Sixnet® Series
Gigabit Ethernet Switches
MIL312 - MIL314 - MIL316 - MIL318
Software Manual | April 2015
COPYRIGHT
Copyright, © 2015 Red Lion Controls, Inc.
20 Willow Springs Circle
York, PA 17406
All rights reserved. Red Lion, the Red Lion logo and N-Tron are registered trademarks of Red Lion Controls,
Inc. All other company and product names are trademarks of their respective owners.
The information contained in this document is subject to change without notice. Red Lion makes no warranty
of any kind with regard to this material, including, but not limited to, the implied warranties of merchantability
or fitness for a particular purpose. In no event shall Red Lion be liable for any incidental, special, indirect or
consequential damages whatsoever included but not limited to lost profits arising out of errors or omissions
in this manual or the information contained herein.
R
EVISED
2015-04-10 A
BOUT THIS MANUAL
ABOUT THIS MANUAL
Purpose This manual gives specific information on how to operate and use the management
functions of the switch.
Audience The manual is intended for use by network administrators who are responsible for
operating and maintaining network equipment; consequently, it assumes a basic
working knowledge of general switch functions, the Internet Protocol (IP), and Simple
Network Management Protocol (SNMP).
Conventions The following conventions are used throughout this guide to show information:
N
OTE
:
Emphasizes important information or calls your attention to related features
orinstructions.
C
AUTION
:
Alerts you to a potential hazard that could cause loss of data, or damage
the system or equipment.
W
ARNING
:
Alerts you to a potential hazardthatcouldcausepersonalinjury.
Related Publications The following publication details the hardware features of the switch, including the
physical and performance-related characteristics, and how to install the switch:
The Installation Guide
Also, as part of the switch’s software, there is an online web-based help that describes
all management related features.
Sixnet Series MIL300 Software Manual - 1 -
A
BOUT THIS MANUAL
Revision History The following information lists the release history of this document.
Issue / Revision Date Content Description
R
EVISED
2015-04-10
April 2015 This manual is valid for software release v1.2.2.16.
Added VRRP (Virtual Router Redundancy Protocol) support for accept mode
(RFC 5798).
Removed invalid references to stacking.
- 2 - Sixnet Series MIL300 Software Manual
R
EVISED
2015-04-10 C
CONTENTS
GETTING STARTED 37
1 INTRODUCTION 39
Key Features 39
Description of Software Features 40
Configuration Backup and Restore 40
Authentication 40
Access Control Lists 41
DHCP 41
ONTENTS
Port Configuration 41
Rate Limiting 41
Port Mirroring 41
Port Trunking 41
Broadcast Storm Control 41
Static Addresses 42
IP Address Filtering 42
IEEE 802.1D Bridge 42
Store-and-Forward Switching 42
Spanning Tree Algorithm 42
Virtual LANs 43
IEEE 802.1Q Tunneling (QinQ) 43
Traffic Prioritization 43
Quality of Service 43
IP Routing 44
Equal-cost Multipath Load Balancing 44
Router Redundancy 44
Address Resolution Protocol 44
Multicast Filtering 45
Multicast Routing 45
System Defaults 45
2 INITIAL SWITCH CONFIGURATION 49
Sixnet Series MIL300 Software Manual - 3 -
C
ONTENTS
R
EVISED
2015-04-10
Connecting to the Switch 49
Configuration Options 49
Required Connections 50
Remote Connections 51
Basic Configuration 51
Console Connection 51
Setting Passwords 52
Setting an IP Address 52
Enabling SNMP Management Access 57
Managing System Files 59
Saving or Restoring Configuration Settings 60
WEB CONFIGURATION 63
3 USING THE WEB INTERFACE 65
Connecting to the Web Interface 65
Navigating the Web Browser Interface 66
Home Page 66
Configuration Options 67
Panel Display 67
Main Menu 68
4 BASIC MANAGEMENT TASKS 85
Displaying System Information 85
Displaying Switch Hardware/Software Versions 86
Configuring Support for Jumbo Frames 88
Displaying Bridge Extension Capabilities 89
Managing System Files 90
Copying Files via FTP/TFTP or HTTP 90
Saving the Running Configuration to a Local File 92
Setting The Start-Up File 93
Showing System Files 94
Setting the System Clock 95
Setting the Time Manually 95
Configuring SNTP 96
Specifying SNTP Time Servers 97
Setting the Time Zone 98
- 4 - Sixnet Series MIL300 Software Manual
R
EVISED
2015-04-10 C
Console Port Settings 98
Telnet Settings 100
Displaying CPU Utilization 102
Displaying Memory Utilization 102
Resetting the System 103
5 INTERFACE CONFIGURATION 107
Port Configuration 107
Configuring by Port List 107
Configuring by Port Range 110
Displaying Connection Status 110
Configuring Port Mirroring 112
Showing Port or Trunk Statistics 113
Performing Cable Diagnostics 117
Trunk Configuration 119
ONTENTS
Configuring a Static Trunk 119
Configuring a Dynamic Trunk 122
Displaying LACP Port Counters 127
Displaying LACP Settings and Status for the Local Side 128
Displaying LACP Settings and Status for the Remote Side 130
Sampling Traffic Flows 131
Configuring sFlow Parameters 132
Traffic Segmentation 133
Enabling Traffic Segmentation 133
Configuring Uplink and Downlink Ports 134
VLAN Trunking 135
6 VLAN CONFIGURATION 137
IEEE 802.1Q VLANs 137
