LevelOne GSW-2692 User Manual

LevelOne

GSW-2692

24-Port 10/100M + 2G Combo

L2 Stackable Switch

User Manual

Version 1.0-0608

Contents

Chapter 1: Introduction 1-1

Key Features 1-1
Description of Software Features 1-2
System Defaults 1-5

Chapter 2: Initial Configuration 2-1

Connecting to the Switch 2-1

Configuration Options 2-1
Required Connections 2-2
Remote Connections 2-3

Stack Operations 2-3

Selecting the Stack Master 2-3
Recovering from Stack Failure or Topology Change 2-4

Resilient IP Interface for Management Access 2-4

Basic Configuration 2-4

Console Connection 2-4
Setting Passwords 2-5
Setting an IP Address 2-5

Manual Configuration 2-5
Dynamic Configuration 2-6

Enabling SNMP Management Access 2-7

Community Strings 2-7
Trap Receivers 2-8

Saving Configuration Settings 2-8

Managing System Files 2-9

Chapter 3: Configuring the Switch 3-1

Using the Web Interface 3-1
Navigating the Web Browser Interface 3-2

Home Page 3-2

Configuration Options 3-3
Panel Display 3-3
Main Menu 3-4
Basic Configuration 3-8

Displaying System Information 3-8

Displaying Switch Hardware/Software Versions 3-9

Displaying Bridge Extension Capabilities 3-11

Setting the Switch’s IP Address 3-12

Manual Configuration 3-13
Using DHCP/BOOTP 3-14

i

Contents

Managing Firmware 3-15

Downloading System Software from a Server 3-16

Saving or Restoring Configuration Settings 3-18

Downloading Configuration Settings from a Server 3-19
Console Port Settings 3-20
Telnet Settings 3-22
Configuring Event Logging 3-24

System Log Configuration 3-24

Remote Log Configuration 3-26

Displaying Log Messages 3-27

Sending Simple Mail Transfer Protocol Alerts 3-28
Resetting the System 3-30
Setting the System Clock 3-31

Configuring SNTP 3-31

Setting the Time Zone 3-32

Simple Network Management Protocol 3-33

Setting Community Access Strings 3-33
Specifying Trap Managers and Trap Types 3-34

User Authentication 3-35

Configuring User Accounts 3-35
Configuring Local/Remote Logon Authentication 3-37
Configuring HTTPS 3-40

Replacing the Default Secure-site Certificate 3-41
Configuring the Secure Shell 3-42

Generating the Host Key Pair 3-44

Configuring the SSH Server 3-46
Configuring Port Security 3-47
Configuring 802.1X Port Authentication 3-49

Displaying 802.1X Global Settings 3-50

Configuring 802.1X Global Settings 3-51

Configuring Port Settings for 802.1X 3-51

Displaying 802.1X Statistics 3-54
Filtering IP Addresses for Management Access 3-55

Access Control Lists 3-57

Configuring Access Control Lists 3-57

Setting the ACL Name and Type 3-58

Configuring a Standard IP ACL 3-59

Configuring an Extended IP ACL 3-60

Configuring a MAC ACL 3-62
Binding a Port to an Access Control List 3-63

Port Configuration 3-64

Displaying Connection Status 3-64
Configuring Interface Connections 3-66
Creating Trunk Groups 3-68

Statically Configuring a Tru nk 3-69

ii

Contents

Enabling LACP on Selected Ports 3-70
Configuring LACP Parameters 3-73
Displaying LACP Port Counters 3-75
Displaying LACP Settings and Status for the Local Side 3-77

Displaying LACP Settings and Status for the Remote Side 3-79
Setting Broadcast Storm Thresholds 3-81
Configuring Port Mirroring 3-82
Configuring Rate Limits 3-83

Rate Limit Granularity 3-84

Rate Limit Configuration 3-84
Showing Port Statistics 3-85

Address Table Settings 3-90

Setting Static Addresses 3-90
Displaying the Address Table 3-91
Changing the Aging Time 3-93

Spanning Tree Algorithm Configuration 3-93

Displaying Global Settings 3-94
Configuring Global Settings 3-97
Displaying Interface Settings 3-100
Configuring Interface Settings 3-103

VLAN Configuration 3-105

IEEE 802.1Q VLANs 3-105

Enabling or Disabling GVRP (Global Setting) 3-108

Displaying Basic VLAN Information 3-108

Displaying Current VLANs 3-109

Creating VLANs 3-111

Adding Static Members to VLANs (VLAN Index) 3-112

Adding Static Members to VLANs (Port Index) 3-114

Configuring VLAN Behavior for Interfaces 3-115
Private VLANs 3-117

Displaying Current Private VLANs 3-118

Configuring Private VLANs 3-119

Associating VLANs 3-119

Displaying Private VLAN Interface Information 3-120

Configuring Private VLAN Interfaces 3-121

Class of Service Configuration 3-123

Layer 2 Queue Settings 3-123

Setting the Default Priority for Interfaces 3-123

Mapping CoS Values to Egress Queues 3-125

Selecting the Queue Mode 3-127

Setting the Service Weight for Traffic Classes 3-127
Layer 3/4 Priority Settings 3-128

Mapping Layer 3/4 Priorities to CoS Values 3-128

Selecting IP Precedence/DSCP Priority 3-129

Mapping IP Precedence 3-129

iii

Contents

Mapping DSCP Priority 3-131
Mapping IP Port Priority 3-132
Mapping CoS Values to ACLs 3-133

