Intel NetStructure 470 User Manual

Intel® NetStructure
Intel
®
NetStructure
470 Switch User Guide
470 Switch
User Guide
Copyright © 2001, Intel Corporation. All rights reserved. Intel Corporation, 5200 NE Elam Young Parkway, Hillsboro OR 97124-6497
Intel Corporation assumes no responsibility for errors or omissions in this manual. Nor does Intel make any commitment to update the information contained herein. Intel is a trademark or registered trademark of Intel Corporation or its subsidiaries in the United States and other countries.
* Other product and corporate names may be trademarks of other companies and are used only for explanation and
to the owners’ benefit, without intent to infringe.
Second Edition June 2001 A18558-002
CONTENTS
Intel® NetStructure
Contents
470T and 470F Switches User Guide
1 Setting up the Intel® NetStructure™ 470T and 470F Switches
Overview..........................................................................1
Management....................................................................1
Switch Features ...............................................................2
LEDs ................................................................................3
Connection Guidelines.....................................................4
Straight-through vs. Crossover Cables ............................4
2 Using the Intel® NetStructure™ 470T and 470F Switches
Overview..........................................................................7
Sample Configuration ......................................................8
Flow Control.....................................................................9
Broadcast Storm Control..................................................9
Spanning Tree Protocol ...................................................10
Tagged Frames................................................................11
Priority Tagging................................................................11
Link Aggregation ..............................................................12
Virtual LANs .....................................................................13
GARP VLAN Registration Protocol (GVRP).....................17
Internet Group Management Protocol (IGMP) .................18
3 Using Intel® Device View
Overview..........................................................................19
Installing Intel Device View ..............................................20
Starting Intel Device View ................................................21
Installing a New Switch ....................................................22
Using the Device Tree .....................................................22
Managing a Switch...........................................................25
Viewing RMON Information .............................................25
i
i
CONTENTS
Intel® NetStructure
 
470T and 470F Switches User Guide
 
4 Using the Web Device Manager
Overview..........................................................................27
Accessing the Web Device Manager ...............................28
Navigating the Web Device Manager...............................28
Using Management Screens............................................29
Configuring the Switch’s IP Settings ................................31
Configuring a Port ............................................................32
Managing User Accounts.................................................33
Configuring VLANs ..........................................................35
Link Aggregation ..............................................................41
Static MAC Addresses .....................................................41
Setting Up Priority Tagging ..............................................43
Configuring Community Strings and Trap Receivers .......44
Monitoring Switch Activity ................................................45
Viewing/Changing Switch Information..............................46
Updating Switch Firmware ...............................................47
Saving Configuration Changes and Logging Out .............48
5 Using Local Management
Overview..........................................................................49
Accessing Management...................................................49
Logon Screen ..................................................................50
Navigation........................................................................51
Main Menu (Top Screen) .................................................52
Configure Device .............................................................53
IP Settings .......................................................................54
Port Settings ....................................................................55
Flow Control.....................................................................56
Priority..............................................................................56
Configure GBIC Ports (470T only) ...................................57
Priority Tagging................................................................58
Switch Settings ................................................................59
Configure Advanced Switch Settings ...............................60
Configure Spanning Tree Protocol...................................61
Configure Spanning Tree for Ports ..................................63
Forwarding and Filtering ..................................................64
ii
CONTENTS
Intel® NetStructure
 
470T and 470F Switches User Guide
 
Configure IGMP Snooping ...............................................65
Configure Static MAC Addresses.....................................66
Configure Port Security....................................................67
Configure MAC Address Filtering.....................................68
Configure Ethernet Multicast Filtering ..............................69
Ethernet Multicast Filtering (Ports)...................................70
Port Mirroring ...................................................................71
Link Aggregation ..............................................................72
Broadcast Storm Control.................................................73
Configure Management Menu .........................................74
Community Strings & Trap Receivers ..............................75
Administer User Accounts................................................76
Managing User Accounts.................................................78
Define IP Access List .......................................................80
Update Firmware and Config Files...................................81
Reset and Console Options .............................................82
Configure VLAN Operation Mode ....................................83
Port-based VLANs ...........................................................84
Add a Port-based VLAN...................................................85
Edit/Delete a Port-based VLAN........................................86
Change Port Membership in a VLAN ...............................87
Configure 802.1Q VLANs ................................................88
Add an IEEE 802.1Q VLAN
(Configure Port Membership)..............................89
Add an IEEE 802.1Q VLAN (Configure Port Tagging) .....90
Configuring 802.1Q VLANs..............................................91
Edit/Delete an 802.1Q VLAN ...........................................93
Edit an IEEE 802.1Q VLAN (Configure Membership) ......94
Edit an IEEE 802.1Q VLAN (Configure Port Tagging) .....95
Configure VLAN ID for Untagged Traffic..........................96
GVRP and Ingress Filter Settings ....................................97
Configure a Protocol-based VLAN ...................................98
Add a Protocol-based VLAN ............................................99
Edit/Delete a Protocol-based VLAN .................................100
Edit a Protocol-based VLAN (Configure Membership).....101
iii
CONTENTS
Intel® NetStructure
Monitor (Network Statistics) .............................................102
Switch Overview ..............................................................103
Port Traffic Statistics ........................................................104
Port Error Statistics ..........................................................106
Packet Analysis................................................................108
IGMP Snooping Status ....................................................109
Browse Address Table.....................................................110
VLAN and GVRP Status ..................................................112
Tools ................................................................................113
Switch Event Log .............................................................114
Ping a Device...................................................................115
Upload Configuration Image File......................................116
Save Settings...................................................................117
 
470T and 470F Switches User Guide
 
Appendix A: Technical Information 119
Index 139
Intel Customer Support 146
iv
Setting up the Intel
®
NetStructure™ 470T
1
and 470F Switches
Overview
This guide provides information on configuring and managing the Intel NetStructure 470T and 470F Switches. It is organized into five chapters:
Chapter 1 - Identifying and connecting the switch hardware
Chapter 2 - Using the switch in a LAN; advanced features such as link
aggregation and VLANs
Chapter 3 - Using Intel Device View
Chapter 4 - Using Web Device Manager
Chapter 5 - Using Local Management
Management
Through the switchs built-in management you can configure the device and monitor network health. You can use any combination of the following methods to manage the switch.
SNMP management applications like Intel Device View, LANDesk
Network Manager, HP OpenView*, and IBM Tivoli NetView* are tailored for Intel products and show a graphical representation of the device.
®
®
Onboard management allows control over the switch without using an
SNMP application. The Web Device Manager provides a graphical interface while Local Management is a menu-driven interf ace.
Other SNMP-compliant applications can manage the switches if you
compile the switchs MIB files into that application.
1
CHAPTER 1
Status LED
Intel® NetStructure 470T and 470F Switches User Guide
Switch Features
These are the major features of the 470 switches.
8-port 470F Switch (Product Code ES470F)
Link/Activity LEDs
Serial Port
6+2-port 470T Switch (Product Code ES470T)
Status LED
Speed LEDs (top row)
Link/Activity LEDs (bottom row)
Serial Port
Back of 470 Switch
• 100/1000 Base-T auto-negotiates speed, duplex, and flow control—100Mbps or 1000Mbps
per port
470F supports 1000SX, 1000LX, and 1000LH GBICs
Half-duplex and full-duplex flow control
Port settings can be configured manually through management
Access menu-driven Local Management through the serial port or a Telnet session
Access the graphical Web Device Manager through a Web browser
1000 Base-SX Port
1000 Base-T Port
MAC Address
GBIC Port
AC Power Plug
2
CHAPTER 1
Setting Up the Intel
®
NetStructure 470T and 470F Switches
LEDs
The LEDs to the left of the ports indicate port status, individual port speed, and activity.
Status
470F
Link/Activity
470 Switch Setup
NOTE
After the switch is turned on, the Status LED blinks green once before the diagnostic mode starts.
Status
470T
Speed
Link/Activity
LED State Meaning
Status Blinking green Switch is performing diagnostics and booting.
(This lasts for 20–30 seconds.) Solid green Diagnostics have passed, the switch is ready. Blinking green Diagnostics have failed. (After the initial 20–
30 seconds, the LED continues blinking.)
Link/Activity Solid green Device linked.
Blinking green Receiving activity on that port. Off No link detected.
Speed Solid green Device connected at 1000Mbps. (470T only) Off Device connected at 100Mbps.
3
CHAPTER 1
Intel® NetStructure 470T and 470F Switches User Guide
Connection Guidelines
General
The 470T switch is can auto-negotiate port duplex. It can operate at half-duplex or full-duplex at 100Mbps, and full-duplex at 1000Mbps. The switch matches the highest possible speed (up to 1000Mbps) of an attached device.
The 470F operates at full-duplex and at 1000Mbps.
Cabling
NOTE
Use certified Category 5 cables to connect 1000Mbps devices to the switch.
Use Category 5 unshielded, twisted-pair (CAT 5 UTP) cable to connect 1000Mbps or 100Mbps devices to the switch.
Limit the cable length between devices to 100 meters (330 feet) for copper wire.
Use a straight-through cable to connect the switch to a server or workstation.
To connect to another switch or hub, use a crossover cable.
Straight-through vs. Crossover Cables
Switch ports are wired MDI-X, so use a straight-through cable to connect to a workstation or server (network adapter cards are wired MDI). To connect to another MDI-X port, use a crossover cable. The following pin arrangements are for the switchs Ethernet port and the typical RJ-45 connector. The wiring diagrams illustrate how to wire a straight-through and crossover cable for 100Mbps and 1000Mbps devices.
Straight-Through UTP cable (100Mbps)
Switch (MDI-X) Adapter (MDI)
4
CHAPTER 1
Setting Up the Intel
®
NetStructure 470T and 470F Switches
Crossover UTP cable (100Mbps)
Switch (MDI-X) Hub (MDI-X)
Straight-Through UTP cable (1000Mbps)
Switch (MDI) Switch (MDI)
470 Switch Setup
5
CHAPTER 1
Intel® NetStructure 470T and 470F Switches User Guide
6
Using the Intel
®
NetStructure 470T
2
and 470F Switches
Overview
Chapter 2 provides an overview for using the Intel® NetStructure 470T and 470F Switches within a network. This chapter covers switching features like flow control and spanning tree, and includes a discussion of the more advanced features such as link aggregation and the types of VLANs available on the switch.
If you are familiar with switching technology you can skip ahead to a particular section within the chapter. The following list shows where you can find particular topics:
Sample Configuration page 8
Flow Control page 9
Broadcast Storm Control page 10
Spanning T ree Protocol page 11
Tagged Frames page 12
Priority T ag ging page 12
Link Aggregation page 13
Virtual LANs page 14
GVRP page 18
Internet Group Management Protocol (IGMP) Snooping page 18
7
CHAPTER 2
100Mbps
1000Mbps Link Aggregation
group
Intel® NetStructure 470T and 470F Switches User Guide
Sample Configuration
The following example illustrates how the 470T and 470F switches can be used in a network.
In this example, the Intel NetStructure 480T Routing Switch is the backbone of the network, providing routing capability. The 470T and 470F switches provide gigabit connectivity from the 480T to the Intel Express 460T Standalone Switches through the 460T gigabit uplinks.
Intel® NetStructure 470T Switch
Intel Express 460T Standalone Switches
Intel® NetStructure 470F Switch
Intel Express 460T Standalone Switches
Intel® NetStructure 480T Routing Switch
Servers
8
CHAPTER 2
Using the Intel
®
NetStructure 470T and 470F Switches
Flow Control
During heavy network activity, the switchs port buffers can receive too much traffic and fill up faster than the switch can send the information. In cases like this, the switch tells the transmitting device to wait until the information in the buffer can be sent. This traffic control mechanism is called flow control.
The method of flow control depends on whether the port is set to full-duplex or half-duplex.
