Fortinet Forti 548B User Manual
FortiSwitch-548B
Version 5.2.0.2
User Guide
FortiSwitch-548B User Guide
Version 5.2.0.2
Revision 2
15 December 2010
© Copyright 2010 Fortinet, Inc. All rights reserved. No part of this publication including text, examples,
diagrams or illustrations may be reproduced, transmitted, or translated in any form or by any means,
electronic, mechanical, manual, optical or otherwise, for any purpose, without prior written permission of
Fortinet, Inc.
Trademarks
Dynamic Threat Prevention System (DTPS), APSecure, FortiASIC, FortiBIOS, FortiBridge, FortiClient,
FortiGate®, FortiGate Unified Threat Management System, FortiGuard®, FortiGuard-Antispam,
FortiGuard-Antivirus, FortiGuard-Intrusion, FortiGuard-Web, FortiLog, FortiAnalyzer, FortiManager,
Fortinet®, FortiOS, FortiPartner, FortiProtect, FortiReporter, FortiResponse, FortiShield, FortiVoIP, and
FortiWiFi are trademarks of Fortinet, Inc. in the United States and/or other countries. The names of
actual companies and products mentioned herein may be the trademarks of their respective owne rs.
Regulatory compliance
FCC Class A Part 15 CSA/CUS
Table of Contents
1. Introduction..................................................................................................................6
1.1 Scope...................................................................................................................6
1.2 Documentation.....................................................................................................6
1.3 Customer Service and Technical Support ............................................................6
1.4 Training.................................................................................................................6
2. Product Overview........................................................................................................8
2.1 Switch Description................................................................................................8
2.2 Features...............................................................................................................8
2.3 Front-Panel Components...................................................................................10
2.4 LED Indicators....................................................................................................10
2.5 Rear Panel Description ......................................................................................10
2.6 Management Options.........................................................................................11
2.7 Web-based Management Interface....................................................................11
2.8 Command Line Console Interface Through the Serial Port or Telnet................. 11
2.9 SNMP-Based Management................................................................................ 11
3. Installation and Quick Startup....................................................................................14
3.1 Package Contents..............................................................................................14
3.2 Switch Installation...............................................................................................15
3.3 Installing the Switch in a Rack............................................................................16
3.4 Quick Starting the Switch ...................................................................................17
3.5 System Information Setup..................................................................................18
4. Console and Telnet Administration Interface.............................................................22
4.1 Local Console Management...............................................................................22
4.2 Set Up your Switch Using Console Access........................................................22
4.3 Set Up your Switch Using Telnet Access............................................................24
5. Web-Based Management Interface...........................................................................25
5.1 Overview ............................................................................................................25
5.2 How to log in.......................................................................................................26
5.3 Web-Based Management Menu.........................................................................27
6. Command Line Interface Structure and Mode-based CLI.........................................31
6.1 CLI Command Format........................................................................................31
6.2 CLI Mode-based Topology..................................................................................32
7. Switching Commands................................................................................................34
7.1 System Information and Statistics commands....................................................34
- 3 -
7.2 Device Configuration Commands.......................................................................42
7.3 Management Commands.................................................................................153
7.4 Sp anning Tree Commands...............................................................................202
7.5 System Log Management Commands.............................................................222
7.6 Script Management Commands.......................................................................229
7.7 User Account Management Commands...........................................................231
7.8 Security Commands.........................................................................................237
7.9 CDP (Cisco Discovery Protocol) Commands...................................................269
7.10 SNTP (Simple Network Time Protocol) Commands.........................................274
7.11 MAC-Based Voice VLAN Commands ..............................................................280
7.12 LLDP (Link Layer Discovery Protocol) Commands..........................................284
7.13 Denial Of Service Commands..........................................................................301
7.14 VTP (VLAN Trunking Protocol) Commands .....................................................310
7.15 Protected Ports Commands.............................................................................316
7.16 Static MAC Filtering Commands.......................................................................318
7.17 System Utilities.................................................................................................320