Multicast Filtering 3-135

Layer 2 IGMP (Snooping and Query) 3-135

Configuring IGMP Snooping and Query Parameters 3-136
Displaying Interfaces Attached to a Multicast Router 3-137
Specifying Static Interfaces for a Multicast Router 3-138
Displaying Port Members of Multicast Services 3-140
Assigning Ports to Multicast Services 3-141

Chapter 4: Command Line Interface 4-1

Using the Command Line Interface 4-1

Accessing the CLI 4-1
Console Connection 4-1
Telnet Connection 4-1

Entering Commands 4-3

Keywords and Arguments 4-3
Minimum Abbreviation 4-3
Command Completion 4-3
Getting Help on Commands 4-3
Showing Commands 4-4
Partial Keyword Lookup 4-5
Negating the Effect of Commands 4-5
Using Command History 4-5
Understanding Command Modes 4-5
Exec Commands 4-6
Configuration Commands 4-6

Command Line Processing 4-8
Command Groups 4-9
Line Commands 4-10

line 4-10

login 4-11

password 4-12

timeout login response 4-13

exec-timeout 4-13

password-thresh 4-14

silent-time 4-15

databits 4-15

parity 4-16

speed 4-17

stopbits 4-17

disconnect 4-18

show line 4-18

iv

Contents

General Commands 4-19

enable 4-19
disable 4-20
configure 4-21
show history 4-21
reload 4-22
end 4-22
exit 4-23
quit 4-23

System Management Commands 4-24

Device Designation Commands 4-24

prompt 4-24
hostname 4-25

User Access Commands 4-25

username 4-26
enable password 4-27

IP Filter Commands 4-28

management 4-28
show management 4-29

Web Server Commands 4-30

ip http port 4-30
ip http server 4-30
ip http secure-server 4-31
ip http secure-port 4-32

Telnet Server Commands 4-33

ip telnet port 4-33
ip telnet server 4-33

Secure Shell Commands 4-34

ip ssh server 4-36
ip ssh timeout 4-37
ip ssh authentication-retries 4-37
ip ssh server-key size 4-38
delete public-key 4-38
ip ssh crypto host-key generate 4-39
ip ssh crypto zeroize 4-39
ip ssh save host-key 4-40
show ip ssh 4-40
show ssh 4-41
show public-key 4-42

Event Logging Commands 4-43

logging on 4-43
logging history 4-44
logging host 4-45
logging facility 4-45
logging trap 4-46

v

Contents

clear logging 4-46
show logging 4-47
show log 4-48

SMTP Alert Commands 4-49

logging sendmail host 4-49
logging sendmail level 4-50
logging sendmail source-email 4-51
logging sendmail destination-email 4-51
logging sendmail 4-52
show logging sendmail 4-52

Time Commands 4-53

sntp client 4-53
sntp server 4-54
sntp poll 4-55
show sntp 4-55
clock timezone 4-56
calendar set 4-56
show calendar 4-57

System Status Commands 4-57

light unit 4-57
show startup-config 4-58
show running-config 4-60
show system 4-62
show users 4-62
show version 4-63

Frame Size Commands 4-64

jumbo frame 4-64

Flash/File Commands 4-65

copy 4-65

delete 4-68

dir 4-68

whichboot 4-69

boot system 4-70
Authentication Commands 4-71

Authentication Sequence 4-71

authentication login 4-71
authentication enable 4-72

RADIUS Client 4-73

radius-server host 4-73
radius-server port 4-74
radius-server key 4-74
radius-server retransmit 4-75
radius-server timeout 4-75
show radius-server 4-76

vi

Contents

TACACS+ Client 4-76

tacacs-server host 4-77
tacacs-server port 4-77
tacacs-server key 4-78
show tacacs-server 4-78

Port Security Commands 4-79

port security 4-79

802.1X Port Authentication 4-81
dot1x system-auth-control 4-81
dot1x default 4-82
dot1x max-req 4-82
dot1x port-control 4-82
dot1x operation-mode 4-83
dot1x re-authenticate 4-84
dot1x re-authentication 4-84
dot1x timeout quiet-period 4-84
dot1x timeout re-authperiod 4-85
dot1x timeout tx-period 4-85
show dot1x 4-86

Access Control List Commands 4-89

IP ACLs 4-90

access-list ip 4-90
permit, deny (Standard ACL) 4-91
permit, deny (Extended ACL) 4-92
show ip access-list 4-94
ip access-group 4-94
show ip access-group 4-95
map access-list ip 4-95
show map access-list ip 4-96

MAC ACLs 4-97

access-list mac 4-97
permit, deny (MAC ACL) 4-98
show mac access-list 4-99
mac access-group 4-99
show mac access-group 4-100
map access-list mac 4-100
show map access-list mac 4-101

ACL Information 4-102

show access-list 4-102
show access-group 4-102

SNMP Commands 4-103

snmp-server community 4-103
snmp-server contact 4-104
snmp-server location 4-104
snmp-server host 4-105

vii

Contents

snmp-server enable traps 4-106
show snmp 4-107

Interface Commands 4-108

interface 4-108
description 4-109
speed-duplex 4-109
negotiation 4-110
capabilities 4-111
flowcontrol 4-112
shutdown 4-113
switchport broadcast packet-rate 4-114
clear counters 4-114
show interfaces status 4-115
show interfaces counters 4-116
show interfaces switchport 4-117