Configuring VLAN Groups 140
Adding Static Members to VLANs 142
Configuring Dynamic VLAN Registration 147
Private VLANs 150
Creating Private VLANs 150
Associating Private VLANs 152
Configuring Private VLAN Interfaces 153
IEEE 802.1Q Tunneling 155
Enabling QinQ Tunneling on the Switch 158
Sixnet Series MIL300 Software Manual - 5 -
C
ONTENTS
R
EVISED
2015-04-10
Adding an Interface to a QinQ Tunnel 159
Protocol VLANs 161
Configuring Protocol VLAN Groups 162
Mapping Protocol Groups to Interfaces 163
Configuring IP Subnet VLANs 165
Configuring MAC-based VLANs 167
7 ADDRESS TABLE SETTINGS 169
Configuring MAC Address Learning 169
Setting Static Addresses 170
Changing the Aging Time 172
Displaying the Dynamic Address Table 173
Clearing the Dynamic Address Table 174
8 SPANNING TREE ALGORITHM 177
Overview 177
Configuring Loopback Detection 179
Configuring Global Settings for STA 181
Displaying Global Settings for STA 186
Configuring Interface Settings for STA 187
Displaying Interface Settings for STA 190
Configuring Multiple Spanning Trees 193
Configuring Interface Settings for MSTP 197
9 RATE LIMIT CONFIGURATION 199
10 STORM CONTROL CONFIGURATION 201
11 CLASS OF SERVICE 203
Layer 2 Queue Settings 203
Setting the Default Priority for Interfaces 203
Selecting the Queue Mode 204
Mapping CoS Values to Egress Queues 207
Layer 3/4 Priority Settings 210
Mapping DSCP Priority 210
Mapping IP Precedence 213
Mapping IP Port Priority 215
12 QUALITY OF SERVICE 217
Overview 217
Configuring a Class Map 218
Creating QoS Policies 221
- 6 - Sixnet Series MIL300 Software Manual
R
EVISED
2015-04-10 C
Attaching a Policy Map to a Port 230
13 VO IP TRAFFIC CONFIGURATION 231
Overview 231
Configuring VoIP Traffic 231
Configuring Telephony OUI 232
Configuring VoIP Traffic Ports 234
14 SECURITY MEASURES 237
AAA Authorization and Accounting 238
Configuring Local/Remote Logon Authentication 239
Configuring Remote Logon Authentication Servers 240
Configuring AAA Accounting 244
Configuring AAA Authorization 249
Configuring User Accounts 252
Web Authentication 253
ONTENTS
Configuring Global Settings for Web Authentication 254
Configuring Interface Settings for Web Authentication 255
Network Access (MAC Address Authentication) 256
Configuring Global Settings for Network Access 258
Configuring Network Access for Ports 259
Configuring Port Link Detection 261
Configuring a MAC Address Filter 262
Displaying Secure MAC Address Information 263
Configuring HTTPS 265
Configuring Global Settings for HTTPS 265
Replacing the Default Secure-site Certificate 266
Configuring the Secure Shell 268
Configuring the SSH Server 270
Generating the Host Key Pair 272
Importing User Public Keys 273
Access Control Lists 275
Setting A Time Range 276
Showing TCAM Utilization 279
Setting the ACL Name and Type 280
Configuring a Standard IPv4 ACL 281
Configuring an Extended IPv4 ACL 283
Configuring a Standard IPv6 ACL 285
Sixnet Series MIL300 Software Manual - 7 -
C
ONTENTS
R
EVISED
2015-04-10
Configuring an Extended IPv6 ACL 287
Configuring a MAC ACL 289
Configuring an ARP ACL 291
Binding a Port to an Access Control List 293
ARP Inspection 294
Configuring Global Settings for ARP Inspection 295
Configuring VLAN Settings for ARP Inspection 297
Configuring Interface Settings for ARP Inspection 298
Displaying ARP Inspection Statistics 300
Displaying the ARP Inspection Log 301
Filtering IP Addresses for Management Access 302
Configuring Port Security 304
Configuring 802.1X Port Authentication 305
Configuring 802.1X Global Settings 307
Configuring Port Settings for 802.1X 308
Displaying 802.1X Statistics 312
IP Source Guard 313
Configuring Ports for IP Source Guard 313
Configuring Static Bindings for IP Source Guard 315
Displaying Information for Dynamic IP Source Guard Bindings 317
DHCP Snooping 318
DHCP Snooping Configuration 320
DHCP Snooping VLAN Configuration 321
Configuring Ports for DHCP Snooping 322
Displaying DHCP Snooping Binding Information 323
15 BASIC ADMINISTRATION PROTOCOLS 325
Configuring Event Logging 325
System Log Configuration 325
Remote Log Configuration 328
Sending Simple Mail Transfer Protocol Alerts 329
Link Layer Discovery Protocol 330
Setting LLDP Timing Attributes 330
Configuring LLDP Interface Attributes 332
Displaying LLDP Local Device Information 335
Displaying LLDP Remote Port Information 337
Displaying Device Statistics 341
- 8 - Sixnet Series MIL300 Software Manual
R
EVISED
2015-04-10 C
Simple Network Management Protocol 343
Configuring Global Settings for SNMP 345
Setting the Local Engine ID 346
Specifying a Remote Engine ID 347
Setting SNMPv3 Views 348
Configuring SNMPv3 Groups 351
Setting Community Access Strings 354
Configuring Local SNMPv3 Users 356
Configuring Remote SNMPv3 Users 358
Specifying Trap Managers 360
Remote Monitoring 364
Configuring RMON Alarms 365
Configuring RMON Events 367
Configuring RMON History Samples 369
ONTENTS
Configuring RMON Statistical Samples 372
16 MULTICAST FILTERING 375
Overview 375
IGMP Protocol 376
Layer 2 IGMP (Snooping and Query) 377
Configuring IGMP Snooping and Query Parameters 379
Specifying Static Interfaces for a Multicast Router 382
Assigning Interfaces to Multicast Services 384
Setting IGMP Snooping Status per Interface 386
