LevelOne GTL-2661 User guide

GTL-2661

26-Port L2 Managed Gigabit Switch

Web Management Guide

V1.0

Digital Data Communications Asia Co., Ltd.

http://www.level1.com

Web Management Guide

GTL-2661

26-Port L2 Managed Gigabit Switch

E112017-KS-R01

How to Use This Guide

This guide includes detailed information on the switch software, including how to
operate and use the management functions of the switch. To deploy this switch
effectively and ensure trouble-free operation, you should first read the relevant
sections in this guide so that you are familiar with all of its software features.

Who Should Read

this Guide?

How this Guide

is Organized

This guide is for network administrators who are responsible for operating and
maintaining network equipment. The guide assumes a basic working knowledge of
LANs (Local Area Networks), the Internet Protocol (IP), and Simple Network
Management Protocol (SNMP).

This guide provides detailed information about the switch’s key features. It also
describes the switch’s web browser interface. For information on the command line
interface refer to the CLI Reference Guide.

The guide includes these sections:

◆ Section I “Getting Started” — Includes an introduction to switch management,

and the basic settings required to access the management interface.

◆ Section II “Web Configuration” — Includes all management options available

through the web browser interface.

◆ Section III “Ap pe nd ices” — Includes information on troubleshooting switch

management access.

Related

Documentation

This guide focuses on switch software configuration through the web browser.

For information on how to manage the switch through the command line interface,
see the following guide:

CLI Reference Guide

Note:

For a description of how to initialize the switch for management access via
the CLI, web interface or SNMP, refer to “Initial Switch Configuration” in the CLI
Reference Guide.

– 3 –

How to Use This Guide

Conventions The following conventions are used throughout this guide to show information:

Revision History This section summarizes the changes in each revision of this guide.

For information on how to install the switch, see the following guide:

Installation Guide

For all safety information and regulatory statements, see the following documents:

Quick Start Guide
Safety and Regulatory Information

Note:

Emphasizes important information or calls your attention to related features
or instructions.