Mirror Port Commands 4-119

port monitor 4-119
show port monitor 4-120

Rate Limit Commands 4-121

rate-limit 4-121
rate-limit granularity 4-122
show rate-limit 4-122

Link Aggregation Commands 4-123

channel-group 4-124
lacp 4-125
lacp system-priority 4-126
lacp admin-key (Ethernet Interface) 4-127
lacp admin-key (Port Channel) 4-128
lacp port-priority 4-129
show lacp 4-129

Address Table Commands 4-133

mac-address-table static 4-134
clear mac-address-table dynamic 4-135
show mac-address-table 4-135
mac-address-table aging-time 4-136
show mac-address-table aging-time 4-136

Spanning Tree Commands 4-137

spanning-tree 4-137
spanning-tree mode 4-138
spanning-tree forward-time 4-139
spanning-tree hello-time 4-139
spanning-tree max-age 4-140
spanning-tree priority 4-141
spanning-tree pathcost method 4-141
spanning-tree transmission-limit 4-142

viii

Contents

spanning-tree cost 4-142
spanning-tree port-priority 4-143
spanning-tree edge-port 4-144
spanning-tree portfast 4-145
spanning-tree link-type 4-145
spanning-tree protocol-migration 4-146
show spanning-tree 4-147

VLAN Commands 4-149

Editing VLAN Groups 4-149

vlan database 4-149
vlan 4-150

Configuring VLAN Interfaces 4-151

interface vlan 4-151
switchport mode 4-152
switchport acceptable-frame-types 4-152
switchport ingress-filtering 4-153
switchport native vlan 4-154
switchport allowed vlan 4-155
switchport forbidden vlan 4-156

Displaying VLAN Information 4-156

show vlan 4-157

Configuring Private VLANs 4-158

private-vlan 4-159
private vlan association 4-160
switchport mode private-vlan 4-161
switchport private-vlan host-association 4-161
switchport private-vlan isolated 4-162
switchport private-vlan mapping 4-163
show vlan private-vlan 4-163

GVRP and Bridge Extension Commands 4-164

bridge-ext gvrp 4-164
show bridge-ext 4-165
switchport gvrp 4-165
show gvrp configuration 4-166
garp timer 4-166
show garp timer 4-167

Priority Commands 4-168

Priority Commands (Layer 2) 4-168

queue mode 4-169
switchport priority default 4-169
queue bandwidth 4-170
queue cos-map 4-171
show queue mode 4-172
show queue bandwidth 4-172
show queue cos-map 4-173

ix

Contents

Priority Commands (Layer 3 and 4) 4-174

map ip port (Global Configuration) 4-174
map ip port (Interface Configuration) 4-175
map ip precedence (Global Configuration) 4-175
map ip precedence (Interface Configuration) 4-176
map ip dscp (Global Configuration) 4-177
map ip dscp (Interface Configuration) 4-177
show map ip port 4-178
show map ip precedence 4-179
show map ip dscp 4-1 80

Multicast Filtering Commands 4-181

IGMP Snooping Commands 4-181

ip igmp snooping 4-182
ip igmp snooping vlan static 4-182
ip igmp snooping version 4-183
show ip igmp snooping 4-183
show mac-address-table multicast 4-184

IGMP Query Commands (Layer 2) 4-185

ip igmp snooping querier 4-185
ip igmp snooping query-count 4-185
ip igmp snooping query-interval 4-186
ip igmp snooping query-max-response-time 4-187
ip igmp snooping router-port-expire-time 4-187

Static Multicast Routing Commands 4-188

ip igmp snooping vlan mrouter 4-188
show ip igmp snooping mrouter 4-189

IP Interface Commands 4-190

ip address 4-190
ip default-gateway 4-191
ip dhcp restart 4-192
show ip interface 4-1 92
show ip redirects 4-193
ping 4-193

x

Contents

Appendix A: Software Specifications A-1

Software Features A-1
Management Features A-2
Standards A-2
Management Information Bases A-3

Appendix B: Troubleshooting B-1

Problems Accessing the Management Interface B-1
Using System Logs B-2

Glossary

Index

xi

Contents

xii

Tables

Table 1-1 Key Features 1-1
Table 1-2 System Defaults 1-5
Table 3-1 Configuration Options 3-3
Table 3-2 Main Menu 3-4
Table 3-3 Logging Levels 3-25
Table 3-4 HTTPS System Support 3-40
Table 3-5 802.1X Statistics 3-54
Table 3-6 LACP Port Counters 3-75
Table 3-7 LACP Internal Configuration Information 3-77
Table 3-8 LACP Neighbor Configuration Information 3-79
Table 3-9 Port Statistics 3-86
Table 3-10 Mapping CoS Values to Egress Queues 3-125
Table 3-11 CoS Priority Levels 3-125
Table 3-12 Mapping IP Precedence 3-129
Table 3-13 Mapping DSCP Priority Values 3-131
Table 3-14 Egress Queue Priority Mapping 3-133
Table 4-1 Command Modes 4-5
Table 4-2 Configuration Modes 4-7
Table 4-3 Command Line Processing 4-8
Table 4-4 Command Groups 4-9
Table 4-5 Line Commands 4-10
Table 4-6 General Commands 4-19
Table 4-7 System Management Commands 4-24
Table 4-8 Device Designation Commands 4-24
Table 4-9 User Access Commands 4-25
Table 4-10 Default Login Settings 4-26
Table 4-11 IP Filter Commands 4-28
Table 4-12 Web Server Commands 4-30
Table 4-13 HTTPS System Support 4-31
Table 4-14 Telnet Server Commands 4-33
Table 4-15 SSH Commands 4-34
Table 4-16 show ssh - display description 4-41
Table 4-17 Event Logging Commands 4-43
Table 4-18 Logging Levels 4-44
Table 4-19 show logging flash/ram - display description 4-47
Table 4-20 show logging trap - display description 4-48
Table 4-21 SMTP Alert Commands 4-49
Table 4-22 Time Commands 4-53
Table 4-23 System Status Commands 4-57
Table 4-24 Frame Size Commands 4-64
Table 4-25 Flash/File Commands 4-65
Table 4-26 File Directory Information 4-6 9

