Intel NetStructure 470 User Manual

3.97 Mb
Loading...

Switch 470 NetStructure ® Intel

Guide User

Intel® NetStructure

470 Switch

User Guide

Copyright © 2001, Intel Corporation. All rights reserved.

Intel Corporation, 5200 NE Elam Young Parkway, Hillsboro OR 97124-6497

Intel Corporation assumes no responsibility for errors or omissions in this manual. Nor does Intel make any commitment to update the information contained herein. Intel is a trademark or registered trademark of Intel Corporation or its subsidiaries in the United States and other countries.

*Other product and corporate names may be trademarks of other companies and are used only for explanation and to the owners’ benefit, without intent to infringe.

Second Edition

June 2001

A18558-002

C O N T E N T S ContentsIntel® Ne Structure 470T and 470F Switches User Guide

1 Setting up the Intel® NetStructure™ 470T and

470F Switches

 

Overview ..........................................................................

1

 

Management ....................................................................

1

 

Switch Features ...............................................................

2

 

LEDs ................................................................................

3

 

Connection Guidelines .....................................................

4

 

Straight-through vs. Crossover Cables ............................

4

2

Using the Intel® NetStructure™ 470T and 470F

 

Switches

 

 

Overview ..........................................................................

7

 

Sample Configuration ......................................................

8

 

Flow Control .....................................................................

9

 

Broadcast Storm Control ..................................................

9

 

Spanning Tree Protocol ...................................................

10

 

Tagged Frames................................................................

11

 

Priority Tagging ................................................................

11

 

Link Aggregation ..............................................................

12

 

Virtual LANs .....................................................................

13

 

GARP VLAN Registration Protocol (GVRP) .....................

17

 

Internet Group Management Protocol (IGMP) .................

18

3

Using Intel® Device View

 

 

Overview ..........................................................................

19

 

Installing Intel Device View ..............................................

20

 

Starting Intel Device View ................................................

21

 

Installing a New Switch ....................................................

22

 

Using the Device Tree .....................................................

22

 

Managing a Switch ...........................................................

25

 

Viewing RMON Information .............................................

25

i

C O N T E N T S

Intel® NetStructure 470T and 470F Switches User Guide

 

4 Using the Web Device Manager

 

 

Overview ..........................................................................

27

 

Accessing the Web Device Manager ...............................

28

 

Navigating the Web Device Manager ...............................

28

 

Using Management Screens ............................................

29

 

Configuring the Switch’s IP Settings ................................

31

 

Configuring a Port ............................................................

32

 

Managing User Accounts .................................................

33

 

Configuring VLANs ..........................................................

35

 

Link Aggregation ..............................................................

41

 

Static MAC Addresses .....................................................

41

 

Setting Up Priority Tagging ..............................................

43

 

Configuring Community Strings and Trap Receivers .......

44

 

Monitoring Switch Activity ................................................

45

 

Viewing/Changing Switch Information ..............................

46

 

Updating Switch Firmware ...............................................

47

 

Saving Configuration Changes and Logging Out .............

48

 

5 Using Local Management

 

 

Overview ..........................................................................

49

 

Accessing Management ...................................................

49

 

Logon Screen ..................................................................

50

 

Navigation ........................................................................

51

 

Main Menu (Top Screen) .................................................

52

 

Configure Device .............................................................

53

 

IP Settings .......................................................................

54

 

Port Settings ....................................................................

55

 

Flow Control .....................................................................

56

 

Priority ..............................................................................

56

 

Configure GBIC Ports (470T only) ...................................

57

 

Priority Tagging ................................................................

58

 

Switch Settings ................................................................

59

 

Configure Advanced Switch Settings ...............................

60

 

Configure Spanning Tree Protocol ...................................

61

 

Configure Spanning Tree for Ports ..................................

63

 

Forwarding and Filtering ..................................................

64

ii

C O N T E N T S

Intel® NetStructure 470T and 470F Switches User Guide

Configure IGMP Snooping ...............................................

65

Configure Static MAC Addresses.....................................

66

Configure Port Security ....................................................

67

Configure MAC Address Filtering.....................................

68

Configure Ethernet Multicast Filtering ..............................

69

Ethernet Multicast Filtering (Ports) ...................................

70

Port Mirroring ...................................................................

71

Link Aggregation ..............................................................

72

Broadcast Storm Control .................................................

73

Configure Management Menu .........................................

74

Community Strings & Trap Receivers ..............................

75

Administer User Accounts ................................................

76

Managing User Accounts .................................................

78

Define IP Access List .......................................................

80

Update Firmware and Config Files ...................................

81

Reset and Console Options .............................................

82

Configure VLAN Operation Mode ....................................

83

Port-based VLANs ...........................................................

84

Add a Port-based VLAN ...................................................

85

Edit/Delete a Port-based VLAN........................................

86

Change Port Membership in a VLAN ...............................

87

Configure 802.1Q VLANs ................................................

88

Add an IEEE 802.1Q VLAN

 

(Configure Port Membership) ..............................

89

Add an IEEE 802.1Q VLAN (Configure Port Tagging) .....

90

Configuring 802.1Q VLANs ..............................................

91

Edit/Delete an 802.1Q VLAN ...........................................

93

Edit an IEEE 802.1Q VLAN (Configure Membership) ......

94

Edit an IEEE 802.1Q VLAN (Configure Port Tagging) .....

95

Configure VLAN ID for Untagged Traffic ..........................

96

GVRP and Ingress Filter Settings ....................................

97

Configure a Protocol-based VLAN ...................................

98

Add a Protocol-based VLAN ............................................

99

Edit/Delete a Protocol-based VLAN .................................

100

Edit a Protocol-based VLAN (Configure Membership) .....

101

iii

C O N T E N T S

Intel® NetStructure 470T and 470F Switches User Guide

Monitor (Network Statistics) .............................................

102

Switch Overview ..............................................................

103

Port Traffic Statistics ........................................................

104

Port Error Statistics ..........................................................

106

Packet Analysis ................................................................

108

IGMP Snooping Status ....................................................

109

Browse Address Table .....................................................

110

VLAN and GVRP Status ..................................................

112

Tools ................................................................................

113

Switch Event Log .............................................................

114

Ping a Device ...................................................................

115

Upload Configuration Image File......................................

116

Save Settings ...................................................................

117

Appendix A: Technical Information

119

Index

139

Intel Customer Support

146

iv

1

Setting up the Intel®

NetStructure™ 470T

and 470F Switches

 

Overview

 

This guide provides information on configuring and managing the Intel®

 

NetStructure™ 470T and 470F Switches. It is organized into five chapters:

• Chapter 1 - Identifying and connecting the switch hardware

• Chapter 2 - Using the switch in a LAN; advanced features such as link aggregation and VLANs

• Chapter 3 - Using Intel Device View

• Chapter 4 - Using Web Device Manager

• Chapter 5 - Using Local Management

Management

Through the switch’s built-in management you can configure the device and monitor network health. You can use any combination of the following methods to manage the switch.

SNMP management applications like Intel Device View, LANDesk® Network Manager, HP OpenView*, and IBM Tivoli NetView* are tailored for Intel products and show a graphical representation of the device.

Onboard management allows control over the switch without using an SNMP application. The Web Device Manager provides a graphical interface while Local Management is a menu-driven interface.

Other SNMP-compliant applications can manage the switches if you

compile the switch’s MIB files into that application.

1

C H A P T E R 1

Intel® NetStructure™ 470T and 470F Switches User Guide

Switch Features

These are the major features of the 470 switches.

8-port 470F Switch (Product Code ES470F)

Status

LED

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Link/Activity LEDs

 

 

 

 

 

Serial

 

 

 

1000 Base-SX

 

 

 

 

 

 

 

 

 

 

 

Port

 

 

 

Port

 

 

 

 

 

6+2-port 470T Switch (Product Code ES470T)

Status

LED

Speed LEDs

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Link/Activity LEDs

 

Serial

1000 Base-T

GBIC Port

(top row)

(bottom row)

 

Port

Port

 

 

 

 

Back of 470 Switch

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

MAC

AC Power

Address

Plug

100/1000 Base-T auto-negotiates speed, duplex, and flow control—100Mbps or 1000Mbps per port

470F supports 1000SX, 1000LX, and 1000LH GBICs

Half-duplex and full-duplex flow control

Port settings can be configured manually through management

Access menu-driven Local Management through the serial port or a Telnet session

Access the graphical Web Device Manager through a Web browser

2

C H A P T E R 1 Setting Up the Intel® NetStructure™ 470T and 470F Switches

LEDs

The LEDs to the left of the ports indicate port status, individual port speed, and activity.

470F

Status

Link/Activity

Setup Switch 470

NOTE

After the switch is turned on, the Status LED blinks green once before the diagnostic mode starts.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Status

 

 

 

 

470T

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Speed

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Link/Activity

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

LED

State

Meaning

 

 

 

 

 

Status

Blinking green

Switch is performing diagnostics and booting.

 

 

 

 

 

(This lasts for 20–30 seconds.)

 

Solid green

Diagnostics have passed, the switch is ready.

 

Blinking green

Diagnostics have failed. (After the initial 20–

 

 

 

 

 

30 seconds, the LED continues blinking.)

 

 

 

 

 

Link/Activity

Solid green

Device linked.

 

Blinking green

Receiving activity on that port.

 

Off

No link detected.

 

 

 

 

 

Speed

Solid green

Device connected at 1000Mbps.

(470T only)

Off

Device connected at 100Mbps.

 

 

 

 

 

 

 

 

 

 

3

C H A P T E R 1

Intel® NetStructure™ 470T and 470F Switches User Guide

NOTE

Use certified Category 5 cables to connect 1000Mbps devices to the switch.

Connection Guidelines

General

The 470T switch is can auto-negotiate port duplex. It can operate at half-duplex or full-duplex at 100Mbps, and full-duplex at 1000Mbps. The switch matches the highest possible speed (up to 1000Mbps) of an attached device.

The 470F operates at full-duplex and at 1000Mbps.

Cabling

Use Category 5 unshielded, twisted-pair (CAT 5 UTP) cable to connect 1000Mbps or 100Mbps devices to the switch.

Limit the cable length between devices to 100 meters (330 feet) for copper wire.

Use a straight-through cable to connect the switch to a server or workstation.

To connect to another switch or hub, use a crossover cable.

Straight-through vs. Crossover Cables

Switch ports are wired MDI-X, so use a straight-through cable to connect to a workstation or server (network adapter cards are wired MDI). To connect to another MDI-X port, use a crossover cable. The following pin arrangements are for the switch’s Ethernet port and the typical RJ-45 connector. The wiring diagrams illustrate how to wire a straight-through and crossover cable for 100Mbps and 1000Mbps devices.

Straight-Through UTP cable (100Mbps)

Switch (MDI-X)

Adapter (MDI)

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

4

C H A P T E R 1 Setting Up the Intel® NetStructure™ 470T and 470F Switches

Crossover UTP cable (100Mbps)

Switch (MDI-X) Hub (MDI-X)

Straight-Through UTP cable (1000Mbps)

Switch (MDI)

Switch (MDI)

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Setup Switch 470

5

C H A P T E R 1

Intel® NetStructure™ 470T and 470F Switches User Guide

6

2

Using the Intel®

NetStructure™ 470T

and 470F Switches

Overview

Chapter 2 provides an overview for using the Intel® NetStructure™ 470T and 470F Switches within a network. This chapter covers switching features like flow control and spanning tree, and includes a discussion of the more advanced features such as link aggregation and the types of VLANs available on the switch.

If you are familiar with switching technology you can skip ahead to a particular section within the chapter. The following list shows where you can find particular topics:

Sample Configuration page 8

Flow Control page 9

Broadcast Storm Control page 10

Spanning Tree Protocol page 11

Tagged Frames page 12

Priority Tagging page 12

Link Aggregation page 13

Virtual LANs page 14

GVRP page 18

Internet Group Management Protocol (IGMP) Snooping page 18

7

C H A P T E R 2

Intel® NetStructure™ 470T and 470F Switches User Guide

Sample Configuration

The following example illustrates how the 470T and 470F switches can be used in a network.

