GTL-2881
28-Port Stackable Layer 3 Lite Managed Gigabit Switch,
2 x SFP+, 2 x SFP+ (Optional Modules)
GTL-2882
28-Port Stackable Layer 3 Lite Managed Gigabit Fiber Switch,
2 x SFP+, 2 x SFP+ (Optional Modules)
User Manual
V1.0
Digital Data Communications Asia Co., Ltd.
http://www.level1.com
User Manual
GTL-2881
Layer Layer 3 Lite Stackable Gigabit Ethernet Switch
with 24 10/100/1000BASE-T (RJ-45) Ports,
2 10-Gigabit SFP+ Ports, and
Optional Module with 2 10-Gigabit SFP+ Ports
GTL-2882
Layer Layer 3 Lite Stackable Gigabit Ethernet Fiber Switch
with 22 SFP Ports,
2 10/100/1000BASE-T (RJ-45/SFP) Ports,
2 10-Gigabit SFP+ Ports, and
Optional Module with 2 10-Gigabit SFP+ Ports
E112016/ST-R01
How to Use This Guide
This guide includes detailed information on the switch software, including how to
operate and use the management functions of the switch. To deploy this switch
effectively and ensure trouble-free operation, you should first read the relevant
sections in this guide so that you are familiar with all of its software features.
Who Should Read
this Guide?
How this Guide
is Organized
This guide is for network administrators who are responsible for operating and
maintaining network equipment. The guide assumes a basic working knowledge of
LANs (Local Area Networks), the Internet Protocol (IP), and Simple Network
Management Protocol (SNMP).
This guide provides detailed information about the switch’s key features. It also
describes the switch’s web browser interface. For information on the command line
interface refer to the CLI Reference Guide.
The guide includes these sections:
◆
Section I “Getting Started” — Includes an introduction to switch management,
and the basic settings required to access the management interface.
◆
Section II “Web Configuration” — Includes all management options available
through the web browser interface.
◆
Section III “Ap pe nd ic es” — Includes information on troubleshooting switch
management access.
Related
Documentation
This guide focuses on switch software configuration through the web browser.
For information on how to manage the switch through the command line interface,
see the following guide:
CLI Reference Guide
Note:
For a description of how to initialize the switch for management access via
the CLI, web interface or SNMP, refer to “Initial Switch Configuration” in the CLI
Reference Guide.
– 3 –
How to Use This Guide
For information on how to install the switch, see the following guide:
Installation Guide
For all safety information and regulatory statements, see the following documents:
Quick Start Guide
Safety and Regulatory Information
Conventions
Revision History
The following conventions are used throughout this guide to show information:
Note:
Emphasizes important information or calls your attention to related features
or instructions.
Caution:
the system or equipment.
This section summarizes the changes in each revision of this guide.
November 2016 Revision
This is the first version of this guide. This guide is valid for software release
v1.5.2.15.
Alerts you to a potential hazard that could cause loss of data, or damage
– 4 –
Contents
How to Use This Guide 3
Contents 5
Figures 17
Tables 31
Section I Getting Started 33
1 Introduction 35
Key Features 35
Description of Software Features 37
IP Routing 41
Equal-cost Multipath Load Balancing 42
Address Resolution Protocol 42
Operation, Administration, and Maintenance 42
System Defaults 43
Section II Web Configuration 47
2 Using the Web Interface 49
Connecting to the Web Interface 49
Navigating the Web Browser Interface 50
Home Page 50
Configuration Options 51
Panel Display 51
Main Menu 52
3Basic Management Tasks 71
Displaying System Information 72
– 5 –
Contents
Displaying Hardware/Software Versions 73
Configuring Support for Jumbo Frames 74
Displaying Bridge Extension Capabilities 75
Managing System Files 77
Copying Files via FTP/TFTP or HTTP 77
Saving the Running Configuration to a Local File 79
Setting the Start-Up File 80
Showing System Files 81
Automatic Operation Code Upgrade 81
Setting the System Clock 85
Setting the Time Manually 86
Setting the SNTP Polling Interval 87
Configuring NTP 87
Configuring Time Servers 88
Setting the Time Zone 92
Configuring Summer Time 93
Configuring the Console Port 95
Configuring Telnet Settings 97
Displaying CPU Utilization 98
Displaying Memory Utilization 99
Stacking 100
Setting the Master Unit 100
Enabling Stacking Ports 101
Renumbering the Stack 102
Resetting the System 103
4 Interface Configuration 107
Port Configuration 108
Configuring by Port List 108
Configuring by Port Range 111
Displaying Connection Status 111
Configuring Local Port Mirroring 112
Configuring Remote Port Mirroring 114
Showing Port or Trunk Statistics 119
Displaying Transceiver Data 123
– 6 –
Contents
Configuring Transceiver Thresholds 124
Performing Cable Diagnostics 126
Trunk Configuration 128
Configuring a Static Trunk 129
Configuring a Dynamic Trunk 132
Displaying LACP Port Counters 138
Displaying LACP Settings and Status for the Local Side 139
Displaying LACP Settings and Status for the Remote Side 141
Configuring Load Balancing 142
Saving Power 144
Traffic Segmentation 146
Enabling Traffic Segmentation 146
Configuring Uplink and Downlink Ports 147
VLAN Trunking 149
5 VLAN Configuration 153
IEEE 802.1Q VLANs 153
Configuring VLAN Groups 156
Adding Static Members to VLANs 159
Configuring Dynamic VLAN Registration 163
IEEE 802.1Q Tunneling 166
Enabling QinQ Tunneling on the Switch 170
Creating CVLAN to SPVLAN Mapping Entries 172
Adding an Interface to a QinQ Tunnel 173
Protocol VLANs 175
Configuring Protocol VLAN Groups 175
Mapping Protocol Groups to Interfaces 177
Configuring IP Subnet VLANs 179
Configuring MAC-based VLANs 181
Configuring VLAN Mirroring 183
Configuring VLAN Translation 185
6 Address Table Settings 187
Configuring MAC Address Learning 187
Setting Static Addresses 189
Changing the Aging Time 191
– 7 –
Contents
Displaying the Dynamic Address Table 191
Clearing the Dynamic Address Table 193
Configuring MAC Address Mirroring 194
Issuing MAC Address Traps 195
7 Spanning Tree Algorithm 197
Overview 197
Configuring Loopback Detection 199
Configuring Global Settings for STA 201
Displaying Global Settings for STA 206
Configuring Interface Settings for STA 207
Displaying Interface Settings for STA 212
Configuring Multiple Spanning Trees 214
Configuring Interface Settings for MSTP 219
8 Congestion Control 221
Rate Limiting 221
Storm Control 222
Automatic Traffic Control 224
Setting the ATC Timers 225
Configuring ATC Thresholds and Responses 227
9 Class of Service 231
Layer 2 Queue Settings 231
Setting the Default Priority for Interfaces 231
Selecting the Queue Mode 232
Mapping CoS Values to Egress Queues 235
Layer 3/4 Priority Settings 238
Setting Priority Processing to DSCP or CoS 238
Mapping Ingress DSCP Values to Internal DSCP Values 239
Mapping CoS Priorities to Internal DSCP Values 242
10 Quality of Service 245
Overview 245
Configuring a Class Map 246
Creating QoS Policies 250
Attaching a Policy Map to a Port 259
– 8 –
Contents
11 VoIP Traffic Configuration 261
Overview 261
Configuring VoIP Traffic 262
Configuring Telephony OUI 263
Configuring VoIP Traffic Ports 264
12 Security Measures 267
AAA (Authentication, Authorization and Accounting) 268
Configuring Local/Remote Logon Authentication 269
Configuring Remote Logon Authentication Servers 270
Configuring AAA Accounting 275
Configuring AAA Authorization 281
Configuring User Accounts 284
Web Authentication 286
Configuring Global Settings for Web Authentication 287
Configuring Interface Settings for Web Authentication 288
Network Access (MAC Address Authentication) 289
Configuring Global Settings for Network Access 291
Configuring Network Access for Ports 292
Configuring Port Link Detection 294
Configuring a MAC Address Filter 295
Displaying Secure MAC Address Information 297
Configuring HTTPS 299
Configuring Global Settings for HTTPS 299
Replacing the Default Secure-site Certificate 300
Configuring the Secure Shell 302
Configuring the SSH Server 304
Generating the Host Key Pair 306
Importing User Public Keys 307
Access Control Lists 309
Setting a Time Range 310
Showing TCAM Utilization 313
Setting the ACL Name and Type 314
Configuring a Standard IPv4 ACL 316
Configuring an Extended IPv4 ACL 317
– 9 –
Contents
Configuring a Standard IPv6 ACL 319
Configuring an Extended IPv6 ACL 321
Configuring a MAC ACL 323
Configuring an ARP ACL 325
Binding a Port to an Access Control List 326
Configuring ACL Mirroring 327
Showing ACL Hardware Counters 329
ARP Inspection 330
Configuring Global Settings for ARP Inspection 331
Configuring VLAN Settings for ARP Inspection 333
Configuring Interface Settings for ARP Inspection 335
Displaying ARP Inspection Statistics 336
Displaying the ARP Inspection Log 337
Filtering IP Addresses for Management Access 338
Configuring Port Security 340
Configuring 802.1X Port Authentication 342
Configuring 802.1X Global Settings 344
Configuring Port Authenticator Settings for 802.1X 345
Configuring Port Supplicant Settings for 802.1X 350
Displaying 802.1X Statistics 352
DoS Protection 354
IPv4 Source Guard 357
Configuring Ports for IPv4 Source Guard 357
Configuring Static Bindings for IPv4 Source Guard 359
Displaying Information for Dynamic IPv4 Source Guard Bindings 362
IPv6 Source Guard 363
Configuring Ports for IPv6 Source Guard 363
Configuring Static Bindings for IPv6 Source Guard 365
Displaying Information for Dynamic IPv6 Source Guard Bindings 368
DHCP Snooping 369
DHCP Snooping Global Configuration 371
DHCP Snooping VLAN Configuration 373
Configuring Ports for DHCP Snooping 374
Displaying DHCP Snooping Binding Information 375
– 10 –
Contents
13 Basic Administration Protocols 377
Configuring Event Logging 378
System Log Configuration 378
Remote Log Configuration 380
Sending Simple Mail Transfer Protocol Alerts 381
Link Layer Discovery Protocol 383
Setting LLDP Timing Attributes 383
Configuring LLDP Interface Attributes 385
Configuring LLDP Interface Civic-Address 389
Displaying LLDP Local Device Information 391
Displaying LLDP Remote Device Information 394
Displaying Device Statistics 403
Simple Network Management Protocol 405
Configuring Global Settings for SNMP 407
Setting the Local Engine ID 408
Specifying a Remote Engine ID 409
Setting SNMPv3 Views 411
Configuring SNMPv3 Groups 413
Setting Community Access Strings 419
Configuring Local SNMPv3 Users 420
Configuring Remote SNMPv3 Users 423
Specifying Trap Managers 426
Creating SNMP Notification Logs 430
Showing SNMP Statistics 432
Remote Monitoring 434
Configuring RMON Alarms 434
Configuring RMON Events 437
Configuring RMON History Samples 439
Configuring RMON Statistical Samples 442
Switch Clustering 444
Configuring General Settings for Clusters 445
Cluster Member Configuration 446
Managing Cluster Members 448
– 11 –
Contents
Ethernet Ring Protection Switching 449
ERPS Global Configuration 453
ERPS Ring Configuration 454
ERPS Forced and Manual Mode Operations 470
Connectivity Fault Management 474
Configuring Global Settings for CFM 478
Configuring Interfaces for CFM 481
Configuring CFM Maintenance Domains 481
Configuring CFM Maintenance Associations 486
Configuring Maintenance End Points 490
Configuring Remote Maintenance End Points 492
Transmitting Link Trace Messages 494
Transmitting Loop Back Messages 496
Transmitting Delay-Measure Requests 498
Displaying Local MEPs 500
Displaying Details for Local MEPs 501
Displaying Local MIPs 503
Displaying Remote MEPs 504
Displaying Details for Remote MEPs 505
Displaying the Link Trace Cache 507
Displaying Fault Notification Settings 508
Displaying Continuity Check Errors 509
OAM Configuration 510
Enabling OAM on Local Ports 510
Displaying Statistics for OAM Messages 513
Displaying the OAM Event Log 514
Displaying the Status of Remote Interfaces 515
Configuring a Remote Loopback Test 516
Displaying Results of Remote Loopback Testing 518
UDLD Configuration 519
Configuring UDLD Protocol Intervals 520
Configuring UDLD Interface Settings 521
Displaying UDLD Neighbor Information 523
– 12 –
Contents
14 Multicast Filtering 525
Overview 525
Layer 2 IGMP (Snooping and Query for IPv4) 526
Configuring IGMP Snooping and Query Parameters 528
Specifying Static Interfaces for a Multicast Router 532
Assigning Interfaces to Multicast Services 534
Setting IGMP Snooping Status per Interface 537
Filtering IGMP Query Packets and Multicast Data 543
Displaying Multicast Groups Discovered by IGMP Snooping 544
Displaying IGMP Snooping Statistics 545
Filtering and Throttling IGMP Groups 549
Enabling IGMP Filtering and Throttling 549
Configuring IGMP Filter Profiles 550
Configuring IGMP Filtering and Throttling for Interfaces 552
MLD Snooping (Snooping and Query for IPv6) 554
Configuring MLD Snooping and Query Parameters 554
Setting Immediate Leave Status for MLD Snooping per Interface 556
Specifying Static Interfaces for an IPv6 Multicast Router 557
Assigning Interfaces to IPv6 Multicast Services 559
Showing MLD Snooping Groups and Source List 561
Multicast VLAN Registration for IPv4 562
Configuring MVR Global Settings 564
Configuring MVR Domain Settings 566
Configuring MVR Group Address Profiles 567
Configuring MVR Interface Status 570
Assigning Static MVR Multicast Groups to Interfaces 572
Displaying MVR Receiver Groups 574
Displaying MVR Statistics 575
Multicast VLAN Registration for IPv6 579
Configuring MVR6 Global Settings 580
Configuring MVR6 Domain Settings 582
Configuring MVR6 Group Address Profiles 583
Configuring MVR6 Interface Status 586
Assigning Static MVR6 Multicast Groups to Interfaces 588
– 13 –
Contents
Displaying MVR6 Receiver Groups 590
Displaying MVR6 Statistics 591
15 IP Configuration 597
Setting the Switch’s IP Address (IP Version 4) 597
Setting the Switch’s IP Address (IP Version 6) 601
Configuring the IPv6 Default Gateway 602
Configuring IPv6 Interface Settings 603
Configuring an IPv6 Address 608
Showing IPv6 Addresses 611
Showing the IPv6 Neighbor Cache 612
Showing IPv6 Statistics 613
Showing the MTU for Responding Destinations 619
16 IP Services 621
Domain Name Service 621
Configuring General DNS Service Parameters 621
Configuring a List of Domain Names 622
Configuring a List of Name Servers 624
Configuring Static DNS Host to Address Entries 625
Displaying the DNS Cache 626
Dynamic Host Configuration Protocol 627
Specifying a DHCP Client Identifier 627
Configuring DHCP Relay Service 629
Configuring the PPPoE Intermediate Agent 630
Configuring PPPoE IA Global Settings 630
Configuring PPPoE IA Interface Settings 632
Showing PPPoE IA Statistics 633
17 General IP Routing 635
Overview 635
Initial Configuration 635
IP Routing and Switching 636
Routing Path Management 637
Routing Protocols 638
– 14 –
Contents
Configuring IP Routing Interfaces 638
Configuring Local and Remote Interfaces 638
Using the Ping Function 639
Using the Trace Route Function 640
Address Resolution Protocol 642
Basic ARP Configuration 642
Configuring Static ARP Addresses 644
Displaying Dynamic or Local ARP Entries 646
Displaying ARP Statistics 646
Configuring Static Routes 647
Displaying the Routing Table 649
18 Unicast Routing 651
Overview 651
Configuring the Routing Information Protocol 652
Configuring General Protocol Settings 653
Clearing Entries from the Routing Table 656
Specifying Network Interfaces 657
Specifying Passive Interfaces 659
Specifying Static Neighbors 660
Configuring Route Redistribution 661
Specifying an Administrative Distance 663
Configuring Network Interfaces for RIP 664
Displaying RIP Interface Settings 668
Displaying Peer Router Information 669
Resetting RIP Statistics 669
Section III Appendices 671
A Software Specifications 673
Software Features 673
Management Features 675
Standards 675
Management Information Bases 676
– 15 –
Contents
B Troubleshooting 679
Problems Accessing the Management Interface 679
Using System Logs 680
C License Statement / GPL Code Statement 681
Written Offer for GPL/LGPL Source Code 681
The GNU General Public License 681
How to Apply These Terms to Your New Programs 685
Notification of Compliance 686
Glossary 689
Index 697
– 16 –
Figures
Figure 1: Home Page 50
Figure 2: Front Panel Indicators 51
Figure 3: System Information 72
Figure 4: General Switch Information 74
Figure 5: Configuring Support for Jumbo Frames 75
Figure 6: Displaying Bridge Extension Configuration 76
Figure 7: Copy Firmware 79
Figure 8: Saving the Running Configuration 80
Figure 9: Setting Start-Up Files 80
Figure 10: Displaying System Files 81
Figure 11: Configuring Automatic Code Upgrade 85
Figure 12: Manually Setting the System Clock 86
Figure 13: Setting the Polling Interval for SNTP 87
Figure 14: Configuring NTP 88
Figure 15: Specifying SNTP Time Servers 89
Figure 16: Adding an NTP Time Server 90
Figure 17: Showing the NTP Time Server List 90
Figure 18: Adding an NTP Authentication Key 91
Figure 19: Showing the NTP Authentication Key List 92
Figure 20: Setting the Time Zone 93
Figure 21: Configuring Summer Time 95
Figure 22: Console Port Settings 96
Figure 23: Telnet Connection Settings 98
Figure 24: Displaying CPU Utilization 99