7.18 DHCP Snooping Commands............................................................................342
7.19 IP Source Guard (IPSG) Commands ...............................................................350
7.20 Dynamic ARP Inspection (DAI) Command.......................................................353
7.21 Differentiated Service Command......................................................................360
7.22 ACL Command.................................................................................................389
7.23 IPv6 ACL Command.........................................................................................397
7.24 CoS (Class of Service) Command ...................................................................401
7.25 Domain Name Server Relay Commands .........................................................408
8. Routing Commands.................................................................................................414
8.1 Address Resolution Protocol (ARP) Commands..............................................414
8.2 IP Routing Commands.....................................................................................420
8.3 Open Shortest Path First (OSPF) Commands .................................................432
8.4 BOOTP/DHCP Relay Commands....................................................................468
8.5 Routing Information Protocol (RIP) Commands...............................................471
8.6 Router Discovery Protocol Commands ............................................................480
8.7 VLAN Routing Commands ...............................................................................483
8.8 Virtual Router Redundancy Protocol (VRRP) Commands ...............................484
9. IP Multicast Commands...........................................................................................493
9.1 Distance Vector Multicast Routing Protocol (DVMRP) Commands..................493
9.2 Internet Group Management Protocol (IGMP) Commands..............................498
9.3 MLD Commands ..............................................................................................507
- 4 -
9.4 Multicast Commands........................................................................................513
9.5 Protocol Independent Multicast – Dense Mode (PIM-DM) Commands............519
9.6 Protocol Independent Multicast – Sparse Mode (PIM-SM) Commands...........523
9.7 IGMP Proxy Commands...................................................................................532
9.8 MLD Proxy Commands ....................................................................................537
10. IPv6 Commands......................................................................................................542
10.1 Tunnel Interface Commands............................................................................542
10.2 Loopback Interface Commands .......................................................................544
10.3 IPv6 Routing Commands .................................................................................546
10.4 OSPFv3 Commands ........................................................................................566
10.5 RIPng Commands............................................................................................597
10.6 Protocol Independent Multicast – Dense Mode (PIM-DM) Commands............602
10.7 Protocol Independent Multicast – Sparse Mode (PIM-SM) Commands...........605
11. Web-Based Management Interface.........................................................................614
11.1 Overview ..........................................................................................................614
11.2 System Men u ...................................................................................................615
11.3 Switching Menu................................................................................................694
11.4 Routing Menu...................................................................................................785
11.5 Security Menu ..................................................................................................841
11.6 IPv6 Menu ........................................................................................................865
11.7 QOS Menu .......................................................................................................899
11.8 IPv4 Multicast Menu .........................................................................................933
11.9 IPv6 Multicast Menu .........................................................................................958
- 5 -
1. Introduction
1.1 Scope
This document describes:
how to install the FortiSwitch-548B switch (the Switch)
how to use the CLI console to manage the Switch
how to use the web-based management interface to configure the Switch
1.2 Documentation
The Fortinet Technical Documentation web site, http://docs.fortinet.com, provides the most up-to-date
versions of Fortinet publications, as well as additional technical documentation such as technical notes.
1.2.1 Fortinet Knowledge Base
The Fortinet Knowledge Base provides additional Fortinet technical documentation, such as
troubleshooting and how-to-articles, examples, FAQs, technical notes, a glossary, and more. Visit the
Fortinet Knowledge Base at http://kb.fortinet.com.
1.2.2 Comments on Fortinet Technical Documentation
Please send information about any errors or omissions in this or any Fortinet technical document to
techdoc@fortinet.com
.
1.3 Customer Service and Technical Support
Fortinet Technical Support provides services designed to make sure that your Fortinet products install
quickly, configure easily, and operate reliably in your network.
To learn about the technical support services that Fortinet provides, visit the Fortinet Technical Support
web site at https://support.fortinet.com.
You can dramatically improve the time that it takes to resolve your technical support ticket by providing
your configuration file, a network diagram, and other specific information. For a list of required
information, see the Fortinet Knowledge Center article What does Fortinet Technical Support require in
order to best assist the customer?T
1.4 Training
Fortinet Training Services provides classes that orient you quickly to your new equipment, and
certifications to verify your knowledge level. Fortinet provides a variety of training programs to serve the
needs of our customers and partners world-wide.
