Level One GTL-2872 User Manual

Page 1
GTL-2872
28-Port L3 Lite Managed Gigabit Fiber Switch
Web Management Guide
V1.0
Digital Data Communications Asia Co., Ltd.
http://www.level1.com
Page 2
Web Management Guide
28-Port L3 Lite Managed Gigabit Fiber Switch with 20 100/1000 SFP Ports, 4 10/100/1000 BASE-T (RJ-45) / 100/1000 SFP Combo Ports, 4 10 Gigabit SFP+ Ports , and DC Power Supply
E112017-KS-R01
Page 3

How to Use This Guide

This guide includes detailed information on the switch software, including how to operate and use the management functions of the switch. To deploy this switch effectively and ensure trouble-free operation, you should first read the relevant sections in this guide so that you are familiar with all of its software features.
Who Should Read This
Guide?
How This Guide is
Organized
Related
Documentation
This guide is for network administrators who are responsible for operating and maintaining network equipment. The guide assumes a basic working knowledge of LANs (Local Area Networks), the Internet Protocol (IP), and Simple Network Management Protocol (SNMP).
This guide describes the switch’s web browser interface. For more detailed information on the switch’s key features refer to the Administrator’s Guide.
The guide includes these sections:
Section I “Getting Started” — Includes an introduction to switch management,
?
and the basic settings required to access the management interface.
Section II “Web Configuration” — Includes all management options available
?
through the web browser interface.
Section III “Ap pe nd ices” — Includes information on troubleshooting switch
?
management access.
This guide focuses on switch software configuration through the web browser.
For information on how to manage the switch through the command line interface, see the following guide:
CLI Reference Guide
Note:
For a description of how to initialize the switch for management access via the CLI, web interface or SNMP, refer to “Initial Switch Configuration” in the CLI Reference Guide.
– 3 –
Page 4
How to Use This Guide
Conventions The following conventions are used throughout this guide to show information:
For information on how to install the switch, see the following guide:
Installation Guide
For all safety information and regulatory statements, see the following documents:
Quick Start Guide Safety and Regulatory Information
Note:
Emphasizes important information or calls your attention to related features or instructions.
Caution:
the system or equipment.
Alerts you to a potential hazard that could cause loss of data, or damage
Revision History This section summarizes the changes in each revision of this guide.
Revision Date Change Description
v1.0.2.32 11/2017 Initial release
– 4 –
Page 5

Contents

How to Use This Guide 3
Contents 5
Figures 17
Tables 31
Section I Getting Started 33
1 Introduction 35
Key Features 35
Description of Software Features 36
Address Resolution Protocol 40
Operation, Administration, and Maintenance 41
Multicast Filtering 41
Link Layer Discovery Protocol 41
System Defaults 42
Section II Web Configuration 45
2 Using the Web Interface 47
Connecting to the Web Interface 47
Navigating the Web Browser Interface 48
Dashboard 48
Home Page 50
Configuration Options 50
Panel Display 51
Main Menu 52
3 Basic Management Tasks 73
– 5 –
Page 6
Contents
Displaying System Information 74
Displaying Hardware/Software Versions 75
Configuring Support for Jumbo Frames 76
Displaying Bridge Extension Capabilities 77
Managing System Files 79
Copying Files via FTP/ TFTP or HTTP 79
Saving the Running Configuration to a Local File 81
Setting the Start-up File 82
Showing System Files 83
Automatic Operation Code Upgrade 83
Setting the System Clock 87
Setting the Time Manually 88
Setting the SNTP Polling Interval 89
Configuring NTP 89
Configuring Time Servers 90
Setting the Time Zone 94
Configuring Summer Time 95
Configuring the Console Port 97
Configuring Telnet Settings 99
Displaying CPU Utilization 100
Configuring CPU Guard 101
Displaying Memory Utilization 102
Resetting the System 103
4 Interface Configuration 107
Port Configuration 108
Configuring by Port List 108
Configuring by Port Range 111
Displaying Connection Status 112
Showing Port or Trunk Statistics 113
Displaying Statistical History 118
Transceiver Data and Thresholds 122
Displaying Transceiver Data 122
Configuring Transceiver Thresholds 123
Performing Cable Diagnostics 125
– 6 –
Page 7
Contents
Trunk Configuration 127
Configuring a Static Trunk 128
Configuring a Dynamic Trunk 131
Displaying LACP Port Counters 137
Displaying LACP Settings and Status for the Local Side 138
Displaying LACP Settings and Status for the Remote Side 140
Configuring Load Balancing 141
Saving Power 143
Configuring Local Port Mirroring 144
Configuring Remote Port Mirroring 146
Sampling Traffic Flows 150
Configuring sFlow Receiver Settings 151
Configuring an sFlow Polling Instance 153
Traffic Segmentation 155
Enabling Traffic Segmentation 155
Configuring Uplink and Downlink Ports 156
VLAN Trunking 158
5 VLAN Configuration 161
IEEE 802.1Q VLANs 161
Configuring VLAN Groups 165
Adding Static Members to VLANs 167
Configuring Dynamic VLAN Registration 172
IEEE 802.1Q Tunneling 175
Enabling QinQ Tunneling on the Switch 179
Creating CVLAN to SPVLAN Mapping Entries 180
Adding an Interface to QinQ Tunnel 182
L2PT Tunneling 183
Configuring the L2PT Tunnel Address 185
Enabling L2PT for Selected Interfaces 186
Protocol VLANs 187
Configuring Protocol VLAN Groups 188
Mapping Protocol Groups to Interfaces 189
Configuring IP Subnet VLANs 191
Configuring MAC-based VLANs 193
– 7 –
Page 8
Contents
Configuring VLAN Translation 195
6 Address Table Settings 199
Dynamic Address Cache 199
Displaying the Dynamic Address Table 199
Clearing the Dynamic Address Table 200
Changing the Aging Time 201
Configuring MAC Address Learning 202
Setting Static Addresses 203
Issuing MAC Address Traps 205
7 Spanning Tree Algorithm 207
Overview 207
Configuring Loopback Detection 210
Configuring Global Settings for STA 211
Displaying Global Settings for STA 217
Configuring Interface Settings for STA 218
Displaying Interface Settings for STA 222
Configuring Multiple Spanning Trees 225
Configuring Interface Settings for MSTP 229
8 Congestion Control 233
Rate Limiting 233
Storm Control 234
Automatic Traffic Control 236
Setting the ATC Timers 238
Configuring ATC Thresholds and Responses 239
9 Class of Service 243
Layer 2 Queue Settings 243
Setting the Default Priority for Interfaces 243
Selecting the Queue Mode 244
Mapping CoS Values to Egress Queues 247
Layer 3/4 Priority Settings 250
Setting Priority Processing to IP Precedence/DSCP or CoS 250
Mapping Ingress DSCP Values to Internal DSCP Values 251
Mapping CoS Priorities to Internal DSCP Values 254
– 8 –
Page 9
Contents
Mapping Internal DSCP Values to Egress CoS Values 256
Mapping IP Precedence Values to Internal DSCP Values 258
Mapping IP Port Priority to Internal DSCP Values 260
10 Quality of Service 263
Overview 263
Configuring a Class Map 264
Creating QoS Policies 267
Attaching a Policy Map to a Port 277
11 VoIP Traffic Configuration 279
Overview 279
Configuring VoIP Traffic 280
Configuring Telephony OUI 281
Configuring VoIP Traffic Ports 282
12 Security Measures 285
AAA Authentication, Authorization and Accounting 286
Configuring Local/Remote Logon Authentication 287
Configuring Remote Logon Authentication Servers 288
Configuring AAA Accounting 293
Configuring AAA Authorization 298
Configuring User Accounts 301
Web Authentication 303
Configuring Global Settings for Web Authentication 303
Configuring Interface Settings for Web Authentication 304
Network Access (MAC Address Authentication) 306
Configuring Global Settings for Network Access 308
Configuring Network Access for Ports 309
Configuring Port Link Detection 311
Configuring a MAC Address Filter 312
Displaying Secure MAC Address Information 314
Configuring HTTPS 315
Configuring Global Settings for HTTPS 315
Replacing the Default Secure-site Certificate 317
Configuring the Secure Shell 318
– 9 –
Page 10
Contents
Configuring the SSH Server 321
Generating the Host Key Pair 322
Importing User Public Keys 324
Access Control Lists 326
Showing TCAM Utilization 327
Setting the ACL Name and Type 329
Configuring a Standard IPv4 ACL 331
Configuring an Extended IPv4 ACL 332
Configuring a Standard IPv6 ACL 335
Configuring an Extended IPv6 ACL 336
Configuring a MAC ACL 338
Configuring an ARP ACL 340
Binding a Port to an Access Control List 342
Showing ACL Hardware Counters 343
Filtering IP Addresses for Management Access 344
Configuring Port Security 346
Configuring 802.1X Port Authentication 349
Configuring 802.1X Global Settings 350
Configuring Port Authenticator Settings for 802.1X 351
Displaying 802.1X Statistics 355
DoS Protection 357
DHCPv4 Snooping 358
DHCP Snooping Global Configuration 361
DHCP Snooping VLAN Configuration 363
Configuring Interfaces for DHCP Snooping 364
Displaying DHCP Snooping Binding Information 366
DHCPv6 Snooping 367
DHCPv6 Snooping Global Configuration 369
DHCPv6 Snooping VLAN Configuration 371
Configuring Interfaces for DHCPv6 Snooping 372
Displaying DHCPv6 Snooping Binding Information 374
Displaying DHCPv6 Snooping Statistics 375
IPv4 Source Guard 376
Configuring Ports for IPv4 Source Guard 376
Configuring Static Bindings for IPv4 Source Guard 378
– 10 –
Page 11
Contents
Displaying Information for Dynamic IPv4 Source Guard Bindings 381
IPv6 Source Guard 382
Configuring Ports for IPv6 Source Guard 382
Configuring Static Bindings for IPv6 Source Guard 384
Displaying Information for Dynamic IPv6 Source Guard Bindings 387
ARP Inspection 388
Configuring Global Settings for ARP Inspection 389
Configuring VLAN Settings for ARP Inspection 391
Configuring Interface Settings for ARP Inspection 392
Displaying ARP Inspection Statistics 394
Displaying the ARP Inspection Log 395
Application Filter 396
13 Basic Administration Protocols 397
Configuring Event Logging 398
System Log Configuration 398
Remote Log Configuration 400
Sending Simple Mail Transfer Protocol Alerts 401
Link Layer Discovery Protocol 403
Setting LLDP Timing Attributes 403
Configuring LLDP Interface Attributes 405
Configuring LLDP Interface Civic-Address 409
Displaying LLDP Local Device Information 411
Displaying LLDP Remote Device Information 415
Displaying Device Statistics 423
Simple Network Management Protocol 424
Configuring Global Settings for SNMP 427
Setting Community Access Strings 427
Setting the Local Engine ID 429
Specifying a Remote Engine ID 430
Setting SNMPv3 Views 431
Configuring SNMPv3 Groups 434
Configuring Local SNMPv3 Users 440
Configuring Remote SNMPv3 Users 442
Specifying Trap Managers 445
– 11 –
Page 12
Contents
Creating SNMP Notification Logs 449
Showing SNMP Statistics 451
Remote Monitoring 453
Configuring RMON Alarms 453
Configuring RMON Events 456
Configuring RMON History Samples 458
Configuring RMON Statistical Samples 461
Switch Clustering 463
Configuring General Settings for Clusters 464
Cluster Member Configuration 465
Managing Cluster Members 467
Setting a Time Range 468
Ethernet Ring Protection Switching 470
ERPS Global Configuration 475
ERPS Ring Configuration 475
ERPS Forced and Manual Mode Operations 491
OAM Configuration 495
Enabling OAM on Local Ports 495
Displaying Statistics for OAM Messages 498
Displaying the OAM Event Log 498
Displaying the Status of Remote Interfaces 499
Configuring a Remote Loopback Test 500
Displaying Results of Remote Loopback Testing 502
Connectivity Fault Management 503
Configuring Global Settings for CFM 507
Configuring Interfaces for CFM 510
Configuring CFM Maintenance Domains 511
Configuring CFM Maintenance Associations 515
Configuring Maintenance End Points 520
Configuring Remote Maintenance End Points 521
Transmitting Link Trace Messages 523
Transmitting Loop Back Messages 525
Transmitting Delay-Measure Requests 527
Displaying Local MEPs 529
Displaying Details for Local MEPs 530
– 12 –
Page 13
Contents
Displaying Local MIPs 532
Displaying Remote MEPs 533
Displaying Details for Remote MEPs 534
Displaying the Link Trace Cache 536
Displaying Fault Notification Settings 537
Displaying Continuity Check Errors 538
OAM Configuration 539
Enabling OAM on Local Ports 539
Displaying Statistics for OAM Messages 542
Displaying the OAM Event Log 543
Displaying the Status of Remote Interfaces 544
Configuring a Remote Loopback Test 545
Displaying Results of Remote Loopback Testing 547
UDLD Configuration 548
Configuring UDLD Protocol Intervals 549
Configuring UDLD Interface Settings 550
Displaying UDLD Neighbor Information 552
LBD Configuration 553
Configuring Global Settings for LBD 554
Configuring Interface Settings for LBD 556
14 Multicast Filtering 557
Overview 557
Layer 2 IGMP (Snooping and Query for IPv4) 558
Configuring IGMP Snooping and Query Parameters 560
Specifying Static Interfaces for a Multicast Router 564
Assigning Interfaces to Multicast Services 566
Setting IGMP Snooping Status per Interface 568
Filtering IGMP Query Packets and Multicast Data 574
Displaying Multicast Groups Discovered by IGMP Snooping 575
Displaying IGMP Snooping Statistics 576
Filtering and Throttling IGMP Groups 580
Enabling IGMP Filtering and Throttling 581
Configuring IGMP Filter Profiles 581
Configuring IGMP Filtering and Throttling for Interfaces 584
– 13 –
Page 14
Contents
MLD Snooping (Snooping and Query for IPv6) 585
Configuring MLD Snooping and Query Parameters 586
Setting Immediate Leave Status for MLD Snooping per Interface 587
Specifying Static Interfaces for an IPv6 Multicast Router 588
Assigning Interfaces to IPv6 Multicast Services 590
Showing MLD Snooping Groups and Source List 592
Displaying MLD Snooping Statistics 593
Multicast VLAN Registration for IPv4 601
Configuring MVR Global Settings 603
Configuring MVR Domain Settings 605
Configuring MVR Group Address Profiles 606
Configuring MVR Interface Status 609
Assigning Static MVR Multicast Groups to Interfaces 611
Displaying MVR Receiver Groups 613
Displaying MVR Statistics 614
Multicast VLAN Registration for IPv6 618
Configuring MVR6 Global Settings 619
Configuring MVR6 Domain Settings 621
Configuring MVR6 Group Address Profiles 622
Configuring MVR6 Interface Status 625
Assigning Static MVR6 Multicast Groups to Interfaces 627
Displaying MVR6 Receiver Groups 629
Displaying MVR6 Statistics 630
15 Basic IP Functions 635
Using the Ping Function 635
Using the Trace Route Function 637
Address Resolution Protocol 638
Basic ARP Configuration 639
Configuring Static ARP Addresses 640
Displaying Dynamic or Local ARP Entries 642
Displaying ARP Statistics 642
16 IP Configuration 645
Setting the Switch’s IP Address (IP Version 4) 645
Configuring IPv4 Interface Settings 645
– 14 –
Page 15
Contents
Setting the Switch’s IP Address (IP Version 6) 649
Configuring the IPv6 Default Gateway 649
Configuring IPv6 Interface Settings 650
Configuring an IPv6 Address 655
Showing IPv6 Addresses 658
Showing the IPv6 Neighbor Cache 659
Showing IPv6 Statistics 660
Showing the MTU for Responding Destinations 666
17 General IP Routing 667
Overview 667
Initial Configuration 667
IP Routing and Switching 668
Routing Path Management 669
Routing Protocols 669
Configuring IP Routing Interfaces 670
Configuring Local and Remote Interfaces 670
Configuring Static Routes 671
Displaying the Routing Table 672
18 IP Services 675
Domain Name Service 675
Configuring General DNS Service Parameters 675
Configuring a List of Domain Names 676
Configuring a List of Name Servers 678
Configuring Static DNS Host to Address Entries 679
Displaying the DNS Cache 680
Dynamic Host Configuration Protocol 681
Specifying a DHCP Client Identifier 681
Configuring DHCP Layer 3 Relay Service 683
Configuring DHCP L2 Relay Service with Option 82 684
Enabling DHCP Dynamic Provision 688
Configuring the PPPoE Intermediate Agent 689
Configuring PPPoE IA Global Settings 689
Configuring PPPoE IA Interface Settings 690
Showing PPPoE IA Statistics 692
– 15 –
Page 16
Contents
Section III Appendices 695
A Software Specifications 697
Software Features 697
Management Features 699
Standards 699
Management Information Bases 700
B Troubleshooting 703
Problems Accessing the Management Interface 703
Using System Logs 704
C License Information 705
The GNU General Public License 705
Glossary 709
Index 717
– 16 –
Page 17