If a port operates at half-duplex, the switch sends a collision (also called backpressure) that causes the transmitting device to wait.
If the port operates at full-duplex, the switch sends out an IEEE 802.3x PAUSE frame.
You can enable or disable flow control for each port on the 470 switch.
Broadcast Storm Control
You can use broadcast storm control to control the amount of broadcast traffic serviced by the switch. You can prevent broadcasts from taking an excessive amount of network resources and degrading network performance.
Using the 470 Switch
To control the amount of broadcast traffic, set an upper threshold percentage for each port. The upper threshold is the percentage of the ports total bandwidth that is available for broadcast traffic. For example, if a ports upper threshold percentage is 4%, broadcast traffic can take up to 4% of the ports total bandwidth.
Broadcast traffic
resumed
160 s.
% of% of
% of
% of% of
BroadcastBroadcast
Broadcast
BroadcastBroadcast
traffic ontraffic on
traffic on
traffic ontraffic on
the portthe port
the port
the portthe port
4%
Upper
threshold
1%
Lower
threshold
40 s.
TimeTime
Time
TimeTime in secondsin seconds
in seconds
in secondsin seconds
Broadcast traffic
dropped
80 s. 120 s.
9
CHAPTER 2
Intel® NetStructure 470T and 470F Switches User Guide
The switch checks the amount of broadcast traffic on each port every 20 seconds. If the port detects that the amount of broadcast traffic exceeds the upper threshold on two subsequent checks, the port drops all broadcast traffic.
When broadcast traffic is dropped for storm control, the switch continues to check the amount of broadcast traffic on each port. For the port to begin accepting broadcast traffic again, the amount of broadcast traffic must fall below the lower threshold percentage. The lower threshold percentage, 1%, is a factory default. If broadcast traffic falls below the lower threshold percentage when the port is checked, the switch automatically resumes servicing broadcast traffic.
When broadcast traffic servicing resumes, the switch begins checking the amount of broadcast traffic against the upper threshold.
Spanning Tree Protocol
Spanning Tree Protocol, as described in the IEEE (Institute of Electrical and Electronic Engineers) 802.1D specification, is a protocol designed to prevent loops within the network topology. A loop can occur if there is more than one path for information to travel between devices. The Spanning Tree Protocol determines the “cost” of a connection. For example, if two devices are connected by two links, spanning tree uses the connection with the lowest cost and blocks the second connection.
10
Spanning tree prevents loops by allowing only one active path between any two network devices at a time. However, you can also use this protocol to establish redundant links between devices that can take over if the primary link fails.
Backup Path from Client A to Server B: Switch A –> Switch B –> Switch C
Switch A
Primary Path from Client A to Server B: Switch A –> Switch C
Switch B
P
a
: 3
0
0
th
a
P
t: 1
s
o
C
Path: 1 Cost: 100
th
: 2
C
o
s
t: 2
0
0
Switch C
Server BPC Client A
CHAPTER 2
Using the Intel
In this example, Client A can communicate with Server B over two different paths. The primary path is Path 1 because the cost of the connection between switches A and C is lower than the cost between switches A, B and C. If the primary path fails, traffic is automatically sent over the backup path.
®
NetStructure 470T and 470F Switches
Tagged Frames
The 802.1D (1998 Edition) and 802.1Q specifications published by the IEEE extended Ethernet functionality to add tag information to Ethernet frames and propagate these tagged frames between bridges. The tag can carry priority information, VLAN information, or both and allows bridges to intelligently direct traffic across the network.
Some devices dont recognize the tagged Ethernet frames. These devices see a frame that is too big, and then discard it. When operating 802.1Q (tag­based) VLANs, you can configure the switch to work with untagged devices. For more information, see How to configure 802.1Q VLANs in Chapter 5.
Priority Tagging
The IEEE 802.1D (1998 Edition) specification incorporates IEEE 802.1p and defines information in the frame tag to indicate a priority level. When these tagged packets are sent out on the network, the higher priority packets are transferred first. Priority tagging (also known as Traffic Class Expediting) is usually set on the LAN adapter in a PC or switch and works with other elements of the network (switches, routers) to deliver packets based on priority. The priority level can range from 0 (low) to 7 (high).
The 470 switches can read the priority tags and forward traffic on a per port basis. The switches have two priority queues per port and queue the packet based on its priority level. For example, when a packet comes into a switch with a high-priority tag, the switch inserts the packet in its high-priority queue.
Using the 470 Switch
11
CHAPTER 2
HIGH
LOW
Incoming packet
transmit
queue
for the
port
7 6 5 4
3 2 1 0
Express 460T
Network
Intel® NetStructure 470T and 470F Switches User Guide
Although there are eight priority levels, the 470 switches can only put a packet into one of the two queues. The switch maps levels 0-3 to the low queue and levels 4-7 to the high queue. If a packet is untagged, the switch can be set to use either the high or low queue for that port. The 470 switches preserve the priority level of the packet.
Link Aggregation
Link aggregation allows you to combine from two to four (adjacent) ports so that they function as a single high-speed link. For example, link aggregation is useful when making connections between switches or connecting servers to the switch.
Note
When connecting to another switch, connect anchor port to anchor port and member port to member port.
12
You can use link aggregation, also known as port trunking, to increase the bandwidth to some devices. Link aggregation can also provide a redundant link for fault tolerance. If one link in the aggregation fails, the switch balances the traffic among the remaining links.
To aggregate ports, you must link an anchor port with an adjacent port. The 470 switches support up to four link aggregation groups (anchor ports 1,3, 5, or 7). All aggregated ports must be the same speed.
CHAPTER 2
Using the Intel
®
NetStructure 470T and 470F Switches
Guidelines
The switch treats aggregated links as a single port. This includes spanning tree and VLAN configur ations.
For the 470F: Anchor ports 1, 3, and 5 can each have up to four aggregated ports; anchor port 7 can have two.
For the 470T: Anchor ports 1 and 3 can each hav e up to four aggregated ports; anchor ports 5 and 7 can each have two.
All ports share the same settings as the anchor port. You can change anchor port settings, but you cannot configure other ports in the link.
When a port is configured as a member of an aggregated link, it adopts the configuration of the anchor port. When a port is no longer a member of an aggregated link, the configuration is reset to the default settings (auto-negotiate speed/duplex, flow control enabled).
If a port is part of an aggregated link, it cannot be configured as the target port for a port mirror. However, a port in an aggregated link can serve as the source port for a port mirror.
When connecting to another switch, connect anchor port to anchor port, and member port to member port.
Using the 470 Switch
Virtual LANs
A Virtual LAN (VLAN) is a logical network grouping you can use to isolate network traffic so members of the VLAN receive traffic only from other members. Creating a VLAN is the virtual equivalent to physically moving a group of devices to a separate switch (creating a Layer 2 broadcast domain). With VLANs you can reduce broadcast traffic for the entire switch, and increase security, without changing the wiring of your network.
The 470 switches support three types of VLANs:
Port-based
Tag-based (IEEE 802.1Q)
Protocol-based
13
CHAPTER 2
Intel® NetStructure 470T and 470F Switches User Guide
Port-based VLANs
Port-based VLANs are the simplest and most common form of VLAN. In a port-based VLAN, the system administrator assigns the ports to a specific VLAN. For example, the system administrator can designate ports 1, 2, and 3 as part of the engineering VLAN and ports 5, 6, 7, and 8 as part of the marketing VLAN. Port-based VLANs are easy to configure and all changes are transparent to the users because they take place at the switch. The 470 switches support a maximum of four port-based VLANs. A port can belong to only one port-based VLAN at a time.
14
If a user changes to another location, the system administrator reassigns the port to the new VLAN. If a switch (or hub) is connected to a port that is part of a VLAN, all devices connected to the switch are also part of the VLAN. You cannot prevent an individual device on that switch from becoming part of the VLAN.
Tag-based (IEEE 802.1Q) VLANs
The tag-based VLAN supported by the 470 switches is based on the IEEE
802.1Q specification. The specification provides a uniform way to create VLANs within a network and allows you to create a VLAN that can span across the network. Until the release of IEEE 802.1Q, it was not possible to create a VLAN across devices from different vendors.
CHAPTER 2
Using the Intel
®
NetStructure 470T and 470F Switches
The 802.1Q VLAN works by using a tag added to the Ethernet frames. The tag contains a VLAN Identifier (VID) that identifies the frame as belonging to a specific VLAN. These tags allow switches that support the 802.1Q specification to segregate traffic between devices and communicate a devices VLAN association across switches. The example below shows a 470F switch.
Local
Console: 9600-8-N-1
Management
Flow Ctrl=None
(EIA 232)
12345678
TX RX TX RX TX RX TX RX TX RX TX RX TX RX TX RX
VLAN 2: Manufacturing
VLAN 1: Engineering
Intel® NetStructure™ 470F Switch
Status
Link\Activity Link = Solid Green
12345678
Activity = Blinking Green
Link\Act
Using the 470 Switch
VLAN 1 computers can't see VLAN 2 computers
Server and Printer are members of both VLANs
There are multiple advantages to implementing 802.1Q VLANs. First, it helps to contain broadcast and multicast traffic across the switch thus improving performance. Second, ports can belong to more than one VLAN. Third, VLANs can span multiple switches that support the 802.1Q specification. Finally, it can provide security and improve performance by logically isolating users and grouping them.
A logical grouping can be mapped to a workgroup. For example, you can create a VLAN that groups all the users from the engineering department. Benefits of this logical grouping are: it improves performance by reducing traffic that belongs to a different logical group (e.g. marketing), improves security (engineering cant see marketing), and eases moves because the user doesnt have to be physically located in the same group to participate in the VLAN.
15
CHAPTER 2
Intel® NetStructure 470T and 470F Switches User Guide
Protocol-based VLANs
In a protocol-based VLAN, traffic is bridged through specified ports based on its protocol. Any packet using a different protocol is dropped as it enters the switch. This type of VLAN allows you to use a common protocol to communicate, yet prevents any packets that are not using the specified protocol, from entering the switch.
For example, you can attach a LAN using NetBEUI traffic to port 1 on the switch, and attach a LAN using IPX traffic to port 2 on the switch. Then, attach a router connected to the Internet, to port 8. Create an IP VLAN that incorportates ports 1, 2, and 8. The NetBEUI traffic on port 1is not passed to ports 2 or 8. The IPX traffic on port 2 is not passed to ports 1 or 8. However, computers using the IP protocol can talk freely to ports 1, 2, and
8. This allows the computers to connect to the Internet, yet not be bombarded with traffic that they do not need to see.
The 470 switches support a maximum of four protocol-based VLANs, and they can be either IP, IPX, NetBEUI, or all three combined. Each port can be a member of only one protocol-based VLAN. The example below shows a 470F switch.
16
Protocol-based VLANs can help optimize network traffic patterns because protocol-specific broadcast messages are sent only to computers that use that protocol. For example, if a NetBEUI VLAN is created, only NetBEUI traffic is allowed to pass through the VLAN.
CHAPTER 2
Using the Intel
®
NetStructure 470T and 470F Switches
Spanning Tree Protocol and VLANs
The 470 switches support the Spanning Tree Protocol across the entire switch, not across each VLAN. If VLANs create a redundant link between two switches and both of those switches have the Spanning Tree Protocol enabled, one of the VLANs is disabled.
The following diagram shows an example. Both Switch 1 and Switch 2 have two port-based VLANs configured. Crossover cables connect the ENG_VLAN on Switch 1 to ENG_VLAN on and Switch 2. Crossover cables also connect the MKT_VLAN on Switch 1 to the MKT_VLAN on Switch 2. When spanning tree is enabled on both switches, the redundant link between the MKT_VLANs is blocked and those VLANs can no longer communicate. The example below sho ws 470F switches.
