Sixnet® Series
Gigabit Ethernet Switches
MIL312 - MIL314 - MIL316 - MIL318
Software Manual | April 2015
COPYRIGHT
Copyright, © 2015 Red Lion Controls, Inc.
20 Willow Springs Circle
York, PA 17406
All rights reserved. Red Lion, the Red Lion logo and N-Tron are registered trademarks of Red Lion Controls,
Inc. All other company and product names are trademarks of their respective owners.
The information contained in this document is subject to change without notice. Red Lion makes no warranty
of any kind with regard to this material, including, but not limited to, the implied warranties of merchantability
or fitness for a particular purpose. In no event shall Red Lion be liable for any incidental, special, indirect or
consequential damages whatsoever included but not limited to lost profits arising out of errors or omissions
in this manual or the information contained herein.
R
EVISED
2015-04-10 A
BOUT THIS MANUAL
ABOUT THIS MANUAL
Purpose This manual gives specific information on how to operate and use the management
functions of the switch.
Audience The manual is intended for use by network administrators who are responsible for
operating and maintaining network equipment; consequently, it assumes a basic
working knowledge of general switch functions, the Internet Protocol (IP), and Simple
Network Management Protocol (SNMP).
Conventions The following conventions are used throughout this guide to show information:
N
OTE
:
Emphasizesimportantinformationorcallsyourattentiontorelatedfeatures
orinstructions.
C
AUTION
:
Alertsyoutoapotentialhazardthatcouldcauselossofdata,ordamage
thesystemorequipment.
W
ARNING
:
Alertsyoutoapotentialhazardthatcouldcausepersonalinjury.
Related Publications The following publication details the hardware features of the switch, including the
physical and performance-related characteristics, and how to install the switch:
The Installation Guide
Also, as part of the switch’s software, there is an online web-based help that describes
all management related features.
Sixnet Series MIL300 Software Manual - 1 -
A
BOUT THIS MANUAL
Revision History The following information lists the release history of this document.
Issue / Revision Date Content Description
R
EVISED
2015-04-10
April 2015 This manual is valid for software release v1.2.2.16.
Added VRRP (Virtual Router Redundancy Protocol) support for accept mode
(RFC 5798).
Removed invalid references to stacking.
- 2 - Sixnet Series MIL300 Software Manual
R
EVISED
2015-04-10 C
CONTENTS
GETTING STARTED 37
1 INTRODUCTION 39
Key Features 39
Description of Software Features 40
Configuration Backup and Restore 40
Authentication 40
Access Control Lists 41
DHCP 41
ONTENTS
Port Configuration 41
Rate Limiting 41
Port Mirroring 41
Port Trunking 41
Broadcast Storm Control 41
Static Addresses 42
IP Address Filtering 42
IEEE 802.1D Bridge 42
Store-and-Forward Switching 42
Spanning Tree Algorithm 42
Virtual LANs 43
IEEE 802.1Q Tunneling (QinQ) 43
Traffic Prioritization 43
Quality of Service 43
IP Routing 44
Equal-cost Multipath Load Balancing 44
Router Redundancy 44
Address Resolution Protocol 44
Multicast Filtering 45
Multicast Routing 45
System Defaults 45
2 INITIAL SWITCH CONFIGURATION 49
Sixnet Series MIL300 Software Manual - 3 -
C
ONTENTS
R
EVISED
2015-04-10
Connecting to the Switch 49
Configuration Options 49
Required Connections 50
Remote Connections 51
Basic Configuration 51
Console Connection 51
Setting Passwords 52
Setting an IP Address 52
Enabling SNMP Management Access 57
Managing System Files 59
Saving or Restoring Configuration Settings 60
WEB CONFIGURATION 63
3 USING THE WEB INTERFACE 65
Connecting to the Web Interface 65
Navigating the Web Browser Interface 66
Home Page 66
Configuration Options 67