Figures

Figure 1: Dashboard 48
Figure 2: Home Page 50
Figure 3: Front Panel Indicators 51
Figure 4: System Information 74
Figure 5: General Switch Information 76
Figure 6: Configuring Support for Jumbo Frames 77
Figure 7: Displaying Bridge Extension Configuration 78
Figure 8: Copy Firmware 80
Figure 9: Saving the Running Configuration 82
Figure 10: Setting Start-Up Files 82
Figure 11: Displaying System Files 83
Figure 12: Configuring Automatic Code Upgrade 87
Figure 13: Manually Setting the System Clock 88
Figure 14: Setting the Polling Interval for SNTP 89
Figure 15: Configuring NTP 90
Figure 16: Specifying SNTP Time Servers 91
Figure 17: Adding an NTP Time Server 92
Figure 18: Showing the NTP Time Server List 92
Figure 19: Adding an NTP Authentication Key 93
Figure 20: Showing the NTP Authentication Key List 94
Figure 21: Setting the Time Zone 95
Figure 22: Configuring Summer Time 97
Figure 23: Console Port Settings 98
Figure 24: Telnet Connection Settings 100
Figure 25: Displaying CPU Utilization 101
Figure 26: Configuring CPU Guard 102
Figure 27: Displaying Memory Utilization 103
Figure 28: Restarting the Switch (Immediately) 105
Figure 29: Restarting the Switch (In) 105
– 17 –
Page 18
Figures
Figure 30: Restarting the Switch (At) 106
Figure 31: Restarting the Switch (Regularly) 106
Figure 32: Configuring Connections by Port List 111
Figure 33: Configuring Connections by Port Range 112
Figure 34: Displaying Port Information 113
Figure 35: Showing Port Statistics (Table) 117
Figure 36: Showing Port Statistics (Chart) 117
Figure 37: Configuring a History Sample 119
Figure 38: Showing Entries for History Sampling 120
Figure 39: Showing Status of Statistical History Sample 120
Figure 40: Showing Current Statistics for a History Sample 121
Figure 41: Showing Ingress Statistics for a History Sample 122
Figure 42: Displaying Transceiver Data 123
Figure 43: Configuring Transceiver Thresholds 125
Figure 44: Performing Cable Tests 127
Figure 45: Configuring Static Trunks 128
Figure 46: Creating Static Trunks 129
Figure 47: Adding Static Trunks Members 130
Figure 48: Configuring Connection Parameters for a Static Trunk 130
Figure 49: Showing Information for Static Trunks 131
Figure 50: Configuring Dynamic Trunks 131
Figure 51: Configuring the LACP Aggregator Admin Key 134
Figure 52: Enabling LACP on a Port 135
Figure 53: Configuring LACP Parameters on a Port 135
Figure 54: Showing Members of a Dynamic Trunk 136
Figure 55: Configuring Connection Settings for a Dynamic Trunk 136
Figure 56: Displaying Connection Parameters for Dynamic Trunks 137
Figure 57: Displaying LACP Port Counters 138
Figure 58: Displaying LACP Port Internal Information 139
Figure 59: Displaying LACP Port Remote Information 141
Figure 60: Configuring Load Balancing 142
Figure 61: Enabling Power Savings 144
Figure 62: Configuring Local Port Mirroring 144
Figure 63: Configuring Local Port Mirroring 145
Figure 64: Displaying Local Port Mirror Sessions 146
– 18 –
Page 19
Figures
Figure 65: Configuring Remote Port Mirroring 146
Figure 66: Configuring Remote Port Mirroring (Source) 149
Figure 67: Configuring Remote Port Mirroring (Intermediate) 150
Figure 68: Configuring Remote Port Mirroring (Destination) 150
Figure 69: Configuring an sFlow Receiver 152
Figure 70: Showing sFlow Receivers 153
Figure 71: Configuring an sFlow Instance 154
Figure 72: Showing sFlow Instances 154
Figure 73: Enabling Traffic Segmentation 156
Figure 74: Configuring Members for Traffic Segmentation 157
Figure 75: Showing Traffic Segmentation Members 158
Figure 76: Configuring VLAN Trunking 158
Figure 77: Configuring VLAN Trunking 159
Figure 78: VLAN Compliant and VLAN Non-compliant Devices 163
Figure 79: Using GVRP 164
Figure 80: Creating Static VLANs 166
Figure 81: Modifying Settings for Static VLANs 167
Figure 82: Showing Static VLANs 167
Figure 83: Configuring Static Members by VLAN Index 170
Figure 84: Configuring Static VLAN Members by Interface 171
Figure 85: Configuring Static VLAN Members by Interface Range 171
Figure 86: Configuring Global Status of GVRP 173
Figure 87: Configuring GVRP for an Interface 174
Figure 88: Showing Dynamic VLANs Registered on the Switch 174
Figure 89: Showing the Members of a Dynamic VLAN 175
Figure 90: QinQ Operational Concept 176
Figure 91: Enabling QinQ Tunneling 180
Figure 92: Configuring CVLAN to SPVLAN Mapping Entries 181
Figure 93: Showing CVLAN to SPVLAN Mapping Entries 181
Figure 94: Adding an Interface to a QinQ Tunnel 183
Figure 95: Configuring the L2PT Tunnel Address 186
Figure 96: Enabling L2PT on Required Interfaces 187
Figure 97: Configuring Protocol VLANs 189
Figure 98: Displaying Protocol VLANs 189
Figure 99: Assigning Interfaces to Protocol VLANs 190
– 19 –
Page 20
Figures
Figure 100: Showing the Interface to Protocol Group Mapping 191
Figure 101: Configuring IP Subnet VLANs 193
Figure 102: Showing IP Subnet VLANs 193
Figure 103: Configuring MAC-Based VLANs 194
Figure 104: Showing MAC-Based VLANs 195
Figure 105: Configuring VLAN Translation 195
Figure 106: Configuring VLAN Translation 196
Figure 107: Showing the Entries for VLAN Translation 197
Figure 108: Displaying the Dynamic MAC Address Table 200
Figure 109: Clearing Entries in the Dynamic MAC Address Table 201
Figure 110: Setting the Address Aging Time 202
Figure 111: Configuring MAC Address Learning 203
Figure 112: Configuring Static MAC Addresses 204
Figure 113: Displaying Static MAC Addresses 205
Figure 114: Issuing MAC Address Traps (Global Configuration) 206
Figure 115: Issuing MAC Address Traps (Interface Configuration) 206
Figure 116: STP Root Ports and Designated Ports 208
Figure 117: MSTP Region, Internal Spanning Tree, Multiple Spanning Tree 209
Figure 118: Spanning Tree – Common Internal, Common, Internal 209
Figure 119: Configuring Port Loopback Detection 211
Figure 120: Configuring Global Settings for STA (STP) 215
Figure 121: Configuring Global Settings for STA (RSTP) 216
Figure 122: Configuring Global Settings for STA (MSTP) 216
Figure 123: Displaying Global Settings for STA 218
Figure 124: Determining the Root Port 219
Figure 125: Configuring Interface Settings for STA 222
Figure 126: STA Port Roles 224
Figure 127: Displaying Interface Settings for STA 225
Figure 128: Creating an MST Instance 226
Figure 129: Displaying MST Instances 227
Figure 130: Modifying the Priority for an MST Instance 227
Figure 131: Displaying Global Settings for an MST Instance 228
Figure 132: Adding a VLAN to an MST Instance 228
Figure 133: Displaying Members of an MST Instance 229
Figure 134: Configuring MSTP Interface Settings 230
– 20 –
Page 21
Figures
Figure 135: Displaying MSTP Interface Settings 231
Figure 136: Configuring Rate Limits 234
Figure 137: Configuring Storm Control 236
Figure 138: Storm Control by Limiting the Traffic Rate 236
Figure 139: Storm Control by Shutting Down a Port 237
Figure 140: Configuring ATC Timers 239
Figure 141: Configuring ATC Interface Attributes 241
Figure 142: Setting the Default Port Priority 244
Figure 143: Setting the Queue Mode (Strict) 246
Figure 144: Setting the Queue Mode (WRR) 246
Figure 145: Setting the Queue Mode (Strict and WRR) 247
Figure 146: Mapping CoS Values to Egress Queues 249
Figure 147: Showing CoS Values to Egress Queue Mapping 249
Figure 148: Setting the Trust Mode 251
Figure 149: Configuring DSCP to DSCP Internal Mapping 253
Figure 150: Showing DSCP to DSCP Internal Mapping 253
Figure 151: Configuring CoS to DSCP Internal Mapping 255
Figure 152: Showing CoS to DSCP Internal Mapping 255
Figure 153: Configuring DSCP to CoS Egress Mapping 257
Figure 154: Showing DSCP to CoS Egress Mapping 257
Figure 155: Configuring IP Precedence to DSCP Internal Mapping 259
Figure 156: Showing the IP Precedence to DSCP Internal Map 260
Figure 157: Configuring IP Port Number to DSCP Internal Mapping 261
Figure 158: Showing IP Port Number to DSCP Internal Mapping 262
Figure 159: Configuring a Class Map 265
Figure 160: Showing Class Maps 266
Figure 161: Adding Rules to a Class Map 267
Figure 162: Showing the Rules for a Class Map 267
Figure 163: Configuring a Policy Map 275
Figure 164: Showing Policy Maps 275
Figure 165: Adding Rules to a Policy Map 276
Figure 166: Showing the Rules for a Policy Map 276
Figure 167: Attaching a Policy Map to a Port 278
Figure 168: Configuring a Voice VLAN 281
Figure 169: Configuring an OUI Telephony List 282
– 21 –
Page 22
Figures
Figure 170: Showing an OUI Telephony List 282
Figure 171: Configuring Port Settings for a Voice VLAN 284
Figure 172: Configuring the Authentication Sequence 288
Figure 173: Authentication Server Operation 288
Figure 174: Configuring Remote Authentication Server (RADIUS) 291
Figure 175: Configuring Remote Authentication Server (TACACS+) 292
Figure 176: Configuring AAA Server Groups 292
Figure 177: Showing AAA Server Groups 293
Figure 178: Configuring Global Settings for AAA Accounting 295
Figure 179: Configuring AAA Accounting Methods 296
Figure 180: Showing AAA Accounting Methods 296
Figure 181: Configuring AAA Accounting Service for 802.1X Service 297
Figure 182: Configuring AAA Accounting Service for Exec Service 297
Figure 183: Displaying a Summary of Applied AAA Accounting Methods 297
Figure 184: Displaying Statistics for AAA Accounting Sessions 298
Figure 185: Configuring AAA Authorization Methods 299
Figure 186: Showing AAA Authorization Methods 300
Figure 187: Configuring AAA Authorization Methods for Exec Service 300
Figure 188: Displaying the Applied AAA Authorization Method 301
Figure 189: Configuring User Accounts 302
Figure 190: Showing User Accounts 303
Figure 191: Configuring Global Settings for Web Authentication 304
Figure 192: Configuring Interface Settings for Web Authentication 305
Figure 193: Configuring Global Settings for Network Access 309
Figure 194: Configuring Interface Settings for Network Access 311
Figure 195: Configuring Link Detection for Network Access 312
Figure 196: Configuring a MAC Address Filter for Network Access 313
Figure 197: Showing the MAC Address Filter Table for Network Access 313
Figure 198: Showing Addresses Authenticated for Network Access 315
Figure 199: Configuring HTTPS 317
Figure 200: Downloading the Secure-Site Certificate 318
Figure 201: Configuring the SSH Server 322
Figure 202: Generating the SSH Host Key Pair 323
Figure 203: Showing the SSH Host Key Pair 324
Figure 204: Copying the SSH User’s Public Key 325
– 22 –
Page 23
Figures
Figure 205: Showing the SSH User’s Public Key 326
Figure 206: Showing TCAM Utilization 329
Figure 207: Creating an ACL 330
Figure 208: Showing a List of ACLs 331
Figure 209: Configuring a Standard IPv4 ACL 332
Figure 210: Configuring an Extended IPv4 ACL 335
Figure 211: Configuring a Standard IPv6 ACL 336
Figure 212: Configuring an Extended IPv6 ACL 338
Figure 213: Configuring a MAC ACL 340
Figure 214: Configuring a ARP ACL 342
Figure 215: Binding a Port to an ACL 343
Figure 216: Showing ACL Statistics 344
Figure 217: Creating an IP Address Filter for Management Access 346
Figure 218: Showing IP Addresses Authorized for Management Access 346
Figure 219: Configuring Port Security 348
Figure 220: Configuring Port Authentication 349
Figure 221: Configuring Global Settings for 802.1X Port Authentication 351
Figure 222: Configuring Interface Settings for 802.1X Port Authenticator 355
Figure 223: Showing Statistics for 802.1X Port Authenticator 357
Figure 224: Protecting Against DoS Attacks 358
Figure 225: Configuring Global Settings for DHCP Snooping 363
Figure 226: Configuring DHCP Snooping on a VLAN 364
Figure 227: Configuring the Port Mode for DHCP Snooping 365
Figure 228: Displaying the Binding Table for DHCP Snooping 367
Figure 229: Configuring Global Settings for DHCPv6 Snooping 371
Figure 230: Configuring DHCPv6 Snooping on a VLAN 372
Figure 231: Showing VLANs Enabled for DHCPv6 Snooping 372
Figure 232: Configuring the Trust Sate for DHCPv6 Snooping 373
Figure 233: Displaying the Binding Table for DHCPv6 Snooping 374
Figure 234: Displaying Statistics for DHCPv6 Snooping 375
Figure 235: Setting the Filter Type for IP Source Guard 378
Figure 236: Configuring Static Bindings for IPv4 Source Guard 380
Figure 237: Displaying Static Bindings for IPv4 Source Guard 381
Figure 238: Showing the IPv4 Source Guard Binding Table 382
Figure 239: Setting the Filter Type for IPv6 Source Guard 384
– 23 –
Page 24
Figures
Figure 240: Configuring Static Bindings for IPv6 Source Guard 386
Figure 241: Displaying Static Bindings for IPv6 Source Guard 386
Figure 242: Showing the IPv6 Source Guard Binding Table 388
Figure 243: Configuring Global Settings for ARP Inspection 391
Figure 244: Configuring VLAN Settings for ARP Inspection 392
Figure 245: Configuring Interface Settings for ARP Inspection 393
Figure 246: Displaying Statistics for ARP Inspection 395
Figure 247: Displaying the ARP Inspection Log 396
Figure 248: Configuring Discarding or Forwarding of CDP/PVST Packets 396
Figure 249: Configuring Settings for System Memory Logs 399
Figure 250: Showing Error Messages Logged to System Memory 400
Figure 251: Configuring Settings for Remote Logging of Error Messages 401
Figure 252: Configuring SMTP Alert Messages 403
Figure 253: Configuring LLDP Timing Attributes 405
Figure 254: Configuring LLDP Interface Attributes 409
Figure 255: Configuring the Civic Address for an LLDP Interface 410
Figure 256: Showing the Civic Address for an LLDP Interface 411
Figure 257: Displaying Local Device Information for LLDP (General) 414
Figure 258: Displaying Local Device Information for LLDP (Port) 414
Figure 259: Displaying Local Device Information for LLDP (Port Details) 414
Figure 260: Displaying Remote Device Information for LLDP (Port) 421
Figure 261: Displaying Remote Device Information for LLDP (Port Details) 422
Figure 262: Displaying LLDP Device Statistics (General) 424
Figure 263: Displaying LLDP Device Statistics (Port) 424
Figure 264: Configuring Global Settings for SNMP 427
Figure 265: Setting Community Access Strings 428
Figure 266: Showing Community Access Strings 429
Figure 267: Configuring the Local Engine ID for SNMP 430
Figure 268: Configuring a Remote Engine ID for SNMP 431
Figure 269: Showing Remote Engine IDs for SNMP 431
Figure 270: Creating an SNMP View 432
Figure 271: Showing SNMP Views 433
Figure 272: Adding an OID Subtree to an SNMP View 433
Figure 273: Showing the OID Subtree Configured for SNMP Views 434
Figure 274: Creating an SNMP Group 439
– 24 –
Page 25
Figures
Figure 275: Showing SNMP Groups 439
Figure 276: Configuring Local SNMPv3 Users 441
Figure 277: Showing Local SNMPv3 Users 441
Figure 278: Changing a Local SNMPv3 User Group 442
Figure 279: Configuring Remote SNMPv3 Users 444
Figure 280: Showing Remote SNMPv3 Users 444
Figure 281: Configuring Trap Managers (SNMPv1) 448
Figure 282: Configuring Trap Managers (SNMPv2c) 448
Figure 283: Configuring Trap Managers (SNMPv3) 448
Figure 284: Showing Trap Managers 449
Figure 285: Creating a Trap Host 450
Figure 286: Showing the Notification Filter 450
Figure 287: Creating SNMP Notification Logs 450
Figure 288: Showing SNMP Notification Logs 451
Figure 289: Showing SNMP Statistics 453
Figure 290: Configuring an RMON Alarm 455
Figure 291: Showing Configured RMON Alarms 456
Figure 292: Configuring an RMON Event 457
Figure 293: Showing Configured RMON Events 458
Figure 294: Configuring an RMON History Sample 459
Figure 295: Showing Configured RMON History Samples 460
Figure 296: Showing Collected RMON History Samples 460
Figure 297: Configuring an RMON Statistical Sample 462
Figure 298: Showing Configured RMON Statistical Samples 462
Figure 299: Showing Collected RMON Statistical Samples 463
Figure 300: Configuring a Switch Cluster 465
Figure 301: Configuring a Cluster Members 466
Figure 302: Showing Cluster Members 466
Figure 303: Showing Cluster Candidates 466
Figure 304: Managing a Cluster Member 467
Figure 305: Setting the Name of a Time Range 469
Figure 306: Showing a List of Time Ranges 469
Figure 307: Add a Rule to a Time Range 470
Figure 308: Showing the Rules Configured for a Time Range 470
Figure 309: ERPS Ring Components 472
– 25 –
Page 26
Figures
Figure 310: Ring Interconnection Architecture (Multi-ring/Ladder Network) 473
Figure 311: Setting ERPS Global Status 475
Figure 312: Sub-ring with Virtual Channel 485
Figure 313: Sub-ring without Virtual Channel 485
Figure 314: Non-ERPS Device Protection 486
Figure 315: Creating an ERPS Ring 489
Figure 316: Creating an ERPS Ring 490
Figure 317: Showing Configured ERPS Rings 491
Figure 318: Blocking an ERPS Ring Port 495
Figure 319: Enabling OAM for Local Ports 497
Figure 320: Displaying Statistics for OAM Messages 498
Figure 321: Displaying the OAM Event Log 499
Figure 322: Displaying Status of Remote Interfaces 500
Figure 323: Running a Remote Loop Back Test 502
Figure 324: Displaying the Results of Remote Loop Back Testing 503
Figure 325: Single CFM Maintenance Domain 504
Figure 326: Multiple CFM Maintenance Domains 505
Figure 327: Configuring Global Settings for CFM 510
Figure 328: Configuring Interfaces for CFM 511
Figure 329: Configuring Maintenance Domains 514
Figure 330: Showing Maintenance Domains 515
Figure 331: Configuring Detailed Settings for Maintenance Domains 515
Figure 332: Creating Maintenance Associations 518
Figure 333: Showing Maintenance Associations 519
Figure 334: Configuring Detailed Settings for Maintenance Associations 519
Figure 335: Configuring Maintenance End Points 521
Figure 336: Showing Maintenance End Points 521
Figure 337: Configuring Remote Maintenance End Points 523
Figure 338: Showing Remote Maintenance End Points 523
Figure 339: Transmitting Link Trace Messages 525
Figure 340: Transmitting Loopback Messages 526
Figure 341: Transmitting Delay-Measure Messages 528
Figure 342: Showing Information on Local MEPs 529
Figure 343: Showing Detailed Information on Local MEPs 531
Figure 344: Showing Information on Local MIPs 532
– 26 –
Page 27
Figures
Figure 345: Showing Information on Remote MEPs 533
Figure 346: Showing Detailed Information on Remote MEPs 535
Figure 347: Showing the Link Trace Cache 537
Figure 348: Showing Settings for the Fault Notification Generator 538
Figure 349: Showing Continuity Check Errors 539
Figure 350: Enabling OAM for Local Ports 542
Figure 351: Displaying Statistics for OAM Messages 543
Figure 352: Displaying the OAM Event Log 544
Figure 353: Displaying Status of Remote Interfaces 545
Figure 354: Running a Remote Loop Back Test 547
Figure 355: Displaying the Results of Remote Loop Back Testing 548
Figure 356: Configuring UDLD Protocol Intervals 550
Figure 357: Configuring UDLD Interface Settings 552
Figure 358: Displaying UDLD Neighbor Information 553
Figure 359: Configuring Global Settings for LBD 555
Figure 360: Configuring Interface Settings for LBD 556
Figure 361: Multicast Filtering Concept 558
Figure 362: Configuring General Settings for IGMP Snooping 564
Figure 363: Configuring a Static Interface for a Multicast Router 565
Figure 364: Showing Static Interfaces Attached a Multicast Router 566
Figure 365: Showing Current Interfaces Attached a Multicast Router 566
Figure 366: Assigning an Interface to a Multicast Service 567
Figure 367: Showing Static Interfaces Assigned to a Multicast Service 568
Figure 368: Configuring IGMP Snooping on a VLAN 573
Figure 369: Showing Interface Settings for IGMP Snooping 574
Figure 370: Dropping IGMP Query or Multicast Data Packets 575
Figure 371: Showing Multicast Groups Learned by IGMP Snooping 576
Figure 372: Displaying IGMP Snooping Statistics – Query 578
Figure 373: Displaying IGMP Snooping Statistics – VLAN 579
Figure 374: Displaying IGMP Snooping Statistics – Port 580
Figure 375: Enabling IGMP Filtering and Throttling 581
Figure 376: Creating an IGMP Filtering Profile 582
Figure 377: Showing the IGMP Filtering Profiles Created 583
Figure 378: Adding Multicast Groups to an IGMP Filtering Profile 583
Figure 379: Showing the Groups Assigned to an IGMP Filtering Profile 584
– 27 –
Page 28
Figures
Figure 380: Configuring IGMP Filtering and Throttling Interface Settings 585
Figure 381: Configuring General Settings for MLD Snooping 587
Figure 382: Configuring Immediate Leave for MLD Snooping 588
Figure 383: Configuring a Static Interface for an IPv6 Multicast Router 589
Figure 384: Showing Static Interfaces Attached an IPv6 Multicast Router 589
Figure 385: Showing Current Interfaces Attached an IPv6 Multicast Router 590
Figure 386: Assigning an Interface to an IPv6 Multicast Service 591
Figure 387: Showing Static Interfaces Assigned to an IPv6 Multicast Service 591
Figure 388: Showing Current Interfaces Assigned to an IPv6 Multicast Service 592
Figure 389: Showing IPv6 Multicast Services and Corresponding Sources 593
Figure 390: Displaying MLD Snooping Statistics – Input 597
Figure 391: Displaying MLD Snooping Statistics – Output 597
Figure 392: Displaying MLD Snooping Statistics – Query 598
Figure 393: Displaying MLD Snooping Statistics – Summary (Port/Trunk) 599
Figure 394: Displaying MLD Snooping Statistics – Summary (VLAN) 600
Figure 395: Clearing MLD Snooping Statistics 601
Figure 396: MVR Concept 602
Figure 397: Configuring Global Settings for MVR 604
Figure 398: Configuring Domain Settings for MVR 606
Figure 399: Configuring an MVR Group Address Profile 607
Figure 400: Displaying MVR Group Address Profiles 608
Figure 401: Assigning an MVR Group Address Profile to a Domain 608
Figure 402: Showing the MVR Group Address Profiles Assigned to a Domain 609
Figure 403: Configuring Interface Settings for MVR 611
Figure 404: Assigning Static MVR Groups to an Interface 613
Figure 405: Showing the Static MVR Groups Assigned to a Port 613
Figure 406: Displaying MVR Receiver Groups 614
Figure 407: Displaying MVR Statistics – Query 616
Figure 408: Displaying MVR Statistics – VLAN 617
Figure 409: Displaying MVR Statistics – Port 618
Figure 410: Configuring Global Settings for MVR6 620
Figure 411: Configuring Domain Settings for MVR6 622
Figure 412: Configuring an MVR6 Group Address Profile 623
Figure 413: Displaying MVR6 Group Address Profiles 624
Figure 414: Assigning an MVR6 Group Address Profile to a Domain 624
– 28 –
Page 29
Figures
Figure 415: Showing MVR6 Group Address Profiles Assigned to a Domain 625
Figure 416: Configuring Interface Settings for MVR6 627
Figure 417: Assigning Static MVR6 Groups to a Port 628
Figure 418: Showing the Static MVR6 Groups Assigned to a Port 629
Figure 419: Displaying MVR6 Receiver Groups 630
Figure 420: Displaying MVR6 Statistics – Query 632
Figure 421: Displaying MVR6 Statistics – VLAN 633
Figure 422: Displaying MVR6 Statistics – Port 634
Figure 423: Pinging a Network Device 636
Figure 424: Tracing the Route to a Network Device 638
Figure 425: Proxy ARP 639
Figure 426: Configuring General Settings for ARP 640
Figure 427: Configuring Static ARP Entries 641
Figure 428: Displaying Static ARP Entries 642
Figure 429: Displaying ARP Entries 642
Figure 430: Displaying ARP Statistics 643
Figure 431: Configuring a Static IPv4 Address 647
Figure 432: Configuring a Dynamic IPv4 Address 648
Figure 433: Showing the Configured IPv4 Address for an Interface 649
Figure 434: Configuring the IPv6 Default Gateway 650
Figure 435: Configuring General Settings for an IPv6 Interface 654
Figure 436: Configuring RA Guard for an IPv6 Interface 655
Figure 437: Configuring an IPv6 Address 657
Figure 438: Showing Configured IPv6 Addresses 659
Figure 439: Showing IPv6 Neighbors 660
Figure 440: Showing IPv6 Statistics (IPv6) 664
Figure 441: Showing IPv6 Statistics (ICMPv6) 665
Figure 442: Showing IPv6 Statistics (UDP) 665
Figure 443: Showing Reported MTU Values 666
Figure 444: Virtual Interfaces and Layer 3 Routing 668
Figure 445: Configuring Static Routes 672
Figure 446: Displaying Static Routes 672
Figure 447: Displaying the Routing Table 673
Figure 448: Configuring General Settings for DNS 676
Figure 449: Configuring a List of Domain Names for DNS 677
– 29 –
Page 30
Figures
Figure 450: Showing the List of Domain Names for DNS 677
Figure 451: Configuring a List of Name Servers for DNS 678
Figure 452: Showing the List of Name Servers for DNS 679
Figure 453: Configuring Static Entries in the DNS Table 680
Figure 454: Showing Static Entries in the DNS Table 680
Figure 455: Showing Entries in the DNS Cache 681
Figure 456: Specifying A DHCP Client Identifier 683
Figure 457: Layer 3 DHCP Relay Service 683
Figure 458: Configuring DHCP Relay Service 684
Figure 459: Layer 2 DHCP Relay Service 685
Figure 460: Configuring DHCP Relay Information Option 82 Service 688
Figure 461: Enabling Dynamic Provisioning via DHCP 689
Figure 462: Configuring Global Settings for PPPoE Intermediate Agent 690
Figure 463: Configuring Interface Settings for PPPoE Intermediate Agent 692
Figure 464: Showing PPPoE Intermediate Agent Statistics 693
– 30 –
Page 31