xiii

Tables

Table 4-27 Authentication Commands 4-71
Table 4-28 Authentication Sequence 4-71
Table 4-29 RADIUS Client Commands 4-73
Table 4-30 TACACS Commands 4-76
Table 4-31 Port Security Commands 4-79
Table 4-32 802.1X Port Authentication 4-81
Table 4-34 IP ACLs 4-90
Table 4-33 Access Control Lists 4-90
Table 4-35 Egress Queue Priority Mapping 4-96
Table 4-36 MAC ACLs 4-97
Table 4-37 Egress Queue Priority Mapping 4-101
Table 4-38 ACL Information 4-102
Table 4-39 SNMP Commands 4-103
Table 4-40 Interface Commands 4-108
Table 4-41 Interfaces Switchport Statistics 4-118
Table 4-42 Mirror Port Commands 4-119
Table 4-43 Rate Limit Commands 4-121
Table 4-44 Link Aggregation Commands 4-123
Table 4-45 show lacp counters - display description 4-130
Table 4-46 show lacp internal - display description 4-131
Table 4-47 show lacp neighbors - display description 4-132
Table 4-49 Address Table Commands 4-133
Table 4-48 show lacp sysid - display description 4-133
Table 4-50 Spanning Tree Commands 4- 137
Table 4-51 VLANs 4-149
Table 4-52 Editing VLAN Groups 4-149
Table 4-53 Configuring VLAN Interfaces 4-151
Table 4-54 Show VLAN Commands 4-156
Table 4-55 Private VLAN Commands 4-158
Table 4-56 GVRP and Bridge Extension Commands 4-164
Table 4-57 Priority Commands 4-168
Table 4-58 Priority Commands (Layer 2) 4-168
Table 4-59 Default CoS Priority Levels 4-171
Table 4-60 Priority Commands (Layer 3 and 4) 4-174
Table 4-61 Mapping IP Precedence Values 4-176
Table 4-62 IP DSCP to CoS Vales 4-178
Table 4-63 Multicast Filtering Commands 4-181
Table 4-64 IGMP Snooping Commands 4-181
Table 4-65 IGMP Query Commands (Layer 2) 4-185
Table 4-66 Static Multicast Routing Commands 4-188
Table 4-67 IP Interface Commands 4-190
Table B-1 Troubleshooting Chart B-1

xiv

Figures

Figure 3-1 Home Page 3-2
Figure 3-2 Panel Display 3-3
Figure 3-3 System Information 3-8
Figure 3-4 Switch Information 3-10
Figure 3-5 Bridge Extension Configuration 3-11
Figure 3-6 Manual IP Configuration 3-13
Figure 3-7 DHCP IP Configuration 3-14
Figure 3-8 Copy Firmware 3-16
Figure 3-9 Setting the Startup Code 3-16
Figure 3-10 Deleting Files 3-17
Figure 3-11 Downloading Configuration Settings for Startup 3-19
Figure 3-12 Setting the Startup Configuration Settings 3-19
Figure 3-13 Console Port Settings 3-21
Figure 3-14 Enabling Telnet 3-23
Figure 3-15 System Logs 3-25
Figure 3-16 Remote Logs 3-26
Figure 3-17 Displaying Logs 3-27
Figure 3-18 Enabling and Configuring SMTP Alerts 3-29
Figure 3-19 Resetting the System 3-30
Figure 3-20 SNTP Configuration 3-31
Figure 3-21 Setting the System Clock 3-32
Figure 3-22 Configuring SNMP 3-34
Figure 3-23 Configuring IP Trap Managers 3-35
Figure 3-24 Access Levels 3-36
Figure 3-25 Authentication Settings 3-39
Figure 3-26 HTTPS Settings 3-41
Figure 3-27 SSH Host-Key Settings 3-45
Figure 3-28 SSH Server Settings 3-46
Figure 3-29 Configuring Port Security 3-48
Figure 3-30 802.1X Global Information 3-50
Figure 3-31 802.1X Global Configuration 3-51
Figure 3-32 802.1X Port Configuration 3-52
Figure 3-33 802.1X Port Statistics 3-55
Figure 3-34 IP Filter 3-56
Figure 3-35 Selecting ACL Type 3-58
Figure 3-36 ACL Configuration - Standard IP 3-59
Figure 3-37 ACL Configuration - Extended IP 3-61
Figure 3-38 ACL Configuration - MAC 3-62
Figure 3-39 Binding a Port to an ACL 3-63
Figure 3-40 Displaying Port/Trunk Information 3-65
Figure 3-41 Port/Trunk Configuration 3-67
Figure 3-42 Configuring Port Trunks 3-69