In this example, the Intel NetStructure 480T Routing Switch is the backbone of the network, providing routing capability. The 470T and 470F switches provide gigabit connectivity from the 480T to the Intel Express 460T Standalone Switches through the 460T gigabit uplinks.

100Mbps

1000Mbps

Link Aggregation group

Intel® NetStructure™ 470T Switch

Intel Express 460T

Standalone Switches

Intel® NetStructure™ 470F Switch

Intel Express 460T

Standalone Switches

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Servers

Intel® NetStructure™ 480T Routing Switch

 

8

C H A P T E R 2

Using the Intel® NetStructure™ 470T and 470F Switches

Flow Control

During heavy network activity, the switch’s port buffers can receive too much traffic and fill up faster than the switch can send the information. In cases like this, the switch tells the transmitting device to wait until the information in the buffer can be sent. This traffic control mechanism is called flow control.

The method of flow control depends on whether the port is set to full-duplex or half-duplex.

If a port operates at half-duplex, the switch sends a collision (also called backpressure) that causes the transmitting device to wait.

If the port operates at full-duplex, the switch sends out an IEEE 802.3x PAUSE frame.

You can enable or disable flow control for each port on the 470 switch.

Broadcast Storm Control

You can use broadcast storm control to control the amount of broadcast traffic serviced by the switch. You can prevent broadcasts from taking an excessive amount of network resources and degrading network performance.

To control the amount of broadcast traffic, set an upper threshold percentage for each port. The upper threshold is the percentage of the port’s total bandwidth that is available for broadcast traffic. For example, if a port’s upper threshold percentage is 4%, broadcast traffic can take up to 4% of the port’s total bandwidth.

Switch 470 the Using

 

 

 

 

Broadcast traffic

Broadcast traffic

 

4%

 

 

 

dropped

resumed

 

Upper

 

 

 

 

 

% of

threshold

 

 

 

 

 

 

 

 

 

 

 

Broadcast

 

 

 

 

 

 

traffic on

 

 

 

 

 

 

the port

1%

 

 

 

 

 

 

Lower

 

 

 

 

 

 

threshold

 

 

 

 

 

 

 

40 s.

80 s.

120 s.

160 s.

 

Time

 

 

 

 

 

in seconds

 

 

 

 

9

C H A P T E R 2

Intel® NetStructure™ 470T and 470F Switches User Guide

The switch checks the amount of broadcast traffic on each port every 20 seconds. If the port detects that the amount of broadcast traffic exceeds the upper threshold on two subsequent checks, the port drops all broadcast traffic.

When broadcast traffic is dropped for storm control, the switch continues to check the amount of broadcast traffic on each port. For the port to begin accepting broadcast traffic again, the amount of broadcast traffic must fall below the lower threshold percentage. The lower threshold percentage, 1%, is a factory default. If broadcast traffic falls below the lower threshold percentage when the port is checked, the switch automatically resumes servicing broadcast traffic.

When broadcast traffic servicing resumes, the switch begins checking the amount of broadcast traffic against the upper threshold.

Spanning Tree Protocol

Spanning Tree Protocol, as described in the IEEE (Institute of Electrical and Electronic Engineers) 802.1D specification, is a protocol designed to prevent loops within the network topology. A loop can occur if there is more than one path for information to travel between devices. The Spanning Tree Protocol determines the “cost” of a connection. For example, if two devices are connected by two links, spanning tree uses the connection with the lowest cost and blocks the second connection.

Spanning tree prevents loops by allowing only one active path between any two network devices at a time. However, you can also use this protocol to establish redundant links between devices that can take over if the primary link fails.

Backup Path from Client A to Server B: Switch A –> Switch B –> Switch C

 

:

3

 

 

0

 

 

 

 

 

th

 

 

0

a

 

t:

1

 

P

 

 

 

 

 

 

s

 

 

 

 

o

 

 

 

 

C

 

 

 

Switch A

Switch B

 

 

P

 

a

C

th

:

o

2

s

t:

 

2

 

0

 

0

Path: 1

Switch C

 

Cost: 100

 

PC Client A

Server B

Primary Path from Client A to Server B: Switch A –> Switch C

10

C H A P T E R 2

Using the Intel® NetStructure™ 470T and 470F Switches

In this example, Client A can communicate with Server B over two different paths. The primary path is Path 1 because the cost of the connection between switches A and C is lower than the cost between switches A, B and C. If the primary path fails, traffic is automatically sent over the backup path.

Tagged Frames

The 802.1D (1998 Edition) and 802.1Q specifications published by the IEEE extended Ethernet functionality to add tag information to Ethernet frames and propagate these tagged frames between bridges. The tag can carry priority information, VLAN information, or both and allows bridges to intelligently direct traffic across the network.

Some devices don’t recognize the tagged Ethernet frames. These devices see a frame that is too big, and then discard it. When operating 802.1Q (tagbased) VLANs, you can configure the switch to work with untagged devices. For more information, see “How to configure 802.1Q VLANs” in Chapter 5.

Switch 470 the Using

Priority Tagging

The IEEE 802.1D (1998 Edition) specification incorporates IEEE 802.1p and defines information in the frame tag to indicate a priority level. When these tagged packets are sent out on the network, the higher priority packets are transferred first. Priority tagging (also known as Traffic Class Expediting) is usually set on the LAN adapter in a PC or switch and works with other elements of the network (switches, routers) to deliver packets based on priority. The priority level can range from 0 (low) to 7 (high).

The 470 switches can read the priority tags and forward traffic on a per port basis. The switches have two priority queues per port and queue the packet based on its priority level. For example, when a packet comes into a switch with a high-priority tag, the switch inserts the packet in its high-priority queue.

11

C H A P T E R 2

Intel® NetStructure™ 470T and 470F Switches User Guide

Although there are eight priority levels, the 470 switches can only put a packet into one of the two queues. The switch maps levels 0-3 to the low queue and levels 4-7 to the high queue. If a packet is untagged, the switch can be set to use either the high or low queue for that port. The

470 switches preserve the priority level of the packet.

 

Express 460T

 

 

 

7

HIGH

 

 

6

 

 

5

 

 

 

4

 

Incoming

transmit

 

queue

Network

packet

 

 

for the

 

 

 

 

 

port

 

 

 

3

 

 

 

2

 

 

 

1

LOW

 

 

0

 

Note

When connecting to another switch, connect anchor port to anchor port and member port to member port.

Link Aggregation

Link aggregation allows you to combine from two to four (adjacent) ports so that they function as a single high-speed link. For example, link aggregation is useful when making connections between switches or connecting servers to the switch.

You can use link aggregation, also known as port trunking, to increase the bandwidth to some devices. Link aggregation can also provide a redundant link for fault tolerance. If one link in the aggregation fails, the switch balances the traffic among the remaining links.

To aggregate ports, you must link an “anchor” port with an adjacent port. The 470 switches support up to four link aggregation groups (anchor ports 1,3, 5, or 7). All aggregated ports must be the same speed.

12

C H A P T E R 2

Using the Intel® NetStructure™ 470T and 470F Switches

Guidelines

The switch treats aggregated links as a single port. This includes spanning tree and VLAN configurations.

For the 470F: Anchor ports 1, 3, and 5 can each have up to four aggregated ports; anchor port 7 can have two.

For the 470T: Anchor ports 1 and 3 can each have up to four aggregated ports; anchor ports 5 and 7 can each have two.

All ports share the same settings as the anchor port. You can change anchor port settings, but you cannot configure other ports in the link.

When a port is configured as a member of an aggregated link, it adopts the configuration of the anchor port. When a port is no longer a member of an aggregated link, the configuration is reset to the default settings (auto-negotiate speed/duplex, flow control enabled).

If a port is part of an aggregated link, it cannot be configured as the target port for a port mirror. However, a port in an aggregated link can serve as the source port for a port mirror.

When connecting to another switch, connect anchor port to anchor port, and member port to member port.

Virtual LANs

A Virtual LAN (VLAN) is a logical network grouping you can use to isolate network traffic so members of the VLAN receive traffic only from other members. Creating a VLAN is the virtual equivalent to physically moving a group of devices to a separate switch (creating a Layer 2 broadcast domain). With VLANs you can reduce broadcast traffic for the entire switch, and increase security, without changing the wiring of your network.

The 470 switches support three types of VLANs:

Port-based

Tag-based (IEEE 802.1Q)

Protocol-based

Switch 470 the Using

13

C H A P T E R 2

Intel® NetStructure™ 470T and 470F Switches User Guide

Port-based VLANs

Port-based VLANs are the simplest and most common form of VLAN. In a port-based VLAN, the system administrator assigns the ports to a specific VLAN. For example, the system administrator can designate ports 1, 2, and 3 as part of the engineering VLAN and ports 5, 6, 7, and 8 as part of the marketing VLAN. Port-based VLANs are easy to configure and all changes are transparent to the users because they take place at the switch. The 470 switches support a maximum of four port-based VLANs. A port can belong to only one port-based VLAN at a time.

If a user changes to another location, the system administrator reassigns the port to the new VLAN. If a switch (or hub) is connected to a port that is part of a VLAN, all devices connected to the switch are also part of the VLAN. You cannot prevent an individual device on that switch from becoming part of the VLAN.

Tag-based (IEEE 802.1Q) VLANs

The tag-based VLAN supported by the 470 switches is based on the IEEE 802.1Q specification. The specification provides a uniform way to create VLANs within a network and allows you to create a VLAN that can span across the network. Until the release of IEEE 802.1Q, it was not possible to create a VLAN across devices from different vendors.

14

C H A P T E R 2

Using the Intel® NetStructure™ 470T and 470F Switches

The 802.1Q VLAN works by using a tag added to the Ethernet frames. The tag contains a VLAN Identifier (VID) that identifies the frame as belonging to a specific VLAN. These tags allow switches that support the 802.1Q specification to segregate traffic between devices and communicate a device’s VLAN association across switches. The example below shows a 470F switch.

Intel® NetStructure470F Switch

Local

Console: 9600-8-N-1

 

Management

Flow Ctrl=None

Status

(EIA 232)

 

 

 

 

 

 

 

 

 

1

 

2

 

3

 

4

 

5

 

6

 

7

 

8

 

 

 

 

 

 

 

Link\Act

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

1

2

3

4

5

6

7

8

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

TX

RX

TX

RX

TX

RX

TX

RX

TX

RX

TX

RX

TX

RX

TX

RX

VLAN 1:

VLAN 2:

Engineering

Manufacturing

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

VLAN 1 computers

 

 

 

 

 

 

 

 

 

 

 

Server and Printer

 

 

 

 

can't see VLAN 2

 

 

 

 

 

 

 

 

 

 

 

are members of both

computers

 

 

 

 

 

 

 

 

 

 

 

VLANs

Switch 470 the Using

There are multiple advantages to implementing 802.1Q VLANs. First, it helps to contain broadcast and multicast traffic across the switch thus improving performance. Second, ports can belong to more than one VLAN. Third, VLANs can span multiple switches that support the 802.1Q specification. Finally, it can provide security and improve performance by logically isolating users and grouping them.

A logical grouping can be mapped to a workgroup. For example, you can create a VLAN that groups all the users from the engineering department. Benefits of this logical grouping are: it improves performance by reducing traffic that belongs to a different logical group (e.g. marketing), improves security (engineering can’t see marketing), and eases moves because the user doesn’t have to be physically located in the same group to participate in the VLAN.

15

C H A P T E R 2

Intel® NetStructure™ 470T and 470F Switches User Guide

Protocol-based VLANs

In a protocol-based VLAN, traffic is bridged through specified ports based on its protocol. Any packet using a different protocol is dropped as it enters the switch. This type of VLAN allows you to use a common protocol to communicate, yet prevents any packets that are not using the specified protocol, from entering the switch.

For example, you can attach a LAN using NetBEUI traffic to port 1 on the switch, and attach a LAN using IPX traffic to port 2 on the switch. Then, attach a router connected to the Internet, to port 8. Create an IP VLAN that incorportates ports 1, 2, and 8. The NetBEUI traffic on port 1is not passed to ports 2 or 8. The IPX traffic on port 2 is not passed to ports 1 or 8. However, computers using the IP protocol can talk freely to ports 1, 2, and 8. This allows the computers to connect to the Internet, yet not be bombarded with traffic that they do not need to see.

