Digisol DG-FS4526 Management Manual
As our product undergoes continuous development the specifications are subject to change without prior notice
DG-FS4526
MUSTANG 4000 SWITCH SERIES
=MANAGEMENT GUIDE
V1.1
2010-09-28
COPYRIGHT
Copyright © 2010 by SNSL. All rights reserved. No part of this publication may be
reproduced, transmitted, transcribed, stored in a retrieval system, or translated
into any language or computer language, in any form or by any means, electronic,
mechanical, magnetic, optical, chemical, manual or otherwise, without the prior
written permission of SNSL.
SNSL makes no representations or warranties, either expressed or implied, with
respect to the contents hereof and specifically disclaims any warranties, merchantability or fitness for any particular purpose. Any software described in this
manual is sold or licensed “as is”. Should the programs prove defective following
their purchase, the buyer (and not SNSL, its distributor, or its dealer) assumes the
entire cost of all necessary servicing, repair, and any incidental or consequential
damages resulting from any defect in the software. Further, SNSL reserves the
right to revise this publication and to make changes from time to time in the contents thereof without obligation to notify any person of such revision or changes.
SNSL an abbreviation of Smartlink Network Systems Ltd.
DG-FS4526 User Manual
User Manual
DG-FS4526 L2 Fast Ethernet Switch
Layer 2 Standalone Switch
with 24 10/100BASE-TX (RJ-45) Ports,
and 2 Combination Gigabit (RJ-45/SFP) Ports
DG-FS4526
E092010-CS-R01
F1.1.0.5
149xxxxxxxxxx
i
www.digisol.com
Contents
Chapter 1: Introduction 1-1
Key Features 1-1
Description of Software Features 1-2
System Defaults 1-6
Chapter 2: Initial Configuration 2-1
Connecting to the Switch 2-1
Configuration Options 2-1
Required Connections 2-2
Remote Connections 2-3
Basic Configuration 2-3
Console Connection 2-3
Setting Passwords 2-4
Setting an IP Address 2-4
Manual Configuration 2-4
Dynamic Configuration 2-5
Enabling SNMP Management Access 2-6
Community Strings (for SNMP version 1 and 2c clients) 2-6
Trap Receivers 2-7
Configuring Access for SNMP Version 3 Clients 2-8
Saving Configuration Settings 2-8
Managing System Files 2-9
Chapter 3: Configuring the Switch 3-1
Using the Web Interface 3-1
Navigating the Web Browser Interface 3-2
Home Page 3-2
Configuration Options 3-3
Panel Display 3-3
Main Menu 3-4
Basic Configuration 3-11
Displaying System Information 3-11
Displaying Switch Hardware/Software Versions 3-12
Displaying Bridge Extension Capabilities 3-14
Setting the Switch’s IP Address 3-15
Manual Configuration 3-16
Using DHCP/BOOTP 3-17
Enabling Jumbo Frames 3-18
Managing Firmware 3-18
Downloading System Software from a Server 3-19
Contents
ii
www.digisol.com
Saving or Restoring Configuration Settings 3-20
Downloading Configuration Settings from a Server 3-21
Console Port Settings 3-22
Telnet Settings 3-25
Configuring Event Logging 3-27
Displaying Log Messages 3-27
System Log Configuration 3-27
Remote Log Configuration 3-29
Simple Mail Transfer Protocol 3-30
Resetting the System 3-32
Setting the System Clock 3-33
Configuring SNTP 3-33
Setting the Time Zone 3-34
Setting the Time Manually 3-34
Simple Network Management Protocol 3-35
Setting Community Access Strings 3-36
Specifying Trap Managers and Trap Types 3-37
Enabling SNMP Agent Status 3-38
Configuring SNMPv3 Management Access 3-39
Setting the Local Engine ID 3-39
Specifying a Remote Engine ID 3-41
Configuring SNMPv3 Users 3-41
Configuring Remote SNMPv3 Users 3-43
Configuring SNMPv3 Groups 3-44
Setting SNMPv3 Views 3-46
User Authentication 3-48
Configuring User Accounts 3-48
Configuring Local/Remote Logon Authentication 3-50
AAA Authorization and Accounting 3-54
Configuring AAA RADIUS Group Settings 3-55
Configuring AAA TACACS+ Group Settings 3-55
Configuring AAA Accounting 3-56
AAA Accounting Update 3-58
AAA Accounting 802.1X Port Settings 3-58
AAA Accounting Exec Command Privileges 3-59
AAA Accounting Exec Settings 3-61
AAA Accounting Summary 3-61
Authorization Settings 3-63
Authorization EXEC Settings 3-64
Authorization Summary 3-64
Configuring HTTPS 3-65
Replacing the Default Secure-site Certificate 3-66
Configuring the Secure Shell 3-67
Configuring the SSH Server 3-69
Generating the Host Key Pair 3-70
DG-FS4526 User Manual
iii
www.digisol.com
Configuring Port Security 3-72
Configuring 802.1X Port Authentication 3-73
Displaying 802.1X Global Settings 3-75
Configuring 802.1X Global Settings 3-75
Configuring Port Settings for 802.1X 3-76
Displaying 802.1X Statistics 3-79
Web Authentication 3-80
Configuring Web Authentication 3-81
Configuring Web Authentication for Ports 3-82
Displaying Web Authentication Port Information 3-83
Re-authenticating Web Authenticated Ports 3-84
Network Access – MAC Address Authentication 3-84
Configuring the MAC Authentication Reauthentication Time 3-85
