switch then goes through power-on self-test (POST). POST runs every time the switch is started and checks hardware components, to determine if the switch is operational before completely booting. If the system detects a critical problem, the boot process stops. If POST passes successfully, a valid executable image is loaded into RAM. POST messages are displayed on the terminal and indicate test success or failure.
The boot process runs for approximately 40-45seconds.
When the boot process completes, the following LEDs are lit, as shown in Figure 7-2:
•Power
Status
Fan (should be green)
RPS (if it is being used)
Figure 5-2. Initial LEDs
Dell PowerConnect 55xx Systems User Guide 57

Configuring the Stack

The switch is always considered to be a stack of switches even if the stack only contains a single switch. If there is more than one switch in the stack, each switch must be configured individually. See "Assigning Unit IDs" on page 48 for instructions on how to configure the stack.

Configuration Using the Setup Wizard

The Setup Wizard guides you through the initial switch configuration to get the system up and running as quickly as possible. Note that you can skip the Setup Wizard and configure the switch manually through the CLI.
The Setup Wizard configures the following fields:
SNMP Community String and SNMP Management System IP address (optional)
Username and password
Management switch IP address
IP subnet mask
Default gateway IP address
NOTE: The Setup Wizard assumes the following:
The PowerConnect switch was never configured before and is in the same
state as when you received it.
The PowerConnect switch booted successfully.
The console connection is established and the console prompt is displayed on
the screen of a VT100 terminal switch.
Connect the Master unit to a terminal. You can identify the Master unit by the illuminated Master LED on the front panel of the switch (see Figure 5-2).
To configure the system using the Setup Wizard:
1
Obtain the following information from the network administrator:
SNMP Community String and SNMP Management System IP
address (optional)
Username and password
58 Dell PowerConnect 55xx Systems User Guide
The IP address to be assigned to the VLAN 1 interface through which the switch is to be managed (by default, every external and internal port is a member of the VLAN 1)
The IP subnet mask for the network
The default gateway (next hop router) IP address for configuring the default route
2
Boot the Master unit. The system automatically prompts you to use the Setup Wizard.
The Setup Wizard displays the following information:
Welcome to Dell Easy Setup Wizard The Setup Wizard guides you through the initial
switch configuration and gets you up and running easily and quickly. You can skip the Setup Wizard and enter CLI mode to manually configure the switch. The system will prompt you with a default answer; by pressing Enter, you accept the default value.
You must respond to the next question to run the Setup Wizard within 60 seconds, otherwise the system will continue with normal operation using the default system configuration.
Would you like to enter the Setup Wizard (you must answer this question within 60 seconds)? (Y/N)
Enter [Y] to run the wizard. If you enter [N] or if you do not respond
3
within 60 seconds, the Setup Wizard automatically exits and the CLI console prompt appears.
If you enter [Y] the wizard provides interactive guidance through the initial switch configuration.
The following information is displayed:
You can exit the Setup Wizard at any time by entering [ctrl+Z].
The system is not set up for SNMP management by default.
Dell PowerConnect 55xx Systems User Guide 59
To manage the switch using SNMP (required for Dell Network Manager) you can:
Setup the initial SNMP version 2 account now.
Return later and set up the SNMP version account. For more information on setting up a SNMP version 2 account, see the user documentation.
Would you like to set up the SNMP management interface now? [Y/N]
4
Enter [N] to skip to Step7 or enter [Y] to continue the Setup Wizard. If you enter [Y] the following information is displayed:
To set up the SNMP management account you must specify the management system IP address and the "community string" or password that the particular management system uses to access the switch. The wizard automatically assigns the highest access level [Privilege Level 15] to this account.
You can use Dell Network Manager or other management interfaces to change this setting later and to add additional management system later. For more information on adding management systems, see the user documentation.
To add a management station: Please enter the SNMP community string to be used:
Enter the SNMP community string. You can use the default name "public"
5
Please enter the IP address of the Management System (A.B.C.D) or wildcard (0.0.0.0) to manage from any Management Station:[0.0.0.0].
Enter the SNMP Management System IP.
6
7
Set up user account privilege level, as follows:
The following information is displayed:
Now we need to set up your initial privilege (Level 15) user account. This account is used to login to the CLI and Web interface. You may set up
60 Dell PowerConnect 55xx Systems User Guide
other accounts and change privilege levels later. For more information on setting up user accounts and changing privilege levels, see the user documentation.
To set up a user account: Enter the user name: Please enter the user password: Please reenter the user password:
8
Enter the following:
User name, for example "admin"
Password and password confirmation.
9
Press
Enter
.
The following information is displayed:
Next, an IP address is setup. The IP address is defined on the default VLAN (VLAN 1). This is the IP address you use to access the Telnet, Web interface, or SNMP interface for the switch.
To set up an IP address: Please enter the IP address of the device
(A.B.C.D): Please enter the IP subnet mask (A.B.C.D or nn):
10
Enter the management IP address and IP subnet mask, for example
192.168.2.100 as the IP address and 255.255.255.0 as the IP subnet mask.
11
Press
Enter
.
The following information is displayed:
Finally, set up the default gateway. Please enter the IP address of the gateway from
which this network is reachable (e.g. 192.168.2.1).Default gateway (A.B.C.D):[0.0.0.0]
Dell PowerConnect 55xx Systems User Guide 61
12
Enter the default gateway.
13
Press
Enter
. The following is displayed (example):
This is the configuration information that has been collected:
SNMP Interface = "Dell Network Manager"@192.168.2.10
User Account setup = admin Password = ********** Management IP address = 192.168.2.100
255.255.255.0 Default Gateway = 192.168.2.1
The following information is displayed:
If the information is correct, please select (Y) to save the configuration and copy to the start-up configuration file. If the information is incorrect, select (N) to discard configuration and restart the wizard: [Y/N]
Enter [N] to restart the wizard or enter [Y] to complete the Setup Wizard.
14
If you enter [Y] the following is displayed:
Configuring SNMP management interface.
Configuring user account.......
Configuring IP and subnet......
Thank you for using Dell Easy Setup Wizard. You will now enter CLI mode.
The CLI prompt is displayed. You have finished the initial configuration.
After the initial configuration is complete, you can manage the switch from the connected console port using the CLI or remotely through the management interface, using Telnet or the Web GUI. See the
PowerConnect 5500 Series User Guide
62 Dell PowerConnect 55xx Systems User Guide
found on the Documentation CD.
Dell