The 470 switches support a maximum of four protocol-based VLANs, and they can be either IP, IPX, NetBEUI, or all three combined. Each port can be a member of only one protocol-based VLAN. The example below shows a 470F switch.

Protocol-based VLANs can help optimize network traffic patterns because protocol-specific broadcast messages are sent only to computers that use that protocol. For example, if a NetBEUI VLAN is created, only NetBEUI traffic is allowed to pass through the VLAN.

16

C H A P T E R 2

Using the Intel® NetStructure™ 470T and 470F Switches

Spanning Tree Protocol and VLANs

The 470 switches support the Spanning Tree Protocol across the entire switch, not across each VLAN. If VLANs create a redundant link between two switches and both of those switches have the Spanning Tree Protocol enabled, one of the VLANs is disabled.

The following diagram shows an example. Both Switch 1 and Switch 2 have two port-based VLANs configured. Crossover cables connect the ENG_VLAN on Switch 1 to ENG_VLAN on and Switch 2. Crossover cables also connect the MKT_VLAN on Switch 1 to the MKT_VLAN on Switch 2. When spanning tree is enabled on both switches, the redundant link between the MKT_VLANs is blocked and those VLANs can no longer communicate. The example below shows 470F switches.

Switch 470 the Using

GARP VLAN Registration Protocol (GVRP)

Because tag-based (IEEE 802.1Q) VLANs can span across the network, it poses a challenge for network administrators to manage changes to the VLAN. The GARP VLAN Registration Protocol (GVRP) provides a dynamic mechanism for switches to share topology information and manage changes with other switches. This saves the network administrator from having to manually propagate VLAN configuration information across switches.

17

C H A P T E R 2

Intel® NetStructure™ 470T and 470F Switches User Guide

Note

Dynamically created VLANs are not saved in the switch’s memory. If the device sending out the GVRP updates is removed, the dynamic VLAN is removed.

GARP (Generic Attribute Registration Protocol) is defined by the IEEE 802.1D (1998 Edition) specification and is the mechanism used by switches and end nodes (servers, PCs, and so on) to propagate configuration across the network domain. GVRP uses GARP as a foundation to propagate VLAN configuration to other switches. Devices that support GVRP transmit their updates to a known multicast address that all GVRP-capable devices monitor for information updates.

Sending GVRP messages between switches accomplishes the following tasks:

Dynamically adds or removes a port from participating in a VLAN

Sends updates about the switch’s own VLAN configuration to neighboring GVRP-capable devices.

Integrates dynamic and static VLAN configurations within the same switch. For devices that don’t support GVRP, static VLAN configurations are created by the user on the switch.

When the switch is running 802.1Q VLANs, Spanning Tree Protocol is enabled for GVRP to work properly.

Internet Group Management Protocol (IGMP)

Normally, multicast traffic is broadcast by the switch to all ports. For multicast traffic based on TCP/IP using the IGMP protocol, the switch can optimize the broadcasting of multicast traffic by forwarding multicast traffic only to ports that require it.

IGMP Snooping is a feature that allows the switch to forward multicast traffic intelligently. The switch “snoops” the IGMP query and report messages and forwards traffic only to the ports that request the multicast traffic. This prevents the switch from broadcasting the traffic to all ports and possibly affecting network performance.

IGMP Snooping requires a router that detects multicast groups on its subnets and keeps track of group membership.

18

3 UsingView Intel® Device

Overview

Intel® Device View allows you to manage Intel NetStructure™ 470T and 470F switches and other supported Intel networking devices on your network.

Intel Device View provides these features:

The ability to configure new network devices

A graphical device manager for Intel switches, hubs, and routers

Autodiscovery, which finds supported Intel devices on the network

The Device Tree, which shows all the supported devices detected on your network

Support for Remote Monitoring (RMON)

Web or Windows* platform

Plug-in to HP OpenView*, IBM Tivoli* NetView*, and Intel LANDesk® Network Manager

Other useful tools such as a TFTP server

19

C H A P T E R 3

Intel® NetStructure™ 470T and 470F Switches User Guide

Installing Intel Device View

Before you install Intel Device View, make sure your PC meets the system requirements in the Intel® Device View User Guide, which is included on the Intel Device View CD-ROM.

To install Intel Device View

1Insert the Intel Device View CD-ROM into your computer’s CD-ROM drive. The Intel Device View installation screen appears. If it doesn’t appear, run autoplay.exe from the CD-ROM.

2Choose the version of Intel Device View you want to install.

To install Intel Device View for use on this PC only, click Install for Windows.

To install Intel Device View on a Web server, click Install for Web. You can access the Device View server from any PC on your network with Internet Explorer* 4.0x or later.

To install Intel network device support for HP OpenView, IBM Tivoli NetView, or Intel LANDesk Network Manager, click Install as Plug-in. This option is available if you have OpenView, NetView, or LANDesk Network Manager installed on the PC.

3Follow the instructions in on the installation screens.

20

C H A P T E R 3 Intel Device View

NOTE

These are the requirements if you want to use the Web version of Device View :

Web browser

Internet Explorer 4.0 or later

Web Server

IIS* 2.0 or later

Peer Web Services*

Netscape Enterprise* Web Server 3.01 or later

Starting Intel Device View

Install either the Windows or Web version of Intel Device View.

Windows* version

On your desktop, click Start and then point to Programs > Intel Device View > Intel Device View - Windows to go to the Intel Device View main screen.

Web version

On your desktop, click Start and then point to Programs > Intel Device View > Intel Device View - Web to go to the Intel Device View main screen.

To view Intel Device View from another PC on your network, type the following URL. In the following example, the URL is entered in the Address field for Internet Explorer.

http://servername/devview/main.htm

where servername is the IP address or name of the server where Intel Device View is installed.

Intel Device View’s main screen appears.

Intel®

View Device

21

C H A P T E R 3

Intel® NetStructure™ 470T and 470F Switches User Guide

Installing a New Switch

After you install a new switch on your network, you can use the Intel Device View Device Install Wizard to configure it for management.

To install and configure a new switch for management

1Start Intel Device View. The Device Install Wizard appears. If it doesn’t appear, click Install from the Device menu or double-click the appropriate MAC address in the Device Tree under Unconfigured Devices. (The MAC address is located on the rear of the switch.)

2On the Device Install Wizard - Start screen, click Next.

3On the Device Install Wizard - MAC Address screen, click the MAC address of the new switch, and then click Next.

4Follow the instructions in the wizard to assign an IP address and a name to the switch.

Using the Device Tree

After you start Intel Device View, the Device Discovery service begins searching for supported Intel network devices on your network. As it discovers devices, the Device Discovery service adds an icon for each device to the Device Tree on the left side of the screen.

22

C H A P T E R 3 Intel Device View

Different states of the 470 switches are represented by icons in the Device Tree.

Device Tree icons

Device Tree root

Subnet

Intel Switch (if non-responding the icon is red)

Unconfigured Intel Switch

Group of Intel Switches

Intel Router

Intel Switch (Layer 3 capable)

Intel Stackable Hub

To expand the root or a subnet, click the (+) next to the icon. To collapse the view, click the (-) next to the icon. Double-click a device icon to view the device image.

To add a device to the Device Tree

Use this procedure if the device does not automatically appear after installation.

1Right-click anywhere on the Device Tree.

2On the menu that appears, click Add Device.

3In the Add Device dialog box, type the IP address of the switch you want to add.

4Fill in the other fields, as appropriate.

5Click OK.

The icon for the new switch appears in the Device Tree.

Intel®

View Device

23

C H A P T E R 3

Intel® NetStructure™ 470T and 470F Switches User Guide

To refresh the Device Tree

Refreshing the Device Tree updates it to show any newly discovered devices and changes in device status.

1Right-click anywhere on the Device Tree.

2On the menu that appears, click Refresh.

To delete a device from the Device Tree

1Right-click the device you want to remove from the Device Tree.

2On the menu that appears, click Delete.

Deleting a device from the Device Tree does not remove the device from the network.

To find a device in the Device Tree

1On the Device Tree, right-click anywhere.

2On the menu that appears, click Find.

3In the Find Device dialog box, type the IP address of the device you want to find in the tree.

4Click OK.

The device icon is highlighted in the Device Tree.

Losing contact with a switch

If Intel Device View loses contact with a switch, the color of the switch icon changes to red, to indicated that the switch is not responding.

If the non-responding switch icon appears, you cannot manage the device in Intel Device View. If you’re unable to ping the device or start a Telnet session, try accessing the switch’s Local Management.

24

C H A P T E R 3 Intel Device View

Managing a Switch

To manage a 470T or 470F switch, double-click the switch icon in the Device Tree. In the example following, the switch has been assigned an IP address of 124.123.122.3.

The 470 switch Web Device Manager appears in the Intel Device View window. For information about using the Web Device Manager, see Ch. 4.

Intel®

View Device

For information about using Intel Device View, see the Help or the User

Guide on the Intel Device View installation CD-ROM.

Viewing RMON Information

The Remote Monitoring (RMON) specification extends SNMP functionality to look at traffic patterns on the network instead of looking only at the traffic for an individual device. The following RMON groups are supported:

25

C H A P T E R 3

Intel® NetStructure™ 470T and 470F Switches User Guide

Group 1 (Statistics): Monitors utilization and error statistics for each network segment (100Mbps or 1000Mbps).

Group 2 (History): Records periodic statistical samples from variables available in the statistics group.

Group 3 (Alarms): Allows you to set a sampling interval and alarm thresholds for statistics. When a threshold is passed, the switch creates an event. For example, you might set an alarm if utilization exceeds 30%.

Group 9 (Events): Provides notification and tells the switch what to do when an event occurs on the network. Events can send a trap to a receiving station or place an entry in the log table, or both. For example, when the switch experiences an RMON Event, it sends out an alarm.

The switch also keeps a log that shows a list of the RMON Events and

RMON Alarms that have occurred on the switch.

To view RMON statistics

1In the Device Tree, right-click the switch’s icon, and then point to RMON.

2Click the RMON option you want to view.

You can also access RMON features using LANDesk Network Manager, or an SNMP application that supports RMON such as HP OpenView or IBM Tivoli NetView. For more information about using RMON to monitor the switch, see the Intel Device View Help.

26

4

Using the Web

Device Manager

NOTE

You can use Internet Explorer* or Navigator* to access the Web Device Manager.

Overview

With the Web Device Manager, which is built into the Intel® NetStructure™ 470T and 470F Switches, you can use a Web browser to manage and monitor the switch. For example, you can use the Web Device Manager to configure the switch or individual ports, or to monitor traffic statistics and utilization.

For more information about using this interface, see the Web Device Manager Help.

27

C H A P T E R 4

Intel® NetStructure™ 470T and 470F Switches User Guide

NOTE

The default IP address for the switch is 192.0.2.1. To access the switch with the default IP address, your workstation must be on the 192.0.2.0 subnet.

Or, you can connect to the switch using Local Management (through the serial port) and set an IP address that is on your network. Then you can access the Web Device Manager using the new IP address.

Accessing the Web Device Manager

1In the Location or Address field of your Web browser type the IP address of the switch. For example, to use the default IP address of the switch, type 192.0.2.1 and then press Enter.

2When prompted, type your user name and password. By default, no user name or password is assigned. If you previously set a user name and password using Local Management, enter them here.

3Click OK. The Web Device Manager window appears in your Web browser.

Navigating the Web Device Manager

1On the left side of the Web Device Manager window, click a menu item (such as Configure Device) to show the available options.

28

C H A P T E R 4 Using the Web Device Manager

Click a menu to view available options.

2In the menu, click an option. The corresponding screen appears on the right side of your Web Device Manager window.

3To hide the options, click the menu item again.

470F

470T

Using Management Screens

After you select an option from the navigation menu, the corresponding screen appears on the right side of the Web Device Manager window.