Using the 470 Switch
GARP VLAN Registration Protocol (GVRP)
Because tag-based (IEEE 802.1Q) VLANs can span across the network, it poses a challenge for network administrators to manage changes to the VLAN. The GARP VLAN Registration Protocol (GVRP) provides a dynamic mechanism for switches to share topology information and manage changes with other switches. This saves the network administrator from having to manually propagate VLAN configuration information across switches.
17
CHAPTER 2
Intel® NetStructure 470T and 470F Switches User Guide
GARP (Generic Attribute Registration Protocol) is defined by the IEEE
802.1D (1998 Edition) specification and is the mechanism used by switches and end nodes (servers, PCs, and so on) to propagate configuration across the network domain. GVRP uses GARP as a foundation to propagate VLAN configuration to other switches. Devices that support GVRP transmit their updates to a known multicast address that all GVRP-capable devices monitor for information updates.
Note
Dynamically created VLANs are not saved in the switch’s memory. If the device sending out the GVRP updates is removed, the dynamic VLAN is removed.
Sending GVRP messages between switches accomplishes the following tasks:
Dynamically adds or removes a port from participating in a VLAN
Sends updates about the switchs own VLAN configuration to neighboring
GVRP-capable devices.
Integrates dynamic and static VLAN configurations within the same switch. For devices that don’t support GVRP, static VLAN configurations are created by the user on the switch.
When the switch is running 802.1Q VLANs, Spanning Tree Protocol is enabled for GVRP to work properly .
Internet Group Management Pr otocol (IGMP)
Normally, multicast traffic is broadcast by the switch to all ports. For multicast traffic based on TCP/IP using the IGMP protocol, the switch can optimize the broadcasting of multicast traffic by forwarding multicast traffic only to ports that require it.
IGMP Snooping is a feature that allows the switch to forward multicast traffic intelligently. The switch snoops the IGMP query and report messages and forwards traffic only to the ports that request the multicast traffic. This prevents the switch from broadcasting the traffic to all ports and possibly affecting network performance.
18
IGMP Snooping requires a router that detects multicast groups on its subnets and keeps track of group membership.
Using Intel® Device
3
View
Overview
Intel® Device View allows you to manage Intel NetStructure™ 470T and 470F switches and other supported Intel networking devices on your network.
Intel Device View provides these features:
• The ability to configure new network devices
• A graphical device manager for Intel switches, hubs, and routers
• Autodiscovery, which finds supported Intel devices on the network
• The Device Tree, which shows all the supported devices detected on your network
• Support for Remote Monitoring (RMON)
• Web or Windows* platform
• Plug-in to HP OpenView*, IBM Tivoli* NetView*, and Intel LANDesk® Network Manager
• Other useful tools such as a TFTP server
19
CHAPTER 3
Intel® NetStructure™ 470T and 470F Switches User Guide
Installing Intel Device View
Before you install Intel Device View, make sure your PC meets the system requirements in the Intel® Device View User Guide, which is included on the Intel Device View CD-ROM.
To install Intel Device View
1 Insert the Intel Device View CD-ROM into your computer’s CD-ROM
drive. The Intel Device View installation screen appears. If it doesn’t appear, run autoplay.exe from the CD-ROM.
20
2 Choose the version of Intel Device View you want to install.
• To install Intel Device View for use on this PC only, click Install for Windows.
• To install Intel Device View on a Web server, click Install for Web. You can access the Device View server from any PC on your network with Internet Explorer* 4.0x or later.
• To install Intel network device support for HP OpenView, IBM Tivoli NetView, or Intel LANDesk Network Manager, click Install as Plug-in. This option is available if you have OpenView, NetView, or LANDesk Network Manager installed on the PC.
3 Follow the instructions in on the installation screens.
CHAPTER 3
NOTE
These are the requirements if you want to use the Web version of Device View :
Web browser
Internet Explorer 4.0 or later
Intel Device View
Starting Intel Device View
Install either the Windows or Web version of Intel Device View.
Windows* version
On your desktop, click Start and then point to Programs > Intel Device View > Intel Device View - Windows to go to the Intel Device View main screen.
Web version
On your desktop, click Start and then point to Programs > Intel Device View > Intel Device View - Web to go to the Intel Device View main screen.
To view Intel Device View from another PC on your network, type the following URL. In the following example, the URL is entered in the Address field for Internet Explorer.
http://servername/devview/main.htm
where servername is the IP address or name of the server where Intel Device View is installed.
Intel Device View’s main screen appears.
Intel
®
Device View
Web Server
IIS* 2.0 or later
Peer Web Services*
Netscape Enterprise* Web Server 3.01 or later
21
CHAPTER 3
Intel® NetStructure™ 470T and 470F Switches User Guide
Installing a New Switch
After you install a new switch on your network, you can use the Intel Device View Device Install Wizard to configure it for management.
To install and configure a new switch for management
1 Start Intel Device View. The Device Install Wizard appears. If it
doesn’t appear, click Install from the Device menu or double-click the appropriate MAC address in the Device Tree under Unconfigured Devices. (The MAC address is located on the rear of the switch.)
2 On the Device Install Wizard - Start screen, click Next. 3 On the Device Install Wizard - MAC Address screen, click the MAC
address of the new switch, and then click Next.
22
4 Follow the instructions in the wizard to assign an IP address and a name
to the switch.
Using the Device Tree
After you start Intel Device View, the Device Discovery service begins searching for supported Intel network devices on your network. As it discovers devices, the Device Discovery service adds an icon for each device to the Device Tree on the left side of the screen.
CHAPTER 3
Intel Device View
Different states of the 470 switches are represented by icons in the Device Tree.
Device Tree icons
Device Tree root Subnet Intel Switch (if non-responding the icon is red) Unconfigured Intel Switch Group of Intel Switches Intel Router Intel Switch (Layer 3 capable) Intel Stackable Hub
To expand the root or a subnet, click the (+) next to the icon. To collapse the view, click the (-) next to the icon. Double-click a device icon to view the device image.
To add a device to the Device Tree
Use this procedure if the device does not automatically appear after installation.
1 Right-click anywhere on the Device Tree. 2 On the menu that appears, click Add Device. 3 In the Add Device dialog box, type the IP address of the switch you
want to add.
4 Fill in the other fields, as appropriate. 5 Click OK.
The icon for the new switch appears in the Device Tree.
23
Intel
®
Device View
CHAPTER 3
Intel® NetStructure™ 470T and 470F Switches User Guide
To refresh the Device Tree
Refreshing the Device Tree updates it to show any newly discovered devices and changes in device status.
1 Right-click anywhere on the Device Tree. 2 On the menu that appears, click Refresh.
To delete a device from the Device Tree
1 Right-click the device you want to remove from the Device Tree. 2 On the menu that appears, click Delete.
Deleting a device from the Device Tree does not remove the device from the network.
To find a device in the Device Tree
1 On the Device Tree, right-click anywhere. 2 On the menu that appears, click Find. 3 In the Find Device dialog box, type the IP address of the device you
want to find in the tree.
4 Click OK.
The device icon is highlighted in the Device Tree.
24
Losing contact with a switch
If Intel Device View loses contact with a switch, the color of the switch icon changes to red, to indicated that the switch is not responding.
If the non-responding switch icon appears, you cannot manage the device in Intel Device View. If you’re unable to ping the device or start a Telnet session, try accessing the switch’s Local Management.
CHAPTER 3
Intel Device View
Managing a Switch
To manage a 470T or 470F switch, double-click the switch icon in the Device Tree. In the example following, the switch has been assigned an IP address of 124.123.122.3.
The 470 switch Web Device Manager appears in the Intel Device View window. For information about using the Web Device Manager, see Ch. 4.
Intel
®
Device View
For information about using Intel Device View, see the Help or the User Guide on the Intel Device View installation CD-ROM.
Viewing RMON Information
The Remote Monitoring (RMON) specification extends SNMP functionality to look at traffic patterns on the network instead of looking only at the traffic for an individual device. The following RMON groups are supported:
25
CHAPTER 3
Intel® NetStructure™ 470T and 470F Switches User Guide
• Group 1 (Statistics): Monitors utilization and error statistics for each
network segment (100Mbps or 1000Mbps).
• Group 2 (History): Records periodic statistical samples from variables
available in the statistics group.
• Group 3 (Alarms): Allows you to set a sampling interval and alarm
thresholds for statistics. When a threshold is passed, the switch creates an event. For example, you might set an alarm if utilization exceeds 30%.
• Group 9 (Events): Provides notification and tells the switch what to do
when an event occurs on the network. Events can send a trap to a receiving station or place an entry in the log table, or both. For example, when the switch experiences an RMON Event, it sends out an alarm.
The switch also keeps a log that shows a list of the RMON Events and RMON Alarms that ha ve occurred on the switch.
To view RMON statistics
1 In the Device Tree, right-click the switch’s icon, and then point to RMON. 2 Click the RMON option you want to view.
26
You can also access RMON features using LANDesk Network Manager, or an SNMP application that supports RMON such as HP OpenView or IBM Tivoli NetView. F or more information about using RMON to monitor the switch, see the Intel Device View Help.
Using the Web
4
NOTE
You can use Internet Explorer* or Navigator* to access the Web Device Manager.
Device Manager
Overview
With the Web Device Manager, which is built into the Intel® NetStructure 470T and 470F Switches, you can use a Web browser to manage and monitor the switch. For example, you can use the Web Device Manager to configure the switch or individual ports, or to monitor traffic statistics and utilization.
For more information about using this interface, see the Web Device Manager Help.
27
CHAPTER 4
Intel® NetStructure 470T and 470F Switches User Guide
Accessing the Web Device Manager
1 In the Location or Address field of your Web browser type the IP
address of the switch. For example, to use the default IP address of the switch, type 192.0.2.1 and then press Enter.
NOTE
The default IP address for the switch is 192.0.2.1. To access the switch with the default IP address, your workstation must be on the 192.0.2.0 subnet.
Or, you can connect to the switch using Local Management (through the serial port) and set an IP address that is on your network. Then you can access the Web Device Manager using the new IP address.
2 When prompted, type your user name and password. By default, no
user name or password is assigned. If you previously set a user name and password using Local Management, enter them here.
3 Click OK. The Web Device Manager window appears in your Web
browser.
28
Navigating the Web Device Manager
1 On the left side of the Web Device Manager window, click a menu item
(such as Configure Device) to show the available options.
CHAPTER 4
Click a menu to view available options.
Using the Web Device Manager
2 In the menu, click an option. The corresponding screen appears on the
right side of your Web Device Manager window.
470F
470T
3 To hide the options, click the menu item again.
Using Management Screens
After you select an option from the navigation menu, the corresponding screen appears on the right side of the Web Device Manager window.
Switch faceplate graphic
A graphical representation of the switchs faceplate appears at the top of the screen.
Web Device Manager
29
CHAPTER 4
Intel® NetStructure 470T and 470F Switches User Guide
If the option you selected allows you to configure or monitor a specific port, you can change to another port by clicking it on the faceplate graphic.
Port color on the faceplate graphic indicates the status of the port.
Port Color Meaning
Blue Port has a link at 1000Mbps. Green Port has a link at 100Mbps. Magenta outline Ports are in a link aggregation. Orange Port is disabled. Gray No link.
Buttons
Each configuration screen includes four buttons on the bottom of the screen.
Button Function
Submit Applies the configuration settings on the current screen.
Note: If you do not save the settings to the switch’s flash memory your changes are lost when the switch is rebooted.
Reset Clears any changes you made on the current screen and
restores the currently applied settings.
Default Applies factory defaults for this screens settings. When
you log out, you can permanently save the new settings to the switch. Otherwise, they are lost upon the next reboot.
Help Displays Help for the current screen.
30
CHAPTER 4
NOTE
If you change the flow control or IP settings, you must reboot the switch before the new settings can take effect.