Configuring MAC Authentication for Ports 3-86
Displaying Secure MAC Address Information 3-88
Access Control Lists 3-89
Configuring Access Control Lists 3-89
Setting the ACL Name and Type 3-90
Configuring a Standard IP ACL 3-90
Configuring an Extended IP ACL 3-91
Configuring a MAC ACL 3-94
Binding a Port to an Access Control List 3-95
Filtering IP Addresses for Management Access 3-96
Port Configuration 3-98
Displaying Connection Status 3-98
Configuring Interface Connections 3-100
Creating Trunk Groups 3-103
Statically Configuring a Trunk 3-104
Enabling LACP on Selected Ports 3-105
Configuring LACP Parameters 3-107
Displaying LACP Port Counters 3-109
Displaying LACP Settings and Status for the Local Side 3-110
Displaying LACP Settings and Status for the Remote Side 3-112
Setting Broadcast Storm Thresholds 3-113
Configuring Port Mirroring 3-115
Configuring Rate Limits 3-116
Rate Limit Configuration 3-116
Showing Port Statistics 3-117
Address Table Settings 3-122
Setting Static Addresses 3-122
Displaying the Address Table 3-123
Changing the Aging Time 3-125
Spanning Tree Algorithm Configuration 3-125
Displaying Global Settings 3-126
Configuring Global Settings 3-129
Contents
iv
www.digisol.com
Displaying Interface Settings 3-132
Configuring Interface Settings 3-135
Configuring Multiple Spanning Trees 3-137
Displaying Interface Settings for MSTP 3-139
Configuring Interface Settings for MSTP 3-141
VLAN Configuration 3-143
IEEE 802.1Q VLANs 3-143
Enabling or Disabling GVRP (Global Setting) 3-146
Displaying Basic VLAN Information 3-147
Displaying Current VLANs 3-147
Creating VLANs 3-149
Adding Static Members to VLANs (VLAN Index) 3-150
Adding Static Members to VLANs (Port Index) 3-152
Configuring VLAN Behavior for Interfaces 3-153
Configuring IEEE 802.1Q Tunneling 3-155
Enabling QinQ Tunneling on the Switch 3-158
Adding an Interface to a QinQ Tunnel 3-160
Private VLANs 3-162
Displaying Current Private VLANs 3-162
Configuring Private VLANs 3-163
Associating VLANs 3-164
Displaying Private VLAN Interface Information 3-165
Configuring Private VLAN Interfaces 3-166
Protocol VLANs 3-168
Protocol VLAN Group Configuration 3-168
Configuring Protocol VLAN Interfaces 3-169
Link Layer Discovery Protocol 3-170
Setting LLDP Timing Attributes 3-170
Configuring LLDP Interface Attributes 3-172
Displaying LLDP Local Device Information 3-175
Displaying LLDP Remote Port Information 3-176
Displaying LLDP Remote Information Details 3-177
Displaying Device Statistics 3-178
Displaying Detailed Device Statistics 3-180
Class of Service Configuration 3-180
Layer 2 Queue Settings 3-181
Setting the Default Priority for Interfaces 3-181
Mapping CoS Values to Egress Queues 3-182
Selecting the Queue Mode 3-184
Setting the Service Weight for Traffic Classes 3-184
Layer 3/4 Priority Settings 3-186
Mapping Layer 3/4 Priorities to CoS Values 3-186
Enabling IP DSCP Priority 3-186
Mapping DSCP Priority 3-187
Mapping IP Port Priority 3-188
DG-FS4526 User Manual
v
www.digisol.com
Mapping IP Precedence Priority 3-190
Mapping IP TOS Priority 3-192
Mapping CoS Values to ACLs 3-194
Quality of Service 3-195
Configuring Quality of Service Parameters 3-195
Configuring a Class Map 3-196
Creating QoS Policies 3-198
Attaching a Policy Map to Ingress Queues 3-201
VoIP Traffic Configuration 3-202
Configuring VoIP Traffic 3-202
Configuring VoIP Traffic Port 3-203
Configuring Telephony OUI 3-205
Multicast Filtering 3-207
Layer 2 IGMP (Snooping and Query) 3-207
Configuring IGMP Snooping and Query Parameters 3-208
Enabling IGMP Immediate Leave 3-210
Displaying Interfaces Attached to a Multicast Router 3-211
Specifying Static Interfaces for a Multicast Router 3-212
Displaying Port Members of Multicast Services 3-213
Assigning Ports to Multicast Services 3-214
IGMP Filtering and Throttling 3-215
Enabling IGMP Filtering and Throttling 3-216
Configuring IGMP Filter Profiles 3-216
Configuring IGMP Filtering and Throttling for Interfaces 3-218
Multicast VLAN Registration 3-220
Configuring Global MVR Settings 3-221
Displaying MVR Interface Status 3-222
Displaying Port Members of Multicast Groups 3-223
Configuring MVR Interface Status 3-224
Assigning Static Multicast Groups to Interfaces 3-226
DHCP Snooping 3-227
DHCP Snooping Configuration 3-228
DHCP Snooping VLAN Configuration 3-228
DHCP Snooping Information Option Configuration 3-229
DHCP Snooping Port Configuration 3-230
IP Source Guard 3-231
IP Source Guard Port Configuration 3-231
Static IP Source Guard Binding Configuration 3-232
Dynamic IP Source Guard Binding Information 3-233
Switch Clustering 3-234
Cluster Configuration 3-235
Cluster Member Configuration 3-236
Cluster Member Information 3-237
Cluster Candidate Information 3-238
UPnP 3-239
Contents
vi
www.digisol.com
UPnP Configuration 3-239
Chapter 4: Command Line Interface 4-1
Using the Command Line Interface 4-1
Accessing the CLI 4-1