- 6 -
To learn about the training services that Fortinet provides, visit the Fortinet Training Services web site at
http://campus.training.fortinet.com, or email them at training@fortinet.com.
- 7 -
2. Product Overview
2.1 Switch Description
FortiSwitch-548B is a SFP+ 10-Gigabit Ethernet backbone switch designed for adaptability and
scalability. The Switch provides a management platform and uplink to backbone. Alternatively, the Switch
can utilize up to 48 10-Gigabit Ethernet ports to function as a central distribution hub for other switches,
switch groups, or routers. The built-in 1000/100/10 Ethernet port is for out of service. The
FortiSwitch-548B power system provides two power supplies. The FortiSwitch-548B SFP+ port also
provides 1-Gigabit speed by manual settings.
2.2 Features
• Supports 48 SFP+ 10-Gigabit Ethernet ports
• 1 built-in 1000/100/10 Ethernet port for out of band switch mangement.
• Support two power supplies
Software will detect power failure and read information(what power install on your system)
• IEEE 802.3z and IEEE 802.3x compliant Flow Control for all 10-Gigabit ports
• Supports 802.1D STP, 802.1S MSTP, and 802.1w Rapid Spanning Tree for redundant back up
bridge paths
• Supports 802.1Q VLAN, Protocol-based VLAN, Subnet-based VLAN, MAC-based VLAN, Protected
Port, Double VLAN, Voice VLAN, GVRP, GMRP, IGMP snooping, 802.1p Priority Queues, Port
Channel, port mirroring
• Supports VTP (VLAN Trunking Protocol)
• Supports CDP
• Supports LLDP with potential communication problems detection
• Supports Port Security
• Multi-layer Access Control (based on MAC address, IP address, VLAN, Protocol, 802.1p, DSCP)
• Quality of Service (QoS) customized control
• 802.1x (port-based) access control and RADIUS Client support
• TACACS+ support
• Administrator-definable port security
• Supports DHCP Snooping, Dynamic ARP Inspection and IP Source Guard (IPSG)
• ARP support
• IP Routing support
• OSPF v2 and v3 support
• RIP v1/v2 and RIPng support
• Router Discovery Protocol support
• Virtual Router Redundancy Protocol (VRRP) support
- 8 -
• VLAN routing support
• IP Multicast support
• IGMP v1, v2, and v3 support
• DVMRP support
• Protocol Independent Multicast - Dense Mode (PIM-DM) support for IPv4 and IPv6
• Protocol Independent Multicast - Sparse Mode (PIM-SM) support for IPv4 and IPv6
• IPV6 function
Supports DHCPv6 protocol, OSPFv3 protocol, Tunneling, loopback
Provides to configure IPv6 rotuing interface, routing preference
• DHCP Client and Relay support
• DNS Client and Relay support
• Per-port bandwidth control
• SNMP v.1, v.2, v.3 network management, RMON support
• Supports Web-based management
• CLI management support
• Fully configurable either in-band or out-of-band control via RS-232 console serial connection
• Telnet remote control console
• TraceRoute support
• Traffic Segmentation
• TFTP/FTP upgrade
• SysLog support
• Simple Network Time Protocol support
• Web GUI Traffic Monitoring
• SSH Secure Shell version 1 and 2 support
• SSL Secure HTTP TLS Version 1 and SSL version 3 support
• Fibre Channel Over Ethernet(FCoE)
FIP Snooping
• Data Center Bridge(DCB)
Enhanced Transmission Selection(ETS, IEEE 802.1Qaz)
Priority Flow Control(PFC, IEEE 802.1Qbb)
Congestion Notification(CN, IEEE 802.1Qau)
- 9 -
2.3 Front-Panel Components
The front panel of the Switch consists of 48 10-Gigabit interfaces, 2 LED indicato rs, 1 built-in 1000/100/10
RJ-45 Ethernet service ports, an RS-232 communication port, and 48 port LEDs.