Filtering IGMP Query Packets and Multicast Data 391
Displaying Multicast Groups Discovered by IGMP Snooping 392
Filtering and Throttling IGMP Groups 393
Enabling IGMP Filtering and Throttling 393
Configuring IGMP Filter Profiles 394
Configuring IGMP Filtering and Throttling for Interfaces 396
Layer 3 IGMP (Query used with Multicast Routing) 397
Configuring IGMP Proxy Routing 398
Configuring IGMP Interface Parameters 401
Configuring Static IGMP Group Membership 403
Displaying Multicast Group Information 405
Multicast VLAN Registration 408
Configuring Global MVR Settings 409
Sixnet Series MIL300 Software Manual - 9 -
C
ONTENTS
R
EVISED
2015-04-10
Configuring the MVR Group Range 410
Configuring MVR Interface Status 411
Assigning Static Multicast Groups to Interfaces 413
Showing Multicast Groups Assigned to Interfaces 415
17 IP CONFIGURATION 417
Setting the Switch’s IP Address (IP Version 4) 417
Setting the Switch’s IP Address (IP Version 6) 420
Configuring the IPv6 Default Gateway 421
Configuring IPv6 Interface Settings 421
Configuring an IPv6 Address 424
Showing IPv6 Addresses 426
Showing the IPv6 Neighbor Cache 428
Showing IPv6 Statistics 429
Showing the MTU for Responding Destinations 435
18 GENERAL IP ROUTING 437
Overview 437
Initial Configuration 437
IP Routing and Switching 438
Routing Path Management 439
Routing Protocols 439
Configuring IP Routing Interfaces 440
Configuring Local and Remote Interfaces 440
Using the Ping Function 440
Using the Trace Route Function 442
Address Resolution Protocol 443
Basic ARP Configuration 444
Configuring Static ARP Addresses 445
Displaying Dynamic or Local ARP Entries 447
Displaying ARP Statistics 448
Configuring Static Routes 449
Displaying the Routing Table 450
Equal-cost Multipath Routing 452
19 CONFIGURING ROUTER REDUNDANCY 455
Configuring VRRP Groups 456
Displaying VRRP Global Statistics 462
Displaying VRRP Group Statistics 462
- 10 - Sixnet Series MIL300 Software Manual
R
EVISED
2015-04-10 C
20 IP SERVICES 465
Domain Name Service 465
Configuring General DNS Service Parameters 465
Configuring a List of Domain Names 466
Configuring a List of Name Servers 468
Configuring Static DNS Host to Address Entries 469
Displaying the DNS Cache 470
Dynamic Host Configuration Protocol 471
Specifying A DHCP Client Identifier 471
Configuring DHCP Relay Service 472
Configuring the DHCP Server 474
Forwarding UDP Service Requests 481
Enabling the UDP Helper 481
Specifying UDP Destination Ports 482
ONTENTS
Specifying The Target Server or Subnet 483
21 UNICAST ROUTING 485
Overview 485
Configuring the Routing Information Protocol 486
Configuring General Protocol Settings 487
Clearing Entries from the Routing Table 490
Specifying Network Interfaces 491
Specifying Passive Interfaces 493
Specifying Static Neighbors 494
Configuring Route Redistribution 495
Specifying an Administrative Distance 496
Configuring Network Interfaces for RIP 498
Displaying RIP Interface Settings 502
Displaying Peer Router Information 503
Resetting RIP Statistics 503
Configuring the Open Shortest Path First Protocol (Version 2) 504
Defining Network Areas Based on Addresses 506
Configuring General Protocol Settings 509
Displaying Administrative Settings and Statistics 511
Adding an NSSA or Stub 513
Configuring NSSA Settings 514
Configuring Stub Settings 517
Sixnet Series MIL300 Software Manual - 11 -
C
ONTENTS
R
EVISED
2015-04-10
Displaying Information on NSSA and Stub Areas 519
Configuring Area Ranges (Route Summarization for ABRs) 520
Redistributing External Routes 522
Configuring Summary Addresses (for External AS Routes) 524
Configuring OSPF Interfaces 525
Configuring Virtual Links 531
Displaying Link State Database Information 534
Displaying Information on Neighboring Routers 536
Configuring the Open Shortest Path First Protocol (Version 3) 537
Creating a Routing Process 539
Configuring General Protocol Settings 540
Setting an Interface to Passive Mode 544
Adding a Stub 545
Displaying Information on Stubs 547
Configuring Area Ranges (Route Summarization for ABRs) 548
Configuring Virtual Links 550
Configuring OSPFv3 Interfaces 553
Showing OSPFv3 Interface Status 557
Showing OSPFv3 Interface Protocol Counters 559
Displaying Information on Neighboring Routers 560
Displaying Information on Virtual Neighbors 561
Displaying The OSPFv3 Routing Table 562
Displaying Information on Virtual Links 563
22 MULTICAST ROUTING 565
Overview 565
Configuring Global Settings for Multicast Routing 568
Enabling Multicast Routing Globally 568
Displaying the Multicast Routing Table 569
Configuring PIM for IPv4 572
Enabling PIM Globally 572
Configuring PIM Interface Settings 572
Displaying Neighbor Information 578
Configuring Global PIM-SM Settings 578
Configuring a BSR Candidate 580
Configuring a Static Rendezvous Point 581
Configuring an RP Candidate 583
- 12 - Sixnet Series MIL300 Software Manual
R
EVISED
2015-04-10 C
Displaying the BSR Router 585
Displaying RP Mapping 586
Configuring PIMv6 for IPv6 587
Enabling PIM Globally 587
Configuring PIM Interface Settings 588
Displaying Neighbor Information 591
COMMAND LINE INTERFACE 593
23 USING THE COMMAND LINE INTERFACE 599
Accessing the CLI 599
Console Connection 599
Telnet Connection 600
Entering Commands 601
