Intel Corporation assumes no responsibility for errors or omissions in this manual. Nor does Intel make any commitment to
update the information contained herein.
* Other names and brands may be claimed as the property of others.
FourthEdition November 2001 A14542-001
Contents
Contents ................................................ i
Table 15.2: IP Multicast Routing Configuration Commands
282
Table 15.3: IP Multicast Routing Show Commands ... 287
Table 15.4: IP Multicast Routing Reset and Disable
This preface provides an overview of this user guide, describes guide
conventions, and lists other useful publications.
Introduction
Information in the “Late
Breaking News” shipped
with your switch is more
up to date than the
information in this guide.
This user guide provides the information you need to configure the Intel®
NetStructure
It is intended for use by network administrators who are responsible for
installing and setting up network equipment, and assumes a basic working
knowledge of:
•Local Area Networks (LANs)
•Ethernet concepts, including switching and bridging
•Routing
•Internet Protocol (IP)
•Routing Information Protocol (RIP) and Open Shortest Path First
The Intel® NetStructure™ 480T routing switch uses a powerful, fullfeatured software operating system for local management of the switch.
This chapter offers an overview of the switch operation and covers these
topics:
•Summary of features
•Software licensing
•Hardware specifications and factory defaults
•Media types
Summary of Features
The features of the 480T routing switch include:
•Virtual local area networks (VLANs) including support for IEEE
•Load sharing (link aggregation) on multiple ports
•RADIUS (Remote Authorization Dial-In User Service) client and
per-command authentication support
•TACACS+ (Terminal Access Controller Access Control System)
support
•Console command line interface (CLI) connection
•Telnet CLI connection
•Web-based management interface
•Simple Network Management Protocol (SNMP) support
•RMON (Remote Monitoring)
•Traffic mirroring for all ports
•Intel® Device View (IDV) support
4
C H A P T E R 1Overview
Full-Duplex Support
The 480T routing switch provides full-duplex support for all ports.
Full-duplex mode allows frames to be transmitted and received
simultaneously and, in effect, doubles the bandwidth available on a
link. All 100/1000 Mbps ports on the 480Tswitch autonegotiate for
half-duplex or full-duplex operation.
The 1000BASE-SX, 1000BASE-LX and 1000LH ports operate in
full-duplex mode only.
Virtual LANs (VLANs)
The local management software has a VLAN feature that enables you
to construct your broadcast domains without being restricted by
physical connections. A VLAN is a group of location and topologyindependent devices that communicate as if they were on the same
physical LAN.
Implementing VLANs on your network has three advantages:
•Better broadcast traffic control - If a device in VLAN Marketing
transmits a broadcast frame, only VLAN Marketing devices
receive the frame.
See Chapter 7, "Virtual
LANs (VLANs)" on
page 95.
See Chapter 9,
"Spanning Tree
Protocol (STP)" on
page 125.
•Extra security - Devices in VLAN Marketing can only
communicate with devices in VLAN Sales using routing services.
•Easier to change or move devices on your networks.
Spanning Tree Protocol (STP)
The 480T routing switch supports the IEEE 802.1D Spanning Tree
Protocol (STP), a bridge-based method of providing fault tolerance
on networks. STP enables you to implement parallel paths for
network traffic, and ensure that redundant paths are:
•Disabled when the main paths are operational.
•Enabled if the main traffic paths fail.
A single spanning tree may span multiple VLANs.
5
®
Intel
NetStructure™480T Routing Switch User Guide
Quality of Service (QoS)
See Chapter 10,"Quality
of Service (QoS)" on
page 135.
See “IP Unicast
Routing” on page 189.
The local management software has Policy-Based Quality of Service
(QoS) features that enable you to specify service levels for different
traffic groups. By default, all traffic is assigned a normal QoS policy
profile.
You can create other QoS policies and apply them to different traffic
types so that they have different guaranteed minimum bandwidth,
maximum bandwidth, and priority.
Unicast Routing
The 480T routing switch can route IP or IPX traffic between VLANs
that are configured as virtual router interfaces. Both dynamic and
static IP routes are maintained in the routing table. The routing
protocols supported include:
•RIP version 1
•RIP version 2
•OSPF-2
•IPX/RIP
•BGP-4
For further information consult these chapters:
•"IP Unicast Routing" on page 189
See “IP Multicast
Routing” on page 275.
6
•"RIP and OSPF" on page 223
•"Border Gateway Protocol (BGP)" on page 255
•"IPX Routing" on page 291
IP Multicast Routing
The 480T routing switch enables you to use IP multicasting to allow
a single IP host to transmit a packet to a group of IP hosts. It supports
multicast routes learned by way of the Distance Vector Multicast
Routing Protocol (DVMRP) or Protocol Independent Multicast,
dense or sparse mode (PIM-DM or PIM-SM).
C H A P T E R 1Overview
Load Sharing
See “Configuring Ports”
on page 79.
Load sharing allows you to increase bandwidth and resiliency by
using a group of ports to carry traffic in parallel between systems. The
switch’s sharing algorithm allows you to use multiple ports as a
single logical port.
For example, VLANs treat the load-sharing group as a single virtual
port.
Software Licensing - Router
License Keys
You can expand the feature set of your switch using a license key.
The keys are unique to the 480T routing switch and are not
transferable. Keys are stored in NVRAM and, once entered, persist
through reboots, software upgrades, and later reconfigurations.
In the firmware, routing protocol support is separated into two sets:
•Basic
•
Full Layer 3.
Basic is a subset of Full Layer 3.
Basic Functionality
Basic functionality requires no license key. It includes all switching
functions, as well as all available Layer 3 QoS, access list, and ESRP
functions.
Basic includes support for these Layer 3 routing functions:
•IP routing using RIP version 1, RIP version 2, or both
•IP routing between directly attached VLANs
•IP routing using static routes
7
®
Intel
NetStructure™480T Routing Switch User Guide
Full Layer 3 Functionality
Switches using a Full Layer 3 license also support other routing
protocols and functions in addition to Basic functions, including:
•IP routing using OSPF
•IP multicast routing using DVMRP
•IP multicast routing using PIM (Dense or Sparse Mode)
•IPX routing (direct, static, and dynamic using IPX/RIP and IPX/
SAP)
•IP routing using BGP
•Server load balancing (SLB)
•Web cache redirection
Verifying the Router License
To verify the router license, use the show switch command.
Upgrading a Router License
You can upgrade the router license of a switch by purchasing a
voucher from Intel. The voucher contains instructions on obtaining a
license key from the Intel web site at support.intel.com.
Once a license key is entered, it is not necessary to enter the
information again. We recommend keeping the upgrade voucher for
your records.
Physical Features
Front View
Figure 1.1 shows the switch front view.
The 480T routing switch has 12 100/1000-Mbps ports, and four 1000
Mbps-only ports. Ports 13 through 16 use modular GBIC connectors.
8
C H A P T E R 1Overview
®
100/1000 Mbps portsUnit status LEDs
3421
87654321
161514131211109
1112109
13161514
Port status LEDsGBIC ports
®
NetStructure™ 480T routing switch (front)
For information on
Figure 1.1: Intel
Rear View
switch LEDs, refer to
"Switch LEDs" on page
10.
100-120/200-240
AC Connectors
Primary Power
Figure 1.2 shows two rear view configurations. The second has a
redundant power supply.
130116-00 Rev01
7865
N232
MADE IN USA
with partial foreign content
RxTxRxTxRxTxRxTx
ResetAC Connector
Management port
Reset
480t_fr
Console port
480t_rr1
Console port
Redundant Power
100-120/200-240
N232
with partial foreign content
130116-00 Rev01
Figure 1.2: Intel
®
NetStructure™ 480T routing switch (with and
without redundant power supply)
MADE IN USA
Management port
480t_rr2
9
®
Intel
NetStructure™480T Routing Switch User Guide
AC Connector
The 480T routing switch automatically adjusts to the supply voltage.
The power supply unit (PSU) operates down to 100V, and is suitable
for both 110 VAC and 200-240 VAC operation.
Serial Number
Use this serial number for fault-reporting purposes.
Console Port
Use the console port (9-pin, D-type connector) for connecting a
terminal and carrying out local out-of-band management.
For information on
supported media types
and distances, refer to
Table 1.3 on page 14.
Management Port
The management port (RJ-45 connector) is a 10/100 Mbps Ethernet
connection used for out-of-band management.
MAC Address
This label shows the unique Ethernet MAC address assigned to this
device.
Switch LEDs
Table 1.1 describes the light emitting diode (LED) behavior on the
480T routing switch.
