LevelOne GEL-2870 Management Manual
LevelOne
GEL-2870
24 GE + 4 GE Combo SFP
L2 SNMP Switch
Management Guide
version 1.0
M
ANAGEMENT
G
UIDE
GEL-2870
Layer 2 SNMP Switch
with 24 10/100/1000BASE-T (RJ-45) Ports,
and 4 Gigabit Combination Ports (RJ-45/SFP)
GEL-2870
E112009/AP-R01
149100000054A
ABOUT THIS GUIDE
PURPOSE This guide gives specific information on how to operate and use the
management functions of the switch.
AUDIENCE The guide is intended for use by network administrators who are
responsible for operating and maintaining network equipment;
consequently, it assumes a basic working knowledge of general switch
functions, the Internet Protocol (IP), and Simple Network Management
Protocol (SNMP).
CONVENTIONS The following conventions are used throughout this guide to show
information:
N
OTE
:
Emphasizes important information or calls your attention to related
features or instructions.
C
AUTION
damage the system or equipment.
W
ARNING
:
Alerts you to a potential hazard that could cause loss of data, or
:
Alerts you to a potential hazard that could cause personal injury.
RELATED PUBLICATIONS The following publication details the hardware features of the switch,
including the physical and performance-related characteristics, and how to
install the switch:
The Installation Guide
Also, as part of the switch’s software, there is an online web-based help
that describes all management related features.
REVISION HISTORY This section summarizes the changes in each revision of this guide.
NOVEMBER 2009 REVISION
This is the first version of this guide. This guide is valid for software release
v1.0.1.
– 3 –
A
BOUT THIS GUIDE
– 4 –
CONTENTS
ABOUT THIS GUIDE 3
C
ONTENTS 5
IGURES 17
F
T
ABLES 21
SECTION I GETTING STARTED 23
1INTRODUCTION 24
Key Features 24
Description of Software Features 25
Configuration Backup and Restore 25
Authentication 25
Access Control Lists 26
Port Configuration 26
Rate Limiting 26
Port Mirroring 26
Port Trunking 26
Storm Control 26
Static Addresses 26
IEEE 802.1D Bridge 27
Store-and-Forward Switching 27
Spanning Tree Algorithm 27
Virtual LANs 28
Traffic Prioritization 28
Quality of Service 29
Multicast Filtering 29
System Defaults 30
2INITIAL SWITCH CONFIGURATION 32
Connecting to the Switch 32
Configuration Options 32
– 5 –
C
ONTENTS
Required Connections 33
Remote Connections 34
Basic Configuration 35
Setting Passwords 35
Setting an IP Address 35
Enabling SNMP Management Access 38
Managing System Files 42
Saving or Restoring Configuration Settings 42
SECTION II WEB CONFIGURATION 43
3USING THE WEB INTERFACE 44
Connecting to the Web Interface 44
Navigating the Web Browser Interface 45
Home Page 45
Configuration Options 45
Panel Display 46
Main Menu 46
4CONFIGURING THE SWITCH 50
Configuring System Information 50
Setting an IP Address 51
Setting an IPv4 Address 51
Setting an IPv6 Address 53
Setting the System Password 56
Filtering IP Addresses for Management Access 56
Configuring Port Connections 58
Configuring Authentication for Management Access and 802.1X 60
Creating Trunk Groups 64
Configuring Static Trunks 65
Configuring LACP 67
Configuring the Spanning Tree Algorithm 71
Configuring Global Settings for STA 72
Configuring Interface Settings for STA 73
Configuring 802.1X Port Authentication 76
Configuring HTTPS 81
Configuring SSH 83
– 6 –
C
ONTENTS
IGMP Snooping 84
Configuring IGMP Snooping and Query 85
Configuring IGMP Filtering 88
Configuring Link Layer Discovery Protocol 89
Configuring the MAC Address Table 92
IEEE 802.1Q VLANs 94
Assigning Ports to VLANs 95
Configuring VLAN Attributes for Port Members 96
Configuring Private VLANs 98
Using Port Isolation 99
Quality of Service 100
Configuring Port-Level Queue Settings 101
Configuring DSCP Remarking 102
Configuring QoS Control Lists 104
Configuring Rate Limiting 107
Configuring Storm Control 109
Access Control Lists 110
Assigning ACL Policies and Responses 110
Configuring Rate Limiters 111
Configuring Access Control Lists 112