Console Connection 4-1
Telnet Connection 4-2
Entering Commands 4-3
Keywords and Arguments 4-3
Minimum Abbreviation 4-3
Command Completion 4-3
Getting Help on Commands 4-3
Showing Commands 4-4
Partial Keyword Lookup 4-5
Negating the Effect of Commands 4-5
Using Command History 4-5
Understanding Command Modes 4-5
Exec Commands 4-6
Configuration Commands 4-7
Command Line Processing 4-8
Command Groups 4-9
Line Commands 4-10
line 4-11
login 4-11
password 4-12
timeout login response 4-13
exec-timeout 4-13
password-thresh 4-14
silent-time 4-15
databits 4-15
parity 4-16
speed 4-17
stopbits 4-17
disconnect 4-18
show line 4-18
General Commands 4-19
enable 4-19
disable 4-20
configure 4-21
show history 4-21
reload 4-22
end 4-22
exit 4-23
quit 4-23
DG-FS4526 User Manual
vii
www.digisol.com
System Management Commands 4-24
Device Designation Commands 4-24
prompt 4-24
hostname 4-25
Banner 4-25
banner configure 4-26
banner configure company 4-27
banner configure dc-power-info 4-28
banner configure department 4-28
banner configure equipment-info 4-29
banner configure equipment-location 4-30
banner configure ip-lan 4-30
banner configure lp-number 4-31
banner configure manager-info 4-32
banner configure mux 4-32
banner configure note 4-33
show banner 4-34
User Access Commands 4-35
username 4-35
enable password 4-36
IP Filter Commands 4-37
management 4-37
show management 4-38
Web Server Commands 4-39
ip http port 4-39
ip http server 4-39
ip http secure-server 4-40
ip http secure-port 4-41
Telnet Server Commands 4-42
ip telnet port 4-42
ip telnet server 4-42
Secure Shell Commands 4-43
ip ssh server 4-45
ip ssh timeout 4-46
ip ssh authentication-retries 4-46
ip ssh server-key size 4-47
delete public-key 4-47
ip ssh crypto host-key generate 4-48
ip ssh crypto zeroize 4-48
ip ssh save host-key 4-49
show ip ssh 4-49
show ssh 4-50
show public-key 4-51
Event Logging Commands 4-52
logging on 4-52
Contents
viii
www.digisol.com
logging history 4-53
logging host 4-54
logging facility 4-54
logging trap 4-55
clear logging 4-55
show logging 4-56
show log 4-57
SMTP Alert Commands 4-58
logging sendmail host 4-58
logging sendmail level 4-59
logging sendmail source-email 4-60
logging sendmail destination-email 4-60
logging sendmail 4-61
show logging sendmail 4-61
Time Commands 4-62
sntp client 4-62
sntp server 4-63
sntp poll 4-64
show sntp 4-64
clock timezone 4-65
calendar set 4-65
show calendar 4-66
System Status Commands 4-66
show startup-config 4-66
show running-config 4-68
show system 4-70
show users 4-70
show version 4-71
Frame Size Commands 4-72
jumbo frame 4-72
Flash/File Commands 4-73
copy 4-73
delete 4-75
dir 4-76
whichboot 4-77
boot system 4-77
Authentication Commands 4-78
Authentication Sequence 4-79
authentication login 4-79
authentication enable 4-80
RADIUS Client 4-81
radius-server host 4-81
radius-server auth-port 4-82
radius-server acct-port 4-82
radius-server key 4-83
DG-FS4526 User Manual
ix
www.digisol.com
radius-server retransmit 4-83
radius-server timeout 4-84
show radius-server 4-84
TACACS+ Client 4-85
tacacs-server host 4-85
tacacs-server port 4-86
tacacs-server key 4-86
tacacs-server retransmit 4-87
tacacs-server timeout 4-87
show tacacs-server 4-87
AAA Commands 4-88
aaa group server 4-89
server 4-89
aaa accounting dot1x 4-90
aaa accounting exec 4-91
aaa accounting commands 4-92
aaa accounting update 4-93
accounting dot1x 4-93
accounting exec 4-94
accounting commands 4-94
aaa authorization exec 4-95
authorization exec 4-96
show accounting 4-96
Port Security Commands 4-97
port security 4-98
802.1X Port Authentication 4-99
dot1x system-auth-control 4-99
dot1x default 4-100
dot1x max-req 4-100
dot1x port-control 4-101
dot1x operation-mode 4-101
dot1x re-authenticate 4-102
dot1x re-authentication 4-102
dot1x timeout quiet-period 4-103
dot1x timeout re-authperiod 4-104
dot1x timeout tx-period 4-104
dot1x intrusion-action 4-105
show dot1x 4-105
Network Access – MAC Address Authentication 4-108
network-access mode 4-108
network-access max-mac-count 4-109
mac-authentication intrusion-action 4-110
mac-authentication max-mac-count 4-110
network-access dynamic-vlan 4-111
network-access guest-vlan 4-111
Contents
x
www.digisol.com
mac-authentication reauth-time 4-112
clear network-access 4-113
show network-access 4-113
show network-access mac-address-table 4-114
Web Authentication 4-115
web-auth login-attempts 4-116
web-auth quiet-period 4-116
web-auth session-timeout 4-117
web-auth system-auth-control 4-117
web-auth 4-118
show web-auth 4-118
show web-auth interface 4-119
web-auth re-authenticate (Port) 4-119
web-auth re-authenticate (IP) 4-120
show web-auth summary 4-120
Access Control List Commands 4-122
IP ACLs 4-123
access-list ip 4-123
permit, deny (Standard ACL) 4-124
permit, deny (Extended ACL) 4-125
show ip access-list 4-126
ip access-group 4-127
show ip access-group 4-127
MAC ACLs 4-128
access-list mac 4-128