10
C H A P T E R 1Overview
.
Table 1.1: Switch LEDs
LEDColorIndicates
1000BASE-X Port Status LEDs (GBIC LEDs)
Link/activityGreen
Orange
Green flashing (steady)
Off
100/1000BASE-T Port Status LEDs
Link/activityGreen
Orange
Green flashing (steady)
Off
Speed StatusGreen
Off
10/100 Management Port Status LEDs
Link/activityGreen
Orange
Off
Unit Status LEDs
Link is present; port is enabled.
Frames are being transmitted/received on this
port.
Link is present; port is disabled.
Link is not present.
Link is present; port is enabled.
Frames are being transmitted/received on the port.
Link is present; port is disabled.
Link is not present.
1000 BASE-T operation.
100 BASE-TX operation.
Link is present.
Frames are passing through this port.
Link is not present.
Power 1 and
Green
Power 2
Orange
Off
MGMTGreen flashing (slow)
Green flashing (fast)
Orange
Either or both LEDs green indicates the 480T
routing switch is powered up.
An orange power LED indicates a power,
overheat, or fan failure on the corresponding
power supply unit.
Both LEDs off indicates the switch is powered off.
The 480T routing switch is operating normally.
POST is in progress.
The switch has failed POST.
11
®
Intel
NetStructure™480T Routing Switch User Guide
Software Factory Defaults
Table 1.2 lists factory defaults for global features.
Table 1.2: Global Factory Defaults
ItemDefault Setting
Serial or Telnet user accountadmin with no password and user with no password
Web network managementEnabled
Telne tEnabled
SNMP accessEnabled
SNMP read community string
SNMP write community string
public
private
RMON Enabled
BOOTPEnabled on the default VLAN
Quality of Service (QoS)Disabled. If enabled, all traffic is part of the default queue
QoS monitoringAutomatic roving
802.1p priorityRecognition enabled
802.3x flow controlEnabled on 1000 Mbps Ethernet ports
CLI idle timeoutEnabled (15 minutes)
Virtual LANsThree VLANs pre-defined. VLAN named default
contains all ports and belongs to the STPD named s0.
VLAN mgmt operates on the 10/100 Ethernet
management port. The management port is DTE only,
and is not capable of switching or routing.
VLAN MacVLanDiscover is active only when using
MAC VLAN.
12
C H A P T E R 1Overview
Table 1.2: Global Factory Defaults (continued)
ItemDefault Setting
802.1Q taggingPackets are untagged on the default VLAN.
Spanning Tree ProtocolDisabled for the Intel® NetStructure™ 480T routing
Table 1.3 describes the media types and distances (cable lengths) for
the different types of switch ports.
Table 1.3: Media Types and Distances
M Hz/Km
TypeMedia
1000BASE-SX50/125 µm Multimode Fiber
50/125 µm Multimode Fiber
62.5/125 µm Multimode Fiber
62.5/125 µm Multimode Fiber
1000BASE-LX50/125 µm Multimode Fiber
50/125 µm Multimode Fiber
62.5/125 µm Multimode Fiber
10µ Single-mode Fiber
1000LH10µ Single-mode Fiber70 Kilometers
1000BASE-T
100BASE-TX
10BASE-T
Category 5 and higher UTP Cable
Category 5 and higher UTP Cable
Category 3 and higher UTP Cable
Rating
400
500
160
200
400
500
500
Maximum
Distance
500 Meters
550 Meters
220 Meters
275 Meters
550 Meters
550 Meters
550 Meters
5 Kilometers
100 Meters
100 Meters
100 Meters
14
C H A P T E R 1Overview
Table 1.4 describes the specifications for the 1000B-LH interface.
Table 1.4: 1000LH Specifications
ParameterMinimumTypic alMaximum
Transceiver
Optical Output Power0 dBm3 dBm5 dBm
Center Wavelength1540 nm1550 nm1560 nm
Receiver
Optical Input Power Sensitivity-20 dBm
Optical Input Power Maximum-3d Bm
Operating Wavelength1200nm1560 nm
The minimum cable
length without a 10 dB
attenuator is 32
kilometers.
Optical Output Power
The transmitter output power level for the 1000-LH is +5dBm. The
maximum allowable receiver input power level is -3dBm. Therefore,
there is a minimum of 8dB loss required for the link to operate
without errors. You can achieve this minimum required loss using a
fiber length of 32km (0.25dB/km provides 8dB loss), or by adding
10dB of fixed optical attenuator at the receiver end.
15
®
Intel
NetStructure™480T Routing Switch User Guide
16
2
Installation and
Setup
This chapter describes:
•Determining the Switch Location
•Installing the Switch
•Connecting Equipment to the Console Port
•Checking the Installation Using the Power-On Self Test (POST)
•Logging In for the First Time
•Upgrading Your Firmware
•Installing the Gigabit Interface Connector (GBIC)
Important Safety Information
Safety related
specifications are provided
in Appendix A, "Technical
Specifications and
Supported Limits" on page
431.
There are no user serviceable parts on the Intel® NetStructure™ 480T
routing switch. The switch uses Class 1 laser technology. The ports emit
invisible infrared light. Do not look directly into open ports.
®
Intel
NetStructure™480T Routing Switch User Guide
Determining the Switch Location
The 480T routing switch can be free standing or mounted in a
standard 19-inch equipment rack. Mounting brackets are supplied
with the switch.
When deciding where to install the switch, ensure that:
•The switch is accessible and you can connect cables easily.
•Water or moisture cannot enter the case of the unit.
•Air flow around the unit and through the side vents is not
restricted.
•The switch has a minimum of 25 mm (1-inch) clearance.
•Units are not stacked more than four high if the switch is free-
standing.
Installing the Switch
You can mount the switch in a rack or place it free-standing on a
tabletop.
Caution: Do not
suspend the switch
from under a table or
desk, or attach it to a
wall.
18
Rack Mounting
To rack mount the 480T routing switch:
1Place the switch upright on a hard flat surface, with the front
facing you.
2Remove the screws (4 each side) from the sides of the chassis
and retain for Step 4.
3Place the mounting bracket over the mounting holes on one side
of the unit.
C H A P T E R 2Installation and Setup
®
4Replace the screws and fully tighten with a screwdriver, as
shown in Figure 2.1.
Figure 2.1: Fitting the mounting bracket
480t_028
5Repeat the two previous steps for the other side of the switch.
6Insert the switch into the 19-inch rack. Ensure that ventilation
holes are not obstructed.
7Secure the switch with rack mount screws (not provided).
8Remove the label over the AC connector and attach the power
cord.
9Attach the cables according to your own network configuration.
Many performance problems are caused by improper cabling. Pay
careful attention to distance and cable type restrictions. See “Media
Types, Distances and Specifications” on page 14.
19
®
Intel
NetStructure™480T Routing Switch User Guide
Free-Standing
The 480T routing switch is supplied with four self-adhesive rubber
pads.
You can stack up to
four switches on top of
one another.
1Apply the pads to the underside of the device by sticking a pad
in the marked area at each corner of the switch.
2Place the devices on top of one another, ensuring that the cor-
ners align.
Connecting Equipment to the Console Port
For direct local management, connect to the console port. The 480T
routing switch console port settings are set as follows:
•Baud rate—9600
•Data bits—8
•Stop bit—1
•Parity—None
•Flow control—XON/XOFF
Be sure the terminal connected to the console port on the switch is
configured with the same settings. This procedure is described in the
documentation supplied with the terminal or terminal emulation
software.
Turning On the Switch
To turn on power to the switch, connect the AC power cable to the
switch and then to the power outlet. The switch has no on/off switch.
Checking the Installation
After plugging in the switch, the device performs a Power-On SelfTest (POST).
During the POST, all ports are temporarily disabled, the packet LED
is off and the power LED is on. The MGMT LED flashes quickly
until the switch has successfully passed the POST, whereby it returns
to the slow flashing state for normal operation.
20
C H A P T E R 2Installation and Setup
If the switch passes the POST, the MGMT LED blinks at a slow rate
(1 blink per second). If the switch fails the POST, the MGMT LED
shows a solid orange light.
Logging In for the First Time
After the switch has completed the Power-On Self Test (POST), it is
operational. Then you can log in to the switch and configure an IP
address for the default VLAN (named default).
To manually configure the IP settings:
1Connect a terminal or workstation running terminal-emulation
software to the console port.
2At your terminal, press Enter one or more times until you see
the login prompt.
3At the login prompt, enter the default user name admin to log in
with administrator privileges.
Administrator
capabilities allow you to
access all switch
functions.