Configuring Port Mirroring 120
Simple Network Management Protocol 121
Configuring SNMP System and Trap Settings 123
Setting SNMPv3 Community Access Strings 126
Configuring SNMPv3 Users 127
Configuring SNMPv3 Groups 129
Configuring SNMPv3 Views 130
Configuring SNMPv3 Group Access Rights 131
Configuring UPnP 132
Configuring DHCP Relay and Option 82 Information 134
5MONITORING THE SWITCH 136
Displaying Basic Information About the System 136
Displaying System Information 136
Displaying Log Messages 137
Displaying Log Details 139
Displaying Access Management Statistics 139
– 7 –
C
ONTENTS
Displaying Information About Ports 140
Displaying Port Status On the Front Panel 140
Displaying an Overview of Port Statistics 140
Displaying QoS Statistics 141
Displaying Detailed Port Statistics 142
Displaying Information on Authentication Servers 145
Displaying a List of Authentication Servers 145
Displaying Statistics for Configured Authentication Servers 146
Displaying Information on LACP 150
Displaying an Overview of LACP Groups 150
Displaying LACP Port Status 150
Displaying LACP Port Statistics 151
Displaying Information on the Spanning Tree 152
Displaying Bridge Status for STA 152
Displaying Port Status for STA 154
Displaying Port Statistics for STA 155
Displaying Port Security Information 156
Displaying Port Security Status 156
Displaying Port Security Statistics 157
Showing IGMP Snooping Information 160
Displaying LLDP Information 161
Displaying LLDP Neighbor Information 162
Displaying LLDP Port Statistics 163
Displaying DHCP Relay Statistics 164
Displaying the MAC Address Table 166
6PERFORMING BASIC DIAGNOSTICS 168
Pinging an IPv4 or IPv6 Address 168
Running Cable Diagnostics 169
7PERFORMING SYSTEM MAINTENANCE 171
Resetting the Switch 171
Restoring Factory Defaults 171
Upgrading Firmware 172
Registering the Product 173
Managing Configuration Files 173
Saving Configuration Settings 173
Restoring Configuration Settings 174
– 8 –
C
ONTENTS
SECTION III COMMAND LINE INTERFACE 175
8USING THE COMMAND LINE INTERFACE 177
Accessing the CLI 177
Console Connection 177
Telnet Connection 178
Entering Commands 179
Keywords and Arguments 179
Minimum Abbreviation 180
Getting Help on Commands 180
Partial Keyword Lookup 181
Using Command History 182
Command Line Processing 182
CLI Command Groups 183
9SYSTEM COMMANDS 185
system configuration 186
system reboot 186
system restore default 187
system contact 187
system name 187
system location 188
system password 188
system timezone 189
system log 189
system access configuration 190
system access mode 190
system access add 191
system access ipv6 add 192
system access delete 193
system access lookup 193
system access clear 193
system access statistics 193
10 IP COMMANDS 195
ip configuration 195
ip dhcp 196
ip setup 197
– 9 –
C
ONTENTS
ip ping 198
ip dns 199
ip dns_proxy 199
ip sntp 200
ip ipv6 autoconfig 200
ip ipv6 setup 201
ip ipv6 ping6 202
ip ipv6 sntp 203
11 AUTHENTICATION COMMANDS 205
auth configuration 205
auth timeout 206
auth deadtime 207
auth radius 207
auth acct_radius 208
auth tacacs+ 210
auth client 211
auth statistics 212
12 PORT COMMANDS 215
port configuration 215
port state 217
port mode 217
port flow control 218
port maxframe 219
port power 219
port excessive 220
port statistics 221
port veriphy 222
port numbers 223
13 LINK AGGREGATION COMMANDS 224
aggr configuration 225
aggr add 226
aggr delete 226
aggr lookup 227
aggr mode 227
14 LACP COMMANDS 229
lacp configuration 231
– 10 –
C
ONTENTS
lacp mode 231
lacp key 232
lacp role 232
lacp status 233
lacp statistics 233
15 RSTP COMMANDS 235
rstp configuration 236
rstp sysprio 236
rstp age 237
rstp delay 237
rstp txhold 238
rstp version 238
rstp mode 239
rstp cost 239
rstp priority 241
rstp edge 241
rstp autoedge 242
rstp p2p 243
rstp status 243
rstp statistics 244
rstp mcheck 244
16 IEEE 802.1X COMMANDS 246
dot1x configuration 246
dot1x mode 248
dot1x state 248
dot1x authenticate 249
dot1x reauthentication 250
dot1x period 251