Revision Date ChangeDescription

v1.1.11.171 11/2017 Initialrelease

– 4 –

Contents

How to Use This Guide 3

Contents 5

Figures 15

Tables 27

Section I Getting Started 29

1 Introduction 31

Key Features 31

Description of Software Features 33

Address Resolution Protocol 37

System Defaults 38

Section II Web Configuration 41

2 Using the Web Interface 43

Connecting to the Web Interface 43

Navigating the Web Browser Interface 44

Dashboard 44

Configuration Options 46

Panel Display 46

Main Menu 47

3 Basic Management Tasks 63

Displaying System Information 64

Displaying Hardware/Software Versions 65

Configuring Support for Jumbo Frames 66

Displaying Bridge Extension Capabilities 67

– 5 –

Contents

Managing System Files 69

Copying Files via FTP/SFTP/TFTP or HTTP 69

Saving the Running Configuration to a Local File 71

Setting the Start-up File 72

Showing System Files 73

Automatic Operation Code Upgrade 73

Setting the System Clock 77

Setting the Time Manually 78

Setting the SNTP Polling Interval 79

Configuring NTP 79

Configuring Time Servers 80

Setting the Time Zone 84

Configuring Summer Time 85

Configuring the Console Port 87

Configuring Telnet Settings 89

Displaying CPU Utilization 90

Configuring CPU Guard 91

Displaying Memory Utilization 92

Resetting the System 93

4 Interface Configuration 97

Port Configuration 98

Configuring by Port List 98

Configuring by Port Range 100

Displaying Connection Status 101

Showing Port or Trunk Statistics 102

Displaying Statistical History 106

Displaying Transceiver Data 110

Configuring Transceiver Thresholds 111

Performing Cable Diagnostics 113

Trunk Configuration 115

Configuring a Static Trunk 116

Configuring a Dynamic Trunk 119

Displaying LACP Port Counters 125

Displaying LACP Settings and Status for the Local Side 126

– 6 –

Contents

Displaying LACP Settings and Status for the Remote Side 128

Configuring Load Balancing 129

Saving Power 131

Configuring Local Port Mirroring 132

Configuring Remote Port Mirroring 134

Sampling Traffic Flows 138

Configuring sFlow Receiver Settings 139

Configuring an sFlow Polling Instance 141

Traffic Segmentation 143

Enabling Traffic Segmentation 143

Configuring Uplink and Downlink Ports 144

5 VLAN Configuration 147

IEEE 802.1Q VLANs 147

Configuring VLAN Groups 149

Adding Static Members to VLANs 152

IEEE 802.1Q Tunneling 156

Enabling QinQ Tunneling on the Switch 160

Creating CVLAN to SPVLAN Mapping Entries 161

Adding an Interface to a QinQ Tunnel 163

Protocol VLANs 164

Configuring Protocol VLAN Groups 165

Mapping Protocol Groups to Interfaces 166

Configuring MAC-based VLANs 168

6 Address Table Settings 171

Displaying the Dynamic Address Table 171

Clearing the Dynamic Address Table 172

Changing the Aging Time 173

Configuring MAC Address Learning 174

Setting Static Addresses 176

Issuing MAC Address Traps 178

7 Spanning Tree Algorithm 181

Overview 181

Configuring Loopback Detection 183

– 7 –

Contents

Configuring Global Settings for STA 185

Displaying Global Settings for STA 190

Configuring Interface Settings for STA 191

Displaying Interface Settings for STA 196

Configuring Multiple Spanning Trees 199

Configuring Interface Settings for MSTP 203

8 Congestion Control 205

Rate Limiting 205

Storm Control 206

9 Class of Service 209

Layer 2 Queue Settings 209

Setting the Default Priority for Interfaces 209

Selecting the Queue Mode 210

Layer 3/4 Priority Settings 213

Setting Priority Processing to DSCP or CoS 214

Mapping CoS Priorities to Per-hop Behavior 215

Mapping DSCP Priorities to Per-hop Behavior 216

10 Quality of Service 219

Overview 219

Configuring a Class Map 220

Creating QoS Policies 223

Attaching a Policy Map to a Port 226

11 VoIP Traffic Configuration 229

Overview 229

Configuring VoIP Traffic 230

Configuring Telephony OUI 231

Configuring VoIP Traffic Ports 232

12 Security Measures 235

AAA (Authentication, Authorization and Accounting) 236

Configuring Local/Remote Logon Authentication 237

Configuring Remote Logon Authentication Servers 238

Configuring AAA Accounting 243

– 8 –

Contents

Configuring AAA Authorization 249

Configuring User Accounts 253

Web Authentication 255

Configuring Global Settings for Web Authentication 255

Configuring Interface Settings for Web Authentication 256

Network Access (MAC Address Authentication) 257

Configuring Global Settings for Network Access 260

Configuring Network Access for Ports 261

Configuring a MAC Address Filter 263

Displaying Secure MAC Address Information 264

Configuring HTTPS 266

Configuring Global Settings for HTTPS 266

Replacing the Default Secure-site Certificate 268

Configuring the Secure Shell 270

Configuring the SSH Server 272

Generating the Host Key Pair 273

Importing User Public Keys 275

Access Control Lists 277

Showing TCAM Utilization 278

Setting the ACL Name and Type 280

Configuring a Standard IPv4 ACL 282

Configuring an Extended IPv4 ACL 283

Configuring a Standard IPv6 ACL 286

Configuring an Extended IPv6 ACL 287

Configuring a MAC ACL 290

Configuring an ARP ACL 292

Binding a Port to an Access Control List 293

Showing ACL Hardware Counters 294

Filtering IP Addresses for Management Access 296

Configuring Port Security 298

Configuring 802.1X Port Authentication 300

Configuring 802.1X Global Settings 302

Configuring Port Authenticator Settings for 802.1X 302

Displaying 802.1X Statistics 306

DoS Protection 308

– 9 –

Contents

DHCP Snooping 310

DHCP Snooping Global Configuration 313

DHCP Snooping VLAN Configuration 315

Configuring Ports for DHCP Snooping 316

Displaying DHCP Snooping Binding Information 317

IPv4 Source Guard 318

Configuring Ports for IPv4 Source Guard 318

Configuring Static Bindings for IPv4 Source Guard 320

Displaying Information for Dynamic IPv4 Source Guard Bindings 323

ARP Inspection 324

Configuring Global Settings for ARP Inspection 325

Configuring VLAN Settings for ARP Inspection 327

Configuring Interface Settings for ARP Inspection 329

Displaying ARP Inspection Statistics 330

Displaying the ARP Inspection Log 331

13 Basic Administration Protocols 333

Configuring Event Logging 334

System Log Configuration 334

Remote Log Configuration 336

Sending Simple Mail Transfer Protocol Alerts 337

Link Layer Discovery Protocol 339

Setting LLDP Timing Attributes 339

Configuring LLDP Interface Attributes 341

Configuring LLDP Interface Civic-Address 345

Displaying LLDP Local Device Information 347

Displaying LLDP Remote Device Information 351

Displaying Device Statistics 359

Simple Network Management Protocol 362

Configuring Global Settings for SNMP 364

Setting the Local Engine ID 365

Specifying a Remote Engine ID 366

Setting SNMPv3 Views 367

Configuring SNMPv3 Groups 370

Setting Community Access Strings 375

– 10 –

Contents

Configuring Local SNMPv3 Users 376

Configuring Remote SNMPv3 Users 379

Specifying Trap Managers 382

Creating SNMP Notification Logs 386

Showing SNMP Statistics 388

Remote Monitoring 390

Configuring RMON Alarms 390

Configuring RMON Events 393

Configuring RMON History Samples 395

Configuring RMON Statistical Samples 398

Switch Clustering 400

Configuring General Settings for Clusters 401

Cluster Member Configuration 402

Managing Cluster Members 404

Setting a Time Range 405

Ethernet Ring Protection Switching 408

ERPS Global Configuration 412

ERPS Ring Configuration 412

ERPS Forced and Manual Mode Operations 428

LBD Configuration 432

Configuring Global Settings for LBD 433

Configuring Interface Settings for LBD 435

14 Multicast Filtering 437

Overview 437

Layer 2 IGMP (Snooping and Query for IPv4) 438

Configuring IGMP Snooping and Query Parameters 440

Specifying Static Interfaces for a Multicast Router 444

Assigning Interfaces to Multicast Services 446

Setting IGMP Snooping Status per Interface 448

Filtering IGMP Query Packets and Multicast Data 454

Displaying Multicast Groups Discovered by IGMP Snooping 455

Displaying IGMP Snooping Statistics 456

Filtering and Throttling IGMP Groups 460

Enabling IGMP Filtering and Throttling 460

– 11 –

Contents

Configuring IGMP Filter Profiles 461

Configuring IGMP Filtering and Throttling for Interfaces 463

MLD Snooping (Snooping and Query for IPv6) 465

Configuring MLD Snooping and Query Parameters 465

Setting Immediate Leave Status for MLD Snooping per Interface 467

Specifying Static Interfaces for an IPv6 Multicast Router 468

Assigning Interfaces to IPv6 Multicast Services 470

Showing MLD Snooping Groups and Source List 472

Displaying MLD Snooping Statistics 473

Filtering and Throttling MLD Groups 481

Enabling MLD Filtering and Throttling 482

Configuring MLD Filter Profiles 482

Configuring MLD Filtering and Throttling for Interfaces 485

Filtering MLD Query Packets on an Interface 486

15 IP Tools 489

Using the Ping Function 489

Using the Trace Route Function 491

Address Resolution Protocol 492

Basic ARP Configuration 493

Configuring Static ARP Addresses 494

Displaying Dynamic or Local ARP Entries 496

Displaying ARP Statistics 497

16 IP Configuration 499

Setting the Switch’s IP Address (IP Version 4) 499

Configuring IPv4 Interface Settings 499

Setting the Switch’s IP Address (IP Version 6) 503

Configuring the IPv6 Default Gateway 503

Configuring IPv6 Interface Settings 504

Configuring an IPv6 Address 509

Showing IPv6 Addresses 511

Showing the IPv6 Neighbor Cache 513

Showing IPv6 Statistics 514

Showing the MTU for Responding Destinations 520

– 12 –

Contents

17 General IP Routing 521

Overview 521

Initial Configuration 521

IP Routing and Switching 522

Routing Path Management 523

Routing Protocols 523

Configuring Static Routes 524

Displaying the Routing Table 525

18 IP Services 527

Domain Name Service 527

Configuring General DNS Service Parameters 527

Configuring a List of Domain Names 528

Configuring a List of Name Servers 530

Configuring Static DNS Host to Address Entries 531

Displaying the DNS Cache 532

Multicast Domain Name Service 533

Dynamic Host Configuration Protocol 534

Specifying a DHCP Client Identifier 535

Configuring DHCP Relay Service 536

Enabling DHCP Dynamic Provision 538

Section III Appendices 539

A Software Specifications 541

Software Features 541

Management Features 542

Standards 543

Management Information Bases 543

B Troubleshooting 545

Problems Accessing the Management Interface 545

Using System Logs 546

C License Information 547

The GNU General Public License 547

– 13 –

Contents

Glossary 551

Index 559

– 14 –

Figures

Figure 1: Dashboard 45

Figure 2: System Information 64

Figure 3: General Switch Information 66

Figure 4: Configuring Support for Jumbo Frames 67

Figure 5: Displaying Bridge Extension Configuration 68

Figure 6: Copy Firmware 71

Figure 7: Saving the Running Configuration 72

Figure 8: Setting Start-Up Files 72

Figure 9: Displaying System Files 73

Figure 10: Configuring Automatic Code Upgrade 77

Figure 11: Manually Setting the System Clock 78

Figure 12: Setting the Polling Interval for SNTP 79

Figure 13: Configuring NTP 80

Figure 14: Specifying SNTP Time Servers 81

Figure 15: Adding an NTP Time Server 82

Figure 16: Showing the NTP Time Server List 82

Figure 17: Adding an NTP Authentication Key 83

Figure 18: Showing the NTP Authentication Key List 84

Figure 19: Setting the Time Zone 85

Figure 20: Configuring Summer Time 87

Figure 21: Console Port Settings 88

Figure 22: Telnet Connection Settings 90

Figure 23: Displaying CPU Utilization 91

Figure 24: Configuring CPU Guard 92

Figure 25: Displaying Memory Utilization 93

Figure 26: Restarting the Switch (Immediately) 95

Figure 27: Restarting the Switch (In) 95

Figure 28: Restarting the Switch (At) 96

Figure 29: Restarting the Switch (Regularly) 96

– 15 –

Figures

Figure 30: Configuring Connections by Port List 100

Figure 31: Configuring Connections by Port Range 101

Figure 32: Displaying Port Information 102

Figure 33: Showing Port Statistics (Table) 105

Figure 34: Showing Port Statistics (Chart) 106

Figure 35: Configuring a History Sample 108

Figure 36: Showing Entries for History Sampling 108

Figure 37: Showing Status of Statistical History Sample 109

Figure 38: Showing Current Statistics for a History Sample 109

Figure 39: Showing Ingress Statistics for a History Sample 110

Figure 40: Displaying Transceiver Data 111

Figure 41: Configuring Transceiver Thresholds 113

Figure 42: Performing Cable Tests 115

Figure 43: Configuring Static Trunks 116

Figure 44: Creating Static Trunks 117

Figure 45: Adding Static Trunks Members 118

Figure 46: Configuring Connection Parameters for a Static Trunk 118

Figure 47: Showing Information for Static Trunks 119

Figure 48: Configuring Dynamic Trunks 119

Figure 49: Configuring the LACP Aggregator Admin Key 122

Figure 50: Enabling LACP on a Port 123

Figure 51: Configuring LACP Parameters on a Port 123

Figure 52: Showing Members of a Dynamic Trunk 124

Figure 53: Configuring Connection Settings for a Dynamic Trunk 124

Figure 54: Showing Connection Parameters for Dynamic Trunks 125

Figure 55: Displaying LACP Port Counters 126

Figure 56: Displaying LACP Port Internal Information 127

Figure 57: Displaying LACP Port Remote Information 129

Figure 58: Configuring Load Balancing 130

Figure 59: Enabling Power Savings 132

Figure 60: Configuring Local Port Mirroring 132

Figure 61: Configuring Local Port Mirroring 133

Figure 62: Displaying Local Port Mirror Sessions 134

Figure 63: Configuring Remote Port Mirroring 134

Figure 64: Configuring Remote Port Mirroring (Source) 137

– 16 –

Figures

Figure 65: Configuring Remote Port Mirroring (Intermediate) 138

Figure 66: Configuring Remote Port Mirroring (Destination) 138

Figure 67: Configuring an sFlow Receiver 140

Figure 68: Showing sFlow Receivers 141

Figure 69: Configuring an sFlow Instance 142

Figure 70: Showing sFlow Instances 142

Figure 71: Enabling Traffic Segmentation 144

Figure 72: Configuring Members for Traffic Segmentation 145

Figure 73: Showing Traffic Segmentation Members 146

Figure 74: VLAN Compliant and VLAN Non-compliant Devices 148

Figure 75: Creating Static VLANs 151

Figure 76: Modifying Settings for Static VLANs 151

Figure 77: Showing Static VLANs 152

Figure 78: Configuring Static Members by VLAN Index 154

Figure 79: Configuring Static VLAN Members by Interface 155

Figure 80: Configuring Static VLAN Members by Interface Range 156

Figure 81: QinQ Operational Concept 157

Figure 82: Enabling QinQ Tunneling 161

Figure 83: Configuring CVLAN to SPVLAN Mapping Entries 162

Figure 84: Showing CVLAN to SPVLAN Mapping Entries 162

Figure 85: Adding an Interface to a QinQ Tunnel 164

Figure 86: Configuring Protocol VLANs 166

Figure 87: Displaying Protocol VLANs 166

Figure 88: Assigning Interfaces to Protocol VLANs 168

Figure 89: Showing the Interface to Protocol Group Mapping 168

Figure 90: Configuring MAC-Based VLANs 170

Figure 91: Showing MAC-Based VLANs 170

Figure 92: Displaying the Dynamic MAC Address Table 172

Figure 93: Clearing Entries in the Dynamic MAC Address Table 173

Figure 94: Setting the Address Aging Time 174

Figure 95: Configuring MAC Address Learning 175

Figure 96: Configuring Static MAC Addresses 177

Figure 97: Displaying Static MAC Addresses 177

Figure 98: Issuing MAC Address Traps (Global Configuration) 178

Figure 99: Issuing MAC Address Traps (Interface Configuration) 179

– 17 –

Figures

Figure 100: STP Root Ports and Designated Ports 182

Figure 101: MSTP Region, Internal Spanning Tree, Multiple Spanning Tree 182

Figure 102: Spanning Tree – Common Internal, Common, Internal 183

Figure 103: Configuring Port Loopback Detection 185

Figure 104: Configuring Global Settings for STA (STP) 189

Figure 105: Configuring Global Settings for STA (RSTP) 189

Figure 106: Configuring Global Settings for STA (MSTP) 190

Figure 107: Displaying Global Settings for STA 191

Figure 108: Determining the Root Port 193

Figure 109: Configuring Interface Settings for STA 196

Figure 110: STA Port Roles 197

Figure 111: Displaying Interface Settings for STA 198

Figure 112: Creating an MST Instance 200

Figure 113: Displaying MST Instances 200

Figure 114: Modifying the Priority for an MST Instance 201

Figure 115: Displaying Global Settings for an MST Instance 201

Figure 116: Adding a VLAN to an MST Instance 202

Figure 117: Displaying Members of an MST Instance 202

Figure 118: Configuring MSTP Interface Settings 204

Figure 119: Displaying MSTP Interface Settings 204

Figure 120: Configuring Rate Limits 206

Figure 121: Configuring Storm Control 208

Figure 122: Setting the Default Port Priority 210

Figure 123: Setting the Queue Mode (Strict) 212

Figure 124: Setting the Queue Mode (WRR) 212

Figure 125: Setting the Queue Mode (Strict and WRR) 213

Figure 126: Setting the Trust Mode 215

Figure 127: Configuring CoS to Queue Mapping 216

Figure 128: Configuring DSCP to Queue Mapping 218

Figure 129: Configuring a Class Map 221

Figure 130: Showing Class Maps 222

Figure 131: Adding Rules to a Class Map 222

Figure 132: Showing the Rules for a Class Map 223

Figure 133: Configuring a Policy Map 225

Figure 134: Showing Policy Maps 225

– 18 –

Figures

Figure 135: Adding Rules to a Policy Map 226

Figure 136: Showing the Rules for a Policy Map 226

Figure 137: Attaching a Policy Map to a Port 227

Figure 138: Configuring a Voice VLAN 231

Figure 139: Configuring an OUI Telephony List 232

Figure 140: Showing an OUI Telephony List 232

Figure 141: Configuring Port Settings for a Voice VLAN 234

Figure 142: Configuring the Authentication Sequence 238

Figure 143: Authentication Server Operation 238

Figure 144: Configuring Remote Authentication Server (RADIUS) 241

Figure 145: Configuring Remote Authentication Server (TACACS+) 242

Figure 146: Configuring AAA Server Groups 242

Figure 147: Showing AAA Server Groups 243

Figure 148: Configuring Global Settings for AAA Accounting 245

Figure 149: Configuring AAA Accounting Methods 246

Figure 150: Showing AAA Accounting Methods 247

Figure 151: Configuring AAA Accounting Service for 802.1X Service 247

Figure 152: Configuring AAA Accounting Service for Command Service 248

Figure 153: Configuring AAA Accounting Service for Exec Service 248

Figure 154: Displaying a Summary of Applied AAA Accounting Methods 249

Figure 155: Displaying Statistics for AAA Accounting Sessions 249

Figure 156: Configuring AAA Authorization Methods 251

Figure 157: Showing AAA Authorization Methods 251

Figure 158: Configuring AAA Authorization Methods for Exec Service 252

Figure 159: Displaying the Applied AAA Authorization Method 252

Figure 160: Configuring User Accounts 254

Figure 161: Showing User Accounts 255

Figure 162: Configuring Global Settings for Web Authentication 256

Figure 163: Configuring Interface Settings for Web Authentication 257

Figure 164: Configuring Global Settings for Network Access 261

Figure 165: Configuring Interface Settings for Network Access 263

Figure 166: Configuring a MAC Address Filter for Network Access 264

Figure 167: Showing the MAC Address Filter Table for Network Access 264

Figure 168: Showing Addresses Authenticated for Network Access 266

Figure 169: Configuring HTTPS 268

– 19 –

Figures

Figure 170: Downloading the Secure-Site Certificate 269

Figure 171: Configuring the SSH Server 273

Figure 172: Generating the SSH Host Key Pair 274

Figure 173: Showing the SSH Host Key Pair 275

Figure 174: Copying the SSH User’s Public Key 276

Figure 175: Showing the SSH User’s Public Key 277

Figure 176: Showing TCAM Utilization 280

Figure 177: Creating an ACL 281

Figure 178: Showing a List of ACLs 282

Figure 179: Configuring a Standard IPv4 ACL 283

Figure 180: Configuring an Extended IPv4 ACL 286

Figure 181: Configuring a Standard IPv6 ACL 287

Figure 182: Configuring an Extended IPv6 ACL 289

Figure 183: Configuring a MAC ACL 291

Figure 184: Configuring a ARP ACL 293

Figure 185: Binding a Port to an ACL 294

Figure 186: Showing ACL Statistics 295

Figure 187: Creating an IP Address Filter for Management Access 297

Figure 188: Showing IP Addresses Authorized for Management Access 297

Figure 189: Configuring Port Security 300

Figure 190: Configuring Port Authentication 301

Figure 191: Configuring Global Settings for 802.1X Port Authentication 302

Figure 192: Configuring Interface Settings for 802.1X Port Authenticator 306

Figure 193: Showing Statistics for 802.1X Port Authenticator 308

Figure 194: Protecting Against DoS Attacks 310

Figure 195: Configuring Global Settings for DHCP Snooping 314

Figure 196: Configuring DHCP Snooping on a VLAN 315

Figure 197: Configuring the Port Mode for DHCP Snooping 317

Figure 198: Displaying the Binding Table for DHCP Snooping 318

Figure 199: Setting the Filter Type for IPv4 Source Guard 320

Figure 200: Configuring Static Bindings for IPv4 Source Guard 322

Figure 201: Displaying Static Bindings for IPv4 Source Guard 323

Figure 202: Showing the IPv4 Source Guard Binding Table 324

Figure 203: Configuring Global Settings for ARP Inspection 327

Figure 204: Configuring VLAN Settings for ARP Inspection 328

– 20 –

Figures

Figure 205: Configuring Interface Settings for ARP Inspection 329

Figure 206: Displaying Statistics for ARP Inspection 331

Figure 207: Displaying the ARP Inspection Log 332

Figure 208: Configuring Settings for System Memory Logs 335

Figure 209: Showing Error Messages Logged to System Memory 336

Figure 210: Configuring Settings for Remote Logging of Error Messages 337

Figure 211: Configuring SMTP Alert Messages 338

Figure 212: Configuring LLDP Timing Attributes 341

Figure 213: Configuring LLDP Interface Attributes 345

Figure 214: Configuring the Civic Address for an LLDP Interface 346

Figure 215: Showing the Civic Address for an LLDP Interface 347

Figure 216: Displaying Local Device Information for LLDP (General) 350

Figure 217: Displaying Local Device Information for LLDP (Port) 350

Figure 218: Displaying Local Device Information for LLDP (Port Details) 350

Figure 219: Displaying Remote Device Information for LLDP (Port) 357

Figure 220: Displaying Remote Device Information for LLDP (Port Details) 358

Figure 221: Displaying Remote Device Information for LLDP (End Node) 359

Figure 222: Displaying LLDP Device Statistics (General) 361

Figure 223: Displaying LLDP Device Statistics (Port) 361

Figure 224: Configuring Global Settings for SNMP 364

Figure 225: Configuring the Local Engine ID for SNMP 365

Figure 226: Configuring a Remote Engine ID for SNMP 366

Figure 227: Showing Remote Engine IDs for SNMP 367

Figure 228: Creating an SNMP View 368

Figure 229: Showing SNMP Views 368

Figure 230: Adding an OID Subtree to an SNMP View 369

Figure 231: Showing the OID Subtree Configured for SNMP Views 369

Figure 232: Creating an SNMP Group 374

Figure 233: Showing SNMP Groups 374

Figure 234: Setting Community Access Strings 375

Figure 235: Showing Community Access Strings 376

Figure 236: Configuring Local SNMPv3 Users 378

Figure 237: Showing Local SNMPv3 Users 378

Figure 238: Changing a Local SNMPv3 User Group 379

Figure 239: Configuring Remote SNMPv3 Users 381