Switch faceplate graphic

A graphical representation of the switch’s faceplate appears at the top of the screen.

Manager Device Web

29

C H A P T E R 4

Intel® NetStructure™ 470T and 470F Switches User Guide

If the option you selected allows you to configure or monitor a specific port, you can change to another port by clicking it on the faceplate graphic.

Port color on the faceplate graphic indicates the status of the port.

Port Color

Meaning

Blue

Port has a link at 1000Mbps.

Green

Port has a link at 100Mbps.

Magenta outline

Ports are in a link aggregation.

Orange

Port is disabled.

Gray

No link.

 

 

Buttons

Each configuration screen includes four buttons on the bottom of the screen.

Button

Function

Submit

Applies the configuration settings on the current screen.

 

Note: If you do not save the settings to the switch’s flash

 

memory your changes are lost when the switch is rebooted.

Reset

Clears any changes you made on the current screen and

 

restores the currently applied settings.

Default

Applies factory defaults for this screen’s settings. When

 

you log out, you can permanently save the new settings to

 

the switch. Otherwise, they are lost upon the next reboot.

Help

Displays Help for the current screen.

 

 

30

C H A P T E R 4 Using the Web Device Manager

NOTE

If you change the flow control or IP settings, you must reboot the switch before the new settings can take effect.

Configuring the Switch’s IP Settings

Note: You must select Manual in the IP Assignment Method box before you can change the IP settings.

1Click the Configure Device menu, and then click IP Settings. The IP Settings screen appears on the right side of the Web Device Manager window.

2To manually configure the IP settings, select Manual in the IP Assignment Method box.

3Under “Change,” type the new IP address, subnet mask, and default gateway. If you set up tag-based (IEEE 802.1Q) VLANs on the switch, you can specify the VLAN where the switch’s SNMP management agent resides.

4To apply the changes, click Submit.

5Click Save and Reboot for the new settings to take effect. Rebooting the switch temporarily interrupts network connectivity to the switch. Click Reboot Later if you want to reboot the switch later. The new IP settings do not take effect until the switch reboots.

Manager Device Web

31

C H A P T E R 4

Intel® NetStructure™ 470T and 470F Switches User Guide

NOTE

If you change the flow control or IP settings, you must reboot the switch before the new settings can take effect.

Configuring a Port

You can use the Web Device Manager to enable or disable a port, and to change its speed, duplex, flow control, and priority settings.

To change port settings

1Click the Configure Device menu, and then click Port Settings. To access the Port Settings for a port, click the port you want to configure on the faceplate graphic.

2In the boxes, click the options you want to change:

Port State lets you enable or disable the port.

Speed/Duplex lets you set port speed and duplex.

Flow Control lets you enable or disable flow control.

Priority Queue (802.1p) lets you set the switch priority queue for packets sent or received on this port.

3Click Submit.

32

C H A P T E R 4 Using the Web Device Manager

NOTE

The accounts and passwords you create with the Web Device Manager are the same accounts used to access Local Management.

Managing User Accounts

Create user accounts to give specific users read or write access to the switch through the Web Device Manager and Local Management. You can create a maximum of three accounts on the switch.

To create a user account

1Click the Configure Management menu and then click User Accounts. The first account you create must be an administrator.

2 Click Add.

3In the User Name box, type a user name.

The username can be up to 15 characters long and is case sensitive.

4In the Password box, type a password.

The password can be up to 15 characters long and is case sensitive. Asterisks (*) appear in the box as you type the password.

5In the Confirm Password box, type the same password.

Manager Device Web

33

C H A P T E R 4

Intel® NetStructure™ 470T and 470F Switches User Guide

6In the Access Level box, click an access level. An administrator can view all settings and make configuration changes. A user can only view settings.

7Click Submit.

To delete a user account

1Click the Configure Management menu, and then click User Accounts.

2In the User Accounts box, click the account you want to delete.

3Click Delete.

If you delete the account you used to log in for this session, you can continue to use that account until you log out. If you delete the only user account on the switch, log in again using the default of no user name and no password.

34

C H A P T E R 4 Using the Web Device Manager

Configuring VLANs

VLANs provide a way to create a logical network grouping without regard to physical location of the network nodes.

For more information about VLANs, see “Virtual LANs” in Chapter 2.

There are two main steps to set up a VLAN with the Web Device Manager:

Set the switch’s VLAN operation mode.

Configure the type of VLAN you selected.

To set the switch’s VLAN operation mode

NOTE

1

Click the Configure VLAN menu, and then click VLAN Operation

You can only have one operation

 

Mode.

mode active on the switch at a

 

 

time.

2

In the Current VLAN mode box, click the type of VLAN to set up.

3Click Submit.

4The switch automatically reboots. The 470 switches are rebooted whenever you change their VLAN operation mode.

After the switch reboots, you can configure the type of VLAN that you selected.

Manager Device Web

35

C H A P T E R 4

Intel® NetStructure™ 470T and 470F Switches User Guide

Port-based VLAN

You configure a port-based VLAN by creating the VLAN and then adding participating ports. The switch can support up to four port-based VLANs. However a port can be a member of only one VLAN; port-based VLANs cannot overlap.

To configure a port-based VLAN

1Click the Configure VLAN menu, and then click Port-based VLAN.

2Click Add to create a new VLAN, or select a VLAN and click Edit to change its configuration.

3If you are creating a new VLAN, type a name in the VLAN Name box.

4In the Available Ports box, click a port to add to the VLAN, and then click Add.

5When you finish adding ports, click Submit.

36

C H A P T E R 4 Using the Web Device Manager

NOTE

When creating a VLAN that includes ports on more than one switch, set the same VID on each switch.

Tag-based VLAN

You configure a tag-based VLAN by configuring port membership and ingress/egress rules. Note: If some of your devices don’t support 802.1Q tags, additional configuration may be necessary.

To configure a tag-based (IEEE 802.1Q) VLAN

1Create a VLAN and assign member ports.

Click the Configure VLAN menu, and then click Tag-based (IEEE 802.1Q) VLAN.

From the main Tag-based VLAN page, click Add to create a new VLAN. To modify an existing VLAN, click the VLAN name, and click Modify.

If you are creating a new VLAN, type a name and VID (from 2 to 4094) to identify it.

To configure membership of a port to a VLAN, click the port in the Available ports box and click Add. To remove a port, click the port in the Member ports box and click Remove.

The switch supports a maximum of 12 IGMP Snooping sessions to manage broadcast traffic. If you want the VLAN to be part of an IGMP Snooping session, select the Enable IGMP Snooping check box.

When you finish adding ports, click Next.

Manager Device Web

37

C H A P T E R 4

Intel® NetStructure™ 470T and 470F Switches User Guide

2Configure ports for egress (outbound) tagging.

Ensure that the VLAN Name field displays the name of the port you are configuring.

For each of the VLANs ports select Tag or Untag. This determines whether or not the system will remove (untag) tags before sending traffic out of each port.

3Configure ports for handling untagged traffic.

On the main Tag-based VLAN page, click Port Settings.

On the Port Settings screen you can set port-specific behaviors for processing VLAN traffic. To configure a specific port, click it on the faceplate graphic. To configure the same setting across all ports, click Configure All Ports.

38

C H A P T E R 4 Using the Web Device Manager

Options include:

Default Port VID: Sets the PVID to be assigned to untagged traffic on a given port. For example, if port 7’s default PVID is 100, all untagged packets on port 7 belong to VLAN 100. The default setting for all ports is VID 1.

GVRP: Allows automatic VLAN configuration between the switch and nodes.

Ingress Filtering: Allows frames belonging to a specific VLAN to be forwarded if the port belongs to the same VLAN. Disabling this setting will cause all frames to be forwarded, regardless of the port's VLAN membership.

4 When you finish changing the settings, click Submit.

Manager Device Web

39

C H A P T E R 4

Intel® NetStructure™ 470T and 470F Switches User Guide

Protocol-based VLAN

You configure a protocol-based VLAN by creating the VLAN and then adding participating ports. The switch supports up to three protocol-based VLANs: IP, IPX, and NetBEUI. However, each port can be a member of only one VLAN; protocol-based VLANs cannot overlap.

To configure a protocol-based VLAN

1Click the Configure VLAN menu, and then click Protocol-based VLAN.

2Click Add to create a new VLAN, or select an existing VLAN and click Edit to change its configuration.

3If you are creating a new VLAN, type a name in the VLAN Name box and select a protocol from the Protocol list.

4In the Available Ports box, click a port to add to the VLAN, and then click Add.

5When you finish adding ports, click Done.

40

C H A P T E R 4 Using the Web Device Manager

NOTE

When configuring link aggregation between two 470 switches, you must connect anchor port to anchor port, and member port to member port.

NOTE

Connectivity is momentarily interrupted when you submit changes.

Link Aggregation

On the Web Device Manager’s switch faceplate graphic, a link aggregation is shown with its ports outlined in magenta (pink).

To create a link aggregation

1 Click the Configure Device menu, and then click Link Aggregation.

2Choose the anchor port. Anchor ports are listed by port number in the left column.

3In the Port Width box, click the number of ports (including the anchor port) to include in the link aggregation.

4In the Aggregation Group Name box, type a name for the aggregation.

5Click Enable to activate the group.

6Click Submit.

Static MAC Addresses

The switch has a MAC address table that stores all the MAC addresses that it learns from the network. The switch refers to this table forwarding traffic to specific ports, so it does not broadcast traffic to every port.

There are two ways to add addresses to the MAC address table:

The switch can learn addresses from the network and add them dynamically. Dynamic entries remain in the table only while the associated node is active, and are deleted if the node is inactive for longer than a certain period of time (age-out time).

Manager Device Web

41

C H A P T E R 4

Intel® NetStructure™ 470T and 470F Switches User Guide

You can manually add MAC addresses to the table. These are called static addresses, because they remain in the table until you remove them, even if the associated node is inactive or removed from the network. Performance and security issues are two reasons for adding static addresses.

To add a static MAC address to the address table

1Click the Configure Device menu, and then click Forwarding and Filtering.

2Click Static MAC Addresses.

3Click Add.

 

4

In the MAC Address box, type the MAC address of a device on the

 

 

network. Do not include hyphens.

NOTE

5

In the Port Number box, click a port number.

6

If port-based or tag-based (IEEE 802.1Q) VLANs are set up on the

To view the switch’s address

 

switch, static MAC addresses are associated with specific VLANs.

table, click the Monitor menu,

 

 

Type the VLAN name (port-based VLANs) or VID (tag-based VLANs)

click Advanced, and then click

 

 

to associate with the MAC address.

MAC Address Table.

 

 

 

 

7

Click Add.

42

C H A P T E R 4 Using the Web Device Manager

Setting Up Priority Tagging

With priority tagging, you can specify a priority value for traffic based on MAC source or destination addresses. For example, you could tag all packets from computer A with a priority of 7 (high).

When you define priority tagging, you can specify a priority value from 0 (low) to 7 (high). Traffic with a priority value of 0–3 is routed through the switch’s low priority queue. Traffic with a priority value of 4–7 is routed through the switch’s high priority queue.

You can define up to 12 MAC addresses for priority tagging.

To set up priority tagging

1Click the Configure Device menu, and then click Priority Tagging.

2Click Add.

3Select source or destination as the criteria for the tagged traffic.

4Type the source or destination MAC address.

5Select a priority value.

Traffic tagged with priority values 0–3 is routed through the switch’s low priority queue. Traffic tagged with priority values 4–7 is routed through the switch’s high priority queue.

6In the State box, click Enabled to enable priority tagging for the traffic pattern.

7Click Done when you are finished.

Manager Device Web

43

C H A P T E R 4

Intel® NetStructure™ 470T and 470F Switches User Guide

NOTE

These are the traps supported by the switch:

Power to the switch was cycled or reset.

Link, speed, or other status changes on a port.

Authentication failure.

Configuring Community Strings and

Trap Receivers

A trap receiver is a computer on the network that is running an SNMP management application and receives messages sent by the switch. For example, the switch can send a trap to the trap receiver when it detects a change in port speed.

To specify a trap receiver

1Click the Configure Management menu, and then click Community Strings and Traps.