permit, deny (MAC ACL) 4-129
show mac access-list 4-130
mac access-group 4-131
show mac access-group 4-131
ACL Information 4-132
show access-list 4-132
show access-group 4-132
SNMP Commands 4-133
snmp-server 4-134
show snmp 4-134
snmp-server community 4-135
snmp-server contact 4-136
snmp-server location 4-136
snmp-server host 4-137
snmp-server enable traps 4-139
snmp-server engine-id 4-140
show snmp engine-id 4-141
snmp-server view 4-142
show snmp view 4-143
snmp-server group 4-144
DG-FS4526 User Manual
xi
www.digisol.com
show snmp group 4-145
snmp-server user 4-146
show snmp user 4-148
Interface Commands 4-150
interface 4-150
description 4-151
speed-duplex 4-151
negotiation 4-152
capabilities 4-153
flowcontrol 4-154
shutdown 4-155
broadcast byte-rate 4-156
switchport broadcast 4-156
clear counters 4-157
show interfaces status 4-157
show interfaces counters 4-158
show interfaces switchport 4-159
Mirror Port Commands 4-162
port monitor 4-162
show port monitor 4-163
Rate Limit Commands 4-164
rate-limit 4-164
Link Aggregation Commands 4-165
channel-group 4-166
lacp 4-167
lacp system-priority 4-168
lacp admin-key (Ethernet Interface) 4-169
lacp admin-key (Port Channel) 4-170
lacp port-priority 4-171
show lacp 4-171
Address Table Commands 4-175
mac-address-table static 4-175
clear mac-address-table dynamic 4-176
show mac-address-table 4-176
mac-address-table aging-time 4-177
show mac-address-table aging-time 4-178
LLDP Commands 4-178
lldp 4-180
lldp holdtime-multiplier 4-180
lldp medFastStartCount 4-181
lldp notification-interval 4-181
lldp refresh-interval 4-182
lldp reinit-delay 4-183
lldp tx-delay 4-183
lldp admin-status 4-184
Contents
xii
www.digisol.com
lldp notification 4-184
lldp mednotification 4-185
lldp basic-tlv management-ip-address 4-186
lldp basic-tlv port-description 4-186
lldp basic-tlv system-capabilities 4-187
lldp basic-tlv system-description 4-187
lldp basic-tlv system-name 4-188
lldp dot1-tlv proto-ident 4-188
lldp dot1-tlv proto-vid 4-189
lldp dot1-tlv pvid 4-189
lldp dot1-tlv vlan-name 4-190
lldp dot3-tlv link-agg 4-190
lldp dot3-tlv mac-phy 4-191
lldp dot3-tlv max-frame 4-191
lldp dot3-tlv poe 4-192
lldp medtlv extpoe 4-192
lldp medtlv inventory 4-193
lldp medtlv location 4-193
lldp medtlv med-cap 4-194
lldp medtlv network-policy 4-194
show lldp config 4-195
show lldp info local-device 4-197
show lldp info remote-device 4-198
show lldp info statistics 4-199
Spanning Tree Commands 4-201
spanning-tree 4-202
spanning-tree mode 4-202
spanning-tree forward-time 4-203
spanning-tree hello-time 4-204
spanning-tree max-age 4-205
spanning-tree priority 4-205
spanning-tree pathcost method 4-206
spanning-tree transmission-limit 4-207
spanning-tree mst-configuration 4-207
mst vlan 4-208
mst priority 4-208
name 4-209
revision 4-210
max-hops 4-210
spanning-tree spanning-disabled 4-211
spanning-tree cost 4-211
spanning-tree port-priority 4-212
spanning-tree edge-port 4-213
spanning-tree portfast 4-213
spanning-tree link-type 4-214
DG-FS4526 User Manual
xiii
www.digisol.com
spanning-tree mst cost 4-215
spanning-tree mst port-priority 4-216
spanning-tree protocol-migration 4-217
show spanning-tree 4-217
show spanning-tree mst configuration 4-219
VLAN Commands 4-220
GVRP and Bridge Extension Commands 4-220
bridge-ext gvrp 4-221
show bridge-ext 4-221
switchport gvrp 4-222
show gvrp configuration 4-222
garp timer 4-223
show garp timer 4-224
Editing VLAN Groups 4-224
vlan database 4-224
vlan 4-225
Configuring VLAN Interfaces 4-226
interface vlan 4-226
switchport mode 4-227
switchport acceptable-frame-types 4-228
switchport ingress-filtering 4-228
switchport native vlan 4-229
switchport allowed vlan 4-230
switchport forbidden vlan 4-231
Displaying VLAN Information 4-232
show vlan 4-232
Configuring IEEE 802.1Q Tunneling 4-233
dot1q-tunnel system-tunnel-control 4-233
switchport dot1q-tunnel mode 4-234
switchport dot1q-tunnel tpid 4-235
show dot1q-tunnel 4-235
Configuring Private VLANs 4-236
private-vlan 4-238
private vlan association 4-238
switchport mode private-vlan 4-239
switchport private-vlan host-association 4-240
switchport private-vlan isolated 4-240
switchport private-vlan mapping 4-241
show vlan private-vlan 4-242
Configuring Protocol-based VLANs 4-243
protocol-vlan protocol-group (Configuring Groups) 4-243
protocol-vlan protocol-group (Configuring Interfaces) 4-244
show protocol-vlan protocol-group 4-245
show interfaces protocol-vlan protocol-group 4-246
Priority Commands 4-247
Contents
xiv
www.digisol.com
Priority Commands (Layer 2) 4-247
queue mode 4-247
switchport priority default 4-248
queue bandwidth 4-249
queue cos-map 4-250
show queue mode 4-251
show queue bandwidth 4-251
show queue cos-map 4-252
Priority Commands (Layer 3 and 4) 4-253
map ip dscp 4-253
map ip port 4-254
map ip precedence 4-255
map ip tos 4-256
map access-list ip 4-257
map access-list mac 4-257
show map ip dscp 4-258