Advanced Switch Configuration

This section describes how to perform various configuration operations through the CLI.
It includes the following topics:
•Using the CLI
Accessing the Device Through the CLI
Retrieving an IP Address
Security Management and Password Configuration
Configuring Login Banners
Startup Menu Procedures
Software Download
6
Dell PowerConnect 55xx Systems User Guide 63

Using the CLI

This section provides some general information for using the CLI.
For a complete description of CLI commands, refer to the Dell PowerConnect 55xx Systems

Command Mode Overview

The CLI is divided into command modes, each with a specific command set. Entering a question mark at the terminal prompt displays a list of commands available for that particular command mode.
In each mode, a specific command is used to navigate from one mode to another.
These modes are described below.
User EXEC Mode
During CLI session initialization, the CLI is in User EXEC mode. Only a limited subset of commands is available in User EXEC mode. This level is reserved for tasks that do not change the terminal configuration and is used to access configuration sub-systems.
After logging into the device, User EXEC command mode is enabled. The user-level prompt consists of the host name followed by the angle bracket (>). For example:
NOTE: The default host name is console unless it has been modified during
initial configuration.
The User EXEC commands enable connecting to remote devices, changing terminal settings on a temporary basis, performing basic tests, and listing system information.
To list the User EXEC commands, enter a question mark at the command prompt.
To enter the next level, Privileged EXEC mode, a password is required (if configured).
console>
CLI Reference Guide
.
Privileged EXEC Mode
Privileged EXEC mode provides access to the device global configuration.
64 Dell PowerConnect 55xx Systems User Guide
Privileged access can be protected, to prevent unauthorized access and to secure operating parameters. Passwords are displayed on the screen, and are case-sensitive.
NOTE: The enable command is only necessary if you login with privilege level less
than 15.
To access and list the Privileged EXEC mode commands:
1
At the prompt type
2
When a password prompt displays, enter the password and press
<Enter>
.
enable and press
<Enter>
.
The Privileged EXEC mode prompt displays as the device host name followed by #. For example:
console#
To list the Privileged EXEC commands, type a question mark at the command prompt.
To return from Privileged EXEC mode to User EXEC mode, type and press
<Enter>
.
disable
The following example illustrates accessing privileged EXEC mode and then returning to the User EXEC mode:
console> enable Enter Password: ****** console# console# disable console>
Use the exit command to return to a previous mode.
To configure the device, enter the next level, Global Configuration mode.
Global Configuration Mode
The
Global Configuration mode manages device configuration on a global level. Global Configuration commands apply to system features, rather than a specific protocol or interface.
Dell PowerConnect 55xx Systems User Guide 65
To access Global Configuration mode, at the Privileged EXEC Mode prompt, type configure and press <Enter>. The Global Configuration mode displays as the device host name followed by (config) and the pound sign #.
console# configure console(configure)#
To list the Global Configuration commands, enter a question mark at the command prompt.
The following example illustrates how to access Global Configuration mode and return back to the Privileged EXEC mode:
console# console# configure console(config)# exit console#
Interface Configuration Mode
The Interface Configuration mode configures the device at the physical interface level (port, VLAN, or LAG). Interface commands that require subcommands have another level, called the Subinterface Configuration mode. A password is not required to access this level.
The following example, places the CLI in Interface Configuration mode on port 1/0/1. The sntp command is then applied to that port.
console# configure console(config)# interface gi1/0/1 console(config-if)# sntp client enable
To run a command in a mode, which does not contain it, use do before the command, as in the following example:
console# configure console(config)# interface gi1/0/1 console(config-if)# sntp client enable console(config-if)# do show sntp configuration
66 Dell PowerConnect 55xx Systems User Guide

Accessing the Device Through the CLI

You can manage the device using CLI commands, over a direct connection to the terminal console, or via a Telnet connection.