The upper LED indicators display power status. The lower LED indicators displays the status of the
switch. An RS-232 DCE console port is for setting up and managing the Switch via a connection to a
console terminal or PC using a terminal emulation program. Each port LED has two colors: Color green
represents port link status; Color Orange represents port activity status and it will be blinking if the port
has an activity.
2.4 LED Indicators
The Status LED indicator represnts status of the switch. The Power LED indicator repre sent power ON or
OFF.
2.5 Rear Panel Description
The rear panel of the Switch contains Dual Redundant AC power connector and Four Fans. The four fans
can be built in back-to-front and front-to-back(depend on customer requirement).
The AC power connector is a standard three-pronged conne ctor that supports the power cord. Plug the
female connector of the provided power cord into this socket, and the male side of the cord into a power
outlet. The Switch automatically adjusts its power setting to any supply voltage in the range from 100 ~
240 VAC at 50 ~ 60 Hz.
- 10 -
2.6 Management Options
The system may be managed by using one Service Ports through a Web Browswer,Telent, SNMP
function and using the console port on the front panel through CLI command.
2.7 Web-based Management Interface
After you have successfully installed the Switch, you can configure the Switch, monitor the LED panel,
and display statistics graphically using a Web browser, such as Mozilla FireFox (versi on 3.6 or higher) or
Microsoft® Internet Explorer (version 5.0 or above).
!
To access the Switch through a Web browser, the computer running the Web browser mu st
have IP-based network access to the Switch.
2.8 Command Line Console Interface Through the Serial Port or Telnet
You can also connect a computer or terminal to the serial console port or use Telnet to access the Switch.
The command-line-driven interface provides complete access to all switch management features.
2.9 SNMP-Based Management
You can manage the Switch with an SNMP-compatible console program. The Switch supports SNMP
version 1.0, version 2.0, and version 3.0. The SNMP agent decodes the incoming SNMP messages and
responds to requests with MIB objects stored in the database. The SNMP agent updates the MIB object s
to generate statistics The Switch supports a comprehensive set of MIB extensions:
• RFC1643 Ether-like MIB
• RFC1493 Bridge
• RFC 2819 RMON
• RFC 2233 Interface MIB
• RFC 2571 (SNMP Frameworks)
• RFC 2572 (Message Processing for SNMP)
• RFC 2573 (SNMP Applications)
• RFC 2576 (Coexistence between SNMPs)
• RFC 2618 (Radius-Auth-Client-MIB)
• RFC 2620 (Radius-Acc-Client-MIB)
• RFC 1724 (RIPv2-MIB)
• RFC 1850 (OSPF-MIB)
• RFC 1850 (OSPF-TRAP-MIB)
• RFC 2787 (VRRP-MIB)
- 11 -
• RFC 3289 - DIFFSERV-DSCP-TC
• RFC 3289 - DIFFSERV-MIB
• QOS-DIFFSERV-EXTENSIONS-MIB
• QOS-DIFFSERV-PRIVATE-MIB
• RFC 2674 802.1p
• RFC 2932 (IPMROUTE-MIB)
• Fortinet Enterprise MIB
• ROUTING-MIB
• MGMD-MIB
• RFC 2934 PIM-MIB
• DVMRP-STD-MIB
• IANA-RTPROTO-MIB
• MULTICAST-MIB
• FASTPATH-ROUTING6-MIB
• IEEE8021-PAE-MIB
• INVENTORY-MIB
• MGMT-SECURITY-MIB
• QOS-ACL-MIB
• QOS-COS-MIB
• RFC 1907 - SNMPv2-MIB
• RFC 2465 - IPV6-MIB
• RFC 2466 - IPV6-ICMP-MIB
• TACACS-MIB
• USM-TARGET-TAG-MIB
• IGMP/MLD Snooping
• IGMP/MLD Layer2 Multicast
• QoS – IPv6 ACL
• Voice VLAN
• Guest VLAN
• LLDP MED
• RFC 2925 (DISMAN-TRACEROUTE-MIB)
• RFC 2080 (RIPng)
• OSPFV3-MIB
- 12 -
- 13 -
3. Installation and Quick Startup
3.1 Package Contents
Before you begin installing the Switch, confirm that your package contains the following items:
• One FortiSwitch-548B Layer III 10-Gigabit Managed Switch
• Mounting kit: 2 mounting brackets and screws
• Four rubber feet with adhesive backing
• One AC power cord
• This User’s Guide with Registration Card
• CLI Reference
• CD-ROM with User’s Guide and CLI Reference
- 14 -
3.2 Switch Installation
Installing the Switch Without the Rack
1. Install the Switch on a level surface that can safely support the weight of the Switch and its attached
cables. The Switch must have adequate space for ventilation and for accessing cable connectors.