Using the Web Device Manager
Configuring the Switchs IP Settings
Note: You must select Manual in the IP Assignment Method box before you can change the IP settings.
1 Click the Configure Device menu, and then click IP Settings. The IP
Settings screen appears on the right side of the Web Device Manager window.
2 To manually configure the IP settings, select Manual in the IP
Assignment Method box.
3 Under “Change, type the new IP address, subnet mask, and default
gateway. If you set up tag-based (IEEE 802.1Q) VLANs on the switch, you can specify the VLAN where the switchs SNMP management agent resides.
4 To apply the changes, click Submit. 5 Click Save and Reboot for the new settings to take effect. Rebooting the
switch temporarily interrupts network connectivity to the switch. Click Reboot Later if you want to reboot the switch later. The new IP settings do not take effect until the switch reboots.
31
Web Device Manager
CHAPTER 4
Intel® NetStructure 470T and 470F Switches User Guide
Configuring a Port
You can use the Web Device Manager to enable or disable a port, and to change its speed, duplex, flow control, and priority settings.
To change port settings
1 Click the Configure Device menu, and then click Port Settings. To
access the Port Settings for a port, click the port you want to configure on the faceplate graphic.
NOTE
If you change the flow control or IP settings, you must reboot the switch before the new settings can take effect.
32
2 In the boxes, click the options you want to change:
Port State lets you enable or disable the port.
Speed/Duplex lets you set port speed and duplex.
Flow Control lets you enable or disable flow control.
Priority Queue (802.1p) lets you set the switch priority queue for
packets sent or received on this port.
3 Click Submit.
CHAPTER 4
NOTE
The accounts and passwords you create with the Web Device Manager are the same accounts used to access Local Management.
Using the Web Device Manager
Managing User Accounts
Create user accounts to give specific users read or write access to the switch through the Web Device Manager and Local Management. You can create a maximum of three accounts on the switch.
To create a user account
1 Click the Configure Management menu and then click User Accounts.
The first account you create must be an administrator.
2 Click Add.
3 In the User Name box, type a user name.
The username can be up to 15 characters long and is case sensitive.
4 In the Password box, type a password.
The password can be up to 15 characters long and is case sensitive. Asterisks (*) appear in the box as you type the password.
5 In the Confirm Password box, type the same password.
Web Device Manager
33
CHAPTER 4
Intel® NetStructure™ 470T and 470F Switches User Guide
6 In the Access Level box, click an access level. An administrator can
view all settings and make configuration changes. A user can only view settings.
7 Click Submit.
To delete a user account
1 Click the Configure Management menu, and then click User Accounts. 2 In the User Accounts box, click the account you want to delete. 3 Click Delete.
34
If you delete the account you used to log in for this session, you can continue to use that account until you log out. If you delete the only user account on the switch, log in again using the default of no user name and no password.
CHAPTER 4
Using the Web Device Manager
Configuring VLANs
VLANs provide a way to create a logical network grouping without regard to physical location of the network nodes.
For more information about VLANs, see “Virtual LANs” in Chapter 2. There are two main steps to set up a VLAN with the Web Device Manager:
• Set the switch’s VLAN operation mode.
• Configure the type of VLAN you selected.
NOTE
You can only have one operation mode active on the switch at a time.
To set the switch’s VLAN operation mode
1 Click the Configure VLAN menu, and then click VLAN Operation
Mode.
2 In the Current VLAN mode box, click the type of VLAN to set up.
3 Click Submit. 4 The switch automatically reboots. The 470 switches are rebooted
whenever you change their VLAN operation mode. After the switch reboots, you can configure the type of VLAN that you
selected.
Web Device Manager
35
CHAPTER 4
Intel® NetStructure 470T and 470F Switches User Guide
Port-based VLAN
You configure a port-based VLAN by creating the VLAN and then adding participating ports. The switch can support up to four port-based VLANs. However a port can be a member of only one VLAN; port-based VLANs cannot overlap.
To configure a port-based VLAN
1 Click the Configure VLAN menu, and then click Port-based VLAN. 2 Click Add to create a new VLAN, or select a VLAN and click Edit to
change its configuration.
36
3 If you are creating a new VLAN, type a name in the VLAN Name box. 4 In the Available Ports box, click a port to add to the VLAN, and then
click Add.
5 When you finish adding ports, click Submit.
CHAPTER 4
NOTE
When creating a VLAN that includes ports on more than one switch, set the same VID on each switch.
Using the Web Device Manager
Tag-based VLAN
You configure a tag-based VLAN by configuring port membership and ingress/egress rules. Note: If some of your devices dont support 802.1Q tags, additional configuration may be necessary.
To configure a tag-based (IEEE 802.1Q) VLAN
1 Create a VLAN and assign member ports.
Click the Configure VLAN menu, and then click Tag-based (IEEE
802.1Q) VLAN.
From the main Tag-based VLAN page, click Add to create a new
VLAN. To modify an existing VLAN, click the VLAN name, and click Modify.
If you are creating a new VLAN, type a name and VID (from 2 to
4094) to identify it.
To configure membership of a port to a VLAN, click the port in the
Available ports box and click Add. To remove a port, click the port in the Member ports box and click Remove.
The switch supports a maximum of 12 IGMP Snooping sessions to
manage broadcast traffic. If you want the VLAN to be part of an IGMP Snooping session, select the Enable IGMP Snooping check box.
When you finish adding ports, click Next.
Web Device Manager
37
CHAPTER 4
Intel® NetStructure 470T and 470F Switches User Guide
2 Configure ports for egress (outbound) tagging.
Ensure that the VLAN Name field displays the name of the port you are configuring.
For each of the VLANs ports select Tag or Untag. This determines whether or not the system will remove (untag) tags before sending traffic out of each port.
3 Configure ports for handling untagged traffic.
On the main Tag-based VLAN page, click Port Settings.
On the Port Settings screen you can set port-specific behaviors for
processing VLAN traffic. To configure a specific port, click it on the faceplate graphic. To configure the same setting across all ports, click Configure All Ports.
38
CHAPTER 4
Using the Web Device Manager
Options include:
Default Port VID: Sets the PVID to be assigned to untagged traffic
on a given port. For example, if port 7s default PVID is 100, all untagged packets on port 7 belong to VLAN 100. The default setting for all ports is VID 1.
GVRP: Allows automatic VLAN configuration between the switch
and nodes.
Ingress Filtering: Allows frames belonging to a specific VLAN to
be forwarded if the port belongs to the same VLAN. Disabling this setting will cause all frames to be forwarded, regardless of the port's VLAN membership.
4 When you finish changing the settings, click Submit.
Web Device Manager
39
CHAPTER 4
Intel® NetStructure 470T and 470F Switches User Guide
Protocol-based VLAN
You configure a protocol-based VLAN by creating the VLAN and then adding participating ports. The switch supports up to three protocol-based VLANs: IP, IPX, and NetBEUI. However, each port can be a member of only one VLAN; protocol-based VLANs cannot overlap.
To configure a protocol-based VLAN
1 Click the Configure VLAN menu, and then click Protocol-based
VLAN.
40
2 Click Add to create a new VLAN, or select an existing VLAN and click
Edit to change its configuration.
3 If you are creating a new VLAN, type a name in the VLAN Name box
and select a protocol from the Protocol list.
4 In the Available Ports box, click a port to add to the VLAN, and then
click Add.
5 When you finish adding ports, click Done.
CHAPTER 4
NOTE
When configuring link aggregation between two 470 switches, you must connect anchor port to anchor port, and member port to member port.
Using the Web Device Manager
Link Aggregation
On the Web Device Managers switch faceplate graphic, a link aggregation is shown with its ports outlined in magenta (pink).
To create a link aggregation
1 Click the Configure Device menu, and then click Link Aggregation.
NOTE
Connectivity is momentarily interrupted when you submit changes.
2 Choose the anchor port. Anchor ports are listed by port number in the
left column.
3 In the Port Width box, click the number of ports (including the anchor
port) to include in the link aggregation.
4 In the Aggregation Group Name box, type a name for the aggregation. 5 Click Enable to activate the group. 6 Click Submit.
Static MAC Addresses
The switch has a MAC address table that stores all the MAC addresses that it learns from the network. The switch refers to this table forwarding traffic to specific ports, so it does not broadcast traffic to every port.
There are two ways to add addresses to the MAC address table:
The switch can learn addresses from the network and add them dynamically. Dynamic entries remain in the table only while the associated node is active, and are deleted if the node is inactive for longer than a certain period of time (age-out time).
Web Device Manager
41
CHAPTER 4
Intel® NetStructure 470T and 470F Switches User Guide
You can manually add MAC addresses to the table. These are called static addresses, because they remain in the table until you remove them, even if the associated node is inactive or removed from the network. Performance and security issues are two reasons for adding static addresses.
To add a static MAC address to the address table
1 Click the Configure Device menu, and then click Forwarding and
Filtering.
2 Click Static MAC Addresses. 3 Click Add.
NOTE
To view the switchs address table, click the Monitor menu, click Advanced, and then click MAC Address Table.
42
4 In the MAC Address box, type the MAC address of a device on the
network. Do not include hyphens.
5 In the Port Number box, click a port number. 6 If port-based or tag-based (IEEE 802.1Q) VLANs are set up on the
switch, static MAC addresses are associated with specific VLANs. Type the VLAN name (port-based VLANs) or VID (tag-based VLANs) to associate with the MAC address.
7 Click Add.
CHAPTER 4
Using the Web Device Manager
Setting Up Priority Tagging
With priority tagging, you can specify a priority value for traffic based on MAC source or destination addresses. For example, you could tag all packets from computer A with a priority of 7 (high).
When you define priority tagging, you can specify a priority value from 0 (low) to 7 (high). Traffic with a priority value of 0–3 is routed through the switch’s low priority queue. Traffic with a priority value of 4–7 is routed through the switch’s high priority queue.
You can define up to 12 MAC addresses for priority tagging.
To set up priority tagging
1 Click the Configure Device menu, and then click Priority Tagging. 2 Click Add. 3 Select source or destination as the criteria for the tagged traffic.
4 Type the source or destination MAC address. 5 Select a priority value.
Traffic tagged with priority values 0–3 is routed through the switch’s low priority queue. Traffic tagged with priority values 4–7 is routed through the switch’s high priority queue.
6 In the State box, click Enabled to enable priority tagging for the traffic
pattern.
7 Click Done when you are finished.
Web Device Manager
43
CHAPTER 4
Intel® NetStructure 470T and 470F Switches User Guide
Configuring Community Strings and
NOTE
These are the traps supported by the switch:
Power to the switch was cycled or reset.
Link, speed, or other status changes on a port.
Authentication failure.
Trap Receivers
A trap receiver is a computer on the network that is running an SNMP management application and receives messages sent by the switch. For example, the switch can send a trap to the trap receiver when it detects a change in port speed.
To specify a trap receiver
1 Click the Configure Management menu, and then click Community
Strings and Traps.
44
2 In the IP Address box, type the IP address of the computer you want to
use as a trap receiver. You can specify up to four trap receivers.
3 In the Status box, click Enabled. 4 In the Community String box, type the trap receivers SNMP
application community string.
5 Click Submit.
CHAPTER 4
Using the Web Device Manager
Monitoring Switch Activity
With the Web Device Manager you can view traffic, utilization, and error statistics for the switch and for individual ports. For more information on statistics, see Port Traffic Statistics,” “Port Error Statistics, and Packet Analysis in Chapter 5.
To view port statistics
1 Click the Monitor menu, and then click Port Statistics. 2 From the row of options below the page heading, click the option you
want to view:
Traffic
Utilization Graph
Errors
Packet Analysis
Web Device Manager
45
CHAPTER 4
Intel® NetStructure 470T and 470F Switches User Guide
Viewing/Changing Switch Information
You can view general information about the switch, such as its MAC address, firmware version, name, location, and contact person. Some of these fields can be updated, others are view-only.