Direct Connection

Connect the device to the console and enter the CLI commands upon receiving a prompt.

Telnet Connection

Telnet is a terminal emulation TCP/IP protocol. RS-232 terminals can be virtually connected to the local device through a TCP/IP protocol network. Telnet is an alternative to a local login terminal, where a remote login is required.
The device supports up to four simultaneous Telnet sessions. All CLI commands can be used over a Telnet session.
If access is via a Telnet connection, ensure that the device has an IP address and that software has been downloaded to the device.
To start a Telnet session:
1
Select
Start > Run
The
Run
window opens.
2
Ty p e
cmd.
The
cmd
window opens.
.
3
In the
cmd
window, type
The Telnet session begins.
Telnet <IP address> <Enter>
Dell PowerConnect 55xx Systems User Guide 67
.

Retrieving an IP Address

Receiving an IP Address from a DHCP Server

When using the DHCP protocol to retrieve an IP address, the device acts as a DHCP client. When the device is reset, the DHCP command is saved in the configuration file, but the IP address is not.
To retrieve an IP address from a DHCP server, perform the following steps:
1
Select and connect any port to a DHCP server or to a subnet that has a DHCP server on it.
2
Type the following commands to use the selected port for receiving the IP address.
a
Assigning dynamic IP Addresses on a port:
console# configure console(config)# interface gi1/0/1 console(config-if)# ip address dhcp
b
Assigning a dynamic IP Addresses on a VLAN:
console# configure console(config)# interface vlan 1 console(config-if)# ip address dhcp
The interface receives the IP address automatically.
68 Dell PowerConnect 55xx Systems User Guide
3
To verify the IP address, type
show ip interface
at the system prompt, as
shown in the following example.
console# show ip interface
IP Address I/F Type Directed Precedence Status
Broadcast
----------------- --------- -------- -------- -------- -----
0.0.0.0/32 gi2/0/1 DHCP disable No Valid
10.5.234.232/24 vlan 1 Static disable No Valid
When configuring/receiving IP addresses through DHCP and BOOTP (an older version of DHCP), the configuration received from these servers includes the IP address and may include the subnet mask and default gateway.
NOTE: It is not necessary to delete the device configuration to retrieve an IP
address from the DHCP server.
NOTE: When copying configuration files, avoid using a configuration file that
contains an instruction to enable DHCP on an interface that connects to the same DHCP server, or to one with an identical configuration. In this instance, the device retrieves the new configuration file and boots from it. The device then enables DHCP, as instructed in the new configuration file, and the DHCP instructs it to reload the same file.
NOTE: If you configure a DHCP IP address, this address is dynamically retrieved,
and the ip address dhcp command is saved in the configuration file. In the event of master failure, the backup will again attempt to retrieve a DHCP address. This could result in one of the following:
The same IP address may be assigned.
A different IP address may be assigned, which could result in loss of
connectivity to the management station.
The DHCP server may be down, which would result in IP address retrieval
failure, and possible loss of connectivity to the management station.

Receiving an IP Address From a BOOTP Server

The standard BOOTP protocol is supported and enables the device to automatically download its IP host configuration from any standard BOOTP server in the network. In this case, the device acts as a BOOTP client.
Dell PowerConnect 55xx Systems User Guide 69
To retrieve an IP address from a BOOTP server:
1
Select and connect any port to a BOOTP server or subnet containing such a server.
2
At the system prompt, enter the
delete startup configuration
command to
delete the Startup Configuration from flash.
The device reboots with no configuration and in 60 seconds starts sending BOOTP requests. The device receives the IP address automatically.
NOTE: When the device reboot begins, any input at the ASCII terminal or keyboard
automatically cancels the BOOTP process before completion and the device does not receive an IP address from the BOOTP server.
The following example illustrates the process:
console> enable console# delete startup-config Startup file was deleted console# reload You haven’t saved your changes. Are you sure you want to
continue (Y/N) [N]? This command will reset the whole system and disconnect
your current session. Do you want to continue (Y/N) [N]? ************************************************ /* the device reboots */
To display the IP address, enter the show ip interface command.
The device is now configured with an IP address.
70 Dell PowerConnect 55xx Systems User Guide

Security Management and Password Configuration

System security is handled through the Authentication, Authorization, and Accounting (AAA) mechanism that manages user access rights, privileges, and management methods. AAA uses both local and remote user databases. Data encryption is handled through the SSH mechanism.
Passwords can be configured for the following services:
•Terminal
•Telnet
•SSH
•HTTP
•HTTPS
NOTE: When creating a user name, the default priority is 1, which provides access
but not configuration rights. A priority of 15 must be set to enable access and configuration rights to the device. Although user names can be assigned privilege level 15 without a password, it is recommended to always assign a password. If there is no specified password, privileged users can access the Web interface with any password.
NOTE: Passwords can be secured by using password management commands to
force aging out of passwords, or expiration of passwords. For more information, see "Management Security" on page 254.
Initial Configuration and Password Recovery
The system is delivered without a default password, and all passwords must be defined by the user. If a user-defined password is lost, a password recovery procedure can be invoked from the Startup menu. This procedure is applicable for the local terminal only and enables a single access to the device from the local terminal with no password entered.
The full mode of password recovery mechanism can be enabled/disabled through the CLI (service password-recovery command).
This affects password recovery in the following way:
Enabled:
access to the device without a password is enabled and all configuration and user files are retained.
When the password-recovery mechanism is invoked, one-time
Dell PowerConnect 55xx Systems User Guide 71
Disabled:
When the password-recovery mechanism is invoked, one-time access to the device without a password is stilled enabled, however all configuration files (startup and backups) are removed and the following log message is generated to the terminal after boot process completed: “All configuration and user files were removed”