2. Set the Switch on a flat surface and check for proper ventilation. Allow at least 5 cm (2 inches) on
each side of the Switch and 15 cm (6 inches) at the back for the power cable.
3. Attach the rubber feet on the marked locations on the bottom of the chassis.
The rubber feet are recommended to keep the unit from slipping.
- 15 -
3.3 Installing the Switch in a Rack
You can install the Switch in most standard 19-inch (48.3-cm) racks. Refer to the illustrations below.
1. Use the supplied screws to attach a mounting bracket to each side of the Switch.
2. Align the holes in the mounting bracket with the holes in the rack.
3. Insert and tighten two screws through each of the mounting brackets.
- 16 -
3.4 Quick Starting the Switch
1. Read the device Installation Guide for the connectivity procedure. In-band connectivity allows access
to the FortiSwitch-548B Series Switch locally. From a remote workstation,the device must be
configured with IP information (IP address, subnet mask, and default gateway).
2. Turn the Power ON.
3. Allow the device to load the software until the login prompt appears. The device initial state is called
the default mode.
4. When the prompt asks for operator login, do the following:
• Type the word admin in the login area. Since a number of the Quick Setup commands require
administrator account rights, FORTINET suggests logging into an administrator account.
• Do not enter a password because there is no password in the default mode.
• Press the <Enter> key
• The CLI Privileged EXEC mode prompt will be displayed.
• Use “configure” to switch to the Global Config mode from Privileged EXEC.
• Use “exit” to return to the previous mode.
- 17 -
ge p
3.5 System Information Setup
3.5.1 Quick Start up Software Version Information
Table 2-1. Quick Start up Software Version Information
Command Details
show hardware Allows the user to see the HW & SW version
the device contains
System Description - switch's model name
show version Allows the user to see Serial Number, Part
Number, and Model name
See SW loader, bootrom and operation
version
See HW version
3.5.2 Quick Start up Physical Port Data
Table 2-2. Quick Start up Physical Port
Command Details
show Interface status { <slot/port> |
all}
Displays the Ports slot/port
Type - Indicates if the port is a special type of
port
Admin Mode - Selects the Port Control
Administration State
Physical Mode - Selects the desired port
speed and duplex mode
Physical Status - Indicates the port speed and
duplex mode
Link Status - Indicates whether the link is up or
down
Link Trap - Determines whether or not to send
a trap when link status changes
LACP Mode - Displays whether LACP is
enabled or disabled on this port
Flow Mode - Indicates the status of flow control
on this port
Cap. Status - Indicates the port capabilities
during auto-negotiation
3.5.3 Quick Start up User Account Management
Table 2-3. Quick Start up User Account Management
Command Details
show users Displays all users that are allowed to access
the switch
User Access Mode - Shows whether the user
is able to chan
- 18 -
arameters on the switch
show loginsession
(Read/Write) or is only able to view (Read
Only).
As a factory default, admin has Read/Write
access and guest has Read Only access.
There can only be one Read/Write user and up
to 5 Read Only users.
Displays all login session information
username <username> {passwd |
nopasswd}
copy running-config startup-config
[filename]
3.5.4 Quick Start up IP Address
Allows the user to set passwords or change
passwords needed to login
A prompt will appear after the command is
entered requesting the old password. In the
absence of an old password leave the area
blank. The operator must press enter to
execute the command.
The system then prompts the user for a new
password then a prompt to confirm the new
password. If the new password and the
confirmed password match a message will be
displayed.
The user password should not be more than
eight characters in length.