show map ip port 4-258
show map ip precedence 4-259
show map ip tos 4-259
show map access-list 4-260
Quality of Service Commands 4-261
class-map 4-262
match 4-263
policy-map 4-264
class 4-264
set 4-265
police 4-266
service-policy 4-267
show class-map 4-268
show policy-map 4-268
show policy-map interface 4-269
Voice VLAN Commands 4-269
voice vlan 4-270
voice vlan aging 4-271
voice vlan mac-address 4-271
switchport voice vlan 4-272
switchport voice vlan rule 4-273
switchport voice vlan security 4-273
switchport voice vlan priority 4-274
show voice vlan 4-275
Multicast Filtering Commands 4-276
IGMP Snooping Commands 4-276
ip igmp snooping 4-276
ip igmp snooping vlan static 4-277
ip igmp snooping version 4-277
DG-FS4526 User Manual
xv
www.digisol.com
ip igmp snooping leave-proxy 4-278
ip igmp snooping immediate-leave 4-279
show ip igmp snooping 4-279
show mac-address-table multicast 4-280
IGMP Query Commands (Layer 2) 4-281
ip igmp snooping querier 4-281
ip igmp snooping query-count 4-282
ip igmp snooping query-interval 4-282
ip igmp snooping query-max-response-time 4-283
ip igmp snooping router-port-expire-time 4-284
Static Multicast Routing Commands 4-284
ip igmp snooping vlan mrouter 4-285
show ip igmp snooping mrouter 4-285
IGMP Filtering and Throttling Commands 4-286
ip igmp filter (Global Configuration) 4-286
ip igmp profile 4-287
permit, deny 4-288
range 4-288
ip igmp filter (Interface Configuration) 4-289
ip igmp max-groups 4-289
ip igmp max-groups action 4-290
show ip igmp filter 4-291
show ip igmp profile 4-291
show ip igmp throttle interface 4-292
Multicast VLAN Registration Commands 4-292
mvr (Global Configuration) 4-293
mvr (Interface Configuration) 4-294
show mvr 4-296
IP Interface Commands 4-298
ip address 4-298
ip default-gateway 4-299
ip dhcp restart 4-300
show ip interface 4-300
show ip redirects 4-301
ping 4-301
DHCP Snooping Commands 4-303
ip dhcp snooping 4-303
ip dhcp snooping vlan 4-305
ip dhcp snooping trust 4-306
ip dhcp snooping verify mac-address 4-307
ip dhcp snooping information option 4-307
ip dhcp snooping information policy 4-308
ip dhcp snooping database flash 4-309
show ip dhcp snooping 4-309
show ip dhcp snooping binding 4-310
Contents
xvi
www.digisol.com
IP Source Guard Commands 4-310
ip source-guard 4-310
ip source-guard binding 4-312
show ip source-guard 4-313
show ip source-guard binding 4-313
Switch Cluster Commands 4-314
cluster 4-314
cluster commander 4-315
cluster ip-pool 4-315
cluster member 4-316
rcommand 4-317
show cluster 4-317
show cluster members 4-318
show cluster candidates 4-318
UPnP Commands 4-318
upnp device 4-319
upnp device ttl 4-319
upnp device advertise duration 4-320
show upnp 4-320
Appendix A: Software Specifications A-1
Software Features A-1
Management Features A-2
Standards A-2
Management Information Bases A-3
Appendix B: Troubleshooting B-1
Problems Accessing the Management Interface B-1
Using System Logs B-2
Glossary
Index
xvii
www.digisol.com
Tables
Table 1-1 Key Features 1-1
Table 1-2 System Defaults 1-6
Table 3-1 Configuration Options 3-3
Table 3-2 Main Menu 3-4
Table 3-3 Logging Levels 3-28
Table 3-5 Supported Notification Messages 3-44
Table 3-6 HTTPS System Support 3-65
Table 3-7 802.1X Statistics 3-79
Table 3-8 LACP Port Counters 3-109
Table 3-9 LACP Internal Configuration Information 3-110
Table 3-10 LACP Neighbor Configuration Information 3-112
Table 3-11 Port Statistics 3-117
Table 3-12 Mapping CoS Values to Egress Queues 3-182
Table 3-13 CoS Priority Levels 3-182
Table 3-14 IP DSCP to CoS Queue Mapping 3-187
Table 3-15 Mapping IP Precedence Values to CoS Priority Queues 3-190
Table 3-16 Mapping IP TOS Values to CoS Priority Queues 3-192
Table 4-1 Command Modes 4-6
Table 4-2 Configuration Modes 4-7
Table 4-3 Command Line Processing 4-8
Table 4-4 Command Groups 4-9
Table 4-5 Line Commands 4-10
Table 4-6 General Commands 4-19
Table 4-7 System Management Commands 4-24
Table 4-8 Device Designation Commands 4-24
Table 4-9 Banner Commands 4-25
Table 4-10 User Access Commands 4-35
Table 4-11 Default Login Settings 4-35
Table 4-12 IP Filter Commands 4-37
Table 4-13 Web Server Commands 4-39
Table 4-14 HTTPS System Support 4-40
Table 4-15 Telnet Server Commands 4-42
Table 4-16 SSH Commands 4-43
Table 4-17 show ssh - display description 4-50
Table 4-18 Event Logging Commands 4-52
Table 4-19 Logging Levels 4-53
Table 4-20 show logging flash/ram - display description 4-56
Table 4-21 show logging trap - display description 4-57
Table 4-22 SMTP Alert Commands 4-58
Table 4-23 Time Commands 4-62
Table 4-24 System Status Commands 4-66
Table 4-25 Frame Size Commands 4-72
Tables
xviii
www.digisol.com
Table 4-26 Flash/File Commands 4-73
Table 4-27 File Directory Information 4-77
Table 4-28 Authentication Commands 4-78
Table 4-29 Authentication Sequence 4-79
Table 4-30 RADIUS Client Commands 4-81
Table 4-31 TACACS+ Commands 4-85