– 21 –

Figures

Figure 240: Showing Remote SNMPv3 Users 381

Figure 241: Configuring Trap Managers (SNMPv1) 385

Figure 242: Configuring Trap Managers (SNMPv2c) 385

Figure 243: Configuring Trap Managers (SNMPv3) 385

Figure 244: Showing Trap Managers 386

Figure 245: Creating SNMP Notification Logs 387

Figure 246: Showing SNMP Notification Logs 388

Figure 247: Showing SNMP Statistics 389

Figure 248: Configuring an RMON Alarm 392

Figure 249: Showing Configured RMON Alarms 392

Figure 250: Configuring an RMON Event 394

Figure 251: Showing Configured RMON Events 395

Figure 252: Configuring an RMON History Sample 396

Figure 253: Showing Configured RMON History Samples 397

Figure 254: Showing Collected RMON History Samples 397

Figure 255: Configuring an RMON Statistical Sample 399

Figure 256: Showing Configured RMON Statistical Samples 399

Figure 257: Showing Collected RMON Statistical Samples 400

Figure 258: Configuring a Switch Cluster 402

Figure 259: Configuring a Cluster Members 403

Figure 260: Showing Cluster Members 403

Figure 261: Showing Cluster Candidates 404

Figure 262: Managing a Cluster Member 405

Figure 263: Setting the Name of a Time Range 406

Figure 264: Showing a List of Time Ranges 406

Figure 265: Add a Rule to a Time Range 407

Figure 266: Showing the Rules Configured for a Time Range 407

Figure 267: ERPS Ring Components 409

Figure 268: Ring Interconnection Architecture (Multi-ring/Ladder Network) 410

Figure 269: Setting ERPS Global Status 412

Figure 270: Sub-ring with Virtual Channel 422

Figure 271: Sub-ring without Virtual Channel 422

Figure 272: Non-ERPS Device Protection 423

Figure 273: Creating an ERPS Ring 426

Figure 274: Creating an ERPS Ring 427

– 22 –

Figures

Figure 275: Showing Configured ERPS Rings 428

Figure 276: Blocking an ERPS Ring Port 432

Figure 277: Configuring Global Settings for LBD 434

Figure 278: Configuring Interface Settings for LBD 435

Figure 279: Multicast Filtering Concept 437

Figure 280: Configuring General Settings for IGMP Snooping 443

Figure 281: Configuring a Static Interface for a Multicast Router 445

Figure 282: Showing Static Interfaces Attached a Multicast Router 445

Figure 283: Showing Current Interfaces Attached a Multicast Router 446

Figure 284: Assigning an Interface to a Multicast Service 447

Figure 285: Showing Static Interfaces Assigned to a Multicast Service 448

Figure 286: Configuring IGMP Snooping on a VLAN 453

Figure 287: Showing Interface Settings for IGMP Snooping 453

Figure 288: Dropping IGMP Query or Multicast Data Packets 454

Figure 289: Showing Multicast Groups Learned by IGMP Snooping 455

Figure 290: Displaying IGMP Snooping Statistics – Query 458

Figure 291: Displaying IGMP Snooping Statistics – VLAN 459

Figure 292: Displaying IGMP Snooping Statistics – Port 459

Figure 293: Enabling IGMP Filtering and Throttling 461

Figure 294: Creating an IGMP Filtering Profile 462

Figure 295: Showing the IGMP Filtering Profiles Created 462

Figure 296: Adding Multicast Groups to an IGMP Filtering Profile 463

Figure 297: Showing the Groups Assigned to an IGMP Filtering Profile 463

Figure 298: Configuring IGMP Filtering and Throttling Interface Settings 465

Figure 299: Configuring General Settings for MLD Snooping 467

Figure 300: Configuring Immediate Leave for MLD Snooping 468

Figure 301: Configuring a Static Interface for an IPv6 Multicast Router 469

Figure 302: Showing Static Interfaces Attached an IPv6 Multicast Router 469

Figure 303: Showing Current Interfaces Attached an IPv6 Multicast Router 469

Figure 304: Assigning an Interface to an IPv6 Multicast Service 471

Figure 305: Showing Static Interfaces Assigned to an IPv6 Multicast Service 471

Figure 306: Showing Current Interfaces Assigned to an IPv6 Multicast Service 472

Figure 307: Showing IPv6 Multicast Services and Corresponding Sources 473

Figure 308: Displaying MLD Snooping Statistics – Input 477

Figure 309: Displaying MLD Snooping Statistics – Output 477

– 23 –

Figures

Figure 310: Displaying MLD Snooping Statistics – Query 478

Figure 311: Displaying MLD Snooping Statistics – Summary (Port/Trunk) 479

Figure 312: Displaying MLD Snooping Statistics – Summary (VLAN) 480

Figure 313: Clearing MLD Snooping Statistics 481

Figure 314: Enabling MLD Filtering and Throttling 482

Figure 315: Creating an MLD Filtering Profile 483

Figure 316: Showing the MLD Filtering Profiles Created 484

Figure 317: Adding Multicast Groups to an MLD Filtering Profile 484

Figure 318: Showing the Groups Assigned to an MLD Filtering Profile 485

Figure 319: Configuring MLD Filtering and Throttling Interface Settings 486

Figure 320: Dropping MLD Query Packets 487

Figure 321: Pinging a Network Device 490

Figure 322: Tracing the Route to a Network Device 492

Figure 323: Proxy ARP 493

Figure 324: Configuring General Settings for ARP 494

Figure 325: Configuring Static ARP Entries 495

Figure 326: Displaying Static ARP Entries 496

Figure 327: Displaying ARP Entries 496

Figure 328: Displaying ARP Statistics 497

Figure 329: Configuring a Static IPv4 Address 501

Figure 330: Configuring a Dynamic IPv4 Address 502

Figure 331: Showing the Configured IPv4 Address for an Interface 503

Figure 332: Configuring the IPv6 Default Gateway 504

Figure 333: Configuring General Settings for an IPv6 Interface 508

Figure 334: Configuring an IPv6 Address 511

Figure 335: Showing Configured IPv6 Addresses 512

Figure 336: Showing IPv6 Neighbors 514

Figure 337: Showing IPv6 Statistics (IPv6) 518

Figure 338: Showing IPv6 Statistics (ICMPv6) 519

Figure 339: Showing IPv6 Statistics (UDP) 519

Figure 340: Showing Reported MTU Values 520

Figure 341: Virtual Interfaces and Layer 3 Routing 522

Figure 342: Configuring Static Routes 525

Figure 343: Displaying Static Routes 525

Figure 344: Displaying the Routing Table 526

– 24 –

Figures

Figure 345: Configuring General Settings for DNS 528

Figure 346: Configuring a List of Domain Names for DNS 529

Figure 347: Showing the List of Domain Names for DNS 529

Figure 348: Configuring a List of Name Servers for DNS 530

Figure 349: Showing the List of Name Servers for DNS 531

Figure 350: Configuring Static Entries in the DNS Table 532

Figure 351: Showing Static Entries in the DNS Table 532

Figure 352: Showing Entries in the DNS Cache 533

Figure 353: Configuring Multicast DNS 534

Figure 354: Specifying a DHCP Client Identifier 536

Figure 355: Layer 3 DHCP Relay Service 536

Figure 356: Configuring DHCP Relay Service 537

Figure 357: Enabling Dynamic Provisioning via DHCP 538

– 25 –

Figures

– 26 –

Tables

Table 1: Key Features 31

Table 2: System Defaults 38

Table 3: Web Page Configuration Buttons 46

Table 4: Switch Main Menu 47

Table 5: Predefined Summer-Time Parameters 86

Table 6: Port Statistics 102

Table 7: LACP Port Counters 125

Table 8: LACP Internal Configuration Information 126

Table 9: LACP Remote Device Configuration Information 128

Table 10: Traffic Segmentation Forwarding 144

Table 11: Recommended STA Path Cost Range 192

Table 12: Default STA Path Costs 192

Table 13: Default Mapping of CoS/CFI Values to Queue/CFI 215

Table 14: Default Mapping of DSCP Values to Queue/CFI 217

Table 15: Dynamic QoS Profiles 259

Table 16: HTTPS System Support 267

Table 17: 802.1X Statistics 306

Table 18: ARP Inspection Statistics 330

Table 19: ARP Inspection Log 331

Table 20: Logging Levels 334

Table 21: LLDP MED Location CA Types 345

Table 22: Chassis ID Subtype 347

Table 23: System Capabilities 348

Table 24: Port ID Subtype 349

Table 25: Remote Port Auto-Negotiation Advertised Capability 352

Table 26: SNMPv3 Security Models and Levels 363

Table 27: Supported Notification Messages 371

Table 28: ERPS Request/State Priority 429

Table 29: Address Resolution Protocol 492

– 27 –

Tabl es

Table 30: ARP Statistics 497

Table 31: Show IPv6 Neighbors - display description 513

Table 32: Show IPv6 Statistics - display description 515

Table 33: Show MTU - display description 520

Table 34: Options 60, 66 and 67 Statements 535

Table 35: Options 55 and 124 Statements 535

Table 36: Troubleshooting Chart 545

– 28 –

Section I

Getting Started

This section provides an overview of the switch, and introduces some basic
concepts about network switches. It also describes the basic settings required to
access the management interface.

This section includes these chapters:

◆ "Introduction" on page 31

– 29 –

Section I

| Getting Started

– 30 –

1 Introduction

This switch provides a broad range of features for Layer 2 switching and Layer 3

routing. It includes a management agent that allows you to configure the features
listed in this manual. The default configuration can be used for most of the features
provided by this switch. However, there are many options that you should
configure to maximize the switch’s performance for your particular network
environment.

Key Features

Table 1: Key Features

Feature Description

Configuration Backup and
Restore

Authentication Console, Telnet, web – user name/password, RADIUS, TACACS+

General Security Measures AAA

Access Control Lists Supports up to 256 ACLs, 128 rules per ACL, and 512 rules per system

DHCP/DHCPv6 Client, Relay, Relay Option 82

Port Configuration Speed, duplex mode, and flow control

Port Trunking Supports up to 8 trunks – static or dynamic trunking (LACP)

Port Mirroring 3 sessions, one or more source ports to an analysis port

Congestion Control Rate Limiting

Using management station or FTP/SFTP/TFTP server

Port – IEEE 802.1X, MAC address filtering
SNMP v1/2c - Community strings
SNMP version 3 – MD5 or SHA password
Telnet – SSH
Web – HTTPS

ARP Inspection
DHCP Snooping (with Option 82 relay information)
DoS Protection
IP Source Guard
Port Authentication – IEEE 802.1X
Port Security – MAC address filtering

Throttling for broadcast, multicast, unknown unicast storms

– 31 –

Chapter 1

Key Features

| Introduction

Table 1: Key Features (Continued)

Feature Description

Address Table Address Table 16K MAC addresses in the forwarding table (shared with

IP Version 4 and 6 Supports IPv4 and IPv6 addressing and management

IEEE 802.1D Bridge Supports dynamic data switching and addresses learning

Store-and-Forward
Switching

Spanning Tree Algorithm Supports standard STP, Rapid Spanning Tree Protocol (RSTP), and

Virtual LANs Up to 4094 using IEEE 802.1Q, port-based, protocol-based, voice VLANs,

Traffic Prioritization Default port priority, traffic class map, queue scheduling, IP Precedence,

Qualify of Service Supports Differentiated Services (DiffServ)

Link Layer Discovery
Protocol

Switch Clustering Supports up to 36 member switches in a cluster

ERPS Supports Ethernet Ring Protection Switching for increased availability

L2 unicast, L2 multicast, IPv4 multicast, IPv6 multicast);
1K static MAC addresses;
511 L2 IPv4 multicast groups (shared with MAC address table);
56 entries in host table (8 static ARP + 48 dynamic ARP);
64 entries in route table (net table);
8 IP intefaces

Supported to ensure wire-speed switching while eliminating bad
frames

Multiple Spanning Trees (MSTP)

and QinQ tunnel

or Differentiated Services Code Point (DSCP)

Used to discover basic information about neighboring devices

of Ethernet rings (G.8032)

ARP Static and dynamic address configuration, proxy ARP

Multicast Filtering Supports IGMP snooping and query for Layer 2

– 32 –

Description of Software Features

The switch provides a wide range of advanced performance enhancing features.
Flow control eliminates the loss of packets due to bottlenecks caused by port
saturation. Storm suppression prevents broadcast, multicast, and unknown unicast
traffic storms from engulfing the network. Untagged (port-based), tagged, and
protocol-based VLANs, plus support for automatic GVRP VLAN registration provide
traffic security and efficient use of network bandwidth. CoS priority queueing
ensures the minimum delay for moving real-time multimedia data across the
network. While multicast filtering provides support for real-time network
applications.

Some of the management features are briefly described below.

Chapter 1

Description of Software Features

| Introduction

Configuration Backup

and Restore

You can save the current configuration settings to a file on the management station
(using the web interface) or an FTP/SFTP/TFTP server (using the web or console
interface), and later download this file to restore the switch configuration settings.

Authentication This switch authenticates management access via the console port, Telnet, or a web

browser. User names and passwords can be configured locally or can be verified via
a remote authentication server (i.e., RADIUS or TACACS+). Port-based
authentication is also supported via the IEEE 802.1X protocol. This protocol uses
Extensible Authentication Protocol over LANs (EAPOL) to request user credentials
from the 802.1X client, and then uses the EAP between the switch and the
authentication server to verify the client’s right to access the network via an
authentication server (i.e., RADIUS or TACACS+ server).

Other authentication options include HTTPS for secure management access via the
web, SSH for secure management access over a Telnet-equivalent connection,
SNMP Version 3, IP address filtering for SNMP/Telnet/web management access.
MAC address filtering and IP source guard also provide authenticated port access.
While DHCP snooping is provided to prevent malicious attacks from insecure ports.

Access Control Lists ACLs provide packet filtering for IP frames (based on address, protocol, TCP/UDP

port number or TCP control code) or any frames (based on MAC address or Ethernet
type). ACLs can be used to improve performance by blocking unnecessary network
traffic or to implement security controls by restricting access to specific network
resources or protocols.

Port Configuration You can manually configure the speed, duplex mode, and flow control used on

specific ports, or use auto-negotiation to detect the connection settings used by
the attached device. Use full-duplex mode on ports whenever possible to double
the throughput of switch connections. Flow control should also be enabled to
control network traffic during periods of congestion and prevent the loss of

– 33 –

Chapter 1

Description of Software Features

| Introduction

packets when port buffer thresholds are exceeded. The switch supports flow
control based on the IEEE 802.3x standard (now incorporated in IEEE 802.3-2002).

Rate Limiting This feature controls the maximum rate for traffic transmitted or received on an

interface. Rate limiting is configured on interfaces at the edge of a network to limit
traffic into or out of the network. Packets that exceed the acceptable amount of
traffic are dropped.

Port Mirroring The switch can unobtrusively mirror traffic from any port to a monitor port. You can

then attach a protocol analyzer or RMON probe to this port to perform traffic
analysis and verify connection integrity.

Port Trunking Ports can be combined into an aggregate connection. Trunks can be manually set

up or dynamically configured using Link Aggregation Control Protocol (LACP – IEEE

802.3-2005). The additional ports dramatically increase the throughput across any
connection, and provide redundancy by taking over the load if a port in the trunk
should fail. The switch supports up to 16 trunks.

Storm Control Broadcast, multicast and unknown unicast storm suppression prevents traffic from

overwhelming the network.When enabled on a port, the level of traffic passing
through the port is restricted. If traffic rises above a pre-defined threshold, it will be
throttled until the level falls back beneath the threshold.

Static MAC Addresses A static address can be assigned to a specific interface on this switch. Static

addresses are bound to the assigned interface and will not be moved. When a static
address is seen on another interface, the address will be ignored and will not be
written to the address table. Static addresses can be used to provide network
security by restricting access for a known host to a specific port.

IP Address Filtering Access to insecure ports can be controlled using DHCP Snooping which filters

ingress traffic based on static IP addresses and addresses stored in the DHCP
Snooping table. Traffic can also be restricted to specific source IP addresses or
source IP/MAC address pairs based on static entries or entries stored in the DHCP
Snooping table.

– 34 –

Chapter 1

Description of Software Features

| Introduction

IEEE 802.1D Bridge The switch supports IEEE 802.1D transparent bridging. The address table facilitates

data switching by learning addresses, and then filtering or forwarding traffic based
on this information. The address table supports up to 16K addresses.

Store-and-Forward

Switching

Spanning Tree

Algorithm

The switch copies each frame into its memory before forwarding them to another
port. This ensures that all frames are a standard Ethernet size and have been
verified for accuracy with the cyclic redundancy check (CRC). This prevents bad
frames from entering the network and wasting bandwidth.

To avoid dropping frames on congested ports, the switch provides 12 Mbits for
frame buffering. This buffer can queue packets awaiting transmission on congested
networks.

The switch supports these spanning tree protocols:

◆ Spanning Tree Protocol (STP, IEEE 802.1D) – This protocol provides loop

detection. When there are multiple physical paths between segments, this
protocol will choose a single path and disable all others to ensure that only one
route exists between any two stations on the network. This prevents the
creation of network loops. However, if the chosen path should fail for any
reason, an alternate path will be activated to maintain the connection.

◆ Rapid Spanning Tree Protocol (RSTP, IEEE 802.1w) – This protocol reduces the

convergence time for network topology changes to about 3 to 5 seconds,
compared to 30 seconds or more for the older IEEE 802.1D STP standard. It is
intended as a complete replacement for STP, but can still interoperate with
switches running the older standard by automatically reconfiguring ports to
STP-compliant mode if they detect STP protocol messages from attached
devices.

◆ Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) – This protocol is a direct

extension of RSTP. It can provide an independent spanning tree for different
VLANs. It simplifies network management, provides for even faster
convergence than RSTP by limiting the size of each region, and prevents VLAN
members from being segmented from the rest of the group (as sometimes
occurs with IEEE 802.1D STP).

Virtual LANs The switch supports up to 4094 VLANs. A Virtual LAN is a collection of network

nodes that share the same collision domain regardless of their physical location or
connection point in the network. The switch supports tagged VLANs based on the
IEEE 802.1Q standard. Members of VLAN groups can be dynamically learned via
GVRP, or ports can be manually assigned to a specific set of VLANs. This allows the
switch to restrict traffic to the VLAN groups to which a user has been assigned. By
segmenting your network into VLANs, you can:

◆ Eliminate broadcast storms which severely degrade performance in a flat

network.

– 35 –

Chapter 1

Description of Software Features

| Introduction

◆ Simplify network management for node changes/moves by remotely

◆ Provide data security by restricting all traffic to the originating VLAN, except

◆ Use protocol VLANs to restrict traffic to specified interfaces based on protocol

configuring VLAN membership for any port, rather than having to manually
change the network connection.

where a connection is explicitly defined via the switch's routing service.

type.

IEEE 802.1Q Tunneling

(QinQ)

This feature is designed for service providers carrying traffic for multiple customers
across their networks. QinQ tunneling is used to maintain customer-specific VLAN
and Layer 2 protocol configurations even when different customers use the same
internal VLAN IDs. This is accomplished by inserting Service Provider VLAN
(SPVLAN) tags into the customer’s frames when they enter the service provider’s
network, and then stripping the tags when the frames leave the network.

Traffic Prioritization This switch prioritizes each packet based on the required level of service, using

eight priority queues with strict priority, Weighted Round Robin (WRR) scheduling,
or a combination of strict and weighted queuing. It uses IEEE 802.1p and 802.1Q
tags to prioritize incoming traffic based on input from the end-station application.
These functions can
data and best-effort data.

This switch also supports several common methods of prioritizing layer 3/4 traffic
to meet application requirements. Traffic can be prioritized based on the priority
bits in the IP frame’s Type of Service (ToS) octet using DSCP, or IP Precedence. When
these services are enabled, the priorities are mapped to a Class of Service value by
the switch, and the traffic then sent to the corresponding output queue.

be used to provide independent priorities for delay-sensitive

Quality of Service Differentiated Services (DiffServ) provides policy-based management mechanisms

used for prioritizing network resources to meet the requirements of specific traffic
types on a per-hop basis. Each packet is classified upon entry into the network
based on access lists, IP Precedence or DSCP values, or VLAN lists. Using access lists
allows you select traffic based on Layer 2, Layer 3, or Layer 4 information contained
in each packet. Based on network policies, different kinds of traffic can be marked
for different kinds of forwarding.

Ethernet Ring

Protection Switching

ERPS can be used to increase the availability and robustness of Ethernet rings, such
as those used in Metropolitan Area Networks (MAN). ERPS provides Layer 2 loop
avoidance and fast reconvergence in Layer 2 ring topologies, supporting up to 255
nodes in the ring structure. It can also function with IEEE 802.1ag to support link
monitoring when non-participating devices exist within the Ethernet ring.

– 36 –

Chapter 1

Description of Software Features

| Introduction

Address Resolution

Protocol

The switch uses ARP and Proxy ARP to convert between IP addresses and MAC
(hardware) addresses. This switch supports conventional ARP, which locates the
MAC address corresponding to a given IP address. This allows the switch to use IP
addresses for routing decisions and the corresponding MAC addresses to forward
packets from one hop to the next. Either static or dynamic entries can be
configured in the ARP cache.

Proxy ARP allows hosts that do not support routing to determine the MAC address
of a device on another network or subnet. When a host sends an ARP request for a
remote network, the switch checks to see if it has the best route. If it does, it sends
its own MAC address to the host. The host then sends traffic for the remote
destination via the switch, which uses its own routing table to reach the destination
on the other network.