This will save passwords and all other
changes to the device.
If you do not save config, all configurations will
be lost when a power cycle is performed on the
switch or when the switch is reset.
To view the network parameters the operator can access the device by the following three methods.
• Simple Network Management Protocol - SNMP
• Telnet
• Web Browser
Table 2-4. Quick Start up IP Addre ss
Command Details
show ip interface Displays the Network Configurations
IP Address - IP Address of the interface
Default IP is 192.168.2.1
Subnet Mask - IP Subnet Mask for the
interface. Default is 255.255.255.0
Default Gateway - The default Gateway for this
interface
Default value is 0.0.0.0
Burned in MAC Address - The Burned in MAC
Address used for inband connectivity
Network Configurations Protocol Current Indicates which network protocol is being
used. Default is none
- 19 -
Management VLAN Id - Specifies VLAN id
Web Mode - Indicates whether HTTP/Web is
enabled.
Java Mode - Indicates whether java mode is
enabled.
ip address
(Config)#interface vlan 1
(if-vlan 1)#ip address <ipaddr> <netmask>
(if-vlan 1)#exit
(Config)#ip default-gateway <gateway>
IP Address range from 0.0.0.0 to
255.255.255.255
Subnet Mask range from 0.0.0.0 to
255.255.255.255
Gateway Address range from 0.0.0.0 to
255.255.255.255
Displays all of the login session information
3.5.5 Quick Start up Uploading from Switch to Out-of-Band PC
Table 2-5. Quick Start up Uploading from Switch to Out-of-Band PC (XMODEM)
Command Details
copy startup-config xmodem
<filename>
This starts the upload and displays the mode
of uploading and the type of upload it is and
confirms the upload is taking place.
For example:
If the user is using HyperTerminal, the user
must specify where the file is going to be
received by the pc.
3.5.6 Quick Start up Downloading from Out-of-Band PC to Switch
Table 2-6 Quick Start up Downloading from Out-of-Band PC to Switch
Command Details
copy xmodem startup-config
<filename>
Sets the download datatype to be an image or
config file.
The URL must be specified as: xmodem:
filepath/ filename
For example:
If the user is using HyperTerminal, the user
must specify which file is to be sent to the
switch. The Switch will restart automatically
once the code has been downloaded.
3.5.7 Quick Start up Downloading from TFTP Server
Before starting a TFTP server download, the operator must complete the Quick Start up for the
IPAddress.
Table 2-7 Quick Start up Downloading from TFTP Server
Command Details
- 20 -
copy <url> startup-config <filename>
Sets the download datatype to be an image or
config file.
The URL must be specified as:
tftp://ipAddr/filepath/fileName.
The startup-config option downloads the
config file using tftp and image option
downloads the code file.
3.5.8 Quick Start up Factory Defaults
Table 2-8 Quick Start up Factory Defaults
Command Details
clear config
copy running-config startup-config
[filename]
reload Enter yes when the prompt pops up that asks if
Enter yes when the prompt pops up to clear all
the configurations made to the switch.
Enter yes when the prompt pops up that asks if
you want to save the configurations made to
the switch.
you want to reset the system.
You can reset the switch or cold boot the
switch; both work effectively.
- 21 -
4. Console and Telnet Administration Interface
This chapter discusses many of the features used to manage the Switch, and explains many concepts
and important points regarding these features. Configuring the Switch to implement these concepts is
discussed in detail in chapter 6.
4.1 Local Console Management
Local console management involves the administration of the Switch via a direct connection to the
RS-232 DCE console port. This is an Out-of-band connection, me aning that it is on a different circuit than
normal network communications, and thus works even when the network is down.
The local console management connection involves a terminal or PC running terminal emul ation software
to operate the Switch’s built-in console program (see Chapter 6). Using the console program, a network
administrator can manage, control, and monitor many functions of the Switch. Hardware components in
the Switch allow it to be an active part of a manageable network. These components include a CPU,
memory for data storage, other related hardware, and SNMP agent firmware. Activities on the Switch can
be monitored with these components, while the Switch can be manipulated to carry out specific tasks.