Figure 25: Displaying Memory Utilization 99
Figure 26: Setting the Stack Master 101
Figure 27: Enabling Stacking on 10G Ports 102
Figure 28: Renumbering the Stack 102
Figure 29: Restarting the Switch (Immediately) 105
– 17 –
Figures
Figure 30: Restarting the Switch (In) 105
Figure 31: Restarting the Switch (At) 106
Figure 32: Restarting the Switch (Regularly) 106
Figure 33: Configuring Connections by Port List 110
Figure 34: Configuring Connections by Port Range 111
Figure 35: Displaying Port Information 112
Figure 36: Configuring Local Port Mirroring 112
Figure 37: Configuring Local Port Mirroring 114
Figure 38: Displaying Local Port Mirror Sessions 114
Figure 39: Configuring Remote Port Mirroring 115
Figure 40: Configuring Remote Port Mirroring (Source) 118
Figure 41: Configuring Remote Port Mirroring (Intermediate) 118
Figure 42: Configuring Remote Port Mirroring (Destination) 118
Figure 43: Showing Port Statistics (Table) 122
Figure 44: Showing Port Statistics (Chart) 123
Figure 45: Displaying Transceiver Data 124
Figure 46: Configuring Transceiver Thresholds 126
Figure 47: Performing Cable Tests 128
Figure 48: Configuring Static Trunks 129
Figure 49: Creating Static Trunks 130
Figure 50: Adding Static Trunks Members 131
Figure 51: Configuring Connection Parameters for a Static Trunk 131
Figure 52: Showing Information for Static Trunks 132
Figure 53: Configuring Dynamic Trunks 132
Figure 54: Configuring the LACP Aggregator Admin Key 135
Figure 55: Enabling LACP on a Port 136
Figure 56: Configuring LACP Parameters on a Port 136
Figure 57: Showing Members of a Dynamic Trunk 137
Figure 58: Configuring Connection Settings for a Dynamic Trunk 137
Figure 59: Showing Connection Parameters for Dynamic Trunks 138
Figure 60: Displaying LACP Port Counters 139
Figure 61: Displaying LACP Port Internal Information 140
Figure 62: Displaying LACP Port Remote Information 142
Figure 63: Configuring Load Balancing 143
Figure 64: Enabling Power Savings 145
– 18 –
Figures
Figure 65: Enabling Traffic Segmentation 147
Figure 66: Configuring Members for Traffic Segmentation 148
Figure 67: Showing Traffic Segmentation Members 149
Figure 68: Configuring VLAN Trunking 149
Figure 69: Configuring VLAN Trunking 151
Figure 70: VLAN Compliant and VLAN Non-compliant Devices 155
Figure 71: Using GVRP 156
Figure 72: Creating Static VLANs 158
Figure 73: Modifying Settings for Static VLANs 158
Figure 74: Showing Static VLANs 159
Figure 75: Configuring Static Members by VLAN Index 162
Figure 76: Configuring Static VLAN Members by Interface 162
Figure 77: Configuring Static VLAN Members by Interface Range 163
Figure 78: Configuring Global Status of GVRP 165
Figure 79: Configuring GVRP for an Interface 165
Figure 80: Showing Dynamic VLANs Registered on the Switch 166
Figure 81: Showing the Members of a Dynamic VLAN 166
Figure 82: QinQ Operational Concept 167
Figure 83: Enabling QinQ Tunneling 171
Figure 84: Configuring CVLAN to SPVLAN Mapping Entries 173
Figure 85: Showing CVLAN to SPVLAN Mapping Entries 173
Figure 86: Adding an Interface to a QinQ Tunnel 174
Figure 87: Configuring Protocol VLANs 176
Figure 88: Displaying Protocol VLANs 177
Figure 89: Assigning Interfaces to Protocol VLANs 178
Figure 90: Showing the Interface to Protocol Group Mapping 179
Figure 91: Configuring IP Subnet VLANs 180
Figure 92: Showing IP Subnet VLANs 181
Figure 93: Configuring MAC-Based VLANs 182
Figure 94: Showing MAC-Based VLANs 183
Figure 95: Configuring VLAN Mirroring 184
Figure 96: Showing the VLANs to Mirror 184
Figure 97: Configuring VLAN Translation 185
Figure 98: Configuring VLAN Translation 186
Figure 99: Showing the Entries for VLAN Translation 186
– 19 –
Figures
Figure 100: Configuring MAC Address Learning 188
Figure 101: Configuring Static MAC Addresses 190
Figure 102: Displaying Static MAC Addresses 190
Figure 103: Setting the Address Aging Time 191
Figure 104: Displaying the Dynamic MAC Address Table 192
Figure 105: Clearing Entries in the Dynamic MAC Address Table 193
Figure 106: Mirroring Packets Based on the Source MAC Address 195
Figure 107: Showing the Source MAC Addresses to Mirror 195
Figure 108: Issuing MAC Address Traps (Global Configuration) 196
Figure 109: Issuing MAC Address Traps (Interface Configuration) 196
Figure 110: STP Root Ports and Designated Ports 198
Figure 111: MSTP Region, Internal Spanning Tree, Multiple Spanning Tree 198
Figure 112: Spanning Tree – Common Internal, Common, Internal 199
Figure 113: Configuring Port Loopback Detection 201
Figure 114: Configuring Global Settings for STA (STP) 205
Figure 115: Configuring Global Settings for STA (RSTP) 205
Figure 116: Configuring Global Settings for STA (MSTP) 206
Figure 117: Displaying Global Settings for STA 207
Figure 118: Determining the Root Port 209
Figure 119: Configuring Interface Settings for STA 211
Figure 120: STA Port Roles 213
Figure 121: Displaying Interface Settings for STA 214
Figure 122: Creating an MST Instance 216
Figure 123: Displaying MST Instances 216
Figure 124: Modifying the Priority for an MST Instance 217
Figure 125: Displaying Global Settings for an MST Instance 217
Figure 126: Adding a VLAN to an MST Instance 218
Figure 127: Displaying Members of an MST Instance 218
Figure 128: Configuring MSTP Interface Settings 220
Figure 129: Displaying MSTP Interface Settings 220
Figure 130: Configuring Rate Limits 222
Figure 131: Configuring Storm Control 224
Figure 132: Storm Control by Limiting the Traffic Rate 224
Figure 133: Storm Control by Shutting Down a Port 225
Figure 134: Configuring ATC Timers 226
– 20 –
Figures
Figure 135: Configuring ATC Interface Attributes 229
Figure 136: Setting the Default Port Priority 232
Figure 137: Setting the Queue Mode (Strict) 234
Figure 138: Setting the Queue Mode (WRR) 234
Figure 139: Setting the Queue Mode (Strict and WRR) 235
Figure 140: Mapping CoS Values to Egress Queues 237
Figure 141: Showing CoS Values to Egress Queue Mapping 237
Figure 142: Setting the Trust Mode 239
Figure 143: Configuring DSCP to DSCP Internal Mapping 241
Figure 144: Showing DSCP to DSCP Internal Mapping 241
Figure 145: Configuring CoS to DSCP Internal Mapping 243
Figure 146: Showing CoS to DSCP Internal Mapping 244
Figure 147: Configuring a Class Map 248
Figure 148: Showing Class Maps 248
Figure 149: Adding Rules to a Class Map 249
Figure 150: Showing the Rules for a Class Map 249
Figure 151: Configuring a Policy Map 257
Figure 152: Showing Policy Maps 257
Figure 153: Adding Rules to a Policy Map 258
Figure 154: Showing the Rules for a Policy Map 259
Figure 155: Attaching a Policy Map to a Port 260
Figure 156: Configuring a Voice VLAN 263
Figure 157: Configuring an OUI Telephony List 264
Figure 158: Showing an OUI Telephony List 264
Figure 159: Configuring Port Settings for a Voice VLAN 266
Figure 160: Configuring the Authentication Sequence 270
Figure 161: Authentication Server Operation 270
Figure 162: Configuring Remote Authentication Server (RADIUS) 273
Figure 163: Configuring Remote Authentication Server (TACACS+) 274
Figure 164: Configuring AAA Server Groups 274
Figure 165: Showing AAA Server Groups 275
Figure 166: Configuring Global Settings for AAA Accounting 277
Figure 167: Configuring AAA Accounting Methods 278
Figure 168: Showing AAA Accounting Methods 279
Figure 169: Configuring AAA Accounting Service for 802.1X Service 279
– 21 –
Figures
Figure 170: Configuring AAA Accounting Service for Command Service 280
Figure 171: Configuring AAA Accounting Service for Exec Service 280
Figure 172: Displaying a Summary of Applied AAA Accounting Methods 281
Figure 173: Displaying Statistics for AAA Accounting Sessions 281
Figure 174: Configuring AAA Authorization Methods 283
Figure 175: Showing AAA Authorization Methods 283
Figure 176: Configuring AAA Authorization Methods for Exec Service 284
Figure 177: Displaying the Applied AAA Authorization Method 284
Figure 178: Configuring User Accounts 286
Figure 179: Showing User Accounts 286
Figure 180: Configuring Global Settings for Web Authentication 288
Figure 181: Configuring Interface Settings for Web Authentication 289
Figure 182: Configuring Global Settings for Network Access 292
Figure 183: Configuring Interface Settings for Network Access 294
Figure 184: Configuring Link Detection for Network Access 295
Figure 185: Configuring a MAC Address Filter for Network Access 296
Figure 186: Showing the MAC Address Filter Table for Network Access 297
Figure 187: Showing Addresses Authenticated for Network Access 298
Figure 188: Configuring HTTPS 300
Figure 189: Downloading the Secure-Site Certificate 302
Figure 190: Configuring the SSH Server 305
Figure 191: Generating the SSH Host Key Pair 306
Figure 192: Showing the SSH Host Key Pair 307
Figure 193: Copying the SSH User’s Public Key 308
Figure 194: Showing the SSH User’s Public Key 309
Figure 195: Setting the Name of a Time Range 311
Figure 196: Showing a List of Time Ranges 312
Figure 197: Add a Rule to a Time Range 312
Figure 198: Showing the Rules Configured for a Time Range 313
Figure 199: Showing TCAM Utilization 314
Figure 200: Creating an ACL 315
Figure 201: Showing a List of ACLs 315
Figure 202: Configuring a Standard IPv4 ACL 317
Figure 203: Configuring an Extended IPv4 ACL 319
Figure 204: Configuring a Standard IPv6 ACL 320
– 22 –
Figures
Figure 205: Configuring an Extended IPv6 ACL 322
Figure 206: Configuring a MAC ACL 324
Figure 207: Configuring a ARP ACL 326
Figure 208: Binding a Port to an ACL 327
Figure 209: Configuring ACL Mirroring 328
Figure 210: Showing the VLANs to Mirror 329
Figure 211: Showing ACL Statistics 330
Figure 212: Configuring Global Settings for ARP Inspection 333
Figure 213: Configuring VLAN Settings for ARP Inspection 334
Figure 214: Configuring Interface Settings for ARP Inspection 335
Figure 215: Displaying Statistics for ARP Inspection 337
Figure 216: Displaying the ARP Inspection Log 338
Figure 217: Creating an IP Address Filter for Management Access 339
Figure 218: Showing IP Addresses Authorized for Management Access 340
Figure 219: Configuring Port Security 342
Figure 220: Configuring Port Authentication 343
Figure 221: Configuring Global Settings for 802.1X Port Authentication 345
Figure 222: Configuring Interface Settings for 802.1X Port Authenticator 349
Figure 223: Configuring Interface Settings for 802.1X Port Supplicant 351
Figure 224: Showing Statistics for 802.1X Port Authenticator 353
Figure 225: Showing Statistics for 802.1X Port Supplicant 354
Figure 226: Protecting Against DoS Attacks 356
Figure 227: Setting the Filter Type for IPv4 Source Guard 359
Figure 228: Configuring Static Bindings for IPv4 Source Guard 361
Figure 229: Displaying Static Bindings for IPv4 Source Guard 361
Figure 230: Showing the IPv4 Source Guard Binding Table 363
Figure 231: Setting the Filter Type for IPv6 Source Guard 365
Figure 232: Configuring Static Bindings for IPv6 Source Guard 367
Figure 233: Displaying Static Bindings for IPv6 Source Guard 367
Figure 234: Showing the IPv6 Source Guard Binding Table 369
Figure 235: Configuring Global Settings for DHCP Snooping 373
Figure 236: Configuring DHCP Snooping on a VLAN 374
Figure 237: Configuring the Port Mode for DHCP Snooping 375
Figure 238: Displaying the Binding Table for DHCP Snooping 376
Figure 239: Configuring Settings for System Memory Logs 379
– 23 –
Figures
Figure 240: Showing Error Messages Logged to System Memory 380
Figure 241: Configuring Settings for Remote Logging of Error Messages 381
Figure 242: Configuring SMTP Alert Messages 382
Figure 243: Configuring LLDP Timing Attributes 385
Figure 244: Configuring LLDP Interface Attributes 388
Figure 245: Configuring the Civic Address for an LLDP Interface 390
Figure 246: Showing the Civic Address for an LLDP Interface 390
Figure 247: Displaying Local Device Information for LLDP (General) 393
Figure 248: Displaying Local Device Information for LLDP (Port) 394
Figure 249: Displaying Local Device Information for LLDP (Port Details) 394
Figure 250: Displaying Remote Device Information for LLDP (Port) 401
Figure 251: Displaying Remote Device Information for LLDP (Port Details) 402
Figure 252: Displaying Remote Device Information for LLDP (End Node) 403
Figure 253: Displaying LLDP Device Statistics (General) 405
Figure 254: Displaying LLDP Device Statistics (Port) 405
Figure 255: Configuring Global Settings for SNMP 408
Figure 256: Configuring the Local Engine ID for SNMP 409
Figure 257: Configuring a Remote Engine ID for SNMP 410
Figure 258: Showing Remote Engine IDs for SNMP 410
Figure 259: Creating an SNMP View 412
Figure 260: Showing SNMP Views 412
Figure 261: Adding an OID Subtree to an SNMP View 413
Figure 262: Showing the OID Subtree Configured for SNMP Views 413
Figure 263: Creating an SNMP Group 418
Figure 264: Showing SNMP Groups 418
Figure 265: Setting Community Access Strings 419
Figure 266: Showing Community Access Strings 420
Figure 267: Configuring Local SNMPv3 Users 422
Figure 268: Showing Local SNMPv3 Users 422
Figure 269: Changing a Local SNMPv3 User Group 423
Figure 270: Configuring Remote SNMPv3 Users 425
Figure 271: Showing Remote SNMPv3 Users 425
Figure 272: Configuring Trap Managers (SNMPv1) 429
Figure 273: Configuring Trap Managers (SNMPv2c) 429
Figure 274: Configuring Trap Managers (SNMPv3) 429
– 24 –
Figures
Figure 275: Showing Trap Managers 430
Figure 276: Creating SNMP Notification Logs 431
Figure 277: Showing SNMP Notification Logs 432
Figure 278: Showing SNMP Statistics 433
Figure 279: Configuring an RMON Alarm 436
Figure 280: Showing Configured RMON Alarms 436
Figure 281: Configuring an RMON Event 438
Figure 282: Showing Configured RMON Events 439
Figure 283: Configuring an RMON History Sample 440
Figure 284: Showing Configured RMON History Samples 441
Figure 285: Showing Collected RMON History Samples 441
Figure 286: Configuring an RMON Statistical Sample 443
Figure 287: Showing Configured RMON Statistical Samples 443
Figure 288: Showing Collected RMON Statistical Samples 444
Figure 289: Configuring a Switch Cluster 446
Figure 290: Configuring a Cluster Members 447
Figure 291: Showing Cluster Members 447
Figure 292: Showing Cluster Candidates 448
Figure 293: Managing a Cluster Member 449
Figure 294: ERPS Ring Components 450
Figure 295: Ring Interconnection Architecture (Multi-ring/Ladder Network) 452
Figure 296: Setting ERPS Global Status 454
Figure 297: Sub-ring with Virtual Channel 463
Figure 298: Sub-ring without Virtual Channel 464
Figure 299: Non-ERPS Device Protection 465
Figure 300: Creating an ERPS Ring 468
Figure 301: Creating an ERPS Ring 469
Figure 302: Showing Configured ERPS Rings 469
Figure 303: Blocking an ERPS Ring Port 474
Figure 304: Single CFM Maintenance Domain 475
Figure 305: Multiple CFM Maintenance Domains 476
Figure 306: Configuring Global Settings for CFM 480
Figure 307: Configuring Interfaces for CFM 481
Figure 308: Configuring Maintenance Domains 485
Figure 309: Showing Maintenance Domains 485
– 25 –
Figures
Figure 310: Configuring Detailed Settings for Maintenance Domains 486
Figure 311: Creating Maintenance Associations 489
Figure 312: Showing Maintenance Associations 489
Figure 313: Configuring Detailed Settings for Maintenance Associations 490
Figure 314: Configuring Maintenance End Points 491
Figure 315: Showing Maintenance End Points 492
Figure 316: Configuring Remote Maintenance End Points 493
Figure 317: Showing Remote Maintenance End Points 494
Figure 318: Transmitting Link Trace Messages 496
Figure 319: Transmitting Loopback Messages 497
Figure 320: Transmitting Delay-Measure Messages 499
Figure 321: Showing Information on Local MEPs 500
Figure 322: Showing Detailed Information on Local MEPs 502
Figure 323: Showing Information on Local MIPs 503
Figure 324: Showing Information on Remote MEPs 504
Figure 325: Showing Detailed Information on Remote MEPs 506
Figure 326: Showing the Link Trace Cache 508
Figure 327: Showing Settings for the Fault Notification Generator 509
Figure 328: Showing Continuity Check Errors 510
Figure 329: Enabling OAM for Local Ports 513
Figure 330: Displaying Statistics for OAM Messages 514
Figure 331: Displaying the OAM Event Log 515
Figure 332: Displaying Status of Remote Interfaces 516
Figure 333: Running a Remote Loop Back Test 518
Figure 334: Displaying the Results of Remote Loop Back Testing 519
Figure 335: Configuring UDLD Protocol Intervals 521
Figure 336: Configuring UDLD Interface Settings 523
Figure 337: Displaying UDLD Neighbor Information 524
Figure 338: Multicast Filtering Concept 526
Figure 339: Configuring General Settings for IGMP Snooping 532
Figure 340: Configuring a Static Interface for a Multicast Router 533
Figure 341: Showing Static Interfaces Attached a Multicast Router 534
Figure 342: Showing Current Interfaces Attached a Multicast Router 534
Figure 343: Assigning an Interface to a Multicast Service 535
Figure 344: Showing Static Interfaces Assigned to a Multicast Service 536
– 26 –
Figures
Figure 345: Showing Current Interfaces Attached a Multicast Router 536
Figure 346: Configuring IGMP Snooping on a VLAN 542
Figure 347: Showing Interface Settings for IGMP Snooping 542
Figure 348: Dropping IGMP Query or Multicast Data Packets 543