ONTENTS
Keywords and Arguments 601
Minimum Abbreviation 601
Command Completion 601
Getting Help on Commands 602
Partial Keyword Lookup 603
Negating the Effect of Commands 603
Using Command History 604
Understanding Command Modes 604
Exec Commands 604
Configuration Commands 605
Command Line Processing 607
CLI Command Groups 608
24 GENERAL COMMANDS 607
25 SYSTEM MANAGEMENT COMMANDS 615
Device Designation 615
System Status 616
Frame Size 622
Fan Control 623
File Management 624
Line 630
Event Logging 640
SMTP Alerts 646
Sixnet Series MIL300 Software Manual - 13 -
C
ONTENTS
R
EVISED
2015-04-10
Time 649
Time Range 654
26 SNMP COMMANDS 659
27 REMOTE MONITORING COMMANDS 677
28 FLOW SAMPLING COMMANDS 685
29 AUTHENTICATION COMMANDS 691
User Accounts 691
Authentication Sequence 693
RADIUS Client 695
TACACS+ Client 700
AAA 703
Web Server 711
Telnet Server 714
Secure Shell 716
802.1X Port Authentication 725
Management IP Filter 735
30 GENERAL SECURITY MEASURES 739
Port Security 740
Network Access (MAC Address Authentication) 742
Web Authentication 755
DHCP Snooping 761
IP Source Guard 769
ARP Inspection 773
31 ACCESS CONTROL LISTS 783
IPv4 ACLs 783
IPv6 ACLs 790
MAC ACLs 796
ARP ACLs 801
ACL Information 803
32 INTERFACE COMMANDS 805
33 LINK AGGREGATION COMMANDS 823
34 PORT MIRRORING COMMANDS 833
Local Port Mirroring Commands 833
35 RATE LIMIT COMMANDS 837
36 AUTOMATIC TRAFFIC CONTROL COMMANDS 839
37 ADDRESS TABLE COMMANDS 853
- 14 - Sixnet Series MIL300 Software Manual
R
EVISED
2015-04-10 C
38 SPANNING TREE COMMANDS 859
39 VLAN COMMANDS 885
GVRP and Bridge Extension Commands 886
Editing VLAN Groups 890
Configuring VLAN Interfaces 892
Displaying VLAN Information 898
Configuring IEEE 802.1Q Tunneling 899
Configuring Port-based Traffic Segmentation 905
Configuring Private VLANs 907
Configuring Protocol-based VLANs 912
Configuring IP Subnet VLANs 915
Configuring MAC Based VLANs 917
Configuring Voice VLANs 919
40 CLASS OF SERVICE COMMANDS 927
ONTENTS
Priority Commands (Layer 2) 927
Priority Commands (Layer 3 and 4) 933
41 QUALITY OF SERVICE COMMANDS 941
42 MULTICAST FILTERING COMMANDS 957
IGMP Snooping 957
Static Multicast Routing 974
IGMP Filtering and Throttling 975
Multicast VLAN Registration 984
IGMP (Layer 3) 991
IGMP Proxy Routing 1000
MLD (Layer 3) 1002
MLD Proxy Routing 1010
43 LLDP COMMANDS 1013
44 DOMAIN NAME SERVICE COMMANDS 1031
45 DHCP COMMANDS 1039
DHCP Client 1039
DHCP Relay 1042
DHCP Server 1043
46 VRRP COMMANDS 1057
47 IP INTERFACE COMMANDS 1067
IPv4 Interface 1067
Basic IPv4 Configuration 1068
Sixnet Series MIL300 Software Manual - 15 -
C
ONTENTS
R
EVISED
2015-04-10
ARP Configuration 1073
UDP Helper Configuration 1077
IPv6 Interface 1081
IPv6 to IPv4 Tunnels 1103
48 IP ROUTING COMMANDS 1113
Global Routing Configuration 1113
Routing Information Protocol (RIP) 1120
Open Shortest Path First (OSPFv2) 1138
Open Shortest Path First (OSPFv3) 1175
49 MULTICAST ROUTING COMMANDS 1201
General Multicast Routing 1201
Static Multicast Routing 1206
PIM Multicast Routing 1208
IPv4 PIM Commands 1208
IPv6 PIM Commands 1230
SECTION I APPENDICES 1241
AX SOFTWARE SPECIFICATIONS 1243
Software Features 1243
Management Features 1244
Standards 1245
Management Information Bases 1246
AY TROUBLESHOOTING 1249
Problems Accessing the Management Interface 1249
Using System Logs 1250
AZ LICENSE INFORMATION 1251
The GNU General Public License 1251
AG GLOSSARY 1255
- 16 - Sixnet Series MIL300 Software Manual
R
EVISED
2015-04-10 F
FIGURES
Figure 1: Home Page 66
Figure 2: Front Panel Indicators 67
Figure 1: System Information 86
Figure 2: General Switch Information 87
Figure 3: Configuring Support for Jumbo Frames 88
Figure 4: Displaying Bridge Extension Configuration 90
Figure 5: Copy Firmware 92
Figure 6: Saving the Running Configuration 93
Figure 7: Setting Start-Up Files 94
IGURES
Figure 8: Displaying System Files 94
Figure 9: Manually Setting the System Clock 96
Figure 10: Setting the Polling Interval for SNTP 97
Figure 11: Specifying SNTP Time Servers 97
Figure 12: Setting the Time Zone 98
Figure 13: Console Port Settings 100
Figure 14: Telnet Connection Settings 101
Figure 15: Displaying CPU Utilization 102
Figure 16: Displaying Memory Utilization 103
Figure 17: Restarting the Switch (Immediately) 105
Figure 18: Restarting the Switch (In) 105
Figure 19: Restarting the Switch (At) 106
Figure 20: Restarting the Switch (Regularly) 106
Figure 1: Configuring Connections by Port List 109
Figure 2: Configuring Connections by Port Range 110
Figure 3: Displaying Port Information 111
Figure 4: Configuring Local Port Mirroring 112
Figure 5: Configuring Local Port Mirroring 113
Figure 6: Displaying Local Port Mirror Sessions 113
Figure 7: Showing Port Statistics (Table) 116
Figure 8: Showing Port Statistics (Chart) 117
Figure 9: Performing Cable Tests 118
Figure 10: Configuring Static Trunks 120
Sixnet Series MIL300 Software Manual - 17 -
F
IGURES
R
EVISED
2015-04-10
Figure 11: Creating Static Trunks 121
Figure 12: Adding Static Trunks Members 121
Figure 13: Configuring Connection Parameters for a Static Trunk 122
Figure 14: Displaying Connection Parameters for Static Trunks 122
Figure 15: Configuring Dynamic Trunks 122
Figure 16: Configuring the LACP Aggregator Admin Key 124