To view and configure switch settings
1 Click the Configure Device menu, and then click Switch Settings.
46
2 In the Switch Name , Location, and Contact boxes you can provide
additional information about the switch. You can type up to 40 characters in each field. After modifying the settings, click Submit.
CHAPTER 4
Using the Web Device Manager
Updating Switch Firmware
On the Update Firmware screen you can set up the switch to update its firmware from a TFTP server. If you do not have a TFTP server set up on your network, you can install the TFTP server software by installing Intel Device View.
After downoading the firmware from the TFTP server, the switch automatically restarts. The actual firmware update occurs while the switch is rebooting.
To update the switchs firmware
1 Click the Reset and Update menu, and then click Update Firmware.
2 Select a mode from the Update Mode box.
If the switch uses a network connection for downloading the new firmware file from a TFTP server, click Network.
If the switch uses a SLIP connection (for example, a serial port) for downloading the new firmware file, click SLIP.
3 In the TFTP Server Address box, type the IP address of the server that
hosts the file.
4 In the Firmware Update box, click Enabled.
Web Device Manager
47
CHAPTER 4
Intel® NetStructure 470T and 470F Switches User Guide
5 In the File Name box, type the name of the firmware file. 6 Click Submit.
The switch automatically reboots.
The next time the switch reboots it downloads and installs the new firmware during the boot process. If you want to view this process, you must use a terminal program and connect to the switch through the serial port.
Saving Configuration Changes and Logging Out
Each time you make configuration changes using the Web Device Manager, the switch immediately uses the new settings. However, when you log out of the Web Device Manager, youll be prompted to save the current configuration settings.
If you do not save the new configuration settings to the switchs flash memory, the settings are lost upon the next switch reboot.
48
To save changes and log out
1 Click Log Out from the menu.
2 Click Save Now to save the current configuration settings. The Web
browser window closes and you are successfully logged off of the Web Device Manager.
If you click Do Not Save, all current configuration settings are lost the next time the switch is rebooted.
CHAPTER 5
Using Local Management
Local Management
Using Local
5
Management
Overview
Another way to configure the switch is through the Local Management interface. Local Management provides the same functionality as the Web Device Manager using a text-based interface.
Accessing Management
You can access Local Management in two different ways: by connecting directly to the switchs serial port, or through a Telnet session (using an assigned IP address or the default of 192.0.2.1).
To use the serial port
1 Use the enclosed null modem cable to connect the serial port of your PC
to the serial port of the switch.
2 Start a terminal emulation program (such as HyperTerminal* or
Symantec Procomm Plus* in Windows* 98). Use these communication parameters:
9600 baud 1 stop bit
8 data bits No flow control
No parity
NOTE
You use the same user name and password to log in to Web Device Manager and Local Management.
3 Press E to connect to the Local Management. 4 Log on to Local Management. By default, no password or username is
assigned. To assign them, see the section titled Administer User Accounts in this chapter.
49
49
CHAPTER 5
Intel® NetStructure 470T and 470F Switches User Guide
To useTelnet
1 Open a Telnet application. In Windows 98 or Windows NT*, select
Run from the Start Menu, and then type telnet and press E.
2 On the Terminal menu, select Preferences. Make sure the emulation
type is VT-100/ANSI and that VT100 arrows are enabled.
3 On the Connect menu, select Remote System. Enter the IP address of
the switch and click Connect.
4 Log on to Local Management. By default, no password or user name is
assigned. To assign them, see the section titled Administer User Accounts in this chapter.
Logon Screen
50
Description
By default, no username or password is assigned to the switch. Press E twice to log on to the Local Manager. Usernames and passwords can consist of any characters and can be up to 15 characters long. Remember that usernames and passwords are also case sensitive.
CHAPTER 5
Help text at the bottom of the screen provides infor­mation on the selected item.
Using Local Management
Local Management
Navigation
The console menus provide a basic interface for configuring switch options. For navigation tips, see the text below the graphic.
Screen Legend
Use the W Z A S keys or the T and b keys to move between screen fields. If you are running HyperTerminal in Windows 2000, use the Tab key rather than the arrow keys to move between fields.
<Manual> Angle brackets indicate a toggle field. Use the
z to toggle selections within the field. In this example, the options change between Manual, DHCP, and BOOTP.
[255.255.255.0] Brackets indicate an input field. Use the arrow keys to
select the field and type the required information. By default, Local Management is in overstrike mode, which means it replaces existing characters as you type.
SUBMIT Any word in all caps is a button. Use the T key
or the W Z A S keys to select it and press E to use it.
51
CHAPTER 5
Intel® NetStructure 470T and 470F Switches User Guide
Main Menu (Top Screen)
Description
LOCATION
To return to the Main Menu at any time, press c T.
The Main Menu is the starting point for all other Local Management screens. Use the W Z arrow keys to select an option, and then press E to display the screen.
Configure device: Accesses menus to assign an IP address to the switch, change port settings, or configure advanced switch settings.
Configure management: Sets SNMP traps and trap monitoring stations, administers user accounts, or updates the switchs firmware.
Configure VLAN: Sets up and administers VLANs on the switch. Monitoring: Accesses menus to monitor traffic and activity at the port or
switch level. These menus also provide information on network errors and collisions.
Tools: Displays the switch Trap/Event log, pings devices to check connectivity, or saves the current switch configuration to an image file on a server.
SAVE SETTINGS: Saves configuration changes to the switchs flash memory. Any changes not saved to memory are lost on the next reboot.
LOGOUT: Returns to the logon screen.
52
CHAPTER 5
Using Local Management
Local Management
Configure Device
Description
LOCATION
Main Menu
Configure Device
IP settings: Configures the switchs IP address, subnet mask, and default gateway, or enables BOOTP.
Port settings: Enables and disables ports, configures port speed, duplex, flow control, and priority.
GBIC port settings (470T only): Enables and disables ports, configures port speed, duplex, flow control, and priority.
Priority tagging: Sets priority values for traffic based on source or destination MAC addresses.
Switch settings: Sets switch identification, location, and contact information, and configures some advanced switch settings.
Spanning Tree Protocol: Configures spanning tree for the entire switch or individual ports.
Forwarding and filtering: Adds or removes entries, locks the switch’s address table, enables IGMP snooping, and sets filters for specific MAC addresses.
Port mirroring: Sends a copy of data from one port to another for monitoring and troubleshooting purposes.
Link aggregation: Combines ports on the switch to increase bandwidth. Broadcast storm control: Configures ports to drop excessive broadcast
traffic before it floods the network.
53
CHAPTER 5
Intel® NetStructure 470T and 470F Switches User Guide
IP Settings
Description
LOCATION
Main Menu
Configure Device
IP Settings
NOTE
The default IP address for the switch is 192.0.2.1
Default VLAN for SNMP agent
Port-based: DEFAULT_VLAN tag-based (802.1Q-based):
VID=1
Switch MAC address: Displays the unique hardware address assigned by Intel.
Current Settings: Displays the switchs current IP configuration. New settings: Assigns a new IP configuration to the switch.
Assign IP: Indicates if the switch uses a BOOTP or DHCP server to
obtain an IP address dynamically, or if you assign an address manually. IP address: Displays the IP configuration used by the switch. Use the
IP address shown here to access the switch through Telnet or a ping test.
Subnet mask: Matches the mask for other devices on the network. Default gateway: Displays the IP address of the device that routes to
different networkstypically, a router or routing server. Set this option to manage the switch remotely.
VLAN or VLAN ID (port-based or tag-based VLANs only): Specifies a VLAN where the switchs SNMP management agent will reside. This option appears only when port-based and tag-based (IEEE 802.1Q) VLANs are active on the switch.
SUBMIT: Submits the changes and returns to the Configure Device screen. You must save the changes to the switchs flash memory (from the Save Settings menu) and then reboot the switch for the new IP settings to take effect.
54
CHAPTER 5
Using Local Management
Local Management
Port Settings
Description
LOCATION
Main Menu
Configure Device
Port Settings
Configure ports: Selects a range of ports to configure (press z). State: Disables or enables ports (press z). Speed/Duplex: Changes the speed and duplex of the port (press z).
You can set the port to auto-negotiate speed, or to 100Mbps or 1000Mbps at half-duplex or full-duplex. This field is view-only for the 470F.
Flow Ctrl (Control): Enables or disables flow control (press z). This option is view-only if auto-negotiate is selected for Speed/Duplex.
Priority: Changes the settings (press z). The <Frame> setting reads the packets 802.1p priority tag and handles it accordingly. The <Normal> or <High > settings force the packet into one of two priority queues. Forcing a packet into a queue does not retag the packet.
Link: Indicates the ports current link status:
--: Indicates no device link or port is disabled. 100M/1000M: Indicates the ports speed (470T only). Full/Half: Indicates a device is connected at full-duplex or half-duplex. IEEE/BackP: Indicates the type of flow control, either IEEE PAUSE
frames or backpressure.
Partitioned: Indicates the port was disabled due to a partition error. Source mirror/Target mirror: Indicates the port being mirrored and
where the data is being sent.
55
CHAPTER 5
Intel® NetStructure 470T and 470F Switches User Guide
Flow Control
During times of heavy network activity, the switchs port buffers can receive too much traffic and fill up faster than the switch can send the information. In cases like this, the switch tells the transmitting device to wait so the information in the buffer can be sent. This intervention is called flow control.
The method of flow control depends on whether the ports are set to full­duplex or half-duplex. If a port is operating at half-duplex, the switch sends a collision which causes the transmitting device to wait. If the port operates at full-duplex, the switch sends out an 802.3x PAUSE frame. You can enable or disable flow control for each port on the NetStructure 470 switches.
Priority
IEEE 802.1p is part of a new standard for tagging, or adding additional information (4 bytes) to packets to indicate a priority level. When these packets are sent out on the network, the higher priority packets are transferred first. Priority packet tagging (also known as Traffic Class Expediting) is usually set at the adapter and works with other elements of the network (switches, routers) to deliver priority packets first. 802.1p tagging consists of eight levels from 0 (low) to 7 (high).
56
The NetStructure 470 switches have the ability to read IEEE 802.1p priority tags and forward traffic on a per port basis. Each switch has two priority queues and routes traffic to a queue depending on the packets tag. For example, when a packet comes into the switch with a high priority tag, the switch routes the packet to its high-priority queue.
Even though there are eight priority levels, the switch can only route a packet into one of the two queues. The switch maps levels 0-3 to the low queue and levels 4-7 to the high queue. If a packet is untagged, the switch determines the best way to send the packet.
CHAPTER 5
Using Local Management
Local Management
Configure GBIC Ports (470T only)
Description
LOCATION
Main Menu
Configure Device
Configure GBIC Ports
Port 7- and 8-GBIC: Displays the type of GBIC installed on the switch. State: Disables or enables ports (press z). Speed/Duplex: The GBIC ports operate at 1000Mbps/full-duplex only;
this is a view-only field.
Flow Control: Enables or disables flow control (press z). Priority: Changes the settings (press z). <Frame> reads the
packets 802.1 priority tag and handles it accordingly. <Normal> or <High> forces the packet into one of two priority queues. Forcing a packet into a queue does not retag the packet.
Link: Indicates the ports current link status:
--: Indicates no device link or port is disabled. 1000M: Indicates the ports speed. Full: Indicates a device is connected at full-duplex. IEEE/BackP: Indicates the type of flow control, either IEEE PAUSE
frames or backpressure.
Partitioned: Indicates port was disabled due to a partition error. Source mirror/Target mirror: Indicates the port being mirrored and
where the data is being sent to.