Figure 349: Showing Multicast Groups Learned by IGMP Snooping 544
Figure 350: Displaying IGMP Snooping Statistics – Query 547
Figure 351: Displaying IGMP Snooping Statistics – VLAN 548
Figure 352: Displaying IGMP Snooping Statistics – Port 548
Figure 353: Enabling IGMP Filtering and Throttling 550
Figure 354: Creating an IGMP Filtering Profile 551
Figure 355: Showing the IGMP Filtering Profiles Created 551
Figure 356: Adding Multicast Groups to an IGMP Filtering Profile 552
Figure 357: Showing the Groups Assigned to an IGMP Filtering Profile 552
Figure 358: Configuring IGMP Filtering and Throttling Interface Settings 554
Figure 359: Configuring General Settings for MLD Snooping 556
Figure 360: Configuring Immediate Leave for MLD Snooping 557
Figure 361: Configuring a Static Interface for an IPv6 Multicast Router 558
Figure 362: Showing Static Interfaces Attached an IPv6 Multicast Router 558
Figure 363: Showing Current Interfaces Attached an IPv6 Multicast Router 558
Figure 364: Assigning an Interface to an IPv6 Multicast Service 560
Figure 365: Showing Static Interfaces Assigned to an IPv6 Multicast Service 560
Figure 366: Showing Current Interfaces Assigned to an IPv6 Multicast Service 561
Figure 367: Showing IPv6 Multicast Services and Corresponding Sources 562
Figure 368: MVR Concept 563
Figure 369: Configuring Global Settings for MVR 565
Figure 370: Configuring Domain Settings for MVR 567
Figure 371: Configuring an MVR Group Address Profile 568
Figure 372: Displaying MVR Group Address Profiles 568
Figure 373: Assigning an MVR Group Address Profile to a Domain 569
Figure 374: Showing the MVR Group Address Profiles Assigned to a Domain 569
Figure 375: Configuring Interface Settings for MVR 572
Figure 376: Assigning Static MVR Groups to an Interface 573
Figure 377: Showing the Static MVR Groups Assigned to a Port 574
Figure 378: Displaying MVR Receiver Groups 575
Figure 379: Displaying MVR Statistics – Query 577
– 27 –
Figures
Figure 380: Displaying MVR Statistics – VLAN 578
Figure 381: Displaying MVR Statistics – Port 579
Figure 382: Configuring Global Settings for MVR6 582
Figure 383: Configuring Domain Settings for MVR6 583
Figure 384: Configuring an MVR6 Group Address Profile 585
Figure 385: Displaying MVR6 Group Address Profiles 585
Figure 386: Assigning an MVR6 Group Address Profile to a Domain 586
Figure 387: Showing MVR6 Group Address Profiles Assigned to a Domain 586
Figure 388: Configuring Interface Settings for MVR6 588
Figure 389: Assigning Static MVR6 Groups to a Port 589
Figure 390: Showing the Static MVR6 Groups Assigned to a Port 590
Figure 391: Displaying MVR6 Receiver Groups 591
Figure 392: Displaying MVR6 Statistics – Query 593
Figure 393: Displaying MVR6 Statistics – VLAN 594
Figure 394: Displaying MVR6 Statistics – Port 595
Figure 395: Configuring a Static IPv4 Address 599
Figure 396: Configuring a Dynamic IPv4 Address 600
Figure 397: Showing the Configured IPv4 Address for an Interface 601
Figure 398: Configuring the IPv6 Default Gateway 602
Figure 399: Configuring General Settings for an IPv6 Interface 607
Figure 400: Configuring RA Guard for an IPv6 Interface 608
Figure 401: Configuring an IPv6 Address 610
Figure 402: Showing Configured IPv6 Addresses 612
Figure 403: Showing IPv6 Neighbors 613
Figure 404: Showing IPv6 Statistics (IPv6) 617
Figure 405: Showing IPv6 Statistics (ICMPv6) 618
Figure 406: Showing IPv6 Statistics (UDP) 618
Figure 407: Showing Reported MTU Values 619
Figure 408: Configuring General Settings for DNS 622
Figure 409: Configuring a List of Domain Names for DNS 623
Figure 410: Showing the List of Domain Names for DNS 623
Figure 411: Configuring a List of Name Servers for DNS 624
Figure 412: Showing the List of Name Servers for DNS 625
Figure 413: Configuring Static Entries in the DNS Table 625
Figure 414: Showing Static Entries in the DNS Table 626
– 28 –
Figures
Figure 415: Showing Entries in the DNS Cache 627
Figure 416: Specifying a DHCP Client Identifier 629
Figure 417: Layer 3 DHCP Relay Service 629
Figure 418: Configuring DHCP Relay Service 630
Figure 419: Configuring Global Settings for PPPoE Intermediate Agent 631
Figure 420: Configuring Interface Settings for PPPoE Intermediate Agent 633
Figure 421: Showing PPPoE Intermediate Agent Statistics 634
Figure 422: Virtual Interfaces and Layer 3 Routing 636
Figure 423: Pinging a Network Device 640
Figure 424: Tracing the Route to a Network Device 641
Figure 425: Proxy ARP 643
Figure 426: Configuring General Settings for ARP 644
Figure 427: Configuring Static ARP Entries 645
Figure 428: Displaying Static ARP Entries 645
Figure 429: Displaying ARP Entries 646
Figure 430: Displaying ARP Statistics 647
Figure 431: Configuring Static Routes 648
Figure 432: Displaying Static Routes 648
Figure 433: Displaying the Routing Table 650
Figure 434: Configuring RIP 652
Figure 435: Configuring General Settings for RIP 656
Figure 436: Clearing Entries from the Routing Table 657
Figure 437: Adding Network Interfaces to RIP 658
Figure 438: Showing Network Interfaces Using RIP 659
Figure 439: Specifying a Passive RIP Interface 660
Figure 440: Showing Passive RIP Interfaces 660
Figure 441: Specifying a Static RIP Neighbor 661
Figure 442: Showing Static RIP Neighbors 661
Figure 443: Redistributing External Routes into RIP 662
Figure 444: Showing External Routes Redistributed into RIP 663
Figure 445: Setting the Distance Assigned to External Routes 664
Figure 446: Showing the Distance Assigned to External Routes 664
Figure 447: Configuring a Network Interface for RIP 667
Figure 448: Showing RIP Network Interface Settings 668
Figure 449: Showing RIP Interface Settings 668
– 29 –
Figures
Figure 450: Showing RIP Peer Information 669
Figure 451: Resetting RIP Statistics 670
– 30 –
Tables
Table 1: Key Features 35
Table 2: System Defaults 43
Table 3: Web Page Configuration Buttons 51
Table 4: Switch Main Menu 52
Table 5: Predefined Summer-Time Parameters 94
Table 6: Port Statistics 119
Table 7: LACP Port Counters 138
Table 8: LACP Internal Configuration Information 139
Table 9: LACP Remote Device Configuration Information 141
Table 10: Traffic Segmentation Forwarding 147
Table 11: Recommended STA Path Cost Range 208
Table 12: Default STA Path Costs 209
Table 13: IEEE 802.1p Egress Queue Priority Mapping 235
Table 14: CoS Priority Levels 236
Table 15: Mapping Internal Per-hop Behavior to Hardware Queues 236
Table 16: Default Mapping of DSCP Values to Internal PHB/Drop Values 240
Table 17: Default Mapping of CoS/CFI to Internal PHB/Drop Precedence 242
Table 18: Dynamic QoS Profiles 290
Table 19: HTTPS System Support 299
Table 20: ARP Inspection Statistics 336
Table 21: ARP Inspection Log 337
Table 22: 802.1X Statistics 352
Table 23: Logging Levels 378
Table 24: LLDP MED Location CA Types 389
Table 25: Chassis ID Subtype 391
Table 26: System Capabilities 391
Table 27: Port ID Subtype 392
Table 28: Remote Port Auto-Negotiation Advertised Capability 396
Table 29: SNMPv3 Security Models and Levels 406
– 31 –
Tabl es
Table 30: Supported Notification Messages 415
Table 31: ERPS Request/State Priority 471
Table 32: Remote MEP Priority Levels 483
Table 33: MEP Defect Descriptions 483
Table 34: OAM Operation State 511
Table 35: Remote Loopback Status 517
Table 36: Show IPv6 Neighbors - display description 612
Table 37: Show IPv6 Statistics - display description 614
Table 38: Show MTU - display description 619
Table 39: Options 60, 66 and 67 Statements 627
Table 40: Options 55 and 124 Statements 628
Table 41: Address Resolution Protocol 642
Table 42: ARP Statistics 646
Table 43: Troubleshooting Chart 679
– 32 –
Section I
Getting Started
This section provides an overview of the switch, and introduces some basic
concepts about network switches. It also describes the basic settings required to
access the management interface.
This section includes these chapters:
◆
"Introduction" on page 35
– 33 –
Section I
| Getting Started
– 34 –
1
Key Features
Introduction
This
switch provides a broad range of features for Layer 2 switching and Layer 3
routing. It includes a management agent that allows you to configure the features
listed in this manual. The default configuration can be used for most of the features
provided by this switch. However, there are many options that you should
configure to maximize the switch’s performance for your particular network
environment.
Table 1: Key Features
Feature Description
Configuration Backup and
Restore
Authentication Console, Telnet, web – user name/password, RADIUS, TACACS+
General Security Measures AAA
Access Control Lists Supports up to 512 ACLs, 2048 rules per ACL, and 2048 rules per system
DHCP/DHCPv6 Client, Relay, Relay Option 82
DNS Client and Proxy service
Port Configuration Speed, duplex mode, and flow control
Port Trunking Supports up to 16 trunks per switch (32 per stack) – static or dynamic
Using management station or FTP/TFTP server
Port – IEEE 802.1X, MAC address filtering
SNMP v1/2c - Community strings
SNMP version 3 – MD5 or SHA password
Telnet – SSH
Web – HTTPS
ARP Inspection
DHCP Snooping (with Option 82 relay information)
DoS Protection
IP Source Guard
PPPoE Intermediate Agent
Port Authentication – IEEE 802.1X
Port Security – MAC address filtering
trunking (LACP)
Port Mirroring 27 sessions, across switch or stack, one or more source ports to one
Congestion Control Rate Limiting
analysis port
Throttling for broadcast, multicast, unknown unicast storms
– 35 –
Chapter 1
Key Features
| Introduction
Table 1: Key Features
Feature Description
Address Table 16K MAC addresses in the forwarding table,
IP Version 4 and 6 Supports IPv4 and IPv6 addressing and management
IEEE 802.1D Bridge Supports dynamic data switching and addresses learning
Store-and-Forward
Switching
Spanning Tree Algorithm Supports standard STP, Rapid Spanning Tree Protocol (RSTP), and
Virtual LANs Up to 4093 using IEEE 802.1Q, port-based, protocol-based, voice VLANs,
Traffic Prioritization Default port priority, traffic class map, queue scheduling, IP Precedence,
Qualify of Service Supports Differentiated Services (DiffServ)
Link Layer Discovery
Protocol
(Continued)
1K static MAC addresses;
1760 entries in the ARP cache, 256 static ARP entries;
256 static IP routes, 32 IP interfaces;
2K IPv4 entries in the host table;
1K IPv4 entries in routing table,
1K L2 multicast groups (shared with MAC table)
Supported to ensure wire-speed switching while eliminating bad
frames
Multiple Spanning Trees (MSTP)
and QinQ tunnel
or Differentiated Services Code Point (DSCP)
Used to discover basic information about neighboring devices
Switch Clustering Supports up to 36 member switches in a cluster
Connectivity Fault
Management
ERPS Supports Ethernet Ring Protection Switching for increased availability
IP Routing Routing Information Protocol (RIP), and static routes
ARP Static and dynamic address configuration, proxy ARP
Multicast Filtering Supports IGMP snooping and query for Layer 2, and Multicast VLAN
Remote Device
Management
Connectivity monitoring using continuity check messages, fault
verification through loop back messages, and fault isolation by
examining end-to-end connections (IEEE 802.1ag)
of Ethernet rings (G.8032)
Registration
Supports Ethernet OAM functions for attached CPEs
(IEEE 802.3ah, ITU-T Y.1731)
– 36 –
Description of Software Features
The switch provides a wide range of advanced performance enhancing features.
Flow control eliminates the loss of packets due to bottlenecks caused by port
saturation. Storm suppression prevents broadcast, multicast, and unknown unicast
traffic storms from engulfing the network. Untagged (port-based), tagged, and
protocol-based VLANs, plus support for automatic GVRP VLAN registration provide
traffic security and efficient use of network bandwidth. CoS priority queueing
ensures the minimum delay for moving real-time multimedia data across the
network. While multicast filtering and routing provides support for real-time
network applications.
Some of the management features are briefly described below.
Chapter 1
Description of Software Features
| Introduction
Configuration Backup
and Restore
Authentication
You can save the current configuration settings to a file on the management station
(using the web interface) or an FTP/TFTP server (using the web or console
interface), and later download this file to restore the switch configuration settings.
This switch authenticates management access via the console port, Telnet, or a web
browser. User names and passwords can be configured locally or can be verified via
a remote authentication server (i.e., RADIUS or TACACS+). Port-based
authentication is also supported via the IEEE 802.1X protocol. This protocol uses
Extensible Authentication Protocol over LANs (EAPOL) to request user credentials
from the 802.1X client, and then uses the EAP between the switch and the
authentication server to verify the client’s right to access the network via an
authentication server (i.e., RADIUS or TACACS+ server).
Other authentication options include HTTPS for secure management access via the
web, SSH for secure management access over a Telnet-equivalent connection,
SNMP Version 3, IP address filtering for SNMP/Telnet/web management access.
MAC address filtering and IP source guard also provide authenticated port access.
While DHCP snooping is provided to prevent malicious attacks from insecure ports.
While PPPoE Intermediate Agent supports authentication of a client for a service
provider.
Access Control Lists
DHCP Relay
ACLs provide packet filtering for IP frames (based on address, protocol, TCP/UDP
port number or TCP control code) or any frames (based on MAC address or Ethernet
type). ACLs can be used to improve performance by blocking unnecessary network
traffic or to implement security controls by restricting access to specific network
resources or protocols.
DHCP Relay is supported to allow dynamic configuration of local clients from a
DHCP server located in a different network. And DHCP Relay Option 82 controls the
processing of Option 82 information in DHCP request packets relayed by this
device.
– 37 –
Chapter 1
Description of Software Features
| Introduction
Port Configuration
Rate Limiting
Port Mirroring
Port Trunking
You can manually configure the speed, duplex mode, and flow control used on
specific ports, or use auto-negotiation to detect the connection settings used by
the attached device. Use full-duplex mode on ports whenever possible to double
the throughput of switch connections. Flow control should also be enabled to
control network traffic during periods of congestion and prevent the loss of
packets when port buffer thresholds are exceeded. The switch supports flow
control based on the IEEE 802.3x standard (now incorporated in IEEE 802.3-2002).
This feature controls the maximum rate for traffic transmitted or received on an
interface. Rate limiting is configured on interfaces at the edge of a network to limit
traffic into or out of the network. Packets that exceed the acceptable amount of
traffic are dropped.
The switch can unobtrusively mirror traffic from any port to a monitor port. You can
then attach a protocol analyzer or RMON probe to this port to perform traffic
analysis and verify connection integrity.
Ports can be combined into an aggregate connection. Trunks can be manually set
up or dynamically configured using Link Aggregation Control Protocol (LACP – IEEE
802.3-2005). The additional ports dramatically increase the throughput across any
connection, and provide redundancy by taking over the load if a port in the trunk
should fail. The switch supports up to 16 trunks per switch and 32 per stack.
Storm Control
Static MAC Addresses
IP Address Filtering
Broadcast, multicast and unknown unicast storm suppression prevents traffic from
overwhelming the network.When enabled on a port, the level of traffic passing
through the port is restricted. If traffic rises above a pre-defined threshold, it will be
throttled until the level falls back beneath the threshold.
A static address can be assigned to a specific interface on this switch. Static
addresses are bound to the assigned interface and will not be moved. When a static
address is seen on another interface, the address will be ignored and will not be
written to the address table. Static addresses can be used to provide network
security by restricting access for a known host to a specific port.
Access to insecure ports can be controlled using DHCP Snooping which filters
ingress traffic based on static IP addresses and addresses stored in the DHCP
Snooping table. Traffic can also be restricted to specific source IP addresses or
source IP/MAC address pairs based on static entries or entries stored in the DHCP
Snooping table.
– 38 –
Chapter 1
Description of Software Features
| Introduction
IEEE 802.1D Bridge
Store-and-Forward
Switching
Spanning Tree
Algorithm
The switch supports IEEE 802.1D transparent bridging. The address table facilitates
data switching by learning addresses, and then filtering or forwarding traffic based
on this information. The address table supports up to 16K addresses.