2In the IP Address box, type the IP address of the computer you want to use as a trap receiver. You can specify up to four trap receivers.

3In the Status box, click Enabled.

4In the Community String box, type the trap receiver’s SNMP application community string.

5Click Submit.

44

C H A P T E R 4 Using the Web Device Manager

Monitoring Switch Activity

With the Web Device Manager you can view traffic, utilization, and error statistics for the switch and for individual ports. For more information on statistics, see “Port Traffic Statistics,” “Port Error Statistics,” and “Packet Analysis” in Chapter 5.

To view port statistics

1Click the Monitor menu, and then click Port Statistics.

2From the row of options below the page heading, click the option you want to view:

Traffic

Utilization Graph

Errors

Packet Analysis

Manager Device Web

45

C H A P T E R 4

Intel® NetStructure™ 470T and 470F Switches User Guide

Viewing/Changing Switch Information

You can view general information about the switch, such as its MAC address, firmware version, name, location, and contact person. Some of these fields can be updated, others are view-only.

To view and configure switch settings

1 Click the Configure Device menu, and then click Switch Settings.

2In the Switch Name , Location, and Contact boxes you can provide additional information about the switch. You can type up to 40 characters in each field. After modifying the settings, click Submit.

46

C H A P T E R 4 Using the Web Device Manager

Updating Switch Firmware

On the Update Firmware screen you can set up the switch to update its firmware from a TFTP server. If you do not have a TFTP server set up on your network, you can install the TFTP server software by installing Intel Device View.

After downoading the firmware from the TFTP server, the switch automatically restarts. The actual firmware update occurs while the switch is rebooting.

To update the switch’s firmware

1 Click the Reset and Update menu, and then click Update Firmware.

2Select a mode from the Update Mode box.

If the switch uses a network connection for downloading the new firmware file from a TFTP server, click Network.

If the switch uses a SLIP connection (for example, a serial port) for downloading the new firmware file, click SLIP.

3In the TFTP Server Address box, type the IP address of the server that hosts the file.

4In the Firmware Update box, click Enabled.

Manager Device Web

47

C H A P T E R 4

Intel® NetStructure™ 470T and 470F Switches User Guide

5In the File Name box, type the name of the firmware file.

6Click Submit.

The switch automatically reboots.

The next time the switch reboots it downloads and installs the new firmware during the boot process. If you want to view this process, you must use a terminal program and connect to the switch through the serial port.

Saving Configuration Changes and

Logging Out

Each time you make configuration changes using the Web Device Manager, the switch immediately uses the new settings. However, when you log out of the Web Device Manager, you’ll be prompted to save the current configuration settings.

If you do not save the new configuration settings to the switch’s flash memory, the settings are lost upon the next switch reboot.

To save changes and log out

1 Click Log Out from the menu.

2Click Save Now to save the current configuration settings. The Web browser window closes and you are successfully logged off of the Web Device Manager.

If you click Do Not Save, all current configuration settings are lost the next time the switch is rebooted.

48

C H A P T E R 5 Using Local Management

Management Local

5

Using Local

Management

Overview

Another way to configure the switch is through the Local Management interface. Local Management provides the same functionality as the Web Device Manager using a text-based interface.

Accessing Management

NOTE

You use the same user name and password to log in to Web Device Manager and Local Management.

You can access Local Management in two different ways: by connecting directly to the switch’s serial port, or through a Telnet session (using an assigned IP address or the default of 192.0.2.1).

To use the serial port

1Use the enclosed null modem cable to connect the serial port of your PC to the serial port of the switch.

2Start a terminal emulation program (such as HyperTerminal* or Symantec Procomm Plus* in Windows* 98). Use these communication parameters:

• 9600 baud

• 1 stop bit

8 data bits • No flow control

No parity

3Press Eto connect to the Local Management.

4Log on to Local Management. By default, no password or username is assigned. To assign them, see the section titled “Administer User Accounts” in this chapter.

49

C H A P T E R 5

Intel® NetStructure™ 470T and 470F Switches User Guide

To useTelnet

1Open a Telnet application. In Windows 98 or Windows NT*, select Run from the Start Menu, and then type telnet and press E.

2On the Terminal menu, select Preferences. Make sure the emulation type is VT-100/ANSI and that VT100 arrows are enabled.

3On the Connect menu, select Remote System. Enter the IP address of the switch and click Connect.

4Log on to Local Management. By default, no password or user name is assigned. To assign them, see the section titled “Administer User Accounts” in this chapter.

Logon Screen

Description

By default, no username or password is assigned to the switch. Press Etwice to log on to the Local Manager. Usernames and passwords can consist of any characters and can be up to 15 characters long. Remember that usernames and passwords are also case sensitive.

50

C H A P T E R 5 Using Local Management

Navigation

The console menus provide a basic interface for configuring switch options.

For navigation tips, see the text below the graphic.

Help text at the bottom of the screen provides information on the selected item.

Screen Legend

Use the WZASkeys or the Tand bkeys to move between screen fields. If you are running HyperTerminal in Windows 2000, use the Tab key rather than the arrow keys to move between fields.

<Manual> Angle brackets indicate a toggle field. Use the zto toggle selections within the field. In this example, the options change between Manual, DHCP, and BOOTP.

[255.255.255.0] Brackets indicate an input field. Use the arrow keys to select the field and type the required information. By default, Local Management is in overstrike mode, which means it replaces existing characters as you type.

SUBMIT Any word in all caps is a button. Use the Tkey or the WZASkeys to select it and press E to use it.

Management Local

51

C H A P T E R 5

Intel® NetStructure™ 470T and 470F Switches User Guide

Main Menu (Top Screen)

LOCATION

To return to the Main Menu at any time, press cT.

Description

The Main Menu is the starting point for all other Local Management screens. Use the WZarrow keys to select an option, and then press Eto display the screen.

Configure device: Accesses menus to assign an IP address to the switch, change port settings, or configure advanced switch settings.

Configure management: Sets SNMP traps and trap monitoring stations, administers user accounts, or updates the switch’s firmware.

Configure VLAN: Sets up and administers VLANs on the switch.

Monitoring: Accesses menus to monitor traffic and activity at the port or switch level. These menus also provide information on network errors and collisions.

Tools: Displays the switch Trap/Event log, pings devices to check connectivity, or saves the current switch configuration to an image file on a server.

SAVE SETTINGS: Saves configuration changes to the switch’s flash memory. Any changes not saved to memory are lost on the next reboot.

LOGOUT: Returns to the logon screen.

52

C H A P T E R 5 Using Local Management

Configure Device

LOCATION

Main Menu

Configure Device

Description

IP settings: Configures the switch’s IP address, subnet mask, and default gateway, or enables BOOTP.

Port settings: Enables and disables ports, configures port speed, duplex, flow control, and priority.

GBIC port settings (470T only): Enables and disables ports, configures port speed, duplex, flow control, and priority.

Priority tagging: Sets priority values for traffic based on source or destination MAC addresses.

Switch settings: Sets switch identification, location, and contact information, and configures some advanced switch settings.

Spanning Tree Protocol: Configures spanning tree for the entire switch or individual ports.

Forwarding and filtering: Adds or removes entries, locks the switch’s address table, enables IGMP snooping, and sets filters for specific MAC addresses.

Port mirroring: Sends a copy of data from one port to another for monitoring and troubleshooting purposes.

Link aggregation: Combines ports on the switch to increase bandwidth.

Broadcast storm control: Configures ports to drop excessive broadcast traffic before it floods the network.

Management Local

53

C H A P T E R 5

Intel® NetStructure™ 470T and 470F Switches User Guide

IP Settings

LOCATION

Main Menu

Configure Device

IP Settings

NOTE

The default IP address for the switch is 192.0.2.1

Default VLAN for SNMP agent

Port-based: DEFAULT_VLAN

tag-based (802.1Q-based): VID=1

Description

Switch MAC address: Displays the unique hardware address assigned by Intel.

Current Settings: Displays the switch’s current IP configuration.

New settings: Assigns a new IP configuration to the switch.

Assign IP: Indicates if the switch uses a BOOTP or DHCP server to obtain an IP address dynamically, or if you assign an address manually.

IP address: Displays the IP configuration used by the switch. Use the IP address shown here to access the switch through Telnet or a ping test.

Subnet mask: Matches the mask for other devices on the network.

Default gateway: Displays the IP address of the device that routes to different networks—typically, a router or routing server. Set this option to manage the switch remotely.

VLAN or VLAN ID (port-based or tag-based VLANs only): Specifies a VLAN where the switch’s SNMP management agent will reside. This option appears only when port-based and tag-based (IEEE 802.1Q) VLANs are active on the switch.

SUBMIT: Submits the changes and returns to the Configure Device screen. You must save the changes to the switch’s flash memory (from the Save Settings menu) and then reboot the switch for the new IP settings to take effect.

54

C H A P T E R 5 Using Local Management

Port Settings

LOCATION

Main Menu

Configure Device

Port Settings

Description

Configure ports: Selects a range of ports to configure (press z).

State: Disables or enables ports (press z).

Speed/Duplex: Changes the speed and duplex of the port (press z). You can set the port to auto-negotiate speed, or to 100Mbps or 1000Mbps at half-duplex or full-duplex. This field is view-only for the 470F.

Flow Ctrl (Control): Enables or disables flow control (press z). This option is view-only if auto-negotiate is selected for Speed/Duplex.

Priority: Changes the settings (press z). The <Frame> setting reads the packet’s 802.1p priority tag and handles it accordingly. The <Normal> or <High > settings force the packet into one of two priority queues.

Forcing a packet into a queue does not retag the packet.

Link: Indicates the port’s current link status:

--: Indicates no device link or port is disabled.

100M/1000M: Indicates the port’s speed (470T only).

Full/Half: Indicates a device is connected at full-duplex or half-duplex.

IEEE/BackP: Indicates the type of flow control, either IEEE PAUSE frames or backpressure.

Partitioned: Indicates the port was disabled due to a partition error.

Source mirror/Target mirror: Indicates the port being mirrored and where the data is being sent.

Management Local

55

C H A P T E R 5

Intel® NetStructure™ 470T and 470F Switches User Guide

Flow Control

During times of heavy network activity, the switch’s port buffers can receive too much traffic and fill up faster than the switch can send the information. In cases like this, the switch tells the transmitting device to wait so the information in the buffer can be sent. This intervention is called flow control.

The method of flow control depends on whether the ports are set to fullduplex or half-duplex. If a port is operating at half-duplex, the switch sends a collision which causes the transmitting device to wait. If the port operates at full-duplex, the switch sends out an 802.3x PAUSE frame. You can enable or disable flow control for each port on the NetStructure™ 470 switches.

Priority

IEEE 802.1p is part of a new standard for tagging, or adding additional information (4 bytes) to packets to indicate a priority level. When these packets are sent out on the network, the higher priority packets are transferred first. Priority packet tagging (also known as Traffic Class Expediting) is usually set at the adapter and works with other elements of the network (switches, routers) to deliver priority packets first. 802.1p tagging consists of eight levels from 0 (low) to 7 (high).

The NetStructure™ 470 switches have the ability to read IEEE 802.1p priority tags and forward traffic on a per port basis. Each switch has two priority queues and routes traffic to a queue depending on the packet’s tag. For example, when a packet comes into the switch with a high priority tag, the switch routes the packet to its high-priority queue.

Even though there are eight priority levels, the switch can only route a packet into one of the two queues. The switch maps levels 0-3 to the low queue and levels 4-7 to the high queue. If a packet is untagged, the switch determines the best way to send the packet.

56

C H A P T E R 5 Using Local Management

Configure GBIC Ports (470T only)

LOCATION

Main Menu

Configure Device

Configure GBIC Ports

Description

Port 7- and 8-GBIC: Displays the type of GBIC installed on the switch.

State: Disables or enables ports (press z).

Speed/Duplex: The GBIC ports operate at 1000Mbps/full-duplex only; this is a view-only field.

Flow Control: Enables or disables flow control (press z).