Tables

Table 1: Key Features 35
Table 2: System Defaults 42
Table 3: Web Page Configuration Buttons 50
Table 4: Switch Main Menu 52
Table 5: Predefined Summer-Time Parameters 96
Table 6: Port Statistics 114
Table 7: LACP Port Counters 137
Table 8: LACP Internal Configuration Information 138
Table 9: LACP Remote Device Configuration Information 140
Table 10: Traffic Segmentation Forwarding 156
Table 11: Recommended STA Path Cost Range 219
Table 12: Default STA Path Costs 219
Table 13: IEEE 802.1p Egress Queue Priority Mapping 247
Table 14: CoS Priority Levels 248
Table 15: Mapping Internal Per-hop Behavior to Hardware Queues 248
Table 16: Default Mapping of DSCP Values to Internal PHB/Drop Values 252
Table 17: Default Mapping of CoS/CFI to Internal PHB/Drop Precedence 254
Table 18: Mapping Internal PHB/Drop Precedence to CoS/CFI Values 256
Table 19: Mapping IP Precedence 258
Table 20: Default Mapping of IP Precedence to Internal PHB/Drop Values 259
Table 21: Dynamic QoS Profiles 307
Table 22: HTTPS System Support 316
Table 23: 802.1X Statistics 355
Table 24: ARP Inspection Statistics 394
Table 25: ARP Inspection Log 395
Table 26: Logging Levels 398
Table 27: LLDP MED Location CA Types 409
Table 28: Chassis ID Subtype 411
Table 29: System Capabilities 412
– 31 –
Page 32
Tabl es
Table 30: Port ID Subtype 413
Table 31: Remote Port Auto-Negotiation Advertised Capability 416
Table 32: SNMPv3 Security Models and Levels 425
Table 33: Supported Notification Messages 435
Table 34: ERPS Request/State Priority 492
Table 35: OAM Operation State 496
Table 36: Remote Loopback Status 501
Table 37: Remote MEP Priority Levels 512
Table 38: MEP Defect Descriptions 513
Table 39: OAM Operation State 540
Table 40: Remote Loopback Status 546
Table 41: Address Resolution Protocol 638
Table 42: ARP Statistics 642
Table 43: Show IPv6 Neighbors - display description 659
Table 44: Show IPv6 Statistics - display description 661
Table 45: Show MTU - display description 666
Table 46: Options 60, 66 and 67 Statements 682
Table 47: Options 55 and 124 Statements 682
Table 48: Troubleshooting Chart 703
– 32 –
Page 33
Section I

Getting Started

This section provides an overview of the switch, and introduces some basic concepts about network switches. It also describes the basic settings required to access the management interface.
This section includes these chapters:
"Introduction" on page 35
?
– 33 –
Page 34
Section I
| Getting Started
– 34 –
Page 35

1 Introduction

This switch provides a broad range of features for Layer 2 switching and Layer 3 routing. It includes a management agent that allows you to configure the features listed in this manual. The default configuration can be used for most of the features provided by this switch. However, there are many options that you should configure to maximize the switch’s performance for your particular network environment.

Key Features

Table 1: Key Features
Feature Description
Configuration Backup and Restore
Authentication Console, Telnet, web – user name/password, RADIUS, TACACS+
General Security Measures AAA
Access Control Lists Supports up to 256 ACLs, up to 1K rules per ACL
DHCP Client, Relay
DHCPv6 Client
DNS Client and Proxy service
Port Configuration Speed, duplex mode and flow control
Port Trunking Supports up to 16/27 trunks – static or dynamic trunking (LACP)
Using management station or FTP/TFTP server
Port – IEEE 802.1X, MAC address filtering SNMP v1/2c - Community strings SNMP version 3 – MD5 or SHA password Telnet – SSH Web – HTTPS
ARP inspection DHCP Snooping (with Option 82 relay information) IP Source Guard PPPoE Intermediate Agent Port Authentication – IEEE 802.1X Port Security – MAC address filtering
Port Mirroring 1 session, one or more source ports to one analysis port
Congestion Control Rate Limiting
Throttling for broadcast, multicast, unknown unicast storms
– 35 –
Page 36
Chapter 1
| Introduction