4At the password prompt, press Enter.
The default name admin has no password assigned. When you
have successfully logged in, the command-line prompt
displays the name of the switch (for example,
Switch480T) in
its prompt.
5Assign an IP address and subnetwork mask for VLAN default.
Use these commands (example IP addresses are used):
configure vlan default ipaddress 123.45.67.8
255.255.255.0
configure iproute add default <gateway>
123.45.67.8
enable ipforwarding
enable rip
Your changes should take effect immediately.
6Save your configuration changes so that they are in effect after
the next switch reboot. Use this command to save:
save
7When you have finished, log out of the switch using this
command:
logout
21
®
Intel
NetStructure™480T Routing Switch User Guide
Upgrading Your Firmware
To upgrade your Intel® NetStructure™ 480T routing switch you must
upgrade the BootRom image and firmware. Refer to the Late Breaking News that shipped with your switch for this procedure.
Installing the Gigabit Interface
Connector (GBIC)
Ensure that the SC
fiber-optic connector is
removed from the GBIC
prior to removing the
GBIC from the I/O
module.
Warning: Avoid
exposing your eye to
Class I laser radiation
from open 1000 Mbps
ports. Laser radiation is
invisible to the human
eye. Do not look
directly into the 1000
Mbps port when
installing or removing
GBICs to eliminate any
possible harmful
effects. Class I lasers
are not considered
harmful under normal
operation.
You can add and remove Gigabit Interface Connectors (GBICs) from
the 480T routing switch without powering off the system. Three types
of GBIC modules are available:
•1000BASE-SX
•1000BASE-LX
•1000LH
Figure 2.2 illustrates a typical GBIC.
480t_027
Figure 2.2: GBIC module (1000 Mbps ports)
GBICs are a Class 1 laser device. Use only Intel approved modules.
22
3
Using Intel® Device
View
Intel® Device View is a graphical user interface that helps you manage the
Intel NetStructure
networking devices on your network.
Intel Device View provides these features:
•The ability to configure new network devices
•A graphical device manager for Intel switches, hubs, and routers
•Autodiscovery, which finds supported Intel devices on the network
•Device Tree, which shows all supported devices detected on your
network
•Remote Network Monitoring (RMON)
•Web or Windows
•Plug-in to HP OpenView
Network Manager
•Other useful tools such as a TFTP server
™
480T routing switch and other supported Intel
§
platform
§
, IBM Tivoli NetView§, and Intel LANDesk®
Installing Intel Device View
Before you install Intel Device View, make sure your PC meets the
system recommendations in the Intel Device View User Guide, which is
included on the Intel Device View CD-ROM.
®
Intel
NetStructure™480T Routing Switch User Guide
You can install both the Windows and the Web version of Intel
Device View.
To Install Intel Device View
If you manage devices
with Intel Device View
from only one location
on the network, install
the Windows
§
version.
1.Put the Intel Device View CD-ROM in your computer’s CD-ROM
drive. The Intel Device View installation screen appears. If it does
not appear, run autoplay.exe from the CD-ROM (use the
log from the
Start menu).
Run dia-
If you want to manage
devices from any PC
on the network using
Device View,
Intel
install the Web version.
24
2.Choose the version of Intel Device View you want to install:
•Click
Install for Windows to install Intel Device View for use
on this PC only.
•Click
Install for Web to install Intel Device View on a Web
server. You is able to access the Device View server from any
§
PC on your network with Internet Explorer
•Click
Install as Plug-in to install Intel network device support
4.0x or later.
for HP OpenView, IBM Tivoli NetView, or Intel LANDesk
Network Manager. This option is not available if you do not
have any of these programs installed on the PC.
3.Follow the on-screen instructions in the installation program.
C H A P T E R 3Using Intel® Device View
Starting the Windows§ Version
We recommend you use the Window version of Intel Device View if
you manage devices from only one location on the network.
To start the Windows version:
1From your desktop, click Start.
2Point to Programs > Intel Device View > Intel Device View -
Windows.
Intel Device View’s main screen appears.
Starting the Web Version
We recommend you use the Web version of Intel Device View if you
want to manage devices from any PC on the network
Web version:
To view Intel Device View from another PC on your network, enter
this URL into the Address field for Internet Explorer:
http://<servername>/devview/main.htm
where <servername> is the IP address or name of the server where
Intel Device View is installed. Intel Device View’s main screen
appears.
. To start the
25
®
Intel
NetStructure™480T Routing Switch User Guide
Installing a New Device
After you’ve installed a new switch on your network, you can use
Intel Device View’s Device Install Wizard to configure it for
management.
To Install and Configure a New Switch for
Management
1.Start Intel Device View.
The Device Install Wizard appears. If not, click
Device menu or double-click the appropriate MAC address in the
Device Tree under Unconfigured Devices.
2.In the Start screen, click
3.In the MAC Address screen, click the
switch, and then click
4.Follow the instructions in the wizard to assign an IP address and a
name to the switch.
Next.
MAC address of the new
Next.
Install from the
Using the Device Tree
When you start Intel Device View, the Device Discovery service
begins searching for supported Intel network devices on your
26
C H A P T E R 3Using Intel® Device View
network. As it discovers devices, it adds an icon for each device to the
Device Tree on the left side of the screen.
Different states of the 480T routing switch are represented by unique
icons in the Device Tree as indicated below.
Device Tree icons
Device Tree root
Subnet
Intel Switch (if non-responding the icon is red)
Unconfigured Intel Switch
Group of Intel Switches
Intel Router
Intel Switch (Layer 3 capable)
Intel Stackable Hub
27
®
Intel
NetStructure™480T Routing Switch User Guide
The Device Tree works much like Windows Explorer:
•To expand the root or a subnet, click the (+) next to the icon.
•To collapse the view, click the (-) next to the icon.
•Double-click a device icon to view the device image.
To Add a Device to the Device Tree
1.Right-click anywhere on the Device Tree.
2.When a menu appears, click
3.In the
4.Fill in the other fields, as appropriate.
5.Click
Add Device dialog box, enter the IP address of the switch
want to add.
you
OK.
Add Device.
The new switch’s icon appears in the Device Tree.
To Refresh the Device Tree
1.Right-click anywhere on the Device Tree.
2.When a menu appears, click
Refresh.
Refreshing the Device Tree updates it to show any newly discovered
devices and changes in device status.
To Delete a Device from the Device Tree
1.Right-click the device you want to remove from the Device Tree.
2.Click
Deleting a device from the Device Tree does not affect the actual
device, but only removes the icon from the tree.
Delete on the menu that appears.
To Find a Device in the Device Tree
1.Right-click anywhere on the Device Tree.
2.When a menu appears, click
28
Find.
C H A P T E R 3Using Intel® Device View
3.In the Find Device dialog box, enter the IP address of the device
want to find in the tree.
you
4.Click OK.
The device’s icon is highlighted in the Device Tree.
Losing Contact with a Device
If Intel Device View loses contact with a switch, it replaces the switch
icon with the red non-responding switch icon.
When the red non-responding switch icon appears, you will not be
able to manage the device in Intel Device View.
If you’re unable to ping the device or start a Telnet session, try
accessing the switch’s Local Management. See “Accessing the
Switch” on page 39.
Managing a Switch
To manage a 480T routing switch, double-click the switch icon in the
Device Tree. In the example shown below, the switch was assigned
an IP address of 124.123.122.3.
29
®
Intel
NetStructure™480T Routing Switch User Guide
The Express 480T Web Device Manager appears in the Intel Device
View window.
For complete information on using Intel Device View, refer to the
program’s online help or see the Intel Device View Help file on the
installation CD-ROM.
Viewing RMON Information
The remote monitoring (RMON) specification is a feature of Intel
Device View that extends Simple Network Management Protocol
(SNMP) functionality to look at traffic patterns over the whole
network instead of merely for an individual device. The 480T routing
switch supports these RMON groups:
•Group 1 Statistics—Monitors utilization and error statistics for
each network segment (100Mbps or 1000Mbps).
•Group 2
variables available in the statistics group.
•Group 3
alarm thresholds for statistics. When a threshold is passed, the
30
History—Records periodic statistical samples from
Alarms—Allows you to set a sampling interval and
C H A P T E R 3Using Intel® Device View
switch creates an event (see below). For example, you might set an
alarm if switch utilization exceeds 30%.
•Group 9
do when an event occurs on the network.
Events can send a trap to a trap-receiving station, place an entry
in the log table, or both. For example, when the switch
experiences an RMON event, it sounds an alarm.