Priority: Changes the settings (press z). <Frame> reads the packet’s 802.1 priority tag and handles it accordingly. <Normal> or <High> forces the packet into one of two priority queues. Forcing a packet into a queue does not retag the packet.

Link: Indicates the port’s current link status:

--: Indicates no device link or port is disabled.

1000M: Indicates the port’s speed.

Full: Indicates a device is connected at full-duplex.

IEEE/BackP: Indicates the type of flow control, either IEEE PAUSE frames or backpressure.

Partitioned: Indicates port was disabled due to a partition error.

Source mirror/Target mirror: Indicates the port being mirrored and where the data is being sent to.

Management Local

57

C H A P T E R 5

Intel® NetStructure™ 470T and 470F Switches User Guide

Priority Tagging

LOCATION

Main Menu

Configure Device

Priority Tagging

Description

With priority tagging, you can specify a priority value for traffic based on MAC source or destination addresses. For example, you could tag all packets from computer A with a priority of 7 (high).

When you define priority tagging, you can specify a priority value from 0 (low) to 7 (high). Traffic with a priority value of 0 - 3 is routed through the switch’s low priority queue. Traffic with a priority value of 4 - 7 is routed through the switch’s high priority queue.

Tag traffic: Select source or destination as the criteria for tagged traffic.

Enter MAC: Type the source or destination MAC address of traffic to tag with a priority value.

VLAN ID: If the device whose MAC address you are adding to the list is a member of a VLAN, type the VLAN ID here.

Priority level: Toggle to the desired priority level. Traffic with a priority of 0–3 is routed through the low priority queue; 4–7 is routed through the high priority queue.

ADD or DELETE: Adds or deletes the specified MAC address.

58

C H A P T E R 5 Using Local Management

Switch Settings

LOCATION

Main Menu

Configure Device

Switch Settings

NOTE

Write down both the firmware version and Boot PROM version in case you need to contact Intel® Customer Support.

Description

Name: Assigns a name to the switch, up to 40 characters long.

Location: Assigns a location to the switch, up to 40 characters long.

Contact: Assigns a contact person or phone number to the switch, up to 40 characters long.

Device type: Displays the manufacturer-assigned type of switch.

Description: Displays description of switch.

Port 7- and 8-GBIC: Displays the type of GBIC detected, if applicable.

MAC address: Displays the unique hardware address assigned by Intel.

Boot PROM version: Displays the version of the switch’s boot code.

Firmware version: Displays the version of the firmware installed on the switch. You can update this software through the Update Firmware and Configuration Files screen.

Serial number: Displays the hardware serial number for the switch.

Hardware revision: Displays the version of the switch’s PCB.

CONFIGURE ADVANCED SETTINGS: Sets advanced switch settings such as port auto-partition and Head of Line blocking.

Management Local

59

C H A P T E R 5

Intel® NetStructure™ 470T and 470F Switches User Guide

Configure Advanced Switch Settings

LOCATION

Main Menu

Configure Device

Switch Settings

Configure Advanced...

Description

Head of Line (HOL) blocking prevention: If this option is enabled it prevents the forwarding of data to a port that is blocked. Normally, when the switch sends traffic out from a port, the data goes to the port’s transmit queue and then is sent out. If the port’s transmit queue is already busy trying to send out data the switch places the waiting traffic in the buffer memory until the port is ready to send it out.

However, if the port’s transmit queue remains full, the switch fills up more of the buffer with traffic waiting to be sent on that port. HOL blocking works on the assumption that it is better to drop the traffic waiting in the buffer than to continue using more memory and impacting performance across all the ports.

High-priority packet service ratio: This option lets you determine how many high-priority packets are sent out by the switch before sending a lowpriority packet. For example, a ratio of 8 high:1 low means that the switch will send out eight high-priority packets before sending out one lowpriority packet.

60

C H A P T E R 5 Using Local Management

Configure Spanning Tree Protocol

Management Local

LOCATION

Main Menu

Configure Device

Spanning Tree Protocol

Description

The IEEE 802.1D Spanning Tree Protocol specification prevents loops in a network by allowing only one active path between any two network devices at a time.

Spanning Tree status: Enables or disables (press z) support for the Spanning Tree Protocol, where the entire switch is a bridge for which you can set spanning tree parameters. (Note: If you are running 802.1Q VLANs, spanning tree is turned on automatically by the switch.)

Topology changes: Displays the number of times the spanning tree has changed its configuration.

Time since change: Displays the elapsed time (since the last switch reboot) since the spanning tree last changed its topology (the paths used to get through the network).

Root MAC address, Root path cost, Root port: Display information used by the root bridge in the same spanning tree as the switch.

Switch priority: Determines priority. Type a number from 0 to 65535 (default is 32768). The device with the lowest number becomes the root device (starting point for the spanning tree).

61

C H A P T E R 5

Intel® NetStructure™ 470T and 470F Switches User Guide

Hello time: Displays the time between transmissions of configuration BPDUs (Bridge Protocol Data Units) when the switch is, or is attempting to become, the root in the spanning tree. Type a number from 1 to 10 seconds (default is 2 seconds).

Max age: Displays the maximum time that information from a configuration BPDU is used by the switch before it is discarded. Type a number from 6 to 40 seconds (default is 20 seconds).

Forward delay: Displays the amount of time between port states when the spanning tree is changing its status from blocking to forwarding. Type a number from 4 to 30 seconds (default is 15 seconds).

CONFIGURE SPANNING TREE FOR PORTS: Takes you to the screen where you can set spanning tree values for individual ports.

62

C H A P T E R 5 Using Local Management

Configure Spanning Tree for Ports

Management Local

LOCATION

Main Menu

Configure Device

Spanning Tree Protocol

Configure STP for Ports

Description

Port: Identifies port numbers; select the port you want to configure for spanning tree.

STP State: Enables or disables each port to be active in the spanning tree (press z).

Cost: Forwards information to spanning tree, which determines alternate routes in the network to forward traffic. Type a number from 1 to 65535 (default is 10). The higher the cost of a port, the lower the chance of this port being used to forward traffic. When possible, assign a port a low cost if it is connected to a fast network segment.

Priority: Sets the port’s priority in the spanning tree. Type a number from 0 to 65535. The higher the value, the lower the chance of this port being used as the root port. If two ports on the switch have the same priority value, the spanning tree uses the port with the lowest number. For example, the spanning tree would choose port 1 over port 4 if they both had the same priority setting. The default for this field is 128.

63

C H A P T E R 5

Intel® NetStructure™ 470T and 470F Switches User Guide

Forwarding and Filtering

LOCATION

Main Menu

Configure Device

Forwarding and Filtering

Description

Lock address table: Determines if the table learns new MAC addresses (press z). <Yes> prevents the switch from learning new MAC addresses. Any existing addresses that the switch has learned remain in the address table.

MAC address aging: Sets the time period (in seconds) at which the switch scans its MAC address table to determine the age of entries.

Configure IGMP snooping: Sets Internet Group Management Protocols (IGMP) options for multimedia applications, such as desktop video conferencing, that use IP multicast addresses.

Configure permanent MAC addresses: Allows permanent mapping between a network device and a port.

Configure port security: Configures the switch to only allow the transmission of authorized traffic over a particular port(s).

Configure MAC address filtering: Allows the switch to drop traffic based on MAC source or destination addresses.

Configure Ethernet multicast filtering: Blocks or forwards traffic over each port for Ethernet (MAC-based) multicast groups.

64

C H A P T E R 5 Using Local Management

Configure IGMP Snooping

Management Local

LOCATION

Main Menu

Configure Device

Forwarding and Filtering

IGMP Snooping

Description

IGMP snooping (Internet Group Management Protocol) allows the switch to forward multicast traffic intelligently. The switch “snoops” the IGMP query and report messages and forwards traffic only to the ports that request the multicast traffic. This prevents the switch from broadcasting the traffic to all ports and possibly affecting network performance.

IGMP requires a router that learns about the presence of multicast groups on its subnets and keeps track of group membership. Note: Multicasting is not connection oriented, so data is delivered to the requesting hosts on a best-effort level of service.

VLAN Name (port-based or tag-based VLANs only): Displays the VLAN for which IGMP snooping is enabled. You can also enable IGMP snooping for a VLAN on the Create an 802.1Q VLAN screen.

IGMP Snooping state: Enables or disables IGMP Snooping (press z).

IGMP Snooping age-out timer: Indicates the amount of time (in seconds) the switch waits to receive IGMP queries. The default time is 300 seconds. A query allows the server to determine which network hosts are (or want to be) part of the IP multicast group, and are configured and ready to receive traffic for the given application.

65

C H A P T E R 5

Intel® NetStructure™ 470T and 470F Switches User Guide

Configure Static MAC Addresses

LOCATION

Main Menu

Configure Device

Forwarding and Filtering

Configure Static...

NOTE

If tag-based or port-based VLANs are currently active, you must assign each static MAC address to a specific VLAN.

Description

Static MAC addresses are MAC addresses that remain in the switch’s address table, whether or not the device is physically connected to the switch. After you define a static MAC address, it remains in the switch’s address table until you remove it.

Enter MAC: Indicates the MAC address you want to permanently add to the address table.

VLAN or VLAN ID: Indicates VLAN or VLAN ID. When VLANs are active on the switch you can define static MAC addresses for each VLAN. If port-based VLANs are active press zto select a VLAN. If tagbased VLANs are active, type the VLAN ID that the static MAC address will be assigned.

Select port: Selects a port on the switch to which the switch forwards traffic (press z).

ADD/DELETE: Adds or removes a MAC address from the switch’s table.

66

C H A P T E R 5 Using Local Management

Configure Port Security

LOCATION

Main Menu

Configure Device

Forwarding and Filtering

Configure Port Security

NOTE

You must first configure port security before configuring a static MAC address.

If you locked the address table on the Forwarding and Filtering screen, you must return to the screen and unlock the table before making changes on the Port Security screen.

Description

Port security prevents unauthorized access of a port by “securing” a list of specific MAC addresses to a port. If the switch sees a MAC address that is not on the secured list, it discards the packet.

To set port security from Local Management

1On the Configure Device screen, select Forwarding and Filtering.

2Select Configure Port Security.

3Select a port you want to secure. Press zin the Learning field to disable the port’s ability to learn new MAC addresses.

4Press qto move up a level, and then select the Configure Static MAC Addresses screen.

5Define a list of MAC addresses and assign them to the same port you secured in the Port Security screen.

To turn off port security

1On the Configure Device screen, select Forwarding and Filtering. Select Configure Port Security.

2Select the port on which you want to disable security. Press zin the Learning field to disable security and enable the port to learn new MAC addresses.

Management Local

67

C H A P T E R 5

Intel® NetStructure™ 470T and 470F Switches User Guide

Configure MAC Address Filtering

LOCATION

Main Menu

Configure Device

Forwarding and Filtering

MAC Address Filtering

NOTE

If tag-based (IEEE 802.1Q) or port-based VLANs are currently active and you want to enable MAC address filtering, you must assign each MAC address filter to a specific VLAN.

Description

MAC address filtering allows the switch to drop unwanted packets. The switch drop a packet when it sees the specified MAC address in either the source address or destination address. For example, if your network is congested because of high utilization from a specific MAC address, you can filter all packets transmitted from that address and restore network flow while you troubleshoot the problem.

Enter MAC: Indicates the MAC address you want to filter.

VLAN/VLAN ID: Indicates VLAN or VLAN ID. If VLANs are active on the switch, you can set MAC address filtering on a per VLAN basis. For port-based VLANs, press zto select the name of the VLAN. For tag-based VLANs, type the VLAN ID.

ADD/DELETE: Adds or removes a MAC address from the switch’s table.

68

C H A P T E R 5 Using Local Management

Configure Ethernet Multicast Filtering

LOCATION

Main Menu

Configure Device

Forwarding and Filtering

Configure Ethernet...

NOTE

If tag-based (IEEE 802.1Q) or port-based VLANs are currently active and you want to enable MAC address filtering, you must assign each multicast filter to a specific VLAN.

Description

You can use Ethernet multicast filters to define which ports can receive multicast traffic from a specific multicast MAC address.