Configuring an Initial Terminal Password

To configure an initial terminal password, enter the following commands:
console(config)# aaa authentication login default line console(config)# aaa authentication enable default line console(config)# line console console(config-line)# login authentication default console(config-line)# enable authentication default console(config-line)# password george

Configuring an Initial Telnet Password

To configure an initial Telnet password, enter the following commands:
console(config)# aaa authentication login default line console(config)# aaa authentication enable default line console(config)# line telnet console(config-line)# login authentication default console(config-line)# enable authentication default console(config-line)# password bob
72 Dell PowerConnect 55xx Systems User Guide

Configuring an Initial SSH Password

To configure an initial SSH password, enter the following commands:
console(config)# aaa authentication login default line console(config)# aaa authentication enable default line console(config)# line ssh console(config-line)# login authentication default console(config-line)# enable authentication default console(config-line)# password jones

Configuring an Initial HTTP Password

To configure an initial HTTP password, enter the following commands:
console(config)# ip http authentication aaa login­authentication local
console(config)# username admin password user1 privilege 15

Configuring an Initial HTTPS Password

To configure an initial HTTPS password, enter the following commands:
console(config)# ip http authentication aaa login­authentication local
console(config)# username admin password user1 privilege 15
Enter the following commands once when configuring use of a terminal, a Telnet, or an SSH session, for an HTTPS session.
NOTE: In the Web browser, enable SSL 2.0 or greater for the page content to be
displayed.
console(config)# crypto certificate 1 generate key­generate
console(config)# ip http secure-server
NOTE: HTTP and HTTPS services require privilege level 15 access and connect
directly to the configuration level access.
Dell PowerConnect 55xx Systems User Guide 73

Configuring Login Banners

Banners can be defined for each line, such as console and telnet) or for all lines. They are disabled by default.
The following types of banners can be defined:
Message-of-the-Day Banner (motd)
to the device, before login. The following defines a message-of-the-day for the console:
console# configure console(config)# line console console(config-line)# motd-banner console(config-line)# exit console (config)# banner motd * Welcome* console# do show banner motd Welcome Would you like to enable this banner to all lines?
(Y/N)[Y] Y console(config)#
— Displayed when the user connects
74 Dell PowerConnect 55xx Systems User Guide
Login Banner — Displayed after the Message-of-the-Day Banner, and
before the user has logged in. The following defines a login banner for the console:
console# configure console(config)# line console console(config-line)# login-banner console(config-line)# exit console (config)# banner login * Please log in* console# do show banner login Would you like to enable this banner to all lines?
(Y/N)[Y] Y Please log in
Exec Banner — Displayed after successful login (in all privileged levels
• and in all authentication methods). The following defines an exec banner for the console:
console# configure console(config)# line console console(config-line)# exec-banner console(config-line)# exit console (config)# banner exec * Successfully logged in* Would you like to enable this banner to all lines?
(Y/N)[Y] Y console# do show banner exec Successfully logged in
Dell PowerConnect 55xx Systems User Guide 75

Startup Menu Procedures

The Startup menu enables performing various tasks, such as software download, flash handling and password recovery.
You can enter the Startup menu when booting the device. User input must be entered immediately after the POST test.
To enter the Startup menu:
Turn the power on. After the auto-boot messages appear, the following menu is displayed:
Startup Menu [1]Download Software [2]Erase Flash File [3]Password Recovery Procedure [4]Set Terminal Baud-Rate [5]Stack menu [6]Back
The following sections describe the available Startup menu options.
NOTE: When selecting an option from the Startup menu, take time-out into
account. If no selection is made within 10 seconds (default), the device times out. This default value can be changed through the CLI.

Download Software - Option[1]

The software download procedure is used to replace corrupted files or upgrade system software, when the device does not have IP connectivity or when both software images of the device are corrupted and therefore you cannot use the web-based management system.
NOTE: it is highly recommended that, before loading via xmodem, the baud rate of
the device and terminal be set to 115200.
76 Dell PowerConnect 55xx Systems User Guide
To download software through the Startup menu:
1
From the Startup menu,
Downloading code using XMODEM !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
2
When using the HyperTerminal, click Menu Bar and select
3
In the
Filename
4
Ensure that the Xmodem protocol is selected in the
5
Press
Send
NOTE: After software download, the device reboots automatically.
field, enter the file path for the file to be downloaded.
. The software is downloaded.
press [1]
Send File
. The following prompt is displayed:
Tr an sf e r
on the HyperTerminal
.
Protocol
field.