Panel Display 67
Main Menu 68
4 BASIC MANAGEMENT TASKS 85
Displaying System Information 85
Displaying Switch Hardware/Software Versions 86
Configuring Support for Jumbo Frames 88
Displaying Bridge Extension Capabilities 89
Managing System Files 90
Copying Files via FTP/TFTP or HTTP 90
Saving the Running Configuration to a Local File 92
Setting The Start-Up File 93
Showing System Files 94
Setting the System Clock 95
Setting the Time Manually 95
Configuring SNTP 96
Specifying SNTP Time Servers 97
Setting the Time Zone 98
- 4 - Sixnet Series MIL300 Software Manual
R
EVISED
2015-04-10 C
Console Port Settings 98
Telnet Settings 100
Displaying CPU Utilization 102
Displaying Memory Utilization 102
Resetting the System 103
5 INTERFACE CONFIGURATION 107
Port Configuration 107
Configuring by Port List 107
Configuring by Port Range 110
Displaying Connection Status 110
Configuring Port Mirroring 112
Showing Port or Trunk Statistics 113
Performing Cable Diagnostics 117
Trunk Configuration 119
ONTENTS
Configuring a Static Trunk 119
Configuring a Dynamic Trunk 122
Displaying LACP Port Counters 127
Displaying LACP Settings and Status for the Local Side 128
Displaying LACP Settings and Status for the Remote Side 130
Sampling Traffic Flows 131
Configuring sFlow Parameters 132
Traffic Segmentation 133
Enabling Traffic Segmentation 133
Configuring Uplink and Downlink Ports 134
VLAN Trunking 135
6 VLAN CONFIGURATION 137
IEEE 802.1Q VLANs 137
Configuring VLAN Groups 140
Adding Static Members to VLANs 142
Configuring Dynamic VLAN Registration 147
Private VLANs 150
Creating Private VLANs 150
Associating Private VLANs 152
Configuring Private VLAN Interfaces 153
IEEE 802.1Q Tunneling 155
Enabling QinQ Tunneling on the Switch 158
Sixnet Series MIL300 Software Manual - 5 -
C
ONTENTS
R
EVISED
2015-04-10
Adding an Interface to a QinQ Tunnel 159
Protocol VLANs 161
Configuring Protocol VLAN Groups 162
Mapping Protocol Groups to Interfaces 163
Configuring IP Subnet VLANs 165
Configuring MAC-based VLANs 167
7 ADDRESS TABLE SETTINGS 169
Configuring MAC Address Learning 169
Setting Static Addresses 170
Changing the Aging Time 172
Displaying the Dynamic Address Table 173
Clearing the Dynamic Address Table 174
8 SPANNING TREE ALGORITHM 177
Overview 177
Configuring Loopback Detection 179
Configuring Global Settings for STA 181
Displaying Global Settings for STA 186
Configuring Interface Settings for STA 187
Displaying Interface Settings for STA 190
Configuring Multiple Spanning Trees 193
Configuring Interface Settings for MSTP 197
9 RATE LIMIT CONFIGURATION 199
10 STORM CONTROL CONFIGURATION 201
11 CLASS OF SERVICE 203
Layer 2 Queue Settings 203
Setting the Default Priority for Interfaces 203
Selecting the Queue Mode 204
Mapping CoS Values to Egress Queues 207
Layer 3/4 Priority Settings 210
Mapping DSCP Priority 210
Mapping IP Precedence 213
Mapping IP Port Priority 215
12 QUALITY OF SERVICE 217
Overview 217
Configuring a Class Map 218
Creating QoS Policies 221
- 6 - Sixnet Series MIL300 Software Manual
R
EVISED
2015-04-10 C
Attaching a Policy Map to a Port 230
13 VOIP TRAFFIC CONFIGURATION 231
Overview 231
Configuring VoIP Traffic 231
Configuring Telephony OUI 232
Configuring VoIP Traffic Ports 234
14 SECURITY MEASURES 237
AAA Authorization and Accounting 238
Configuring Local/Remote Logon Authentication 239
Configuring Remote Logon Authentication Servers 240
Configuring AAA Accounting 244
Configuring AAA Authorization 249
Configuring User Accounts 252
Web Authentication 253
ONTENTS
Configuring Global Settings for Web Authentication 254
Configuring Interface Settings for Web Authentication 255
Network Access (MAC Address Authentication) 256
Configuring Global Settings for Network Access 258