Figure 17: Enabling LACP on a Port 125
Figure 18: Configuring LACP Parameters on a Port 126
Figure 19: Showing Members of a Dynamic Trunk 126
Figure 20: Configuring Connection Settings for Dynamic Trunks 127
Figure 21: Displaying Connection Parameters for Dynamic Trunks 127
Figure 22: Displaying LACP Port Counters 128
Figure 23: Displaying LACP Port Internal Information 130
Figure 24: Displaying LACP Port Remote Information 131
Figure 25: Sampling Traffic Flows 133
Figure 26: Enabling Traffic Segmentation 134
Figure 27: Configuring Members for Traffic Segmentation 135
Figure 28: Configuring VLAN Trunking 135
Figure 29: Configuring VLAN Trunking 136
Figure 1: VLAN Compliant and VLAN Non-compliant Devices 138
Figure 2: Using GVRP 139
Figure 3: Creating Static VLANs 141
Figure 4: Modifying Settings for Static VLANs 141
Figure 5: Showing Static VLANs 142
Figure 6: Configuring Static Members by VLAN Index 145
Figure 7: Configuring Static VLAN Members by Interface 146
Figure 8: Configuring Static VLAN Members by Interface Range 146
Figure 9: Configuring Global Status of GVRP 148
Figure 10: Configuring GVRP for an Interface 149
Figure 11: Showing Dynamic VLANs Registered on the Switch 149
Figure 12: Showing the Members of a Dynamic VLAN 150
Figure 13: Configuring Private VLANs 151
Figure 14: Showing Private VLANs 152
Figure 15: Associating Private VLANs 153
Figure 16: Showing Associated VLANs 153
Figure 17: Configuring Interfaces for Private VLANs 154
- 18 - Sixnet Series MIL300 Software Manual
R
EVISED
2015-04-10 F
Figure 18: QinQ Operational Concept 156
Figure 19: Enabling QinQ Tunneling 159
Figure 20: Adding an Interface to a QinQ Tunnel 161
Figure 21: Configuring Protocol VLANs 163
Figure 22: Displaying Protocol VLANs 163
Figure 23: Assigning Interfaces to Protocol VLANs 164
Figure 24: Showing the Interface to Protocol Group Mapping 165
Figure 25: Configuring IP Subnet VLANs 166
Figure 26: Showing IP Subnet VLANs 167
Figure 27: Configuring MAC-Based VLANs 168
Figure 28: Showing MAC-Based VLANs 168
Figure 1: Configuring MAC Address Learning 170
Figure 2: Configuring Static MAC Addresses 172
Figure 3: Displaying Static MAC Addresses 172
IGURES
Figure 4: Setting the Address Aging Time 173
Figure 5: Displaying the Dynamic MAC Address Table 174
Figure 6: Clearing Entries in the Dynamic MAC Address Table 175
Figure 1: STP Root Ports and Designated Ports 178
Figure 2: MSTP Region, Internal Spanning Tree, Multiple Spanning Tree 178
Figure 3: Common Internal Spanning Tree, Common Spanning Tree, Internal
Spanning Tree 179
Figure 4: Configuring Port Loopback Detection 180
Figure 5: Configuring Global Settings for STA (STP) 184
Figure 6: Configuring Global Settings for STA (RSTP) 185
Figure 7: Configuring Global Settings for STA (MSTP) 185
Figure 8: Displaying Global Settings for STA 187
Figure 9: Configuring Interface Settings for STA 190
Figure 10: STA Port Roles 192
Figure 11: Displaying Interface Settings for STA 192
Figure 12: Creating an MST Instance 194
Figure 13: Displaying MST Instances 194
Figure 14: Modifying the Priority for an MST Instance 195
Figure 15: Displaying Global Settings for an MST Instance 195
Figure 16: Adding a VLAN to an MST Instance 196
Figure 17: Displaying Members of an MST Instance 196
Figure 18: Configuring MSTP Interface Settings 198
Figure 19: Displaying MSTP Interface Settings 198
Sixnet Series MIL300 Software Manual - 19 -
F
IGURES
R
EVISED
2015-04-10
Figure 1: Configuring Rate Limits 200
Figure 1: Configuring Storm Control 202
Figure 1: Setting the Default Port Priority 204
Figure 2: Setting the Queue Mode (Strict) 206
Figure 3: Setting the Queue Mode (WRR) 206
Figure 4: Setting the Queue Mode (Strict and WRR) 207
Figure 5: Mapping CoS Values to Egress Queues 210
Figure 6: Mapping IP DSCP Priority Values 213
Figure 7: Mapping IP Precedence Priority Values 215
Figure 8: Mapping IP Port Number Priority Values 216
Figure 9: Showing IP Port Number Priority Map 216
Figure 1: Configuring a Class Map 219
Figure 2: Showing Class Maps 220
Figure 3: Adding Rules to a Class Map 220
Figure 4: Showing the Rules for a Class Map 221
Figure 5: Configuring a Policy Map 228
Figure 6: Showing Policy Maps 228
Figure 7: Adding Rules to a Policy Map 229
Figure 8: Showing the Rules for a Policy Map 229
Figure 9: Attaching a Policy Map to a Port 230
Figure 1: Configuring a Voice VLAN 232
Figure 2: Configuring an OUI Telephony List 233
Figure 3: Showing an OUI Telephony List 234
Figure 4: Configuring Port Settings for a Voice VLAN 235
Figure 1: Configuring the Authentication Sequence 240
Figure 2: Authentication Server Operation 240
Figure 3: Configuring Remote Authentication Server (RADIUS) 243
Figure 4: Configuring Remote Authentication Server (TACACS+) 243
Figure 5: Configuring AAA Server Groups 244
Figure 6: Showing AAA Server Groups 244
Figure 7: Configuring Global Settings for AAA Accounting 246
Figure 8: Configuring AAA Accounting Methods 247
Figure 9: Showing AAA Accounting Methods 247
Figure 10: Configuring AAA Accounting Service for 802.1X Service 248
Figure 11: Configuring AAA Accounting Service for Exec Service 248
Figure 12: Displaying a Summary of Applied AAA Accounting Methods 248
- 20 - Sixnet Series MIL300 Software Manual