Multicast Filtering Specific multicast traffic can be assigned to its own VLAN to ensure that it does not

interfere with normal network traffic and to guarantee real-time delivery by setting
the required priority level for the designated VLAN. The switch uses IGMP Snooping
and Query for IPv4,and MLD Snooping and Query for IPv6 to manage multicast
group registration.

Link Layer Discovery

Protocol

LLDP is used to discover basic information about neighboring devices within the
local broadcast domain. LLDP is a Layer 2 protocol that advertises information
about the sending device and collects information gathered from neighboring
network nodes it discovers.

Advertised information is represented in Type Length Value (TLV) format according
to the IEEE 802.1ab standard, and can include details such as device identification,
capabilities and configuration settings. Media Endpoint Discovery (LLDP-MED) is an
extension of LLDP intended for managing endpoint devices such as Voice over IP
phones and network switches. The LLDP-MED TLVs advertise information such as
network policy, power, inventory, and device location details. The LLDP and LLDP­MED information can be used by SNMP applications to simplify troubleshooting,
enhance network management, and maintain an accurate network topology.

– 37 –

Chapter 1

| Introduction

System Defaults

System Defaults

The switch’s system defaults are provided in the configuration file
“Factory_Default_Config.cfg.” To reset the switch defaults, this file should be set as
the startup configuration file.

The following table lists some of the basic system defaults.

Table 2: System Defaults

Function Parameter Default

Console Port Connection Baud Rate 115200 bps

Data bits 8

Stop bits 1

Parity none

Local Console Timeout 600 seconds

Authentication and
Security Measures

Web Management HTTP Server Enabled

Privileged Exec Level Username “admin”

Normal Exec Level Username “guest”

Enable Privileged Exec from
Normal Exec Level

RADIUS Authentication Disabled

TACACS+ Authentication Disabled

802.1X Port Authentication Disabled

Web Authentication Disabled

MAC Authentication Disabled

HTTPS Enabled

SSH Disabled

Port Security Disabled

IP Filtering Disabled

DHCP Snooping Disabled

IP Source Guard Disabled (all ports)

Password “admin”

Password “guest”

Password “super”

HTTP Port Number 80

HTTP Secure Server Enabled

HTTP Secure Server Port 443

– 38 –

Chapter 1

Table 2: System Defaults (Continued)

Function Parameter Default

SNMP SNMP Agent Enabled

| Introduction

System Defaults

Community Strings “public” (read only)

Traps Authentication traps: enabled

SNMP V3 View: defaultview

Port Configuration Admin Status Enabled

Auto-negotiation Enabled

Flow Control Disabled

Por t Trunk ing Static Trunks None

LACP (all ports) Disabled

Congestion Control Rate Limiting Disabled

Storm Control Broadcast: Enabled

Auto Traffic Control Disabled

Address Table Aging Time 300 seconds

“private” (read/write)

Link-up-down events: enabled

Group: public (read only); private
(read/write)

(64 kbits/sec)
Multicast: Disabled
Unknown Unicast: Disabled

Spanning Tree Algorithm Status Disabled

Edge Ports Auto

LLDP Status Enabled

ERPS Status Disabled

Virtual LANs Default VLAN 1

PVID 1

Acceptable Frame Type All

Ingress Filtering Enabled

Switchport Mode (Egress Mode) Hybrid

GVRP (global) Disabled

GVRP (port interface) Disabled

QinQ Tunneling Disabled

– 39 –

Chapter 1

| Introduction

System Defaults

Table 2: System Defaults (Continued)

Function Parameter Default

Traffic Prioritization Ingress Port Priority 0

Queue Mode WRR

Queue Weight Queue: 0 1 2 3 4 5 6 7

Weight: 1 2 4 6 8 10 12 14

Class of Service Enabled

IP Precedence Priority Disabled

IP DSCP Priority Disabled

IPv6 DSCP Priority Disabled

IP Settings Management. VLAN VLAN 1

IP Address 192.168.2.10

Subnet Mask 255.255.255.0

Default Gateway Not configured

DHCP Client: Enabled

DNS Proxy service: Disabled

BOOTP Disabled

ARP Enabled

Cache Timeout: 20 minutes

Multicast Filtering IGMP Snooping (Layer 2) Snooping: Enabled

Querier: Disabled

MLD Snooping (Layer 2 IPv6) Snooping: Enabled

Querier: Disabled

IGMP Proxy Reporting Disabled

System Log Status Enabled

Messages Logged to RAM Levels 0-7 (all)

Messages Logged to Flash Levels 0-3

SMTP Email Alerts Event Handler Enabled (but no server defined)

SNTP Clock Synchronization Disabled

Switch Clustering Status Disabled

Commander Disabled

– 40 –

Section II

Web Configuration

This section describes the basic switch features, along with a detailed description of
how to configure each feature via a web browser.

This section includes these chapters:

◆ "Using the Web Interface" on page 43

◆ "Basic Management Tasks" on page 63

◆ "Interface Configuration" on page 97

◆ "VLAN Configuration" on page 147

◆ "Address Table Settings" on page 171

◆ "Spanning Tree Algorithm" on page 181

◆ "Congestion Control" on page 205

◆ "Class of Service" on page 209

◆ "Quality of Service" on page 219

◆ "VoIP Traffic Configuration" on page 229

◆ "Security Measures" on page 235

◆ "Basic Administration Protocols" on page 333

◆ "Multicast Filtering" on page 437

◆ "IP Tools" on page 489

◆ "IP Configuration" on page 499

◆ "General IP Routing" on page 521

– 41 –

Section II

| Web Configuration

◆ "IP Services" on page 527

– 42 –

2 Using the Web Interface

This switch provides an embedded HTTP web agent. Using a web browser you can
configure the switch and view statistics to monitor network activity. The web agent
can be accessed by any computer on the network using a standard web browser
(Internet Explorer 9, Mozilla Firefox 39, or Google Chrome 44, or more recent
versions).

Note:

You can also use the Command Line Interface (CLI) to manage the switch
over a serial connection to the console port or via Telnet. For more information on
using the CLI, refer to the CLI Reference Guide.

Connecting to the Web Interface

Prior to accessing the switch from a web browser, be sure you have first performed
the following tasks:

1. The default IP address and subnet mask for the switch is 192.168.2.10 and

255.255.255.0, with no default gateway. If this is not compatible with the
subnet connected to the switch, you can configure it with a valid IP address,
subnet mask, and default gateway. To configure this device as the default
gateway, use the IP > Routing > Static Routes (Add) page, set the destination
address to the required interface, and the next hop to null address 0.0.0.0 .

2. Set user names and passwords using an out-of-band serial connection. Access

to the web agent is controlled by the same user names and passwords as the
onboard configuration program. (See “Configuring User Accounts” on

page 253.)

3. After you enter a user name and password, you will have access to the system

configuration program.

Note:

You are allowed three attempts to enter the correct password; on the third
failed attempt the current connection is terminated.

Note:

If you log into the web interface as guest (Normal Exec level), you can view
the configuration settings or change the guest password. If you log in as “admin”
(Privileged Exec level), you can change the settings on any page.

Note:

If the path between your management station and this switch does not pass
through any device that uses the Spanning Tree Algorithm, then you can set the

– 43 –

Chapter 2

Navigating the Web Browser Interface

| Using the Web Interface

switch port attached to your management station to fast forwarding (i.e., enable
Admin Edge Port) to improve the switch’s response time to management
commands issued through the web interface. See “Configuring Interface Settings

for STA” on page 191.

Note:

input is detected for 600 seconds.

Note:

link local address.

Users are automatically logged off of the HTTP server or HTTPS server if no

Connection to the web interface is not supported for HTTPS using an IPv6

Navigating the Web Browser Interface

To access the web-browser interface you must first enter a user name and
password. The administrator has Read/Write access to all configuration parameters
and statistics. The default user name and password for the administrator is “admin.”
The administrator has full access privileges to configure any parameters in the web
interface. The default user name and password for guest access is “guest.” The guest
only has read access for most configuration parameters. Refer to “Configuring User

Accounts” on page 253 for more details.

Dashboard When your web browser connects with the switch’s web agent, the Dashboard is

displayed as shown below. The Dashboard displays the main menu on the left side
of the screen and System Information, CPU Utilization, Temperature, and Top 5
Most Active Interfaces on the right side. The main menu links are used to navigate
to other menus, and display configuration parameters and statistics.

– 44 –

Figure 1: Dashboard

Chapter 2

Navigating the Web Browser Interface

| Using the Web Interface

– 45 –

Chapter 2

GTL-2661

| Using the Web Interface

Navigating the Web Browser Interface

Configuration Options Configurable parameters have a dialog box or a drop-down list. Once a

configuration change has been made on a page, be sure to click on the Apply
button to confirm the new setting. The following table summarizes the web page
configuration buttons.

Table 3: Web Page Configuration Buttons

Button Action

Apply Sets specified values to the system.

Revert Cancels specified values and restores current

values prior to pressing “Apply.”

Saves current settings.

Displays help for the selected page.

Refreshes the current page.

Displays the site map.

Logs out of the management interface.

Sends mail to the vendor.

Links to the vendor’s web site.

Panel Display The web agent displays an image of the switch’s ports. The Mode can be set to

display different information for the ports, including Active (i.e., up or down),
Duplex (i.e., half or full duplex), or Flow Control (i.e., with or without flow control).

Front Panel Indicators

N

OTE

:

You can open a connection to the vendor’s web site by clicking on the Level

One logo.

– 46 –

Chapter 2

| Using the Web Interface

Navigating the Web Browser Interface

Main Menu Using the onboard web agent, you can define system parameters, manage and

control the switch, and all its ports, or monitor network conditions. The following
table briefly describes the selections available from this program.

Table 4: Switch Main Menu

Menu Description Page

Dashboard Displays system information, CPU utilization, temperature, and top 5

most active interfaces.

System

General Provides basic system description, including contact information 64

Switch Shows the number of ports, hardware version, power status, and

firmware version numbers

Capability Enables support for jumbo frames;

shows the bridge extension parameters

File 69

Copy Allows the transfer and copying files 69

Automatic Operation Code Upgrade Automatically upgrades operation code if a newer version is

found on the server

Set Startup Sets the startup file 72

Show Shows the files stored in flash memory; allows deletion of files 73

Time 77

Configure General

Manual Manually sets the current time 78

SNTP Configures SNTP polling interval 79

44

65

66,
67

73

NTP Configures NTP authentication parameters 79

Configure Time Server Configures a list of SNTP servers 80

Configure SNTP Server Sets the IP address for SNTP time servers 80

Add NTP Server Adds NTP time server and index of authentication key 81

Show NTP Server Shows list of configured NTP time servers 81

Add NTP Authentication Key Adds key index and corresponding MD5 key 83

Show NTP Authentication Key Shows list of configured authentication keys 83

Configure Time Zone Sets the local time zone for the system clock 84

Configure Summer Time Configures summer time settings 85

Console Sets console port connection parameters 87

Telnet Sets Telnet connection parameters 89

CPU Utilization Displays information on CPU utilization 90

CPU Guard Sets the CPU utilization watermark and threshold 91

Memory Status Shows memory utilization parameters 92

– 47 –

Chapter 2

| Using the Web Interface

Navigating the Web Browser Interface

Table 4: Switch Main Menu (Continued)

Menu Description Page

Reset Restarts the switch immediately, at a specified time, after a specified

delay, or at a periodic interval

Interface 97

Port 98

General 98

Configure by Port List Configures connection settings per port 98

Configure by Port Range Configures connection settings for a range of ports 100

Show Information Displays port connection status 101

Statistics Shows Interface, Etherlike, and RMON port statistics 102

Chart Shows Interface, Etherlike, and RMON port statistics 102

History Shows statistical history for specified interfaces 106

Transceiver Shows identifying information and operational parameters for optical

transceivers which support Digital Diagnostic Monitoring (DDM), and
configures thresholds for alarm and warning messages for optical
transceivers which support DDM

Cable Test Performs cable diagnostics for selected port to diagnose any cable

faults (short, open etc.) and report the cable length

Trunk 115

Static 116

93

110
111

113

Configure Trunk 116

Add Creates a trunk, along with the first port member 116

Show Shows the configured trunk identifiers 116

Add Member Specifies ports to group into static trunks 116

Show Member Shows the port members for the selected trunk 116

Configure General 116

Configure Configures trunk connection settings 116

Show Information Displays trunk connection settings 116

Dynamic 119

Configure Aggregator Configures administration key and timeout for specific LACP

groups

Configure Aggregation Port 116

Configure 116

General Allows ports to dynamically join trunks 119

Actor Configures parameters for link aggregation group members on the

local side

Partner Configures parameters for link aggregation group members on the

remote side

119

119

119

– 48 –

Chapter 2

| Using the Web Interface

Navigating the Web Browser Interface

Table 4: Switch Main Menu (Continued)

Menu Description Page

Show Information 125

Counters Displays statistics for LACP protocol messages 125

Internal Displays configuration settings and operational state for the local side

of a link aggregation

Neighbors Displays configuration settings and operational state for the remote

side of a link aggregation

Configure Trunk 119

Configure Configures connection settings 119

Show Displays port connection status 119

Show Member Shows the active members in a trunk 119

Statistics Shows Interface, Etherlike, and RMON port statistics 102

Chart Shows Interface, Etherlike, and RMON port statistics 102

Load Balance Sets the load-distribution method among ports in aggregated links 129

History Shows statistical history for specified interfaces 106

Green Ethernet Adjusts the power provided to ports based on the length of the cable

used to connect to other devices

Mirror 132

Add Sets the source and target ports for mirroring 132

Show Shows the configured mirror sessions 132

RSPAN Mirrors traffic from remote switches for analysis at a destination port on

the local switch

126

128

131

134

sFlow Configures flow sampling for receiver ports and instances 138

Configure Receiver Creates an sFlow receiver on the switch 139

Configure Details Enable an sFlow polling data source that polls periodically based on a

specified time interval, or an sFlow data source instance that takes
samples periodically based on the number of packets processed

Traffic Segmentation 143

Configure Global Enables traffic segmentation globally 143

Configure Session Configures the uplink and down-link ports for a segmented group of

ports

VLAN Virtual LAN 147

Static

Add Creates VLAN groups 149

Show Displays configured VLAN groups 149

Modify Configures group name and administrative status 149

Edit Member by VLAN Specifies VLAN attributes per VLAN 152

Edit Member by Interface Specifies VLAN attributes per interface 152

Edit Member by Interface Range Specifies VLAN attributes per interface range 152

141

144

– 49 –

Chapter 2

| Using the Web Interface

Navigating the Web Browser Interface

Table 4: Switch Main Menu (Continued)

Menu Description Page

Tunnel IEEE 802.1Q (QinQ) Tunneling 156

Configure Global Sets tunnel mode for the switch 160

Configure Interface Sets the tunnel mode for any participating interface 163

Protocol 164

Configure Protocol 165

Add Creates a protocol group, specifying supported protocols 165

Show Shows configured protocol groups 165

Configure Interface 166

Add Maps a protocol group to a VLAN 166

Show Shows the protocol groups mapped to each VLAN 166

MAC-Based 168

Add Maps traffic with specified source MAC address to a VLAN 168

Show Shows source MAC address to VLAN mapping 168

MAC Address 171

Dynamic

Configure Aging Sets timeout for dynamically learned entries 173

Show Dynamic MAC Displays dynamic entries in the address table 171

Clear Dynamic MAC Removes any learned entries from the forwarding database and clears

the transmit and receive counts for any static or system configured
entries

Learning Status Enables MAC address learning on selected interfaces 174

Static Configurea static MAC addresses 176

MAC Notification 178

Configure Global Issues a trap when a dynamic MAC address is added or removed 178

Configure Interface Enables MAC authentication traps on the current interface 178