57
CHAPTER 5
Intel® NetStructure 470T and 470F Switches User Guide
Priority Tagging
Description
LOCATION
Main Menu
Configure Device
Priority Tagging
With priority tagging, you can specify a priority value for traffic based on MAC source or destination addresses. For example, you could tag all packets from computer A with a priority of 7 (high).
When you define priority tagging, you can specify a priority value from 0 (low) to 7 (high). Traffic with a priority value of 0 - 3 is routed through the switchs low priority queue. Traffic with a priority value of 4 - 7 is routed through the switchs high priority queue.
Tag traffic: Select source or destination as the criteria for tagged traffic. Enter MAC: Type the source or destination MAC address of traffic to tag
with a priority value. VLAN ID: If the device whose MAC address you are adding to the list is a
member of a VLAN, type the VLAN ID here. Priority level: Toggle to the desired priority level. Traffic with a priority
of 0–3 is routed through the low priority queue; 4–7 is routed through the high priority queue.
ADD or DELETE: Adds or deletes the specified MAC address.
58
CHAPTER 5
Using Local Management
Local Management
Switch Settings
Description
LOCATION
Main Menu
Configure Device
Switch Settings
NOTE
Write down both the firmware version and Boot PROM version in case you need to contact Intel Customer Support.
Name: Assigns a name to the switch, up to 40 characters long. Location: Assigns a location to the switch, up to 40 characters long. Contact: Assigns a contact person or phone number to the switch, up to 40
characters long.
Device type: Displays the manufacturer-assigned type of switch. Description: Displays description of switch. Port 7- and 8-GBIC: Displays the type of GBIC detected, if applicable. MAC address: Displays the unique hardware address assigned by Intel. Boot PROM version: Displays the version of the switchs boot code.
®
Firmware version: Displays the version of the firmware installed on the switch. You can update this software through the Update Firmware and Configuration Files screen.
Serial number: Displays the hardware serial number for the switch. Hardware revision: Displays the version of the switchs PCB. CONFIGURE ADVANCED SETTINGS: Sets advanced switch settings
such as port auto-partition and Head of Line blocking.
59
CHAPTER 5
Intel® NetStructure 470T and 470F Switches User Guide
Configure Advanced Switch Settings
Description
LOCATION
Main Menu
Configure Device
Switch Settings
Configure Advanced...
Head of Line (HOL) blocking prevention: If this option is enabled it prevents the forwarding of data to a port that is blocked. Normally, when the switch sends traffic out from a port, the data goes to the ports transmit queue and then is sent out. If the ports transmit queue is already busy trying to send out data the switch places the waiting traffic in the buffer memory until the port is ready to send it out.
However, if the ports transmit queue remains full, the switch fills up more of the buffer with traffic waiting to be sent on that port. HOL blocking works on the assumption that it is better to drop the traffic waiting in the buffer than to continue using more memory and impacting performance across all the ports.
High-priority packet service ratio: This option lets you determine how many high-priority packets are sent out by the switch before sending a low­priority packet. For example, a ratio of 8 high:1 low means that the switch will send out eight high-priority packets before sending out one low­priority packet.
60
CHAPTER 5
Using Local Management
Local Management
Configure Spanning Tree Protocol
Description
LOCATION
Main Menu
Configure Device
Spanning Tree Protocol
The IEEE 802.1D Spanning Tree Protocol specification prevents loops in a network by allowing only one active path between any two network devices at a time.
Spanning Tree status: Enables or disables (press z) support for the Spanning Tree Protocol, where the entire switch is a bridge for which you can set spanning tree parameters. (Note: If you are running 802.1Q VLANs, spanning tree is turned on automatically by the switch.)
Topology changes: Displays the number of times the spanning tree has changed its configuration.
Time since change: Displays the elapsed time (since the last switch reboot) since the spanning tree last changed its topology (the paths used to get through the network).
Root MAC address, Root path cost, Root port: Display information used by the root bridge in the same spanning tree as the switch.
Switch priority: Determines priority. Type a number from 0 to 65535 (default is 32768). The device with the lowest number becomes the root device (starting point for the spanning tree).
61
CHAPTER 5
Intel® NetStructure 470T and 470F Switches User Guide
Hello time: Displays the time between transmissions of configuration BPDUs (Bridge Protocol Data Units) when the switch is, or is attempting to become, the root in the spanning tree. Type a number from 1 to 10 seconds (default is 2 seconds).
Max age: Displays the maximum time that information from a configuration BPDU is used by the switch before it is discarded. Type a number from 6 to 40 seconds (default is 20 seconds).
Forward delay: Displays the amount of time between port states when the spanning tree is changing its status from blocking to forwarding. Type a number from 4 to 30 seconds (default is 15 seconds).
CONFIGURE SPANNING TREE FOR PORTS: Takes you to the screen where you can set spanning tree values for individual ports.
62
CHAPTER 5
Using Local Management
Local Management
Configure Spanning Tree for Ports
Description
LOCATION
Main Menu
Configure Device
Spanning Tree Protocol
Configure STP for Ports
Port: Identifies port numbers; select the port you want to configure for spanning tree.
STP State: Enables or disables each port to be active in the spanning tree (press z).
Cost: Forwards information to spanning tree, which determines alternate routes in the network to forward traffic. Type a number from 1 to 65535 (default is 10). The higher the cost of a port, the lower the chance of this port being used to forward traffic. When possible, assign a port a low cost if it is connected to a fast network segment.
Priority: Sets the ports priority in the spanning tree. Type a number from 0 to 65535. The higher the value, the lower the chance of this port being used as the root port. If two ports on the switch have the same priority value, the spanning tree uses the port with the lowest number. For example, the spanning tree would choose port 1 over port 4 if they both had the same priority setting. The default for this field is 128.
63
CHAPTER 5
Intel® NetStructure 470T and 470F Switches User Guide
Forwarding and Filtering
Description
LOCATION
Main Menu
Configure Device
Forwarding and Filtering
Lock address table: Determines if the table learns new MAC addresses (press z). <Yes> prevents the switch from learning new MAC addresses. Any existing addresses that the switch has learned remain in the address table.
MAC address aging: Sets the time period (in seconds) at which the switch scans its MAC address table to determine the age of entries.
Configure IGMP snooping: Sets Internet Group Management Protocols (IGMP) options for multimedia applications, such as desktop video conferencing, that use IP multicast addresses.
Configure permanent MAC addresses: Allows permanent mapping between a network device and a port.
Configure port security: Configures the switch to only allow the transmission of authorized traffic over a particular port(s).
Configure MAC address filtering: Allows the switch to drop traffic based on MAC source or destination addresses.
Configure Ethernet multicast filtering: Blocks or forwards traffic over each port for Ethernet (MAC-based) multicast groups.
64
CHAPTER 5
Using Local Management
Local Management
Configure IGMP Snooping
Description
LOCATION
Main Menu
Configure Device
Forwarding and Filtering
IGMP Snooping
IGMP snooping (Internet Group Management Protocol) allows the switch to forward multicast traffic intelligently. The switch snoops the IGMP query and report messages and forwards traffic only to the ports that request the multicast traffic. This prevents the switch from broadcasting the traffic to all ports and possibly affecting network performance.
IGMP requires a router that learns about the presence of multicast groups on its subnets and keeps track of group membership. Note: Multicasting is not connection oriented, so data is delivered to the requesting hosts on a best-effort level of service.
VLAN Name (port-based or tag-based VLANs only): Displays the VLAN for which IGMP snooping is enabled. You can also enable IGMP snooping for a VLAN on the Create an 802.1Q VLAN screen.
IGMP Snooping state: Enables or disables IGMP Snooping (press z).
IGMP Snooping age-out timer: Indicates the amount of time (in seconds) the switch waits to receive IGMP queries. The default time is 300 seconds. A query allows the server to determine which network hosts are (or want to be) part of the IP multicast group, and are configured and ready to receive traffic for the given application.
65
CHAPTER 5
Intel® NetStructure 470T and 470F Switches User Guide
Configure Static MAC Addresses
Description
LOCATION
Main Menu
Configure Device
Forwarding and Filtering
Configure Static...
NOTE
If tag-based or port-based VLANs are currently active, you must assign each static MAC address to a specific VLAN.
Static MAC addresses are MAC addresses that remain in the switch’s address table, whether or not the device is physically connected to the switch. After you define a static MAC address, it remains in the switch’s address table until you remove it.
Enter MAC: Indicates the MAC address you want to permanently add to the address table.
VLAN or VLAN ID: Indicates VLAN or VLAN ID. When VLANs are active on the switch you can define static MAC addresses for each VLAN. If port-based VLANs are active press z to select a VLAN. If tag­based VLANs are active, type the VLAN ID that the static MAC address will be assigned.
Select port: Selects a port on the switch to which the switch forwards traffic (press z).
ADD/DELETE: Adds or removes a MAC address from the switchs table.
66
CHAPTER 5
Using Local Management
Local Management
Configure Port Security
Description
LOCATION
Main Menu
Configure Device
Forwarding and Filtering
Configure Port Security
NOTE
You must first configure port security before configuring a static MAC address.
If you locked the address table on the Forwarding and Filtering screen, you must return to the screen and unlock the table before making changes on the Port Security screen.
Port security prevents unauthorized access of a port by securing a list of specific MAC addresses to a port. If the switch sees a MAC address that is not on the secured list, it discards the packet.
To set port security from Local Management
1 On the Configure Device screen, select Forwarding and Filtering. 2 Select Configure Port Security.
3 Select a port you want to secure. Press z in the Learning field to
disable the ports ability to learn new MAC addresses.
4 Press q to move up a level, and then select the Configure Static
MAC Addresses screen.
5 Define a list of MAC addresses and assign them to the same port you
secured in the Port Security screen.
To turn off port security
1 On the Configure Device screen, select Forwarding and Filtering. Select
Configure Port Security.
2 Select the port on which you want to disable security. Press z in
the Learning field to disable security and enable the port to learn new MAC addresses.
67
CHAPTER 5
Intel® NetStructure 470T and 470F Switches User Guide
Configure MAC Address Filtering
Description
LOCATION
Main Menu
Configure Device
Forwarding and Filtering
MAC Address Filtering
NOTE
If tag-based (IEEE 802.1Q) or port-based VLANs are currently active and you want to enable MAC address filtering, you must assign each MAC address filter to a specific VLAN.
MAC address filtering allows the switch to drop unwanted packets. The switch drop a packet when it sees the specified MAC address in either the source address or destination address. For example, if your network is congested because of high utilization from a specific MAC address, you can filter all packets transmitted from that address and restore network flow while you troubleshoot the problem.
Enter MAC: Indicates the MAC address you want to filter. VLAN/VLAN ID: Indicates VLAN or VLAN ID. If VLANs are active on
the switch, you can set MAC address filtering on a per VLAN basis. For port-based VLANs, press z to select the name of the VLAN. For tag-based VLANs, type the VLAN ID.
ADD/DELETE: Adds or removes a MAC address from the switchs table.
68
CHAPTER 5
Using Local Management
Local Management
Configure Ethernet Multicast Filtering
Description
LOCATION
Main Menu
Configure Device
Forwarding and Filtering
Configure Ethernet...
NOTE
If tag-based (IEEE 802.1Q) or port-based VLANs are currently active and you want to enable MAC address filtering, you must assign each multicast filter to a specific VLAN.
You can use Ethernet multicast filters to define which ports can receive multicast traffic from a specific multicast MAC address.
VLAN/VLAN ID: Indicates VLAN or VLAN ID. If VLANs are active on the switch you can set Ethernet multicast filtering on a per VLAN basis. For port-based VLANs, press z to select the name of VLAN. For tag-based VLANs, type the VLAN ID in the Multicast address field.
Multicast address: Indicates the MAC address you want to add, delete, or apply a filter to.
ADD/DELETE: Adds or removes a MAC address from the switchs table.