The switch also keeps a log that shows a list of the RMON events
and RMON alarms that have occurred on the switch.
Events—Provides notification and tells the switch what to
To View RMON Statistics
1.In the Device Tree, right-click the switch’s icon and then point to
RMON.
2.Click the RMON option you want to view.
You can also access RMON features by using LANDesk Network
Manager, or an SNMP application that supports RMON, such as
OpenView.
For more information about using RMON to monitor the switch, refer
to the Intel Device View Help file included on the CD-ROM.
31
®
Intel
NetStructure™480T Routing Switch User Guide
32
4
Using Web Device
Manager
Web Device Manager is device-management software running in the
®
NetStructure™ 480T routing switch. It allows you to access the
Intel
switch over a TCP/IP network, using a Web browser that supports frames
and JavaScript
Internet Explorer
Web Device Manager provides a subset of the command-line interface
(CLI) commands available for configuring and monitoring the switch. If
a particular command is not available using Web Device Manager, use the
CLI to access the desired functionality.
To use Web Device Manager, at least one VLAN must be assigned an IP
address.
Enabling and Disabling Web Access
By default, Web access is enabled on the switch. You can restrict the use
of Web access using an access profile.
§
(such as Netscape Navigator§ 3.0 or later, or Microsoft
§
3.0 or later) to manage the system.
For information on creating
an access profile see page
324.
An access profile permits or denies a named list of IP addresses and
subnet masks. To configure Web access to use an access profile, use this
command:
enable web access-profile [<access-profile> | none]
{port <tcp_port_number>}
®
Intel
NetStructure™480T Routing Switch User Guide
Use the none option to remove a configured access profile.
To display the status of Web access, use this command:
show management
To disable Web access, use this command:
disable web
To re-enable Web access, use this command:
enable web {access-profile [<access-profile> |
none]} {port <tcp_port_number>]
Reboot the system for these changes to take effect.
Setting Up Your Browser
Your browser’s default settings should work well with Web Device
Manager. Apply these recommended settings to improve the
display features and functionality of Web Device Manager:
•After downloading a newer version of the switch image, clear the
browser disk and memory cache to see the updated menu screens.
It is important to clear the cache while at the main Logon screen,
so that all underlying .GIF files are updated.
•Check for newer versions of stored pages by setting the
cache options to the “every visit” setting:
•When using Netscape Navigator, configure the cache to
check for changes
•When using Microsoft Internet Explorer, configure the
Temporary Internet Files to check for newer versions of
stored pages by selecting
•Images must be auto-loaded.
•Use a high-resolution monitor (1024 x 768 recommended) to
maximize the amount of information displayed in the content
frame. You can also use 800 x 600 pixels.
•Maximize viewing space by turning off the browser toolbars.
•Configure the browser to use these recommended fonts:
•Proportional font—Times New Roman
•Fixed-width font—Courier New
34
Every Time you request a page.
Every visit to the page.
C H A P T E R 4 Using Web Device Manager
Accessing Web Device Manager
To access the default home page of the switch, enter this URL in
your browser (substituting the actual ip address):
http://<ip_address>
When you access the home page of the system, the Login screen
appears. Enter your user name and password and click OK.
If you have entered the name and password of an administratorlevel account, you have access to all Web Device Manager pages. If
you have used a user-level account name and password, you only
have access to the Statistics and Support information.
If multiple people access the same switch using Web Device
Manager, you might see this error message:
Web:server busy
To correct this situation, try logging out of the switch and logging
in again.
Navigating Web Device Manager
After logging in to the switch, the Web Device Manager home page
appears.
Web Device Manager divides the browser screen into these
sections:
•Task frame
•Content frame
•Stand-alone buttons
Tas k F ra m e
The task frame has two sections: menu buttons and submenu links.
There are four task menu buttons:
•Configuration
•Statistics
•Support
•Logout
35
®
Intel
NetStructure™480T Routing Switch User Guide
Below the task buttons are options. Options are specific to the task
button that you select. When you select an option, the information
displayed in the content frame changes.
However, when you select a new task button, the content frame does
not change until you select a new option.
Content Frame
When you submit a
configuration page with no
change an asterisk (*) will
appear at the CLI prompt,
even though actual
configuration values have
not changed.
The content frame contains the main body of information in Web
Device Manager. For example, if you select an option from the
Configuration task button, enter configuration parameters in the
content frame. If you select the Statistics task button, statistics are
displayed in the content frame.
Browser Controls
Browser controls include drop-down list boxes, check boxes, and
multi-select list boxes. A multi-select list box has a scrollbar on the
right side of the box. Using a multi-select list box, you can select a
single item, all items, a set of contiguous items, or multiple noncontiguous items. Table 4.1 describes how to make selections from
a multi-select list box.
Table 4.1: Multi-Select List Box Key Definitions
Selection TypeKey Sequence
Single itemClick the item using the mouse.
All items or
contiguous items
Click the first item, and drag to the last
item.
Contiguous itemsClick the first item, hold down the Shift
key, and click the last desired item.
Selected noncontiguous items
36
Hold down Ctrl, click the first desired
item, click the next desired item, etc.
C H A P T E R 4 Using Web Device Manager
Status Messages
Status messages are displayed at the top of the content frame. There
are four types of status messages:
•Information—Displays information that is useful to know prior
to, or as a result of, changing configuration options.
•Warning—Displays warnings about the switch configuration.
•Error—Displays errors caused by incorrectly configured settings.
•Success—Displays informational messages after you click
Submit. The message displayed reads,
successfully
.
Stand-alone Buttons
At the bottom of some of the content frames is a section that
contains stand-alone buttons. Use these buttons to perform tasks
that are not associated with a particular configuration option. An
example of this is the Reboot Switch button.
Request was submitted
Saving Changes
There are two ways to save your changes in Web Device Manager:
•Select Save Configuration from the Configuration task button,
Switch option.
This field contains a drop-down list box that allows you to
select either the primary or secondary configuration area. After
you select the configuration area, click Submit to save the
changes.
•Click the
If you attempt to log out without saving your changes,
Device Manager
If you select
configuration area.
To change the selected configuration area:
1.Go to the Configuration task button.
2.Select the
Logout button.
Web
prompts you to save your changes.
Yes, the changes are saved to the selected
Switch option.
37
®
Intel
NetStructure™480T Routing Switch User Guide
Filtering Information
On some pages you can click a Filter button to display a subset of
information for a page. For example, on the OSPF configuration
page, you can configure authentication based on the VLAN, area
identifier, or virtual link.
Once you select a filtering option and click the Filter button, the
form that provides the configuration options displays the available
interfaces in the drop-down menu, based on your filtering selection.
Using the Get Command to
Configure a VLAN
When configuring a VLAN using Web Device Manager, prior to
editing the VLAN configuration, you must first click the Get button
to ensure that subsequent edits are applied to the correct VLAN. If
you do not click the Get button and you submit the changes, the
changes are made to the VLAN that was previously displayed.
If you configure a VLAN and then delete it, the default VLAN is
shown in the VLAN name window, but the VLAN information
contained in the lower portion of the page is not updated. Click the
Get button to update the display.
TFTP Server
Intel Device View provides a TFTP Server utility on the Tools
menu.
38
5
Accessing the
Switch
This chapter provides information to help you manage the Intel®
NetStructure™ 480T routing switch, including:
•Understanding the Command Syntax
•Line-Editing Keys
•Command History
•Common Commands
•Configuring Management Access
•Real-time Basic Connectivity Checking
•Methods of Managing the Switch
•Simple Network Management Protocol (SNMP))
For information on using
the save command, see
"Software Upgrade and
Boot Options" on page
419.
To retain configuration changes through a power cycle or reboot, you
must issue a
save command after you have made the change.
Understanding the Command Syntax
This section briefly describes the steps to take when entering a command.
The sections that follow give detailed information for using the
command-line interface.
®
Intel
NetStructure™480T Routing Switch User Guide
To use the command-line interface (CLI):
Most configuration
commands require that
you have administrator
privileges.
An asterisk (*) in front of
the command-line prompt
indicates you have made
changes that have not
been saved.
1.Enter the command name.
When entering a command at the prompt, ensure that you have the
appropriate privilege level.
2.Enter the parameter name and values, if included.
The value (also known as an argument) specifies how you want
the parameter to be set. Values include numerics, strings, or
addresses, depending on the parameter.
3.After entering the complete command, press Enter.
Syntax Helper
The CLI has a built-in syntax helper. If you are unsure of the
complete syntax for a particular command, enter as much of the
command as possible and press Enter. The syntax helper provides a
list of options for the remainder of the command.