Description of Software Features

Table 1: Key Features (Continued)
Feature Description
Address Table 16K MAC addresses in forwarding table, 1K static MAC addresses;
IP Version 4 and 6 Supports IPv4 and IPv6 addressing, and management
IEEE 802.1D Bridge Supports dynamic data switching and addresses learning
1K entries in ARP cache; 2K entries in ipv6 neighbor cache; 1K L2 IPv4 multicast groups
Store-and-Forward Switching
Spanning Tree Algorithm Supports standard STP, Rapid Spanning Tree Protocol (RSTP), and
Virtual LANs Up to 4094 using IEEE 802.1Q, port-based, protocol-based, voice VLANs,
Traffic Prioritization Default port priority, traffic class map, queue scheduling, IP Precedence,
Qualify of Service Supports Differentiated Services (DiffServ)
Link Layer Discovery Protocol
Switch Clustering Supports up to 16 member switches in a cluster
Connectivity Fault Management
ERPS Supports Ethernet Ring Protection Switching for increased availability
ARP Static and dynamic address configuration, proxy ARP
Multicast Filtering Supports IGMP snooping and query for Layer 2, MLD snooping and
Remote Device Management
Supported to ensure wire-speed switching while eliminating bad frames
Multiple Spanning Trees (MSTP)
and QinQ tunnel
or Differentiated Services Code Point (DSCP), and TCP/UDP Port
Used to discover basic information about neighboring devices
Connectivity monitoring using continuity check messages, fault verification through loop back messages, and fault isolation by examining end-to-end connections (IEEE 802.1ag)
of Ethernet rings (G.8032)
query, IGMP for Layer 3, and Multicast VLAN Registration
Supports Ethernet OAM functions for attached CPEs (IEEE 802.3ah, ITU-T Y.1731)
Description of Software Features
The switch provides a wide range of advanced performance enhancing features. Flow control eliminates the loss of packets due to bottlenecks caused by port saturation. Broadcast storm suppression prevents broadcast traffic storms from engulfing the network. Untagged (port-based), tagged, and protocol-based VLANs, plus support for automatic GVRP VLAN registration provide traffic security and efficient use of network bandwidth. CoS priority queueing ensures the minimum delay for moving real-time multimedia data across the network. While multicast filtering and routing provides support for real-time network applications.
– 36 –
Page 37
Chapter 1
Description of Software Features
Some of the management features are briefly described below.
| Introduction
Configuration Backup
and Restore
Authentication This switch authenticates management access via the console port, Telnet, or a web
You can save the current configuration settings to a file on the management station (using the web interface) or an FTP/TFTP server (using the web or console interface), and later download this file to restore the switch configuration settings.
browser. User names and passwords can be configured locally or can be verified via a remote authentication server (i.e., RADIUS or TACACS+). Port-based authentication is also supported via the IEEE 802.1X protocol. This protocol uses Extensible Authentication Protocol over LANs (EAPOL) to request user credentials from the 802.1X client, and then uses the EAP between the switch and the authentication server to verify the client’s right to access the network via an authentication server (i.e., RADIUS or TACACS+ server).
Other authentication options include HTTPS for secure management access via the web, SSH for secure management access over a Telnet-equivalent connection, SNMP Version 3, IP address filtering for SNMP/Telnet/web management access. MAC address filtering and IP source guard also provide authenticated port access. While DHCP snooping is provided to prevent malicious attacks from insecure ports. While PPPoE Intermediate Agent supports authentication of a client for a service provider.
Access Control Lists ACLs provide packet filtering for IP frames (based on address, protocol, TCP/UDP
port number or TCP control code) or any frames (based on MAC address or Ethernet type). ACLs can by used to improve performance by blocking unnecessary network traffic or to implement security controls by restricting access to specific network resources or protocols.
DHCP Relay Since DHCP uses a broadcast mechanism, a DHCP server and its client must
physically reside on the same subnet. Since it is not practical to have a DHCP server on every subnet, DHCP Relay is supported to allow dynamic configuration of local clients from a DHCP server located in a different network. DHCP Relay Option 82 is also provided to control the processing of Option 82 information in DHCP request packets relayed by this device.
Port Configuration You can manually configure the speed, duplex mode, and flow control used on
specific ports, or use auto-negotiation to detect the connection settings used by the attached device. Use full-duplex mode on ports whenever possible to double the throughput of switch connections. Flow control should also be enabled to control network traffic during periods of congestion and prevent the loss of packets when port buffer thresholds are exceeded. The switch supports flow control based on the IEEE 802.3x standard (now incorporated in IEEE 802.3-2002).
– 37 –
Page 38
Chapter 1
Description of Software Features
| Introduction
Rate Limiting This feature controls the maximum rate for traffic transmitted or received on an
interface. Rate limiting is configured on interfaces at the edge of a network to limit traffic into or out of the network. Packets that exceed the acceptable amount of traffic are dropped.
Port Mirroring The switch can unobtrusively mirror traffic from any port to a monitor port. You can
then attach a protocol analyzer or RMON probe to this port to perform traffic analysis and verify connection integrity.
Port Trunking Ports can be combined into an aggregate connection. Trunks can be manually set
up or dynamically configured using Link Aggregation Control Protocol (LACP – IEEE
802.3-2005). The additional ports dramatically increase the throughput across any connection, and provide redundancy by taking over the load if a port in the trunk should fail. The switch supports up to 16/27 trunks.
Storm Control Broadcast, multicast and unknown unicast storm suppression prevents traffic from
overwhelming the network.When enabled on a port, the level of traffic passing through the port is restricted. If traffic rises above a pre-defined threshold, it will be throttled until the level falls back beneath the threshold.
Static MAC Addresses A static address can be assigned to a specific interface on this switch. Static
addresses are bound to the assigned interface and will not be moved. When a static address is seen on another interface, the address will be ignored and will not be written to the address table. Static addresses can be used to provide network security by restricting access for a known host to a specific port.
IP Address Filtering Access to insecure ports can be controlled using DHCP Snooping which filters
ingress traffic based on static IP addresses and addresses stored in the DHCP Snooping table. Traffic can also be restricted to specific source IP addresses or source IP/MAC address pairs based on static entries or entries stored in the DHCP Snooping table.
IEEE 802.1D Bridge The switch supports IEEE 802.1D transparent bridging. The address table facilitates
data switching by learning addresses, and then filtering or forwarding traffic based on this information. The address table supports up to 16K addresses.
Store-and-Forward
Switching
The switch copies each frame into its memory before forwarding them to another port. This ensures that all frames are a standard Ethernet size and have been verified for accuracy with the cyclic redundancy check (CRC). This prevents bad frames from entering the network and wasting bandwidth.
– 38 –
Page 39
Chapter 1
Description of Software Features
| Introduction
To avoid dropping frames on congested ports, the switch provides 3 Mbits for frame buffering. This buffer can queue packets awaiting transmission on congested networks.
Spanning Tree
Algorithm
The switch supports these spanning tree protocols:
Spanning Tree Protocol (STP, IEEE 802.1D) – This protocol provides loop
?
detection. When there are multiple physical paths between segments, this protocol will choose a single path and disable all others to ensure that only one route exists between any two stations on the network. This prevents the creation of network loops. However, if the chosen path should fail for any reason, an alternate path will be activated to maintain the connection.
Rapid Spanning Tree Protocol (RSTP, IEEE 802.1w) – This protocol reduces the
?
convergence time for network topology changes to about 3 to 5 seconds, compared to 30 seconds or more for the older IEEE 802.1D STP standard. It is intended as a complete replacement for STP, but can still interoperate with switches running the older standard by automatically reconfiguring ports to STP-compliant mode if they detect STP protocol messages from attached devices.
Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) – This protocol is a direct
?
extension of RSTP. It can provide an independent spanning tree for different VLANs. It simplifies network management, provides for even faster convergence than RSTP by limiting the size of each region, and prevents VLAN members from being segmented from the rest of the group (as sometimes occurs with IEEE 802.1D STP).
Connectivity Fault
Management
Virtual LANs The switch supports up to 4094 VLANs. A Virtual LAN is a collection of network
The switch provides connectivity fault monitoring for end-to-end connections within a designated service area by using continuity check messages which can detect faults in maintenance points, fault verification through loop back messages, and fault isolation with link trace messages.
nodes that share the same collision domain regardless of their physical location or connection point in the network. The switch supports tagged VLANs based on the IEEE 802.1Q standard. Members of VLAN groups can be dynamically learned via GVRP, or ports can be manually assigned to a specific set of VLANs. This allows the switch to restrict traffic to the VLAN groups to which a user has been assigned. By segmenting your network into VLANs, you can:
Eliminate broadcast storms which severely degrade performance in a flat
?
network.
Simplify network management for node changes/moves by remotely
?
configuring VLAN membership for any port, rather than having to manually change the network connection.
– 39 –
Page 40
Chapter 1
Description of Software Features
| Introduction
?
?
Provide data security by restricting all traffic to the originating VLAN, except where a connection is explicitly defined via the switch's routing service.
Use protocol VLANs to restrict traffic to specified interfaces based on protocol type.
IEEE 802.1Q Tunneling
(QinQ)
This feature is designed for service providers carrying traffic for multiple customers across their networks. QinQ tunneling is used to maintain customer-specific VLAN and Layer 2 protocol configurations even when different customers use the same internal VLAN IDs. This is accomplished by inserting Service Provider VLAN (SPVLAN) tags into the customer’s frames when they enter the service provider’s network, and then stripping the tags when the frames leave the network.
Traffic Prioritization This switch prioritizes each packet based on the required level of service, using
eight priority queues with strict priority, Weighted Round Robin (WRR), or a combination of strict and weighted queuing. It uses IEEE 802.1p and 802.1Q tags to prioritize incoming traffic based on input from the end-station application. These functions can best-effort data.
This switch also supports several common methods of prioritizing layer 3/4 traffic to meet application requirements. Traffic can be prioritized based on the priority bits in the IP frame’s Type of Service (ToS) octet using DSCP, or IP Precedence or TCP/UDP port numbers. When these services are enabled, the priorities are mapped to a Class of Service value by the switch, and the traffic then sent to the corresponding output queue.
be used to provide independent priorities for delay-sensitive data and
Quality of Service Differentiated Services (DiffServ) provides policy-based management mechanisms
used for prioritizing network resources to meet the requirements of specific traffic types on a per-hop basis. Each packet is classified upon entry into the network based on access lists, IP Precedence or DSCP values, or VLAN lists. Using access lists allows you select traffic based on Layer 2, Layer 3, or Layer 4 information contained in each packet. Based on network policies, different kinds of traffic can be marked for different kinds of forwarding.
Ethernet Ring
Protection Switching
Address Resolution
Protocol
ERPS can be used to increase the availability and robustness of Ethernet rings, such as those used in Metropolitan Area Networks (MAN). ERPS provides Layer 2 loop avoidance and fast reconvergence in Layer 2 ring topologies, supporting up to 255 nodes in the ring structure. It can also function with IEEE 802.1ag to support link monitoring when non-participating devices exist within the Ethernet ring.
The switch uses ARP to convert between IP addresses and MAC (hardware) addresses. This switch supports conventional ARP, which locates the MAC address corresponding to a given IP address.
– 40 –
Page 41
Chapter 1
Description of Software Features
| Introduction
Operation,
Administration,
and Maintenance
The switch provides OAM remote management tools required to monitor and maintain the links to subscriber CPEs (Customer Premise Equipment). This section describes functions including enabling OAM for selected ports, loopback testing, and displaying remote device information.
Multicast Filtering Specific multicast traffic can be assigned to its own VLAN to ensure that it does not
interfere with normal network traffic and to guarantee real-time delivery by setting the required priority level for the designated VLAN. The switch uses IGMP Snooping and Query for IPv4, MLD Snooping and Query for IPv6, and IGMP at Layer 3 to manage multicast group registration. It also supports Multicast VLAN Registration (MVR for IPv4 and MVR6 for IPv6) which allows common multicast traffic, such as television channels, to be transmitted across a single network-wide multicast VLAN shared by hosts residing in other standard or private VLAN groups, while preserving security and data isolation for normal traffic.
Link Layer Discovery
Protocol
LLDP is used to discover basic information about neighboring devices within the local broadcast domain. LLDP is a Layer 2 protocol that advertises information about the sending device and collects information gathered from neighboring network nodes it discovers.
Advertised information is represented in Type Length Value (TLV) format according to the IEEE 802.1ab standard, and can include details such as device identification, capabilities and configuration settings. Media Endpoint Discovery (LLDP-MED) is an extension of LLDP intended for managing endpoint devices such as Voice over IP phones and network switches. The LLDP-MED TLVs advertise information such as network policy, power, inventory, and device location details. The LLDP and LLDP­MED information can be used by SNMP applications to simplify troubleshooting, enhance network management, and maintain an accurate network topology.
– 41 –
Page 42
Chapter 1
| Introduction

System Defaults

System Defaults
The switch’s system defaults are provided in the configuration file “Factory_Default_Config.cfg.” To reset the switch defaults, this file should be set as the startup configuration file.
The following table lists some of the basic system defaults.
Table 2: System Defaults
Function Parameter Default
Console Port Connection Baud Rate 115200 bps
Data bits 8
Stop bits 1
Parity none
Local Console Timeout 0 (disabled)
Authentication and Security Measures
Web Management HTTP Server Enabled
Privileged Exec Level Username “admin”
Normal Exec Level Username “guest”
Enable Privileged Exec from Normal Exec Level
RADIUS Authentication Disabled
TACACS+ Authentication Disabled
802.1X Port Authentication Disabled
MAC Authentication Disabled
PPPoE Intermediate Agent Disabled
HTTPS Enabled
SSH Disabled
Port Security Disabled
IP Filtering Disabled
DHCP Snooping Disabled
HTTP Port Number 80
Password “admin”
Password “guest”
Password “super”
HTTP Secure Server Enabled
HTTP Secure Server Port 443
– 42 –
Page 43
Chapter 1
Table 2: System Defaults (Continued)
Function Parameter Default
SNMP SNMP Agent Enabled
| Introduction
System Defaults
Community Strings “public” (read only)
Traps Authentication traps: enabled
SNMP V3 View: defaultview
Port Configuration Admin Status Enabled
Auto-negotiation Enabled
Flow Control Disabled
Por t Trunk ing Static Trunks None
LACP (all ports) Disabled
Congestion Control Rate Limiting Disabled
Storm Control Broadcast: Enabled
Address Table Aging Time 300 seconds
Spanning Tree Algorithm Status Enabled, RSTP
“private” (read/write)
Link-up-down events: enabled
Group: public (read only); private (read/write)
(500 packets/sec) Multicast: Disabled Unknown Unicast: Disabled
(Defaults: RSTP standard)
Edge Ports Disabled
LLDP Status Enabled
ERPS Status Disabled
CFM Status Disabled
OAM Status Disabled
Virtual LANs Default VLAN 1
PVID 1
Acceptable Frame Type All
Ingress Filtering Disabled
Switchport Mode (Egress Mode) Hybrid
GVRP (global) Disabled
GVRP (port interface) Disabled
QinQ Tunneling Disabled
– 43 –
Page 44
Chapter 1
| Introduction
System Defaults
Table 2: System Defaults (Continued)
Function Parameter Default
Traffic Prioritization Ingress Port Priority 0
Queue Mode WRR
Queue Weight Queue: 0 1 2 3 4 5 6 7
Weight: 1 2 4 6 8 10 12 14
Class of Service Enabled
IP Precedence Priority Disabled
IP DSCP Priority Disabled
IP Port Priority Disabled
IP Settings Management. VLAN VLAN 1
IP Address DHCP assigned
Subnet Mask 255.255.255.0
Default Gateway 0.0.0.0
DHCP Client: Enabled
DNS Client/Proxy service: Disabled
BOOTP Disabled
ARP Enabled
Cache Timeout: 20 minutes Proxy: Disabled
Multicast Filtering IGMP Snooping (Layer 2) Snooping: Disabled
Querier: Disabled
MLD Snooping (Layer 2 IPv6) Snooping: Disabled
Querier: Disabled
Multicast VLAN Registration Disabled
IGMP Proxy Reporting Disabled
System Log Status Enabled
Messages Logged to RAM Levels 0-7 (all)
Messages Logged to Flash Levels 0-3
SMTP Email Alerts Event Handler Enabled (but no server defined)
SNTP Clock Synchronization Disabled
Switch Clustering Status Disabled
Commander Disabled
– 44 –
Page 45
Section II

Web Configuration

This section describes the basic switch features, along with a detailed description of how to configure each feature via a web browser.
This section includes these chapters:
"Using the Web Interface" on page 47
?
"Basic Management Tasks" on page 73
?
"Interface Configuration" on page 107
?
"VLAN Configuration" on page 161
?
"Address Table Settings" on page 199
?
"Spanning Tree Algorithm" on page 207
?
"Congestion Control" on page 233
?
"Class of Service" on page 243
?
"Quality of Service" on page 263
?
"VoIP Traffic Configuration" on page 279
?
"Security Measures" on page 285
?
"Basic Administration Protocols" on page 397
?
"Multicast Filtering" on page 557
?
"Basic IP Functions" on page 635
?
"IP Configuration" on page 645
?
"General IP Routing" on page 667
?
"IP Services" on page 675
?
– 45 –
Page 46
Section II
| Web Configuration
– 46 –
Page 47

2 Using the Web Interface

This switch provides an embedded HTTP web agent. Using a web browser you can configure the switch and view statistics to monitor network activity. The web agent can be accessed by any computer on the network using a standard web browser (Internet Explorer 11, Mozilla Firefox 52, or Google Chrome 57, or more recent versions).
Note:
You can also use the Command Line Interface (CLI) to manage the switch over a serial connection to the console port or via Telnet. For more information on using the CLI, refer to the CLI Reference Guide.

Connecting to the Web Interface

Prior to accessing the switch from a web browser, be sure you have first performed the following tasks:
1. Configure the switch with a valid IP address, subnet mask, and default gateway
using an out-of-band serial connection, BOOTP or DHCP protocol. (See “Initial Switch Configuration” in the CLI Reference Guide.)
2. Set user names and passwords using an out-of-band serial connection. Access
to the web agent is controlled by the same user names and passwords as the onboard configuration program. (See the CLI Reference Guide.)
3. After you enter a user name and password, you will have access to the system
configuration program.
Note:
You are allowed three attempts to enter the correct password; on the third failed attempt the current connection is terminated.
Note:
If you log into the web interface as guest (Normal Exec level), you can view the configuration settings or change the guest password. If you log in as “admin” (Privileged Exec level), you can change the settings on any page.
Note:
If the path between your management station and this switch does not pass through any device that uses the Spanning Tree Algorithm, then you can set the switch port attached to your management station to fast forwarding (i.e., enable Admin Edge Port) to improve the switch’s response time to management commands issued through the web interface. See “Configuring Interface Settings
for STA” on page 218.
– 47 –
Page 48
Chapter 2