To adding or deleting a multicast filter
1 In the Multicast address field, type a multicast address. 2 If the switch is running tag-based or port-based VLANs, select a VLAN
to locate the filter.
3 To add a filter, select ADD using the arrow keys and press E. 4 To remove a filter, type the MAC address in the Multicast field, select
DELETE, and then press E.
69
CHAPTER 5
LOCATION
Main Menu
Configure Device
Forwarding and Filtering
Configure Ethernet...
Multicast filters per port
Intel® NetStructure 470T and 470F Switches User Guide
Ethernet Multicast Filtering (Ports)
Description
Action: Blocks or forwards traffic to the selected port (press z). APPLY CHANGES: Applies the changes to the multicast filter after you
configure the ports. N/P: Scrolls through the addresses. (Press N (Next Page) or P (Previous
Page).
70
To modify a multicast filter
1 On the Configure Ethernet Multicast Filter screen, use the arrow
keys to select an address from the list on the right side of the screen. Press E.
2 Determine which ports can receive the multicast traffic by using
z to set Forward or Block for each port.
3 Select APPLY CHANGES and press E. This activates the
changes to the multicast filter and returns you to the previous screen.
CHAPTER 5
Using Local Management
Local Management
Port Mirroring
Description
LOCATION
Main Menu
Configure Device
Port Mirroring
NOTE
Do not mirror traffic to a target port that is connected to a network device other than a protocol analyzer. The device’s behavior may be unpredictable.
Port mirroring is a diagnostic tool you can use to send a copy of the good Ethernet frames transmitted or received on one port to another port. On the second port you can attach a protocol analyzer to capture and analyze the data without interfering with the client on the original port.
Source port: Selects the port whose traffic you want to mirror (press
z). Target port: Selects a port to receive the mirrored traffic (press z).
If you are using a protocol analyzer, connect it to this port. State: Enables or disables ports mirror (press z).
71
CHAPTER 5
Intel® NetStructure 470T and 470F Switches User Guide
Link Aggregation
Description
LOCATION
Main Menu
Configure Device
Link Aggregation
NOTE
All custom settings for a port (including VLAN membership) are lost when you add that port to a link aggregation.
When configuring link aggrega­tion between two 470 switches, you must connect anchor port to anchor port, and member port to member port.
Link aggregation is a way of combining ports on the switch to increase the available bandwidth and provide redundant links. All ports in the aggregated link take on the characteristics of the anchor port. This means if you set the anchor port to 1000Mbps full duplex (470T only), all the ports aggregated to that anchor port share the same setting. You can set a maximum of four aggregated groups on the switch.
Anchor Port: Displays the first port in the link aggregation. Width: Sets the total number of (consecutive) member ports in the
aggregated link (press z). The minimum number of ports for an aggregated link is two, and the maximum is four. The link aggregation width includes the anchor port.
Aggregation Group Name: Assigns a name to the aggregated links for management or identification purposes.
Status: Enables or disables the aggregated link (press z).
72
CHAPTER 5
Using Local Management
Local Management
Broadcast Storm Control
Description
LOCATION
Main Menu
Configure Device
Broadcast Storm Control
You can use broadcast storm control to filter out broadcasts from faulty devices to prevent them from degrading network performance.
For a more information about of broadcast storm control, see Chapter 2. Setting: Enables or disables broadcast storm control on each port (press
z). Upper Threshold: Sets the threshold of broadcast traffic on a port (shown
as a percentage of the ports total bandwidth) that activates broadcast storm control. Type a value from 1–20%. The default value is 20%.
73
CHAPTER 5
Intel® NetStructure 470T and 470F Switches User Guide
Configure Management Menu
Description
LOCATION
Main Menu
Configure Management
Configure community strings & trap receivers: Assigns the switch’s community strings and sets trap receiving stations.
Administer user accounts: Configures user accounts. You can add or delete users, update passwords, and change a users access levels.
Define IP access list: Create a list of IP addresses that can access the switch through Telnet, Web Manager, or SNMP.
Update firmware and configuration files: Configures the switch’s internal software and specifies the location of configuration files.
Reset and console options: Reboots the switch or changes the settings on the serial port. You can also use this option to set the switch back to its factory defaults.
74
CHAPTER 5
LOCATION
Main Menu
Configure Management
Community Strings and . . .
Using Local Management
Local Management
Community Strings & Trap Receivers
Description
Use this screen to send alerts to PCs with SNMP management applications (such as Intel® Device View) installed.
Current read community: Sets a password for viewing (not changing) the switch configuration. The string you define here must match the read community string defined in the SNMP application. The default read community string is public.
NOTE
These are the traps supported by the switch:
Power to the switch was cycled or reset.
Link, speed, or other status changes on a port.
Authentication failure.
Current write community: Sets a password for viewing and changing the switch configuration. The string you define here must match the write community string defined in the SNMP application. The default write community string is private.
Trap Receiving Stations: When an event occurs, the switch automatically alerts the SNMP management application by sending a trap to the SNMP management stations (for example, PCs) defined here.
Station IP address: Displays the IP addresses of PCs with SNMP applications (such as Intel Device View or LANDesk® Network Manager) installed.
State: Enables or disables sending of traps to the specified trap receiver.
Community string: Specifies a string for the trap that matches the community string defined in the SNMP management application. The default is public.
75
CHAPTER 5
Intel® NetStructure 470T and 470F Switches User Guide
Administer User Accounts
Description
LOCATION
Main Menu
Configure Management
Administer User Accounts
Add Users/Change Passwords
Username: By default, no username is assigned. Usernames can
consist of any character and can be up to 15 characters long. You can define three usernames.
Old Password: Used when changing the password of a current user. If this is a new account, you can skip to the New Password field. By default, no password is assigned.
New password: Sets a new password for accessing Local Management. The password you specify here is used the next time you reset the switch or log out and log in to Local and Web Management. Passwords are case-sensitive and can be up to 15 characters long.
Confirm new password: Verifies the entry in the New password field.
76
CHAPTER 5
Using Local Management
Local Management
Access level: Establishes a users access rights (press z). Administrators can make any changes to Local Management. All other users (categorized under Normal user) can view information but cannot make changes. To change a users access rights, see the To modify a users access level section of this chapter.
APPLY CHANGES: Saves changes when adding users or changing passwords.
Modify User Accounts
Access level: Changes access rights for the user (press z). Delete: Deletes an account (press z to change the value to
<Yes>). The default value is <No>. APPLY CHANGES: Saves changes when modifying or deleting user
accounts.
77
CHAPTER 5
Intel® NetStructure 470T and 470F Switches User Guide
Managing User Accounts
System Administrators can create up to three user accounts for managing the switch. You can also change the access rights for current users and delete user accounts. Make sure you always set up at least one Administrator account.
To create a user account
1 On the Main Menu, select Configure Management, and then press
E. Select Administer User Accounts and press E .
2 On the User Accounts screen, type the name of the new user in the
Username field, and then press E .
3 Because this is a new user, press T
and then go to the New password field.
4 Type the password for the new user, and then press E . Passwords
are case-sensitive and can be up to 15 characters long.
5 To confirm the new password, retype it in the Confirm new password
field. Press E .
6 Select the access rights for the new user by pressing z . 7 To save the information, press T to select SAVE CHANGES
(below the Confirm new password field), and then press E . The new account appears in the list under Modify User Accounts.
to skip the Old password field,
78
To change a password
1 On the Main Menu, select Configure Management, and then press
E . Select Administer User Accounts, and then press E .
2 In the Username field, type the username of the account for which you
want to change the password. Press E .
3 Type the current password in the Old password field, and then press
E .
4 Type the new password in the New password field, and then press
E .
5 To confirm the password, retype it in the Confirm new password field.
Press E .
CHAPTER 5
Using Local Management
Local Management
6 To save the new password, press T to select SAVE CHANGES
(below the Confirm new password field) and press E .
To modify a users access level
1 On the Main Menu, select Configure Management, and then press
E. Select Administer User Accounts and press E. 2 Under Access Level, press T to select the account to be modified. 3 Press z to change the users access rights. Users with
Administrator access can make changes to the management
configuration; users with Normal User access can view the
configuration but cannot make changes. 4 To save changes, press T to select SAVE CHANGES at the
bottom of the screen and press E .
To delete a user account
1 On the Main Menu, select Configure Management, press E .
Select Administer User Accounts, and then press E .
2 Under Delete, select the account to be removed. 3 Press z to select <Yes>. 4 To remove the user account, press T to select SAVE CHANGES
at the bottom of the screen and press E .
79
CHAPTER 5
LOCATION
Main Menu
Configure Management
Define IP Access List
Intel® NetStructure 470T and 470F Switches User Guide
Define IP Access List
Description
Users with IP addresses defined on the access list can manage the switch. If user names and passwords are set up, the user must also enter a valid user name and password when accessing the console. If you do not create an access list, any user with a valid user name and password can manage the switch. The IP access list provides a second level of security beyond that of a user name and password.
NOTE
The IP access list does not pre­vent unauthorized users from accessing switch management through the serial port.
80
If you create an access list, the first address you add must be the one from which you are accessing the switch. Only users with IP addresses defined on the access list can ping the switch.
The IP access list can contain up to eight IP addresses. Action: Specifies whether you want to add or delete an IP address. Press
z to toggle between <Add> and <Delete>. IP address: Type the IP address you want to add or delete from the access
list and then press E. The IP access list can contain up to eight IP addresses.
CHAPTER 5
LOCATION
Main Menu
Configure Management
Update Firmware and . . .
Using Local Management
Local Management
Update Firmware and Config Files
Description
Software update mode: Choose to update switch firmware over the network or through a serial port. SLIP/PPP is available only after changing the Port setting in the Reset and Console Options in the Configure Management menu (press z).
TFTP server address: Displays the IP address of the TFTP server.
NOTE
Check the Intel® Support Web site for firmware updates to the 470 switch.
Update Management Module Firmware:
Firmware update: Enables or disables the firmware update (press
z). When enabled, the switch searches for the TFTP server specified at the top of the screen and attempts to update the firmware.
Firmware file name: Displays the path and filename of the firmware located on the server.
Change Configuration File:
Config file download: Enables or disables the ability to download a
configuration file (press z). When enabled, the switch searches for the TFTP server specified at the top of the screen.
Config file name: Displays the path and filename of the configuration file located on the server.
Last TFTP server address: Displays the IP address of the last TFTP server accessed by the switch.
REBOOT TO START UPDATE: Starts the update process. The switch reboots and downloads the specified file.
81
CHAPTER 5
Intel® NetStructure 470T and 470F Switches User Guide
Reset and Console Options
Description
LOCATION
Main Menu
Configure Management
Reset and Console Options
Reset Options
Reboot switch: Reboots the switch. If you changed the IP
configuration or login setting, the new settings take effect after you select this option.
Reset switch settings to factory defaults: Clears any saved settings or current changes and resets the switch back to its factory defaults. All counters are cleared and the switch starts sending BOOTP requests.
Serial Port Settings
Port setting: Configures the switchs serial port. Press z to
toggle between <Console>, <SLIP>, and <PPP>. Settings take effect on the next reboot.
Console timeout: Logs out a user after a period of inactivity. Settings are from 0–60 minutes in 15-minute increments. A setting of <Never> means no timeout. The default is 60 minutes.
82
CHAPTER 5
Using Local Management
Local Management
Configure VLAN Operation Mode
Description
LOCATION
Main Menu
Configure VLAN (if switch is in Default Mode)
NOTE
The first time you configure the switch, the system takes you directly to the Configure VLAN Operation Mode screen.
Use this screen to activate or change the type of VLAN operating on the switch. If there are no VLANs active on the switch, this is the first screen displayed when you select Configure VLAN from the Main Menu. By default, VLANs are not active on the Intel® NetStructure 470F and 470T Switches so they must be activated before you can start configuring them.