The syntax helper also provides assistance if you have entered an
incorrect command.
Command Completion with Syntax Helper
Use the Tab key to access command completion.
1.Enter a partial command.
2.Press the Tab key to post a list of available options.
3.The cursor appears at the end of the command.
Abbreviated Syntax
Abbreviated syntax is the shortest, most unambiguous, allowable
abbreviation of a command or parameter. Typically, this is the first
three letters of the command. For example, ena is sufficient for the
Enable command.
When using abbreviated syntax, you must enter enough characters
to make the command unambiguous and distinguishable to the
switch.
40
C H A P T E R 5Accessing the Switch
Command Shortcuts
All component names must be unique. Name components using the
create command. When you enter a command to configure a
named component, you do not need to use the keyword of the
component. For example, to create a VLAN, you must enter a
unique VLAN name:
create vlan engineering
After you create the VLAN with a unique name, you can eliminate
the keyword
vlan from all other commands that require the name
to be entered. For example, instead of entering the command:
configure vlan engineering delete port 1,4
you can enter this shortcut:
configure engineering delete port 1,4
Numerical Ranges
Commands that require you to enter one or more port numbers on a
switch use the parameter
<portlist> in the syntax. For example:
port 3
A port list can be a range of numbers, for example:
port 1-3
You can add additional port numbers to the list, separated by a
comma:
port 3,4,6
Names
All named components of the switch configuration must:
•Have a unique name.
•Begin with an alphabetical character.
•Be delimited (separated) by a space, unless enclosed in quotation
marks.
41
®
Intel
NetStructure™480T Routing Switch User Guide
Symbols
You may see a variety of symbols shown as part of the command
syntax. These symbols explain how to enter the command, and you
do not type them as part of the command itself. Table 5.1
summarizes command syntax symbols. Press the Tab key in the
command line interface for more command options.
Table 5.1: Command Syntax Symbols
SymbolDescription
< > Angle bracketsEnclose a variable or value. You must specify the variable or value.
For example, in the syntax:
configure vlan <name> ipaddress <ip_address>
you must supply a VLAN name for <name> and an address for
<ip_address> when entering the command. Do not type the angle
brackets.
[ ] Square bracketsEnclose a required value or list of required arguments. You can
specify one or more values or arguments. For example, in the syntax:
use image [primary | secondary]
you must specify either the primary or secondary image when
entering the command. Do not type the square brackets.
| Vertical barSeparates mutually exclusive items in a list, one of which must be
entered. For example, in the syntax:
configure snmp community [readonly | readwrite]
<string>
you must specify either the read or the write community string in the
command. Do not type the vertical bar.
{ } BracesEnclose an optional value or a list of optional arguments. You can
specify one or more values or arguments. For example, in the syntax
reboot {<date> <time> | cancel}
you can specify either a particular date and time combination, or the
keyword
cancel to cancel a scheduled reboot. If you do not specify a
value, the system prompt asks if you want to reboot the routing
switch now. Do not type the braces.
42
C H A P T E R 5Accessing the Switch
Line-Editing Keys
Table 5.2 describes the line-editing keys available using the CLI.
Table 5.2: Line-Editing Keys
Key(s)Description
BackspaceDeletes characters to the left of the cursor and shifts the remainder
of the line to the left.
Delete or Ctrl + DDeletes character at the cursor position and shifts the remainder of
line to the left.
Ctrl + KDeletes characters from the cursor position to the end of the line.
Ctrl + UDeletes characters from the cursor to the beginning of the line.
Ctrl + WDeletes the previous word.
Left ArrowMoves the cursor to the left.
Right ArrowMoves the cursor to the right.
Home or Ctrl + AMoves the cursor to first character on the line.
End or Ctrl + EMoves the cursor to last character on the line.
Ctrl + LClears the screen and moves the cursor to the beginning of the line.
Up Arrow or Ctrl + P Displays the previous command in the command history buffer and
places the cursor at the end of the command.
Down Arrow or Ctrl + NDisplays the next command in the command history buffer and
places the cursor at the end of the command.
43
®
Intel
NetStructure™480T Routing Switch User Guide
Command History
The local management software stores the last 49 commands you
entered. You can display a list of these commands by using this
command:
history
Common Commands
Table 5.3 describes common commands used to manage the 480T
routing switch. Commands specific to particular features are
described in detail throughout the guide. For detailed command
information use the Quick Reference Guide that accompanies this
user manual. Press the Tab key in the command line interface for
more command options.
Table 5.3: Common Commands
CommandDescription
clear session <number>Terminates a Telnet session from the switch.
configure account <username>
{<password>}
configure bannerConfigures the banner string. You can enter
configure ports [all | mgmt | <portlist>] auto
off {speed [100 | 1000]} duplex [half | full]
44
Configures a user account password.
Passwords can have no characters up to a
maximum of 32 characters. User names and
passwords are case-sensitive.
up to 24 rows of 79-column text that is
displayed before the login prompt of each
session. To terminate the command, apply the
banner then press Enter at the beginning of a
line . To clear the banner, press Enter at the
beginning of the first line.
Manually configures Ethernet port speed and
duplex setting of one or more ports on a
switch.
C H A P T E R 5Accessing the Switch
Table 5.3: Common Commands (continued)
CommandDescription
configure time <date> <time>Configures the system date and time. The
Configures an IP address and subnet mask for
a VLAN.
Creates a user account. The command is
available to admin-level users and users with
RADIUS
§
command authorization. The
username can be between 1 and 32
characters. The password can be between 0
and 32 characters.
create vlan <name>Creates a VLAN.
delete account <username>Deletes a user account.
autodst.
delete vlan <name>Deletes a VLAN.
disable bootp vlan [<name> | all]Disables BOOTP for one or more VLANs.
disable cli-config-loggingDisables logging of CLI commands to the
Syslog.
45
®
Intel
NetStructure™480T Routing Switch User Guide
Table 5.3: Common Commands (continued)
CommandDescription
disable clipagingDisables pausing of the screen display when
a
show command output reaches the end of
the page.
disable idletimeoutDisables the timer that disconnects all
sessions. Once disabled, console sessions
remain open until the switch is rebooted or
you log off. Telnet sessions remain open until
you close the Telnet client.
disable port [all | mgmt | <portlist>]Disables a port on the switch.
disable telnetDisables Telnet access to the switch.
disable webDisables Web access to the switch.
enable bootp vlan [<name> | all]Enables BOOTP for one or more VLANs.
enable cli-config-loggingEnables the logging of CLI configuration
commands to the Syslog for auditing
purposes. The default setting is enabled.
enable clipagingEnables pausing of the screen display when
show command output reaches the end of the
page. The default setting is enabled.
enable idletimeoutEnables a timer that disconnects all sessions
(both Telnet and console) after
20 (in
minutes) of inactivity. The default setting is
disabled.
enable license full_L3 <license_key>Enables a particular software feature license.
Specify <
The command
license_key> as an integer.
unconfigure switch all
does not clear licensing information. This
license cannot be disabled after it is enabled
on the switch.
Enables Telnet access to the switch. By
default, Telnet is enabled with no access
profile, and uses Transmission Control
Protocol (TCP) port number 23. To cancel a
previously configured access profile, use the
none option.
enable web {access-profile
[<access_profile> | none]} {port
<tcp_port_number>}
Enables Web access to the switch. By default,
Web access is enabled with no access profile,
using TCP port number 80.
Use the
none option to cancel a previously
configured access profile. Reboot the switch
for this command to take effect.
parameters to factory defaults, except defined
user accounts, and date and time information.
To reset user accounts and date and time,
specify the keyword
all which erases the
selected configuration image in flash
memory and reboots.
47
®
Intel
NetStructure™480T Routing Switch User Guide
Configuring Management Access
The local management software supports these two levels of
management:
•User
•Administrator
In addition to these management levels, you can optionally use an
external RADIUS server to provide CLI command authorization
checking for each command.
For more information on
RADIUS, refer to "RADIUS
Client" on page 66.”
A user-level account has viewing access to all manageable
parameters, with the exception of these:
•User account database
•SNMP community strings
User Account
With a user-level account you can use the ping command to test
device connectivity, and change the password assigned to the
account name. When you log on the command-line prompt ends
with a (>) sign. For example:
switch480T:2>
Administrator Account
Using an administrator-level account, you can view and change all
routing switch parameters. You can also add and delete users, and
change the password associated with any account name.
As an administrator you can also disconnect a management session
connected through Telnet. If this happens, the user logged on
through the Telnet connection is notified that the session was
terminated.