The switch copies each frame into its memory before forwarding them to another
port. This ensures that all frames are a standard Ethernet size and have been
verified for accuracy with the cyclic redundancy check (CRC). This prevents bad
frames from entering the network and wasting bandwidth.
To avoid dropping frames on congested ports, the switch provides 12 Mbits for
frame buffering. This buffer can queue packets awaiting transmission on congested
networks.
The switch supports these spanning tree protocols:
◆
Spanning Tree Protocol (STP, IEEE 802.1D) – This protocol provides loop
detection. When there are multiple physical paths between segments, this
protocol will choose a single path and disable all others to ensure that only one
route exists between any two stations on the network. This prevents the
creation of network loops. However, if the chosen path should fail for any
reason, an alternate path will be activated to maintain the connection.
Connectivity Fault
Management
◆
Rapid Spanning Tree Protocol (RSTP, IEEE 802.1w) – This protocol reduces the
convergence time for network topology changes to about 3 to 5 seconds,
compared to 30 seconds or more for the older IEEE 802.1D STP standard. It is
intended as a complete replacement for STP, but can still interoperate with
switches running the older standard by automatically reconfiguring ports to
STP-compliant mode if they detect STP protocol messages from attached
devices.
◆
Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) – This protocol is a direct
extension of RSTP. It can provide an independent spanning tree for different
VLANs. It simplifies network management, provides for even faster
convergence than RSTP by limiting the size of each region, and prevents VLAN
members from being segmented from the rest of the group (as sometimes
occurs with IEEE 802.1D STP).
The switch provides connectivity fault monitoring for end-to-end connections
within a designated service area by using continuity check messages which can
detect faults in maintenance points, fault verification through loop back messages,
and fault isolation with link trace messages.
Virtual LANs
The switch supports up to 4094 VLANs. A Virtual LAN is a collection of network
nodes that share the same collision domain regardless of their physical location or
connection point in the network. The switch supports tagged VLANs based on the
IEEE 802.1Q standard. Members of VLAN groups can be dynamically learned via
– 39 –
Chapter 1
Description of Software Features
| Introduction
GVRP, or ports can be manually assigned to a specific set of VLANs. This allows the
switch to restrict traffic to the VLAN groups to which a user has been assigned. By
segmenting your network into VLANs, you can:
◆
◆
◆
◆
◆
Eliminate broadcast storms which severely degrade performance in a flat
network.
Simplify network management for node changes/moves by remotely
configuring VLAN membership for any port, rather than having to manually
change the network connection.
Provide data security by restricting all traffic to the originating VLAN, except
where a connection is explicitly defined via the switch's routing service.
Use private VLANs to restrict traffic to pass only between data ports and the
uplink ports, thereby isolating adjacent ports within the same VLAN, and
allowing you to limit the total number of VLANs that need to be configured.
Use protocol VLANs to restrict traffic to specified interfaces based on protocol
type.
IEEE 802.1Q Tunneling
(QinQ)
Traffic Prioritization
Quality of Service
This feature is designed for service providers carrying traffic for multiple customers
across their networks. QinQ tunneling is used to maintain customer-specific VLAN
and Layer 2 protocol configurations even when different customers use the same
internal VLAN IDs. This is accomplished by inserting Service Provider VLAN
(SPVLAN) tags into the customer’s frames when they enter the service provider’s
network, and then stripping the tags when the frames leave the network.
This switch prioritizes each packet based on the required level of service, using
eight priority queues with strict priority, Weighted Round Robin (WRR) scheduling,
or a combination of strict and weighted queuing. It uses IEEE 802.1p and 802.1Q
tags to prioritize incoming traffic based on input from the end-station application.
These functions can
data and best-effort data.
be used to provide independent priorities for delay-sensitive
This switch also supports several common methods of prioritizing layer 3/4 traffic
to meet application requirements. Traffic can be prioritized based on the priority
bits in the IP frame’s Type of Service (ToS) octet using DSCP, or IP Precedence. When
these services are enabled, the priorities are mapped to a Class of Service value by
the switch, and the traffic then sent to the corresponding output queue.
Differentiated Services (DiffServ) provides policy-based management mechanisms
used for prioritizing network resources to meet the requirements of specific traffic
types on a per-hop basis. Each packet is classified upon entry into the network
based on access lists, IP Precedence or DSCP values, or VLAN lists. Using access lists
– 40 –
Chapter 1
Description of Software Features
allows you select traffic based on Layer 2, Layer 3, or Layer 4 information contained
in each packet. Based on network policies, different kinds of traffic can be marked
for different kinds of forwarding.
| Introduction
Ethernet Ring
Protection Switching
IP Routing
ERPS can be used to increase the availability and robustness of Ethernet rings, such
as those used in Metropolitan Area Networks (MAN). ERPS provides Layer 2 loop
avoidance and fast reconvergence in Layer 2 ring topologies, supporting up to 255
nodes in the ring structure. It can also function with IEEE 802.1ag to support link
monitoring when non-participating devices exist within the Ethernet ring.
The switch provides Layer 3 IP routing. To maintain a high rate of throughput, the
switch forwards all traffic passing within the same segment, and routes only traffic
that passes between different subnetworks. The wire-speed routing provided by
this switch lets you easily link network segments or VLANs together without having
to deal with the bottlenecks or configuration hassles normally associated with
conventional routers.
Routing for unicast traffic is supported with static routing, and Routing Information
Protocol (RIP).
Static Routing – Traffic is automatically routed between any IP interfaces
configured on the switch. Routing to statically configured hosts or subnet
addresses is provided based on next-hop entries specified in the static routing
table.
RIP – This protocol uses a distance-vector approach to routing. Routes are
determined on the basis of minimizing the distance vector, or hop count, which
serves as a rough estimate of transmission cost.
OSPF – This approach uses a link state routing protocol to generate a shortest-path
tree, then builds up its routing table based on this tree. OSPF produces a more
stable network because the participating routers act on network changes
predictably and simultaneously, converging on the best route more quickly than
RIP.BGP – This protocol uses a path vector approach to connect autonomous
systems (AS) on the Internet. BGP maintains a table of IP network prefixes which
designate network reachability among autonomous systems based the path of ASs
to the destination, and next hop information. It makes routing decisions based on
path, network policies and/or rule sets. For this reason, it is more appropriately
termed a reachability protocol rather than a routing protocol.
Policy-based Routing for BGP – The next-hop behavior for ingress IP traffic can be
determined based on matching criteria.
– 41 –
Chapter 1
Description of Software Features
| Introduction
Equal-cost Multipath
Load Balancing
Address Resolution
Protocol
When multiple paths to the same destination and with the same path cost are
found in the routing table, the Equal-cost Multipath (ECMP) algorithm first checks if
the cost is lower than that of any other routing entries. If the cost is the lowest in
the table, the switch will use up to eight paths having the lowest path cost to
balance traffic forwarded to the destination. ECMP uses either equal-cost unicast
multipaths manually configured in the static routing table, or equal-cost multipaths
dynamically detected by the Open Shortest Path Algorithm (OSPF). In other words,
it uses either static or entries, not both.
Router Redundancy
address to support a primary router and multiple backup routers. The backups can
be configured to take over the workload if the master fails or to load share the
traffic. The primary goal of this protocol is to allow a host device which has been
configured with a fixed gateway to maintain network connectivity in case the
primary gateway goes down.
The switch uses ARP and Proxy ARP to convert between IP addresses and MAC
(hardware) addresses. This switch supports conventional ARP, which locates the
MAC address corresponding to a given IP address. This allows the switch to use IP
addresses for routing decisions and the corresponding MAC addresses to forward
packets from one hop to the next. Either static or dynamic entries can be
configured in the ARP cache.
Virtual Router Redundancy Protocol (VRRP) uses a virtual IP
Operation,
Administration,
and Maintenance
Multicast Filtering
Proxy ARP allows hosts that do not support routing to determine the MAC address
of a device on another network or subnet. When a host sends an ARP request for a
remote network, the switch checks to see if it has the best route. If it does, it sends
its own MAC address to the host. The host then sends traffic for the remote
destination via the switch, which uses its own routing table to reach the destination
on the other network.
The switch provides OAM remote management tools required to monitor and
maintain the links to subscriber CPEs (Customer Premise Equipment). This section
describes functions including enabling OAM for selected ports, loopback testing,
and displaying remote device information.
Specific multicast traffic can be assigned to its own VLAN to ensure that it does not
interfere with normal network traffic and to guarantee real-time delivery by setting
the required priority level for the designated VLAN. The switch uses IGMP Snooping
and Query for IPv4 and MLD Snooping and Query for IPv6 to manage multicast
group registration. It also supports Multicast VLAN Registration (MVR for IPv4 and
MVR6 for IPv6) which allows common multicast traffic, such as television channels,
to be transmitted across a single network-wide multicast VLAN shared by hosts
residing in other standard or private VLAN groups, while preserving security and
data isolation for normal traffic.
– 42 –
Chapter 1
| Introduction
System Defaults
Link Layer Discovery
Protocol
System Defaults
LLDP is used to discover basic information about neighboring devices within the
local broadcast domain. LLDP is a Layer 2 protocol that advertises information
about the sending device and collects information gathered from neighboring
network nodes it discovers.
Advertised information is represented in Type Length Value (TLV) format according
to the IEEE 802.1ab standard, and can include details such as device identification,
capabilities and configuration settings. Media Endpoint Discovery (LLDP-MED) is an
extension of LLDP intended for managing endpoint devices such as Voice over IP
phones and network switches. The LLDP-MED TLVs advertise information such as
network policy, power, inventory, and device location details. The LLDP and LLDPMED information can be used by SNMP applications to simplify troubleshooting,
enhance network management, and maintain an accurate network topology.
The switch’s system defaults are provided in the configuration file
“Factory_Default_Config.cfg.” To reset the switch defaults, this file should be set as
the startup configuration file.
The following table lists some of the basic system defaults.
Table 2: System Defaults
Func tion Parameter Default
Console Port Connection Baud Rate 115200 bps
Data bits 8
Stop bits 1
Parity none
Local Console Timeout 600 seconds
– 43 –
Chapter 1
| Introduction
System Defaults
Table 2: System Defaults
Func tion Parameter Default
Authentication and
Security Measures
(Continued)
Privileged Exec Level Username “admin”
Normal Exec Level Username “guest”
Enable Privileged Exec from
Normal Exec Level
RADIUS Authentication Disabled
TACACS+ Authentication Disabled
802.1X Port Authentication Disabled
Web Authentication Disabled
MAC Authentication Disabled
PPPoE Intermediate Agent Disabled
HTTPS Enabled
SSH Disabled
Port Security Disabled
IP Filtering Disabled
Password “admin”
Password “guest”
Password “super”
DHCP Snooping Disabled
IP Source Guard Disabled (all ports)
Web Management HTTP Server Enabled
HTTP Port Number 80
HTTP Secure Server Enabled
HTTP Secure Server Port 443
SNMP SNMP Agent Enabled
Community Strings “public” (read only)
Traps Authentication traps: enabled
SNMP V3 View: defaultview
Port Configuration Admin Status Enabled
Auto-negotiation Enabled
Flow Control Disabled
Port Trunking Static Trunks None
“private” (read/write)
Link-up-down events: enabled
Group: public (read only); private
(read/write)
LACP (all ports) Disabled
– 44 –
Chapter 1
| Introduction
System Defaults
Table 2: System Defaults
Func tion Parameter Default
Congestion Control Rate Limiting Disabled
Address Table Aging Time 300 seconds
Spanning Tree Algorithm Status Enabled, RSTP
LLDP Status Enabled
ERPS Status Disabled
CFM Status Enabled
OAM Status Disabled
Virtual LANs Default VLAN 1
(Continued)
Storm Control Broadcast: Enabled
(64 kbits/sec)
Multicast: Disabled
Unknown Unicast: Disabled
Auto Traffic Control Disabled
(Defaults: RSTP standard)
Edge Ports Disabled
PVID 1
Acceptable Frame Type All
Ingress Filtering Disabled
Switchport Mode (Egress Mode) Hybrid
GVRP (global) Disabled
GVRP (port interface) Disabled
QinQ Tunneling Disabled
Traffic Prioritization Ingress Port Priority 0
Queue Mode WRR
Queue Weight Queue: 0 1 2 3 4 5 6 7
Weight: 1 2 4 6 8 10 12 14
Class of Service Enabled
IP Precedence Priority Disabled
IP DSCP Priority Disabled
IP Settings Management. VLAN VLAN 1
IP Address DHCP assigned
Subnet Mask 255.255.255.0
Default Gateway Not configured
DHCP Client: Enabled
DNS Proxy service: Disabled
BOOTP Disabled
– 45 –
Chapter 1
| Introduction
System Defaults
Table 2: System Defaults
Func tion Parameter Default
Unicast Routing RIP Disabled
Multicast Filtering IGMP Snooping (Layer 2) Snooping: Enabled
System Log Status Enabled
(Continued)
ARP Enabled
Cache Timeout: 20 minutes
Proxy: Disabled
OSPF Disabled
Querier: Disabled
MLD Snooping (Layer 2 IPv6) Snooping: Enabled
Querier: Disabled
Multicast VLAN Registration Disabled
IGMP Proxy Reporting Disabled
IGMP (Layer 3)
IGMP Proxy (Layer 3)
Messages Logged to RAM Levels 0-7 (all)
Messages Logged to Flash Levels 0-3
Disabled
Disabled
SMTP Email Alerts Event Handler Enabled (but no server defined)
SNTP Clock Synchronization Disabled
Switch Clustering Status Disabled
Commander Disabled
– 46 –
Section II
Web Configuration
This section describes the basic switch features, along with a detailed description of
how to configure each feature via a web browser.
This section includes these chapters:
◆
"Using the Web Interface" on page 49
◆
"Basic Management Tasks" on page 71
◆
"Interface Configuration" on page 107
◆
"VLAN Configuration" on page 153
◆
"Address Table Settings" on page 187
◆
"Spanning Tree Algorithm" on page 197
◆
"Congestion Control" on page 221
◆
"Class of Service" on page 231
◆
"Quality of Service" on page 245
◆
"VoIP Traffic Configuration" on page 261
◆
"Security Measures" on page 267
◆
"Basic Administration Protocols" on page 377
◆
"Multicast Filtering" on page 525
◆
"IP Configuration" on page 597
◆
"IP Services" on page 621
◆
"General IP Routing" on page 635
– 47 –
Section II
| Web Configuration
◆
"Unicast Routing" on page 651
– 48 –
2
Using the Web Interface
This switch provides an embedded HTTP web agent. Using a web browser you can
configure the switch and view statistics to monitor network activity. The web agent
can be accessed by any computer on the network using a standard web browser
(Internet Explorer 6, Mozilla Firefox 4, or Google Chrome 29, or more recent
versions).
Note:
You can also use the Command Line Interface (CLI) to manage the switch
over a serial connection to the console port or via Telnet. For more information on
using the CLI, refer to the CLI Reference Guide.
Connecting to the Web Interface
Prior to accessing the switch from a web browser, be sure you have first performed
the following tasks:
1.
Configure the switch with a valid IP address, subnet mask, and default gateway
using an out-of-band serial connection, BOOTP or DHCP protocol. (See “Initial
Switch Configuration” in the CLI Reference Guide.)
2.
Set user names and passwords using an out-of-band serial connection. Access
to the web agent is controlled by the same user names and passwords as the
onboard configuration program. (See “Configuring User Accounts” on
page 284.)
3.
After you enter a user name and password, you will have access to the system
configuration program.
Note:
You are allowed three attempts to enter the correct password; on the third
failed attempt the current connection is terminated.
Note:
If you log into the web interface as guest (Normal Exec level), you can view
the configuration settings or change the guest password. If you log in as “admin”
(Privileged Exec level), you can change the settings on any page.
Note:
If the path between your management station and this switch does not pass
through any device that uses the Spanning Tree Algorithm, then you can set the
switch port attached to your management station to fast forwarding (i.e., enable
Admin Edge Port) to improve the switch’s response time to management
– 49 –
Chapter 2
Navigating the Web Browser Interface
| Using the Web Interface
commands issued through the web interface. See “Configuring Interface Settings
for STA” on page 207.
Note:
input is detected for 600 seconds.
Note:
link local address.
Users are automatically logged off of the HTTP server or HTTPS server if no
Connection to the web interface is not supported for HTTPS using an IPv6
Navigating the Web Browser Interface
To access the web-browser interface you must first enter a user name and
password. The administrator has Read/Write access to all configuration parameters
and statistics. The default user name and password for the administrator is “admin.”
The administrator has full access privileges to configure any parameters in the web
interface. The default user name and password for guest access is “guest.” The guest
only has read access for most configuration parameters. Refer to “Configuring User
Accounts” on page 284 for more details.
Home Page
When your web browser connects with the switch’s web agent, the home page is
displayed as shown below. The home page displays the Main Menu on the left side
of the screen and System Information on the right side. The Main Menu links are
used to navigate to other menus, and display configuration parameters and
statistics.
Figure 1: Home Page
Note: This manual covers the GTL-2881 Gigabit Ethernet switch and GTL-2882
Gigabit Ethernet Fiber switch. Other than the difference in port types, there are no
– 50 –
Chapter 2
GTL-2881
GTL-2882
Navigating the Web Browser Interface
| Using the Web Interface
significant differences. The panel graphics for both switch types are shown on the
following page.
Configuration Options
Note:
You can open a connection to the vendor’s web site by clicking on the
levelone logo.
Configurable parameters have a dialog box or a drop-down list. Once a
configuration change has been made on a page, be sure to click on the Apply
button to confirm the new setting. The following table summarizes the web page
configuration buttons.
Table 3: Web Page Configuration Buttons
Button Action
Apply Sets specified values to the system.