xv

Figures

Figure 3-43 LACP Configuration 3-71
Figure 3-44 LACP Port Configuration 3-74
Figure 3-45 LACP - Port Counters Information 3-76
Figure 3-46 LACP - Port Internal Information 3-78
Figure 3-47 LACP - Port Neighbors Information 3-79
Figure 3-48 Port Broadcast Control 3-81
Figure 3-49 Mirror Port Configuration 3-83
Figure 3-50 Rate Limit Granularity Configuration 3-84
Figure 3-51 Output Rate Limit Port Configuration 3-85
Figure 3-52 Port Statistics 3-89
Figure 3-53 Configuring a Static Address Table 3-91
Figure 3-54 Configuring a Dynamic Address Table 3-92
Figure 3-55 Setting the Address Aging Time 3-93
Figure 3-56 Displaying Spanning Tree Information 3-96
Figure 3-57 Configuring Spanning Tree 3-99
Figure 3-58 Displaying Spanning Tree Information 3-102
Figure 3-59 Configuring Spanning Tree per Port 3-104
Figure 3-60 Enabling GVRP 3-108
Figure 3-61 Displaying Basic VLAN Information 3-108
Figure 3-62 Displaying Current VLANs 3-110
Figure 3-63 Configuring a VLAN Static List 3-111
Figure 3-64 Configuring a VLAN Static Table 3-113
Figure 3-65 VLAN Static Membership by Port 3-114
Figure 3-66 Configuring VLANs per Port 3-116
Figure 3-67 Private VLAN Information 3-118
Figure 3-68 Private VLAN Configuration 3-119
Figure 3-69 Private VLAN Association 3-120
Figure 3-70 Private VLAN Port Information 3-121
Figure 3-71 Private VLAN Port Configuration 3-122
Figure 3-72 Port Priority Configuration 3-124
Figure 3-73 Traffic Classes 3-126
Figure 3-74 Queue Mode 3-127
Figure 3-75 Configuring Queue Scheduling 3-128
Figure 3-76 IP Precedence/DSCP Priority Status 3-129
Figure 3-77 IP Precedence Priority 3-130
Figure 3-78 IP DSCP Priority 3-131
Figure 3-79 IP Port Priority Status 3-132
Figure 3-80 IP Port Priority 3-133
Figure 3-81 ACL CoS Priority 3-134
Figure 3-82 IGMP Configuration 3-137
Figure 3-83 Multicast Router Port Information 3-138
Figure 3-84 Static Multicast Router Port Configuration 3-139
Figure 3-85 IP Multicast Registration Table 3 - 140
Figure 3-86 IGMP Member Port Table 3-141

xvi

Chapter 1: Introduction

This switch provides a broad range of features for Layer 2 switching. It includes a
management agent that allows you to configure the features listed in this manual.
The default configuration can be used for most of the features provided by t his
switch. However, there are many options that you should configure to maximize the
switch’s performance for your particular network environment.

Key Features

Table1-1 Key Features

Feature Description

Configuration Backup
and Restore

Authentication Console, Telnet, web – User name / password, RADIUS, TACACS+

Access Control Lists Supports up to 88 IP or MAC ACLs
DHCP Client Supported
Port Configuration Speed, duplex mode and flow control
Rate Limiting Input and output rate limiting per port
Port Mirroring One port mirrored to a single analysis port
Port Trunking Supports up to 4 trunks using either static or dynamic trunking (LACP)
Broadcast Storm

Control
Static Address Up to 8K MAC addresses in the forwarding table
IEEE 802.1D Bridge Supports dynamic data switching and addresses learning
Store-and-Forward

Switching
Spanning Tree

Algorithm
Virtual LANs Up to 255 using IEEE 802.1Q, port-based, or private VLANs
Traffic Prioritization Default port priority, traffic class map, queue scheduling, IP Precedence or

Multicast Filtering Supports IGMP snooping and query

Backup to TFTP server

Web – SSL/HTTPS; Telnet – SSH
SNMP v1/2c – Community strin g s
Port – IEEE 802.1X, MAC address filtering

Supported

Supported to ensure wire-speed switching while eliminating bad frames

Supports standard STP and Rapid Spanning Tree Protocol (RSTP)

Differentiated Services Code Point (DSCP), and TCP/UDP Port

1-1

Introduction

1

Description of Software Features

The switch provides a wide range of advanced performance enhancing features.
Flow control eliminates the loss of packets due to bottlenecks caused by port
saturation. Broadcast storm suppression prevents broadcast traffic storms from
engulfing the network. Port-based and private VLANs, plus support for automatic
GVRP VLAN registration provide traffic security and efficient use of network
bandwidth. CoS priority queueing ensures the minimum delay for moving real-time
multimedia data across the network. While multicast filteri ng provides support for
real-time network applications. Some of the management features are briefly
described below .

Configuration Backup and Restore – You can save the current configuration
settings to a file on a TFTP server, and later download this file to restore the switch
configuration settings.

Authentication – This switch authenticates management access via the console
port, T eln et or web browser . User names and p asswords can be configured locally or
can be verified via a remote authentication server (i.e., RADIUS or TACACS+).
Port-based authentication is also supported via the IEEE 802.1X protocol. This
protocol uses the Extensible Authentication Protocol over L ANs (EAPOL) to request
user credentials from the 802.1X client, and then verifies the client’s right to access
the network via an authentication server.