R
EVISED
2015-04-10 F
Figure 13: Displaying Statistics for AAA Accounting Sessions 249
Figure 14: Configuring AAA Authorization Methods 250
Figure 15: Showing AAA Authorization Methods 251
Figure 16: Configuring AAA Authorization Methods for Exec Service 251
Figure 17: Displaying the Applied AAA Authorization Method 251
Figure 18: Configuring User Accounts 253
Figure 19: Showing User Accounts 253
Figure 20: Configuring Global Settings for Web Authentication 254
Figure 21: Configuring Interface Settings for Web Authentication 255
Figure 22: Configuring Global Settings for Network Access 259
Figure 23: Configuring Interface Settings for Network Access 260
Figure 24: Configuring Link Detection for Network Access 262
Figure 25: Configuring a MAC Address Filter for Network Access 263
Figure 26: Showing the MAC Address Filter Table for Network Access 263
IGURES
Figure 27: Showing Addresses Authenticated for Network Access 264
Figure 28: Configuring HTTPS 266
Figure 29: Downloading the Secure-Site Certificate 268
Figure 30: Configuring the SSH Server 271
Figure 31: Generating the SSH Host Key Pair 273
Figure 32: Showing the SSH Host Key Pair 273
Figure 33: Copying the SSH User’s Public Key 274
Figure 34: Showing the SSH User’s Public Key 275
Figure 35: Setting the Name of a Time Range 277
Figure 36: Showing a List of Time Ranges 277
Figure 37: Add a Rule to a Time Range 278
Figure 38: Showing the Rules Configured for a Time Range 278
Figure 39: Showing TCAM Utilization 279
Figure 40: Creating an ACL 281
Figure 41: Showing a List of ACLs 281
Figure 42: Configuring a Standard IPv4 ACL 282
Figure 43: Configuring an Extended IPv4 ACL 285
Figure 44: Configuring a Standard IPv6 ACL 286
Figure 45: Configuring an Extended IPv6 ACL 289
Figure 46: Configuring a MAC ACL 291
Figure 47: Configuring a ARP ACL 293
Figure 48: Binding a Port to an ACL 294
Sixnet Series MIL300 Software Manual - 21 -
F
IGURES
R
EVISED
2015-04-10
Figure 49: Configuring Global Settings for ARP Inspection 297
Figure 50: Configuring VLAN Settings for ARP Inspection 298
Figure 51: Configuring Interface Settings for ARP Inspection 299
Figure 52: Displaying Statistics for ARP Inspection 301
Figure 53: Displaying the ARP Inspection Log 302
Figure 54: Creating an IP Address Filter for Management Access 303
Figure 55: Showing IP Addresses Authorized for Management Access 303
Figure 56: Configuring Port Security 305
Figure 57: Configuring Port Security 306
Figure 58: Configuring Global Settings for 802.1X Port Authentication 307
Figure 59: Configuring Interface Settings for 802.1X Port Authenticator 311
Figure 60: Showing Statistics for 802.1X Port Authenticator 313
Figure 61: Setting the Filter Type for IP Source Guard 315
Figure 62: Configuring Static Bindings for IP Source Guard 316
Figure 63: Displaying Static Bindings for IP Source Guard 317
Figure 64: Showing the IP Source Guard Binding Table 318
Figure 65: Configuring Global Settings for DHCP Snooping 321
Figure 66: Configuring DHCP Snooping on a VLAN 322
Figure 67: Configuring the Port Mode for DHCP Snooping 323
Figure 68: Displaying the Binding Table for DHCP Snooping 324
Figure 1: Configuring Settings for System Memory Logs 327
Figure 2: Showing Error Messages Logged to System Memory 327
Figure 3: Configuring Settings for Remote Logging of Error Messages 329
Figure 4: Configuring SMTP Alert Messages 330
Figure 5: Configuring LLDP Timing Attributes 332
Figure 6: Configuring LLDP Interface Attributes 334
Figure 7: Displaying Local Device Information for LLDP (General) 336
Figure 8: Displaying Local Device Information for LLDP (Port) 337
Figure 9: Displaying Remote Device Information for LLDP (Port) 340
Figure 10: Displaying Remote Device Information for LLDP (Port Details) 341
Figure 11: Displaying LLDP Device Statistics (General) 342
Figure 12: Displaying LLDP Device Statistics (Port) 343
Figure 13: Configuring Global Settings for SNMP 346
Figure 14: Configuring the Local Engine ID for SNMP 347
Figure 15: Configuring a Remote Engine ID for SNMP 348
Figure 16: Showing Remote Engine IDs for SNMP 348
- 22 - Sixnet Series MIL300 Software Manual
R
EVISED
2015-04-10 F
Figure 17: Creating an SNMP View 349
Figure 18: Showing SNMP Views 350
Figure 19: Adding an OID Subtree to an SNMP View 350
Figure 20: Showing the OID Subtree Configured for SNMP Views 351
Figure 21: Creating an SNMP Group 354
Figure 22: Showing SNMP Groups 354
Figure 23: Setting Community Access Strings 355
Figure 24: Showing Community Access Strings 356
Figure 25: Configuring Local SNMPv3 Users 357
Figure 26: Showing Local SNMPv3 Users 358
Figure 27: Configuring Remote SNMPv3 Users 359
Figure 28: Showing Remote SNMPv3 Users 360
Figure 29: Configuring Trap Managers (SNMPv1) 363
Figure 30: Configuring Trap Managers (SNMPv2c) 363
IGURES
Figure 31: Configuring Trap Managers (SNMPv3) 364
Figure 32: Showing Trap Managers 364
Figure 33: Configuring an RMON Alarm 367
Figure 34: Showing Configured RMON Alarms 367
Figure 35: Configuring an RMON Event 369
Figure 36: Showing Configured RMON Events 369
Figure 37: Configuring an RMON History Sample 371
Figure 38: Showing Configured RMON History Samples 371
Figure 39: Showing Collected RMON History Samples 372