Configuring Network Access for Ports 259
Configuring Port Link Detection 261
Configuring a MAC Address Filter 262
Displaying Secure MAC Address Information 263
Configuring HTTPS 265
Configuring Global Settings for HTTPS 265
Replacing the Default Secure-site Certificate 266
Configuring the Secure Shell 268
Configuring the SSH Server 270
Generating the Host Key Pair 272
Importing User Public Keys 273
Access Control Lists 275
Setting A Time Range 276
Showing TCAM Utilization 279
Setting the ACL Name and Type 280
Configuring a Standard IPv4 ACL 281
Configuring an Extended IPv4 ACL 283
Configuring a Standard IPv6 ACL 285
Sixnet Series MIL300 Software Manual - 7 -
C
ONTENTS
R
EVISED
2015-04-10
Configuring an Extended IPv6 ACL 287
Configuring a MAC ACL 289
Configuring an ARP ACL 291
Binding a Port to an Access Control List 293
ARP Inspection 294
Configuring Global Settings for ARP Inspection 295
Configuring VLAN Settings for ARP Inspection 297
Configuring Interface Settings for ARP Inspection 298
Displaying ARP Inspection Statistics 300
Displaying the ARP Inspection Log 301
Filtering IP Addresses for Management Access 302
Configuring Port Security 304
Configuring 802.1X Port Authentication 305
Configuring 802.1X Global Settings 307
Configuring Port Settings for 802.1X 308
Displaying 802.1X Statistics 312
IP Source Guard 313
Configuring Ports for IP Source Guard 313
Configuring Static Bindings for IP Source Guard 315
Displaying Information for Dynamic IP Source Guard Bindings 317
DHCP Snooping 318
DHCP Snooping Configuration 320
DHCP Snooping VLAN Configuration 321
Configuring Ports for DHCP Snooping 322
Displaying DHCP Snooping Binding Information 323
15 BASIC ADMINISTRATION PROTOCOLS 325
Configuring Event Logging 325
System Log Configuration 325
Remote Log Configuration 328
Sending Simple Mail Transfer Protocol Alerts 329
Link Layer Discovery Protocol 330
Setting LLDP Timing Attributes 330
Configuring LLDP Interface Attributes 332
Displaying LLDP Local Device Information 335
Displaying LLDP Remote Port Information 337
Displaying Device Statistics 341
- 8 - Sixnet Series MIL300 Software Manual
R
EVISED
2015-04-10 C
Simple Network Management Protocol 343
Configuring Global Settings for SNMP 345
Setting the Local Engine ID 346
Specifying a Remote Engine ID 347
Setting SNMPv3 Views 348
Configuring SNMPv3 Groups 351
Setting Community Access Strings 354
Configuring Local SNMPv3 Users 356
Configuring Remote SNMPv3 Users 358
Specifying Trap Managers 360
Remote Monitoring 364
Configuring RMON Alarms 365
Configuring RMON Events 367
Configuring RMON History Samples 369
ONTENTS
Configuring RMON Statistical Samples 372
16 MULTICAST FILTERING 375
Overview 375
IGMP Protocol 376
Layer 2 IGMP (Snooping and Query) 377
Configuring IGMP Snooping and Query Parameters 379
Specifying Static Interfaces for a Multicast Router 382
Assigning Interfaces to Multicast Services 384
Setting IGMP Snooping Status per Interface 386
Filtering IGMP Query Packets and Multicast Data 391
Displaying Multicast Groups Discovered by IGMP Snooping 392
Filtering and Throttling IGMP Groups 393
Enabling IGMP Filtering and Throttling 393
Configuring IGMP Filter Profiles 394
Configuring IGMP Filtering and Throttling for Interfaces 396
Layer 3 IGMP (Query used with Multicast Routing) 397
Configuring IGMP Proxy Routing 398
Configuring IGMP Interface Parameters 401
Configuring Static IGMP Group Membership 403
Displaying Multicast Group Information 405
Multicast VLAN Registration 408
Configuring Global MVR Settings 409
Sixnet Series MIL300 Software Manual - 9 -
C
ONTENTS
R
EVISED
2015-04-10
Configuring the MVR Group Range 410
Configuring MVR Interface Status 411
Assigning Static Multicast Groups to Interfaces 413