Other authentication options include HTTPS for secure management ac cess via t he
web, SSH for secure management access over a Telnet-equivalent connection, IP
address filtering for SNMP/web/Telnet management access, and MAC address
filtering for port access.

Access Control Lists – ACLs provide packet filtering for IP frames (based on
address, protocol, TCP/UDP port number or TCP control code) or any frames
(based on MAC address or Ethernet type). ACLs can be used to improve
performance by blocking unnecessary network traffic or to implement security
controls by restricting access to specific network resources or protocols.

Port Configuration – You can manually configure the speed, duplex mode, and
flow control used on specific ports, or use auto-negotiation to detect the connection
settings used by the attached device. Use the full-duplex mode on ports whenever
possible to double the throughput of switch connecti ons. Flow control should also be
enabled to control network traffic during periods of congestion and prevent the loss
of packets when port buff er thresholds are exceeded. The switch supports flow
control based on the IEEE 802.3x standard.

Rate Limiting – This feature controls the maximum rate for traffic transmitted or
received on an interface. Rate limiting is configured on interfaces at the edge of a
network to limit traffic into o r out of the network. T r affic th at falls within t he rate limit is
transmitted, while packets that exceed the acceptable amount of traffic are dropped.

1-2

Description of Software Features

Port Mirroring – The switch can unobtrusively mirror traffic from any port to a
monitor port. You can then attach a protocol analyzer or RMON probe to this port to
perform traffic analysis and verify connection integrity.

Port Trunking – Ports can be combined into an aggregate connection. Trunks can
be manually set up or dynamically configured using I EEE 802. 3ad Lin k Ag gregatio n
Control Protocol (LACP). The additional ports dramatically increase the throughput
across any connection, and provide redundancy by taking over the load if a port in
the trunk should fail. The switch supports up to four trunks.

Broadcast Storm Control – Broadcast s uppress ion preve nts broadcast traffic from
overwhelming the network. When enabled on a port, the level of broadcast traffic
passing through the port is restricted. If broadcast traffic rises above a pre-defined
threshold, it will be throttled until the level falls back beneath the threshold.

Static Addresses – A static address can be assigned to a specific interface on this
switch. Static addresses are bound to the assigned interface and will not be moved.
When a static address is seen on another interface, the address will be igno red and
will not be written to the address table. Static addresses can be used to provide
network security by restricting access for a known host to a specific port.

IEEE 802.1D Bridge – The switch supports IEEE 802.1D transparent bridging. The
address table facilitates data switching by learning addresses, and then filtering or
forwarding traffic based on this information. The address table supports up to 8K
addresses.

Store-and-Forward Switching – The switch copies each frame into its memory
before forwarding them to another port. This ensures that all frames are a standard
Ethernet size and have been verified for accuracy with the cyclic redun dancy check
(CRC). This prevents bad frames from entering the network and wasting bandwidth.

To avoid dropping frames on congested ports, the switch provides 8 MB for frame
buffering. This buffer can queue packets awaiting transmission on congested
networks.

Spanning Tree Algorithm – The switch supports these spanning tree protocols:
Spanning Tree Protocol (STP, IEEE 802.1D) – This protocol provides loop detection

and recovery by allowing two or more redundant connect ions to be crea ted between
a pair of LAN segments. When there are multip le physical p ath s between se gments,
this protocol will choose a single path and disable all others to ensure that only one
route exists between any two stations on the network. This prevents the creation of
network loops. However, if the chosen path should fail for any reason, an alternate
path will be activated to maintain the connection.

Rapid Spanning Tree Protocol (RSTP, IEEE 802.1w) – This protocol reduces the
convergence time for network topology changes to 3 to 5 seconds, compared to 30
seconds or more for the older IEEE 802.1D STP standard. It is intended as a
complete replacement for STP, but can still interoperate with switches running the
older standard by automatically reconfiguring ports to STP-compliant mode if they
detect STP protocol messages from attached devices.

1

1-3

Introduction

1

Virtual LANs – The switch supports up to 255 VLANs. A Virtual LAN is a collection
of network nodes that share the same collision domain regardless of their physical
location or connection point in the network. The switch supports tagged VLANs
based on the IEEE 802.1Q standard. Members of VLAN groups can be dynamically
learned via GVRP, or ports can be manually assigned to a specific set of VLANs.
This allows the switch to restrict traffic to the VLAN groups to which a user has been
assigned. By segmenting your network into VLANs, you can:

• Eliminate broadcast storms which severely degrade performance in a flat network.

• Simplify network management for node changes/moves by remotely configurin g
VLAN membership for any port, rather than having to manually change the network
connection.

• Provide data security by restricting all traffic to the originating VLAN.

• Use private VLANs to restrict traffic to pass only between data ports and the uplink
ports, thereby isolating adjacent ports within the s ame VLAN, and al lowing you t o
limit the total number of VLANs that need to be configured.

Traffic Prioritization – This switch prioritizes each packet based on the requi red
level of service, using four priority queues with strict or Weighted Round Robin
Queuing. It uses IEEE 802.1p and 802.1Q tags to prioritize inc oming traffic based on
input from the end-station application. These functions can
independent priorities for delay-sensitive data and best-effort data.