When you log on with administrator capabilities, the command-line
prompt ends with a (#) sign. For example:
switch480T:18#
48
C H A P T E R 5Accessing the Switch
Prompt Text
The prompt text is taken from the SNMP sysname setting (see
Table 5.8, “SNMP Configuration Commands,” on page 64). The
number that follows the colon indicates the sequential line/
command number.
If an asterisk (*) appears in front of the command-line prompt, it
indicates that you have configuration changes that have not been
saved. For example:
*switch480T:19#
Default Accounts
The switch is configured with two default accounts. as shown in
Table 5.4.
Table 5.4: Default Accounts
Account NameAccess Level
Passwords are case
sensitive.
adminThis user can access and change all
manageable parameters. The admin account
cannot be deleted.
userThis user can view (but not change) almost
all manageable parameters. However, this
user cannot view the user account database
or the SNMP community strings.
Changing the Default Password
Default accounts do not have passwords assigned to them. Userassigned passwords must be between 0 and 32 characters.
To add a password to the default admin account:
1.Log in to the switch using the name admin.
2.At the password prompt, press Enter.
3.Enter this command:
configure account admin
49
®
Intel
NetStructure™480T Routing Switch User Guide
4.Enter the new password at the prompt.
5.Re-enter the password for verification.
To add a password to the default user account:
1.Log in to the switch using the name admin.
2.At the password prompt, press Enter, or enter the password that
3.Add a default user password using this command:
4.Enter the new password at the prompt.
5.Re-enter the new password at the prompt.
Creating a Management Account
you have configured for the
configure account user
admin account.
If you forget your
password while logged out
of the command-line
interface, contact your
local technical support
representative.
The 480T routing switch can have a total of 16 management
accounts. You can use the default names (admin and user), or you
can create new names and passwords for the accounts. Account
passwords can be between 0 and 32 characters. Do not use Ctrl +
key or Alt + key.
To create a management account:
1.Log in to the switch as admin.
2.At the password prompt, press Enter, or enter the password that
you have configured for the
3.Add a new user account with this command:
create account [admin | user] <username>
4.Enter the password at the prompt.
5.Re-enter the password for verification.
admin account.
Viewing Accounts
To view the accounts you have created, you must have
administrator privileges. Use this command to see the accounts:
show accounts
50
C H A P T E R 5Accessing the Switch
Deleting an Account
To delete an account, you must have administrator privileges. Use
this command to delete an account:
delete account <username>
The account name admin
cannot be deleted.
Domain Name Service Client
The Domain Name Service (DNS) client augments these
commands, to allow them to accept either IP addresses or host
names:
•telnet
•download [bootrom | configuration | image]
•upload configuration
•ping
•traceroute
Also, you can use the nslookup utility to return the IP address of a
host name.
Table 5.5 describes the commands used to configure DNS. Press the
Tab key in the command line interface for more command options.
Table 5.5: DNS Commands
CommandDescription
configure dns-client add <ipaddress>Adds a DNS name server(s) to the available server
list for the DNS client. You can configure up to three
name servers.
configure dns-client default-domain
<domain_name>
Configures the domain that the DNS client uses if a
fully qualified domain name is not entered. For
example, if the default domain is configured to be
intel.com, executing ping support searches for
support@intel.com.
configure dns-client delete
Removes a DNS server.
<ipaddress>
nslookup <hostname>Displays the IP address of the requested host.
show dns-clientDisplays the DNS configuration.
51
®
Intel
NetStructure™480T Routing Switch User Guide
Real-time Basic Connectivity
Checking
Use these commands to check basic connectivity:
•ping
•traceroute
Ping
You can use the ping command to send Internet Control Message
Protocol (ICMP) echo messages to a remote IP device. The
command is available for both the user and administrator privilege
level.
•ip_address is the IP address of the destination endstation.
•
hostname is the host name of the destination endstation. To use
the host name, first configure DNS.
from uses the specified source address in the ICMP packet. If not
•
specified, the address of the transmitting interface is used.
traceroute
See "Using Intel® Device
View" on page 23.
ttl configures the switch to trace up to the time-to-live number
•
of the switch.
•
port uses the specified UDP port number.
Methods of Managing the Switch
You can manage the switch by either connecting a terminal (or
workstation with terminal-emulation software) to the console port
to access the CLI or by using TCP/IP through one of the switch
ports or through the dedicated 10/100 Mbps unshielded twisted pair
(UTP) Ethernet management port to access the switch remotely.
53
®
Intel
NetStructure™480T Routing Switch User Guide
You can use Telnet, a Web browser, or an SNMP manager to
manage the switch remotely. There can be one console session, one
Web session or eight concurrent Telnet sessions.
Using the Console Interface
You can access the built-in CLI of the 480T routing switch through
the 9-pin RS-232 port located on the back of the switch.
After the connection is established, the switch prompt appears, so
you can log in.
Using the 10/100 UTP Management Port
The 480T routing switch has a dedicated 10/100 Mbps UTP
management port. This port provides dedicated remote access to the
switch using TCP/IP. It supports these management methods:
•Telnet using the CLI interface
•Intel Device View access using a Web browser
•SNMP access using SNMP manager
The management port is a DTE port, and is not capable of
supporting switching or routing functions. The TCP/IP
configuration for the management port is done using the same
syntax as used for VLAN configuration. The VLAN mgmt comes
pre-configured with only the 10/100 Mbps management port as a
member.
You can configure the IP address, subnet mask, and default router
for the VLAN mgmt, using these commands:
Most workstations with a Telnet facility can communicate with the
480T routing switch over a TCP/IP network.
Up to eight active Telnet sessions can access the switch
concurrently. If
will time out after 20 minutes of inactivity. If a connection to a
idletimeouts are enabled, the Telnet connection
54
C H A P T E R 5Accessing the Switch
Telnet session is lost inadvertently, the switch terminates the
session within two hours.
Before you can start a Telnet session, you must set up the IP
parameters described in the section "Configuring Switch IP
Parameters" on page 55.. Telnet is enabled by default.
To open the Telnet session, you must specify the IP address of the
device that you want to manage. Check the user manual supplied
with the Telnet facility if you are unsure of how to do this.
After the connection is established, you will see the switch prompt
and you can log in.
Connecting to Another Host Using Telnet
Use this command to Telnet from the current CLI session to another
host:
telnet [<ipaddress> | <hostname>] {<port_number>}
If the TCP port number is not specified, the Telnet session defaults
to port 23. Only VT100 emulation is supported.
Find the switch’s MAC
address on the rear label
of the switch.
Configuring Switch IP Parameters
To manage the routing switch through Telnet connection or by
using an SNMP Network Manager, you must first configure the
switch IP parameters.
Using a BOOTP Server
If you are using IP and you have a Bootstrap Protocol (BOOTP)
server set up correctly on your network, you must add the following
information to the BOOTP server:
•Media Access Control (MAC) address found on the rear label of
the switch (or use the
•IP address
•Subnet address mask (optional)
After this is done, the IP address and subnet mask for the routing
switch is downloaded automatically. You can then start managing
the switch without further configuration.
show switch command)
55
®
Intel
NetStructure™480T Routing Switch User Guide
You can enable BOOTP on a per-VLAN basis using this command:
enable bootp vlan [<name> | all]
By default, BOOTP is enabled on the default VLAN.
If you configure the 480T routing switch to use BOOTP, the switch
IP address is not retained through a power cycle, even if the
configuration is saved. To retain the IP address through a power
cycle, you must configure the IP address of the VLAN using the
command-line interface, Telnet, or Web interface.
All VLANs within a switch that are configured to use BOOTP to get
their IP address use the same MAC address. Therefore, if you are
using BOOTP relay through a router, the BOOTP server must be
capable of differentiating its relay based on the gateway portion of
the BOOTP packet.
Manually Configuring the IP Settings
For more information on
DHCP/BOOTP relay, refer
to "IP Unicast Routing" on
page 189.
For information on creating
and configuring VLANs,
see "Virtual LANs
(VLANs)" on page 95.
If you are using IP without a BOOTP server, you must enter the IP
parameters for the switch in order for the SNMP Network Manager,
Telnet software, or Web interface to communicate with the device.
IP addresses are always assigned to a VLAN. You can assign
multiple IP addresses to the switch.
To assign IP parameters to the switch:
1.Log in to the switch with administrator privileges.
2.Assign an IP address and subnet mask to a VLAN.
The switch comes configured with a default VLAN named default.
To use Telnet or an SNMP Network Manager, you must have at
least one VLAN on the switch, and it must be assigned an IP address
and subnet mask.