Navigating the Web Browser Interface

| Using the Web Interface
Note:
link local address.
Connection to the web interface is not supported for HTTPS using an IPv6
Navigating the Web Browser Interface
To access the web-browser interface you must first enter a user name and password. The administrator has Read/Write access to all configuration parameters and statistics. The default user name and password for the administrator is “admin.” The administrator has full access privileges to configure any parameters in the web interface. The default user name and password for guest access is “guest.” The guest only has read access for most configuration parameters. Refer to “Configuring User
Accounts” on page 301 for more details.
Dashboard When your web browser connects with the switch’s web agent, the Dashboard is
displayed as shown below. The Dashboard displays the main menu on the left side of the screen. Switch Information, CPU Utilization, Switch Events, Memory Utilization, Recent 5 Event Information, Port Utilization, Dynamic Address Count, and LLDP Remote Device Port List are displayed on the right side. The main menu links are used to navigate to other menus, and display configuration parameters and statistics.
Figure 1: Dashboard
– 48 –
Page 49
Chapter 2
Navigating the Web Browser Interface
| Using the Web Interface
Note:
You can open a connection to the vendor’s web site by clicking on the logo.
– 49 –
Page 50
Chapter 2
Navigating the Web Browser Interface
| Using the Web Interface
Home Page When your web browser connects with the switch’s web agent, the home page is
displayed as shown below. The home page displays the Main Menu on the left side of the screen and System Information on the right side. The Main Menu links are used to navigate to other menus, and display configuration parameters and statistics.
Figure 2: Home Page
Note:
You can open a connection to the vendor’s web site by clicking on the Levelone logo.
Configuration Options Configurable parameters have a dialog box or a drop-down list. Once a
configuration change has been made on a page, be sure to click on the Apply button to confirm the new setting. The following table summarizes the web page configuration buttons.
Table 3: Web Page Configuration Buttons
Button Action
Apply Sets specified values to the system.
Revert Cancels specified values and restores current
values prior to pressing “Apply.”
Displays help for the selected page.
Refreshes the current page.
Displays the site map.
Logs out of the management interface.
– 50 –
Page 51
Chapter 2
| Using the Web Interface
Navigating the Web Browser Interface
Table 3: Web Page Configuration Buttons (Continued)
Button Action
Sends mail to the vendor.
Links to the vendor’s web site.
Panel Display The web agent displays an image of the switch’s ports. The Mode can be set to
display different information for the ports, including Active Ports (i.e., up or down), Duplex State (i.e., half or full duplex), or Flow Control (i.e., with or without flow control).
Figure 3: Front Panel Indicators
– 51 –
Page 52
Chapter 2
| Using the Web Interface
Navigating the Web Browser Interface
Main Menu Using the onboard web agent, you can define system parameters, manage and
control the switch, and all its ports, or monitor network conditions. The following table briefly describes the selections available from this program.
Table 4: Switch Main Menu
Menu Description Page
Dashboard Display switch Information, CPU utilization, switch events, memory
utilization, recent 5 event information, port utilization, dynamic address count, and LLDP remote device port list
System
General Provides basic system description, including contact information 74
Switch Shows the number of ports, hardware version, power status, and
firmware version numbers
Capability Enables support for jumbo frames;
shows the bridge extension parameters
File 79
Copy Allows the transfer and copying files 79
Set Startup Sets the startup file 82
Show Shows the files stored in flash memory; allows deletion of files 83
Time 87
Configure General
Manual Manually sets the current time 88
SNTP Configures SNTP polling interval 89
NTP Configures NTP authentication parameters 89
Configure Time Server Configures a list of NTP or SNTP servers 90
48
75
76, 77
Configure SNTP Server Sets the IP address for SNTP time servers 90
Add NTP Server Adds NTP time server and index of authentication key 91
Show NTP Server Shows list of configured NTP time servers 91
Add NTP Authentication Key Adds key index and corresponding MD5 key 93
Show NTP Authentication Key Shows list of configured authentication keys 93
Configure Time Zone Sets the local time zone for the system clock 94
Configure Summer Time Configures summer time settings 95
Console Sets console port connection parameters 97
Telnet Sets Telnet connection parameters 99
CPU Utilization Displays information on CPU utilization 100
CPU Guard Sets the CPU utilization watermark and threshold 101
Memory Status Shows memory utilization parameters 102
Reset Restarts the switch immediately, at a specified time, after a specified
delay, or at a periodic interval
103
– 52 –
Page 53
Chapter 2
| Using the Web Interface
Navigating the Web Browser Interface
Table 4: Switch Main Menu (Continued)
Menu Description Page
Interface 107
Port 108
General
Configure by Port List Configures connection settings per port 108
Configure by Port Range Configures connection settings for a range of ports 111
Show Information Displays port connection status 112
Statistics Shows Interface, Etherlike, and RMON port statistics 113
Charts Shows Interface, Etherlike, RMON, and all port statistics 113
History Shows statistical history for specified interfaces 118
Transceiver Configures thresholds for alarm and warning messages for optical
transceivers which support DDM
Cable Test Performs cable diagnostics for selected port to diagnose any cable
faults (short, open etc.) and report the cable length
Trunk
Static 128
Configure Trunk 128
Add Creates a trunk, along with the first port member 128
Show Shows the configured trunk identifiers 128
Add Member Specifies ports to group into static trunks 128
Show Member Shows the port members for the selected trunk 128
Configure General 128
Configure Configures trunk connection settings 128
Show Information Displays trunk connection settings 128
Dynamic 131
Configure Aggregator Configures administration key and timeout for specific LACP groups 131
Configure Aggregation Port 131
Configure 131
122
125
General Allows ports to dynamically join trunks 131
Actor Configures parameters for link aggregation group members on the
local side
Partner Configures parameters for link aggregation group members on the
remote side
Show Information 137
Counters Displays statistics for LACP protocol messages 137
Internal Displays configuration settings and operational state for the local side
of a link aggregation
131
131
138
– 53 –
Page 54
Chapter 2
| Using the Web Interface
Navigating the Web Browser Interface
Table 4: Switch Main Menu (Continued)
Menu Description Page
Neighbors Displays configuration settings and operational state for the remote
side of a link aggregation
Configure Trunk 131
Configure Configures connection settings 131
Show Displays port connection status 131
Show Member Shows the active members in a trunk 131
Statistics Shows Interface, Etherlike, and RMON port statistics 113
Chart Shows Interface, Etherlike, and RMON port statistics 113
Load Balance Sets the load-distribution method among ports in aggregated links 141
History Shows statistical history for specified interfaces 118
Green Ethernet Adjusts the power provided to ports based on the length of the cable
used to connect to other devices
Mirror 144
Add Sets the source and target ports for mirroring 144
Show Shows the configured mirror sessions 144
RSPAN Mirrors traffic from remote switches for analysis at a destination port on
the local switch
sFlow Configures flow sampling for receiver ports and instances 150
140
143
146
Configure Receiver Creates an sFlow receiver on the switch 151
Configure Details Enable an sFlow polling data source that polls periodically based on a
specified time interval, or an sFlow data source instance that takes samples periodically based on the number of packets processed
Traffic Segmentation 155
Configure Global Enables traffic segmentation globally 155
Configure Session Configures the uplink and down-link ports for a segmented group of
ports
Add Assign the downlink and uplink ports to use in a segmented group 156
Show Shows the assigned ports and direction (uplink/downlink) 156
VLAN Trunking Allows unknown VLAN groups to pass through the specified interface 158
VLAN Virtual LAN 161
Static
Add Creates VLAN groups 165
Show Displays configured VLAN groups 165
Modify Configures group name and administrative status 165
Edit Member by VLAN Specifies VLAN attributes per VLAN 167
Edit Member by Interface Specifies VLAN attributes per interface 167
153
156
Edit Member by Interface Range Specifies VLAN attributes per interface range 167
– 54 –
Page 55
Chapter 2
| Using the Web Interface
Navigating the Web Browser Interface
Table 4: Switch Main Menu (Continued)
Menu Description Page
Dynamic
Configure General Enables GVRP VLAN registration protocol globally 172
Configure Interface Configures GVRP status and timers per interface 172
Show Dynamic VLAN 172
Show VLAN Shows the VLANs this switch has joined through GVRP 172
Show VLAN Member Shows the interfaces assigned to a VLAN through GVRP 172
Tunnel IEEE 802.1Q (QinQ) Tunneling 175
Configure Global Sets tunnel mode for the switch 179
Configure Service Sets a CVLAN to SPVLAN mapping entry 180
Configure Interface Sets the tunnel mode for any participating interface 182
L2PT Layer 2 Protocol Tunneling 183
Configure Global Configures the destination MAC address for L2PT 185
Configure Interface Enables L2PT on selected interfaces 186
Protocol 187
Configure Protocol 188
Add Creates a protocol group, specifying supported protocols 188
Show Shows configured protocol groups 188
Configure Interface 189
Add Maps a protocol group to a VLAN 189
Show Shows the protocol groups mapped to each VLAN 189
IP Subnet 191
Add Maps IP subnet traffic to a VLAN 191
Show Shows IP subnet to VLAN mapping 191
MAC-Based 193
Add Maps traffic with specified source MAC address to a VLAN 193
Show Shows source MAC address to VLAN mapping 193
Translati on 195
Add Maps VLAN IDs between the customer and service provider 195
Show Displays the configuration settings for VLAN translation 195
MAC Address 199
Dynamic
Configure Aging Sets timeout for dynamically learned entries 201
Show Dynamic MAC Displays dynamic entries in the address table 199
– 55 –
Page 56
Chapter 2
| Using the Web Interface
Navigating the Web Browser Interface
Table 4: Switch Main Menu (Continued)
Menu Description Page
Clear Dynamic MAC Removes any learned entries from the forwarding database and clears
the transmit and receive counts for any static or system configured entries
Learning Status Enables MAC address learning on selected interfaces 202
Static 203
Add Configures static entries in the address table 203
Show Displays static entries in the address table 203
MAC Notification 205
Configure Global Issues a trap when a dynamic MAC address is added or removed 205
Configure Interface Enables MAC authentication traps on the current interface 205
Spanning Tree 207
Loopback Detection Configures Loopback Detection parameters 210
STA Spanning Tree Algorithm
Configure Global
Configure Configures global bridge settings for STP, RSTP and MSTP 211
Show Information Displays STA values used for the bridge 217
Configure Interface
Configure Configures interface settings for STA 218
200
Show Inform at on Displays interface settings for STA 222
MSTP Multiple Spanning Tree Algorithm 225
Configure Global 225
Add Configures initial VLAN and priority for an MST instance 225
Show Configures global settings for an MST instance 225
Modify Configures the priority or an MST instance 225
Add Member Adds VLAN members for an MST instance 225
Show Member Adds or deletes VLAN members for an MST instance 225
Show Information Displays MSTP values used for the bridge
Configure Interface 229
Configure Configures interface settings for an MST instance 229
Show Information Displays interface settings for an MST instance 229
Tra ffic
Rate Limit Sets the input and output rate limits for a port 233
Storm Control Sets the broadcast storm threshold for each interface 234
– 56 –
Page 57
Chapter 2
| Using the Web Interface
Navigating the Web Browser Interface
Table 4: Switch Main Menu (Continued)
Menu Description Page
Auto Traffic Control Sets thresholds for broadcast and multicast storms which can be used
to trigger configured rate limits or to shut down a port
Configure Global Sets the time to apply the control response after traffic has exceeded
the upper threshold, and the time to release the control response after traffic has fallen beneath the lower threshold
Configure Interface Sets the storm control mode (broadcast or multicast), the traffic
thresholds, the control response, to automatically release a response of rate limiting, or to send related SNMP trap messages
Priority
Default Priority Sets the default priority for each port or trunk 243
Queue Sets queue mode for the switch; sets the service weight for each queue
that will use a weighted or hybrid mode
Trust Mode Selects DSCP or CoS priority processing 250
DSCP to DSCP 251
Add Maps DSCP values in incoming packets to per-hop behavior and drop
precedence values for internal priority processing
Show Shows the DSCP to DSCP mapping list 251
CoS to DSCP 254
Configure Maps CoS/CFI values in incoming packets to per-hop behavior and drop
precedence values for priority processing
236
238
239
244
251
254
Show Shows the CoS to DSCP mapping list 254
DSCP to CoS 256
Add Maps internal per-hop behavior and drop precedence value pairs to CoS
values used in tagged egress packets on a Layer 2 interface
Show Shows the DSCP to CoS mapping list 256
IP Precedence to DSCP 258
Add Maps IP precedence values in incoming packets to per-hop behavior
and drop precedence values for priority processing
Show Shows the IP Precedence to DSCP mapping list 258
IP Port to DSCP 260
Add Sets TCP/UDP port priority, defining the socket number and associated
per-hop behavior and drop precedence
Show Shows the IP Port to DSCP mapping list 260
PHB to Queue 247
Configure Maps internal per-hop behavior values to hardware queues 247
Show Shows the PHB to Queue mapping list 247
DiffServ 263
Configure Class 264
256
258
260
Add Creates a class map for a type of traffic 264
– 57 –
Page 58
Chapter 2
| Using the Web Interface
Navigating the Web Browser Interface
Table 4: Switch Main Menu (Continued)
Menu Description Page
Show Shows configured class maps 264
Modify Modifies the name of a class map 264
Add Rule Configures the criteria used to classify ingress traffic 264
Show Rule Shows the traffic classification rules for a class map 264
Configure Policy 267
Add Creates a policy map to apply to multiple interfaces 267
Show Shows configured policy maps 267
Modify Modifies the name of a policy map 267
Add Rule Sets the boundary parameters used for monitoring inbound traffic, and
the action to take for conforming and non-conforming traffic
Show Rule Shows the rules used to enforce bandwidth policing for a policy map 267
Configure Interface Applies a policy map to an ingress port 277
VoIP Voice over IP 279
Configure Global Configures auto-detection of VoIP traffic, sets the Voice VLAN, and VLAN
aging time
Configure OUI 281
Add Maps the OUI in the source MAC address of ingress packets to the VoIP
device manufacturer
Show Shows the OUI telephony list 281
Configure Interface Configures VoIP traffic settings for ports, including the way in which a
port is added to the Voice VLAN, filtering of non-VoIP packets, the method of detecting VoIP traffic, and the priority assigned to the voice traffic
Security 285
AAA Authentication, Authorization and Accounting 286
System Authentication Configures authentication sequence – local, RADIUS, and TACACS 287
Server 288
Configure Server Configures RADIUS and TACACS server message exchange settings 288
267
280
281
282
Configure Group 288
Add Specifies a group of authentication servers and sets the priority
sequence
Show Shows the authentication server groups and priority sequence 288
Accounting Enables accounting of requested services for billing or security
purposes
Configure Global Specifies the interval at which the local accounting service updates
information to the accounting server
Configure Method 293
Add Configures accounting for various service types 293
Show Shows the accounting settings used for various service types 293
– 58 –
288
293
293
Page 59
Chapter 2
| Using the Web Interface
Navigating the Web Browser Interface
Table 4: Switch Main Menu (Continued)
Menu Description Page
Configure Service Sets the accounting method applied to specific interfaces for 802.1X,
CLI command privilege levels for the console port, and for Telnet
Show Information 293
Summary Shows the configured accounting methods, and the methods applied
to specific interfaces
Statistics Shows basic accounting information recorded for user sessions 293
Authorization Enables authorization of requested services 298
Configure Method 298
Add Configures authorization for various service types 298
Show Shows the authorization settings used for various service types 298
Configure Service Sets the authorization method applied used for the console port, and
for Telnet
Show Information Shows the configured authorization methods, and the methods applied
to specific interfaces
User Accounts 301
Add Configures user names, passwords, and access levels 301
Show Shows authorized users 301
Modify Modifies user attributes 301
Web Authentication Allows authentication and access to the network when 802.1X or
Network Access authentication are infeasible or impractical
293
293
298
298
303
Configure Global Configures general protocol settings 303
Configure Interface Enables Web Authentication for individual ports 304
Network Access MAC address-based network access authentication 306
Configure Global Enables aging for authenticated MAC addresses, and sets the time
period after which a connected MAC address must be reauthenticated
Configure Interface 309
General Enables MAC authentication on a port; sets the maximum number of
address that can be authenticated, the guest VLAN, dynamic VLAN and dynamic QoS
Link Detection Configures detection of changes in link status, and the response (i.e.,
send trap or shut down port)
Configure MAC Filter 312
Add Specifies MAC addresses exempt from authentication 312
Show Shows the list of exempt MAC addresses 312
Show Information Shows the authenticated MAC address list 314
HTTPS Secure HTTP 315
Configure Global Enables HTTPs, and specifies the UDP port to use 315
Copy Certificate Replaces the default secure-site certificate 317
308
309
311
– 59 –
Page 60
Chapter 2
| Using the Web Interface
Navigating the Web Browser Interface
Table 4: Switch Main Menu (Continued)
Menu Description Page
SSH Secure Shell 318
Configure Global Configures SSH server settings 321
Configure Host Key 322
Generate Generates the host key pair (public and private) 322
Show Displays RSA and DSA host keys; deletes host keys 322
Configure User Key 324
Copy Imports user public keys from TFTP server 324
Show Displays RSA and DSA user keys; deletes user keys 324
ACL Access Control Lists 326
Configure ACL
Show TCAM Shows utilization parameters for TCAM 327
Add Adds an ACL based on IP or MAC address filtering 329
Show Shows the name and type of configured ACLs 329
Add Rule Configures packet filtering based on IP or MAC addresses and other
packet attributes
Show Rule Shows the rules specified for an ACL
Configure Interface 342
Configure Binds a port to the specified ACL and time range 342
Show Hardware Counter Shows statistics for ACL hardware counters 343
IP Filter 344
Add Sets IP addresses of clients allowed management access via the web,
SNMP, and Telnet
Show Shows the addresses to be allowed management access 344
Port Security Configures per port security, including status, response for security
breach, and maximum allowed MAC addresses
Port Authentication IEEE 802.1X 349
Configure Global Enables authentication and EAPOL pass-through 350
Configure Interface Sets authentication parameters for individual ports 351
Show Statistics Displays protocol statistics for the selected port 355
DoS Protection Protects against Denial-of-Service attacks 357
331, 332, 335, 336, 338, 340
344
346
DHCP Snooping 358
Configure Global Enables DHCPv4 snooping globally, MAC-address verification,
information option; and sets the information policy
Configure VLAN Enables DHCPv4 snooping on a VLAN 363
Configure Interface Sets the trust mode for an interface 364
Show Information Displays the DHCPv4 Snooping binding information 366
361
– 60 –
Page 61
Chapter 2
| Using the Web Interface
Navigating the Web Browser Interface
Table 4: Switch Main Menu (Continued)
Menu Description Page
DHCP Snooping6 367