Spanning Tree 181

Loopback Detection Configures Loopback Detection parameters 183

STA Spanning Tree Algorithm

Configure Global

Configure Configures global bridge settings for STP, RSTP and MSTP 185

172

Show Information Displays STA values used for the bridge 190

Configure Interface

Configure Configures interface settings for STA 191

Show Information Displays interface settings for STA 196

– 50 –

Chapter 2

| Using the Web Interface

Navigating the Web Browser Interface

Table 4: Switch Main Menu (Continued)

Menu Description Page

MSTP Multiple Spanning Tree Algorithm 199

Configure Global 199

Add Configures initial VLAN and priority for an MST instance 199

Modify Configures the priority or an MST instance 199

Show Configures global settings for an MST instance 199

Add Member Adds VLAN members for an MST instance 199

Show Member Adds or deletes VLAN members for an MST instance 199

Show Information Displays MSTP values used for the bridge

Configure Interface 203

Configure Configures interface settings for an MST instance 203

Show Information Displays interface settings for an MST instance 203

Tra ffic

Rate Limit Sets the input and output rate limits for a port 205

Storm Control Sets the broadcast storm threshold for each interface 206

Priority

Default Priority Sets the default priority for each port or trunk 209

Queue Sets queue mode for the switch; sets the service weight for each queue

that will use a weighted or hybrid mode

Trust Mode Selects DSCP or CoS priority processing 214

CoS to Queue Maps CoS/CFI values in incoming packets to per-hop behavior for

priority processing

DSCP to Queue Maps DSCP values in incoming packets to per-hop behavior for priority

processing

DiffServ 219

Configure Class 220

Add Creates a class map for a type of traffic 220

Show Shows configured class maps 220

Modify Modifies the name of a class map 220

Add Rule Configures the criteria used to classify ingress traffic 220

Show Rule Shows the traffic classification rules for a class map 220

210

215

216

Configure Policy 223

Add Creates a policy map to apply to multiple interfaces 223

Show Shows configured policy maps 223

Modify Modifies the name of a policy map 223

Add Rule Sets the boundary parameters used for monitoring inbound traffic, and

the action to take for conforming and non-conforming traffic

223

– 51 –

Chapter 2

| Using the Web Interface

Navigating the Web Browser Interface

Table 4: Switch Main Menu (Continued)

Menu Description Page

Show Rule Shows the rules used to enforce bandwidth policing for a policy map 223

Configure Interface Applies a policy map to an ingress port 226

VoIP Voice over IP 229

Configure Global Configures auto-detection of VoIP traffic, sets the Voice VLAN, and VLAN

aging time

Configure OUI 231

Add Maps the OUI in the source MAC address of ingress packets to the VoIP

device manufacturer

Show Shows the OUI telephony list 231

Configure Interface Configures VoIP traffic settings for ports, including the way in which a

port is added to the Voice VLAN, filtering of non-VoIP packets, the
method of detecting VoIP traffic, and the priority assigned to the voice
traffic

Security 235

AAA Authentication, Authorization and Accounting 236

System Authentication Configures authentication sequence – local, RADIUS, and TACACS 237

Server 238

Configure Server Configures RADIUS and TACACS server message exchange settings 238

Configure Group 238

Add Specifies a group of authentication servers and sets the priority

sequence

Show Shows the authentication server groups and priority sequence 238

Accounting Enables accounting of requested services for billing or security

purposes

230

231

232

238

243

Configure Global Specifies the interval at which the local accounting service updates

information to the accounting server

Configure Method 243

Add Configures accounting for various service types 243

Show Shows the accounting settings used for various service types 243

Configure Service Sets the accounting method applied to specific interfaces for 802.1X,

CLI command privilege levels for the console port, and for Telnet

Show Information 243

Summary Shows the configured accounting methods, and the methods applied

to specific interfaces

Statistics Shows basic accounting information recorded for user sessions 243

Authorization Enables authorization of requested services 249

Configure Method 249

Add Configures authorization for various service types 249

Show Shows the authorization settings used for various service types 249

243

243

243

– 52 –

Chapter 2

| Using the Web Interface

Navigating the Web Browser Interface

Table 4: Switch Main Menu (Continued)

Menu Description Page

Configure Service Sets the authorization method applied used for the console port, and

for Telnet

Show Information Shows the configured authorization methods, and the methods applied

to specific interfaces

User Accounts 253

Add Configures user names, passwords, and access levels 253

Show Shows authorized users 253

Modify Modifies user attributes 253

Web Authentication Allows authentication and access to the network when 802.1X or

Network Access authentication are infeasible or impractical

Configure Global Configures general protocol settings 255

Configure Interface Enables Web Authentication for individual ports 256

Network Access MAC address-based network access authentication 257

Configure Global Enables aging for authenticated MAC addresses, and sets the time

period after which a connected MAC address must be reauthenticated

Configure Interface 261

General Enables MAC authentication on a port; sets the maximum number of

address that can be authenticated, the guest VLAN, dynamic VLAN and
dynamic QoS

Configure MAC Filter 263

249

249

255

260

261

Add Specifies MAC addresses exempt from authentication 263

Show Shows the list of exempt MAC addresses 263

Show Information Shows the authenticated MAC address list 264

HTTPS Secure HTTP 266

Configure Global Enables HTTPs, and specifies the UDP port to use 266

Copy Certificate Replaces the default secure-site certificate 268

SSH Secure Shell 270

Configure Global Configures SSH server settings 272

Configure Host Key 273

Generate Generates the host key pair (public and private) 273

Show Displays RSA and DSA host keys; deletes host keys 273

Configure User Key 275

Copy Imports user public keys from a TFTP server 275

Show Displays RSA and DSA user keys; deletes user keys 275

ACL Access Control Lists 277

Configure ACL 280

Show TCAM Shows utilization parameters for TCAM 278

– 53 –

Chapter 2

| Using the Web Interface

Navigating the Web Browser Interface

Table 4: Switch Main Menu (Continued)

Menu Description Page

Add Adds an ACL based on IP or MAC address filtering 280

Show Shows the name and type of configured ACLs 280

Add Rule Configures packet filtering based on IP or MAC addresses and other

packet attributes

Show Rule Shows the rules specified for an ACL 280

Configure Interface Binds a port to the specified ACL and time range

Configure Binds a port to the specified ACL and time range 293

Show Hardware Counters Shows statistics for ACL hardware counters 294

IP Filter 296

Add Sets IP addresses of clients allowed management access via the web,

SNMP, and Telnet

Show Shows the addresses to be allowed management access 296

Port Security Configures per port security, including status, response for security

breach, and maximum allowed MAC addresses

Port Authentication IEEE 802.1X 300

Configure Global Enables authentication and EAPOL pass-through 302

Configure Interface Sets authentication parameters for individual ports 302

Show Statistics Displays protocol statistics for the selected port 306

DoS Protection Protects against Denial-of-Service attacks 308

DHCP Snooping 310

280

296

298

Configure Global Enables DHCP snooping globally, MAC-address verification,

information option; and sets the information policy

Configure VLAN Enables DHCP snooping on a VLAN 315

Configure Interface Sets the trust mode for an interface 316

Show Information Displays the DHCP Snooping binding information 317

IP Source Guard Filters IP traffic based on static entries in the IP Source Guard table, or

dynamic entries in the DHCP Snooping table

General Enables IP source guard and selects filter type per port 318

Static Binding 320

Configure ACL Table 320

Add Adds static addresses to the source guard ACL binding table 320

Show Shows static addresses in the source guard ACL binding table 320

Configure MAC Table 320

Add Adds static addresses to the source guard MAC address binding table 320

Show Shows static addresses in the source guard MAC address binding table 320

Dynamic Binding Displays the source-guard binding table for a selected interface 323

313

318

– 54 –

Chapter 2

| Using the Web Interface

Navigating the Web Browser Interface

Table 4: Switch Main Menu (Continued)

Menu Description Page

ARP Inspection 324

Configure General Enables inspection globally, configures validation of additional address

components, and sets the log rate for packet inspection

Configure VLAN Enables ARP inspection on specified VLANs 327

Configure Interface Sets the trust mode for ports, and sets the rate

limit for packet inspection

Show Information 330

Show Statistics Displays statistics on the inspection process 330

Show Log Shows the inspection log list 331

Administration 333

Log 334

System 334

Configure Global Stores error messages in local memory 334

Show System Logs Shows logged error messages 334

Remote Configures the logging of messages to a remote logging process 336

SMTP Sends an SMTP client message to a participating server 337

LLDP 339

Configure Global Configures global LLDP timing parameters 339

325

329

Configure Interface 341

Configure General Sets the message transmission mode; enables SNMP notification; and

sets the LLDP attributes to advertise

Add CA-Type Specifies the physical location of the device attached to an interface 345

Show Local Device Information 347

General Displays general information about the local device 347

Port/Trunk Displays information about each interface 347

Show Remote Device Information 351

Port/Trunk Displays information about a remote device connected to a port on this

switch

Port/Trunk Details Displays detailed information about a remote device connected to this

switch

Show Device Statistics 359

General Displays statistics for all connected remote devices 359

Port/Trunk Displays statistics for remote devices on a selected port or trunk 359

SNMP Simple Network Management Protocol 362

Configure Global Enables SNMP agent status, and sets related trap functions 364

341

351

351

– 55 –

Chapter 2

| Using the Web Interface

Navigating the Web Browser Interface

Table 4: Switch Main Menu (Continued)

Menu Description Page

Configure Engine 365

Set Engine ID Sets the SNMP v3 engine ID on this switch 365

Add Remote Engine Sets the SNMP v3 engine ID for a remote device 366

Show Remote Engine Shows configured engine ID for remote devices 366

Configure View 367

Add View Adds an SNMP v3 view of the OID MIB 367

Show View Shows configured SNMP v3 views 367

Add OID Subtree Specifies a part of the subtree for the selected view 367

Show OID Subtree Shows the subtrees assigned to each view 367

Configure Group 370

Add Adds a group with access policies for assigned users 370

Show Shows configured groups and access policies 370

Configure User

Add Community Configures community strings and access mode 375

Show Community Shows community strings and access mode 375

Add SNMPv3 Local User Configures SNMPv3 users on this switch 376

Show SNMPv3 Local User Shows SNMPv3 users configured on this switch 376

Change SNMPv3 Local User Group Assign a local user to a new group 376

Add SNMPv3 Remote User Configures SNMPv3 users from a remote device 379

Show SNMPv3 Remote User Shows SNMPv3 users set from a remote device 376

Configure Trap 382

Add Configures trap managers to receive messages on key events that occur

on this switch

Show Shows configured trap managers 382

Configure Notify Filter

Add Creates an SNMP notification log 386

Show Shows the configured notification logs 386

Show Statistics Shows the status of SNMP communications 388

RMON Remote Monitoring 390

382

Configure Global

Add

Alarm Sets threshold bounds for a monitored variable 390

Event Creates a response event for an alarm 393

– 56 –

Chapter 2

| Using the Web Interface

Navigating the Web Browser Interface

Table 4: Switch Main Menu (Continued)

Menu Description Page

Show 390

Alarm Shows all configured alarms 390

Event Shows all configured events 393

Configure Interface

Add

History Periodically samples statistics on a physical interface 395

Statistics Enables collection of statistics on a physical interface 398

Show

History Shows sampling parameters for each entry in the history group 395

Statistics Shows sampling parameters for each entry in the statistics group 398

Show Details

History Shows sampled data for each entry in the history group 395

Statistics Shows sampled data for each entry in the history group 398

Time Range Configures the time to apply an ACL 405

Add Specifies the name of a time range 405

Show Shows the name of configured time ranges 405

Add Rule 405

Absolute Sets exact time or time range 405

Periodic Sets a recurrent time 405

Show Rule Shows the time specified by a rule 405

ERPS Ethernet Ring Protection Switching 408

Configure Global Activates ERPS globally 412

Configure Domain 412

Add Creates an ERPS ring 412

Show Shows list of configured ERPS rings, status, and settings 412

Configure Details Configures ring parameters 412

Configure Operation Blocks a ring port using Forced Switch or Manual Switch

commands

LDB Loopback Detection 432

428

Configure Global Enables loopback detection globally, specifies the interval at which to

transmit control frames, specifies the interval to wait before releasing
an interface from shutdown state, specifies response to detect
loopback, and traps to send

Configure Interface Enables loopback detection per interface 435

Tools

Ping Sends ICMP echo request packets to another node on the network 463

– 57 –

433

Chapter 2

| Using the Web Interface

Navigating the Web Browser Interface

Table 4: Switch Main Menu (Continued)

Menu Description Page

Trace Route Shows the route packets take to the specified

destination

ARP Shows entries in the Address Resolution Protocol cache 466

IP 499

General

Routing Interface

Add Address Configures an IP interface for a VLAN 499

Show Address Shows the IP interfaces assigned to a VLAN 499

Routing

Static Routes 524

Add Configures static routing entries 524

Show Shows static routing entries 524

Routing Table Shows all routing entries, including local, static and dynamic routes 525

IPv6 Configuration 503

Configure Global Sets an IPv6 default gateway for traffic with no known next hop 503

Configure Interface Configures IPv6 interface address using auto-configuration or link-local

address, and sets related protocol settings

464

504

Add IPv6 Address Adds an global unicast, EUI-64, or link-local IPv6 address to an interface 509

Show IPv6 Address Show the IPv6 addresses assigned to an interface 511

Show IPv6 Neighbor Cache Displays information in the IPv6 neighbor discovery cache 513

Show Statistics 514

IPv6 Shows statistics about IPv6 traffic 514

ICMPv6 Shows statistics about ICMPv6 messages 514

UDP Shows statistics about UDP messages 514

Show MTU Shows the maximum transmission unit (MTU) cache for destinations

that have returned an ICMP packet-too-big message along with an
acceptable MTU to this switch

IP Service 527

DNS Domain Name Service

General 527

Configure Global Enables DNS lookup; defines the default domain name appended to

incomplete host names

Add Domain Name Defines a list of domain names that can

be appended to incomplete host names

Show Domain Names Shows the configured domain name list 528

520

527

528

Add Name Server Specifies IP address of name servers for dynamic lookup 530

Show Name Servers Shows the name server address list 530

– 58 –

Chapter 2

| Using the Web Interface

Navigating the Web Browser Interface

Table 4: Switch Main Menu (Continued)

Menu Description Page

Static Host Table 531

Add Configures static entries for domain name to address mapping 531

Show Shows the list of static mapping entries 531

Modify Modifies the static address mapped to the selected host name 531

Cache Displays cache entries discovered by designated name servers 532

Multicast DNS Configures multicast DNS lookup on the local network without the

need for a dedicated server

DHCP Dynamic Host Configuration Protocol 534

Client Specifies the DHCP client identifier for an interface 535

Relay Specifies DHCP relay servers 536

Dynamic Provision Enables dynamic provisioning via DHCP 538

Multicast 437

IGMP Snooping 438

General Enables multicast filtering; configures parameters for multicast

snooping

Multicast Router 444

Add Static Multicast Router Assigns ports that are attached to a neighboring multicast router 444

Show Static Multicast Router Displays ports statically configured as attached to a neighboring

multicast router

Show Current Multicast Router Displays ports attached to a neighboring multicast router, either

through static or dynamic configuration

IGMP Member 446

Add Static Member Statically assigns multicast addresses to the selected VLAN 446

Show Static Member Shows multicast addresses statically configured on the selected VLAN 446

527

440

444

444

Interface 448

Configure VLAN Configures IGMP snooping per VLAN interface 448

Show VLAN Information Shows IGMP snooping settings per VLAN interface 448

Configure Port Configures the interface to drop IGMP query packets or all multicast

data packets

Configure Trunk Configures the interface to drop IGMP query packets or all multicast

data packets

Forwarding Entry Displays the current multicast groups learned through IGMP Snooping 455

Filter 460

Configure General Enables IGMP filtering for the switch 460

Configure Profile 461

Add Adds IGMP filter profile; and sets access mode 461

Show Shows configured IGMP filter profiles 461

454

454

– 59 –

Chapter 2

| Using the Web Interface

Navigating the Web Browser Interface

Table 4: Switch Main Menu (Continued)

Menu Description Page

Add Multicast Group Range Assigns multicast groups to selected profile 461

Show Multicast Group Range Shows multicast groups assigned to a profile 461

Configure Interface Assigns IGMP filter profiles to port interfaces and sets throttling action 463

Statistics 456

Show Query Statistics Shows statistics for query-related messages 456

Show VLAN Statistics Shows statistics for protocol messages, number of active groups 456

Show Port Statistics Shows statistics for protocol messages, number of active groups 456

Show Trunk Statistics Shows statistics for protocol messages, number of active groups 456

MLD Snooping 465

General Enables multicast filtering; configures parameters for IPv6 multicast

snooping

Interface Configures Immediate Leave status for a VLAN 467

Multicast Router 468

Add Static Multicast Router Assigns ports that are attached to a neighboring multicast router 468

Show Static Multicast Router Displays ports statically configured as attached to a neighboring

multicast router

Show Current Multicast Router Displays ports attached to a neighboring multicast router, either

through static or dynamic configuration

MLD Member 470

Add Static Member Statically assigns multicast addresses to the selected VLAN 470

Show Static Member Shows multicast addresses statically configured on the selected VLAN 470

Show Current Member Shows multicast addresses associated with the selected VLAN, either

through static or dynamic configuration

Filter 481

Configure General Enables MLD filtering for the switch 482

Configure Profile 482

Add Adds MLD filter profile; and sets access mode 482

Show Shows configured MLD filter profiles 482

465

468

468

470

Add Multicast Group Range Assigns multicast groups to selected profile 482

Show Multicast Group Range Shows multicast groups assigned to a profile 482

Query Drop Configures the interface to drop MLD query packets 486

Group Information Displays known multicast groups, member ports, the means by which

each group was learned, and the corresponding source list

Statistics 473

Input Shows statistics for MLD ingress traffic 470

Output Shows statistics for MLD egress traffic 470

Query Shows statistics for query-related messages 470

472

– 60 –

Chapter 2

Navigating the Web Browser Interface

| Using the Web Interface

Table 4: Switch Main Menu (Continued)

Menu Description Page

Summary Shows summary statistics for querier and report/leave messages 470

Clear Clears all MLD statics or statistics for specified VLAN/port 470

– 61 –

Chapter 2

Navigating the Web Browser Interface

| Using the Web Interface

– 62 –

3 Basic Management Tasks

This chapter describes the following topics:

◆ Displaying System Information – Provides basic system description, including

contact information.