Showing Multicast Groups Assigned to Interfaces 415
17 IP CONFIGURATION 417
Setting the Switch’s IP Address (IP Version 4) 417
Setting the Switch’s IP Address (IP Version 6) 420
Configuring the IPv6 Default Gateway 421
Configuring IPv6 Interface Settings 421
Configuring an IPv6 Address 424
Showing IPv6 Addresses 426
Showing the IPv6 Neighbor Cache 428
Showing IPv6 Statistics 429
Showing the MTU for Responding Destinations 435
18 GENERAL IP ROUTING 437
Overview 437
Initial Configuration 437
IP Routing and Switching 438
Routing Path Management 439
Routing Protocols 439
Configuring IP Routing Interfaces 440
Configuring Local and Remote Interfaces 440
Using the Ping Function 440
Using the Trace Route Function 442
Address Resolution Protocol 443
Basic ARP Configuration 444
Configuring Static ARP Addresses 445
Displaying Dynamic or Local ARP Entries 447
Displaying ARP Statistics 448
Configuring Static Routes 449
Displaying the Routing Table 450
Equal-cost Multipath Routing 452
19 CONFIGURING ROUTER REDUNDANCY 455
Configuring VRRP Groups 456
Displaying VRRP Global Statistics 462
Displaying VRRP Group Statistics 462
- 10 - Sixnet Series MIL300 Software Manual
R
EVISED
2015-04-10 C
20 IP SERVICES 465
Domain Name Service 465
Configuring General DNS Service Parameters 465
Configuring a List of Domain Names 466
Configuring a List of Name Servers 468
Configuring Static DNS Host to Address Entries 469
Displaying the DNS Cache 470
Dynamic Host Configuration Protocol 471
Specifying A DHCP Client Identifier 471
Configuring DHCP Relay Service 472
Configuring the DHCP Server 474
Forwarding UDP Service Requests 481
Enabling the UDP Helper 481
Specifying UDP Destination Ports 482
ONTENTS
Specifying The Target Server or Subnet 483
21 UNICAST ROUTING 485
Overview 485
Configuring the Routing Information Protocol 486
Configuring General Protocol Settings 487
Clearing Entries from the Routing Table 490
Specifying Network Interfaces 491
Specifying Passive Interfaces 493
Specifying Static Neighbors 494
Configuring Route Redistribution 495
Specifying an Administrative Distance 496
Configuring Network Interfaces for RIP 498
Displaying RIP Interface Settings 502
Displaying Peer Router Information 503
Resetting RIP Statistics 503
Configuring the Open Shortest Path First Protocol (Version 2) 504
Defining Network Areas Based on Addresses 506
Configuring General Protocol Settings 509
Displaying Administrative Settings and Statistics 511
Adding an NSSA or Stub 513
Configuring NSSA Settings 514
Configuring Stub Settings 517
Sixnet Series MIL300 Software Manual - 11 -
C
ONTENTS
R
EVISED
2015-04-10
Displaying Information on NSSA and Stub Areas 519
Configuring Area Ranges (Route Summarization for ABRs) 520
Redistributing External Routes 522
Configuring Summary Addresses (for External AS Routes) 524
Configuring OSPF Interfaces 525
Configuring Virtual Links 531
Displaying Link State Database Information 534
Displaying Information on Neighboring Routers 536
Configuring the Open Shortest Path First Protocol (Version 3) 537
Creating a Routing Process 539
Configuring General Protocol Settings 540
Setting an Interface to Passive Mode 544
Adding a Stub 545
Displaying Information on Stubs 547
Configuring Area Ranges (Route Summarization for ABRs) 548
Configuring Virtual Links 550
Configuring OSPFv3 Interfaces 553
Showing OSPFv3 Interface Status 557
Showing OSPFv3 Interface Protocol Counters 559
Displaying Information on Neighboring Routers 560
Displaying Information on Virtual Neighbors 561
Displaying The OSPFv3 Routing Table 562
Displaying Information on Virtual Links 563
22 MULTICAST ROUTING 565
Overview 565
Configuring Global Settings for Multicast Routing 568
Enabling Multicast Routing Globally 568