This switch also supports several common methods of prioritizing layer 3/4 traffic to
meet application requirements. Traffic can be prioritized based on the priority bits in
the IP frame’s Type of Service (ToS) octet or the number of the TCP/UDP port.
When these services are enabled, the priorities are mapped to a Class of Service
value by the switch, and the traffic then sent to the corresponding output queue.

Multicast Filtering – Specific mul ticast traffic can be assigned to its own VLAN to
ensure that it does not interfere with normal network traffic and to guarantee
real-time delivery by setting the required priority level for the designated VLAN. The
switch uses IGMP Snooping and Query to manage multicast group registration.

be used to provide

1-4

System Defaults

1

System Defaults

The switch’s system defaults are provided in the configuration file
“Factory_Default_Config.cfg.” To reset the switch defaults, this file should be set as
the startup configuration file (page 3-20).

The following table lists some of the basic system defaults.

Table1-2 System Defaults

Function Parameter Default

Console Port
Connection

Authentication Privileged Exec Level Username “admin”

Web Management HTTP Server Enabled

SNMP Community Strings “public” (read only)

Baud Rate 9600
Data bits 8
Stop bits 1
Parity none
Local Console Timeout 0 (disabled)

Password “admin”

Normal Exec Level Username “guest”

Enable Privileged Exec from Normal
Exec Level

RADIUS Authentication Disabled
TACACS Authentication Disabled

802.1X Port Authentication Disabled
HTTPS Enabled
SSH Disabled
Port Security Disabled
IP Filtering Disabled

HTTP Port Number 80
HTTP Secure Server Enabled
HTTP Secure Port Number 443

Traps Authentication traps: enabled

Password “guest”
Password “super”

“private” (read/write)

Link-up-down events: enabled

1-5

Introduction

1

Table1-2 System Defaults (Continued)

Function Parameter Default

Port Configuration Admin Status Enabled

Auto-negotiation Enabled

Flow Control Disabled
Rate Limiting Input and output limits Disabled
Port Trunking Static Trunks None

LACP (all ports) Disabled
Broadcast Storm

Protection

Spanning Tree
Algorithm

Address Table Aging Time 300 seconds
Virtual LANs Default VLAN 1

Traffic Prioritization Ingress Port Priority 0

IP Settings IP Address 0.0.0.0

Multicast Filtering IGMP Snooping Snooping: Enabled

Status Disabled (all ports)

Broadcast Limit Rate 32,000 octets per second

Status Enabled

(Defaults: All values based on IEEE 802.1w)

Fast Forwarding (Edge Port) Disabled

PVID 1

Acceptable Frame Type All

Ingress Filtering Disabled

Switchport Mode (Egress Mode) Hybrid: tagged/untagged frames

GVRP (global) Disabled

GVRP (port interface) Disabled

Weighted Round Robin Queue: 0 1 2 3

Weight: 1 2 4 6
IP Precedence Priority Disabled
IP DSCP Priority Disabled
IP Port Priority Disabled

Subnet Mask 255.0.0.0
Default Gateway 0.0.0.0
DHCP Client: Enabled
BOOTP Disabled

Querier: Enabled

1-6

System Defaults

Table1-2 System Defaults (Continued)

Function Parameter Default

System Log Status Enabled

Messages Logged Levels 0-7 (all)

Messages Logged to Flash Levels 0-3
SMTP Email Alerts Event Handler Enabled (but no server defined)
SNTP Clock Synchronization Disabled

1

1-7

1

Introduction

1-8

Chapter 2: Initial Configuration

Connecting to the Switch

Configuration Options

The switch includes a built-in network management agent. The agent off ers a variety
of management options, including SNMP, RMON and a web-based interface. A PC
may also be connected directly to the switch for configuration and monitoring via a
command line interface (CLI).

Note: The IP address for this switch is obtained via DHCP by default. To change this

address, see “Setting an IP Address” on page 2-5.

The switch’s HTTP Web agent allows you to configure switch parameters, monitor
port connections, and display statistics using a standard Web browser such as
Netscape Navigator version 6.2 and higher or Microsoft IE version 5.0 and higher.
The switch’s Web management interf ace can be accessed from any computer
attached to the network.

The CLI program can be accessed by a direct connection to the RS-232 serial
console port on the switch, or remotely by a Telnet connection over the network.

The switch’s management agent also supports SNMP (Simple Network
Management Protocol). This SNMP agent permits the switch to be managed from
any system in the network using network management software such as
HP OpenView.

The switch’s Web interface, CLI configu ration program, and SNMP agent allow you
to perform the following management functions:

• Set user names and passwords for up to 16 users

• Set an IP interface for any VLAN

• Configure SNMP parameters

• Enable/disable any port

• Set the speed/duplex mode for any port

• Configure the bandwidth of any port by limiting input or output rates

• Control port access through IEEE 802.1X security or static address filtering

• Filter packets using Access Control Lists (ACLs)

• Configure up to 255 IEEE 802.1Q VLANs

• Enable GVRP automatic VLAN registration

• Configure IP routing for unicast traffic.

• Configure IGMP multicast filtering

• Upload and download system firmware via TFTP

• Upload and download switch configuration files via TFTP

• Configure Spanning Tree parameters

2-1

Initial Configuration

2

• Configure Class of Service (CoS) priority queuing

• Configure up to 4 static or LACP trunks

• Enable port mirroring

• Set broadcast storm control on any port

• Display system information and statistics

• Configure any stack unit through the same IP address

Required Connections

The switch provides an RS-232 serial port that enables a connection to a PC or
terminal for monitoring and configuring the switch. A null-modem console cable is
provided with the switch.