Table 4-33 Port Security Commands 4-97
Table 4-34 802.1X Port Authentication 4-99
Table 4-35 Network Access 4-108
Table 4-36 Web Authentication 4-115
Table 4-37 Access Control Lists 4-122
Table 4-38 IP ACLs 4-123
Table 4-39 MAC ACL Commands 4-128
Table 4-40 ACL Information 4-132
Table 4-41 SNMP Commands 4-133
Table 4-42 show snmp engine-id - display description 4-141
Table 4-43 show snmp view - display description 4-143
Table 4-44 show snmp group - display description 4-146
Table 4-45 show snmp user - display description 4-148
Table 4-46 Interface Commands 4-150
Table 4-47 Interfaces Switchport Statistics 4-160
Table 4-48 Mirror Port Commands 4-162
Table 4-49 Rate Limit Commands 4-164
Table 4-50 Link Aggregation Commands 4-165
Table 4-51 show lacp counters - display description 4-172
Table 4-52 show lacp internal - display description 4-173
Table 4-53 show lacp neighbors - display description 4-174
Table 4-54 show lacp sysid - display description 4-174
Table 4-55 Address Table Commands 4-175
Table 4-56 LLDP Commands 4-178
Table 4-57 Spanning Tree Commands 4-201
Table 4-58 VLANs 4-220
Table 4-59 GVRP and Bridge Extension Commands 4-220
Table 4-60 Editing VLAN Groups 4-224
Table 4-61 Configuring VLAN Interfaces 4-226
Table 4-62 Show VLAN Commands 4-232
Table 4-63 IEEE 802.1Q Tunneling Commands 4-233
Table 4-64 Private VLAN Commands 4-236
Table 4-65 Protocol-based VLAN Commands 4-243
Table 4-66 Priority Commands 4-247
Table 4-67 Priority Commands (Layer 2) 4-247
Table 4-68 Default CoS Values to Egress Queues 4-250
Table 4-69 Priority Commands (Layer 3 and 4) 4-253
Table 4-70 IP DSCP to CoS Queue 4-253
Table 4-71 Mapping IP Precedence to CoS Queues 4-255
DG-FS4526 User Manual
xix
www.digisol.com
Table 4-72 IP TOS to CoS Queue 4-256
Table 4-73 Quality of Service Commands 4-261
Table 4-74 Voice VLAN Commands 4-269
Table 4-75 Multicast Filtering Commands 4-276
Table 4-76 IGMP Snooping Commands 4-276
Table 4-77 IGMP Query Commands (Layer 2) 4-281
Table 4-78 Static Multicast Routing Commands 4-284
Table 4-79 IGMP Filtering and Throttling Commands 4-286
Table 4-80 Multicast VLAN Registration Commands 4-293
Table 4-81 show mvr - display description 4-296
Table 4-82 show mvr interface - display description 4-297
Table 4-83 show mvr members - display description 4-297
Table 4-84 IP Interface Commands 4-298
Table 4-85 DHCP Snooping Commands 4-303
Table 4-86 IP Source Guard Commands 4-310
Table 4-87 Switch Cluster Commands 4-314
Table B-1 Troubleshooting Chart B-1
Tables
xx
www.digisol.com
xxi
www.digisol.com
Figures
Figure 3-1 Home Page 3-2
Figure 3-2 Panel Display 3-3
Figure 3-3 System Information 3-11
Figure 3-4 Switch Information 3-13
Figure 3-5 Bridge Extension Configuration 3-14
Figure 3-6 Manual IP Configuration 3-16
Figure 3-7 DHCP IP Configuration 3-17
Figure 3-8 Jumbo Frames Configuration 3-18
Figure 3-9 Copy Firmware 3-19
Figure 3-10 Setting the Startup Code 3-19
Figure 3-11 Deleting Files 3-20
Figure 3-12 Downloading Configuration Settings for Startup 3-21
Figure 3-13 Setting the Startup Configuration Settings 3-22
Figure 3-14 Console Port Settings 3-24
Figure 3-15 Enabling Telnet 3-26
Figure 3-16 Displaying Logs 3-27
Figure 3-17 System Logs 3-28
Figure 3-18 Remote Logs 3-30
Figure 3-19 Enabling and Configuring SMTP 3-31
Figure 3-20 Resetting the System 3-32
Figure 3-21 SNTP Configuration 3-33
Figure 3-22 Setting the System Clock 3-34
Figure 3-23 Setting the Current Date and Time 3-35
Figure 3-24 Configuring SNMP Community Strings 3-37
Figure 3-25 Configuring IP Trap Managers 3-38
Figure 3-26 Enabling SNMP Agent Status 3-39
Figure 3-27 Setting an Engine ID 3-40
Figure 3-28 Setting a Remote Engine ID 3-41
Figure 3-29 Configuring SNMPv3 Users 3-42
Figure 3-30 Configuring Remote SNMPv3 Users 3-43
Figure 3-31 Configuring SNMPv3 Groups 3-46
Figure 3-32 Configuring SNMPv3 Views 3-47
Figure 3-33 Access Levels 3-49
Figure 3-34 Authentication Settings 3-52
Figure 3-35 AAA Radius Group Settings 3-55
Figure 3-36 AAA TACACS+ Group Settings 3-56
Figure 3-37 AAA Accounting Settings 3-57
Figure 3-38 AAA Accounting Update 3-58
Figure 3-39 AAA Accounting 802.1X Port Settings 3-59
Figure 3-40 AAA Accounting Exec Command Privileges 3-60
Figure 3-41 AAA Accounting Exec Settings 3-61
Figure 3-42 AAA Accounting Summary 3-62
Figures
xxii
www.digisol.com
Figure 3-43 AAA Authorization Settings 3-63
Figure 3-44 AAA Authorization Exec Settings 3-64
Figure 3-45 AAA Authorization Summary 3-65
Figure 3-46 HTTPS Settings 3-66
Figure 3-47 SSH Server Settings 3-69
Figure 3-48 SSH Host-Key Settings 3-71
Figure 3-49 Configuring Port Security 3-73
Figure 3-50 802.1X Global Information 3-75
Figure 3-51 802.1X Global Configuration 3-76
Figure 3-52 802.1X Port Configuration 3-77
Figure 3-53 Displaying 802.1X Port Statistics 3-80
Figure 3-54 Web Authentication Configuration 3-81
Figure 3-55 Web Authentication Port Configuration 3-82