Erase FLASH File - Option[2]

In some cases, the device Startup Configuration file must be erased. If the configuration is erased, all parameters configured via CLI, web-management or SNMP must be reconfigured.
To erase the device configuration in the Startup Configuration file:
1
From the Startup menu, displayed:
Warning! About to erase a Flash file. Are you sure (Y/N)?
2
Press Y. The following message is displayed.
Write Flash file name (Up to 8 characters, Enter for none.):
3
Enter
config
("config" is the standard name for the Startup configuration
file although you can use any name).
The following is displayed:
select [2]
. The following message is
File config (if present) will be erased after system initialization
======== Press Enter To Continue ========
Dell PowerConnect 55xx Systems User Guide 77
The configuration is erased when the system is reset.

Password Recovery - Option[3]

If a password is lost, the Password Recovery procedure can be called from the Startup menu. The procedure enables entry to the device a single time without entering a password.
To recover a lost password when entering the local terminal only:
1
From the
2
Continue the regular startup by logging in without a password.
3
Enter a new password or press 'ESC' to exit.
NOTE: To ensure device security, reconfigure passwords for applicable
management methods.
Startup
menu, select
[3]
.

Set Terminal Baud-Rate - Option[4]

To set the terminal baud-rate:
1
Ty p e
[4]
and press
2 Enter the new baud rate. The following is displayed:
Set new device baud-rate: 38,400
Note that after this step, your terminal will no longer respond. Adjust your terminal speed to the configured one.
<Enter>
.

Stack Menu - Option[5]

To configure the stack, type [5] and press <Enter>.
For more information, see "Assigning Unit IDs" on page 48.
78 Dell PowerConnect 55xx Systems User Guide

Software Download

This section contains instructions for downloading device software (system and boot images) through a TFTP server or USB port. The TFTP server must be configured before downloading the software.

Software Auto Synch in Stack

When several units are stacked, they must all run the same software version. When a new slave device is inserted into the stack, it is first checked for compatibility (meaning that the master can run firmware upgrade/downgrade to the slave unit), and if found compatible, its boot and image software versions are automatically updated with the Master’s. If the slave is found not compatible, it is shutdown.
A SYSLOG message is sent when a master synchronizes a slave's software.

System Image Download

When the device boots, it decompresses the system image from the flash memory area and runs it. When a new image is downloaded, it is saved in the other area allocated for the other system image copy.
On the next boot, the device decompresses and runs the image from the currently active system image.
A system image can be downloaded through a USB port or a TFTP server.
To download the system image from a TFTP server, ensure that an IP address is configured on one of the device ports and pings can be sent to the TFTP server. In addition, ensure that the file to be downloaded is saved on the TFTP server.
To download a system image through the USB port or TFTP server:
1
Enter the currently running on the device. The following is an example of the information that appears:
Unit SW version Boot version HW version
------ ------------------- ------------------- -------­2 1.0.0.24 1.0.0.11
show version
command, to verify which software version is
console#
Dell PowerConnect 55xx Systems User Guide 79
2
Enter the
show bootvar
command, to verify which system image is currently active. The following is an example of the information that is displayed:
console# show bootvar Unit Image Filename Version Date Status
---- ----- --------- --------- --------------------- --------­2 1 image-1 1.0.0.13 04-Aug-2010 08:27:30 Active* 2 2 image-2 1.0.0.12 29-Jul-2010 17:02:26 Not active console#
3
Enter the one of the following commands to copy a new system image to the current unit:
copy {tftp://|usb://}{tftp address}/{file name} image (current unit)
or
To copy a new system image to all units in the stack:
copy tftp://{tftp address}/{file name} unit://*/image
4
When the new image is downloaded, it is saved in the area allocated for the other copy of system image (image-2, as shown in the example). The following is an example of the information that appears:
console# copy tftp://176.215.31.3/file1.ros image Accessing file ‘file1’ on 176.215.31.3Ö Loading file1 from 176.215.31.3: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Copy took 00:01:11 [hh:mm:ss]
Exclamation symbols indicate that a copying process is in progress. Each symbol (!) corresponds to 512 bytes transferred successfully. A period indicates that the copying process is timed out. Many periods in a row indicate that the copying process failed.
80 Dell PowerConnect 55xx Systems User Guide
5
Select the image for the next boot by entering the After this command, enter the copy indicated as a parameter in the
show bootvar
boot system
boot system
command.
command to verify that the
command is selected for
the next boot.
The following is an example of the information that appears:
console# boot system image-2 console# show bootvar Images currently available on the Flash Image-1 active Image-2 not active (selected for next boot)
If the image for the next boot is not selected by entering the boot system command, the system boots from the currently active image.
6
Enter the reload command. The following message is displayed:
console# reload This command will reset the whole system and
disconnect your current session. Do you want to continue (y/n) [n]?
7
Enter Y. The device reboots.