Figure 40: Configuring an RMON Statistical Sample 373
Figure 41: Showing Configured RMON Statistical Samples 373
Figure 42: Showing Collected RMON Statistical Samples 374
Figure 1: Multicast Filtering Concept 375
Figure 2: IGMP Protocol 377
Figure 3: Configuring General Settings for IGMP Snooping 382
Figure 4: Configuring a Static Interface for a Multicast Router 383
Figure 5: Showing Static Interfaces Attached a Multicast Router 383
Figure 6: Showing Current Interfaces Attached a Multicast Router 384
Figure 7: Assigning an Interface to a Multicast Service 385
Figure 8: Showing Static Interfaces Assigned to a Multicast Service 385
Figure 9: Showing Current Interfaces Assigned to a Multicast Service 386
Figure 10: Configuring IGMP Snooping on an Interface 390
Sixnet Series MIL300 Software Manual - 23 -
F
IGURES
R
EVISED
2015-04-10
Figure 11: Showing Interface Settings for IGMP Snooping 391
Figure 12: Dropping IGMP Query or Multicast Data Packets 391
Figure 13: Showing Multicast Groups Learned by IGMP Snooping 392
Figure 14: Enabling IGMP Filtering and Throttling 394
Figure 15: Creating an IGMP Filtering Profile 395
Figure 16: Showing the IGMP Filtering Profiles Created 395
Figure 17: Adding Multicast Groups to an IGMP Filtering Profile 396
Figure 18: Showing the Groups Assigned to an IGMP Filtering Profile 396
Figure 19: Configuring IGMP Filtering and Throttling Interface Settings 397
Figure 20: IGMP Proxy Routing 399
Figure 21: Configuring IGMP Proxy Routing 401
Figure 22: Configuring IGMP Interface Settings 403
Figure 23: Configuring Static IGMP Groups 404
Figure 24: Showing Static IGMP Groups 405
Figure 25: Displaying Multicast Groups Learned from IGMP (Information) 407
Figure 26: Displaying Multicast Groups Learned from IGMP (Detail) 407
Figure 27: MVR Concept 408
Figure 28: Configuring Global Settings for MVR 410
Figure 29: Configuring the Group Range for MVR 411
Figure 30: Showing the Configured Group Range for MVR 411
Figure 31: Configuring Interface Settings for MVR 413
Figure 32: Assigning Static MVR Groups to a Port 414
Figure 33: Showing the Static MVR Groups Assigned to a Port 414
Figure 34: Showing All MVR Groups Assigned to a Port 415
Figure 1: Configuring a Static IPv4 Address 419
Figure 2: Configuring a Dynamic IPv4 Address 419
Figure 3: Showing the Configured IP Address for an Interface 420
Figure 4: Configuring the IPv6 Default Gateway 421
Figure 5: Configuring General Settings for an IPv6 Interface 424
Figure 6: Configuring an IPv6 Address 426
Figure 7: Showing Configured IPv6 Addresses 428
Figure 8: Showing IPv6 Neighbors 429
Figure 9: Showing IPv6 Statistics (IPv6) 433
Figure 10: Showing IPv6 Statistics (ICMPv6) 434
Figure 11: Showing IPv6 Statistics (UDP) 434
Figure 12: Showing Reported MTU Values 435
- 24 - Sixnet Series MIL300 Software Manual
R
EVISED
2015-04-10 F
Figure 1: Virtual Interfaces and Layer 3 Routing 438
Figure 2: Pinging a Network Device 442
Figure 3: Tracing the Route to a Network Device 443
Figure 4: Proxy ARP 444
Figure 5: Configuring General Settings for ARP 445
Figure 6: Configuring Static ARP Entries 446
Figure 7: Displaying Static ARP Entries 447
Figure 8: Displaying Dynamic ARP Entries 447
Figure 9: Displaying Local ARP Entries 448
Figure 10: Displaying ARP Statistics 448
Figure 11: Configuring Static Routes 450
Figure 12: Displaying Static Routes 450
Figure 13: Displaying the Routing Table 452
Figure 14: Setting the Maximum ECMP Number 453
IGURES
Figure 1: Master Virtual Router with Backup Routers 455
Figure 2: Several Virtual Master Routers Using Backup Routers 455
Figure 3: Several Virtual Master Routers Configured for Mutual Backup and Load Sharing 456
Figure 4: Configuring the VRRP Group ID 459
Figure 5: Showing Configured VRRP Groups 460
Figure 6: Setting the Virtual Router Address for a VRRP Group 460
Figure 7: Showing the Virtual Addresses Assigned to VRRP Groups 461
Figure 8: Configuring Detailed Settings for a VRRP Group 461
Figure 9: Showing Counters for Errors Found in VRRP Packets 462
Figure 10: Showing Counters for Errors Found in a VRRP Group 464
Figure 1: Configuring General Settings for DNS 466
Figure 2: Configuring a List of Domain Names for DNS 467
Figure 3: Showing the List of Domain Names for DNS 467
Figure 4: Configuring a List of Name Servers for DNS 468
Figure 5: Showing the List of Name Servers for DNS 469
Figure 6: Configuring Static Entries in the DNS Table 470
Figure 7: Showing Static Entries in the DNS Table 470
Figure 8: Showing Entries in the DNS Cache 471
Figure 9: Specifying A DHCP Client Identifier 472
Figure 10: Layer 3 DHCP Relay Service 473
Figure 11: Configuring DHCP Relay Service 474
Figure 12: DHCP Server 474
Sixnet Series MIL300 Software Manual - 25 -
F
IGURES
R
EVISED
2015-04-10
Figure 13: Enabling the DHCP Server 475
Figure 14: Configuring Excluded Addresses on the DHCP Server 476
Figure 15: Showing Excluded Addresses on the DHCP Server 476
Figure 16: Configuring DHCP Server Address Pools (Network) 479
Figure 17: Configuring DHCP Server Address Pools (Host) 479
Figure 18: Showing Configured DHCP Server Address Pools 480
Figure 19: Shows Addresses Assigned by the DHCP Server 480
Figure 20: Enabling the UDP Helper 481