Displaying the Multicast Routing Table 569
Configuring PIM for IPv4 572
Enabling PIM Globally 572
Configuring PIM Interface Settings 572
Displaying Neighbor Information 578
Configuring Global PIM-SM Settings 578
Configuring a BSR Candidate 580
Configuring a Static Rendezvous Point 581
Configuring an RP Candidate 583
- 12 - Sixnet Series MIL300 Software Manual
R
EVISED
2015-04-10 C
Displaying the BSR Router 585
Displaying RP Mapping 586
Configuring PIMv6 for IPv6 587
Enabling PIM Globally 587
Configuring PIM Interface Settings 588
Displaying Neighbor Information 591
COMMAND LINE INTERFACE 593
23 USING THE COMMAND LINE INTERFACE 599
Accessing the CLI 599
Console Connection 599
Telnet Connection 600
Entering Commands 601
ONTENTS
Keywords and Arguments 601
Minimum Abbreviation 601
Command Completion 601
Getting Help on Commands 602
Partial Keyword Lookup 603
Negating the Effect of Commands 603
Using Command History 604
Understanding Command Modes 604
Exec Commands 604
Configuration Commands 605
Command Line Processing 607
CLI Command Groups 608
24 GENERAL COMMANDS 607
25 SYSTEM MANAGEMENT COMMANDS 615
Device Designation 615
System Status 616
Frame Size 622
Fan Control 623
File Management 624
Line 630
Event Logging 640
SMTP Alerts 646
Sixnet Series MIL300 Software Manual - 13 -
C
ONTENTS
R
EVISED
2015-04-10
Time 649
Time Range 654
26 SNMP COMMANDS 659
27 REMOTE MONITORING COMMANDS 677
28 FLOW SAMPLING COMMANDS 685
29 AUTHENTICATION COMMANDS 691
User Accounts 691
Authentication Sequence 693
RADIUS Client 695
TACACS+ Client 700
AAA 703
Web Server 711
Telnet Server 714
Secure Shell 716
802.1X Port Authentication 725
Management IP Filter 735
30 GENERAL SECURITY MEASURES 739
Port Security 740
Network Access (MAC Address Authentication) 742
Web Authentication 755
DHCP Snooping 761
IP Source Guard 769
ARP Inspection 773
31 ACCESS CONTROL LISTS 783
IPv4 ACLs 783
IPv6 ACLs 790
MAC ACLs 796
ARP ACLs 801
ACL Information 803
32 INTERFACE COMMANDS 805
33 LINK AGGREGATION COMMANDS 823
34 PORT MIRRORING COMMANDS 833
Local Port Mirroring Commands 833
35 RATE LIMIT COMMANDS 837
36 AUTOMATIC TRAFFIC CONTROL COMMANDS 839
37 ADDRESS TABLE COMMANDS 853
- 14 - Sixnet Series MIL300 Software Manual
R
EVISED
2015-04-10 C
38 SPANNING TREE COMMANDS 859
39 VLAN COMMANDS 885
GVRP and Bridge Extension Commands 886
Editing VLAN Groups 890
Configuring VLAN Interfaces 892
Displaying VLAN Information 898
Configuring IEEE 802.1Q Tunneling 899
Configuring Port-based Traffic Segmentation 905
Configuring Private VLANs 907
Configuring Protocol-based VLANs 912
Configuring IP Subnet VLANs 915
Configuring MAC Based VLANs 917
Configuring Voice VLANs 919
40 CLASS OF SERVICE COMMANDS 927
ONTENTS
Priority Commands (Layer 2) 927
Priority Commands (Layer 3 and 4) 933
41 QUALITY OF SERVICE COMMANDS 941
42 MULTICAST FILTERING COMMANDS 957
IGMP Snooping 957
Static Multicast Routing 974
IGMP Filtering and Throttling 975
Multicast VLAN Registration 984
IGMP (Layer 3) 991
IGMP Proxy Routing 1000
MLD (Layer 3) 1002
MLD Proxy Routing 1010
43 LLDP COMMANDS 1013
44 DOMAIN NAME SERVICE COMMANDS 1031
45 DHCP COMMANDS 1039
DHCP Client 1039
DHCP Relay 1042
DHCP Server 1043
46 VRRP COMMANDS 1057
47 IP INTERFACE COMMANDS 1067
IPv4 Interface 1067
Basic IPv4 Configuration 1068
Sixnet Series MIL300 Software Manual - 15 -
C
ONTENTS
R
EVISED
2015-04-10
ARP Configuration 1073
UDP Helper Configuration 1077
IPv6 Interface 1081
IPv6 to IPv4 Tunnels 1103
48 IP ROUTING COMMANDS 1113
Global Routing Configuration 1113
Routing Information Protocol (RIP) 1120
Open Shortest Path First (OSPFv2) 1138
Open Shortest Path First (OSPFv3) 1175
49 MULTICAST ROUTING COMMANDS 1201
General Multicast Routing 1201
Static Multicast Routing 1206
PIM Multicast Routing 1208