VLAN/VLAN ID: Indicates VLAN or VLAN ID. If VLANs are active on the switch you can set Ethernet multicast filtering on a per VLAN basis. For port-based VLANs, press zto select the name of VLAN. For tag-based VLANs, type the VLAN ID in the Multicast address field.

Multicast address: Indicates the MAC address you want to add, delete, or apply a filter to.

ADD/DELETE: Adds or removes a MAC address from the switch’s table.

To adding or deleting a multicast filter

1In the Multicast address field, type a multicast address.

2If the switch is running tag-based or port-based VLANs, select a VLAN to locate the filter.

3To add a filter, select ADD using the arrow keys and press E.

4To remove a filter, type the MAC address in the Multicast field, select DELETE, and then press E.

Management Local

69

C H A P T E R 5

Intel® NetStructure™ 470T and 470F Switches User Guide

Ethernet Multicast Filtering (Ports)

LOCATION

Main Menu

Configure Device

Forwarding and Filtering

Configure Ethernet...

Multicast filters per port

Description

Action: Blocks or forwards traffic to the selected port (press z).

APPLY CHANGES: Applies the changes to the multicast filter after you configure the ports.

N/P: Scrolls through the addresses. (Press N (Next Page) or P (Previous Page).

To modify a multicast filter

1On the Configure Ethernet Multicast Filter screen, use the arrow keys to select an address from the list on the right side of the screen. Press E.

2Determine which ports can receive the multicast traffic by using zto set Forward or Block for each port.

3Select APPLY CHANGES and press E. This activates the changes to the multicast filter and returns you to the previous screen.

70

C H A P T E R 5 Using Local Management

Port Mirroring

LOCATION

Main Menu

Configure Device

Port Mirroring

NOTE

Do not mirror traffic to a target port that is connected to a network device other than a protocol analyzer. The device’s behavior may be unpredictable.

Description

Port mirroring is a diagnostic tool you can use to send a copy of the good Ethernet frames transmitted or received on one port to another port. On the second port you can attach a protocol analyzer to capture and analyze the data without interfering with the client on the original port.

Source port: Selects the port whose traffic you want to mirror (press z).

Target port: Selects a port to receive the mirrored traffic (press z). If you are using a protocol analyzer, connect it to this port.

State: Enables or disables port’s mirror (press z).

Management Local

71

C H A P T E R 5

Intel® NetStructure™ 470T and 470F Switches User Guide

Link Aggregation

LOCATION

Main Menu

Configure Device

Link Aggregation

NOTE

All custom settings for a port (including VLAN membership) are lost when you add that port to a link aggregation.

When configuring link aggregation between two 470 switches, you must connect anchor port to anchor port, and member port to member port.

Description

Link aggregation is a way of combining ports on the switch to increase the available bandwidth and provide redundant links. All ports in the aggregated link take on the characteristics of the anchor port. This means if you set the anchor port to 1000Mbps full duplex (470T only), all the ports aggregated to that anchor port share the same setting. You can set a maximum of four aggregated groups on the switch.

Anchor Port: Displays the first port in the link aggregation.

Width: Sets the total number of (consecutive) member ports in the aggregated link (press z). The minimum number of ports for an aggregated link is two, and the maximum is four. The link aggregation width includes the anchor port.

Aggregation Group Name: Assigns a name to the aggregated links for management or identification purposes.

Status: Enables or disables the aggregated link (press z).

72

C H A P T E R 5 Using Local Management

Broadcast Storm Control

Management Local

LOCATION

Main Menu

Configure Device

Broadcast Storm Control

Description

You can use broadcast storm control to filter out broadcasts from faulty devices to prevent them from degrading network performance.

For a more information about of broadcast storm control, see Chapter 2.

Setting: Enables or disables broadcast storm control on each port (press z).

Upper Threshold: Sets the threshold of broadcast traffic on a port (shown as a percentage of the port’s total bandwidth) that activates broadcast storm control. Type a value from 1–20%. The default value is 20%.

73

C H A P T E R 5

Intel® NetStructure™ 470T and 470F Switches User Guide

Configure Management Menu

LOCATION

Main Menu

Configure Management

Description

Configure community strings & trap receivers: Assigns the switch’s community strings and sets trap receiving stations.

Administer user accounts: Configures user accounts. You can add or delete users, update passwords, and change a user’s access levels.

Define IP access list: Create a list of IP addresses that can access the switch through Telnet, Web Manager, or SNMP.

Update firmware and configuration files: Configures the switch’s internal software and specifies the location of configuration files.

Reset and console options: Reboots the switch or changes the settings on the serial port. You can also use this option to set the switch back to its factory defaults.

74

C H A P T E R 5 Using Local Management

Community Strings & Trap Receivers

LOCATION

Main Menu

Configure Management

Community Strings and . . .

NOTE

These are the traps supported by the switch:

Power to the switch was cycled or reset.

Link, speed, or other status changes on a port.

Authentication failure.

Description

Use this screen to send alerts to PCs with SNMP management applications (such as Intel® Device View) installed.

Current read community: Sets a password for viewing (not changing) the switch configuration. The string you define here must match the read community string defined in the SNMP application. The default read community string is “public.”

Current write community: Sets a password for viewing and changing the switch configuration. The string you define here must match the write community string defined in the SNMP application. The default write community string is “private.”

Trap Receiving Stations: When an event occurs, the switch automatically alerts the SNMP management application by sending a trap to the SNMP management stations (for example, PCs) defined here.

Station IP address: Displays the IP addresses of PCs with SNMP applications (such as Intel Device View or LANDesk® Network Manager) installed.

State: Enables or disables sending of traps to the specified trap receiver.

Community string: Specifies a string for the trap that matches the community string defined in the SNMP management application. The default is “public.”

Management Local

75

C H A P T E R 5

Intel® NetStructure™ 470T and 470F Switches User Guide

Administer User Accounts

LOCATION

Main Menu

Configure Management

Administer User Accounts

Description

Add Users/Change Passwords

Username: By default, no username is assigned. Usernames can consist of any character and can be up to 15 characters long. You can define three usernames.

Old Password: Used when changing the password of a current user. If this is a new account, you can skip to the New Password field. By default, no password is assigned.

New password: Sets a new password for accessing Local Management. The password you specify here is used the next time you reset the switch or log out and log in to Local and Web Management. Passwords are case-sensitive and can be up to 15 characters long.

Confirm new password: Verifies the entry in the New password field.

76

C H A P T E R 5 Using Local Management

Access level: Establishes a user’s access rights (press z). Administrators can make any changes to Local Management. All other users (categorized under Normal user) can view information but cannot make changes. To change a user’s access rights, see the “To modify a user’s access level” section of this chapter.

APPLY CHANGES: Saves changes when adding users or changing passwords.

Modify User Accounts

Access level: Changes access rights for the user (press z).

Delete: Deletes an account (press zto change the value to <Yes>). The default value is <No>.

APPLY CHANGES: Saves changes when modifying or deleting user accounts.

Management Local

77

C H A P T E R 5

Intel® NetStructure™ 470T and 470F Switches User Guide

Managing User Accounts

System Administrators can create up to three user accounts for managing the switch. You can also change the access rights for current users and delete user accounts. Make sure you always set up at least one Administrator account.

To create a user account

1On the Main Menu, select Configure Management, and then press E. Select Administer User Accounts and press E.

2On the User Accounts screen, type the name of the new user in the Username field, and then press E.

3Because this is a new user, press Tto skip the Old password field, and then go to the New password field.

4Type the password for the new user, and then press E. Passwords are case-sensitive and can be up to 15 characters long.

5To confirm the new password, retype it in the Confirm new password field. Press E.

6Select the access rights for the new user by pressing z.

7To save the information, press Tto select SAVE CHANGES (below the Confirm new password field), and then press E. The new account appears in the list under Modify User Accounts.

To change a password

1On the Main Menu, select Configure Management, and then press E. Select Administer User Accounts, and then press E.

2In the Username field, type the username of the account for which you want to change the password. Press E.

3Type the current password in the Old password field, and then press

E.

4Type the new password in the New password field, and then press

E.

5To confirm the password, retype it in the Confirm new password field. Press E.

78

C H A P T E R 5 Using Local Management

6To save the new password, press Tto select SAVE CHANGES (below the Confirm new password field) and press E.

To modify a user’s access level

1On the Main Menu, select Configure Management, and then press E. Select Administer User Accounts and press E.

2Under Access Level, press Tto select the account to be modified.

3Press zto change the user’s access rights. Users with Administrator access can make changes to the management configuration; users with Normal User access can view the configuration but cannot make changes.

4To save changes, press Tto select SAVE CHANGES at the bottom of the screen and press E.

To delete a user account

1On the Main Menu, select Configure Management, press E. Select Administer User Accounts, and then press E.

2Under Delete, select the account to be removed.

3Press zto select <Yes>.

4To remove the user account, press Tto select SAVE CHANGES at the bottom of the screen and press E.

Management Local

79

C H A P T E R 5

Intel® NetStructure™ 470T and 470F Switches User Guide

Define IP Access List

LOCATION

Main Menu

Configure Management

Define IP Access List

NOTE

The IP access list does not prevent unauthorized users from accessing switch management through the serial port.

Description

Users with IP addresses defined on the access list can manage the switch. If user names and passwords are set up, the user must also enter a valid user name and password when accessing the console. If you do not create an access list, any user with a valid user name and password can manage the switch. The IP access list provides a second level of security beyond that of a user name and password.

If you create an access list, the first address you add must be the one from which you are accessing the switch. Only users with IP addresses defined on the access list can ping the switch.

The IP access list can contain up to eight IP addresses.

Action: Specifies whether you want to add or delete an IP address. Press zto toggle between <Add> and <Delete>.

IP address: Type the IP address you want to add or delete from the access list and then press E. The IP access list can contain up to eight IP addresses.

80

C H A P T E R 5 Using Local Management

Update Firmware and Config Files

LOCATION

Main Menu

Configure Management

Update Firmware and . . .

NOTE

Check the Intel® Support Web site for firmware updates to the 470 switch.

Description

Software update mode: Choose to update switch firmware over the network or through a serial port. SLIP/PPP is available only after changing the Port setting in the Reset and Console Options in the Configure Management menu (press z).

TFTP server address: Displays the IP address of the TFTP server.

Update Management Module Firmware:

Firmware update: Enables or disables the firmware update (press z). When enabled, the switch searches for the TFTP server specified at the top of the screen and attempts to update the firmware.

Firmware file name: Displays the path and filename of the firmware located on the server.

Change Configuration File:

Config file download: Enables or disables the ability to download a configuration file (press z). When enabled, the switch searches for the TFTP server specified at the top of the screen.

Config file name: Displays the path and filename of the configuration file located on the server.

Last TFTP server address: Displays the IP address of the last TFTP server accessed by the switch.

REBOOT TO START UPDATE: Starts the update process. The switch reboots and downloads the specified file.

Management Local

81

C H A P T E R 5

Intel® NetStructure™ 470T and 470F Switches User Guide

Reset and Console Options

LOCATION

Main Menu

Configure Management

Reset and Console Options

Description

Reset Options

Reboot switch: Reboots the switch. If you changed the IP configuration or login setting, the new settings take effect after you select this option.

Reset switch settings to factory defaults: Clears any saved settings or current changes and resets the switch back to its factory defaults. All counters are cleared and the switch starts sending BOOTP requests.

Serial Port Settings

Port setting: Configures the switch’s serial port. Press zto toggle between <Console>, <SLIP>, and <PPP>. Settings take effect on the next reboot.

Console timeout: Logs out a user after a period of inactivity. Settings are from 0–60 minutes in 15-minute increments. A setting of <Never> means no timeout. The default is 60 minutes.

82

C H A P T E R 5 Using Local Management

Configure VLAN Operation Mode

LOCATION

Main Menu

Configure VLAN

(if switch is in Default Mode)

Description

Use this screen to activate or change the type of VLAN operating on the switch. If there are no VLANs active on the switch, this is the first screen displayed when you select Configure VLAN from the Main Menu. By default, VLANs are not active on the Intel® NetStructure™ 470F and 470T Switches so they must be activated before you can start configuring them.