Figure 3-56 Web Authentication Port Information 3-83
Figure 3-57 Web Authentication Port Re-authentication 3-84
Figure 3-58 Network Access Configuration 3-86
Figure 3-59 Network Access Port Configuration 3-87
Figure 3-60 Network Access MAC Address Information 3-88
Figure 3-61 Selecting ACL Type 3-90
Figure 3-62 Configuring Standard IP ACLs 3-91
Figure 3-63 Configuring Extended IP ACLs 3-93
Figure 3-64 Configuring MAC ACLs 3-95
Figure 3-65 Configuring ACL Port Binding 3-96
Figure 3-66 Creating an IP Filter List 3-97
Figure 3-67 Displaying Port/Trunk Information 3-99
Figure 3-68 Port/Trunk Configuration 3-101
Figure 3-69 Configuring Static Trunks 3-104
Figure 3-70 LACP Trunk Configuration 3-106
Figure 3-71 LACP Port Configuration 3-108
Figure 3-72 LACP - Port Counters Information 3-110
Figure 3-73 LACP - Port Internal Information 3-111
Figure 3-74 LACP - Port Neighbors Information 3-113
Figure 3-75 Port Broadcast Control 3-114
Figure 3-76 Mirror Port Configuration 3-116
Figure 3-77 Input Rate Limit Port Configuration 3-117
Figure 3-78 Port Statistics 3-121
Figure 3-79 Configuring a Static Address Table 3-123
Figure 3-80 Configuring a Dynamic Address Table 3-124
Figure 3-81 Setting the Address Aging Time 3-125
Figure 3-82 Displaying Spanning Tree Information 3-128
Figure 3-83 Configuring Spanning Tree 3-131
Figure 3-84 Displaying Spanning Tree Port Information 3-134
Figure 3-85 Configuring Spanning Tree per Port 3-137
Figure 3-86 Configuring Multiple Spanning Trees 3-138
Figure 3-87 Displaying MSTP Interface Settings 3-140
DG-FS4526 User Manual
xxiii
www.digisol.com
Figure 3-88 Displaying MSTP Interface Settings 3-143
Figure 3-89 Globally Enabling GVRP 3-146
Figure 3-90 Displaying Basic VLAN Information 3-147
Figure 3-91 Displaying Current VLANs 3-148
Figure 3-92 Configuring a VLAN Static List 3-150
Figure 3-93 Configuring a VLAN Static Table 3-151
Figure 3-94 VLAN Static Membership by Port 3-152
Figure 3-95 Configuring VLANs per Port 3-154
Figure 3-96 802.1Q Tunnel Status and Ethernet Type 3-159
Figure 3-97 Tunnel Port Configuration 3-161
Figure 3-98 Private VLAN Information 3-163
Figure 3-99 Private VLAN Configuration 3-164
Figure 3-100 Private VLAN Association 3-165
Figure 3-101 Private VLAN Port Information 3-166
Figure 3-102 Private VLAN Port Configuration 3-167
Figure 3-103 Protocol VLAN Configuration 3-169
Figure 3-104 Protocol VLAN Port Configuration 3-170
Figure 3-105 LLDP Configuration 3-172
Figure 3-106 LLDP Port Configuration 3-174
Figure 3-107 LLDP Local Device Information 3-175
Figure 3-108 LLDP Remote Port Information 3-176
Figure 3-109 LLDP Remote Information Details 3-177
Figure 3-110 LLDP Device Statistics 3-179
Figure 3-111 LLDP Device Statistics Details 3-180
Figure 3-112 Port Priority Configuration 3-181
Figure 3-113 Traffic Classes 3-183
Figure 3-114 Queue Mode 3-184
Figure 3-115 Configuring Queue Scheduling 3-185
Figure 3-116 IP DSCP Priority Status 3-186
Figure 3-117 Mapping IP DSCP Priority Values 3-187
Figure 3-118 Globally Enabling the IP Port Priority Status 3-188
Figure 3-119 IP Port Priority 3-189
Figure 3-120 Globally Enabling the IP Precedence Priority Status 3-190
Figure 3-121 Mapping IP Precedence to Class of Service Queues 3-191
Figure 3-122 Globally Enabling the IP TOS Priority Status 3-192
Figure 3-123 Mapping IP TOS to Class of Service Queues 3-193
Figure 3-124 Mapping CoS Values to ACLs 3-194
Figure 3-125 Configuring Class Maps 3-197
Figure 3-126 Configuring Policy Maps 3-200
Figure 3-127 Service Policy Settings 3-201
Figure 3-128 Configuring VoIP Traffic 3-203
Figure 3-129 VoIP Traffic Port Configuration 3-204
Figure 3-130 Telephony OUI List 3-206
Figure 3-131 IGMP Configuration 3-210
Figure 3-132 IGMP Immediate Leave 3-211
Figures
xxiv
www.digisol.com
Figure 3-133 Displaying Multicast Router Port Information 3-212
Figure 3-134 Static Multicast Router Port Configuration 3-213
Figure 3-135 IP Multicast Registration Table 3-214
Figure 3-136 IGMP Member Port Table 3-215
Figure 3-137 Enabling IGMP Filtering and Throttling 3-216
Figure 3-138 IGMP Profile Configuration 3-218
Figure 3-139 IGMP Filter and Throttling Port Configuration 3-219
Figure 3-140 MVR Global Configuration 3-222
Figure 3-141 MVR Port Information 3-223
Figure 3-142 MVR Group IP Information 3-224
Figure 3-143 MVR Port Configuration 3-225
Figure 3-144 MVR Group Member Configuration 3-226
Figure 3-145 DHCP Snooping Configuration 3-228
Figure 3-146 DHCP Snooping VLAN Configuration 3-229
Figure 3-147 DHCP Snooping Information Option Configuration 3-230
Figure 3-148 DHCP Snooping Port Configuration 3-230
Figure 3-149 IP Source Guard Port Configuration 3-232
Figure 3-150 Static IP Source Guard Binding Configuration 3-233
Figure 3-151 Dynamic IP Source Guard Binding Information 3-234
Figure 3-152 Cluster Member Choice 3-235
Figure 3-153 Cluster Configuration 3-236
Figure 3-154 Cluster Member Configuration 3-237