IPv4 PIM Commands 1208
IPv6 PIM Commands 1230
SECTION I APPENDICES 1241
AX SOFTWARE SPECIFICATIONS 1243
Software Features 1243
Management Features 1244
Standards 1245
Management Information Bases 1246
AY TROUBLESHOOTING 1249
Problems Accessing the Management Interface 1249
Using System Logs 1250
AZ LICENSE INFORMATION 1251
The GNU General Public License 1251
AG GLOSSARY 1255
- 16 - Sixnet Series MIL300 Software Manual
R
EVISED
2015-04-10 F
FIGURES
Figure 1: Home Page 66
Figure 2: Front Panel Indicators 67
Figure 1: System Information 86
Figure 2: General Switch Information 87
Figure 3: Configuring Support for Jumbo Frames 88
Figure 4: Displaying Bridge Extension Configuration 90
Figure 5: Copy Firmware 92
Figure 6: Saving the Running Configuration 93
Figure 7: Setting Start-Up Files 94
IGURES
Figure 8: Displaying System Files 94
Figure 9: Manually Setting the System Clock 96
Figure 10: Setting the Polling Interval for SNTP 97
Figure 11: Specifying SNTP Time Servers 97
Figure 12: Setting the Time Zone 98
Figure 13: Console Port Settings 100
Figure 14: Telnet Connection Settings 101
Figure 15: Displaying CPU Utilization 102
Figure 16: Displaying Memory Utilization 103
Figure 17: Restarting the Switch (Immediately) 105
Figure 18: Restarting the Switch (In) 105
Figure 19: Restarting the Switch (At) 106
Figure 20: Restarting the Switch (Regularly) 106
Figure 1: Configuring Connections by Port List 109
Figure 2: Configuring Connections by Port Range 110
Figure 3: Displaying Port Information 111
Figure 4: Configuring Local Port Mirroring 112
Figure 5: Configuring Local Port Mirroring 113
Figure 6: Displaying Local Port Mirror Sessions 113
Figure 7: Showing Port Statistics (Table) 116
Figure 8: Showing Port Statistics (Chart) 117
Figure 9: Performing Cable Tests 118
Figure 10: Configuring Static Trunks 120
Sixnet Series MIL300 Software Manual - 17 -
F
IGURES
R
EVISED
2015-04-10
Figure 11: Creating Static Trunks 121
Figure 12: Adding Static Trunks Members 121
Figure 13: Configuring Connection Parameters for a Static Trunk 122
Figure 14: Displaying Connection Parameters for Static Trunks 122
Figure 15: Configuring Dynamic Trunks 122
Figure 16: Configuring the LACP Aggregator Admin Key 124
Figure 17: Enabling LACP on a Port 125
Figure 18: Configuring LACP Parameters on a Port 126
Figure 19: Showing Members of a Dynamic Trunk 126
Figure 20: Configuring Connection Settings for Dynamic Trunks 127
Figure 21: Displaying Connection Parameters for Dynamic Trunks 127
Figure 22: Displaying LACP Port Counters 128
Figure 23: Displaying LACP Port Internal Information 130
Figure 24: Displaying LACP Port Remote Information 131
Figure 25: Sampling Traffic Flows 133
Figure 26: Enabling Traffic Segmentation 134
Figure 27: Configuring Members for Traffic Segmentation 135
Figure 28: Configuring VLAN Trunking 135
Figure 29: Configuring VLAN Trunking 136
Figure 1: VLAN Compliant and VLAN Non-compliant Devices 138
Figure 2: Using GVRP 139
Figure 3: Creating Static VLANs 141
Figure 4: Modifying Settings for Static VLANs 141
Figure 5: Showing Static VLANs 142
Figure 6: Configuring Static Members by VLAN Index 145
Figure 7: Configuring Static VLAN Members by Interface 146
Figure 8: Configuring Static VLAN Members by Interface Range 146
Figure 9: Configuring Global Status of GVRP 148
Figure 10: Configuring GVRP for an Interface 149
Figure 11: Showing Dynamic VLANs Registered on the Switch 149
Figure 12: Showing the Members of a Dynamic VLAN 150
Figure 13: Configuring Private VLANs 151
Figure 14: Showing Private VLANs 152
Figure 15: Associating Private VLANs 153
Figure 16: Showing Associated VLANs 153
Figure 17: Configuring Interfaces for Private VLANs 154
- 18 - Sixnet Series MIL300 Software Manual