4.2 Set Up your Switch Using Console Access
Out-of-band management requires connecting a terminal, such as a VT-100 or a PC running a
terminal-emulation program (such as HyperTerminal, which is automatically installed with Microsoft
Windows) to the RS-232 DCE console port of the Switch. Switch management using the RS-232 DCE
console port is called Local Console Management to differentiate it from management done via
management platforms, such as DView or HP OpenView.
Make sure the terminal or PC you are using to make this connection is configured to match these settings.
If you are having problems making this connection on a PC, make sure the emulation is set to VT-100 or
ANSI. If you still don’t see anything, try pressing <Ctrl> + r to refresh the screen.
First-time configuration must be carried out through a console, that is, either (a) a VT100-type serial data
terminal, or (b) a computer running communications software set to emulate a VT100. Th e consol e mu st
be connected to the Diagnostics port. This is an RS-232 port with a 9-socket D-shell connector and
DCE-type wiring. Make the connection as follows:
1. Obtain suitable cabling for the connection.You can use a null-modem RS-232 cable or an
ordinary RS-232 cable and a null-modem adapter. One end of the cable (or cabl e/adapter
combination) must have a 9-pin D-shell connector suitable for the Diagnostics port; the other end
must have a connector suitable for the console’s serial communications port.
2. Power down the devices, attach the cable (or cable/adapter combination) to the correct ports, and
restore power.
3. Set the console to use the following communication parameters for your terminal:
- 22 -
• The console port is set for the following configuration:
• Baud rate: 11,520
• Data width: 8 bits
• Parity: none
• Stop bits: 1
• Flow Control: none
A typical console connection is illustrated below:
Figure 3-1: Console Setting Environment
- 23 -
4.3 Set Up your Switch Using Telnet Access
Once you have set an IP address for your Switch, you can use a Telnet program (in a VT-100 compatible
terminal mode) to access and control the Switch. Most of the screens are identical, whether accessed
from the console port or from a Telnet interface.
- 24 -
5. Web-Based Management Interface
5.1 Overview
The Fortinet FortiSwitch-548B Series Layer III plus QoS Managed Switch provides a built-in browser
interface that lets you configure and manage it remotely using a standard Web browser such as Microsoft
Internet Explorer 5.0 or later or Netscape Navigator 6.0 or later. This interface also allows for system
monitoring and management of the switch. The ‘help’ page covers many of the basic functions and
features of the switch and its Web interface. When you configure the switch for the first time from the
console, you can assign an IP address and subnet mask to the switch. Thereafter, you can access the
switch’s Web interface directly using your Web browser by entering the switch’s IP address into the
address bar. In this way, you can use your Web browser to ma nage the switch from a central location, just
as if you were directly connected to the switch’s console port. Below figure shows this management
method.
- 25 -
5.2 How to log in
The Fortinet FortiSwitch-548B Series Layer III plus QoS Managed Switch can be configured remotely
from Microsoft Internet Explorer (version 5.0 or above), or Mozilla FireFox (version 3.6 or above).
1. Determine the IP address of your managed switch.
2. Open your Web browser.
3. Log in to the managed switch using the IP address the unit is currently configured with.
4. Type the default user name of admin and default of no password, or whatever password you have set
up.
Once you have entered your access point name, your Web browser automatically finds the
FortiSwitch-548B Series Layer III Managed Switch and display the home page, as shown below.
- 26 -
5.3 Web-Based Management Menu
Menus
The Web-based interface enables navigation through several menus. The main navigation menu is on the
left of every page and contains the screens that let you access all the commands and statistics the switch
provides.
Main Menus
• System
• Switching
• Routing
• Security
• IPv6
• QoS
• IPv4 Multicast
• IPv6 Multicast
- 27 -
Secondary Menus
The Secondary Menus under the Main Menu contain a host of optio ns that you can use to conf igure your
switch. The online help contains a detailed description of the features on each screen. You can click the
‘help’ or the question mark at the top right of each screen to view the help menu topics.
The Secondary Menus are detailed below, with cross-references to the sections in this manual that
contain the corresponding command descriptions.