dot1x timeout 251
dot1x clients 251
dot1x agetime 252
dot1x holdtime 253
dot1x statistics 253
17 IGMP COMMANDS 255
igmp configuration 255
igmp mode 257
– 11 –
C
ONTENTS
igmp state 257
igmp querier 258
igmp fastleave 259
igmp leave proxy 260
igmp throttling 260
igmp filtering 261
igmp router 262
igmp flooding 262
igmp groups 263
igmp status 263
18 LLDP COMMANDS 264
lldp configuration 264
lldp mode 265
lldp optional_tlv 265
lldp interval 266
lldp hold 267
lldp delay 267
lldp reinit 268
lldp info 268
lldp statistics 269
lldp cdp_aware 270
19 MAC COMMANDS 271
mac configuration 271
mac add 272
mac delete 272
mac lookup 273
mac agetime 273
mac learning 273
mac dump 274
mac statistics 275
mac flush 275
20 VLAN COMMANDS 276
vlan configuration 276
vlan aware 277
vlan pvid 278
vlan frametype 278
– 12 –
C
ONTENTS
vlan ingressfilter 279
vlan qinq 279
vlan add 280
vlan delete 280
vlan lookup 281
21 PVLAN COMMANDS 282
pvlan configuration 282
pvlan add 283
pvlan delete 283
pvlan lookup 284
pvlan isolate 284
22 QOS COMMANDS 285
qos configuration 286
qos default 286
qos tagprio 287
qos qcl port 287
qos qcl add 288
qos qcl delete 289
qos qcl lookup 290
qos mode 290
qos weight 291
qos rate limiter 291
qos shaper 292
qos storm unicast 293
qos storm multicast 293
qos storm broadcast 294
qos dscp remarking 294
qos dscp queue mapping 295
23 ACL COMMANDS 296
acl configuration 296
acl action 297
acl policy 298
acl rate 298
acl add 299
acl delete 302
acl lookup 302
– 13 –
C
ONTENTS
acl clear 303
24 MIRROR COMMANDS 304
mirror configuration 304
mirror port 304
mirror mode 305
25 CONFIG COMMANDS 306
config save 306
config load 307
26 SNMP COMMANDS 308
snmp configuration 309
snmp mode 310
snmp version 311
snmp read community 311
snmp write community 312
snmp trap mode 312
snmp trap version 313
snmp trap community 313
snmp trap destination 314
snmp trap ipv6 destination 314
snmp trap authentication failure 314
snmp trap link-up 315
snmp trap inform mode 315
snmp trap inform timeout 316
snmp trap inform retry times 316
snmp trap probe security engine id 317
snmp trap security engine id 317
snmp trap security name 318
snmp engine id 318
snmp community add 319
snmp community delete 319
snmp community lookup 320
snmp user add 320
snmp user delete 321
snmp user changekey 322
snmp user lookup 322
snmp group add 323
– 14 –
C
ONTENTS
snmp group delete 324
snmp group lookup 324
snmp view add 325
snmp view delete 325
snmp view lookup 326
snmp access add 326
snmp access delete 327
snmp access lookup 327
27 HTTPS COMMANDS 329
https configuration 329
https mode 329
https redirect 330
28 SSH COMMANDS 332
ssh configuration 332
ssh mode 332
29 UPNP COMMANDS 334
upnp configuration 334
upnp mode 334
upnp ttl 335
upnp advertising duration 336
30 DHCP COMMANDS 337
dhcp relay configuration 337
dhcp relay mode 337
dhcp relay server 338
dhcp relay information mode 338
dhcp relay information policy 339
dhcp relay statistics 339
31 FIRMWARE COMMANDS 341
firmware load 341
firmware ipv6 load 342
SECTION IV APPENDICES 344
ASOFTWARE SPECIFICATIONS 345
Software Features 345
Management Features 346
– 15 –
C
ONTENTS
Standards 347
Management Information Bases 347
BTROUBLESHOOTING 349
Problems Accessing the Management Interface 349
Using System Logs 350
GLOSSARY 351
NDEX 358
I
– 16 –
FIGURES
Figure 1: Home Page 45
Figure 2: Front Panel Indicators 46
Figure 3: System Information Configuration 51
Figure 4: IP & Time Configuration 53
Figure 5: IPv6 & Time Configuration 55
Figure 6: System Password 56
Figure 7: Access Management Configuration 57
Figure 8: Port Configuration 59
Figure 9: Authentication Configuration 63
Figure 10: Static Trunk Configuration 67
Figure 11: LACP Port Configuration 70
Figure 12: RSTP System Configuration 73
Figure 13: RSTP Port Configuration 75
Figure 14: Port Security Configuration 81
Figure 15: HTTPS Configuration 82
Figure 16: SSH Configuration 84
Figure 17: IGMP Snooping Configuration 88
Figure 18: IGMP Snooping Port Group Filtering Configuration 89