Configure Global Enables DHCPv6 snooping globally, information option; and sets the
information policy
Configure VLAN Enables DHCPv6 snooping on a VLAN 371
Configure Interface Sets the trust mode for an interface 372
Show Information
Binding Displays the DHCPv6 Snooping binding information 374
Statistics Displays information on client, server, and relay packets 375
IP Source Guard Filters IPv4 traffic based on static entries in the IP Source Guard table, or
dynamic entries in the DHCPv4 Snooping table
General Enables IP source guard, selects filter type per port, and sets maximum
binding entries
Static Binding 378
Configure ACL Table 378
Add Adds a static addresses to the source-guard binding table 378
Show Shows static addresses in the source-guard binding table 378
Configure MAC Table 378
Add Adds a static addresses to the source-guard binding table 378
Show Shows static addresses in the source-guard binding table 378
369
376
376
Dynamic Binding Displays the source-guard binding table for a selected interface 381
IPv6 Source Guard Filters IPv6 traffic based on static entries in the IP Source Guard table, or
dynamic entries in the DHCP Snooping table
Port Configuration Enables IPv6 source guard and selects filter type per port 382
Static Binding 384
Add Adds a static addresses to the source-guard binding table 384
Show Shows static addresses in the source-guard binding table 384
Dynamic Binding Displays the source-guard binding table for a selected interface 387
ARP Inspection 388
Configure General Enables inspection globally, configures validation of additional address
components, and sets the log rate for packet inspection
Configure VLAN Enables ARP inspection on specified VLANs 391
Configure Interface Sets the trust mode for ports, and sets the rate
limit for packet inspection
Show Information
Show Statistics Displays statistics on the inspection process 394
Show Log Shows the inspection log list 395
Application Filter Discards CDP or PVST packets 396
382
389
392
– 61 –
Page 62
Chapter 2
| Using the Web Interface
Navigating the Web Browser Interface
Table 4: Switch Main Menu (Continued)
Menu Description Page
Administration 397
Log 398
System 398
Configure Global Stores error messages in local memory 398
Show System Logs Shows logged error messages 398
Remote Configures the logging of messages to a remote logging process 400
SMTP Sends an SMTP client message to a participating server 401
LLDP 403
Configure Global Configures global LLDP timing parameters 403
Configure Interface
Configure General Sets the message transmission mode; enables SNMP notification; and
sets the LLDP attributes to advertise
Add CA-Type Specifies the physical location of the device attached to an interface 409
Modify CA-Type Modifies the physical location of the device attached to an interface 409
Show CA-Type Shows the physical location of the device attached to an interface 409
Show Local Device Information 411
General Displays general information about the local device 411
Port/Trunk Displays information about each interface 411
Port/Trunk Details Displays detailed information about a local device connected to this
switch
Show Remote Device Information 415
Port/Trunk Displays information about a remote device connected to a port on this
switch
Port/Trunk Details Displays detailed information about a remote device connected to this
switch
Show Device Statistics 423
General Displays statistics for all connected remote devices 423
Port/Trunk Displays statistics for remote devices on a selected port or trunk 423
SNMP Simple Network Management Protocol 424
405
411
415
415
Configure Global Enables SNMP agent status, and sets related trap functions 427
Configure Community 427
Add Community Configures community strings and access mode 427
Show Community Shows community strings and access mode 427
Configure Engine 429
Set Engine ID Sets the SNMP v3 engine ID on this switch 429
Add Remote Engine Sets the SNMP v3 engine ID for a remote device 430
– 62 –
Page 63
Chapter 2
| Using the Web Interface
Navigating the Web Browser Interface
Table 4: Switch Main Menu (Continued)
Menu Description Page
Show Remote Engine Shows configured engine ID for remote devices 430
Configure View 431
Add View Adds an SNMP v3 view of the OID MIB 431
Show View Shows configured SNMP v3 views 431
Add OID Subtree Specifies a part of the subtree for the selected view 431
Show OID Subtree Shows the subtrees assigned to each view 431
Configure Group 434
Add Adds a group with access policies for assigned users 434
Show Shows configured groups and access policies 434
Configure User
Add SNMPv3 Local User Configures SNMPv3 users on this switch 440
Show SNMPv3 Local User Shows SNMPv3 users configured on this switch 440
Change SNMPv3 Local User Group Assign a local user to a new group 440
Add SNMPv3 Remote User Configures SNMPv3 users from a remote device 442
Show SNMPv3 Remote User Shows SNMPv3 users set from a remote device 440
Configure Trap 445
Add Configures trap managers to receive messages on key events that occur
this switch
Show Shows configured trap managers 445
Configure Notify Filter 449
Add Creates an SNMP notification log 449
Show Shows the configured notification logs 449
Show Statistics Shows the status of SNMP communications 451
RMON Remote Monitoring 453
Configure Global
Add
Alarm Sets threshold bounds for a monitored variable 453
Event Creates a response event for an alarm 456
Show
445
Alarm Shows all configured alarms 453
Event Shows all configured events 456
Configure Interface
Add
History Periodically samples statistics on a physical interface 458
Statistics Enables collection of statistics on a physical interface 461
– 63 –
Page 64
Chapter 2
| Using the Web Interface
Navigating the Web Browser Interface
Table 4: Switch Main Menu (Continued)
Menu Description Page
Show
History Shows sampling parameters for each entry in the history group 458
Statistics Shows sampling parameters for each entry in the statistics group 461
Show Details
History Shows sampled data for each entry in the history group 458
Statistics Shows sampled data for each entry in the history group 461
Cluster 463
Configure Global Globally enables clustering for the switch; sets Commander status 464
Configure Member Adds switch members to the cluster 465
Add Adds candidate members to the cluster 465
Show Shows the cluster members 465
Show Candidate Shows candidate members 465
Show Member Shows cluster switch member; managed switch members 467
Time Range Configures the time to apply an ACL or PoE port 468
Add Specifies the name of a time range 468
Show Shows the name of configured time ranges 468
Add Rule 468
Absolute Sets exact time or time range 468
Periodic Sets a recurrent time 468
ERPS Ethernet Ring Protection Switching 470
Configure Global Activates ERPS globally 475
Configure Domain 475
Add Creates an ERPS ring 475
Show Shows list of configured ERPS rings, status, and settings 475
Configure Details Configures ring parameters 475
Configure Operation Blocks a ring port using Forced Switch or Manual Switch
commands
CFM Connectivity Fault Management 503
Configure Global Configures global settings, including administrative status, cross-check
start delay, link trace, and SNMP traps
491
507
Configure Interface Configures administrative status on an interface 510
Configure MD Configure Maintenance Domains 511
Add Defines a portion of the network for which connectivity faults can
be managed, identified by an MD index, maintenance level, and the MIP creation method
Configure Details Configures the archive hold time and fault notification settings 511
511
– 64 –
Page 65
Chapter 2
| Using the Web Interface
Navigating the Web Browser Interface
Table 4: Switch Main Menu (Continued)
Menu Description Page
Show Shows list of configured maintenance domains 511
Configure MA Configure Maintenance Associations 515
Add Defines a unique CFM service instance, identified by its parent MD, the
MA index, the VLAN assigned to the MA, and the MIP creation method
Configure Details Configures detailed settings, including continuity check status and
interval level, cross-check status, and alarm indication signal parameters
Show Shows list of configured maintenance associations 515
Configure MEP Configures Maintenance End Points 520
Add Configures MEPs at the domain boundary to provide management
access for each maintenance association
Show Shows list of configured maintenance end points 520
Configure Remote MEP Configures Remote Maintenance End Points 521
Add Configures a static list of remote MEPs for comparison against
the MEPs learned through continuity check messages
Show Shows list of configured remote maintenance end points 521
Transmit Link Trace Sends link trace messages to isolate connectivity faults by
tracing the path through a network to the designated target node
Transmit Loopback Sends loopback messages to isolate connectivity faults by requesting a
target node to echo the message back to the source
Transmit Delay Measure Sends periodic delay-measure requests to a specified MEP within a
maintenance association
515
515
520
521
523
525
527
Show Information
Show Local MEP Shows the MEPs configured on this device 529
Show Local MEP Details Displays detailed CFM information about a specified local MEP in the
continuity check database
Show Local MIP Shows the MIPs on this device discovered by the CFM protocol 532
Show Remote MEP Shows MEPs located on other devices which have been discovered
through continuity check messages, or statically configured in the MEP database
Show Remote MEP Details Displays detailed CFM information about a specified remote MEP in the
continuity check database
Show Link Trace Cache Shows information about link trace operations launched from this
device
Show Fault Notification Generator Displays configuration settings for the fault notification generator 537
Show Continuity Check Error Displays CFM continuity check errors logged on this device 538
OAM
Interface Enables OAM on specified port, sets the mode to active or passive, and
enables the reporting of critical events or errored frame events
Counters Displays statistics on OAM PDUs 498
Event Log Displays the log for recorded link events 498
530
533
534
536
495
– 65 –
Page 66
Chapter 2
| Using the Web Interface
Navigating the Web Browser Interface
Table 4: Switch Main Menu (Continued)
Menu Description Page
Remote Interface Displays information about attached OAM-enabled devices 499
Remote Loopback Performs a loopback test on the specified port 500
UDLD UniDirectional Link Detection 548
Configure Global Configures the message probe interval, detection interval, and recovery
interval
Configure Interface Enables UDLD and aggressive mode which reduces the shut-down
delay after loss of bidirectional connectivity is detected
Show Information Displays UDLD neighbor information, including neighbor state,
expiration time, and protocol intervals
LDB Loopback Detection 553
Configure Global Enables loopback detection globally, specifies the interval at which to
transmit control frames, specifies the interval to wait before releasing an interface from shutdown state, specifies response to detect loopback, and traps to send
Configure Interface Enables loopback detection per interface 556
Tools 635
Ping Sends ICMP echo request packets to another node on the network 635
Trace Route Shows the route packets take to the specified
destination
ARP Address Resolution Protocol 638
Configure General Sets the protocol timeout, and enables or disables
proxy ARP for the specified VLAN
Configure Static Address 640
549
550
552
554
637
639
Add Statically maps a physical address to an IP address 640
Show Shows the MAC to IP address static table 640
Show Information
ARP Address Shows dynamically learned entries in the IP routing table, or internal
addresses used by the switch
Statistics Shows statistics for ARP messages crossing all interfaces on this router 642
IP 645
General
Routing Interface
Add Address Configures an IP interface for a VLAN 645
Show Address Shows the IP interfaces assigned to a VLAN 645
Routing
Static Routes 671
Add Configures static routing entries 671
Show Shows static routing entries 671
642
– 66 –
Page 67
Chapter 2
| Using the Web Interface
Navigating the Web Browser Interface
Table 4: Switch Main Menu (Continued)
Menu Description Page
Routing Table 672
Show Information Shows all routing entries, including local, static and dynamic routes 672
IPv6 Configuration 649
Configure Global Sets an IPv6 default gateway for traffic with no known next hop 649
Configure Interface Configures IPv6 interface address using auto-configuration or link-local
address, and sets related protocol settings
Add IPv6 Address Adds an global unicast, EUI-64, or link-local IPv6 address to an interface 655
Show IPv6 Address Show the IPv6 addresses assigned to an interface 658
Show IPv6 Neighbor Cache Displays information in the IPv6 neighbor discovery cache 659
Show Statistics 660
IPv6 Shows statistics about IPv6 traffic 660
ICMPv6 Shows statistics about ICMPv6 messages 660
UDP Shows statistics about UDP messages 660
Show MTU Shows the maximum transmission unit (MTU) cache for destinations
that have returned an ICMP packet-too-big message along with an acceptable MTU to this switch
IP Service 675
DNS Domain Name Service 675
General 675
Configure Global Enables DNS lookup; defines the default domain name appended to
incomplete host names
Add Domain Name Defines a list of domain names that can
be appended to incomplete host names
650
666
675
676
Show Domain Names Shows the configured domain name list 676
Add Name Server Specifies IP address of name servers for dynamic lookup 678
Show Name Servers Shows the name server address list 678
Static Host Table 679
Add Configures static entries for domain name to address mapping 679
Show Shows the list of static mapping entries 679
Modify Modifies the static address mapped to the selected host name 679
Cache Displays cache entries discovered by designated
name servers
DHCP Dynamic Host Configuration Protocol 681
Client Specifies the DHCP client identifier for an interface 681
Relay Specifies DHCP Layer 2 or Layer 3 relay service
L3 Relay Specifies DHCP relay servers 683
680
– 67 –
Page 68
Chapter 2
| Using the Web Interface
Navigating the Web Browser Interface
Table 4: Switch Main Menu (Continued)
Menu Description Page
L2 Relay Configures DHCP relay service for attached host devices, including
DHCP option 82 information
Dynamic Provision Enables dynamic provisioning via DHCP 688
PPPoE Intermediate Agent 689
Configure Global Enables PPPoE IA on the switch, sets access node identifier, sets generic
error message
Configure Interface Enables PPPoE IA on an interface, sets trust status, enables vendor tag
stripping, sets circuit ID and remote ID
Show Statistics Shows statistics on PPPoE IA protocol messages 692
Multicast 557
IGMP Snooping 558
General Enables multicast filtering; configures parameters for IPv4 multicast
snooping
Multicast Router 564
Add Static Multicast Router Assigns ports that are attached to a neighboring multicast router 564
Show Static Multicast Router Displays ports statically configured as attached to a neighboring
multicast router
Show Current Multicast Router Displays ports attached to a neighboring multicast router, either
through static or dynamic configuration
IGMP Member 566
683
689
690
560
564
564
Add Static Member Statically assigns multicast addresses to the selected VLAN 566
Show Static Member Shows multicast addresses statically configured on the selected VLAN 566
Interface 568
Configure VLAN Configures IGMP snooping per VLAN interface 568
Show VLAN Information Shows IGMP snooping settings per VLAN interface 568
Configure Interface Configures the interface to drop IGMP query packets or all multicast
data packets
Forwarding Entry Displays the current multicast groups learned through IGMP Snooping 575
Filter 580
Configure General Enables IGMP filtering for the switch 581
Configure Profile 581
Add Adds IGMP filter profile; and sets access mode 581
Show Shows configured IGMP filter profiles 581
Add Multicast Group Range Assigns multicast groups to selected profile 581
Show Multicast Group Range Shows multicast groups assigned to a profile 581
Configure Interface Assigns IGMP filter profiles to port interfaces and sets throttling action 584
574
– 68 –
Page 69
Chapter 2
| Using the Web Interface
Navigating the Web Browser Interface
Table 4: Switch Main Menu (Continued)
Menu Description Page
Statistics 576
Show Query Statistics Shows statistics for query-related messages 576
Show VLAN Statistics Shows statistics for protocol messages and number of active groups 576
Show Port Statistics Shows statistics for protocol messages and number of active groups 576
Show Trunk Statistics Shows statistics for protocol messages and number of active groups 576
MLD Snooping 585
General Enables multicast filtering; configures parameters for IPv6 multicast
snooping
Interface Configures Immediate Leave status for a VLAN 587
Multicast Router 588
Add Static Multicast Router Assigns ports that are attached to a neighboring multicast router 588
Show Static Multicast Router Displays ports statically configured as attached to a neighboring
multicast router
Show Current Multicast Router Displays ports attached to a neighboring multicast router, either
through static or dynamic configuration
MLD Member 590
Add Static Member Statically assigns multicast addresses to the selected VLAN 590
Show Static Member Shows multicast addresses statically configured on the selected VLAN 590
Show Current Member Shows multicast addresses associated with the selected VLAN, either
through static or dynamic configuration
Group Information Displays known multicast groups, member ports, the means by which
each group was learned, and the corresponding source list
Statistics 593
Input Shows statistics for MLD ingress traffic 593
Output Shows statistics for MLD egress traffic 593
586
588
588
590
592
Query Shows statistics for query-related messages 593
Summary Shows summary statistics for querier and report/leave messages 593
Clear Clears all MLD statics or statistics for specified VLAN/port 593
MVR Multicast VLAN Registration 601
Configure Global Configures proxy switching and robustness value 603
Configure Domain Enables MVR for a domain, sets the MVR VLAN, forwarding priority, and
upstream source IP
Configure Profile 606
Add Configures multicast stream addresses 606
Show Shows multicast stream addresses 606
Associate Profile 606
Add Maps an address profile to a domain 606
605
– 69 –
Page 70
Chapter 2
| Using the Web Interface
Navigating the Web Browser Interface
Table 4: Switch Main Menu (Continued)
Menu Description Page
Show Shows addresses profile to domain mapping 606
Configure Inter face Configures MVR interface type and immediate leave mode; also displays
MVR operational and active status
Configure Static Group Member 611
Add Statically assigns MVR multicast streams to an interface 611
Show Shows MVR multicast streams assigned to an interface 611
Show Member Shows the multicast groups assigned to an MVR VLAN, the source
address of the multicast services, and the interfaces with active subscribers
Show Statistics 614
Show Query Statistics Shows statistics for query-related messages 614
Show VLAN Statistics Shows statistics for protocol messages and number of active groups 614
Show Port Statistics Shows statistics for protocol messages and number of active groups 614
Show Trunk Statistics Shows statistics for protocol messages and number of active groups 614
MVR6 Multicast VLAN Registration for IPv6 618
Configure Global Configures proxy switching and robustness value 619
Configure Domain Enables MVR for a domain, sets the MVR VLAN, forwarding priority, and
upstream source IP
Configure Profile 622
Add Configures multicast stream addresses 622
609
613
621
Show Shows multicast stream addresses 622
Associate Profile 622
Add Maps an address profile to a domain 622
Show Shows addresses profile to domain mapping 622
Configure Inter face Configures MVR interface type and immediate leave mode; also displays
MVR operational and active status
Configure Port Configures MVR attributes for a port 625
Configure Trunk Configures MVR attributes for a trunk 625
Configure Static Group Member 627
Add Statically assigns MVR multicast streams to an interface 627
Show Shows MVR multicast streams assigned to an interface 627
Show Member Shows the multicast groups assigned to an MVR VLAN, the source
address of the multicast services, and the interfaces with active subscribers
Show Statistics 630
Show Query Statistics Shows statistics for query-related messages 630
Show VLAN Statistics Shows statistics for protocol messages and number of active groups 630
625
629
– 70 –
Page 71
Chapter 2
| Using the Web Interface
Navigating the Web Browser Interface
Table 4: Switch Main Menu (Continued)
Menu Description Page
Show Port Statistics Shows statistics for protocol messages and number of active groups 630
Show Trunk Statistics Shows statistics for protocol messages and number of active groups 630
– 71 –
Page 72
Chapter 2
Navigating the Web Browser Interface
| Using the Web Interface
– 72 –
Page 73