To manually configure the IP settings:
1.Connect a terminal or workstation running terminal-emulation
software to the console port.
2.At your terminal, press Enter one or more times until you see the
login prompt.
3.If you are logging in for the first time, use the default user name
admin to log in with administrator privileges. For example:
56
C H A P T E R 5Accessing the Switch
login: admin
Administrator capabilities enable you to access all switch
functions. The default user names have no passwords assigned.
4.If you have been assigned a user name and password with admin-
istrator privileges, enter them at the login prompt and press Enter.
When you have successfully logged in, the command-line
prompt displays the name of the switch.
5.Assign an IP address and subnetwork mask for the default VLAN
7.Save your configuration changes so that they are in effect after the
next switch reboot, using this command.
save
8.Log out of the switch using the command:
logout or quit
57
®
Intel
NetStructure™480T Routing Switch User Guide
Disconnecting a Telnet Session
An administrator-level account can disconnect a management
session that is established through Telnet connection. If this
happens, the user logged in through Telnet is notified that the
session is terminated.
To terminate a Telnet session:
1.Log in to the switch with administrator privileges.
2.Determine the session number of the session you want to termi-
3.Terminate the session by using this command:
Controlling Telnet Access
nate by using this command:
show session
clear session <session_number>
See "Using Access
Profiles" on page 59.
You must be logged in as
an administrator to enable
or disable Telnet.
By default, Telnet services are enabled on the routing switch. You
can restrict Telnet access using an access profile. An access profile
permits or denies a named list of IP addresses and subnet masks. To
configure Telnet to use an access profile, use this command:
Use the none option to remove a previously configured access
profile.
To display the status of Telnet, use this command:
show management
To disable Telnet, use this command:
disable telnet
To re-enable Telnet on the switch, use this command at the console
port:
enable telnet
58
C H A P T E R 5Accessing the Switch
Using Access Profiles
An access profile permits or denies a named list of IP addresses and
subnet masks. To use access profiles, first define the list, and then
apply the named list to the desired application.
Access profiles are used by several routing switch features as a way
to restrict access. Applications that use access profiles for remotely
managing the switch are:
•SNMP read-only access
•SNMP read-write access
•Teln et
•Web access
See "Access Policies" on
page 309.
Access profiles can also be used in association with access policies
that control the flow of traffic.
Creating an Access Profile
Do not confuse access
profiles with access
policies.
You can use access profiles to specifically permit or deny users
access to an application. You restrict access by assigning an access
profile to the service that is being used for remote access.
When you create and name an access profile to restrict access to a
certain application, you then need to configure the application to use
the named access profile. Otherwise, no restrictions are applied.
Use the commands listed in Table 5.7 to create and configure access
profiles. For further access profile commands refer to Table 17.3 on
page 335. Press the Tab key in the command line interface for more
command options.
Adds an IP address or VLAN name to the
access profile. The entry must be of the same
type as the access profile (for example, IP
address).
Creates an access profile. After the access
profile is created, you can add one or more
addresses to it, and you can use the profile to
permit.
control a specific routing protocol.
delete access-profile <access_profile>Deletes an access profile.
show access-profile <access_profile>Displays access profile related information for
the switch.
The subnet mask specified in the access profile command is
interpreted as a reverse mask. A reverse mask indicates the bits that
are significant in the IP address and specifies the part of the address
that must match the IP address to which the profile is applied.
If you configure an IP address as an exact match to be specifically
denied or permitted, use a mask of /32 (for example, 141.251.24.28/
32).
If the IP address represents a subnet address that you want to deny
or permit, then configure the mask to cover only the subnet portion
(for example, 141.251.10.0/24).
If you are using classless subnet masking (CIDR), the same logic
applies, but the configuration is more complex. For example, the
address 141.251.24.128/27 represents any host from subnet
141.251.24.128.
60
C H A P T E R 5Accessing the Switch
Access Profile Rules
These rules apply when using access profiles:
•Only one access profile can be applied to each application.
•The access profile can either permit or deny the entries in the
profile.
•The same access profile can be applied to more than one
application.
Access Profile Example
The following example creates an access profile named testpro, and
denies access for the device with the IP address 192.168.10.10:
The following command applies the access profile testpro to Telnet:
For more information, refer
to "Using Web Device
Manager" on page 33.
enable telnet access-profile testpro
To view the contents of an access profile, use this command:
show access-profile <access_profile>
To view the Telnet configuration, use this command:
show management
Using Web Device Manager
The Intel Web Device Manager is device-management software
running in the routing switch that enables you to access the switch
over a TCP/IP network using a Web browser.
You should use a Web browser that supports frames (such as
Netscape Navigator
or later) to manage the switch over a TCP/IP network.
Access the default home page of the switch using this command:
http://<ipaddress>
§
3.0 or later, or Microsoft Internet Explorer§ 3.0
61
®
Intel
NetStructure™480T Routing Switch User Guide
When you access the home page of the switch the Logon screen
appears.
Controlling Web Access
By default, Web access is enabled on the routing switch. You can
restrict access through the Web Device Manager using an access
profile, which permits or denies access to a named list of IP
addresses and subnet masks.
For more information on
assigning an IP address,
refer to "Configuring
Switch IP Parameters" on
page 55.
You can configure Web access to use an access profile using this
command:
enable web {access-profile <access-profile> | none}
{port <tcp_port_number>}
Use the none option to remove a previously configured access
profile.
To display the status of Web access, use this command:
show management
To disable Web access, use this command:
disable web
To re-enable Web access, use this command:
enable web {access-profile <access-profile> | none}
{port <tcp_port_number>}
When you disable or enable Web Device Manager, you must reboot
the switch for the changes to take effect. Apply an access profile
only when Web Device Manager is enabled.
Simple Network Management
Protocol (SNMP)
Any network manager running the Simple Network Management
Protocol (SNMP) can manage the 480T routing switch, provided
the Management Information Base (MIB) feature of the 480T
routing switch is installed correctly on the management station.
Each Network Manager provides its own user interface to the
management facilities.
62
C H A P T E R 5Accessing the Switch
Accessing Switch Agents
To have access to the SNMP agent in the routing switch, at least one
VLAN must have an IP address assigned to it.
For more information on
assigning IP addresses,
refer to Table 5.3 on
page 44.
Supported MIBs
Along with private MIBs, the routing switch supports the MIBs
listed in "Technical Specifications and Supported Limits" on page
431.
Configuring SNMP Settings
You can configure the following SNMP parameters on the routing
switch:
•Authorized trap receivers—An authorized trap receiver can be
one or more network management stations on your network. The
switch sends SNMP traps to all trap receivers. You can have a
maximum of 16 trap receivers configured for each switch. .
•SNMP read access—The ability to read SNMP information can
be restricted through the use of an access profile. An access
profile permits or denies a named list of IP addresses and subnet
masks.
To configure SNMP read access to use an access profile, use the
command:
Use the none option to remove a previously configured access
profile.
63
®
Intel
NetStructure™ 480T Routing Switch User Guide
•Community strings—Allows a simple method of authentication
•System contact (optional)—A text field where you can enter the
•System name—The name you have assigned to this switch. The
•System location (optional)—Use this to enter an optional
Table 5.8 describes SNMP configuration commands. Press the Tab
key in the command line interface for more command options.
between the 480T routing switch and the remote Network
Manager. There are two types of community strings on the switch.
Read community strings provide read-only access to the switch.
The default read-only community string is
community strings provide read and write access to the switch.
The default read-write community string is
eight community strings can be configured on the switch. The
community string for all authorized trap receivers must be
configured on the switch for the trap receiver to receive switchgenerated traps. SNMP community strings can contain up to 127
characters.
name of the person(s) responsible for managing the switch.
configure snmp add trapreceiver <ipaddress>
community <string>
Assigns an access profile that limits which
stations have read-only access to the switch.
Assigns an access profile that limits which
stations have read-write access to the switch.
Adds the IP address of a specified trap
receiver. The IP address can be a unicast,
multicast, or broadcast address. A maximum
of 16 trap receivers is allowed.
configure snmp community [readonly |
readwrite] {encrypted} <string>
Adds an SNMP read or read/write community
string. The default
string is
public. The default readwrite
community string is
readonly community
private. Each
community string can have a maximum of
127 characters, and can be enclosed by double
quotation marks.
configure snmp delete trapreceiver
[<ip_address> community <string> | all]
Deletes the IP address of a specified trap
receiver or all authorized trap receivers.
configure snmp syscontact <string>Configures the name of the system contact. A
maximum of 255 characters is allowed.
configure snmp syslocation <string>Configures the location of the switch. A
maximum of 255 characters is allowed.
configure snmp sysname <string>Configures the name of the switch. A
maximum of 32 characters is allowed. The
default sysname is the model name of the
device (for example,
sysname appears in the switch prompt.
switch480T). The
disable snmp accessDisables SNMP access on the switch.