System
• ARP Cache — see “show arp”
• Inventory — see “show hardware”
• Configuration — see “Management Commands and Device Configuration Commands”
• Forwarding Database — see “Device Configuration Commands’ L2MAC Address”
• Logs — see “System Information and Statistics Commands”
• Port — see “Device Configuration Commands’ Interface”
• sFlow — see “sFlow Commands”
• SNMP — see “SNMP Server Commands and SNMP Trap Commands”
• Statistics — see “show interface counters”
• System Utilities — see “System Utilities”
• Trap Manager — see “show traplog and SNMP Trap Commands”
• SNTP — see “SNTP Commands”
• DHCP Client — see “DHCP Client Commands”
• DNS Relay — see “Domain Name Server Relay Commands”
Switching
• DHCP Snooping — see “DHCP snooping Commands”
• VLAN — see “VLAN Management Commands”
• Portected Port — see “Portected Port Commands”
• Protocol-based VLAN — see “Protocol-based VLAN Commands”
• IP Subnet-based VLAN — see “IP Subnet-based VLAN Commands”
- 28 -
• MAC-based VLAN — see “MAC-based Commands”
• MAC-based Vocie VLAN — see “MAC-based Vocie VLAN Commands”
• Voice VLAN — see “Voice VLAN Commands”
• Filters — see “MAC Filters Commands”
• GARP — see “GVRP and Bridge Extension Commands”
• Dynamic Arp Inspection — see “DAI Commands”
• IGMP Snooping — see “IGMP Snooping Commands”
• IGMP Snooping Querier — see “IGMP Snooping Querier Commands”
• MLD Snooping — see “MLD Snooping Commands”
• MLD Snooping Querier — see “MLD Snooping Querier Commands”
• Port Channel — see “Port Channel Commands”
• Multicast Forwarding DataBase — see “L2 MAC Address and Multicast Forwarding Database Tables
Commands”
• Spanning Tree — see “Spanning Tree Commands”
• Class of Service — see “L2 Priority Commands”
• Port Security — see “Port Security Configuration Commands”
• LLDP — see “LLDP Commands”
• VTP — see “VTP Commands”
• Link State — see “Link state Commands”
• Port Backup — see “Port backup Commands”
• FIP Snooping — see “FIP Snooping Commands”
Routing
• ARP — see “Address Resolution Protocol (ARP) Commands”
• IP — see “IP Routing Commands”
• OSPF — see “Open Shortest Path First (OSPF) Commands”
• BOOTP/DHCP Relay Agent — see “BOOTP/DHCP Relay Commands”
• RIP — see “Routing Information Protocol (RIP) Commands”
• Router Discovery — see “Router Discovery Protocol Commands”
• Router — see “IP Routing Commands”
• VLAN Routing — see “VLAN Routing Commands”
• VRRP — see “Virtual Router Redundancy Protocol (VRRP) Commands”
• Tunnels — see “Tunnels Commands”
• Loopbacks — see “Loopbacks Commands”
Security
• Port Access Control — see “Dot1x Configuration Commands”
• RADIUS — see “Radius Configuration Commands”
• TACACS+ — see “TACACS+ Configuration Commands”
• IP Filter — see “Network Commands”
- 29 -
• Secure HTTP — see “HTTP Commands”
• Secure Shell — see “Secure Shell (SSH) Commands”
IPv6
• OSPFv3 — see “OSPFv3 Configuration Commands”
• IPv6 Routes — see “IPv6 Routes Configuration Commands”
• RIPv6 — see “RIPv6 Configuration Commands”
QoS
• ACL — see “ACL Commands”
• Diffserv — see “Differentiated Services Commands”
• Class of Service see "Class of Service Commands"
IPv4 Multicast
• DVMRP — see “DVMRP Commands”
• IGMP — see “IGMP Commands”
• PIM-DM — see “PIM-DM Commands”
• PIM-SM — see “PIM-SM Commands”
IPv6 Multicast
• MLD — see “MLD Commands”
• PIM-DM — see “PIM-DM Commands”
• PIM-SM — see “PIM-SM Commands”
- 30 -
Loading...