Boot Image Download

Loading a new boot image from the TFTP server or USB port, updates the boot image. The boot image is loaded when the device is powered on. A user has no control over the boot image copies.
To download a boot image through the TFTP server:
Dell PowerConnect 55xx Systems User Guide 81
1
Enter the
show version
command to verify which software version is currently running on the device. The following is an example of the information that appears:
console# show version Unit SW version Boot version HW version
----- -------------- ----------------- ---------­2 1.0.0.24 1.0.0.11 console#
2
Enter the
name} boot
copy {tftp://|usb://}{tftp address}/{file
command to copy the boot image to the device. The
following is an example of the information that appears:
console# copy tftp://50.1.1.7/contax-10014.ros image 01-Oct-2006 11:57:35 %COPY-I-FILECPY: Files Copy - source URL
tftp://50.1.1.7/contax-10014.ros destination URL flash://image !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 01-Sep-2010 11:57:38 %INIT-I-Startup: Cold Startup !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 01-Sep-2010 11:59:05 %COPY-N-: The copy operation was completed
successfully! Copy: 5954757 bytes copied in 00:01:30 [hh:mm:ss]
3
Enter the reload command. The following message is displayed:
console# reload This command will reset the whole system and
disconnect your current session. Do you want to continue (Y/N) [N]?
4
Enter Y. The device reboots.
82 Dell PowerConnect 55xx Systems User Guide

Using Dell OpenManage Administrator

This section provides an introduction to the Dell OpenManage Switch Administrator user interface.
It contains the following topics:
Starting the Application
Understanding the Interface
Using the Switch Administrator Buttons
Field Definitions
Common GUI Features
CLI Commands
7
Dell PowerConnect 55xx Systems User Guide 83

Starting the Application

NOTE: Before starting the application the IP address must be defined. For more
information, see "Accessing the Device Through the CLI" on page 67.
1
Open a web browser.
2
Enter the device’s IP address in the address bar and press
3
When the
NOTE: Passwords are both case sensitive and alpha-numeric.
4
Click OK.
The
Log In
window displays, enter a user name and password.
Dell OpenManage Switch Administrator
home page displays.
<Enter>

Understanding the Interface

The home page contains the following views:
Tree view
provides an expandable view of the features and their components. The branches in the tree view can be expanded to view all the components under a specific feature, or retracted to hide the feature's components. By dragging the vertical bar to the right, the tree area can be expanded to display the full name of a component.
Device View
• view provides information about device ports, current configuration and status, table information, and feature components. For further information, see "Device Representation" on page 85
Components List
• contains a list of the feature components. When a feature is expanded, the GUI page for that feature is displayed.
Information Buttons
access to information about the device and access to Dell Support. For more information, see "Information Buttons" on page 87.
— Located on the left side of the home page, the tree view
— Located in on the top center of the home page, the device
— Located in the bottom center of the home page,
— Located at the top of the home page, provide
.
84 Dell PowerConnect 55xx Systems User Guide

Device Representation

Stacking Unit ID
Giga Ports (odd numbered)
Giga Ports (even numbered)
The home page contains a graphical representation of the units in the stack’s front panels. Figure 9-1 displays the 5548 model, but the display for the other models are similar.
Figure 7-1. PowerConnect Device Port Indicators
The graphic display on the home page displays the Unit ID and port indicators that specify whether a specific port is currently active. Table 9-1 describes the port colors that are displayed and their meaning:
Table 7-1. Port Colors
Component Description
Amber The port is currently connected at 100 Mbps.
Green The port is currently connected at 1000 Mbps
Grey The port is currently disconnected
NOTE: For more information about LEDs, see "LED Definitions" on page 38.
To configure a port double-click on its icon.
Only ports that are physically present are displayed in the PowerConnect OpenManage Switch Administrator home page, and can be configured through the web management system. Non-present ports can be configured through the CLI or SNMP interfaces.

Port Representation

Ports are referred to in the notation: [gi/te]x/0/z, where:
Dell PowerConnect 55xx Systems User Guide 85
gi—Giga port
te —Ten Giga port
•x Unit ID
•z Port number
86 Dell PowerConnect 55xx Systems User Guide

Using the Switch Administrator Buttons

This section describes the buttons found on the OpenManage Switch Administrator interface.

Information Buttons

Table 9-2 describes the information buttons that provide access to online support and online help, as well as information about the OpenManage Switch Administrator interfaces. These are displayed at the top of each page.
Table 7-2. Information Buttons
Button Description
Support Opens the Dell Support page at support.dell.com
About Contains the version and build number and Dell copyright
information.
Logout Opens the Log Out window.

Device Management Icons

Table 9-3 describes the device management buttons.
Table 7-3. Device Management Icons
Button Icon Description
Apply&Save Saves changes to the Running and Startup Configuration
files.
Help Open online help. The online help pages are
context-sensitive. For example, if the IP Addressing page is open, the help topic for that page is displayed when Help is clicked.
Print Prints the Network Management System page and/or table
information.
Dell PowerConnect 55xx Systems User Guide 87
Table 7-3. Device Management Icons (Continued)
Refresh Refreshes device information from the Running
Configuration file.
88 Dell PowerConnect 55xx Systems User Guide

Field Definitions

Fields that are user-defined can contain between 1–159 characters, unless otherwise noted on the OpenManage Switch Administrator web page. All letters or characters can be used, except the following: "\ / : * ? < >"