Figure 3-155 Cluster Member Information 3-237
Figure 3-156 Cluster Candidate Information 3-238
Figure 3-157. UPnP Configuration 3-239
1-1
www.digisol.com
Chapter 1: Introduction
This switch provides a broad range of features for Layer 2 switching. It includes a
management agent that allows you to configure the features listed in this manual.
The default configuration can be used for most of the features provided by this
switch. However, there are many options that you should configure to maximize the
switch’s performance for your particular network environment.
Key Features
Table 1-1 Key Features
Feature Description
Configuration Backup and
Restore
Backup to TFTP server
Authentication AAA – Authentication, Authorization, and Accounting
Console, Telnet, web – User name / password, RADIUS, TACACS+
Web – HTTPS
Teln et – SS H
SNMP v1/2c - Community strings
SNMP version 3 – MD5 or SHA password
Port – IEEE 802.1X, MAC address filtering
Access Control Lists Supports IP and MAC ACLs, 100 rules per system
DHCP Client Supported
DHCP Snooping Supported with Option 82 relay information
Port Configuration Speed, duplex mode and flow control
Rate Limiting Input rate limiting per port
Port Mirroring One port mirrored to a single analysis port
Port Trunking Supports up to 12 trunks using either static or dynamic trunking (LACP)
Broadcast Storm Control Supported
Static Address Up to 8K MAC addresses in the forwarding table
IEEE 802.1D Bridge Supports dynamic data switching and addresses learning
Store-and-Forward Switching Supported to ensure wire-speed switching while eliminating bad frames
Spanning Tree Algorithm Supports standard STP, Rapid Spanning Tree Protocol (RSTP), and Multiple
Spanning Trees (MSTP)
Virtual LANs Up to 255 using IEEE 802.1Q, port-based, private VLANs, protocol VLANs,
QinQ tunneling, Voice VLAN
Traffic Prioritization Default port priority, traffic class map, queue scheduling, or Differentiated
Services Code Point (DSCP), IP Precedence, IP TOS, and TCP/UDP Port
Quality of Service Supports Differentiated Services (DiffServ)
Introduction
1-2
1
www.digisol.com
Description of Software Features
The switch provides a wide range of advanced performance enhancing features.
Flow control eliminates the loss of packets due to bottlenecks caused by port
saturation. Broadcast storm suppression prevents broadcast traffic storms from
engulfing the network. Port-based and private VLANs, plus support for automatic
GVRP VLAN registration provide traffic security and efficient use of network
bandwidth. CoS priority queueing ensures the minimum delay for moving real-time
multimedia data across the network. While multicast filtering provides support for
real-time network applications. Some of the management features are briefly
described below.
Configuration Backup and Restore – You can save the current configuration
settings to a file on a TFTP server, and later download this file to restore the switch
configuration settings.
Authentication – The switch supports Authentication, authorization, and accounting
(AAA) as the main framework for configuring access control on the switch. AAA
provides accounting and billing for IEEE 802.1X authenticated users that access the
network, and for users that access management interfaces through the console and
Telnet. Authorization is provided for users that access management interfaces on
the switch through the console and Telnet. The AAA features use RADIUS or
TACACS+ server groups for centralized and robust administration control.
Other authentication options include HTTPS for secure management access via the
web, SSH for secure management access over a Telnet-equivalent connection, IP
address filtering for SNMP/web/Telnet management access, and MAC address
filtering for port access.
Access Control Lists – ACLs provide packet filtering for IP frames (based on
address, protocol, or TCP/UDP port number) or any frames (based on MAC address
or Ethernet type). ACLs can be used to improve performance by blocking
unnecessary network traffic or to implement security controls by restricting access to
specific network resources or protocols.
Port Configuration – You can manually configure the speed, duplex mode, and
flow control used on specific ports, or use auto-negotiation to detect the connection
settings used by the attached device. Use the full-duplex mode on ports whenever
possible to double the throughput of switch connections. Flow control should also be
enabled to control network traffic during periods of congestion and prevent the loss
of packets when port buffer thresholds are exceeded. The switch supports flow
control based on the IEEE 802.3x standard.
Multicast Filtering Supports IGMP snooping and query, as well as Multicast VLAN Registration
Switch Clustering Supports up to 36 Member switches in a cluster
Table 1-1 Key Features
Feature Description
Loading...