Revert Cancels specified values and restores current
values prior to pressing “Apply.”
Displays help for the selected page.
Refreshes the current page.
Displays the site map.
Panel Display
Logs out of the management interface.
Sends mail to the vendor.
Links to the vendor’s web site.
The web agent displays an image of the switch’s ports. The Mode can be set to
display different information for the ports, including Active (i.e., up or down),
Duplex (i.e., half or full duplex), or Flow Control (i.e., with or without flow control).
Figure 2: Front Panel Indicators
N
OTE
:
If stacking is enabled, stacking ports 25/26 are not displayed on the panel
graphic.
– 51 –
Chapter 2
| Using the Web Interface
Navigating the Web Browser Interface
Main Menu
Using the onboard web agent, you can define system parameters, manage and
control the switch, and all its ports, or monitor network conditions. The following
table briefly describes the selections available from this program.
Table 4: Switch Main Menu
Menu Description Page
System
General Provides basic system description, including contact information 72
Switch Shows the number of ports, hardware version, power status, and
firmware version numbers
Capability Enables support for jumbo frames;
shows the bridge extension parameters
File 77
Copy Allows the transfer and copying files 77
Set Startup Sets the startup file 80
Show Shows the files stored in flash memory; allows deletion of files 81
Automatic Operation Code Upgrade Automatically upgrades operation code if a newer version is
found on the server
Time 85
73
74,
75
81
Configure General
Manual Manually sets the current time 86
SNTP Configures SNTP polling interval 87
NTP Configures NTP authentication parameters 87
Configure Time Server Configures a list of SNTP servers 88
Configure SNTP Server Sets the IP address for SNTP time servers 88
Add NTP Server Adds NTP time server and index of authentication key 89
Show NTP Server Shows list of configured NTP time servers 89
Add NTP Authentication Key Adds key index and corresponding MD5 key 91
Show NTP Authentication Key Shows list of configured authentication keys 91
Configure Time Zone Sets the local time zone for the system clock 92
Configure Summer Time Configures summer time settings 93
Console Sets console port connection parameters 95
Tel net Se t s Telnet co n nection param ete r s 97
CPU Utilization Displays information on CPU utilization 98
Memory Status Shows memory utilization parameters 99
Stacking Configure stacking functions 100
Configure Master Button Set Master unit for stack 100
Configure Stacking Button Enable stacking on 10G ports 101
– 52 –
Chapter 2
| Using the Web Interface
Navigating the Web Browser Interface
Table 4: Switch Main Menu
Menu Description Page
Renumber Reset stack identification numbers 102
Reset Restarts the switch immediately, at a specified time, after a specified
Interface 107
Port 108
General 108
Configure by Port List Configures connection settings per port 108
Configure by Port Range Configures connection settings for a range of ports 111
Show Information Displays port connection status 111
Mirror 112
Add Sets the source and target ports for mirroring 112
Show Shows the configured mirror sessions 112
Statistics Shows Interface, Etherlike, and RMON port statistics 119
Chart Shows Interface, Etherlike, and RMON port statistics 119
Transceiver Shows identifying information and operational parameters for optical
(Continued)
delay, or at a periodic interval
transceivers which support Digital Diagnostic Monitoring (DDM), and
configures thresholds for alarm and warning messages for optical
transceivers which support DDM
103
123
124
Cable Test Performs cable diagnostics for selected port to diagnose any cable
faults (short, open etc.) and report the cable length
Trunk 128
Static 129
Configure Trunk 129
Add Creates a trunk, along with the first port member 129
Show Shows the configured trunk identifiers 129
Add Member Specifies ports to group into static trunks 129
Show Member Shows the port members for the selected trunk 129
Configure General 129
Configure Configures trunk connection settings 129
Show Information Displays trunk connection settings 129
Dynamic 132
Configure Aggregator Configures administration key and timeout for specific LACP
groups
Configure Aggregation Port 129
Configure 129
126
132
General Allows ports to dynamically join trunks 132
– 53 –
Chapter 2
| Using the Web Interface
Navigating the Web Browser Interface
Table 4: Switch Main Menu
Menu Description Page
Actor Configures parameters for link aggregation group members on the
Partner Configures parameters for link aggregation group members on the
Show Information 138
Counters Displays statistics for LACP protocol messages 138
Internal Displays configuration settings and operational state for the local side
Neighbors Displays configuration settings and operational state for the remote
Configure Trunk 132
Configure Configures connection settings 132
Show Displays port connection status 132
Show Member Shows the active members in a trunk 132
Statistics Shows Interface, Etherlike, and RMON port statistics 119
Chart Shows Interface, Etherlike, and RMON port statistics 119
(Continued)
132
local side
132
remote side
139
of a link aggregation
141
side of a link aggregation
Load Balance Sets the load-distribution method among ports in aggregated links 142
Green Ethernet Adjusts the power provided to ports based on the length of the cable
used to connect to other devices
RSPAN Mirrors traffic from remote switches for analysis at a destination port on
the local switch
Traffic Segmentation 146
Configure Global Enables traffic segmentation globally 146
Configure Session Configures the uplink and down-link ports for a segmented group of
ports
VLAN Trunking Allows unknown VLAN groups to pass through the specified interface 149
VLAN Virtual LAN 153
Static
Add Creates VLAN groups 156
Show Displays configured VLAN groups 156
Modify Configures group name and administrative status 156
Edit Member by VLAN Specifies VLAN attributes per VLAN 159
Edit Member by Interface Specifies VLAN attributes per interface 159
Edit Member by Interface Range Specifies VLAN attributes per interface range 159
144
114
147
Dynamic
Configure General Enables GVRP VLAN registration protocol globally 163
Configure Interface Configures GVRP status and timers per interface 163
– 54 –
Chapter 2
| Using the Web Interface
Navigating the Web Browser Interface
Table 4: Switch Main Menu
Menu Description Page
Show Dynamic VLAN 163
Show VLAN Shows the VLANs this switch has joined through GVRP 163
Show VLAN Member Shows the interfaces assigned to a VLAN through GVRP 163
Tunnel IEEE 802.1Q (QinQ) Tunneling 166
Configure Global Sets tunnel mode for the switch 170
Configure Service Sets a CVLAN to SPVLAN mapping entry 172
Configure Interface Sets the tunnel mode for any participating interface 173
Protocol 175
Configure Protocol 175
Add Creates a protocol group, specifying supported protocols 175
Show Shows configured protocol groups 175
Configure Interface 177
Add Maps a protocol group to a VLAN 177
Show Shows the protocol groups mapped to each VLAN 177
(Continued)
IP Subnet 179
Add Maps IP subnet traffic to a VLAN 179
Show Shows IP subnet to VLAN mapping 179
MAC-Based 181
Add Maps traffic with specified source MAC address to a VLAN 181
Show Shows source MAC address to VLAN mapping 181
Mirror 183
Add Mirrors traffic from one or more source VLANs to a target port 183
Show Shows mirror list 183
Translation 185
Add Maps VLAN IDs between the customer and service provider 185
Show Displays the configuration settings for VLAN translation 185
MAC Address 187
Learning Status Enables MAC address learning on selected interfaces 187
Static 189
Add Configures static entries in the address table 189
Show Displays static entries in the address table 189
Dynamic
Configure Aging Sets timeout for dynamically learned entries 191
Show Dynamic MAC Displays dynamic entries in the address table 191
– 55 –
Chapter 2
| Using the Web Interface
Navigating the Web Browser Interface
Table 4: Switch Main Menu
Menu Description Page
Clear Dynamic MAC Removes any learned entries from the forwarding database and clears
Mirror Mirrors traffic matching a specified source address from any port on the
MAC Notification 195
Configure Global Issues a trap when a dynamic MAC address is added or removed. 195
Configure Interface Enables MAC authentication traps on the current interface. 195
Spanning Tree 197
Loopback Detection Configures Loopback Detection parameters 199
STA Spanning Tree Algorithm
Configure Global
Configure Configures global bridge settings for STP, RSTP and MSTP 201
Show Information Displays STA values used for the bridge 206
Configure Interface
Configure Configures interface settings for STA 207
(Continued)
193
the transmit and receive counts for any static or system configured
entries
194
switch to a target port
Show Information Displays interface settings for STA 212
MSTP Multiple Spanning Tree Algorithm 214
Configure Global 214
Add Configures initial VLAN and priority for an MST instance 214
Modify Configures the priority or an MST instance 214
Show Configures global settings for an MST instance 214
Add Member Adds VLAN members for an MST instance 214
Show Member Adds or deletes VLAN members for an MST instance 214
Show Information Displays MSTP values used for the bridge
Configure Interface 219
Configure Configures interface settings for an MST instance 219
Show Information Displays interface settings for an MST instance 219
Traffic
Rate Limit Sets the input and output rate limits for a port 221
Storm Control Sets the broadcast storm threshold for each interface 222
Auto Traffic Control Sets thresholds for broadcast and multicast storms which can be used
to trigger configured rate limits or to shut down a port
224
Configure Global Sets the time to apply the control response after traffic has exceeded
the upper threshold, and the time to release the control response after
traffic has fallen beneath the lower threshold
– 56 –
225
Chapter 2
| Using the Web Interface
Navigating the Web Browser Interface
Table 4: Switch Main Menu
Menu Description Page
Configure Interface Sets the storm control mode (broadcast or multicast), the traffic
Priority
Default Priority Sets the default priority for each port or trunk 231
Queue Sets queue mode for the switch; sets the service weight for each queue
Trust Mode Selects DSCP or CoS priority processing 238
DSCP to DSCP 239
Add Maps DSCP values in incoming packets to per-hop behavior and drop
Show Shows the DSCP to DSCP mapping list 239
CoS to DSCP 242
Add Maps CoS/CFI values in incoming packets to per-hop behavior and drop
Show Shows the CoS to DSCP mapping list 242
PHB to Queue 235
(Continued)
227
thresholds, the control response, to automatically release a response of
rate limiting, or to send related SNMP trap messages
232
that will use a weighted or hybrid mode
239
precedence values for internal priority processing
242
precedence values for priority processing
Add Maps internal per-hop behavior values to hardware queues 235
Show Shows the PHB to Queue mapping list 235
DiffServ 245
Configure Class 246
Add Creates a class map for a type of traffic 246
Show Shows configured class maps 246
Modify Modifies the name of a class map 246
Add Rule Configures the criteria used to classify ingress traffic 246
Show Rule Shows the traffic classification rules for a class map 246
Configure Policy 250
Add Creates a policy map to apply to multiple interfaces 250
Show Shows configured policy maps 250
Modify Modifies the name of a policy map 250
Add Rule Sets the boundar y parameters used for monitoring inbound traffic, and
the action to take for conforming and non-conforming traffic
Show Rule Shows the rules used to enforce bandwidth policing for a policy map 250
Configure Interface Applies a policy map to an ingress port 259
250
VoIP Voice over IP 261
Configure Global Configures auto-detection of VoIP traffic, sets the Voice VLAN, and VLAN
aging time
262
– 57 –
Chapter 2
| Using the Web Interface
Navigating the Web Browser Interface
Table 4: Switch Main Menu
Menu Description Page
Configure OUI 263
Add Maps the OUI in the source MAC address of ingress packets to the VoIP
Show Shows the OUI telephony list 263
Configure Interface Configures VoIP traffic settings for ports, including the way in which a
Security 267
AAA Authentication, Authorization and Accounting 268
System Authentication Configures authentication sequence – local, RADIUS, and TACACS 269
Server 270
Configure Server Configures RADIUS and TACACS server message exchange settings 270
Configure Group 270
Add Specifies a group of authentication servers and sets the priority
Show Shows the authentication server groups and priority sequence 270
(Continued)
263
device manufacturer
264
port is added to the Voice VLAN, filtering of non-VoIP packets, the
method of detecting VoIP traffic, and the priority assigned to the voice
traffic
270
sequence
Accounting Enables accounting of requested services for billing or security
purposes
Configure Global Specifies the interval at which the local accounting service updates
information to the accounting server
Configure Method 275
Add Configures accounting for various service types 275
Show Shows the accounting settings used for various service types 275
Configure Service Sets the accounting method applied to specific interfaces for 802.1X,
CLI command privilege levels for the console port, and for Telnet
Show Information 275
Summary Shows the configured accounting methods, and the methods applied
to specific interfaces
Statistics Shows basic accounting information recorded for user sessions 275
Authorization Enables authorization of requested services 281
Configure Method 281
Add Configures authorization for various service types 281
Show Shows the authorization settings used for various service types 281
Configure Service Sets the authorization method applied used for the console port, and
for Telnet
275
275
275
275
281
Show I nformation Shows the configured authorization methods, and the methods applied
to specific interfaces
User Accounts 284
Add Configures user names, passwords, and access levels 284
281
– 58 –
Chapter 2
| Using the Web Interface
Navigating the Web Browser Interface
Table 4: Switch Main Menu
Menu Description Page
Show Shows authorized users 284
Modify Modifies user attributes 284
Web Authentication Allows authentication and access to the network when 802.1X or
Configure Global Configures general protocol settings 287
Configure Interface Enables Web Authentication for individual ports 288
Network Access MAC address-based network access authentication 289
Configure Global Enables aging for authenticated MAC addresses, and sets the time
Configure Interface 292
General Enables MAC authentication on a port; sets the maximum number of
Link Detection Configures detection of changes in link status, and the response (i.e.,
Configure MAC Filter 295
Add Specifies MAC addresses exempt from authentication 295
(Continued)
286
Network Access authentication are infeasible or impractical
291
period after which a connected MAC address must be reauthenticated
292
address that can be authenticated, the guest VLAN, dynamic VLAN and
dynamic QoS
294
send trap or shut down port)
Show Shows the list of exempt MAC addresses 295
Show Information Shows the authenticated MAC address list 297
HTTPS Secure HTTP 299
Configure Global Enables HTTPs, and specifies the UDP port to use 299
Copy Certificate Replaces the default secure-site certificate 300
SSH Secure Shell 302
Configure Global Configures SSH server settings 304
Configure Host Key 306
Generate Generates the host key pair (public and private) 306
Show Displays RSA and DSA host keys; deletes host keys 306
Configure User Key 307
Copy Imports user public keys from TFTP server 307
Show Displays RSA and DSA user keys; deletes user keys 307
ACL Access Control Lists 309
Configure Time Range Configures the time to apply an ACL 310
Add Specifies the name of a time range 310
Show Shows the name of configured time ranges 310
Add Rule 310
Absolute Sets exact time or time range 310
Periodic Sets a recurrent time 310
– 59 –
Chapter 2
| Using the Web Interface
Navigating the Web Browser Interface
Table 4: Switch Main Menu
Menu Description Page
Show Rule Shows the time specified by a rule 310
Configure ACL 314
Show TCAM Shows utilization parameters for TCAM 313
Add Adds an ACL based on IP or MAC address filtering 314
Show Shows the name and type of configured ACLs 314
Add Rule Configures packet filtering based on IP or MAC addresses and other
Show Rule Shows the rules specified for an ACL 314
Configure Interface Binds a port to the specified ACL and time range
Configure Binds a port to the specified ACL and time range 326
Add Mirror MIrrors matching traffic to the specified port 327
Show Mirror Shows ACLs mirrored to specified port 327
Show Hardware Counters Shows statistics for ACL hardware counters 329
ARP Inspection 330
Configure General Enables inspection globally, configures validation of additional address
(Continued)
314
packet attributes
331
components, and sets the log rate for packet inspection
Configure VLAN Enables ARP inspection on specified VLANs 333
Configure Interface Sets the trust mode for ports, and sets the rate
limit for packet inspection
Show Information 336
Show Statistics Displays statistics on the inspection process 336
Show Log Shows the inspection log list 337
IP Filter 338
Add Sets IP addresses of clients allowed management access via the web,
SNMP, and Telnet
Show Shows the addresses to be allowed management access 338
Port Security Configures per port security, including status, response for security
breach, and maximum allowed MAC addresses
Port Authentication IEEE 802.1X 342
Configure Global Enables authentication and EAPOL pass-through 344
Configure Interface Sets authentication parameters for individual ports 345
Show Statistics Displays protocol statistics for the selected port 352
DoS Protection Protects against Denial-of-Service attacks 354
335
338
340
– 60 –
Chapter 2
| Using the Web Interface
Navigating the Web Browser Interface
Table 4: Switch Main Menu
Menu Description Page
IP Source Guard Filters IP traffic based on static entries in the IP Source Guard table, or
Port Configuration Enables IP source guard and selects filter type per port 357
Static Binding 359
Configure ACL Table 359
Add Adds static addresses to the source guard ACL binding table 359
Show Shows static addresses in the source guard ACL binding table 359
Configure MAC Table 359
Add Adds static addresses to the source guard MAC address binding table 359
Show Shows static addresses in the source guard MAC address binding table 359
Dynamic Binding Displays the source-guard binding table for a selected interface 362
IPv6 Source Guard Filters IPv6 traffic based on static entries in the IP Source Guard table, or
Port Configuration Enables IPv6 source guard and selects filter type per port 363
Static Binding 365
(Continued)
357
dynamic entries in the DHCP Snooping table
363
dynamic entries in the DHCP Snooping table
Add Adds a static addresses to the source-guard binding table 365
Show Shows static addresses in the source-guard binding table 365
Dynamic Binding Displays the source-guard binding table for a selected interface 368
Administration 377
Log 378
System 378
Configure Global Stores error messages in local memory 378
Show System Logs Shows logged error messages 378
Remote Configures the logging of messages to a remote logging process 380
SMTP Sends an SMTP client message to a participating server 381
LLDP 383
Configure Global Configures global LLDP timing parameters 383
Configure Interface 385
Configure General Sets the message transmission mode; enables SNMP notification; and
sets the LLDP attributes to advertise
Add CA-Type Specifies the physical location of the device attached to an interface 389
Show Local Device Information 391
385
General Displays general information about the local device 391
Port/Trunk Displays information about each interface 391
– 61 –
Chapter 2
| Using the Web Interface
Navigating the Web Browser Interface
Table 4: Switch Main Menu
Menu Description Page