◆ Displaying Hardware/Software Versions – Shows the hardware version, power

status, and firmware versions

◆ Configuring Support for Jumbo Frames – Enables support for jumbo frames.

◆ Displaying Bridge Extension Capabilities – Shows the bridge extension

parameters.

◆ Managing System Files – Describes how to upgrade operating software or

configuration files, and set the system start-up files.

◆ Setting the System Clock – Sets the current time manually or through specified

NTP or SNTP servers.

◆ Configuring the Console Port – Sets console port connection parameters.

◆ Configuring Telnet Settings – Sets Telnet connection parameters.

◆ Displaying CPU Utilization – Displays information on CPU utilization.

◆ Configuring CPU Guard – Sets thresholds in terms of CPU usage time and

number of packets processed per second.

◆ Displaying Memory Utilization – Shows memory utilization parameters.

◆ Resetting the System – Restarts the switch immediately, at a specified time,

after a specified delay, or at a periodic interval.

– 63 –

Chapter 3

Displaying System Information

| Basic Management Tasks

Displaying System Information

Use the System > General page to identify the system by displaying information
such as the device name, location and contact information.

Parameters

These parameters are displayed:

◆ System Description – Brief description of device type.

◆ System Object ID – MIB II object ID for switch’s network management

subsystem.

◆ System Up Time – Length of time the management agent has been up.

◆ System Name – Name assigned to the switch system.

◆ System Location – Specifies the system location.

◆ System Contact – Administrator responsible for the system.

Web Interface

To configure general system information:

1. Click System, General.

2. Specify the system name, location, and contact information for the system

administrator.

3. Click Apply.

Figure 2: System Information

– 64 –

Displaying Hardware/Software Versions

Use the System > Switch page to display hardware/firmware version numbers for
the main board and management software, as well as the power status of the
system.

Parameters

The following parameters are displayed:

Main Board Information

◆ Serial Number – The serial number of the switch.

◆ Number of Ports – Number of built-in ports.

◆ Hardware Version – Hardware version of the main board.

◆ Main Power Status – Displays the status of the internal power supply.

Chapter 3

Displaying Hardware/Software Versions

| Basic Management Tasks

Management Software Information

◆ Role – Shows that this switch is operating as Master or Slave.

◆ Loader Version – Version number of loader code.

◆ Linux Kernel Version – Version number of Linux kernel.

◆ Operation Code Version – Version number of runtime code.

◆ Thermal Detector – Thermal detector is near the back of the unit.

◆ Te mp e ra t u re – Temperature at specified thermal detection point.

– 65 –

Chapter 3

Configuring Support for Jumbo Frames

| Basic Management Tasks

Web Interface

To view hardware and software version information.

1. Click System, then Switch.

Figure 3: General Switch Information

Configuring Support for Jumbo Frames

Use the System > Capability page to configure support for layer 2 jumbo frames.
The switch provides more efficient throughput for large sequential data transfers
by supporting jumbo frames up to 10240 bytes for Gigabit Ethernet and 10 Gigabit
Ethernet ports or trunks. Compared to standard Ethernet frames that run only up to

1.5 KB, using jumbo frames significantly reduces the per-packet overhead required
to process protocol encapsulation fields.

Usage Guidelines

To use jumbo frames, both the source and destination end nodes (such as a
computer or server) must support this feature. Also, when the connection is
operating at full duplex, all switches in the network between the two end nodes
must be able to accept the extended frame size. And for half-duplex connections,
all devices in the collision domain would need to support jumbo frames.

Parameters

The following parameters are displayed:

◆ Jumbo Frame – Configures support for jumbo frames. (Default: Disabled)

– 66 –

Chapter 3

Displaying Bridge Extension Capabilities

Web Interface

To configure support for jumbo frames:

1. Click System, then Capability.

2. Enable or disable support for jumbo frames.

3. Click Apply.

Figure 4: Configuring Support for Jumbo Frames

| Basic Management Tasks

Displaying Bridge Extension Capabilities

Use the System > Capability page to display settings based on the Bridge MIB. The
Bridge MIB includes extensions for managed devices that support Multicast
Filtering, Traffic Classes, and Virtual LANs. You can access these extensions to
display default settings for the key variables.

Parameters

The following parameters are displayed:

◆ Extended Multicast Filtering Services – This switch does not support the

filtering of individual multicast addresses based on GMRP (GARP Multicast
Registration Protocol).

◆ Traffic Classes – This switch provides mapping of user priorities to multiple

traffic classes. (Refer to “Class of Service” on page 209.)

◆ Static Entry Individual Port – This switch allows static filtering for unicast and

multicast addresses. (Refer to “Setting Static Addresses” on page 176.)

◆ VLAN Version Number – Based on IEEE 802.1Q, “1” indicates Bridges that

support only single spanning tree (SST) operation, and “2” indicates Bridges
that support multiple spanning tree (MST) operation.

◆ VLAN Learning – This switch uses Independent VLAN Learning (IVL), where

each port maintains its own filtering database.

◆ Local VLAN Capable – This switch does not support multiple local bridges

outside of the scope of 802.1Q defined VLANs.

– 67 –

Chapter 3

Displaying Bridge Extension Capabilities

| Basic Management Tasks

◆ Configurable PVID Tagging – This switch allows you to override the default

Port VLAN ID (PVID used in frame tags) and egress status (VLAN-Tagged or
Untagged) on each port. (Refer to “VLAN Configuration” on page 147.)

◆ Max Supported VLAN Numbers – The maximum number of VLANs supported

on this switch.

◆ Max Supported VLAN ID – The maximum configurable VLAN identifier

supported on this switch.

Web Interface

To view Bridge Extension information:

1. Click System, then Capability.

Figure 5: Displaying Bridge Extension Configuration

– 68 –

Managing System Files

This section describes how to upgrade the switch operating software or
configuration files, and set the system start-up files.

Chapter 3

| Basic Management Tasks

Managing System Files

Copying Files via FTP/

SFTP/TFTP or HTTP

Use the System > File (Copy) page to upload/download firmware or configuration
settings using FTP, SFTP, TFTP or HTTP. By backing up a file to a FTP/SFTP/TFTP
server or management station, that file can later be downloaded to the switch to
restore operation. Specify the method of file transfer, along with the file type and
file names as required.

You can also set the switch to use new firmware or configuration settings without
overwriting the current version. Just download the file using a different name from
the current version, and then set the new file as the startup file.

Command Usage

◆ When logging into an FTP/SFTP server, the interface prompts for a user name

and password configured on the remote server. Note that “Anonymous” is set
as the default user name.

◆ Secure Shell FTP (SFTP) provides a method of transferring files between two

network devices over an SSH2-secured connection. SFTP functions similar to
Secure Copy (SCP), using SSH for user authentication and data encryption.

Although the underlying premises of SFTP are similar to SCP, it requires some
additional steps to verify the protocol versions and perform security checks.
SFTP connection setup includes verification of the DSS signature, creation of
session keys, creation of client-server and server-client ciphers, SSH key
exchange, and user authentication. An SFTP channel is then opened, the SFTP
protocol version compatibility verified, and SFTP finally initialized.

◆ The reset command will not be accepted during copy operations to flash

memory.

Parameters

The following parameters are displayed:

◆ Copy Type – The firmware copy operation includes these options:

■

FTP Upload – Copies a file from an FTP server to the switch.

■

FTP Download – Copies a file from the switch to an FTP server.

■

HTTP Upload – Copies a file from a management station to the switch.

■

HTTP Download – Copies a file from the switch to a management station

■

SFTP Upload – Copies a file from an SFTP server to the switch.

■

SFTP Download – Copies a file from the switch to an SFTP server.

■

TFTP Upload – Copies a file from a TFTP server to the switch.

– 69 –

Chapter 3

Managing System Files

| Basic Management Tasks

■

TFTP Download – Copies a file from the switch to a TFTP server.

◆ FTP/SFTP/TFTP Server IP Address – The IP address of an FTP/SFTP/TFTP

server.

◆ User Name – The user name for SFTP/FTP server access.

◆ Password – The password for SFTP/FTP server access.

◆ File Type – Specify Operation Code to copy firmware.

◆ File Name –

of the file name should not be a period (.),

The file name should not contain slashes (\ or /), the leading letter

and the maximum length for file
names is 32 characters for files on the switch or 127 characters for files on the
server. (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”)

Note:

Up to two copies of the system software (i.e., the runtime firmware) can be

stored in the file directory on the switch.

Note:

The maximum number of user-defined configuration files is limited only by

available flash memory space.

Note:

The file “Factory_Default_Config.cfg” can be copied to a file server or
management station, but cannot be used as the destination file name on the
switch.

Web Interface

To copy firmware files:

1. Click System, then File.

2. Select Copy from the Action list.

3. Select FTP Upload, HTTP Upload, SFTP or TFTP Upload as the file transfer

method.

4. If FTP, SFTP or TFTP Upload is used, enter the IP address of the file server.

5. If FTP/SFTP Upload is used, enter the user name and password for your account

on the FTP/SFTP server.

6. Set the file type to Operation Code.

7. Enter the name of the file to download.

8. Select a file on the switch to overwrite or specify a new file name.

9. Then click Apply.

– 70 –

Chapter 3

| Basic Management Tasks

Managing System Files

Figure 6: Copy Firmware

If you replaced a file currently used for startup and want to start using the new file,
reboot the system via the System > Reset menu.

Saving the Running

Configuration to a

Local File

Use the System > File (Copy) page to save the current configuration settings to a
local file on the switch. The configuration settings are not automatically saved by
the system for subsequent use when the switch is rebooted. You must save these
settings to the current startup file, or to another file which can be subsequently set
as the startup file.

Parameters

The following parameters are displayed:

◆ Copy Type – The copy operation includes this option:

■

Running-Config – Copies the current configuration settings to a local file on
the switch.

◆ Destination File Name – Copy to the currently designated startup file, or to a

new file.

The file name should not contain slashes (\ or /),

the leading letter of
the file name should not be a period (.), and the maximum length for file names
is 32 characters. (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”)

Note:

The maximum number of user-defined configuration files is limited only by

available flash memory space.

Web Interface

To save the running configuration file:

1. Click System, then File.

2. Select Copy from the Action list.

3. Select Running-Config from the Copy Type list.

– 71 –

Chapter 3

Managing System Files

| Basic Management Tasks

4. Select the current startup file on the switch to overwrite or specify a new file

name.

5. Then click Apply.

Figure 7: Saving the Running Configuration

If you replaced a file currently used for startup and want to start using the new file,
reboot the system via the System > Reset menu.

Setting the

Start-up File

Use the System > File (Set Start-Up) page to specify the firmware or configuration
file to use for system initialization.

Web Interface

To set a file to use for system initialization:

1. Click System, then File.

2. Select Set Start-Up from the Action list.

3. Mark the operation code or configuration file to be used at startup

4. Then click Apply.

Figure 8: Setting Start-Up Files

To start using the new firmware or configuration settings, reboot the system via the
System > Reset menu.

– 72 –

Chapter 3

| Basic Management Tasks

Managing System Files

Showing System Files Use the System > File (Show) page to show the files in the system directory, or to

delete a file.

Note:

Files designated for start-up, and the Factory_Default_Config.cfg file, cannot

be deleted.

Web Interface

To show the system files:

1. Click System, then File.

2. Select Show from the Action list.

3. To delete a file, mark it in the File List and click Delete.

Figure 9: Displaying System Files

Automatic Operation

Code Upgrade

Use the System > File (Automatic Operation Code Upgrade) page to automatically
download an operation code file when a file newer than the currently installed one
is discovered on the file server. After the file is transferred from the server and
successfully written to the file system, it is automatically set as the startup file, and
the switch is rebooted.

Usage Guidelines

◆ If this feature is enabled, the switch searches the defined URL once during the

bootup sequence.

◆ FTP (port 21) and TFTP (port 69) are both supported. Note that the TCP/UDP

port bindings cannot be modified to support servers listening on non-standard
ports.

◆ The host portion of the upgrade file location URL must be a valid IPv4 IP

address. DNS host names are not recognized. Valid IP addresses consist of four
numbers, 0 to 255, separated by periods.

– 73 –

Chapter 3

Managing System Files

| Basic Management Tasks

◆ The path to the directory must also be defined. If the file is stored in the root

directory for the FTP/TFTP service, then use the “/” to indicate this (e.g., ftp://

192.168.0.1/).

◆ The file name must not be included in the upgrade file location URL. The file

name of the code stored on the remote server must be Level1-Series.bix (using
upper case and lower case letters exactly as indicated here). Enter the file name
for other switches described in this manual exactly as shown on the web
interface.

◆ The FTP connection is made with PASV mode enabled. PASV mode is needed to

traverse some fire walls, even if FTP traffic is not blocked. PASV mode cannot be
disabled.

◆ The switch-based search function is case-insensitive in that it will accept a file

name in upper or lower case (i.e., the switch will accept Level1-2661-Series.BIX
from the server even though Level1-2661-Series.bix was requested). However,
keep in mind that the file systems of many operating systems such as Unix and
most Unix-like systems (FreeBSD, NetBSD, OpenBSD, and most Linux
distributions, etc.) are case-sensitive, meaning that two files in the same
directory, Level1-2661-series.bix and LEVEL1-2661-Series.bix are considered to be
unique files. Thus, if the upgrade file is stored as LEVEL1-2661-Series.bix (or even

LeVeL1-2661-Series.bix) on a case-sensitive server, then the switch (requesting
Level1-2661-series.bix) will not be upgraded because the server does not

recognize the requested file name and the stored file name as being equal. A
notable exception in the list of case-sensitive Unix-like operating systems is
Mac OS X, which by default is case-insensitive. Please check the documentation
for your server’s operating system if you are unsure of its file system’s behavior.

◆ Note that the switch itself does not distinguish between upper and lower-case

file names, and only checks to see if the file stored on the server is more recent
than the current runtime image.