The 470 switches support only one type of VLAN operating at a time. However, you can have multiple VLANs of the same type.
Select the type of VLAN: Changes the type of VLAN on the switch (press z). The 470 switches support three types of VLANs: port-based, IEEE 802.1Q (tag-based), and protocol-based.
APPLY: Activates the changes to the VLAN and reboots the switch.
To change VLAN modes
1 On the Main Menu, select Configure VLAN. 2 On the Configure VLAN menu, select VLAN Operation Mode. 3 Press z to change the type of VLAN on the switch. Press
E.
4 Select the APPLY button and press E. This reboots the switch
and changes the VLAN mode.
83
CHAPTER 5
Intel® NetStructure 470T and 470F Switches User Guide
Port-based VLANs
Description
LOCATION
Main Menu
Configure VLAN
Port-based VLANs are the simplest type of VLAN. With a port-based VLAN you can create multiple VLANs, each with its own broadcast domain and member ports.
For example, if port 3 is in VLAN_1 and port 5 is in VLAN_2 the two ports cannot communicate with each other even though they are part of the same switch. A port can only be a member of a single port-based VLAN. Any port that is not a member of a user-defined VLAN is a member of the DEFAULT_VLAN.
VLAN operation mode: Changes the type of VLAN operating on the switch, or disables VLANs entirely.
Add a port-based VLAN: Creates a port-based VLAN and adds ports to the VLAN.
Edit/delete a port-based VLAN: Selects a VLAN to change port membership in the VLAN, or removes a VLAN from the switch.
84
CHAPTER 5
Using Local Management
Local Management
Add a Port-based VLAN
Description
LOCATION
Main Menu
Configure VLAN
Add a Port-based VLAN
VLAN Name: Assigns a name to the VLAN. Names can consist of any character (no spaces) and be up to 12 characters long. After a VLAN is created the name cannot be changed. If you want to change the name you must delete the VLAN, create a new one, and assign the ports to the new VLAN.
Port: Specifies the port you want in the VLAN. Member: Determines which ports are part of the VLAN being created.
Ports can be members of only one port-based VLAN. Press z to toggle the following options:
<Yes> The port is a member of the VLAN.
<No > The port is not a member of the VLAN.
The port is part of an aggregated link; the anchor port
determines membership in a VLAN.
N/A Displayed if the port is already participating in another
VLAN, or for the 470T, that a GBIC slot is open. Ports can belong to only one port-based VLAN.
APPLY: Creates the VLAN and activates the settings.
85
CHAPTER 5
LOCATION
Main Menu
Configure VLAN
Edit/Delete a Port-based VLAN
Edit VLAN
Intel® NetStructure 470T and 470F Switches User Guide
To create a port-based VLAN
1 On the Main Menu, select Configure VLAN.
Note: Make sure the switchs current VLAN operation mode is set to
port-based VLAN. If another type of VLAN is running, see Configure VLAN Operation Mode earlier in this chapter to change the VLAN operation mode.
2 Select Add a Port-based VLAN and press E. 3 Type a name for the new VLAN and press E. 4 Select ports to add to the VLAN and use z to toggle the
Member field to Yes.
5 Select the APPLY button and press E.
Edit/Delete a Port-based VLAN
NOTE
The DEFAULT_VLAN cannot be deleted from the switch.
86
Description
Action: Indicates whether to delete a VLAN or to change its port membership. Press z to toggle between <Edit> or <Delete>, then use T or S to select a VLAN, and press E. If deleting, press
E
VLAN Name: Displays the name of an available port-based VLAN. Ports: Displays the number of member ports in the specified VLAN.
again to confirm deletion.
CHAPTER 5
Using Local Management
Local Management
Change Port Membership in a VLAN
Description
LOCATION
Main Menu
Configure VLAN
Edit/Delete a Port-based VLAN
This screen is similar to the VLAN creation screen. You can change the membership status of ports within the VLAN but you cannot change the name of the VLAN.
VLAN Name: Displays the name of the VLAN you are configuring. Port: Displays the port numbers. Select the port you want to add to or
eliminate from the VLAN. Member: Determines which ports are part of the current VLAN. Ports can
be members of only one port-based VLAN. Press z to toggle the following options:
<Yes> The port is a member of the VLAN.
<No > The port is not a member of the VLAN.
The port is part of a aggregated link.
N/A Displayed if the port is already participating in another
VLAN. Ports can belong to only one VLAN.
APPLY: Activates the settings.
87
CHAPTER 5
Intel® NetStructure 470T and 470F Switches User Guide
Configure 802.1Q VLANs
Description
LOCATION
Main Menu
Configure VLAN
VLAN operation mode: Changes the type of VLAN operating on the switch, or disables VLANs entirely.
Create an IEEE 802.1Q VLAN: Creates a new 802.1Q VLAN and adds ports to the VLAN.
Edit/Delete an IEEE 802.1Q VLAN: Changes port membership of an existing VLAN or removes a VLAN from the switch.
Configure VLAN ID for Untagged Devices (PVID): Assigns a VLAN to inbound packets without a VID.
GVRP and ingress filter settings: Sets port-level options for dynamic VLAN creation and packet filtering by the VLAN.
88
CHAPTER 5
Using Local Management
Local Management
Add an IEEE 802.1Q VLAN (Configure Port Membership)
LOCATION
Main Menu
Configure VLAN
Create an 802.1Q VLAN
NOTE
A ‘+’ next to the Member indicates that the port is a member of more than one VLAN.
Description
VLAN Name: Assigns a name to the VLAN. The name can consist of any character (no spaces) and be up to 12 characters long. After a VLAN is created the name cannot be changed.
VLAN ID: Assigns a unique ID number for the VLAN. This number is used to identify all packets belonging to that VLAN. Type a number from 2 to 4094. The DEFAULT_VLAN (created when you select a VLAN mode) has a VID of 1.
Allow IGMP Snooping: Indicates if the switch performs IGMP snooping on this VLAN (press z). A maximum of 12 IGMP snooping sessions are allowed.
Member: Identifies which ports are part of the VLAN being created. Press z to toggle the following options:
<Yes> The port is a member of the VLAN. <No > The port is not a member of the VLAN. – The port is part of an aggregated link.
NEXT: Sends you to the Add an IEEE 802.1Q VLAN (Configure Port Tagging) screen.
89
CHAPTER 5
Intel® NetStructure 470T and 470F Switches User Guide
Add an IEEE 802.1Q VLAN (Configure Port Tagging)
LOCATION
Main Menu
Configure VLAN
Create an 802.1Q VLAN
Add an 802.1Q VLAN...
Description
VLAN Name: Displays the VLAN name assigned on the Add an IEEE
802.1Q VLAN (Configure Port Membership) screen. VLAN ID: Displays the VLAN ID assigned on the Add an IEEE 802.1Q
VLAN screen. Action: Indicates whether the device connected to this port supports
tagging (press z). PREV: Returns you to the Add an IEEE 802.1Q VLAN (Configure Port
Membership) screen. DONE: Returns you to the Configure 802.1Q VLANs screen.
90
CHAPTER 5
LOCATION
Main Menu
Configure VLAN
Configure PVID for...
Using Local Management
Local Management
Configuring 802.1Q VLANs
Setting up an 802.1Q VLAN is a three-step process. First, create a VLAN on the switch. Second, make sure that tagging is set up properly for your attached devices. Third, configure those devices that dont support tagging.
Step 1: Create an 802.1Q VLAN and add ports
1 On the Main Menu, select Configure VLAN.
Note: Make sure the switchs current VLAN operation mode is set to
IEEE 802.1Q VLAN. Refer to Configure VLAN Operation Mode earlier in this chapter to change the VLAN operation mode.
2 Select Create an IEEE 802.1Q VLAN and press E. 3 Type a name for the new VLAN (no spaces) and press E. 4 Type a VLAN ID (VID) and press E. The ID can be any number
from 2 to 4094.
5 Determine if you want to allow IGMP Snooping on this VLAN. This is
important because the switch can support more 802.1Q VLANs than the maximum of 12 IGMP Snooping sessions available.
6 Select ports to add to the VLAN. Press z to toggle the
Member field to Yes.
7 Select the NEXT button and press E.
Step 2: Configure tagging for member ports
Note: If the device on a particular port does not support tags, configure that port as untagged. Configuring a device as untagged ensures that the switch removes tags from packets before they leave the switch for the device.
1 Press z to select Tag or Untag for each port that is a member of
the VLAN.
2 Select the DONE button and press E.
If you configured any of the ports in the VLAN as Untagged, proceed to step 3, Configure VLAN for untagged devices, to configure ports for untagged devices and associate those ports with a PVID (port VLAN ID).
91
CHAPTER 5
NOTE
Determine which devices on your network support tag-based VLANs and which do not before you start this procedure.
Intel® NetStructure 470T and 470F Switches User Guide
Step 3: Configure VLAN for untagged devices
Even if the device attached to the switch doesnt support 802.1Q tags it can participate in the VLAN. When communicating with untagged devices the switch:
Determines how to forward untagged traffic. For untagged traffic, the switch assigns a default VID to the incoming traffic from the untagged device. Normally, all untagged traffic received on the switch is assigned a VLAN ID=1 or the DEFAULT_VLAN. You can change this PVID to the VID of the VLAN you want the port to use.
Strips 802.1Q tags before sending traffic to the untagged device. When the switch needs to send traffic from a port to an untagged device, it strips the 802.1Q tag. Otherwise, the untagged device may not understand how to process the VID tag.
To add a untagged device to a 802.1Q VLAN
1 Ensure that the port is a member of the VLAN. Refer to the procedure
in step 1, Create an 802.1Q VLAN and add ports,” to add a port to a
802.1Q VLAN.
2 On the Configure VLAN menu, select Configure VLAN ID for
Untagged Devices and press E.
3 Select the port where the untagged device is connected. For example,
port 7.
4 Type the VID of the VLAN you want the port to belong to and press
E. This is the same ID number you entered in step 1, “Create an
802.1Q VLAN and add ports.
5 Select APPLY and press E to activate the changes.
92
By specifying a VID you set the switch to assign a particular VID to any incoming traffic it receives on that port.
CHAPTER 5
Using Local Management
Local Management
Edit/Delete an 802.1Q VLAN
Description
LOCATION
Main Menu
Configure VLAN
Edit/Delete an 802.1Q VLAN
Use this screen to select a VLAN to edit the port membership in the VLAN or delete the VLAN from the switch.
Action: Specifies whether you want to edit or delete a VLAN. Press z to toggle between <Edit> and <Delete>, select a VLAN from the list, and then press E.
VLAN Name: Displays the name of the VLAN you are configuring. VLAN ID: Displays the number assigned to identify this 802.1Q VLAN.
93
CHAPTER 5
Intel® NetStructure 470T and 470F Switches User Guide
Edit an IEEE 802.1Q VLAN (Configure Membership)
LOCATION
Main Menu
Configure VLAN
Edit/Delete IEEE 802.1Q VLAN
NOTE
A ‘+’ next to the Member toggle indicates that port is a member of more than one VLAN.
Description
Use this screen to change which ports are members of the VLAN.
VLAN Name: Displays the name of the VLAN you are editing or deleting. VLAN ID: Displays the ID number of the VLAN. This number identifies
all packets belonging to that VLAN. Allow IGMP Snooping: Identifies whether the switch performs IGMP
snooping on this VLAN (press z). There are a maximum of 12 IGMP snooping sessions allowed.
Member: Determines which ports are part of the VLAN being created. Press z to toggle the field for the following options:
<Yes> The port is a member of the VLAN. <No > The port is not a member of the VLAN. – The port is part of an aggregated link.
NEXT: Sends you to the Edit an IEEE 802.1Q VLAN (Configure Port Tagging) screen, where you can set egress tags (for outbound traffic).
94
Loading...