Show Remote Device Information 394
Port/Trunk Displays information about a remote device connected to a port on this
Port/Trunk Details Displays detailed information about a remote device connected to this
Show Device Statistics 403
General Displays statistics for all connected remote devices 403
Port/Trunk Displays statistics for remote devices on a selected port or trunk 403
SNMP Simple Network Management Protocol 405
Configure Global Enables SNMP agent status, and sets related trap functions 407
Configure Engine 408
Set Engine ID Sets the SNMP v3 engine ID on this switch 408
Add Remote Engine Sets the SNMP v3 engine ID for a remote device 409
Show Remote Engine Shows configured engine ID for remote devices 409
Configure View 411
(Continued)
394
switch
394
switch
Add View Adds an SNMP v3 view of the OID MIB 411
Show View Shows configured SNMP v3 views 411
Add OID Subtree Specifies a part of the subtree for the selected view 411
Show OID Subtree Shows the subtrees assigned to each view 411
Configure Group 413
Add Adds a group with access policies for assigned users 413
Show Shows configured groups and access policies 413
Configure User
Add Community Configures community strings and access mode 419
Show Community Shows community strings and access mode 419
Add SNMPv3 Local User Configures SNMPv3 users on this switch 420
Show SNMPv3 Local User Shows SNMPv3 users configured on this switch 420
Change SNMPv3 Local User Group Assign a local user to a new group 420
Add SNMPv3 Remote User Configures SNMPv3 users from a remote device 423
Show SNMPv3 Remote User Shows SNMPv3 users set from a remote device 420
Configure Trap 426
Add Configures trap managers to receive messages on key events that occur
on this switch
426
Show Shows configured trap managers 426
Configure Notify Filter
Add Creates an SNMP notification log 430
– 62 –
Chapter 2
| Using the Web Interface
Navigating the Web Browser Interface
Table 4: Switch Main Menu
Menu Description Page
Show Shows the configured notification logs 430
Show Statistics Shows the status of SNMP communications 432
RMON Remote Monitoring 434
Configure Global
Add
Alarm Sets threshold bounds for a monitored variable 434
Event Creates a response event for an alarm 437
Show 434
Alarm Shows all configured alarms 434
Event Shows all configured events 437
Configure Interface
Add
History Periodically samples statistics on a physical interface 439
Statistics Enables collection of statistics on a physical interface 442
(Continued)
Show
History Shows sampling parameters for each entry in the history group 439
Statistics Shows sampling parameters for each entry in the statistics group 442
Show Details
History Shows sampled data for each entry in the history group 439
Statistics Shows sampled data for each entry in the history group 442
Cluster 444
Configure Global Globally enables clustering for the switch; sets Commander status 445
Configure Member Adds switch Members to the cluster 446
Show Member Shows cluster switch member; managed switch members 448
ERPS Ethernet Ring Protection Switching 449
Configure Global Activates ERPS globally 453
Configure Domain 454
Add Creates an ERPS ring 454
Show Shows list of configured ERPS rings, status, and settings 454
Configure Details Configures ring parameters 454
Configure Operation Blocks a ring port using Forced Switch or Manual Switch
commands
470
CFM Connectivity Fault Management 474
Configure Global Configures global settings, including administrative status, cross-check
start delay, link trace, and SNMP traps
478
– 63 –
Chapter 2
| Using the Web Interface
Navigating the Web Browser Interface
Table 4: Switch Main Menu
Menu Description Page
Configure Interface Configures administrative status on an interface 481
Configure MD Configure Maintenance Domains 481
Add Defines a portion of the network for which connectivity faults can
Configure Details Configures the archive hold time and fault notification settings 481
Show Shows list of configured maintenance domains 481
Configure MA Configure Maintenance Associations 486
Add Defines a unique CFM service instance, identified by its parent MD, the
Configure Details Configures detailed settings, including continuity check status and
Show Shows list of configured maintenance associations 486
Configure MEP Configures Maintenance End Points 490
Add Configures MEPs at the domain boundary to provide management
(Continued)
481
be man aged, ide nti fie d by an MD i ndex, mai nte nan ce lev el, an d th e MI P
creation method
486
MA index, the VLAN assigned to the MA, and the MIP creation method
486
interval level, cross-check status, and alarm indication signal
parameters
490
access for each maintenance association
Show Shows list of configured maintenance end points 490
Configure Remote MEP Configures Remote Maintenance End Points 492
Add Configures a static list of remote MEPs for comparison against
the MEPs learned through continuity check messages
Show Shows list of configured remote maintenance end points 492
Transmit Link Trace Sends link trace messages to isolate connectivity faults by
tracing the path through a network to the designated target node
Transmit Loopback Sends loopback messages to isolate connectivity faults by requesting a
target node to echo the message back to the source
Transmit Delay Measure Sends periodic delay-measure requests to a specified MEP within a
maintenance association
Show Information
Show Local MEP Shows the MEPs configured on this device 500
Show Local MEP Details Displays detailed CFM information about a specified local MEP in the
continuity check database
Show Local MIP Shows the MIPs on this device discovered by the CFM protocol 503
Show Remote MEP Shows MEPs located on other devices which have been discovered
through continuity check messages, or statically configured in the MEP
database
Show Remote MEP Details Displays detailed CFM information about a specified remote MEP in the
continuity check database
492
494
496
498
501
504
505
Show Link Trace Cache Shows information about link trace operations launched from this
device
Show Fault Notification Generator Displays configuration settings for the fault notification generator 508
507
– 64 –
Chapter 2
| Using the Web Interface
Navigating the Web Browser Interface
Table 4: Switch Main Menu
Menu Description Page
Show Continuity Check Error Displays CFM continuity check errors logged on this device 509
OAM Operation, Administration, and Maintenance 510
Interface Enables OAM on specified port, sets the mode to active or passive, and
Counters Displays statistics on OAM PDUs 513
Event Log Displays the log for recorded link events 514
Remote Interface Displays information about attached OAM-enabled devices 515
Remote Loopback Performs a loopback test on the specified port 516
UDLD UniDirectional Link Detection 519
Configure Global Configures the message probe interval, detection interval, and recovery
Configure Interface Enables UDLD and aggressive mode which reduces the shut-down
Show Information Displays UDLD neighbor information, including neighbor state,
IP 597
(Continued)
510
enables the reporting of critical events or errored frame events
520
interval
521
delay after loss of bidirectional connectivity is detected
523
expiration time, and protocol intervals
General
Routing Interface
Add Address Configures an IP interface for a VLAN 597
Show Address Shows the IP interfaces assigned to a VLAN 597
Ping Sends ICMP echo request packets to another node on the network 639
Trace Route Shows the route packets take to the specified
destination
ARP Address Resolution Protocol 642
Configure General Sets the aging time for dynamic entries in the ARP cache 642
Configure Static Address 644
Add Statically maps a physical address to an IP address 644
Show Shows the MAC to IP address static table 644
Show Information Shows entries in the Address Resolution Protocol (ARP) cache
Dynamic Address Shows dynamically learned entries in the IP routing table 646
Other Address Shows internal addresses used by the switch 646
Statistics Shows statistics on ARP requests sent and received 646
Routing
640
Static Routes 647
Add Configures static routing entries 647
Show Shows static routing entries 647
– 65 –
Chapter 2
| Using the Web Interface
Navigating the Web Browser Interface
Table 4: Switch Main Menu
Menu Description Page
Routing Table
Show Information Shows all routing entries, including local, static and dynamic routes 649
IPv6 Configuration 601
Configure Global Sets an IPv6 default gateway for traffic with no known next hop 602
Configure Interface Configures IPv6 interface address using auto-configuration or link-local
Add IPv6 Address Adds an global unicast, EUI-64, or link-local IPv6 address to an interface 608
Show IPv6 Address Show the IPv6 addresses assigned to an interface 611
Show IPv6 Neighbor Cache Displays information in the IPv6 neighbor discovery cache 612
Show Statistics 613
IPv6 Shows statistics about IPv6 traffic 613
ICMPv6 Shows statistics about ICMPv6 messages 613
UDP Shows statistics about UDP messages 613
Show MTU Shows the maximum transmission unit (MTU) cache for destinations
(Continued)
603
address, and sets related protocol settings
619
that have returned an ICMP packet-too-big message along with an
acceptable MTU to this switch
IP Service 621
DNS Domain Name Service 621
General 621
Configure Global Enables DNS lookup; defines the default domain name appended to
incomplete host names
Add Domain Name Defines a list of domain names that can
be appended to incomplete host names
Show Domain Names Shows the configured domain name list 622
Add Name Server Specifies IP address of name servers for dynamic lookup 624
Show Name Servers Shows the name server address list 624
Static Host Table 625
Add Configures static entries for domain name to address mapping 625
Show Shows the list of static mapping entries 625
Modify Modifies the static address mapped to the selected host name 625
Cache Displays cache entries discovered by designated
name servers
DHCP Dynamic Host Configuration Protocol 627
Client Specifies the DHCP client identifier for an interface 627
621
622
626
Relay Specifies DHCP relay servers 629
– 66 –
Chapter 2
| Using the Web Interface
Navigating the Web Browser Interface
Table 4: Switch Main Menu
Menu Description Page
Snooping 369
Configure Global Enables DHCP snooping globally, MAC-address verification,
Configure VLAN Enables DHCP snooping on a VLAN 373
Configure Interface Sets the trust mode for an interface 374
Show Information Displays the DHCP Snooping binding information 375
PPPoE Intermediate Agent Point-to-Point Protocol over Ethernet Intermediate Agent 630
Configure Global Enables PPPoE IA on the switch, sets access node identifier, sets generic
Configure Interface Enables PPPoE IA on an interface, sets trust status, enables vendor tag
Show Statistics Shows statistics on PPPoE IA protocol messages 633
Multicast 525
IGMP Snooping 526
General Enables multicast filtering; configures parameters for multicast
(Continued)
371
information option; and sets the information policy
630
error message
632
stripping, sets circuit ID and remote ID
528
snooping
Multicast Router 532
Add Static Multicast Router Assigns ports that are attached to a neighboring multicast router 532
Show Static Multicast Router Displays ports statically configured as attached to a neighboring
multicast router
Show Current Multicast Router Displays ports attached to a neighboring multicast router, either
through static or dynamic configuration
IGMP Member 534
Add Static Member Statically assigns multicast addresses to the selected VLAN 534
Show Static Member Shows multicast addresses statically configured on the selected VLAN 534
Interface 537
Configure VLAN Configures IGMP snooping per VLAN interface 537
Show VLAN Information Shows IGMP snooping settings per VLAN interface 537
Configure Port Configures the interface to drop IGMP query packets or all multicast
data packets
Configure Trunk Configures the interface to drop IGMP query packets or all multicast
data packets
Forwarding Entry Displays the current multicast groups learned through IGMP Snooping 544
Filter 549
Configure General Enables IGMP filtering for the switch 549
532
532
543
543
Configure Profile 550
Add Adds IGMP filter profile; and sets access mode 550
Show Shows configured IGMP filter profiles 550
– 67 –
Chapter 2
| Using the Web Interface
Navigating the Web Browser Interface
Table 4: Switch Main Menu
Menu Description Page
Add Multicast Group Range Assigns multicast groups to selected profile 550
Show Multicast Group Range Shows multicast groups assigned to a profile 550
Configure Interface Assigns IGMP filter profiles to port interfaces and sets throttling action 552
Statistics 545
Show Query Statistics Shows statistics for query-related messages 545
Show VLAN Statistics Shows statistics for protocol messages, number of active groups 545
Show Port Statistics Shows statistics for protocol messages, number of active groups 545
Show Trunk Statistics Shows statistics for protocol messages, number of active groups 545
MLD Snooping 554
General Enables multicast filtering; configures parameters for IPv6 multicast
Interface Configures Immediate Leave status for a VLAN 556
Multicast Router 557
Add Static Multicast Router Assigns ports that are attached to a neighboring multicast router 557
Show Static Multicast Router Displays ports statically configured as attached to a neighboring
(Continued)
554
snooping
557
multicast router
Show Current Multicast Router Displays ports attached to a neighboring multicast router, either
through static or dynamic configuration
MLD Member 559
Add Static Member Statically assigns multicast addresses to the selected VLAN 559
Show Static Member Shows multicast addresses statically configured on the selected VLAN 559
Show Current Member Shows multicast addresses associated with the selected VLAN, either
through static or dynamic configuration
Group Information Displays known multicast groups, member ports, the means by which
each group was learned, and the corresponding source list
MVR Multicast VLAN Registration 562
Configure Global Configures proxy switching and robustness value 564
Configure Domain Enables MVR for a domain, sets the MVR VLAN, forwarding priority, and
upstream source IP
Configure Profile 567
Add Configures multicast stream addresses 567
Show Shows multicast stream addresses 567
Associate Profile 567
Add Maps an address profile to a domain 567
Show Shows addresses profile to domain mapping 567
557
559
561
566
Configure In terface Configures MVR interface type and immediate leave mode; also displays
MVR operational and active status
– 68 –
570
Chapter 2
| Using the Web Interface
Navigating the Web Browser Interface
Table 4: Switch Main Menu
Menu Description Page
Configure Static Group Member 572
Add Statically assigns MVR multicast streams to an interface 572
Show Shows MVR multicast streams assigned to an interface 572
Show Member Shows the multicast groups assigned to an MVR VLAN, the source
Show Statistics 575
Show Query Statistics Shows statistics for query-related messages 575
Show VLAN Statistics Shows statistics for protocol messages and number of active groups 575
Show Port Statistics Shows statistics for protocol messages and number of active groups 575
Show Trunk Statistics Shows statistics for protocol messages and number of active groups 575
MVR6 Multicast VLAN Registration for IPv6 579
Configure Global Configures proxy switching and robustness value 580
Configure Domain Enables MVR for a domain, sets the MVR VLAN, forwarding priority, and
Configure Profile 583
(Continued)
574
address of the multicast services, and the interfaces with active
subscribers
582
upstream source IP
Add Configures multicast stream addresses 583
Show Shows multicast stream addresses 583
Associate Profile 583
Add Maps an address profile to a domain 583
Show Shows addresses profile to domain mapping 583
Configure In terface Configures MVR interface type and immediate leave mode; also displays
MVR operational and active status
Configure Port Configures MVR attributes for a port 586
Configure Trunk Configures MVR attributes for a trunk 586
Configure Static Group Member 588
Add Statically assigns MVR multicast streams to an interface 588
Show Shows MVR multicast streams assigned to an interface 588
Show Member Shows the multicast groups assigned to an MVR VLAN, the source
address of the multicast services, and the interfaces with active
subscribers
Show Statistics 591
Show Query Statistics Shows statistics for query-related messages 591
Show VLAN Statistics Shows statistics for protocol messages, number of active groups 591
586
590
Show Port Statistics Shows statistics for protocol messages, number of active groups 591
Show Trunk Statistics Shows statistics for protocol messages, number of active groups 591
– 69 –
Chapter 2
| Using the Web Interface
Navigating the Web Browser Interface
Table 4: Switch Main Menu
Menu Description Page
Routing Protocol
RIP 652
General 653
Configure Enables or disables RIP, sets the global RIP attributes and timer values 653
Clear Route Clears the specified route type or network interface from the routing
Network 657
Add Sets the network interfaces that will use RIP 657
Show Shows the network interfaces that will use RIP 657
Passive Interface 659
Add Stops RIP broadcast and multicast messages from being sent on
Show Shows the configured passive interfaces 659
Neighbor Address 660
Add Configures the router to directly exchange routing
(Continued)
656
table
659
specified network interfaces
660
information with a static neighbor
Show Shows adjacent hosts or interfaces configured as a neighboring router 660
Redistribute 661
Add Imports external routing information from other routing domains (that
is, protocols) into the autonomous system
Show Shows the external routing information to be imported from other
routing domains
Distance 663
Add Defines an administrative distance for external routes learned from
other routing protocols
Show Shows the administrative distances assigned to external routes learned
from other routing protocols
Interface 664
Add Configures RIP parameters for each interface, including send and
receive versions, authentication, and method of loopback prevention
Show Shows the RIP parameters set for each interface 664
Modify Modifies RIP parameters for an interface 664
Statistics
Show Interface Information Shows RIP settings, and statistics on RIP protocol messages 668
Show Peer Information Displays information on neighboring RIP routers 669
661
661
663
663
664
Reset Statistics Clears statistics for RIP protocol messages 669
– 70 –
3
Basic Management Tasks
This chapter describes the following topics:
◆
Displaying System Information – Provides basic system description, including
contact information.
◆
Displaying Hardware/Software Versions – Shows the hardware version, power
status, and firmware versions
◆
Configuring Support for Jumbo Frames – Enables support for jumbo frames.
◆
Displaying Bridge Extension Capabilities – Shows the bridge extension
parameters.
◆
Managing System Files – Describes how to upgrade operating software or
configuration files, and set the system start-up files.
◆
Setting the System Clock – Sets the current time manually or through specified
NTP or SNTP servers.
◆
Configuring the Console Port – Sets console port connection parameters.
◆
Configuring Telnet Settings – Sets Telnet connection parameters.
◆
Displaying CPU Utilization – Displays information on CPU utilization.
◆
Displaying Memory Utilization – Shows memory utilization parameters.
◆
Stacking – Sets master unit, enables stacking on 10G ports, renumbers the units
in the stack.
◆
Resetting the System – Restarts the switch immediately, at a specified time,
after a specified delay, or at a periodic interval.
– 71 –
Chapter 3
Displaying System Information
| Basic Management Tasks
Displaying System Information
Use the System > General page to identify the system by displaying information
such as the device name, location and contact information.
Parameters
These parameters are displayed:
◆
System Description – Brief description of device type.
◆
System Object ID – MIB II object ID for switch’s network management
subsystem.