◆ If two operation code image files are already stored on the switch’s file system,

then the non-startup image is deleted before the upgrade image is transferred.

◆ The automatic upgrade process will take place in the background without

impeding normal operations (data switching, etc.) of the switch.

◆ During the automatic search and transfer process, the administrator cannot

transfer or update another operation code image, configuration file, public key,
or HTTPS certificate (i.e., no other concurrent file management operations are
possible).

◆ The upgrade operation code image is set as the startup image after it has been

successfully written to the file system.

◆ The switch will send an SNMP trap and make a log entry upon all upgrade

successes and failures.

– 74 –

Chapter 3

| Basic Management Tasks

Managing System Files

◆ The switch will immediately restart after the upgrade file is successfully written

to the file system and set as the startup image.

Parameters

The following parameters are displayed:

◆ Automatic Opcode Upgrade – Enables the switch to search for an upgraded

operation code file during the switch bootup process. (Default: Disabled)

◆ Automatic Upgrade Location URL – Defines where the switch should search

for the operation code upgrade file. The last character of this URL must be a
forward slash (“/”). The Level1-2661Series.bix filename must not be included
since it is automatically appended by the switch. (Options: ftp, sftp, tftp)

The following syntax must be observed:

tftp://host[/filedir]/

■

tftp:// – Defines TFTP protocol for the server connection.

■

host – Defines the IP address of the TFTP server. Valid IP addresses consist of
four numbers, 0 to 255, separated by periods. DNS host names are not
recognized.

■

filedir – Defines the directory, relative to the TFTP server root, where the
upgrade file can be found. Nested directory structures are accepted. The
directory name must be separated from the host, and in nested directory
structures, from the parent directory, with a prepended forward slash “/”.

■

/ – The forward slash must be the last character of the URL.

ftp://[username[:password@]]host[/filedir]/

■

ftp:// – Defines FTP protocol for the server connection.

■

username – Defines the user name for the FTP connection. If the user name
is omitted, then “anonymous” is the assumed user name for the
connection.

■

password – Defines the password for the FTP connection. To differentiate
the password from the user name and host portions of the URL, a colon (:)
must precede the password, and an “at” symbol (@), must follow the
password. If the password is omitted, then “” (an empty string) is the
assumed password for the connection.

■

host – Defines the IP address of the FTP server. Valid IP addresses consist of
four numbers, 0 to 255, separated by periods. DNS host names are not
recognized.

■

filedir – Defines the directory, relative to the FTP server root, where the
upgrade file can be found. Nested directory structures are accepted. The
directory name must be separated from the host, and in nested directory
structures, from the parent directory, with a prepended forward slash “/”.

■

/ – The forward slash must be the last character of the URL.

– 75 –

Chapter 3

Managing System Files

| Basic Management Tasks

Examples

The following examples demonstrate the URL syntax for a TFTP server at IP
address 192.168.0.1 with the operation code image stored in various locations:

■

tftp://192.168.0.1/

The image file is in the TFTP root directory.

■

tftp://192.168.0.1/switch-opcode/

The image file is in the “switch-opcode” directory, relative to the TFTP root.

■

tftp://192.168.0.1/switches/opcode/

The image file is in the “opcode” directory, which is within the “switches”
parent directory, relative to the TFTP root.

The following examples demonstrate the URL syntax for an FTP server at IP
address 192.168.0.1 with various user name, password and file location options
presented:

■

ftp://192.168.0.1/

The user name and password are empty, so “anonymous” will be the user
name and the password will be blank. The image file is in the FTP root
directory.

■

ftp://switches:upgrade@192.168.0.1/

The user name is “switches” and the password is “upgrade”. The image file is
in the FTP root.

■

ftp://switches:upgrade@192.168.0.1/switches/opcode/

The user name is “switches” and the password is “upgrade”. The image file is
in the “opcode” directory, which is within the “switches” parent directory,
relative to the FTP root.

Web Interface

To configure automatic code upgrade:

1. Click System, then File.

2. Select Automatic Operation Code Upgrade from the Action list.

3. Mark the check box to enable Automatic Opcode Upgrade.

4. Enter the URL of the FTP or TFTP server, and the path and directory containing

the operation code.

5. Click Apply.

– 76 –

Chapter 3

| Basic Management Tasks

Setting the System Clock

Figure 10: Configuring Automatic Code Upgrade

If a new image is found at the specified location, the following type of messages
will be displayed during bootup.

.
.
.

Automatic Upgrade is looking for a new image
New image detected: current version 1.2.1.3; new version 1.2.1.6
Image upgrade in progress
The switch will restart after upgrade succeeds
Downloading new image

Flash programming started
Flash programming completed
The switch will now restart
.

.
.

Setting the System Clock

Simple Network Time Protocol (SNTP) allows the switch to set its internal clock
based on periodic updates from a time server (SNTP or NTP). Maintaining an
accurate time on the switch enables the system log to record meaningful dates and
times for event entries. You can also manually set the clock. If the clock is not set
manually or via SNTP, the switch will only record the time from the factory default
set at the last bootup.

When the SNTP client is enabled, the switch periodically sends a request for a time
update to a configured time server. You can configure up to three time server IP
addresses. The switch will attempt to poll each server in the configured sequence.

– 77 –

Chapter 3

Setting the System Clock

| Basic Management Tasks

Setting the Time

Manually

Use the System > Time (Configure General - Manual) page to set the system time on
the switch manually without using SNTP.

Parameters

The following parameters are displayed:

◆ Current Time – Shows the current time set on the switch.

◆ Hours – Sets the hour. (Range: 0-23)

◆ Minutes – Sets the minute value. (Range: 0-59)

◆ Seconds – Sets the second value. (Range: 0-59)

◆ Month – Sets the month. (Range: 1-12)

◆ Day – Sets the day of the month. (Range: 1-31)

◆ Year – Sets the year. (Range: 1970-2037)

Web Interface

To manually set the system clock:

1. Click System, then Time.

2. Select Configure General from the Step list.

3. Select Manual from the Maintain Type list.

4. Enter the time and date in the appropriate fields.

5. Click Apply

Figure 11: Manually Setting the System Clock

– 78 –

Chapter 3

| Basic Management Tasks

Setting the System Clock

Setting the SNTP

Polling Interval

Use the System > Time (Configure General - SNTP) page to set the polling interval at
which the switch will query the specified time servers.

Parameters

The following parameters are displayed:

◆ Current Time – Shows the current time set on the switch.

◆ SNTP Polling Interval – Sets the interval between sending requests for a time

update from a time server. (Range: 16-16384 seconds; Default: 16 seconds)

Web Interface

To set the polling interval for SNTP:

1. Click System, then Time.

2. Select Configure General from the Step list.

3. Select SNTP from the Maintain Type list.

4. Modify the polling interval if required.

5. Click Apply

Figure 12: Setting the Polling Interval for SNTP

Configuring NTP Use the System > Time (Configure General - NTP) page to configure NTP

authentication and show the polling interval at which the switch will query the
specified time servers.

Parameters

The following parameters are displayed:

◆ Current Time – Shows the current time set on the switch.

◆ Authentication Status – Enables authentication for time requests and updates

between the switch and NTP servers. (Default: Disabled)

– 79 –

Chapter 3

Setting the System Clock

| Basic Management Tasks

You can enable NTP authentication to ensure that reliable updates are received
from only authorized NTP servers. The authentication keys and their associated
key number must be centrally managed and manually distributed to NTP
servers and clients. The key numbers and key values must match on both the
server and client.

◆ Polling Interval – Shows the interval between sending requests for a time

update from NTP servers. (Fixed: 1024 seconds)

Web Interface

To set the clock maintenance type to NTP:

1. Click System, then Time.

2. Select Configure General from the Step list.

3. Select NTP from the Maintain Type list.

4. Enable authentication if required.

Configuring

Time Servers

5. Click Apply

Figure 13: Configuring NTP

Use the System > Time (Configure Time Server) pages to specify the IP address for
NTP/SNTP time servers, or to set the authentication key for NTP time servers.

Specifying SNTP Time Servers

Use the System > Time (Configure Time Server – Configure SNTP Server) page to
specify the IP address for up to three SNTP time servers.

– 80 –

Chapter 3

Parameters

The following parameters are displayed:

◆ SNTP Server IP Address – Sets the IPv4 address for up to three time servers.

The switch attempts to update the time from the first server, if this fails it
attempts an update from the next server in the sequence.

Web Interface

To set the SNTP time servers:

| Basic Management Tasks

Setting the System Clock

1. Click System, then Time.

2. Select Configure Time Server from the Step list.

3. Select Configure SNTP Server from the Action list.

4. Enter the IP address of up to three time servers.

5. Click Apply.

Figure 14: Specifying SNTP Time Servers

Specifying NTP Time Servers

Use the System > Time (Configure Time Server – Add NTP Server) page to add the IP
address for up to 50 NTP time servers.

Parameters

The following parameters are displayed:

◆ NTP Server IP Address – Sets the IPv4 address for up to three time servers. The

switch will poll the specified time servers for updates when the clock
maintenance type is set to NTP on the System > Time (Configure General) page.
It issues time synchronization requests at a fixed interval of 1024 seconds. The
switch will poll all the time servers configured, the responses received are
filtered and compared to determine the most reliable and accurate time update
for the switch.

◆ Versi on – Specifies the NTP version supported by the server. (Fixed: Version 3)

– 81 –

Chapter 3

Setting the System Clock

| Basic Management Tasks

◆ Authentication Key – Specifies the number of the key in the NTP

Authentication Key List to use for authentication with the configured server.
NTP authentication is optional. If enabled on the System > Time (Configure
General) page, you must also configure at least one key on the System > Time
(Add NTP Authentication Key) page. (Range: 1-65535)

Web Interface

To add an NTP time server to the server list:

1. Click System, then Time.

2. Select Configure Time Server from the Step list.

3. Select Add NTP Server from the Action list.

4. Enter the IP address of an NTP time server, and specify the index of the

authentication key if authentication is required.

5. Click Apply.

Figure 15: Adding an NTP Time Server

To show the list of configured NTP time servers:

1. Click System, then Time.

2. Select Configure Time Server from the Step list.

3. Select Show NTP Server from the Action list.

Figure 16: Showing the NTP Time Server List

– 82 –

Chapter 3

| Basic Management Tasks

Setting the System Clock

Specifying NTP Authentication Keys

Use the System > Time (Configure Time Server – Add NTP Authentication Key) page
to add an entry to the authentication key list.

Parameters

The following parameters are displayed:

◆ Authentication Key – Specifies the number of the key in the NTP

Authentication Key List to use for authentication with a configured server. NTP
authentication is optional. When enabled on the System > Time (Configure
General) page, you must also configure at least one key on this page. Up to 255
keys can be configured on the switch. (Range: 1-65535)

◆ Key Context – An MD5 authentication key string. The key string can be up to

32 case-sensitive printable ASCII characters (no spaces).

NTP authentication key numbers and values must match on both the server
and client.

Web Interface

To add an entry to NTP authentication key list:

1. Click System, then Time.

2. Select Configure Time Server from the Step list.

3. Select Add NTP Authentication Key from the Action list.

4. Enter the index number and MD5 authentication key string.

5. Click Apply.

Figure 17: Adding an NTP Authentication Key

To show the list of configured NTP authentication keys:

1. Click System, then Time.

2. Select Configure Time Server from the Step list.

3. Select Show NTP Authentication Key from the Action list.

– 83 –

Chapter 3

Setting the System Clock

| Basic Management Tasks

Figure 18: Showing the NTP Authentication Key List

Setting the Time Zone Use the System > Time (Configure Time Zone) page to set the time zone. SNTP uses

Coordinated Universal Time (or UTC, formerly Greenwich Mean Time, or GMT)
based on the time at the Earth’s prime meridian, zero degrees longitude, which
passes through Greenwich, England. To display a time corresponding to your local
time, you must indicate the number of hours and minutes your time zone is east
(before) or west (after) of UTC. You can choose one of the 80 predefined time zone
definitions, or your can manually configure the parameters for your local time zone.

Parameters

The following parameters are displayed:

◆ Predefined Configuration – A drop-down box provides access to the 80

predefined time zone configurations. Each choice indicates it’s offset from UTC
and lists at least one major city or location covered by the time zone.

◆ User-defined Configuration – Allows the user to define all parameters of the

local time zone.

■

Direction – Configures the time zone to be before (east of) or after (west
of) UTC.

■

Name – Assigns a name to the time zone. (Range: 1-30 characters)

■

Hours (0-13) – The number of hours before or after UTC. The maximum
value before UTC is 12. The maximum value after UTC is 13.

■

Minutes (0-59) – The number of minutes before/after UTC.

Web Interface

To set your local time zone:

1. Click System, then Time.

2. Select Configure Time Zone from the Step list.

3. Set the offset for your time zone relative to the UTC in hours and minutes.

4. Click Apply.

– 84 –

Figure 19: Setting the Time Zone

Chapter 3

| Basic Management Tasks

Setting the System Clock

Configuring

Summer Time

Use the Summer Time page to set the system clock forward during the summer
months (also known as daylight savings time).

In some countries or regions, clocks are adjusted through the summer months so
that afternoons have more daylight and mornings have less. This is known as
Summer Time, or Daylight Savings Time (DST). Typically, clocks are adjusted
forward one hour at the start of spring and then adjusted backward in autumn.

Parameters

The following parameters are displayed in the web interface:

General Configuration

◆ Summer Time in Effect – Shows if the system time has been adjusted.

◆ Status – Shows if summer time is set to take effect during the specified period.

◆ Name – Name of the time zone while summer time is in effect, usually an

acronym. (Range: 1-30 characters)

◆ Mode – Selects one of the following configuration modes. (The Mode option

can only be managed when the Summer Time Status option has been set to
enabled for the switch.)

Predefined Mode – Configures the summer time status and settings for the switch
using predefined configurations for several major regions of the world. To specify
the time corresponding to your local time when summer time is in effect, select the
predefined summer-time zone appropriate for your location.

– 85 –

Chapter 3

Setting the System Clock

| Basic Management Tasks

Table 5: Predefined Summer-Time Parameters

Region Start Time, Day, Week, & Month End Time, Day, Week, & Month Rel.

Australia 00:00:00, Sunday, Week 5 of October 23:59:59, Sunday, Week 5 of March 60 min

Europe 00:00:00, Sunday, Week 5 of March 23:59:59, Sunday, Week 5 of October 60 min

New Zealand 00:00:00, Sunday, Week 1 of October 23:59:59, Sunday, Week 3 of March 60 min

USA 02:00:00, Sunday, Week 2 of March 02:00:00, Sunday, Week 1 of November 60 min

Offset

Date Mode – Sets the start, end, and offset times of summer time for the switch on a
one-time basis. This mode sets the summer-time zone relative to the currently
configured time zone. To specify a time corresponding to your local time when
summer time is in effect, you must indicate the number of minutes your summer­time zone deviates from your regular time zone.

◆ Offset – Summer-time offset from the regular time zone, in minutes.

(Range: 1-120 minutes)

◆ From – Start time for summer-time offset.

◆ To – End time for summer-time offset.

Recurring Mode – Sets the start, end, and offset times of summer time for the switch
on a recurring basis. This mode sets the summer-time zone relative to the currently
configured time zone. To specify a time corresponding to your local time when
summer time is in effect, you must indicate the number of minutes your summer­time zone deviates from your regular time zone.

◆ Offset – Summer-time offset from the regular time zone, in minutes.

(Range: 1-120 minutes)

◆ From – Start time for summer-time offset.

◆ To – End time for summer-time offset.

Web Interface

To specify summer time settings:

1. Click SNTP, Summer Time.

2. Select one of the configuration modes, configure the relevant attributes,

enable summer time status.

3. Click Apply.

– 86 –

Figure 20: Configuring Summer Time

Configuring the Console Port

Use the System > Console menu to configure connection parameters for the
switch’s console port. You can access the onboard configuration program by
attaching a VT100 compatible device to the switch’s serial console port.
Management access through the console port is controlled by various parameters,
including a password (only configurable through the CLI), time outs, and basic
communication settings. Note that these parameters can be configured via the
web or CLI interface.