Common GUI Features

Table 9-4 describes the common functions that can be performed on many GUI pages.
Table 7-4. Common GUI Elements
Button Description
Apply Save changes entered in GUI page to the Running
Configuration file.
Back Go to previous page.
Cancel Cancel changes entered in GUI page.
Clear All Counters Delete counters.
Clear Counters Delete selected counters.
Clear Log Delete entries from log.
Clear Statistics Delete statistics.
Copy parameters from
Copy parameters from port
Details Shows further details relevant to the current page.
Next Go to next page.
Query Run a query after query criteria have been entered.
Remove Remove checked elements in the page. If Select All is
Reset All Counters Delete all counters.
Restore Defaults Restores parameters entered in page to default values.
Copy the parameters from a selected row to the selected target rows.
Copy the parameters from a selected port to the selected target ports.
selected, all elements are removed.
Dell PowerConnect 55xx Systems User Guide 89
Table 7-4. Common GUI Elements (Continued)
Button Description
Te ln e t Opens a Telnet window. This only works in the Explorer 6 and
Firefox browsers.

GUI Terms

Each GUI page in the tree view is described in the following sections. A brief introduction is provided along with steps specifying how to enter information in the page. The following terms are used:
Enter
— Indicates that information may be entered in the field. It does
not imply that the field is mandatory.
Select
—Indicates that information may be selected from a drop-down list
or from radio buttons.
Displays
—Indicates that the field is display only.

CLI Commands

There are certain command entry conventions that apply to all commands. The following table describes these conventions.
Table 7-5. Common GUI Elements
Button Description
[ ] In a command line, square brackets indicate an optional
entry..
{ } In a command line, curly brackets indicate a selection of
compulsory parameters separated by the | character. One option must be selected. For example: flowcontrol {auto|on|off} means that for the flowcontrol command either auto, on, or off must be selected.
Italic Font
Bold Italic Font
<button-name> Any individual key on the keyboard. For example click
Indicates a parameter value.
Indicates a parameter key word.
<Enter>.
90 Dell PowerConnect 55xx Systems User Guide
Button Description
Ctrl+F4 Any combination of keys clicked simultaneously, for example:
Ctrl and F4.
Screen Display Indicates system messages and prompts appearing on the
console.
all
When a parameter is required to define a range of ports or parameters and all is an option, the default for the command is all when no parameters are defined. For example, the command interface range port-channel has the option of either entering a range of channels, or selecting all. When the command is entered without a parameter, it automatically defaults to all.
Dell PowerConnect 55xx Systems User Guide 91
8

Network Security

This section describes the various mechanisms for providing security on the switch.
It contains the following topics:
Port Security
•ACLs
•ACL Binding
Proprietary Protocol Filtering
•Absolute Time Range
Time Range Recurrence
Dot1x Authentication
92 Dell PowerConnect 55xx Systems User Guide

Port Security

Network security can be enhanced by limiting access on a port to users with specific MAC addresses. The MAC addresses can be dynamically learned, or they can be statically configured.
Port security has the following modes:
Classic Lock
packets that are received on specific ports. Access to the locked port is limited to users with specific MAC addresses. These addresses are either manually defined on the port, or learned on that port before it was locked.
Limited Dynamic Lock
• and the packet’s source MAC address is not tied to that port (either it was learned on a different port, or it is unknown to the system), a protection mechanism, which provides various options is invoked. Unauthorized packets arriving to a locked port are either:
–Forwarded
Discarded with no trap
Discarded with a trap
The port is shutdown
Locked port security enables storing a list of MAC addresses in the configuration file. The MAC addresses are restored when the device is reset.
Disabled ports can be activated from the Port Configuration page.
— Locked port security monitors both received and learned
— When a packet is received on a locked port,
Dell PowerConnect 55xx Systems User Guide 93
To configure port security:
1
Click
Switching
Security: Summary
Figure 8-1. Port Security: Summary
>
Network Security > Port Security
page.
to display the
Security parameters are displayed for all ports or LAGs, depending on the selected interface type.
Port
2
To modify the security parameters for a port, select it, and click
3
Enter the following fields:
Interface
Current Port Status
Set Port
Learning Mode
is enabled only if
— Select the interface to be configured.
— Displays the current port status.
— Select to either lock or unlock the port.
— Set the locked port type. The
Locked
is selected in the
Set Port
options are:
Classic Lock
— Locks the port using the classic lock mechanism. The port is immediately locked, regardless of the number of addresses that have already been learned.
94 Dell PowerConnect 55xx Systems User Guide
Edit
Learning Mode
field. The possible
.
field
Limited Dynamic Lock
— Locks the port by deleting the dynamic MAC addresses associated with the port. The port learns up to the maximum addresses allowed on the port. Both relearning and aging MAC addresses are enabled.
Max Entries (0-128)
addresses that can be learned on the port. The enabled only if
Limited Dynamic Lock
Action on Violation
— Enter the maximum number of MAC
Max Entries
Locked
is selected in the
Set Port
mode is selected in
field, and the
Learning Mode
— Select the action to be applied to packets
field is
field.
arriving on a locked port. The possible options are:
Discard
Forward
— Discard the packets from any unlearned source.
— Forward the packets from an unknown source,
without learning the MAC address.
Shutdown
— Discard the packet from any unlearned source, and shut down the port. Ports remain shutdown until they are reactivated, or the device is reset.
Tr ap
— Enable/disable traps being sent when a packet is received on a
locked port.
Trap Frequency (1-1000000)
— Enter the amount of time (in
seconds) between traps.
Configuring Port Security Using CLI Commands
The following table summarizes the CLI commands for configuring port security.
.
Table 8-1. Port Security CLI Commands
CLI Command Description
set interface active
{[gigabitethernet|tengigabitethern et] interface|port-channel LAG-
number}
Dell PowerConnect 55xx Systems User Guide 95
Reactivates an interface that is shutdown due to port security reasons.
Table 8-1. Port Security CLI Commands (Continued)
CLI Command Description
port security max {max-addr} no port security max
port security mode {lock | max­addresses }
no port security mode
port security [forward | discard | discard-shutdown] [trap seconds]
no port security
port security
[forward|discard|discard-shutdown] [trap seconds]
no port security show ports security
[[gigabitethernet|tengigabitethern et] port-number ]|port-channel
LAG-number]
Specifies the maximum number of MAC addresses that can be learned on the port.
Use the no form of this command to restore the default
Configures the port security learning mode.
Use the no form of this command to restore the default configuration.
Enables port security on an interface.
Use the no form of this command to disable port security on an interface.
Configures port security on an interface.
Use the no form of this command to disable port security.
Displays lock status of specified interface or of all interfaces.
96 Dell PowerConnect 55xx Systems User Guide
The following is an example of the CLI commands:
console # show ports security Port Status Learning Action Maximum Trap Frequency
------- -------- -------- -------- ------- ---- --------­gi1/0/1 Disabled Max-Addresses - 10 - ­gi1/0/2 Disabled Lock - 1 - ­gi1/0/3 Disabled Lock - 1 - ­gi1/0/4 Disabled Lock - 1 - ­gi1/0/5 Disabled Lock - 1 - ­gi1/0/6 Disabled Lock - 1 - ­gi1/0/7 Disabled Lock - 1 - ­gi1/0/8 Disabled Lock - 1 - ­gi1/0/9 Disabled Lock - 1 - ­gi1/0/10Disabled Lock - 1 - ­gi1/0/11Disabled Lock - 1 - ­gi1/0/12Disabled Lock - 1 - -
Dell PowerConnect 55xx Systems User Guide 97