◆
System Up Time – Length of time the management agent has been up.
◆
System Name – Name assigned to the switch system.
◆
System Location – Specifies the system location.
◆
System Contact – Administrator responsible for the system.
Web Interface
To configure general system information:
1.
Click System, General.
2.
Specify the system name, location, and contact information for the system
administrator.
3.
Click Apply.
Figure 3: System Information
– 72 –
Displaying Hardware/Software Versions
Use the System > Switch page to display hardware/firmware version numbers for
the main board and management software, as well as the power status of the
system.
Parameters
The following parameters are displayed:
Main Board Information
◆
Serial Number – The serial number of the switch.
◆
Number of Ports – Number of built-in ports.
◆
Hardware Version – Hardware version of the main board.
◆
Main Power Status – Displays the status of the internal power supply.
Chapter 3
Displaying Hardware/Software Versions
| Basic Management Tasks
◆
Redundant Power Status – Displays the status of the redundant power supply.
Management Software Information
◆
Role – Shows that this switch is operating as Master or Slave.
◆
EPLD Version – Version number of EEPROM Programmable Logic Device.
◆
Loader Version – Version number of loader code.
◆
Diagnostics Code Version – Version of Power-On Self-Test (POST) and boot
code.
◆
Operation Code Version – Version number of runtime code.
◆
Thermal Detector – The detector is near the back of the unit.
◆
Temperature – Temperature at specified thermal detection point.
– 73 –
Chapter 3
Configuring Support for Jumbo Frames
| Basic Management Tasks
Web Interface
To view hardware and software version information.
1.
Click System, then Switch.
Figure 4: General Switch Information
Configuring Support for Jumbo Frames
Use the System > Capability page to configure support for layer 2 jumbo frames.
The switch provides more efficient throughput for large sequential data transfers
by supporting jumbo frames up to 10240 bytes for Gigabit Ethernet and 10 Gigabit
Ethernet ports or trunks. Compared to standard Ethernet frames that run only up to
1.5 KB, using jumbo frames significantly reduces the per-packet overhead required
to process protocol encapsulation fields.
Usage Guidelines
To use jumbo frames, both the source and destination end nodes (such as a
computer or server) must support this feature. Also, when the connection is
operating at full duplex, all switches in the network between the two end nodes
must be able to accept the extended frame size. And for half-duplex connections,
all devices in the collision domain would need to support jumbo frames.
Parameters
The following parameters are displayed:
◆
Jumbo Frame – Configures support for jumbo frames. (Default: Disabled)
– 74 –
Chapter 3
Displaying Bridge Extension Capabilities
Web Interface
To configure support for jumbo frames:
1.
Click System, then Capability.
2.
Enable or disable support for jumbo frames.
3.
Click Apply.
Figure 5: Configuring Support for Jumbo Frames
| Basic Management Tasks
Displaying Bridge Extension Capabilities
Use the System > Capability page to display settings based on the Bridge MIB. The
Bridge MIB includes extensions for managed devices that support Multicast
Filtering, Traffic Classes, and Virtual LANs. You can access these extensions to
display default settings for the key variables.
Parameters
The following parameters are displayed:
◆
Extended Multicast Filtering Services – This switch does not support the
filtering of individual multicast addresses based on GMRP (GARP Multicast
Registration Protocol).
◆
Traffic Classes – This switch provides mapping of user priorities to multiple
traffic classes. (Refer to “Class of Service” on page 231.)
◆
Static Entry Individual Port – This switch allows static filtering for unicast and
multicast addresses. (Refer to “Setting Static Addresses” on page 189.)
◆
VLAN Version Number – Based on IEEE 802.1Q, “1” indicates Bridges that
support only single spanning tree (SST) operation, and “2” indicates Bridges
that support multiple spanning tree (MST) operation.
◆
VLAN Learning – This switch uses Independent VLAN Learning (IVL), where
each port maintains its own filtering database.
◆
Local VLAN Capable – This switch does not support multiple local bridges
outside of the scope of 802.1Q defined VLANs.
– 75 –
Chapter 3
Displaying Bridge Extension Capabilities
| Basic Management Tasks
◆
Configurable PVID Tagging – This switch allows you to override the default
Port VLAN ID (PVID used in frame tags) and egress status (VLAN-Tagged or
Untagged) on each port. (Refer to “VLAN Configuration” on page 153.)
◆
Max Supported VLAN Numbers – The maximum number of VLANs supported
on this switch.
◆
Max Supported VLAN ID – The maximum configurable VLAN identifier
supported on this switch.
◆
GMRP – GARP Multicast Registration Protocol (GMRP) allows network devices
to register end stations with multicast groups. This switch does not support
GMRP; it uses the Internet Group Management Protocol (IGMP) to provide
automatic multicast filtering.
Web Interface
To view Bridge Extension information:
1.
Click System, then Capability.
Figure 6: Displaying Bridge Extension Configuration
– 76 –
Managing System Files
This section describes how to upgrade the switch operating software or
configuration files, and set the system start-up files.
Chapter 3
| Basic Management Tasks
Managing System Files
Copying Files via FTP/
TFTP or HTTP
Use the System > File (Copy) page to upload/download firmware or configuration
settings using FTP, TFTP or HTTP. By backing up a file to an FTP/TFTP server or
management station, that file can later be downloaded to the switch to restore
operation. Specify the method of file transfer, along with the file type and file
names as required.
You can also set the switch to use new firmware or configuration settings without
overwriting the current version. Just download the file using a different name from
the current version, and then set the new file as the startup file.
Command Usage
◆
When logging into an FTP server, the interface prompts for a user name and
password configured on the remote server. Note that “Anonymous” is set as the
default user name.
◆
The reset command will not be accepted during copy operations to flash
memory.
Parameters
The following parameters are displayed:
◆
Copy Type – The firmware copy operation includes these options:
■
FTP Upload – Copies a file from an FTP server to the switch.
■
FTP Download – Copies a file from the switch to an FTP server.
■
HTTP Upload – Copies a file from a management station to the switch.
■
HTTP Download – Copies a file from the switch to a management station
■
TFTP Upload – Copies a file from a TFTP server to the switch.
■
TFTP Download – Copies a file from the switch to a TFTP server.
◆
FTP/TFTP Server IP Address – The IP address of an FTP/TFTP server.
◆
User Name – The user name for FTP server access.
◆
Password – The password for FTP server access.
◆
File Type – Specify Operation Code to copy firmware.
– 77 –
Chapter 3
Managing System Files
| Basic Management Tasks
◆
File Name –
of the file name should not be a period (.),
names is 32 characters for files on the switch or 127 characters for files on the
server. (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”)
Note:
Up to two copies of the system software (i.e., the runtime firmware) can be
stored in the file directory on the switch.
Note:
The maximum number of user-defined configuration files is limited only by
available flash memory space.
Note:
The file “Factory_Default_Config.cfg” can be copied to a file server or
management station, but cannot be used as the destination file name on the
switch.
Web Interface
To copy firmware files:
The file name should not contain slashes (\ or /), the leading letter
and the maximum length for file
1.
Click System, then File.
2.
Select Copy from the Action list.
3.
Select FTP Upload, HTTP Upload or TFTP Upload as the file transfer method.
4.
If FTP or TFTP Upload is used, enter the IP address of the file server.
5.
If FTP Upload is used, enter the user name and password for your account on
the FTP server.
6.
Set the file type to Operation Code.
7.
Enter the name of the file to download.
8.
Select a file on the switch to overwrite or specify a new file name.
9.
Then click Apply.
– 78 –
Chapter 3
| Basic Management Tasks
Managing System Files
Figure 7: Copy Firmware
If you replaced a file currently used for startup and want to start using the new file,
reboot the system via the System > Reset menu.
Saving the Running
Configuration to a
Local File
Use the System > File (Copy) page to save the current configuration settings to a
local file on the switch. The configuration settings are not automatically saved by
the system for subsequent use when the switch is rebooted. You must save these
settings to the current startup file, or to another file which can be subsequently set
as the startup file.
Parameters
The following parameters are displayed:
◆
Copy Type – The copy operation includes this option:
■
Running-Config – Copies the current configuration settings to a local file on
the switch.
◆
Destination File Name – Copy to the currently designated startup file, or to a
new file.
The file name should not contain slashes (\ or /),
the leading letter of
the file name should not be a period (.), and the maximum length for file names
is 32 characters. (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”)
Note:
The maximum number of user-defined configuration files is limited only by
available flash memory space.
Web Interface
To save the running configuration file:
1.
Click System, then File.
2.
Select Copy from the Action list.
3.
Select Running-Config from the Copy Type list.
– 79 –
Chapter 3
Managing System Files
| Basic Management Tasks
4.
Select the current startup file on the switch to overwrite or specify a new file
name.
5.
Then click Apply.
Figure 8: Saving the Running Configuration
If you replaced a file currently used for startup and want to start using the new file,
reboot the system via the System > Reset menu.
Setting the
Start-Up File
Use the System > File (Set Start-Up) page to specify the firmware or configuration
file to use for system initialization.
Web Interface
To set a file to use for system initialization:
1.
Click System, then File.
2.
Select Set Start-Up from the Action list.
3.
Mark the operation code or configuration file to be used at startup
4.
Then click Apply.
Figure 9: Setting Start-Up Files
To start using the new firmware or configuration settings, reboot the system via the
System > Reset menu.
– 80 –
Chapter 3
| Basic Management Tasks
Managing System Files
Showing System Files
Use the System > File (Show) page to show the files in the system directory, or to
delete a file.
Note:
Files designated for start-up, and the Factory_Default_Config.cfg file, cannot
be deleted.
Web Interface
To show the system files:
1.
Click System, then File.
2.
Select Show from the Action list.
3.
To delete a file, mark it in the File List and click Delete.
Figure 10: Displaying System Files
Automatic Operation
Code Upgrade
Use the System > File (Automatic Operation Code Upgrade) page to automatically
download an operation code file when a file newer than the currently installed one
is discovered on the file server. After the file is transferred from the server and
successfully written to the file system, it is automatically set as the startup file, and
the switch is rebooted.
Usage Guidelines
◆
If this feature is enabled, the switch searches the defined URL once during the
bootup sequence.
◆
FTP (port 21) and TFTP (port 69) are both supported. Note that the TCP/UDP
port bindings cannot be modified to support servers listening on non-standard
ports.
◆
The host portion of the upgrade file location URL must be a valid IPv4 IP
address. DNS host names are not recognized. Valid IP addresses consist of four
numbers, 0 to 255, separated by periods.
– 81 –
Chapter 3
Managing System Files
| Basic Management Tasks
◆
The path to the directory must also be defined. If the file is stored in the root
directory for the FTP/TFTP service, then use the “/” to indicate this (e.g., ftp://
192.168.0.1/).
◆
The file name must not be included in the upgrade file location URL. The file
name of the code stored on the remote server must be Level1-L3lite.bix (using
upper case and lower case letters exactly as indicated here). Enter the file name
for other switches described in this manual exactly as shown on the web
interface.
◆
The FTP connection is made with PASV mode enabled. PASV mode is needed to
traverse some fire walls, even if FTP traffic is not blocked. PASV mode cannot be
disabled.
◆
The switch-based search function is case-insensitive in that it will accept a file
name in upper or lower case (i.e., the switch will accept Level1-L3lite.BIX from
the server even though Level1-L3lite.bix was requested). However, keep in mind
that the file systems of many operating systems such as Unix and most Unixlike systems (FreeBSD, NetBSD, OpenBSD, and most Linux distributions, etc.) are
case-sensitive, meaning that two files in the same directory, level1-L3lite.bix and
Level1-L3lite.bix are considered to be unique files. Thus, if the upgrade file is
stored as Level1-L3lite.bix (or even level1-L3lite.bix) on a case-sensitive server,
then the switch (requesting level1-L3lite.bix) will not be upgraded because the
server does not recognize the requested file name and the stored file name as
being equal. A notable exception in the list of case-sensitive Unix-like operating
systems is Mac OS X, which by default is case-insensitive. Please check the
documentation for your server’s operating system if you are unsure of its file
system’s behavior.
◆
Note that the switch itself does not distinguish between upper and lower-case
file names, and only checks to see if the file stored on the server is more recent
than the current runtime image.
◆
If two operation code image files are already stored on the switch’s file system,
then the non-startup image is deleted before the upgrade image is transferred.
◆
The automatic upgrade process will take place in the background without
impeding normal operations (data switching, etc.) of the switch.
◆
During the automatic search and transfer process, the administrator cannot
transfer or update another operation code image, configuration file, public key,
or HTTPS certificate (i.e., no other concurrent file management operations are
possible).
◆
The upgrade operation code image is set as the startup image after it has been
successfully written to the file system.
◆
The switch will send an SNMP trap and make a log entry upon all upgrade
successes and failures.
– 82 –
Chapter 3
| Basic Management Tasks
Managing System Files
◆
The switch will immediately restart after the upgrade file is successfully written
to the file system and set as the startup image.
Parameters
The following parameters are displayed:
◆
Automatic Opcode Upgrade – Enables the switch to search for an upgraded
operation code file during the switch bootup process. (Default: Disabled)
◆
Automatic Upgrade Location URL – Defines where the switch should search
for the operation code upgrade file. The last character of this URL must be a
forward slash (“/”). The Level1-L3lite.bix filename must not be included since it is
automatically appended by the switch. (Options: ftp, tftp)
The following syntax must be observed:
tftp://host[/filedir]/
■
tftp:// – Defines TFTP protocol for the server connection.
■
host – Defines the IP address of the TFTP server. Valid IP addresses consist of
four numbers, 0 to 255, separated by periods. DNS host names are not
recognized.
■
filedir – Defines the directory, relative to the TFTP server root, where the
upgrade file can be found. Nested directory structures are accepted. The
directory name must be separated from the host, and in nested directory
structures, from the parent directory, with a prepended forward slash “/”.
■
/ – The forward slash must be the last character of the URL.
ftp://[username[:password@]]host[/filedir]/
■
ftp:// – Defines FTP protocol for the server connection.
■
username – Defines the user name for the FTP connection. If the user name
is omitted, then “anonymous” is the assumed user name for the
connection.
■
password – Defines the password for the FTP connection. To differentiate
the password from the user name and host portions of the URL, a colon (:)
must precede the password, and an “at” symbol (@), must follow the
password. If the password is omitted, then “” (an empty string) is the
assumed password for the connection.
■
host – Defines the IP address of the FTP server. Valid IP addresses consist of
four numbers, 0 to 255, separated by periods. DNS host names are not
recognized.
■
filedir – Defines the directory, relative to the FTP server root, where the
upgrade file can be found. Nested directory structures are accepted. The
directory name must be separated from the host, and in nested directory
structures, from the parent directory, with a prepended forward slash “/”.
■
/ – The forward slash must be the last character of the URL.
– 83 –
Chapter 3
Managing System Files
| Basic Management Tasks
Examples
The following examples demonstrate the URL syntax for a TFTP server at IP
address 192.168.0.1 with the operation code image stored in various locations:
■
tftp://192.168.0.1/
The image file is in the TFTP root directory.
■
tftp://192.168.0.1/switch-opcode/
The image file is in the “switch-opcode” directory, relative to the TFTP root.
■
tftp://192.168.0.1/switches/opcode/
The image file is in the “opcode” directory, which is within the “switches”
parent directory, relative to the TFTP root.
The following examples demonstrate the URL syntax for an FTP server at IP
address 192.168.0.1 with various user name, password and file location options
presented:
■
ftp://192.168.0.1/
The user name and password are empty, so “anonymous” will be the user
name and the password will be blank. The image file is in the FTP root
directory.
■
ftp://switches:upgrade@192.168.0.1/
The user name is “switches” and the password is “upgrade”. The image file is
in the FTP root.
■
ftp://switches:upgrade@192.168.0.1/switches/opcode/
The user name is “switches” and the password is “upgrade”. The image file is
in the “opcode” directory, which is within the “switches” parent directory,
relative to the FTP root.
Web Interface
To configure automatic code upgrade:
1.
Click System, then File.
2.
Select Automatic Operation Code Upgrade from the Action list.
3.
Mark the check box to enable Automatic Opcode Upgrade.
4.
Enter the URL of the FTP or TFTP server, and the path and directory containing
the operation code.
5.
Click Apply.
– 84 –
Chapter 3
Figure 11: Configuring Automatic Code Upgrade
| Basic Management Tasks
Setting the System Clock
If a new image is found at the specified location, the following type of messages
will be displayed during bootup.
.
.
.
Automatic Upgrade is looking for a new image
New image detected: current version 1.5.2.15; new version 1.5.2.16
Image upgrade in progress
The switch will restart after upgrade succeeds
Downloading new image
Flash programming started
Flash programming completed
The switch will now restart
.
.
.
Setting the System Clock
Simple Network Time Protocol (SNTP) allows the switch to set its internal clock
based on periodic updates from a time server (SNTP or NTP). Maintaining an
accurate time on the switch enables the system log to record meaningful dates and
times for event entries. You can also manually set the clock. If the clock is not set
manually or via SNTP, the switch will only record the time from the factory default
set at the last bootup.
When the SNTP client is enabled, the switch periodically sends a request for a time
update to a configured time server. You can configure up to three time server IP
addresses. The switch will attempt to poll each server in the configured sequence.
– 85 –
Chapter 3
Setting the System Clock
| Basic Management Tasks
Setting the Time
Manually
Use the System > Time (Configure General - Manual) page to set the system time on
the switch manually without using SNTP.
Parameters
The following parameters are displayed:
◆
Current Time – Shows the current time set on the switch.
◆
Hours – Sets the hour. (Range: 0-23)
◆
Minutes – Sets the minute value. (Range: 0-59)
◆
Seconds – Sets the second value. (Range: 0-59)
◆
Month – Sets the month. (Range: 1-12)
◆
Day – Sets the day of the month. (Range: 1-31)
◆
Ye a r – Sets the year. (Range: 1970-2037)
Web Interface
To manually set the system clock:
1.