3 Basic Management Tasks

This chapter describes the following topics:
Displaying System Information – Provides basic system description, including
?
contact information.
Displaying Hardware/Software Versions – Shows the hardware version, power
?
status, and firmware versions
Configuring Support for Jumbo Frames – Enables support for jumbo frames.
?
Displaying Bridge Extension Capabilities – Shows the bridge extension
?
parameters.
Managing System Files – Describes how to upgrade operating software or
?
configuration files, and set the system start-up files.
Setting the System Clock – Sets the current time manually or through specified
?
NTP or SNTP servers.
Configuring the Console Port – Sets console port connection parameters.
?
Configuring Telnet Settings – Sets Telnet connection parameters.
?
Displaying CPU Utilization – Displays information on CPU utilization.
?
Configuring CPU Guard – Sets thresholds in terms of CPU usage time and
?
number of packets processed per second.
Displaying Memory Utilization – Shows memory utilization parameters.
?
Resetting the System – Restarts the switch immediately, at a specified time,
?
after a specified delay, or at a periodic interval.
– 73 –
Page 74
Chapter 3

Displaying System Information

| Basic Management Tasks
Displaying System Information
Use the System > General page to identify the system by displaying information such as the device name, location and contact information.
Parameters
These parameters are displayed:
System Description – Brief description of device type.
?
System Object ID – MIB II object ID for switch’s network management
?
subsystem.
System Up Time – Length of time the management agent has been up.
?
System Name – Name assigned to the switch system.
?
System Location – Specifies the system location.
?
System Contact – Administrator responsible for the system.
?
Web Interface
To configure general system information:
1. Click System, General.
2. Specify the system name, location, and contact information for the system
administrator.
3. Click Apply.
Figure 4: System Information
– 74 –
Page 75

Displaying Hardware/Software Versions

Use the System > Switch page to display hardware/firmware version numbers for the main board and management software, as well as the power status of the system.
Parameters
The following parameters are displayed:
Main Board Information
Serial Number – The serial number of the switch.
?
Number of Ports – Number of built-in ports.
?
Hardware Version – Hardware version of the main board.
?
Main Power Status – Displays the status of the internal power supply.
?
Chapter 3
Displaying Hardware/Software Versions
| Basic Management Tasks
Redundant Power Status – Displays the status of the redundant power supply.
?
Management Software Information
Role – Shows that this switch is operating as Master or Slave.
?
EPLD Version – Version number of EEPROM Programmable Logic Device.
?
Loader Version – Version number of loader code.
?
Operation Code Version – Version number of runtime code.
?
Thermal Sensors
Thermal Detector – The first detector is near the air flow intake vents. The
?
second detector is near the switch ASIC and CPU.
Te mp e ra t u re – Temperature at specified thermal detection point.
?
– 75 –
Page 76
Chapter 3

Configuring Support for Jumbo Frames

| Basic Management Tasks
Web Interface
To view hardware and software version information.
1. Click System, then Switch.
Figure 5: General Switch Information
Configuring Support for Jumbo Frames
Use the System > Capability page to configure support for layer 2 jumbo frames. The switch provides more efficient throughput for large sequential data transfers by supporting jumbo frames up to 10240 bytes for Gigabit Ethernet and 10 Gigabit Ethernet ports or trunks. Compared to standard Ethernet frames that run only up to
1.5 KB, using jumbo frames significantly reduces the per-packet overhead required to process protocol encapsulation fields.
Usage Guidelines
To use jumbo frames, both the source and destination end nodes (such as a computer or server) must support this feature. Also, when the connection is operating at full duplex, all switches in the network between the two end nodes must be able to accept the extended frame size. And for half-duplex connections, all devices in the collision domain would need to support jumbo frames.
Parameters
The following parameters are displayed:
Jumbo Frame – Configures support for jumbo frames. (Default: Disabled)
?
– 76 –
Page 77
Chapter 3

Displaying Bridge Extension Capabilities

Web Interface
To configure support for jumbo frames:
1. Click System, then Capability.
2. Enable or disable support for jumbo frames.
3. Click Apply.
Figure 6: Configuring Support for Jumbo Frames
| Basic Management Tasks
Displaying Bridge Extension Capabilities
Use the System > Capability page to display settings based on the Bridge MIB. The Bridge MIB includes extensions for managed devices that support Multicast Filtering, Traffic Classes, and Virtual LANs. You can access these extensions to display default settings for the key variables.
Parameters
The following parameters are displayed:
Extended Multicast Filtering Services – This switch does not support the
?
filtering of individual multicast addresses based on GMRP (GARP Multicast Registration Protocol).
Traffic Classes – This switch provides mapping of user priorities to multiple
?
traffic classes. (Refer to “Class of Service” on page 243.)
Static Entry Individual Port – This switch allows static filtering for unicast and
?
multicast addresses. (Refer to “Setting Static Addresses” on page 203.)
VLAN Version Number – Based on IEEE 802.1Q, “1” indicates Bridges that
?
support only single spanning tree (SST) operation, and “2” indicates Bridges that support multiple spanning tree (MST) operation.
VLAN Learning – This switch uses Independent VLAN Learning (IVL), where
?
each port maintains its own filtering database.
Local VLAN Capable – This switch does not support multiple local bridges
?
outside of the scope of 802.1Q defined VLANs.
– 77 –
Page 78
Chapter 3
Displaying Bridge Extension Capabilities
| Basic Management Tasks
Configurable PVID Tagging – This switch allows you to override the default
?
Port VLAN ID (PVID used in frame tags) and egress status (VLAN-Tagged or Untagged) on each port. (Refer to “VLAN Configuration” on page 161.)
Max Supported VLAN Numbers – The maximum number of VLANs supported
?
on this switch.
Max Supported VLAN ID – The maximum configurable VLAN identifier
?
supported on this switch.
Web Interface
To view Bridge Extension information:
1. Click System, then Capability.
Figure 7: Displaying Bridge Extension Configuration
– 78 –
Page 79

Managing System Files

This section describes how to upgrade the switch operating software or configuration files, and set the system start-up files.
Chapter 3
| Basic Management Tasks
Managing System Files
Copying Files via FTP/
TFTP or HTTP
Use the System > File (Copy) page to upload/download firmware or configuration settings using FTP, TFTP or HTTP. By backing up a file to an FTP/TFTP server or management station, that file can later be downloaded to the switch to restore operation. Specify the method of file transfer, along with the file type and file names as required.
You can also set the switch to use new firmware or configuration settings without overwriting the current version. Just download the file using a different name from the current version, and then set the new file as the startup file.
Command Usage
When logging into an FTP server, the interface prompts for a user name and
?
password configured on the remote server. Note that “Anonymous” is set as the default user name.
The reset command will not be accepted during copy operations to flash
?
memory.
Parameters
The following parameters are displayed:
Copy Type – The firmware copy operation includes these options:
?
?
HTTP Upload – Copies a file from a management station to the switch.
?
HTTP Download – Copies a file from the switch to a management station
?
TFTP Upload – Copies a file from a TFTP server to the switch.
?
TFTP Download – Copies a file from the switch to a TFTP server.
?
FTP Upload – Copies a file from an FTP server to the switch.
?
FTP Download – Copies a file from the switch to an FTP server.
FTP/TFTP Server IP Address – The IP address of an FTP/TFTP server.
?
User Name – The user name for FTP server access.
?
Password – The password for FTP server access.
?
File Type – Specify Operation Code to copy firmware or Config File to copy
?
configuration settings.
File Name
?
of the file name should not be a period (.),
The file name should not contain slashes (\ or /), the leading letter
and the maximum length for file
– 79 –
Page 80
Chapter 3
Managing System Files
| Basic Management Tasks
names is 32 characters for files on the switch or 127 characters for files on the server. (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”)
Note:
Up to two copies of the system software (i.e., the runtime firmware) can be stored in the file directory on the switch.
Note:
The maximum number of user-defined configuration files is limited only by available flash memory space.
Note:
The file “Factory_Default_Config.cfg” can be copied to a file server or management station, but cannot be used as the destination file name on the switch.
Web Interface
To copy firmware files:
1. Click System, then File.
2. Select Copy from the Action list.
3. Select FTP Upload, HTTP Upload or TFTP Upload as the file transfer method.
4. If FTP or TFTP Upload is used, enter the IP address of the file server.
5. If FTP Upload is used, enter the user name and password for your account on
the FTP server.
6. Set the file type to Operation Code.
7. Enter the name of the file to download.
8. Select a file on the switch to overwrite or specify a new file name.
9. Click Apply.
Figure 8: Copy Firmware
– 80 –
Page 81
Chapter 3
| Basic Management Tasks
Managing System Files
If you replaced a file currently used for startup and want to start using the new file, reboot the system via the System > Reset menu.
Saving the Running
Configuration to a
Local File
Use the System > File (Copy) page to save the current configuration settings to a local file on the switch. The configuration settings are not automatically saved by the system for subsequent use when the switch is rebooted. You must save these settings to the current startup file, or to another file which can be subsequently set as the startup file.
Parameters
The following parameters are displayed:
Copy Type – The copy operation includes this option:
?
?
Running-Config – Copies the current configuration settings to a local file on the switch.
Destination File Name – Copy to the currently designated startup file, or to a
?
new file.
The file name should not contain slashes (\ or /),
the leading letter of the file name should not be a period (.), and the maximum length for file names is 32 characters. (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”)
Note:
The maximum number of user-defined configuration files is limited only by
available flash memory space.
Web Interface
To save the running configuration file:
1. Click System, then File.
2. Select Copy from the Action list.
3. Select Running-Config from the Copy Type list.
4. Select the current startup file on the switch to overwrite or specify a new file
name.
5. Then click Apply.
– 81 –
Page 82
Chapter 3
Managing System Files
| Basic Management Tasks
Figure 9: Saving the Running Configuration
If you replaced a file currently used for startup and want to start using the new file, reboot the system via the System > Reset menu.
Setting the
Start-up File
Use the System > File (Set Start-Up) page to specify the firmware or configuration file to use for system initialization.
Web Interface
To set a file to use for system initialization:
1. Click System, then File.
2. Select Set Start-Up from the Action list.
3. Mark the operation code or configuration file to be used at startup
4. Then click Apply.
Figure 10: Setting Start-Up Files
To start using the new firmware or configuration settings, reboot the system via the System > Reset menu.
– 82 –
Page 83
Chapter 3
| Basic Management Tasks
Managing System Files
Showing System Files Use the System > File (Show) page to show the files in the system directory, or to
delete a file.
Note:
Files designated for start-up, and the Factory_Default_Config.cfg file, cannot
be deleted.
Web Interface
To show the system files:
1. Click System, then File.
2. Select Show from the Action list.
3. To delete a file, mark it in the File List and click Delete.
Figure 11: Displaying System Files
Automatic Operation
Code Upgrade
Use the System > File (Automatic Operation Code Upgrade) page to automatically download an operation code file when a file newer than the currently installed one is discovered on the file server. After the file is transferred from the server and successfully written to the file system, it is automatically set as the startup file, and the switch is rebooted.
Usage Guidelines
If this feature is enabled, the switch searches the defined URL once during the
?
bootup sequence.
FTP (port 21) and TFTP (port 69) are both supported. Note that the TCP/UDP
?
port bindings cannot be modified to support servers listening on non-standard ports.
The host portion of the upgrade file location URL must be a valid IPv4 IP
?
address. DNS host names are not recognized. Valid IP addresses consist of four numbers, 0 to 255, separated by periods.
The path to the directory must also be defined. If the file is stored in the root
?
directory for the FTP/TFTP service, then use the “/” to indicate this (e.g., ftp://
192.168.0.1/).
– 83 –
Page 84
Chapter 3
Managing System Files
| Basic Management Tasks
The file name must not be included in the upgrade file location URL. The file
?
name of the code stored on the remote server must be level1-gtl2872.bix (using upper case and lower case letters exactly as indicated here). Enter the file name for other switches described in this manual exactly as shown on the web interface.
The FTP connection is made with PASV mode enabled. PASV mode is needed to
?
traverse some fire walls, even if FTP traffic is not blocked. PASV mode cannot be disabled.
The switch-based search function is case-insensitive in that it will accept a file
?
name in upper or lower case (i.e., the switch will accept level1-gtl2872.BIX from the server even though level1-gtl2872.bix was requested). However, keep in mind that the file systems of many operating systems such as Unix and most Unix-like systems (FreeBSD, NetBSD, OpenBSD, and most Linux distributions, etc.) are case-sensitive, meaning that two files in the same directory, level1- gtl2872.bix and level1-gtl2872.bix are considered to be unique files. Thus, if the upgrade file is stored as level1-gtl2872.bix on a case-sensitive server, then the switch (requesting level1-gtl2872.bix) will not be upgraded because the server does not recognize the requested file name and the stored file name as being equal. A notable exception in the list of case-sensitive Unix-like operating systems is Mac OS X, which by default is case-insensitive. Please check the documentation for your server’s operating system if you are unsure of its file system’s behavior.
Note that the switch itself does not distinguish between upper and lower-case
?
file names, and only checks to see if the file stored on the server is more recent than the current runtime image.
If two operation code image files are already stored on the switch’s file system,
?
then the non-startup image is deleted before the upgrade image is transferred.
The automatic upgrade process will take place in the background without
?
impeding normal operations (data switching, etc.) of the switch.
During the automatic search and transfer process, the administrator cannot
?
transfer or update another operation code image, configuration file, public key, or HTTPS certificate (i.e., no other concurrent file management operations are possible).
The upgrade operation code image is set as the startup image after it has been
?
successfully written to the file system.
The switch will send an SNMP trap and make a log entry upon all upgrade
?
successes and failures.
The switch will immediately restart after the upgrade file is successfully written
?
to the file system and set as the startup image.
– 84 –
Page 85
Chapter 3
| Basic Management Tasks
Managing System Files
Parameters
The following parameters are displayed:
Automatic Opcode Upgrade – Enables the switch to search for an upgraded
?
operation code file during the switch bootup process. (Default: Disabled)
Automatic Upgrade Location URL – Defines where the switch should search
?
for the operation code upgrade file. The last character of this URL must be a forward slash (“/”). The level1-gtl2872.bix filename must not be included since it is automatically appended by the switch. (Options: ftp, tftp)
The following syntax must be observed:
tftp://host[/filedir]/
?
tftp:// – Defines TFTP protocol for the server connection.
?
host – Defines the IP address of the TFTP server. Valid IP addresses consist of four numbers, 0 to 255, separated by periods. DNS host names are not recognized.
?
filedir – Defines the directory, relative to the TFTP server root, where the upgrade file can be found. Nested directory structures are accepted. The directory name must be separated from the host, and in nested directory structures, from the parent directory, with a prepended forward slash “/”.
?
/ – The forward slash must be the last character of the URL.
ftp://[username[:password@]]host[/filedir]/
?
ftp:// – Defines FTP protocol for the server connection.
?
username – Defines the user name for the FTP connection. If the user name is omitted, then “anonymous” is the assumed user name for the connection.
If no user name nor password is required for the connection, then the “@” character cannot be used in the path name.
?
password – Defines the password for the FTP connection. To differentiate the password from the user name and host portions of the URL, a colon (:) must precede the password, and an “at” symbol (@), must follow the password. If the password is omitted, then “” (an empty string) is the assumed password for the connection.
?
host – Defines the IP address of the FTP server. Valid IP addresses consist of four numbers, 0 to 255, separated by periods. DNS host names are not recognized.
?
filedir – Defines the directory, relative to the FTP server root, where the upgrade file can be found. Nested directory structures are accepted. The directory name must be separated from the host, and in nested directory structures, from the parent directory, with a prepended forward slash “/”.
?
/ – The forward slash must be the last character of the URL.
– 85 –
Page 86
Chapter 3
Managing System Files
| Basic Management Tasks
Examples
The following examples demonstrate the URL syntax for a TFTP server at IP address 192.168.0.1 with the operation code image stored in various locations:
?
tftp://192.168.0.1/
The image file is in the TFTP root directory.
?
tftp://192.168.0.1/switch-opcode/
The image file is in the “switch-opcode” directory, relative to the TFTP root.
?
tftp://192.168.0.1/switches/opcode/
The image file is in the “opcode” directory, which is within the “switches” parent directory, relative to the TFTP root.
The following examples demonstrate the URL syntax for an FTP server at IP address 192.168.0.1 with various user name, password and file location options presented:
?
ftp://192.168.0.1/
The user name and password are empty, so “anonymous” will be the user name and the password will be blank. The image file is in the FTP root directory.
?
ftp://switches:upgrade@192.168.0.1/
The user name is “switches” and the password is “upgrade”. The image file is in the FTP root.
?
ftp://switches:upgrade@192.168.0.1/switches/opcode/
The user name is “switches” and the password is “upgrade”. The image file is in the “opcode” directory, which is within the “switches” parent directory, relative to the FTP root.
Web Interface
To configure automatic code upgrade:
1. Click System, then File.
2. Select Automatic Operation Code Upgrade from the Action list.
3. Mark the check box to enable Automatic Opcode Upgrade.
4. Enter the URL of the FTP or TFTP server, and the path and directory containing
the operation code.
5. Click Apply.
– 86 –
Page 87
Chapter 3
| Basic Management Tasks