Figure 19: LLDP Configuration 92
Figure 20: MAC Address Table Configuration 94
Figure 21: VLAN Membership Configuration 96
Figure 22: VLAN Port Configuration 98
Figure 23: Private VLAN Membership Configuration 99
Figure 24: Port Isolation Configuration 100
Figure 25: Port QoS Configuration 102
Figure 26: DSCP Remarking Configuration 104
Figure 27: QoS Control List Configuration 106
Figure 28: Rate Limit Configuration 108
Figure 29: Storm Control Configuration 110
Figure 30: ACL Port Configuration 111
Figure 31: ACL Rate Limiter Configuration 112
– 17 –
F
IGURES
Figure 32: Access Control List Configuration 120
Figure 33: Mirror Configuration 121
Figure 34: SNMP System Configuration 126
Figure 35: SNMPv3 Communities Configuration 127
Figure 36: SNMPv3 Users Configuration 129
Figure 37: SNMPv3 Group Configuration 130
Figure 38: SNMPv3 View Configuration 131
Figure 39: SNMPv3 Access Configuration 132
Figure 40: UPnP Configuration 134
Figure 41: DHCP Relay Configuration 135
Figure 42: System Information 137
Figure 43: System Log Information 138
Figure 44: Detailed System Log Information 139
Figure 45: Access Management Statistics 140
Figure 46: Port State Overview 140
Figure 47: Port Statistics Overview 141
Figure 48: Queuing Counters 142
Figure 49: Detailed Port Statistics 144
Figure 50: RADIUS Overview 145
Figure 51: RADIUS Details 149
Figure 52: LACP System Status 150
Figure 53: LACP Port Status 151
Figure 54: LACP Port Statistics 152
Figure 55: Spanning Tree Bridge Status 154
Figure 56: Spanning Tree Port Status 155
Figure 57: Spanning Tree Port Statistics 156
Figure 58: Port Security Status 157
Figure 59: Port Security Statistics 160
Figure 60: IGMP Snooping Status 161
Figure 61: LLDP Neighbor Information 163
Figure 62: LLDP Port Statistics 164
Figure 63: DHCP Relay Statistics 166
Figure 64: MAC Address Table 167
Figure 65: ICMP Ping 169
Figure 66: VeriPHY Cable Diagnostics 170
Figure 67: Reset Device 171
– 18 –
F
IGURES
Figure 68: Factory Defaults 172
Figure 69: Software Upload 172
Figure 70: Register Product 173
Figure 71: Configuration Save 174
Figure 72: Configuration Upload 174
– 19 –
F
IGURES
– 20 –
TABLES
Table 1: Key Features 24
Table 2: System Defaults 30
Table 3: Web Page Configuration Buttons 45
Table 4: Main Menu 46
Table 5: Recommended STA Path Cost Range 74
Table 6: Recommended STA Path Costs 74
Table 7: Default STA Path Costs 74
Table 8: HTTPS System Support 82
Table 9: QCE Modification Buttons 105
Table 10: Mapping CoS Values to Egress Queues 105
Table 11: QCE Modification Buttons 114
Table 12: SNMP Security Models and Levels 122
Table 13: System Capabilities 162
Table 14: Keystroke Commands 182
Table 15: Command Group Index 183
Table 16: System Commands 185
Table 17: IP Commands 195
Table 18: Authentication Commands 205
Table 19: Port Commands 215
Table 20: Port Configuration 215
Table 21: Link Aggregation Commands 224
Table 22: LACP Commands 229
Table 23: RSTP Commands 235
Table 24: Recommended STA Path Cost Range 240
Table 25: Recommended STA Path Costs 240
Table 26: Default STA Path Costs 240
Table 27: IEEE 802.1X Commands 246
Table 28: 802.1X Configuration 247
Table 29: IGMP Commands 255
Table 30: IGMP Configuration 256
Table 31: LLDP Commands 264
– 21 –
T
ABLES
Table 32: MAC Commands 271
Table 33: VLAN Commands 276
Table 34: PVLAN Commands 282
Table 35: QoS Commands 285
Table 36: Mapping CoS Values to Egress Queues 288
Table 37: ACL Commands 296
Table 38: Mirror Commands 304
Table 39: Configuration Commands 306
Table 40: SNMP Commands 308
Table 41: HTTPS Commands 329
Table 42: HTTPS System Support 330
Table 43: SSH Commands 332
Table 44: UPnP Commands 334
Table 45: DHCP Commands 337
Table 46: Firmware Commands 341
Table 47: Troubleshooting Chart 349
– 22 –
S
ECTION
GETTING STARTED
This section provides an overview of the switch, and introduces some basic
concepts about network switches. It also describes the basic settings
required to access the management interface.