Figure 21: Specifying UDP Destination Ports 482
Figure 22: Showing the UDP Destination Ports 483
Figure 23: Specifying the Target Server or Subnet for UDP Requests 484
Figure 24: Showing the Target Server or Subnet for UDP Requests 484
Figure 1: Configuring RIP 486
Figure 2: Configuring General Settings for RIP 490
Figure 3: Clearing Entries from the Routing Table 491
Figure 4: Adding Network Interfaces to RIP 492
Figure 5: Showing Network Interfaces Using RIP 492
Figure 6: Specifying a Passive RIP Interface 493
Figure 7: Showing Passive RIP Interfaces 494
Figure 8: Specifying a Static RIP Neighbor 494
Figure 9: Showing Static RIP Neighbors 495
Figure 10: Redistributing External Routes into RIP 496
Figure 11: Showing External Routes Redistributed into RIP 496
Figure 12: Setting the Distance Assigned to External Routes 498
Figure 13: Showing the Distance Assigned to External Routes 498
Figure 14: Configuring a Network Interface for RIP 501
Figure 15: Showing RIP Network Interface Settings 502
Figure 16: Showing RIP Interface Settings 503
Figure 17: Showing RIP Peer Information 503
Figure 18: Resetting RIP Statistics 504
Figure 19: Configuring OSPF 505
Figure 20: OSPF Areas 506
Figure 21: Defining OSPF Network Areas Based on Addresses 508
Figure 22: Showing OSPF Network Areas 508
Figure 23: Showing OSPF Process Identifiers 508
Figure 24: AS Boundary Router 510
- 26 - Sixnet Series MIL300 Software Manual
R
EVISED
2015-04-10 F
Figure 25: Configure General Settings for OSPF 511
Figure 26: Showing General Settings for OSPF 513
Figure 27: Adding an NSSA or Stub 514
Figure 28: Showing NSSAs or Stubs 514
Figure 29: OSPF NSSA 515
Figure 30: Configuring Protocol Settings for an NSSA 517
Figure 31: OSPF Stub Area 517
Figure 32: Configuring Protocol Settings for a Stub 519
Figure 33: Displaying Information on NSSA and Stub Areas 520
Figure 34: Route Summarization for ABRs 520
Figure 35: Configuring Route Summaries for an Area Range 521
Figure 36: Showing Configured Route Summaries 522
Figure 37: Redistributing External Routes 522
Figure 38: Importing External Routes 523
IGURES
Figure 39: Showing Imported External Route Types 524
Figure 40: Summarizing External Routes 525
Figure 41: Showing Summary Addresses for External Routes 525
Figure 42: Configuring Settings for All Interfaces Assigned to a VLAN 529
Figure 43: Configuring Settings for a Specific Area Assigned to a VLAN 530
Figure 44: Showing OSPF Interfaces 530
Figure 45: Showing MD5 Authentication Keys 531
Figure 46: OSPF Virtual Link 531
Figure 47: Adding a Virtual Link 532
Figure 48: Showing Virtual Links 533
Figure 49: Configuring Detailed Settings for a Virtual Link 533
Figure 50: Showing MD5 Authentication Keys 534
Figure 51: Displaying Information in the Link State Database 536
Figure 52: Displaying Neighbor Routers Stored in the Link State Database 537
Figure 53: Creating a Routing Process 540
Figure 54: Showing Configured Routing Processes 540
Figure 55: Configure General Settings for OSPFv3 543
Figure 56: Showing General Settings for OSPFv3 544
Figure 57: Setting an Interface to Passive Mode 545
Figure 58: Adding a Stub 546
Figure 59: Configuring an Existing Stub 547
Figure 60: Showing All Stubs 547
Sixnet Series MIL300 Software Manual - 27 -
F
IGURES
R
EVISED
2015-04-10
Figure 61: Displaying Information on Stubs 548
Figure 62: Route Summarization for ABRs 548
Figure 63: Configuring Route Summaries for an Area Range 549
Figure 64: Modifying Route Summaries for an Area Range 550
Figure 65: Showing Configured Route Summaries 550
Figure 66: OSPF Virtual Link 551
Figure 67: Adding a Virtual Link 552
Figure 68: Showing Virtual Links 552
Figure 69: Configuring Detailed Settings for a Virtual Link 553
Figure 70: Binding an OSPFv3 Area to an Interface 555
Figure 71: Showing OSPFv3 Areas Bound to an Interface 556
Figure 72: Configuring OSPFv3 Parameters for an Interface 556
Figure 73: Displaying or Modifying OSPFv3 Parameters for an Interface 557
Figure 74: Showing Protocol Counters OSPFv3 Interfaces 557
Figure 75: Showing the Status of OSPFv3 Interfaces 558
Figure 76: Showing Protocol Counters OSPFv3 Interfaces 560
Figure 77: Displaying Neighbor Routers Stored in the Link State Database 561
Figure 78: Displaying Information on Virtual Neighbors 562
Figure 79: Displaying the OSPFv3 Routing Table 563
Figure 80: Displaying Virtual Links Stored in the Link State Database 564
Figure 1: Enabling Multicast Routing 568
Figure 2: Displaying the Multicast Routing Table 571
Figure 3: Displaying Detailed Entries from the Multicast Routing Table 571
Figure 4: Enabling PIM Multicast Routing 572
Figure 5: Configuring PIM Interface Settings (Dense Mode) 577
Figure 6: Configuring PIM Interface Settings (Sparse Mode) 577
Figure 7: Showing PIM Neighbors 578
Figure 8: Configuring Global Settings for PIM-SM 580
Figure 9: Configuring a BSR Candidate 581
Figure 10: Configuring a Static Rendezvous Point 582
Figure 11: Showing Static Rendezvous Points 583
Figure 12: Configuring an RP Candidate 584
Figure 13: Showing Settings for an RP Candidate 585
Figure 14: Showing Information About the BSR 586
Figure 15: Showing RP Mapping 587
Figure 16: Enabling PIMv6 Multicast Routing 588
- 28 - Sixnet Series MIL300 Software Manual