The 470 switches support only one type of VLAN operating at a time. However, you can have multiple VLANs of the same type.

Select the type of VLAN: Changes the type of VLAN on the switch (press z). The 470 switches support three types of VLANs: port-based, IEEE 802.1Q (tag-based), and protocol-based.

APPLY: Activates the changes to the VLAN and reboots the switch.

NOTE

The first time you configure the switch, the system takes you directly to the Configure VLAN Operation Mode screen.

To change VLAN modes

1On the Main Menu, select Configure VLAN.

2On the Configure VLAN menu, select VLAN Operation Mode.

3Press zto change the type of VLAN on the switch. Press

E.

4Select the APPLY button and press E. This reboots the switch and changes the VLAN mode.

Management Local

83

C H A P T E R 5

Intel® NetStructure™ 470T and 470F Switches User Guide

Port-based VLANs

LOCATION

Main Menu

Configure VLAN

Description

Port-based VLANs are the simplest type of VLAN. With a port-based VLAN you can create multiple VLANs, each with its own broadcast domain and member ports.

For example, if port 3 is in VLAN_1 and port 5 is in VLAN_2 the two ports cannot communicate with each other even though they are part of the same switch. A port can only be a member of a single port-based VLAN. Any port that is not a member of a user-defined VLAN is a member of the DEFAULT_VLAN.

VLAN operation mode: Changes the type of VLAN operating on the switch, or disables VLANs entirely.

Add a port-based VLAN: Creates a port-based VLAN and adds ports to the VLAN.

Edit/delete a port-based VLAN: Selects a VLAN to change port membership in the VLAN, or removes a VLAN from the switch.

84

C H A P T E R 5 Using Local Management

Add a Port-based VLAN

Management Local

LOCATION

Main Menu

Configure VLAN

Add a Port-based VLAN

Description

VLAN Name: Assigns a name to the VLAN. Names can consist of any character (no spaces) and be up to 12 characters long. After a VLAN is created the name cannot be changed. If you want to change the name you must delete the VLAN, create a new one, and assign the ports to the new VLAN.

Port: Specifies the port you want in the VLAN.

Member: Determines which ports are part of the VLAN being created. Ports can be members of only one port-based VLAN. Press zto toggle the following options:

<Yes> The port is a member of the VLAN.

<No > The port is not a member of the VLAN.

The port is part of an aggregated link; the anchor port determines membership in a VLAN.

N/A Displayed if the port is already participating in another VLAN, or for the 470T, that a GBIC slot is open. Ports can belong to only one port-based VLAN.

APPLY: Creates the VLAN and activates the settings.

85

C H A P T E R 5

Intel® NetStructure™ 470T and 470F Switches User Guide

To create a port-based VLAN

1On the Main Menu, select Configure VLAN.

Note: Make sure the switch’s current VLAN operation mode is set to port-based VLAN. If another type of VLAN is running, see “Configure VLAN Operation Mode” earlier in this chapter to change the VLAN operation mode.

2Select Add a Port-based VLAN and press E.

3Type a name for the new VLAN and press E.

4Select ports to add to the VLAN and use zto toggle the Member field to Yes.

5Select the APPLY button and press E.

Edit/Delete a Port-based VLAN

LOCATION

Main Menu

Configure VLAN

Edit/Delete a Port-based VLAN

Edit VLAN

Description

NOTE

The DEFAULT_VLAN cannot be deleted from the switch.

Action: Indicates whether to delete a VLAN or to change its port membership. Press zto toggle between <Edit> or <Delete>, then use Tor Sto select a VLAN, and press E. If deleting, press Eagain to confirm deletion.

VLAN Name: Displays the name of an available port-based VLAN.

Ports: Displays the number of member ports in the specified VLAN.

86

C H A P T E R 5 Using Local Management

Change Port Membership in a VLAN

Management Local

Description

LOCATION

Main Menu

Configure VLAN

Edit/Delete a Port-based VLAN

This screen is similar to the VLAN creation screen. You can change the membership status of ports within the VLAN but you cannot change the name of the VLAN.

VLAN Name: Displays the name of the VLAN you are configuring.

Port: Displays the port numbers. Select the port you want to add to or eliminate from the VLAN.

Member: Determines which ports are part of the current VLAN. Ports can be members of only one port-based VLAN. Press zto toggle the following options:

<Yes> The port is a member of the VLAN.

<No > The port is not a member of the VLAN.

The port is part of a aggregated link.

N/A Displayed if the port is already participating in another VLAN. Ports can belong to only one VLAN.

APPLY: Activates the settings.

87

C H A P T E R 5

Intel® NetStructure™ 470T and 470F Switches User Guide

Configure 802.1Q VLANs

LOCATION

Main Menu

Configure VLAN

Description

VLAN operation mode: Changes the type of VLAN operating on the switch, or disables VLANs entirely.

Create an IEEE 802.1Q VLAN: Creates a new 802.1Q VLAN and adds ports to the VLAN.

Edit/Delete an IEEE 802.1Q VLAN: Changes port membership of an existing VLAN or removes a VLAN from the switch.

Configure VLAN ID for Untagged Devices (PVID): Assigns a VLAN to inbound packets without a VID.

GVRP and ingress filter settings: Sets port-level options for dynamic VLAN creation and packet filtering by the VLAN.

88

C H A P T E R 5 Using Local Management

Add an IEEE 802.1Q VLAN (Configure

Port Membership)

LOCATION

Main Menu

Configure VLAN

Create an 802.1Q VLAN

NOTE

A ‘+’ next to the Member indicates that the port is a member of more than one VLAN.

Description

VLAN Name: Assigns a name to the VLAN. The name can consist of any character (no spaces) and be up to 12 characters long. After a VLAN is created the name cannot be changed.

VLAN ID: Assigns a unique ID number for the VLAN. This number is used to identify all packets belonging to that VLAN. Type a number from 2 to 4094. The DEFAULT_VLAN (created when you select a VLAN mode) has a VID of 1.

Allow IGMP Snooping: Indicates if the switch performs IGMP snooping on this VLAN (press z). A maximum of 12 IGMP snooping sessions are allowed.

Member: Identifies which ports are part of the VLAN being created. Press zto toggle the following options:

<Yes> The port is a member of the VLAN.

<No > The port is not a member of the VLAN.

The port is part of an aggregated link.

NEXT: Sends you to the Add an IEEE 802.1Q VLAN (Configure Port Tagging) screen.

Management Local

89

C H A P T E R 5

Intel® NetStructure™ 470T and 470F Switches User Guide

Add an IEEE 802.1Q VLAN (Configure

Port Tagging)

LOCATION

Main Menu

Configure VLAN

Create an 802.1Q VLAN

Add an 802.1Q VLAN...

Description

VLAN Name: Displays the VLAN name assigned on the Add an IEEE 802.1Q VLAN (Configure Port Membership) screen.

VLAN ID: Displays the VLAN ID assigned on the Add an IEEE 802.1Q VLAN screen.

Action: Indicates whether the device connected to this port supports tagging (press z).

PREV: Returns you to the Add an IEEE 802.1Q VLAN (Configure Port Membership) screen.

DONE: Returns you to the Configure 802.1Q VLANs screen.

90

C H A P T E R 5 Using Local Management

Configuring 802.1Q VLANs

Setting up an 802.1Q VLAN is a three-step process. First, create a VLAN on the switch. Second, make sure that tagging is set up properly for your attached devices. Third, configure those devices that don’t support tagging.

Step 1: Create an 802.1Q VLAN and add ports

 

1

On the Main Menu, select Configure VLAN.

 

 

Note: Make sure the switch’s current VLAN operation mode is set to

 

 

IEEE 802.1Q VLAN. Refer to “Configure VLAN Operation Mode”

 

 

earlier in this chapter to change the VLAN operation mode.

 

2

Select Create an IEEE 802.1Q VLAN and press E.

 

3

Type a name for the new VLAN (no spaces) and press E.

 

4

Type a VLAN ID (VID) and press E. The ID can be any number

 

 

from 2 to 4094.

 

5

Determine if you want to allow IGMP Snooping on this VLAN. This is

 

 

important because the switch can support more 802.1Q VLANs than the

LOCATION

 

maximum of 12 IGMP Snooping sessions available.

Main Menu

6

Select ports to add to the VLAN. Press zto toggle the

Configure VLAN

 

Member field to Yes.

 

 

Configure PVID for...

7

Select the NEXT button and press E.

Step 2: Configure tagging for member ports

Note: If the device on a particular port does not support tags, configure that port as untagged. Configuring a device as untagged ensures that the switch removes tags from packets before they leave the switch for the device.

1Press zto select Tag or Untag for each port that is a member of the VLAN.

2Select the DONE button and press E.

If you configured any of the ports in the VLAN as Untagged, proceed to step 3, “Configure VLAN for untagged devices,” to configure ports for untagged devices and associate those ports with a PVID (port VLAN ID).

Management Local

91

C H A P T E R 5

Intel® NetStructure™ 470T and 470F Switches User Guide

NOTE

Determine which devices on your network support tag-based VLANs and which do not before you start this procedure.

Step 3: Configure VLAN for untagged devices

Even if the device attached to the switch doesn’t support 802.1Q tags it can participate in the VLAN. When communicating with untagged devices the switch:

Determines how to forward untagged traffic. For untagged traffic, the switch assigns a default VID to the incoming traffic from the untagged device. Normally, all untagged traffic received on the switch is assigned a VLAN ID=1 or the DEFAULT_VLAN. You can change this PVID to the VID of the VLAN you want the port to use.

Strips 802.1Q tags before sending traffic to the untagged device. When the switch needs to send traffic from a port to an untagged device, it strips the 802.1Q tag. Otherwise, the untagged device may not understand how to process the VID tag.

To add a untagged device to a 802.1Q VLAN

1Ensure that the port is a member of the VLAN. Refer to the procedure in step 1, “Create an 802.1Q VLAN and add ports,” to add a port to a 802.1Q VLAN.

2On the Configure VLAN menu, select Configure VLAN ID for Untagged Devices and press E.

3Select the port where the untagged device is connected. For example, port 7.

4Type the VID of the VLAN you want the port to belong to and press E. This is the same ID number you entered in step 1, “Create an 802.1Q VLAN and add ports.”

5Select APPLY and press Eto activate the changes.

By specifying a VID you set the switch to assign a particular VID to any incoming traffic it receives on that port.

92

C H A P T E R 5 Using Local Management

Edit/Delete an 802.1Q VLAN

Management Local

LOCATION

Main Menu

Configure VLAN

Edit/Delete an 802.1Q VLAN

Description

Use this screen to select a VLAN to edit the port membership in the VLAN or delete the VLAN from the switch.

Action: Specifies whether you want to edit or delete a VLAN. Press zto toggle between <Edit> and <Delete>, select a VLAN from the list, and then press E.

VLAN Name: Displays the name of the VLAN you are configuring.

VLAN ID: Displays the number assigned to identify this 802.1Q VLAN.

93

C H A P T E R 5

Intel® NetStructure™ 470T and 470F Switches User Guide

Edit an IEEE 802.1Q VLAN (Configure

Membership)

LOCATION

Main Menu

Configure VLAN

Edit/Delete IEEE 802.1Q VLAN

NOTE

A ‘+’ next to the Member toggle indicates that port is a member of more than one VLAN.

Description

Use this screen to change which ports are members of the VLAN.

VLAN Name: Displays the name of the VLAN you are editing or deleting.

VLAN ID: Displays the ID number of the VLAN. This number identifies all packets belonging to that VLAN.

Allow IGMP Snooping: Identifies whether the switch performs IGMP snooping on this VLAN (press z). There are a maximum of 12 IGMP snooping sessions allowed.

Member: Determines which ports are part of the VLAN being created. Press zto toggle the field for the following options:

<Yes> The port is a member of the VLAN.

<No > The port is not a member of the VLAN.

The port is part of an aggregated link.

NEXT: Sends you to the Edit an IEEE 802.1Q VLAN (Configure Port Tagging) screen, where you can set egress tags (for outbound traffic).

94