This section includes these chapters:
◆ “Introduction” on page 24
◆ “Initial Switch Configuration” on page 32
I
– 23 –
1 INTRODUCTION
This switch provides a broad range of features for Layer 2 switching. It
includes a management agent that allows you to configure the features
listed in this manual. The default configuration can be used for most of the
features provided by this switch. However, there are many options that you
should configure to maximize the switch’s performance for your particular
network environment.
KEY FEATURES
Table 1: Key Features
Feature Description
Configuration Backup
and Restore
Backup to management station or TFTP server
Authentication Console, Telnet, web – user name/password, RADIUS, TACACS+
Access Control Lists Supports up to 128 rules
DHCP Client Supported
DNS Proxy service
Port Configuration Speed, duplex mode, flow control, MTU, response to excessive
Rate Limiting Input rate limiting per port (using ACL)
Port Mirroring One or more ports mirrored to single analysis port
Port Trunking Supports up to 14 trunks using either static or dynamic trunking
Storm Control Throttling for broadcast, multicast, and unknown unicast storms
Address Table Up to 8K MAC addresses in the forwarding table, 1024 static MAC
IP Version 4 and 6 Supports IPv4 and IPv6 addressing, management, and QoS
IEEE 802.1D Bridge Supports dynamic data switching and addresses learning
Store-and-Forward
Switching
Spanning Tree Algorithm Supports Rapid Spanning Tree Protocol (RSTP), which includes
Web – HTTPS
Tel n e t – S S H
SNMP v1/2c - Community strings
SNMP version 3 – MD5 or SHA password
Port – IEEE 802.1X, MAC address filtering
DHCP Snooping (with Option 82 relay information)
IP Source Guard
collisions, power saving mode
(LACP)
addresses
Supported to ensure wire-speed switching while eliminating bad
frames
STP backward compatible mode
– 24 –
C
HAPTER
Description of Software Features
Table 1: Key Features (Continued)
Feature Description
Virtual LANs Up to 256 using IEEE 802.1Q, port-based, and private VLANs
1
| Introduction
Traffic Prioritization Queue mode and CoS configured by Ethernet type, VLAN ID, TCP/
Qualify of Service Supports Differentiated Services (DiffServ), and DSCP remarking
Multicast Filtering Supports IGMP snooping and query
DESCRIPTION OF SOFTWARE FEATURES
The switch provides a wide range of advanced performance enhancing
features. Flow control eliminates the loss of packets due to bottlenecks
caused by port saturation. Storm suppression prevents broadcast,
multicast, and unknown unicast traffic storms from engulfing the network.
Untagged (port-based) and tagged VLANs, plus support for automatic
GVRP VLAN registration provide traffic security and efficient use of network
bandwidth. CoS priority queueing ensures the minimum delay for moving
real-time multimedia data across the network. While multicast filtering
provides support for real-time network applications.
Some of the management features are briefly described below.
CONFIGURATION
BACKUP AND
RESTORE
You can save the current configuration settings to a file on the
management station (using the web interface) or a TFTP server (using the
console interface), and later download this file to restore the switch
configuration settings.