Note: When configuring a stack, connect to the console port on the Master unit.

Attach a VT100-compatible terminal, or a PC running a terminal emulation program
to the switch. You can use the console cable provided with this package, or use a
null-modem cable that complies with the wiring assignments shown in the
Installation Guide.

To connect a terminal to the console port, complete the following steps:

1. Connect the console cable to the serial port on a terminal, or a PC running
terminal emulation software, and tighten the captive retaining screws on the
DB-9 connector.

2. Connect the other end of the cable to the RS-232 serial port on the switch.

3. Make sure the terminal emulation software is set as follows:

• Select the appropriate serial port (COM port 1 or COM port 2).

• Set the baud rate to 9600 bps.

• Set the data format to 8 data bits, 1 stop bit, and no parity.

• Set flow control to none.

• Set the emulation mode to VT100.

• When using HyperTerminal, select Terminal keys, not Windows keys.

Notes: 1. When using HyperTerminal with Microsoft® Windows® 2000, make sure that

you have Windows 2000 Service Pack 2 or later installed. Windows 2000
Service Pack 2 fixes the problem of arrow keys not functioning in
HyperTerminal’s VT100 emulation. See www.microsoft.com for information
on Windows 2000 service packs.

2. Refer to “Line Commands” on page 4-10 for a complete description of
console configuration options.

3. Once you have set up the terminal correctly, the console login screen will be
displayed.

For a description of how to use the CLI, see “Using the Command Line Interface” on
page 4-1. For a list of all the CLI commands and detailed information on using the
CLI, refer to “Command Groups” on page 4-9.

2-2

Stack Operations

2

Remote Connections

Prior to accessing the switch’s onboard agent via a network connection, you must
first configure it with a valid IP address, subnet mask, and default gateway using a
console connection, DHCP or BOOTP protocol.

The IP address for this switch is obtained via DHCP by default. To manually
configure this address or enable dynamic address assignment via DHCP or BOOTP,
see “Setting an IP Address” on page 2-5.

Note: This switch supports four concurrent Telnet/SSH sessions.

After configuring the switch’s IP parameters, you can access the onboard
configuration program from anywhere within the attached network. The onboard
configuration program can be accessed usin g Telnet from any c omput er a ttached to
the network. The switch can also be managed by any computer using a web
browser (Internet Explorer 5.0 or above, or Netscape Navigator 6.2 or above), or
from a network computer using SNMP network management software.

Note: The onboard program only provides access to basic configuration functions. To

access the full range of SNMP management functions, you must use
SNMP-based network management software.

Stack Operations

Up to eight switches can be stacked together as described in the Installation Guide.
One unit in the stack acts as the Master for configuration tasks and firmware
upgrade. All of the other units function in Slave mode.

To configure any unit in the stack, first verify the unit number by co unt ing down fr om
the Master unit, and then select the appropriate unit number from the web or
console management interface.

Selecting the Stack Master

Note the following points about unit numbering:

• When the stack is initially powere d on, the Master unit is designated as un it 1. The
stack is simply numbered from top to bottom, with the first unit in the stack
designated at unit 1. This unit identificati on number can be selected on the front
panel graphic of the web interface, or from the CLI.

• If more than one stack Master is selected using the Master push button on the
switch’s front panel, the stack will not function.

• If any unit fails, the stack will not function. You must replace the failed unit, and
reconnect the stacking cables to restore a ring topology.

• If a unit in the stack fails or is removed from the stack, the unit numbers will not
change. This means that when you replace a unit in the stack, the original
configuration for the failed unit will be restored to the replacement unit.

2-3

Initial Configuration

2

Recovering from Stack Failure or Topology Change

When a link or unit in the stack fails, a trap message is sent and a failure event is
logged. The stack will be rebooted after any system failure or topology change. It
takes two to three minutes for the stack to reboot. Also note that powering down a
unit or inserting a new unit in the stack will cause the stack to reboot.

Resilient IP Interface for Management Access

The stack functions as one integral system for management and configuration
purposes. You can therefore manage the stack through any port in the VLAN that
has been assigned an IP address. The Master unit d oes not even have t o include an
active port member in the VLAN interface used for ma nagement access. Howeve r , if
the unit to which you normally connect for management access fails, and there are
no active port members on the other units within this VLAN interface, then this IP
address will no longer be available. To retain a c onst ant IP addre ss for manage ment
access across fail over events, you should include port members on several units
within the primary VLAN used for stack management.

Basic Configuration

Console Connection

The CLI program provides two different command levels — normal access level
(Normal Exec) and privileged access level (Privileged Exec). The commands
available at the Normal Exec level are a limited subset of those available at the
Privileged Exec level and allow you to only display information and use basic
utilities. To fully configure the switch parameters, you must access the CLI at the
Privileged Exec level.

Access to both CLI levels are controlled by user names and passwords. The switch
has a default user name and password for each level. To log into the CLI at the
Privileged Exec level using the default user name and pas sword, perform these
steps:

1. To initiate your console connection, press <Enter>. The “User Access
Verification” procedure starts.

2. At the Username prompt, enter “admin.”

3. At the Password prompt, also enter “admin.” (The password characters are not
displayed on the console screen.)

4. The session is opened and the CLI displays the “Console#” prompt indicating
you have access at the Privileged Exec level.

2-4