Setting the System Clock

Figure 12: Configuring Automatic Code Upgrade
If a new image is found at the specified location, the following type of messages will be displayed during bootup.
. . .
Automatic Upgrade is looking for a new image New image detected: current version 1.2.1.3; new version 1.2.1.6 Image upgrade in progress The switch will restart after upgrade succeeds Downloading new image
Flash programming started Flash programming completed The switch will now restart .
. .
Setting the System Clock
Simple Network Time Protocol (SNTP) allows the switch to set its internal clock based on periodic updates from a time server (SNTP or NTP). Maintaining an accurate time on the switch enables the system log to record meaningful dates and times for event entries. You can also manually set the clock. If the clock is not set manually or via SNTP, the switch will only record the time from the factory default set at the last bootup.
When the SNTP client is enabled, the switch periodically sends a request for a time update to a configured time server. You can configure up to three time server IP addresses. The switch will attempt to poll each server in the configured sequence.
– 87 –
Page 88
Chapter 3
Setting the System Clock
| Basic Management Tasks
Setting the Time
Manually
Use the System > Time (Configure General - Manual) page to set the system time on the switch manually without using SNTP.
Parameters
The following parameters are displayed:
Current Time – Shows the current time set on the switch.
?
Hours – Sets the hour. (Range: 0-23)
?
Minutes – Sets the minute value. (Range: 0-59)
?
Seconds – Sets the second value. (Range: 0-59)
?
Month – Sets the month. (Range: 1-12)
?
Day – Sets the day of the month. (Range: 1-31)
?
Year – Sets the year. (Range: 1970-2037)
?
Web Interface
To manually set the system clock:
1. Click System, then Time.
2. Select Configure General from the Step list.
3. Select Manual from the Maintain Type list.
4. Enter the time and date in the appropriate fields.
5. Click Apply
Figure 13: Manually Setting the System Clock
– 88 –
Page 89
Chapter 3
| Basic Management Tasks
Setting the System Clock
Setting the SNTP
Polling Interval
Use the System > Time (Configure General - SNTP) page to set the polling interval at which the switch will query the specified time servers.
Parameters
The following parameters are displayed:
Current Time – Shows the current time set on the switch.
?
SNTP Polling Interval – Sets the interval between sending requests for a time
?
update from a time server. (Range: 16-16384 seconds; Default: 16 seconds)
Web Interface
To set the polling interval for SNTP:
1. Click System, then Time.
2. Select Configure General from the Step list.
3. Select SNTP from the Maintain Type list.
4. Modify the polling interval if required.
5. Click Apply
Figure 14: Setting the Polling Interval for SNTP
Configuring NTP Use the System > Time (Configure General - NTP) page to configure NTP
authentication and show the polling interval at which the switch will query the specified time servers.
Parameters
The following parameters are displayed:
Current Time – Shows the current time set on the switch.
?
Authentication Status – Enables authentication for time requests and updates
?
between the switch and NTP servers. (Default: Disabled)
– 89 –
Page 90
Chapter 3
Setting the System Clock
| Basic Management Tasks
You can enable NTP authentication to ensure that reliable updates are received from only authorized NTP servers. The authentication keys and their associated key number must be centrally managed and manually distributed to NTP servers and clients. The key numbers and key values must match on both the server and client.
Polling Interval – Shows the interval between sending requests for a time
?
update from NTP servers. (Fixed: 1024 seconds)
Web Interface
To set the clock maintenance type to NTP:
1. Click System, then Time.
2. Select Configure General from the Step list.
3. Select NTP from the Maintain Type list.
4. Enable authentication if required.
Configuring
Time Servers
5. Click Apply
Figure 15: Configuring NTP
Use the System > Time (Configure Time Server) pages to specify the IP address for NTP/SNTP time servers, or to set the authentication key for NTP time servers.
Specifying SNTP Time Servers
Use the System > Time (Configure Time Server – Configure SNTP Server) page to specify the IP address for up to three SNTP time servers.
– 90 –
Page 91
Chapter 3
| Basic Management Tasks
Setting the System Clock
Parameters
The following parameters are displayed:
SNTP Server IP AddressSets the IPv4 or IPv6 address for up to three time
?
servers. The switch attempts to update the time from the first server, if this fails it attempts an update from the next server in the sequence.
Web Interface
To set the SNTP time servers:
1. Click System, then Time.
2. Select Configure Time Server from the Step list.
3. Select Configure SNTP Server from the Action list.
4. Enter the IP address of up to three time servers.
5. Click Apply.
Figure 16: Specifying SNTP Time Servers
Specifying NTP Time Servers
Use the System > Time (Configure Time Server – Add NTP Server) page to add the IP address for up to 50 NTP time servers.
Parameters
The following parameters are displayed:
NTP Server IP AddressAdds the IPv4 or IPv6 address for up to 50 time
?
servers. The switch will poll the specified time servers for updates when the clock maintenance type is set to NTP on the System > Time (Configure General) page. It issues time synchronization requests at a fixed interval of 1024 seconds. The switch will poll all the time servers configured, the responses received are filtered and compared to determine the most reliable and accurate time update for the switch.
Versi on – Specifies the NTP version supported by the server. (Fixed: Version 3)
?
– 91 –
Page 92
Chapter 3
Setting the System Clock
| Basic Management Tasks
Authentication Key – Specifies the number of the key in the NTP
?
Authentication Key List to use for authentication with the configured server. NTP authentication is optional. If enabled on the System > Time (Configure General) page, you must also configure at least one key on the System > Time (Add NTP Authentication Key) page. (Range: 1-65535)
Web Interface
To add an NTP time server to the server list:
1. Click System, then Time.
2. Select Configure Time Server from the Step list.
3. Select Add NTP Server from the Action list.
4. Enter the IP address of an NTP time server, and specify the index of the
authentication key if authentication is required.
5. Click Apply.
Figure 17: Adding an NTP Time Server
To show the list of configured NTP time servers:
1. Click System, then Time.
2. Select Configure Time Server from the Step list.
3. Select Show NTP Server from the Action list.
Figure 18: Showing the NTP Time Server List
– 92 –
Page 93
Chapter 3
| Basic Management Tasks
Setting the System Clock
Specifying NTP Authentication Keys
Use the System > Time (Configure Time Server – Add NTP Authentication Key) page to add an entry to the authentication key list.
Parameters
The following parameters are displayed:
Authentication KeySpecifies the number of the key in the NTP
?
Authentication Key List to use for authentication with a configured server. NTP authentication is optional. When enabled on the System > Time (Configure General) page, you must also configure at least one key on this page. Up to 255 keys can be configured on the switch. (Range: 1-65535)
Key Context – An MD5 authentication key string. The key string can be up to
?
32 case-sensitive printable ASCII characters (no spaces).
NTP authentication key numbers and values must match on both the server and client.
Web Interface
To add an entry to NTP authentication key list:
1. Click System, then Time.
2. Select Configure Time Server from the Step list.
3. Select Add NTP Authentication Key from the Action list.
4. Enter the index number and MD5 authentication key string.
5. Click Apply.
Figure 19: Adding an NTP Authentication Key
To show the list of configured NTP authentication keys:
1. Click System, then Time.
2. Select Configure Time Server from the Step list.
3. Select Show NTP Authentication Key from the Action list.
– 93 –
Page 94
Chapter 3
Setting the System Clock
| Basic Management Tasks
Figure 20: Showing the NTP Authentication Key List
Setting the Time Zone Use the System > Time (Configure Time Zone) page to set the time zone. SNTP uses
Coordinated Universal Time (or UTC, formerly Greenwich Mean Time, or GMT) based on the time at the Earth’s prime meridian, zero degrees longitude, which passes through Greenwich, England. To display a time corresponding to your local time, you must indicate the number of hours and minutes your time zone is east (before) or west (after) of UTC. You can choose one of the 80 predefined time zone definitions, or your can manually configure the parameters for your local time zone.
Parameters
The following parameters are displayed:
Predefined Configuration – A drop-down box provides access to the 80
?
predefined time zone configurations. Each choice indicates it’s offset from UTC and lists at least one major city or location covered by the time zone.
User-defined Configuration – Allows the user to define all parameters of the
?
local time zone.
?
Direction – Configures the time zone to be before (east of) or after (west of) UTC.
?
Name – Assigns a name to the time zone. (Range: 1-30 characters)
?
Hours (0-13) – The number of hours before or after UTC. The maximum value before UTC is 12. The maximum value after UTC is 13.
?
Minutes (0-59)The number of minutes before/after UTC.
Web Interface
To set your local time zone:
1. Click System, then Time.
2. Select Configure Time Zone from the Step list.
3. Set the offset for your time zone relative to the UTC in hours and minutes.
4. Click Apply.
– 94 –
Page 95
Figure 21: Setting the Time Zone
Chapter 3
| Basic Management Tasks
Setting the System Clock
Configuring
Summer Time
Use the Summer Time page to set the system clock forward during the summer months (also known as daylight savings time).
In some countries or regions, clocks are adjusted through the summer months so that afternoons have more daylight and mornings have less. This is known as Summer Time, or Daylight Savings Time (DST). Typically, clocks are adjusted forward one hour at the start of spring and then adjusted backward in autumn.
Parameters
The following parameters are displayed in the web interface:
General Configuration
Summer Time in Effect – Shows if the system time has been adjusted.
?
Status – Shows if summer time is set to take effect during the specified period.
?
Name – Name of the time zone while summer time is in effect, usually an
?
acronym. (Range: 1-30 characters)
Mode – Selects one of the following configuration modes. (The Mode option
?
can only be managed when the Summer Time Status option has been set to enabled for the switch.)
Predefined Mode – Configures the summer time status and settings for the switch using predefined configurations for several major regions of the world. To specify the time corresponding to your local time when summer time is in effect, select the predefined summer-time zone appropriate for your location.
– 95 –
Page 96
Chapter 3
Setting the System Clock
| Basic Management Tasks
Table 5: Predefined Summer-Time Parameters
Region Start Time, Day, Week, & Month End Time, Day, Week, & Month Rel.
Australia 00:00:00, Sunday, Week 5 of October 23:59:59, Sunday, Week 5 of March 60 min
Europe 00:00:00, Sunday, Week 5 of March 23:59:59, Sunday, Week 5 of October 60 min
New Zealand 00:00:00, Sunday, Week 1 of October 23:59:59, Sunday, Week 3 of March 60 min
USA 02:00:00, Sunday, Week 2 of March 02:00:00, Sunday, Week 1 of November 60 min
Offset
Date Mode – Sets the start, end, and offset times of summer time for the switch on a one-time basis. This mode sets the summer-time zone relative to the currently configured time zone. To specify a time corresponding to your local time when summer time is in effect, you must indicate the number of minutes your summer­time zone deviates from your regular time zone.
Offset – Summer-time offset from the regular time zone, in minutes.
?
(Range: 1-120 minutes)
From – Start time for summer-time offset.
?
To – End time for summer-time offset.
?
Recurring Mode – Sets the start, end, and offset times of summer time for the switch on a recurring basis. This mode sets the summer-time zone relative to the currently configured time zone. To specify a time corresponding to your local time when summer time is in effect, you must indicate the number of minutes your summer­time zone deviates from your regular time zone.
Offset – Summer-time offset from the regular time zone, in minutes.
?
(Range: 1-120 minutes)
From – Start time for summer-time offset.
?
To – End time for summer-time offset.
?
Web Interface
To specify summer time settings:
1. Click SNTP, Summer Time.
2. Select one of the configuration modes, configure the relevant attributes,
enable summer time status.
3. Click Apply.
– 96 –
Page 97
Figure 22: Configuring Summer Time

Configuring the Console Port

Use the System > Console menu to configure connection parameters for the switch’s console port. You can access the onboard configuration program by attaching a VT100 compatible device to the switch’s serial console port. Management access through the console port is controlled by various parameters, including a password (only configurable through the CLI), time outs, and basic communication settings. Note that these parameters can be configured via the web or CLI interface.
Chapter 3
| Basic Management Tasks
Configuring the Console Port
Parameters
The following parameters are displayed:
Login Timeout – Sets the interval that the system waits for a user to log into
?
the CLI. If a login attempt is not detected within the timeout interval, the connection is terminated for the session. (Range: 10-300 seconds; Default: 300 seconds)
Exec Timeout – Sets the interval that the system waits until user input is
?
detected. If user input is not detected within the timeout interval, the current session is terminated. (Range: 60-65535 seconds; Default: 600 seconds)
Password Threshold – Sets the password intrusion threshold, which limits the
?
number of failed logon attempts. When the logon attempt threshold is reached, the system interface becomes silent for a specified amount of time (set by the Silent Time parameter) before allowing the next logon attempt. (Range:1-120;Default:3attempts)
Silent Time – Sets the amount of time the management console is inaccessible
?
after the number of unsuccessful logon attempts has been exceeded. (Range: 1-65535 seconds; Default: Disabled)
Data Bits – Sets the number of data bits per character that are interpreted and
?
generated by the console port. If parity is being generated, specify 7 data bits
– 97 –
Page 98
Chapter 3
Configuring the Console Port
| Basic Management Tasks
per character. If no parity is required, specify 8 data bits per character. (Default: 8 bits)
Stop Bits – Sets the number of the stop bits transmitted per byte.
?
(Range: 1-2; Default: 1 stop bit)
Parity – Defines the generation of a parity bit. Communication protocols
?
provided by some terminals can require a specific parity bit setting. Specify Even, Odd, or None. (Default: None)
Speed – Sets the terminal line’s baud rate for transmit (to terminal) and receive
?
(from terminal). Set the speed to match the baud rate of the device connected to the serial port. (Range: 9600, 19200, 38400, 57600, or 115200 baud; Default: 115200 baud)
Note:
The password for the console connection can only be configured through
the CLI (see the “password” command in the CLI Reference Guide).
Note:
Password checking can be enabled or disabled for logging in to the console connection (see the “login” command in the CLI Reference Guide). You can select authentication by a single global password as configured for the password command, or by passwords set up for specific user-name accounts. The default is for local passwords configured on the switch.
Web Interface
To configure parameters for the console port:
1. Click System, then Console.
2. Specify the connection parameters as required.
3. Click Apply
Figure 23: Console Port Settings
– 98 –
Page 99

Configuring Telnet Settings

Use the System > Telnet menu to configure parameters for accessing the CLI over a Telnet connection. You can access the onboard configuration program over the network using Telnet (i.e., a virtual terminal). Management access via Telnet can be enabled/disabled and other parameters set, including the TCP port number, time outs, and a password. Note that the password is only configurable through the CLI.) These parameters can be configured via the web or CLI interface.
Parameters
The following parameters are displayed:
Teln et Statu s – Enables or disables Telnet access to the switch.
?
(Default: Enabled)
TCP Port – Sets the TCP port number for Telnet on the switch. (Range: 1-65535;
?
Default: 23)
Chapter 3
| Basic Management Tasks
Configuring Telnet Settings
Max Sessions – Sets the maximum number of Telnet sessions that can
?
simultaneously connect to this system. (Range: 0-8; Default: 8)
A maximum of eight sessions can be concurrently opened for Telnet and Secure Shell (i.e., both Telnet and SSH share a maximum number of eight sessions).
Login Timeout – Sets the interval that the system waits for a user to log into
?
the CLI. If a login attempt is not detected within the timeout interval, the connection is terminated for the session. (Range: 10-300 seconds; Default: 300 seconds)
Exec Timeout – Sets the interval that the system waits until user input is
?
detected. If user input is not detected within the timeout interval, the current session is terminated. (Range: 60-65535 seconds; Default: 600 seconds)
Password Threshold – Sets the password intrusion threshold, which limits the
?
number of failed logon attempts. When the logon attempt threshold is reached, the system interface becomes silent for a specified amount of time (set by the Silent Time parameter) before allowing the next logon attempt. (Range:1-120;Default:3attempts)
Silent Time – Sets the amount of time the management interface is
?
inaccessible after the number of unsuccessful logon attempts has been exceeded. (Range: 1-65535 seconds; Default: Disabled)
Note:
The password for the Telnet connection can only be configured through the CLI (see the “password” command in the CLI Reference Guide).
Note:
Password checking can be enabled or disabled for login to the console connection (see the “login” command in the CLI Reference Guide). You can select
– 99 –
Page 100
Chapter 3

Displaying CPU Utilization

| Basic Management Tasks
authentication by a single global password as configured for the password command, or by passwords set up for specific user-name accounts. The default is for local passwords configured on the switch.
Web Interface
To configure parameters for the console port:
1. Click System, then Telnet.
2. Specify the connection parameters as required.
3. Click Apply
Figure 24: Telnet Connection Settings
Displaying CPU Utilization
Use the System > CPU Utilization page to display information on CPU utilization.
Parameters
The following parameters are displayed:
Time Interval – The interval at which to update the displayed utilization rate.
?
(Options: 1, 5, 10, 30, 60 seconds; Default: 1 second)
CPU Utilization – CPU utilization over specified interval.
?
Web Interface
To display CPU utilization:
1. Click System, then CPU Utilization.
2. Change the update interval if required. Note that the interval is changed as
soon as a new setting is selected.
– 100 –
Loading...