UDP port, DSCP, ToS bit, VLAN tag priority, or port
AUTHENTICATION This switch authenticates management access via the console port, Telnet,
or a web browser. User names and passwords can be configured locally or
can be verified via a remote authentication server (i.e., RADIUS or
TACACS+). Port-based authentication is also supported via the IEEE
802.1X protocol. This protocol uses Extensible Authentication Protocol over
LANs (EAPOL) to request user credentials from the 802.1X client, and then
uses the EAP between the switch and the authentication server to verify
the client’s right to access the network via an authentication server (i.e.,
RADIUS server).
Other authentication options include HTTPS for secure management access
via the web, SSH for secure management access over a Telnet-equivalent
connection, SNMP Version 3, IP address filtering for web/SNMP/Telnet/SSH
management access, and MAC address filtering for port access.
– 25 –
C
HAPTER
Description of Software Features
1
| Introduction
ACCESS CONTROL
LISTS
ACLs provide packet filtering for IP frames (based on protocol, TCP/UDP
port number or frame type) or layer 2 frames (based on any destination
MAC address for unicast, broadcast or multicast, or based on VLAN ID or
VLAN tag priority). ACLs can by used to improve performance by blocking
unnecessary network traffic or to implement security controls by restricting
access to specific network resources or protocols. Policies can be used to
differentiate service for client ports, server ports, network ports or guest
ports. They can also be used to strictly control network traffic by only
allowing incoming frames that match the source MAC and source IP on
specific port.
PORT CONFIGURATION You can manually configure the speed and duplex mode, and flow control
used on specific ports, or use auto-negotiation to detect the connection
settings used by the attached device. Use the full-duplex mode on ports
whenever possible to double the throughput of switch connections. Flow
control should also be enabled to control network traffic during periods of
congestion and prevent the loss of packets when port buffer thresholds are
exceeded. The switch supports flow control based on the IEEE 802.3x
standard (now incorporated in IEEE 802.3-2002).
RATE LIMITING This feature controls the maximum rate for traffic transmitted or received
on an interface. Rate limiting is configured on interfaces at the edge of a
network to limit traffic into or out of the network. Traffic that falls within
the rate limit is transmitted, while packets that exceed the acceptable
amount of traffic are dropped.
PORT MIRRORING The switch can unobtrusively mirror traffic from any port to a monitor port.
You can then attach a protocol analyzer or RMON probe to this port to
perform traffic analysis and verify connection integrity.
PORT TRUNKING Ports can be combined into an aggregate connection. Trunks can be
manually set up or dynamically configured using Link Aggregation Control
Protocol (LACP – IEEE 802.3-2005). The additional ports dramatically
increase the throughput across any connection, and provide redundancy by
taking over the load if a port in the trunk should fail. The switch supports
up to 14 trunks.
STORM CONTROL Broadcast, multicast and unknown unicast storm suppression prevents
traffic from overwhelming the network.When enabled on a port, the level of
broadcast traffic passing through the port is restricted. If broadcast traffic
rises above a pre-defined threshold, it will be throttled until the level falls
back beneath the threshold.
STATIC ADDRESSES A static address can be assigned to a specific interface on this switch.
Static addresses are bound to the assigned interface and will not be
– 26 –
C
HAPTER
Description of Software Features
moved. When a static address is seen on another interface, the address will
be ignored and will not be written to the address table. Static addresses
can be used to provide network security by restricting access for a known
host to a specific port.
1
| Introduction
IEEE 802.1D BRIDGE The switch supports IEEE 802.1D transparent bridging. The address table
facilitates data switching by learning addresses, and then filtering or
forwarding traffic based on this information. The address table supports up
to 8K addresses.
STORE-AND-FORWARD
SWITCHING
SPANNING TREE
ALGORITHM
The switch copies each frame into its memory before forwarding them to
another port. This ensures that all frames are a standard Ethernet size and
have been verified for accuracy with the cyclic redundancy check (CRC).
This prevents bad frames from entering the network and wasting
bandwidth.
To avoid dropping frames on congested ports, the switch provides 0.75 MB
for frame buffering. This buffer can queue packets awaiting transmission
on congested networks.
The switch supports these spanning tree protocols:
◆ Spanning Tree Protocol (STP, IEEE 802.1D) – Supported by using the
STP backward compatible mode provided by RSTP. STP provides loop
detection. When there are multiple physical paths between segments,
this protocol will choose a single path and disable all others to ensure
that only one route exists between any two stations on the network.
This prevents the creation of network loops. However, if the chosen
path should fail for any reason, an alternate path will be activated to
maintain the connection.