Click System, then Time.
2.
Select Configure General from the Step list.
3.
Select Manual from the Maintain Type list.
4.
Enter the time and date in the appropriate fields.
5.
Click Apply
Figure 12: Manually Setting the System Clock
– 86 –
Chapter 3
| Basic Management Tasks
Setting the System Clock
Setting the SNTP
Polling Interval
Use the System > Time (Configure General - SNTP) page to set the polling interval at
which the switch will query the specified time servers.
Parameters
The following parameters are displayed:
◆
Current Time – Shows the current time set on the switch.
◆
SNTP Polling Interval – Sets the interval between sending requests for a time
update from a time server. (Range: 16-16384 seconds; Default: 16 seconds)
Web Interface
To set the polling interval for SNTP:
1.
Click System, then Time.
2.
Select Configure General from the Step list.
3.
Select SNTP from the Maintain Type list.
4.
Modify the polling interval if required.
Configuring NTP
5.
Click Apply
Figure 13: Setting the Polling Interval for SNTP
Use the System > Time (Configure General - NTP) page to configure NTP
authentication and show the polling interval at which the switch will query the
specified time servers.
Parameters
The following parameters are displayed:
◆
Current Time – Shows the current time set on the switch.
◆
Authentication Status – Enables authentication for time requests and updates
between the switch and NTP servers. (Default: Disabled)
– 87 –
Chapter 3
Setting the System Clock
| Basic Management Tasks
You can enable NTP authentication to ensure that reliable updates are received
from only authorized NTP servers. The authentication keys and their associated
key number must be centrally managed and manually distributed to NTP
servers and clients. The key numbers and key values must match on both the
server and client.
◆
Polling Interval – Shows the interval between sending requests for a time
update from NTP servers. (Fixed: 1024 seconds)
Web Interface
To set the clock maintenance type to NTP:
1.
Click System, then Time.
2.
Select Configure General from the Step list.
3.
Select NTP from the Maintain Type list.
4.
Enable authentication if required.
Configuring
Time Servers
5.
Click Apply
Figure 14: Configuring NTP
Use the System > Time (Configure Time Server) pages to specify the IP address for
NTP/SNTP time servers, or to set the authentication key for NTP time servers.
Specifying SNTP Time Servers
Use the System > Time (Configure Time Server – Configure SNTP Server) page to
specify the IP address for up to three SNTP time servers.
– 88 –
Chapter 3
Parameters
The following parameters are displayed:
◆
SNTP Server IP Address – Sets the IPv4 or IPv6 address for up to three time
servers. The switch attempts to update the time from the first server, if this fails
it attempts an update from the next server in the sequence.
Web Interface
To set the SNTP time servers:
1.
Click System, then Time.
2.
Select Configure Time Server from the Step list.
3.
Select Configure SNTP Server from the Action list.
4.
Enter the IP address of up to three time servers.
| Basic Management Tasks
Setting the System Clock
5.
Click Apply.
Figure 15: Specifying SNTP Time Servers
Specifying NTP Time Servers
Use the System > Time (Configure Time Server – Add NTP Server) page to add the IP
address for up to 50 NTP time servers.
Parameters
The following parameters are displayed:
◆
NTP Server IP Address – Adds the IPv4 or IPv6 address for up to 50 time
servers. The switch will poll the specified time servers for updates when the
clock maintenance type is set to NTP on the System > Time (Configure General)
page. It issues time synchronization requests at a fixed interval of 1024 seconds.
The switch will poll all the time servers configured, the responses received are
filtered and compared to determine the most reliable and accurate time update
for the switch.
◆
Versio n – Specifies the NTP version supported by the server. (Fixed: Version 3)
– 89 –
Chapter 3
Setting the System Clock
| Basic Management Tasks
◆
Authentication Key – Specifies the number of the key in the NTP
Authentication Key List to use for authentication with the configured server.
NTP authentication is optional. If enabled on the System > Time (Configure
General) page, you must also configure at least one key on the System > Time
(Add NTP Authentication Key) page. (Range: 1-65535)
Web Interface
To add an NTP time server to the server list:
1.
Click System, then Time.
2.
Select Configure Time Server from the Step list.
3.
Select Add NTP Server from the Action list.
4.
Enter the IP address of an NTP time server, and specify the index of the
authentication key if authentication is required.
5.
Click Apply.
Figure 16: Adding an NTP Time Server
To show the list of configured NTP time servers:
1.
Click System, then Time.
2.
Select Configure Time Server from the Step list.
3.
Select Show NTP Server from the Action list.
Figure 17: Showing the NTP Time Server List
– 90 –
Chapter 3
| Basic Management Tasks
Setting the System Clock
Specifying NTP Authentication Keys
Use the System > Time (Configure Time Server – Add NTP Authentication Key) page
to add an entry to the authentication key list.
Parameters
The following parameters are displayed:
◆
Authentication Key – Specifies the number of the key in the NTP
Authentication Key List to use for authentication with a configured server. NTP
authentication is optional. When enabled on the System > Time (Configure
General) page, you must also configure at least one key on this page. Up to 255
keys can be configured on the switch. (Range: 1-65535)
◆
Key Context – An MD5 authentication key string. The key string can be up to
32 case-sensitive printable ASCII characters (no spaces).
NTP authentication key numbers and values must match on both the server
and client.
Web Interface
To add an entry to NTP authentication key list:
1.
Click System, then Time.
2.
Select Configure Time Server from the Step list.
3.
Select Add NTP Authentication Key from the Action list.
4.
Enter the index number and MD5 authentication key string.
5.
Click Apply.
Figure 18: Adding an NTP Authentication Key
To show the list of configured NTP authentication keys:
1.
Click System, then Time.
2.
Select Configure Time Server from the Step list.
3.
Select Show NTP Authentication Key from the Action list.
– 91 –
Chapter 3
Setting the System Clock
| Basic Management Tasks
Figure 19: Showing the NTP Authentication Key List
Setting the Time Zone
Use the System > Time (Configure Time Zone) page to set the time zone. SNTP uses
Coordinated Universal Time (or UTC, formerly Greenwich Mean Time, or GMT)
based on the time at the Earth’s prime meridian, zero degrees longitude, which
passes through Greenwich, England. To display a time corresponding to your local
time, you must indicate the number of hours and minutes your time zone is east
(before) or west (after) of UTC. You can choose one of the 80 predefined time zone
definitions, or your can manually configure the parameters for your local time zone.
Parameters
The following parameters are displayed:
◆
Predefined Configuration – A drop-down box provides access to the 80
predefined time zone configurations. Each choice indicates it’s offset from UTC
and lists at least one major city or location covered by the time zone.
◆
User-defined Configuration – Allows the user to define all parameters of the
local time zone.
■
Direction – Configures the time zone to be before (east of ) or after (west
of) UTC.
■
Name – Assigns a name to the time zone. (Range: 1-30 characters)
■
Hours (0-13) – The number of hours before or after UTC. The maximum
value before UTC is 12. The maximum value after UTC is 13.
■
Minutes (0-59) – The number of minutes before/after UTC.
Web Interface
To set your local time zone:
1.
Click System, then Time.
2.
Select Configure Time Zone from the Step list.
3.
Set the offset for your time zone relative to the UTC in hours and minutes.
4.
Click Apply.
– 92 –
Figure 20: Setting the Time Zone
Chapter 3
| Basic Management Tasks
Setting the System Clock
Configuring
Summer Time
Use the Summer Time page to set the system clock forward during the summer
months (also known as daylight savings time).
In some countries or regions, clocks are adjusted through the summer months so
that afternoons have more daylight and mornings have less. This is known as
Summer Time, or Daylight Savings Time (DST). Typically, clocks are adjusted
forward one hour at the start of spring and then adjusted backward in autumn.
Parameters
The following parameters are displayed in the web interface:
General Configuration
◆
Summer Time in Effect – Shows if the system time has been adjusted.
◆
Status – Shows if summer time is set to take effect during the specified period.
◆
Name – Name of the time zone while summer time is in effect, usually an
acronym. (Range: 1-30 characters)
◆
Mode – Selects one of the following configuration modes. (The Mode option
can only be managed when the Summer Time Status option has been set to
enabled for the switch.)
Predefined Mode – Configures the summer time status and settings for the switch
using predefined configurations for several major regions of the world. To specify
the time corresponding to your local time when summer time is in effect, select the
predefined summer-time zone appropriate for your location.
– 93 –
Chapter 3
Setting the System Clock
| Basic Management Tasks
Table 5: Predefined Summer-Time Parameters
Region Start Time, Day, Week, & Month End Time, Day, Week, & Month Rel.
Australia 00:00:00, Sunday, Week 5 of October 23:59:59, Sunday, Week 5 of March 60 min
Europe 00:00:00, Sunday, Week 5 of March 23:59:59, Sunday, Week 5 of October 60 min
New Zealand 00:00:00, Sunday, Week 1 of October 23:59:59, Sunday, Week 3 of March 60 min
USA 02:00:00, Sunday, Week 2 of March 02:00:00, Sunday, Week 1 of November 60 min
Offset
Date Mode – Sets the start, end, and offset times of summer time for the switch on a
one-time basis. This mode sets the summer-time zone relative to the currently
configured time zone. To specify a time corresponding to your local time when
summer time is in effect, you must indicate the number of minutes your summertime zone deviates from your regular time zone.
◆
Offset – Summer-time offset from the regular time zone, in minutes.
(Range: 1-120 minutes)
◆
From – Start time for summer-time offset.
◆
To – End time for summer-time offset.
Recurring Mode – Sets the start, end, and offset times of summer time for the switch
on a recurring basis. This mode sets the summer-time zone relative to the currently
configured time zone. To specify a time corresponding to your local time when
summer time is in effect, you must indicate the number of minutes your summertime zone deviates from your regular time zone.
◆
Offset – Summer-time offset from the regular time zone, in minutes.
(Range: 1-120 minutes)
◆
From – Start time for summer-time offset.
◆
To – End time for summer-time offset.
Web Interface
To specify summer time settings:
1.
Click SNTP, Summer Time.
2.
Select one of the configuration modes, configure the relevant attributes,
enable summer time status.
3.
Click Apply.
– 94 –
Figure 21: Configuring Summer Time
Configuring the Console Port
Use the System > Console menu to configure connection parameters for the
switch’s console port. You can access the onboard configuration program by
attaching a VT100 compatible device to the switch’s serial console port.
Management access through the console port is controlled by various parameters,
including a password (only configurable through the CLI), time outs, and basic
communication settings. Note that these parameters can be configured via the
web or CLI interface.
Chapter 3
| Basic Management Tasks
Configuring the Console Port
Parameters
The following parameters are displayed:
◆
Login Timeout – Sets the interval that the system waits for a user to log into
the CLI. If a login attempt is not detected within the timeout interval, the
connection is terminated for the session. (Range: 10-300 seconds; Default: 300
seconds)
◆
Exec Timeout – Sets the interval that the system waits until user input is
detected. If user input is not detected within the timeout interval, the current
session is terminated. (Range: 60-65535 seconds; Default: 600 seconds)
◆
Password Threshold – Sets the password intrusion threshold, which limits the
number of failed logon attempts. When the logon attempt threshold is
reached, the system interface becomes silent for a specified amount of time
(set by the Silent Time parameter) before allowing the next logon attempt.
(Range: 1-120; Default: 3 attempts)
◆
Silent Time – Sets the amount of time the management console is inaccessible
after the number of unsuccessful logon attempts has been exceeded.
(Range: 1-65535 seconds; Default: Disabled)
◆
Data Bits – Sets the number of data bits per character that are interpreted and
generated by the console port. If parity is being generated, specify 7 data bits
– 95 –
Chapter 3
Configuring the Console Port
| Basic Management Tasks
per character. If no parity is required, specify 8 data bits per character.
(Default: 8 bits)
◆
Stop Bits – Sets the number of the stop bits transmitted per byte.
(Range: 1-2; Default: 1 stop bit)
◆
Parity – Defines the generation of a parity bit. Communication protocols
provided by some terminals can require a specific parity bit setting. Specify
Even, Odd, or None. (Default: None)
◆
Speed – Sets the terminal line’s baud rate for transmit (to terminal) and receive
(from terminal). Set the speed to match the baud rate of the device connected
to the serial port. (Range: 9600, 19200, 38400, 57600, or 115200 baud;
Default: 115200 baud)
Note:
The password for the console connection can only be configured through
the CLI (see the “password” command in the CLI Reference Guide).
Note:
Password checking can be enabled or disabled for logging in to the console
connection (see the “login” command in the CLI Reference Guide). You can select
authentication by a single global password as configured for the password
command, or by passwords set up for specific user-name accounts. The default is
for local passwords configured on the switch.
Web Interface
To configure parameters for the console port:
1.
Click System, then Console.
2.
Specify the connection parameters as required.
3.
Click Apply
Figure 22: Console Port Settings
– 96 –
Configuring Telnet Settings
Use the System > Telnet menu to configure parameters for accessing the CLI over a
Telnet connection. You can access the onboard configuration program over the
network using Telnet (i.e., a virtual terminal). Management access via Telnet can be
enabled/disabled and other parameters set, including the TCP port number, time
outs, and a password. Note that the password is only configurable through the CLI.)
These parameters can be configured via the web or CLI interface.
Parameters
The following parameters are displayed:
◆
Telnet Status – Enables or disables Telnet access to the switch.
(Default: Enabled)
◆
TCP Port – Sets the TCP port number for Telnet on the switch. (Range: 1-65535;
Default: 23)
Chapter 3
| Basic Management Tasks
Configuring Telnet Settings
◆
Max Sessions – Sets the maximum number of Telnet sessions that can
simultaneously connect to this system. (Range: 0-8; Default: 8)
A maximum of eight sessions can be concurrently opened for Telnet and
Secure Shell (i.e., both Telnet and SSH share a maximum number of eight
sessions).
◆
Login Timeout – Sets the interval that the system waits for a user to log into
the CLI. If a login attempt is not detected within the timeout interval, the
connection is terminated for the session. (Range: 10-300 seconds; Default: 300
seconds)
◆
Exec Timeout – Sets the interval that the system waits until user input is
detected. If user input is not detected within the timeout interval, the current
session is terminated. (Range: 60-65535 seconds; Default: 600 seconds)
◆
Password Threshold – Sets the password intrusion threshold, which limits the
number of failed logon attempts. When the logon attempt threshold is
reached, the system interface becomes silent for a specified amount of time
(set by the Silent Time parameter) before allowing the next logon attempt.
(Range: 1-120; Default: 3 attempts)
◆
Silent Time – Sets the amount of time the management interface is
inaccessible after the number of unsuccessful logon attempts has been
exceeded. (Range: 1-65535 seconds; Default: Disabled)
Note:
The password for the Telnet connection can only be configured through the
CLI (see the “password” command in the CLI Reference Guide).
Note:
Password checking can be enabled or disabled for login to the console
connection (see the “login” command in the CLI Reference Guide). You can select
– 97 –
Chapter 3
Displaying CPU Utilization
| Basic Management Tasks
authentication by a single global password as configured for the password
command, or by passwords set up for specific user-name accounts. The default is
for local passwords configured on the switch.
Web Interface
To configure parameters for the console port:
1.
Click System, then Telnet.
2.
Specify the connection parameters as required.
3.
Click Apply
Figure 23: Telnet Connection Settings
Displaying CPU Utilization
Use the System > CPU Utilization page to display information on CPU utilization.
Parameters
The following parameters are displayed:
◆
Time Interval – The interval at which to update the displayed utilization rate.
(Options: 1, 5, 10, 30, 60 seconds; Default: 1 second)
◆
CPU Utilization – CPU utilization over specified interval.
Web Interface
To display CPU utilization:
1.
Click System, then CPU Utilization.
2.
Change the update interval if required. Note that the interval is changed as
soon as a new setting is selected.
– 98 –
Figure 24: Displaying CPU Utilization
Chapter 3
Displaying Memory Utilization
| Basic Management Tasks
Displaying Memory Utilization
Use the System > Memory Status page to display memory utilization parameters.
Parameters
The following parameters are displayed:
◆
Free Size – The amount of memory currently free for use.
◆
Used Size – The amount of memory allocated to active processes.
◆
To ta l – The total amount of system memory.
Web Interface
To display memory utilization:
1.
Click System, then Memory Status.
Figure 25: Displaying Memory Utilization
– 99 –
Chapter 3
Stacking
Stacking
| Basic Management Tasks
This section describes the basic functions which enable a properly connected set of
switches to function as a single logical entity for management purposes. For
information on how to physically connect units into a stack, see the Hardware
Installation Guide. For detailed information on how stacking is implemented for this
type of switch, refer to “Stack Operations” in the CLI Reference Guide.
Setting the
Master Unit
Use the System > Stacking (Configure Master Button) page to configure a unit as
the stack master.
Command Usage
◆
The switch must be rebooted to activate this command. Note that the
configured setting is not affected by changes to the start-up configuration file.
◆
Set the front panel 10G ports to stacking mode with the Configure Stacking
Button page prior to rebooting the switch.
◆
If the stack has not been initialized, the master button must be disabled on all
other units in the stack, and those units rebooted.
◆
If the stack has been initialized, and this page is used to configure a new stack
master, then the master button on the old master unit must be disabled before
rebooting the stack.
◆
After the newly configured stack master has been rebooted, the front panel
unit identifier will the updated on each unit in the stack.
◆
The bootup messages on all slave units will be halted when the master unit is
rebooted, and configuration through the CLI will be restricted to the master
unit.
Parameters
The following parameters are displayed:
◆
Unit – Shows the stack members according to assigned identifiers.
◆
Master Button – Enables the specified unit as the stack master.
(Default: Disabled)
Web Interface
To set the stack master:
1.
Click System, Stacking.
2.
Select Configure Master Button from the Action list.
3.
Select one of the stack members as the master unit.
– 100 –
Loading...