Disabling SNMP access does not affect the
SNMP configuration (for example,
community strings).
disable snmp trapsPrevents SNMP traps from being sent from
the switch. This does not clear the SNMP trap
receivers that have been configured.
enable snmp accessEnables SNMP support.
enable snmp trapsEnables SNMP trap support.
unconfigure managementRestores default values to all SNMP-related
entries.
65
®
Intel
NetStructure™480T Routing Switch User Guide
Displaying SNMP Settings
To display the SNMP settings configured on the routing switch, use
this command:
show management
This command displays the following information:
•Enable/disable state for Telnet, SNMP, and Web access, along
•SNMP community strings
•Authorized SNMP station list
•SNMP trap receiver list
•RMON polling configuration
•Login statistics
SNMP enhancements allow the ifMIB to display the port number
for physical ports and VLAN name for the VLANs index.
with access profile information
You cannot configure
RADIUS and TACACS+ at
the same time.
66
Authenticating Users
The routing switch uses two methods to authenticate users who
login to the switch:
•RADIUS§ client
•TACACS+ (Terminal Access Controller Access Control System
Plus)
RADIUS Client
Remote Authentication Dial In User Service (RADIUS, RFC 2138)
allows you to authenticate and centrally administer access to
network nodes. The 480T routing switch RADIUS client
implementation enables authentication for Telnet, Web interface, or
console access to the switch.
You can define a primary and secondary RADIUS® server for the
routing switch to contact.
When a user attempts to log on to the switch using Telnet, HTTP,
or the console, the request is relayed to the primary RADIUS server,
C H A P T E R 5Accessing the Switch
and then to the secondary RADIUS server, if the primary does not
respond.
If the RADIUS client is enabled, but access to the RADIUS primary
and secondary servers fail, the routing switch uses its local database
for authentication.
The privileges assigned to the user (admin versus non-admin) at the
RADIUS server take precedence over the configuration in the local
switch database.
Per-Command Authentication Using RADIUS
Use RADIUS to perform per-command authentication. Percommand authentication allows you to define several levels of user
capabilities that determine which set of commands the user has
access to based on the RADIUS username and password.
There is no need to configure any additional switch parameters to
take advantage of this capability. The RADIUS server
implementation automatically negotiates the per-command
authentication capability with the switch.
Configuring RADIUS Client
You can define primary and secondary server communication
information. Also for each RADIUS server, you can specify the
RADIUS port number to use when talking to the RADIUS server.
The default port value is 1645. The client IP address is the IP
address used by the RADIUS server for communicating with the
480T routing switch.
RADIUS commands are described in Table 5.9. Press the Tab key
in the command line interface for more command options.
Configures the RADIUS accounting server.
Specify the following:
•[primary | secondary]—Either the
primary or secondary RADIUS server.
[<ipadress> | <hostname>]—The IP
•
address or host name of the server being
configured.
<udp_port>—The UDP port to use to
•
contact the RADIUS server. The default
UDP port setting is 1646.
client-ip <ipaddress>—The IP address
•
used by the switch to identify itself when
communicating with the RADIUS server.
The accounting server and the RADIUS
authentication server can be the same.
enable radiusEnables the RADIUS client. When enabled, all
Web and CLI logins are sent to the RADIUS
servers for authentication. When used with a
RADIUS server that supports routing switch
CLI authorization, each CLI command is sent
to the RADIUS server for authentication
before it is executed.
enable radius-accountingEnables RADIUS accounting. The RADIUS
client must also be enabled.
show radiusDisplays the current RADIUS and RADIUS
accounting client configuration and statistics.
show radius-accountingDisplays the current RADIUS accounting
client configuration and statistics.
69
®
Intel
NetStructure™480T Routing Switch User Guide
RADIUS RFC 2138 Attributes
The RADIUS RFC 2138 optional attributes supported are:
•User-Name
•User-Password
•Service-Type
•Login-IP-Host
Configuring TACACS+
Terminal Access Controller Access Control System Plus
(TACACS+) is a means for providing authentication, authorization,
and accounting on a centralized server, similar in function to a
RADIUS client.
The routing switch version of TACACS+ is used to authenticate
prospective users who are attempting to administer the switch.
TACACS+ is used to communicate between the switch and an
authentication database.
You cannot use TACACS+
and RADIUS at the same
time.
70
You can configure two TACACS+ servers, specifying the primary
server address, secondary server address, and UDP port number to
be used for TACACS+ sessions.
Table 5.10 describes the commands that are used to configure
TACACS+. Press the Tab key in the command line interface for
more command options.
enabled, each command is transmitted to the
remote TACACS+ server for authorization
before the command is executed.
and statistics.
client configuration and statistics.
Unconfigures the TACACS+ client
configuration.
Unconfigures the TACACS+ accounting
client configuration.
Simple Network Time Protocol
(SNTP)
Therouting switch supports the client portion of the Simple
Network Time Protocol (SNTP) Version 3 based on RFC1769. The
switch can use SNTP to update and synchronize its internal clock
from a Network Time Protocol (NTP) server.
When SNTP is enabled, the switch sends out a periodic query to the
indicated NTP server, or the switch listens to broadcast NTP
updates. The routing switch also supports the configured setting for
Greenwich Mean time (GMT) offset and the use of daylight saving
time.
72
C H A P T E R 5Accessing the Switch
Configuring and Using SNTP
To use SNTP:
1Identify the host(s) that are configured as NTP server(s).
2Identify the preferred method for obtaining NTP updates.
The options are for the NTP server to send out broadcasts,
or for switches using NTP to query the NTP server(s)
directly. A combination of both methods is possible.
3Configure the Greenwich Mean Time (GMT) offset and day-
light saving time preference. NTP updates are distributed
using GMT time.
To properly display the local time in logs and other
timestamp information, the switch should be configured with
the appropriate offset to GMT based on geographical
location. Table 5.11 describes GMT offsets.
The command syntax to configure GMT offset and usage of
daylight saving time is as follows:
- minutes from the GMT
time. You can enable or
disable Automatic daylight
saving time (DST)
changes. The default
setting is enabled.
4Enable the SNTP client using this command:
enable sntp-client
Once enabled, the switch sends out a periodic query to the
NTP servers (if configured) or listens to broadcast NTP
updates from the network. The network time information is
automatically saved in the on-board real-time clock.
5If you would like this switch to use a directed query to the
NTP server, configure the switch to use the NTP server(s). If
the switch listens to NTP broadcasts, skip this step. To configure the 480T routing switch to use a directed query, use this
command:
configure sntp-client [primary | secondary]
server [<ip_address> | <hostname>]
NTP queries are first sent to the primary server. If the
primary server does not respond within one second, or if it is
not synchronized, the switch queries the secondary server (if
configured).
73
®
Intel
NetStructure™480T Routing Switch User Guide
If the switch cannot obtain the time, it restarts the query
process. Otherwise, the switch waits for the
update interval
6Optionally, you can change the interval for which the SNTP
client updates the real-time clock of the switch using this command:
configure sntp-client update-interval <seconds>
The default sntp-client update-interval value is 64
7You can verify the configuration using these commands:
show sntp-client
8This command provides configuration and statistics associ-
ated with SNTP and its connectivity to the NTP server:
show switch
This command indicates the GMT offset, daylight saving
time, and the current local time.
Table 5.11: Greenwich Mean Time Offsets
sntp-client
before querying again.
GMT
Offset in
Hours
+0:00+0GMT - Greenwich Mean
GMT
Offset in
Minutes
Common Time Zone ReferencesGeographical Reference
London, England; Dublin,
UT or UTC - Universal
(Coordinated)
WET - Western European
Ireland; Edinburgh, Scotland;
Lisbon, Portugal; Reykjavik,
Iceland; Casablanca, Morocco
-1:00-60WAT - West Africa Cape Verde Islands
-2:00-120AT - A zore s Mid-Atlantic
-3:00-180Brasilia, Brazil; Buenos Aires,
Argentina; Georgetown,
Guyana;
-4:00-240AST - Atlantic StandardCaracas, La Paz
-5:00-300EST - Eastern StandardBogota, Columbia; Lima, Peru;
New York, NY, USA;
74
Loading...
+ hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.