◆ Rapid Spanning Tree Protocol (RSTP, IEEE 802.1w) – This protocol
reduces the convergence time for network topology changes to about 3
to 5 seconds, compared to 30 seconds or more for the older IEEE
802.1D STP standard. It is intended as a complete replacement for STP,
but can still interoperate with switches running the older standard by
automatically reconfiguring ports to STP-compliant mode if they detect
STP protocol messages from attached devices.
– 27 –
C
HAPTER
Description of Software Features
1
| Introduction
VIRTUAL LANS The switch supports up to 256 VLANs. A Virtual LAN is a collection of
network nodes that share the same collision domain regardless of their
physical location or connection point in the network. The switch supports
tagged VLANs based on the IEEE 802.1Q standard. Members of VLAN
groups can be dynamically learned via GVRP, or ports can be manually
assigned to a specific set of VLANs. This allows the switch to restrict traffic
to the VLAN groups to which a user has been assigned. By segmenting
your network into VLANs, you can:
◆ Eliminate broadcast storms which severely degrade performance in a
flat network.
◆ Simplify network management for node changes/moves by remotely
configuring VLAN membership for any port, rather than having to
manually change the network connection.
◆ Provide data security by restricting all traffic to the originating VLAN.
◆ Use private VLANs to restrict traffic to pass only between data ports
and the uplink ports, thereby isolating adjacent ports within the same
VLAN, and allowing you to limit the total number of VLANs that need to
be configured.
TRAFFIC
PRIORITIZATION
◆ Use protocol VLANs to restrict traffic to specified interfaces based on
protocol type.
This switch prioritizes each packet based on the required level of service,
using four priority queues with strict or Weighted Round Robin Queuing. It
uses IEEE 802.1p and 802.1Q tags to prioritize incoming traffic based on
input from the end-station application. These functions can
be used to
provide independent priorities for delay-sensitive data and best-effort data.
This switch also supports several common methods of prioritizing layer 3/4
traffic to meet application requirements. Traffic can be prioritized based on
the priority bits in the IP frame’s Type of Service (ToS) octet or the number
of the TCP/UDP port. When these services are enabled, the priorities are
mapped to a Class of Service value by the switch, and the traffic then sent
to the corresponding output queue.
– 28 –
C
HAPTER
Description of Software Features
1
| Introduction
QUALITY OF SERVICE Differentiated Services (DiffServ) provides policy-based management
mechanisms used for prioritizing network resources to meet the
requirements of specific traffic types on a per-hop basis. Each packet is
classified upon entry into the network based on access lists, DSCP values,
or VLAN lists. Using access lists allows you select traffic based on Layer 2,
Layer 3, or Layer 4 information contained in each packet. Based on
network policies, different kinds of traffic can be marked for different kinds
of forwarding.
MULTICAST FILTERING Specific multicast traffic can be assigned to its own VLAN to ensure that it
does not interfere with normal network traffic and to guarantee real-time
delivery by setting the required priority level for the designated VLAN. The
switch uses IGMP Snooping and Query to manage multicast group
registration.
– 29 –
SYSTEM DEFAULTS
C
HAPTER
The following table lists some of the basic system defaults.
Table 2: System Defaults
Function Parameter Default
Console Port Connection Baud Rate 115200 bps
Data bits 8
Stop bits 1
Parity none
Local Console Timeout 0 (disabled)
Authentication User Name “admin”
Password “admin”
RADIUS Authentication Disabled
1
| Introduction
System Defaults
TACACS Authentication Disabled
802.1X Port Authentication Disabled
HTTPS Disabled
SSH Disabled
Port Security Disabled
IP Filtering Disabled
Web Management HTTP Server Enabled
HTTP Port Number 80
HTTP Secure Server Disabled
HTTP Secure Server Redirect Disabled
SNMP SNMP Agent Disabled
Community Strings “public” (read only)
Traps Global: disabled
SNMP V3 View: default_view
Port Configuration Admin Status Enabled
Auto-negotiation Enabled
Flow Control Disabled
“private” (read/write)
Authentication traps: enabled
Link-up-down events: enabled
Group: default_rw_group
Rate Limiting Input and output limits Disabled
Port Trunking Static Trunks None
Storm Protection Status Broadcast: disabled
LACP (all ports) Disabled
Multicast: disabled
Unknown unicast: disabled
– 30 –
Loading...