ACLs

This section describes Access Control Lists (ACLs), which enable defining classification actions and rules for specific ingress or egress ports.
It contains the following topics:
ACL Overview
MAC-Based ACLs
MAC-Based ACEs
•IPv4-Based ACLs
•IPv4-Based ACEs
•IPv6-Based ACLs
•IPv6-Based ACEs

ACL Overview

Access Control Lists (ACLs) enable network managers to define classification actions and rules for specific ingress or egress ports. Packets entering an ingress or egress port, with an active ACL, are either admitted or denied entry. If entry is denied, the ingress or egress port may be disabled, for example, a network administrator defines an ACL rule that states that port number 20 can receive TCP packets, however, if a UDP packet is received, the packet is dropped.
ACLs are composed of Access Control Entries (ACEs) that are rules that determine traffic classifications. Each ACE is a single rule, and up to 256 rules may be defined on each ACL, and up to 3000 rules globally.
Rules are not only used for user configuration purposes, they are also used for features like DHCP Snooping, Protocol Group VLAN and iSCSI, so that not all 3000 rules are available for ACEs. It is expected that there will be at least 2000 rules available. If there are fewer rules available, this may be due to DHCP Snooping or iSCSI optimization. Reduce the number of entries in DHCP Snooping or reduce the max number of TCP connections in the iSCSI configuration in order to free rules for ACEs.
The following types of ACLs can be defined:
MAC-based ACL
IPv4-based ACL
— Examines Layer 2 fields only
—Examines the Layer 3 layer of IPv4 frames
98 Dell PowerConnect 55xx Systems User Guide
IPv6-based ACL
—Examines the Layer 3 layer of IPv6 frames

MAC-Based ACLs

To define a MAC-based ACL:
1
Click
Switching
MAC Based ACL: Summary
Figure 8-2. MAC Based ACL: Summary
>
Network Security > MAC Based ACL
to display the
page.
The currently-defined MAC-based ACLs are displayed.
2
To add a new ACL, click
Add ACL
Dell PowerConnect 55xx Systems User Guide 99
, and enter the name of the new ACL.
Configuring MAC-Based ACLs Using CLI Commands
The following table summarizes the CLI commands for configuring
MAC-based ACLs.
Table 8-2. MAC Based ACL CLI Commands
CLI Command Description
mac access-list extended acl­name
no mac access-list extended acl­name
show interfaces access-lists Displays access lists applied on
Defines an ACL and places the device in MAC-extended ACL configuration mode.
Use the no form of this command to remove the ACL.
interfaces.
The following is an example of some of the CLI commands:
console# show access-lists Extended IP access list ACL1 permit 234 172.30.40.1 0.0.0.0 any permit 234 172.30.8.8 0.0.0.0 any
100 Dell PowerConnect 55xx Systems User Guide
Loading...