Chapter 3

| Basic Management Tasks

Configuring the Console Port

Parameters

The following parameters are displayed:

◆ Login Timeout – Sets the interval that the system waits for a user to log into

the CLI. If a login attempt is not detected within the timeout interval, the
connection is terminated for the session. (Range: 10-300 seconds; Default: 300
seconds)

◆ Exec Timeout – Sets the interval that the system waits until user input is

detected. If user input is not detected within the timeout interval, the current
session is terminated. (Range: 60-65535 seconds; Default: 600 seconds)

◆ Password Threshold – Sets the password intrusion threshold, which limits the

number of failed logon attempts. When the logon attempt threshold is
reached, the system interface becomes silent for a specified amount of time
(set by the Silent Time parameter) before allowing the next logon attempt.
(Range:1-120;Default:3attempts)

◆ Silent Time – Sets the amount of time the management console is inaccessible

after the number of unsuccessful logon attempts has been exceeded.
(Range: 1-65535 seconds; Default: Disabled)

◆ Data Bits – Sets the number of data bits per character that are interpreted and

generated by the console port. If parity is being generated, specify 7 data bits

– 87 –

Chapter 3

Configuring the Console Port

| Basic Management Tasks

per character. If no parity is required, specify 8 data bits per character.
(Default: 8 bits)

◆ Stop Bits – Sets the number of the stop bits transmitted per byte.

(Range: 1-2; Default: 1 stop bit)

◆ Parity – Defines the generation of a parity bit. Communication protocols

provided by some terminals can require a specific parity bit setting. Specify
Even, Odd, or None. (Default: None)

◆ Speed – Sets the terminal line’s baud rate for transmit (to terminal) and receive

(from terminal). Set the speed to match the baud rate of the device connected
to the serial port. (Range: 9600, 19200, 38400, 57600, or 115200 baud;
Default: 115200 baud)

Note:

The password for the console connection can only be configured through

the CLI (see the “password” command in the CLI Reference Guide).

Note:

Password checking can be enabled or disabled for logging in to the console
connection (see the “login” command in the CLI Reference Guide). You can select
authentication by a single global password as configured for the password
command, or by passwords set up for specific user-name accounts. The default is
for local passwords configured on the switch.

Web Interface

To configure parameters for the console port:

1. Click System, then Console.

2. Specify the connection parameters as required.

3. Click Apply

Figure 21: Console Port Settings

– 88 –

Configuring Telnet Settings

Use the System > Telnet menu to configure parameters for accessing the CLI over a
Telnet connection. You can access the onboard configuration program over the
network using Telnet (i.e., a virtual terminal). Management access via Telnet can be
enabled/disabled and other parameters set, including the TCP port number, time
outs, and a password. Note that the password is only configurable through the CLI.)
These parameters can be configured via the web or CLI interface.

Parameters

The following parameters are displayed:

◆ Teln et St atu s – Enables or disables Telnet access to the switch.

(Default: Enabled)

◆ TCP Port – Sets the TCP port number for Telnet on the switch. (Range: 1-65535;

Default: 23)

Chapter 3

| Basic Management Tasks

Configuring Telnet Settings

◆ Max Sessions – Sets the maximum number of Telnet sessions that can

simultaneously connect to this system. (Range: 0-8; Default: 8)

A maximum of eight sessions can be concurrently opened for Telnet and
Secure Shell (i.e., both Telnet and SSH share a maximum number of eight
sessions).

◆ Login Timeout – Sets the interval that the system waits for a user to log into

the CLI. If a login attempt is not detected within the timeout interval, the
connection is terminated for the session. (Range: 10-300 seconds; Default: 300
seconds)

◆ Exec Timeout – Sets the interval that the system waits until user input is

detected. If user input is not detected within the timeout interval, the current
session is terminated. (Range: 60-65535 seconds; Default: 600 seconds)

◆ Password Threshold – Sets the password intrusion threshold, which limits the

number of failed logon attempts. When the logon attempt threshold is
reached, the system interface becomes silent for a specified amount of time
(set by the Silent Time parameter) before allowing the next logon attempt.
(Range:1-120;Default:3attempts)

◆ Silent Time – Sets the amount of time the management interface is

inaccessible after the number of unsuccessful logon attempts has been
exceeded. (Range: 1-65535 seconds; Default: Disabled)

Note:

The password for the Telnet connection can only be configured through the
CLI (see the “password” command in the CLI Reference Guide).

Note:

Password checking can be enabled or disabled for login to the console
connection (see the “login” command in the CLI Reference Guide). You can select

– 89 –

Chapter 3

Displaying CPU Utilization

| Basic Management Tasks

authentication by a single global password as configured for the password
command, or by passwords set up for specific user-name accounts. The default is
for local passwords configured on the switch.

Web Interface

To configure parameters for the console port:

1. Click System, then Telnet.

2. Specify the connection parameters as required.

3. Click Apply

Figure 22: Telnet Connection Settings

Displaying CPU Utilization

Use the System > CPU Utilization page to display information on CPU utilization.

Parameters

The following parameters are displayed:

◆ Time Interval – The interval at which to update the displayed utilization rate.

(Options: 1, 5, 10, 30, 60 seconds; Default: 1 second)

◆ CPU Utilization – CPU utilization over specified interval.

Web Interface

To display CPU utilization:

1. Click System, then CPU Utilization.

2. Change the update interval if required. Note that the interval is changed as

soon as a new setting is selected.

– 90 –

Figure 23: Displaying CPU Utilization

Chapter 3

| Basic Management Tasks

Configuring CPU Guard

Configuring CPU Guard

Use the System > CPU Guard page to set the CPU utilization high and low
watermarks in percentage of CPU time utilized and the CPU high and low
thresholds in the number of packets being processed per second.

Parameters

The following parameters are displayed:

◆ CPU Guard Status – Enables CPU Guard. (Default: Disabled)

◆ High Watermark – If the percentage of CPU usage time is higher than the

◆ Low Watermark – If packet flow has been stopped after exceeding the high

◆ Maximum Threshold – If the number of packets being processed by the CPU is

high-watermark, the switch stops packet flow to the CPU (allowing it to catch
up with packets already in the buffer) until usage time falls below the low
watermark. (Range: 40-100 %; Default: 90 %)

watermark, normal flow will be restored after Osage falls beneath the low
watermark. (Range: 40-100 %; Default: 70 %)

higher than the maximum threshold, the switch stops packet flow to the CPU
(allowing it to catch up with packets already in the buffer) until the number of
packets being processed falls below the minimum threshold. (Range: 50-500
pps; Default: 500 pps)

◆ Minimum Threshold – If packet flow has been stopped after exceeding the

maximum threshold, normal flow will be restored after usage falls beneath the
minimum threshold. (Range: 50-500 pps; Default: 50 pps)

– 91 –

Chapter 3

Displaying Memory Utilization

| Basic Management Tasks

◆ Trap Status – If enabled, an alarm message will be generated when utilization

exceeds the high watermark or exceeds the maximum threshold.
(Default: Disabled)

Once the high watermark is exceeded, utilization must drop beneath the low
watermark before the alarm is terminated, and then exceed the high
watermark again before another alarm is triggered.

Once the maximum threshold is exceeded, utilization must drop beneath the
minimum threshold before the alarm is terminated, and then exceed the
maximum threshold again before another alarm is triggered.

◆ Current Threshold – Shows the configured threshold in packets per second.

Web Interface

To configure CPU Guard:

1. Click System, CPU Guard.

2. Set CPU guard status, configure the watermarks or threshold parameter, enable

traps if required.

3. Click Apply.

Figure 24: Configuring CPU Guard

Displaying Memory Utilization

Use the System > Memory Status page to display memory utilization parameters.

Parameters

The following parameters are displayed:

◆ Free Size – The amount of memory currently free for use.

◆ Used Size – The amount of memory allocated to active processes.

– 92 –

◆ To ta l – The total amount of system memory.

Web Interface

To display memory utilization:

1. Click System, then Memory Status.

Figure 25: Displaying Memory Utilization

Chapter 3

| Basic Management Tasks

Resetting the System

Resetting the System

Use the System > Reset menu to restart the switch immediately, at a specified time,
after a specified delay, or at a periodic interval.

Command Usage

◆ This command resets the entire system.

◆ When the system is restarted, it will always run the Power-On Self-Test. It will

also retain all configuration information stored in non-volatile memory. (See

“Saving the Running Configuration to a Local File” on page 71).

Parameters

The following parameters are displayed:

System Reload Information

◆ Reload Settings – Displays information on the next scheduled reload and

selected reload mode as shown in the following example:

“The switch will be rebooted at March 9 12:00:00 2012. Remaining
Time: 0 days, 2 hours, 46 minutes, 5 seconds.
Reloading switch regularly time: 12:00 everyday.”

◆ Refresh – Refreshes reload information. Changes made through the console or

to system time may need to be refreshed to display the current settings.

◆ Cancel – Cancels the current settings shown in this field.

System Reload Configuration

◆ Reset Mode – Restarts the switch immediately or at the specified time(s).

– 93 –

Chapter 3

| Basic Management Tasks

Resetting the System

■

Immediately – Restarts the system immediately.

■

In – Specifies an interval after which to reload the switch. (The specified
time must be equal to or less than 24 days.)

■

hours – The number of hours, combined with the minutes, before the
switch resets. (Range: 0-576)

■

minutes – The number of minutes, combined with the hours, before the
switch resets. (Range: 0-59)

■

At – Specifies a time at which to reload the switch.

■

DD - The day of the month at which to reload. (Range: 01-31)

■

MM - The month at which to reload. (Range: 01-12)

■

YYYY - The year at which to reload. (Range: 1970-2037)

■

HH - The hour at which to reload. (Range: 00-23)

■

MM - The minute at which to reload. (Range: 00-59)

■

Regularly – Specifies a periodic interval at which to reload the switch.

Time

■

HH - The hour at which to reload. (Range: 00-23)

■

MM - The minute at which to reload. (Range: 00-59)

Period

■

Daily - Every day.

■

Weekly - Day of the week at which to reload.
(Range: Sunday ... Saturday)

■

Monthly

Web Interface

To restar t the switc h:

- Day of the month at which to reload. (Range: 1-31)

1. Click System, then Reset.

2. Select the required reset mode.

3. For any option other than to reset immediately, fill in the required parameters

4. Click Apply.

– 94 –

Chapter 3

| Basic Management Tasks

5. When prompted, confirm that you want reset the switch.

Figure 26: Restarting the Switch (Immediately)

Resetting the System

Figure 27: Restarting the Switch (In)

– 95 –

Chapter 3

Resetting the System

| Basic Management Tasks

Figure 28: Restarting the Switch (At)

Figure 29: Restarting the Switch (Regularly)

– 96 –

4 Interface Configuration

This chapter describes the following topics:

◆ Port Configuration – Configures connection settings, including auto-

negotiation, or manual setting of speed, duplex mode, and flow control.

◆ Displaying Statistics – Shows Interface, Etherlike, and RMON port statistics in

table or chart form.

◆ Displaying Statistical History – Displays statistical history for the specified

interfaces.

◆ Displaying Transceiver Data – Displays identifying information, and operational

parameters for optical transceivers which support DDM.

◆ Configuring Transceiver Thresholds – Configures thresholds for alarm and

warning messages for optical transceivers which support DDM.

◆ Cable Test – Performs cable diagnostics on the specified port.

◆ Trunk Configuration – Configures static or dynamic trunks.

◆ Saving Power – Adjusts the power provided to ports based on the length of the

cable used to connect to other devices.

◆ Local Port Mirroring – Sets the source and target ports for mirroring on the local

switch.

◆ Remote Port Mirroring – Configures mirroring of traffic from remote switches

for analysis at a destination port on the local switch.

◆ Flow Sampling – Configures periodic sampling of traffic flows.

◆ Traffic Segmentation – Configures the uplinks and down links to a segmented

group of ports.

– 97 –

Chapter 4

Port Configuration

| Interface Configuration

Port Configuration

This section describes how to configure port connections, mirror traffic from one
port to another, and run cable diagnostics.

Configuring by

Port List

Use the Interface > Port > General (Configure by Port List) page to enable/disable
an interface, set auto-negotiation and the interface capabilities to advertise, or
manually fix the speed, duplex mode, and flow control.

Command Usage

◆ Auto-negotiation must be disabled before you can configure or force a Gigabit

RJ-45 interface to use the Speed/Duplex mode or Flow Control options.

◆ When using auto-negotiation, the optimal settings will be negotiated between

the link partners based on their advertised capabilities. To set the speed, duplex
mode, or flow control under auto-negotiation, the required operation modes
must be specified in the capabilities list for an interface.

◆ The Speed/Duplex mode is fixed at 100full for 100BASE-FX transceivers,

1000full for Gigabit transceivers, and 10Gfull for 10 Gigabit transceivers. When
auto-negotiation is enabled, the only attributes which can be advertised
include flow control and symmetric pause frames.

◆ The 1000BASE-T standard does not support forced mode. Auto-negotiation

should always be used to establish a connection over any 1000BASE-T port or
trunk. If not used, the success of the link process cannot be guaranteed when
connecting to other types of switches.

Note:

Auto-negotiation is not supported for 1000BASE SFP transceivers.

Parameters

These parameters are displayed:

◆ Port – Port identifier. (Range: 1-26/52)

◆ Typ e – Indicates the port type. (1000BASE-T, 1000BASE SFP, 10GBASE SFP+)

◆ Name – Allows you to label an interface. (Range: 1-64 characters)

◆ Admin – Allows you to manually disable an interface. You can disable an

interface due to abnormal behavior (e.g., excessive collisions), and then re­enable it after the problem has been resolved. You may also disable an
interface for security reasons. (Default: Enabled)

◆ Autonegotiation (Port Capabilities) – Allows auto-negotiation to be enabled/

disabled. When auto-negotiation is enabled, you need to specify the

– 98 –

Chapter 4

| Interface Configuration

Port Configuration

capabilities to be advertised. When auto-negotiation is disabled, you can force
the settings for speed, mode, and flow control.The following capabilities are
supported.

■

10h - Supports 10 Mbps half-duplex operation.

■

10f - Supports 10 Mbps full-duplex operation.

■

100h - Supports 100 Mbps half-duplex operation.

■

100f - Supports 100 Mbps full-duplex operation.

■

1000f - Supports 1000 Mbps full-duplex operation.

■

Sym - Symmetric exchange of transmit and receive pause frames.

■

FC - Flow control can eliminate frame loss by “blocking” traffic from end
stations or segments connected directly to the switch when its buffers fill.
When enabled, back pressure is used for half-duplex operation and IEEE

802.3-2005 (formally IEEE 802.3x) for full-duplex operation.

Default: Autonegotiation enabled;
Advertised capabilities for

100BASE-FX (SFP) – 100full
1000BASE-T – 10half, 10full, 100half, 100full, 1000full
1000BASE-SX/LX/LHX/ZX (SFP) – 1000full
10GBASE- CR/SR/LR/LRM (SFP+) – 10Gfull

◆ Speed/Duplex – Allows you to manually set the port speed and duplex mode.

(i.e., with auto-negotiation disabled)

◆ Flow Control – Allows automatic or manual selection of flow control.

(Default: Enabled)

◆ Link Up Down Trap – Issues a notification message whenever a port link is

established or broken. (Default: Disabled)

Web Interface

To configure port connection parameters:

1. Click Interface, Port, General.

2. Select Configure by Port List from the Action List.

3. Modify the required interface settings.

4. Click Apply.

– 99 –

Chapter 4

Port Configuration

| Interface Configuration

Figure 30: Configuring Connections by Port List

Configuring by

Port Range

Use the Interface > Port > General (Configure by Port Range) page to enable/
disable an interface, set auto-negotiation and the interface capabilities to
advertise, or manually fix the speed, duplex mode, and flow control.

Parameters

Except for the trap command, refer to “Configuring by Port List” on page 98 for
more information on command usage and a description of the parameters.

Web Interface

To configure port connection parameters:

1. Click Interface, Port, General.

2. Select Configure by Port Range from the Action List.

3. Enter a range of ports to which your configuration changes apply.

4. Modify the required interface settings.

5. Click Apply.

– 100 –