R
EVISED
2015-04-10 F
Figure 18: QinQ Operational Concept 156
Figure 19: Enabling QinQ Tunneling 159
Figure 20: Adding an Interface to a QinQ Tunnel 161
Figure 21: Configuring Protocol VLANs 163
Figure 22: Displaying Protocol VLANs 163
Figure 23: Assigning Interfaces to Protocol VLANs 164
Figure 24: Showing the Interface to Protocol Group Mapping 165
Figure 25: Configuring IP Subnet VLANs 166
Figure 26: Showing IP Subnet VLANs 167
Figure 27: Configuring MAC-Based VLANs 168
Figure 28: Showing MAC-Based VLANs 168
Figure 1: Configuring MAC Address Learning 170
Figure 2: Configuring Static MAC Addresses 172
Figure 3: Displaying Static MAC Addresses 172
IGURES
Figure 4: Setting the Address Aging Time 173
Figure 5: Displaying the Dynamic MAC Address Table 174
Figure 6: Clearing Entries in the Dynamic MAC Address Table 175
Figure 1: STP Root Ports and Designated Ports 178
Figure 2: MSTP Region, Internal Spanning Tree, Multiple Spanning Tree 178
Figure 3: Common Internal Spanning Tree, Common Spanning Tree, Internal
Spanning Tree 179
Figure 4: Configuring Port Loopback Detection 180
Figure 5: Configuring Global Settings for STA (STP) 184
Figure 6: Configuring Global Settings for STA (RSTP) 185
Figure 7: Configuring Global Settings for STA (MSTP) 185
Figure 8: Displaying Global Settings for STA 187
Figure 9: Configuring Interface Settings for STA 190
Figure 10: STA Port Roles 192
Figure 11: Displaying Interface Settings for STA 192
Figure 12: Creating an MST Instance 194
Figure 13: Displaying MST Instances 194
Figure 14: Modifying the Priority for an MST Instance 195
Figure 15: Displaying Global Settings for an MST Instance 195
Figure 16: Adding a VLAN to an MST Instance 196
Figure 17: Displaying Members of an MST Instance 196
Figure 18: Configuring MSTP Interface Settings 198
Figure 19: Displaying MSTP Interface Settings 198
Sixnet Series MIL300 Software Manual - 19 -
F
IGURES
R
EVISED
2015-04-10
Figure 1: Configuring Rate Limits 200
Figure 1: Configuring Storm Control 202
Figure 1: Setting the Default Port Priority 204
Figure 2: Setting the Queue Mode (Strict) 206
Figure 3: Setting the Queue Mode (WRR) 206
Figure 4: Setting the Queue Mode (Strict and WRR) 207
Figure 5: Mapping CoS Values to Egress Queues 210
Figure 6: Mapping IP DSCP Priority Values 213
Figure 7: Mapping IP Precedence Priority Values 215
Figure 8: Mapping IP Port Number Priority Values 216
Figure 9: Showing IP Port Number Priority Map 216
Figure 1: Configuring a Class Map 219
Figure 2: Showing Class Maps 220
Figure 3: Adding Rules to a Class Map 220
Figure 4: Showing the Rules for a Class Map 221
Figure 5: Configuring a Policy Map 228
Figure 6: Showing Policy Maps 228
Figure 7: Adding Rules to a Policy Map 229
Figure 8: Showing the Rules for a Policy Map 229
Figure 9: Attaching a Policy Map to a Port 230
Figure 1: Configuring a Voice VLAN 232
Figure 2: Configuring an OUI Telephony List 233
Figure 3: Showing an OUI Telephony List 234
Figure 4: Configuring Port Settings for a Voice VLAN 235
Figure 1: Configuring the Authentication Sequence 240
Figure 2: Authentication Server Operation 240
Figure 3: Configuring Remote Authentication Server (RADIUS) 243
Figure 4: Configuring Remote Authentication Server (TACACS+) 243
Figure 5: Configuring AAA Server Groups 244
Figure 6: Showing AAA Server Groups 244
Figure 7: Configuring Global Settings for AAA Accounting 246
Figure 8: Configuring AAA Accounting Methods 247
Figure 9: Showing AAA Accounting Methods 247
Figure 10: Configuring AAA Accounting Service for 802.1X Service 248
Figure 11: Configuring AAA Accounting Service for Exec Service 248
Figure 12: Displaying a Summary of Applied AAA Accounting Methods 248
- 20 - Sixnet Series MIL300 Software Manual
R
EVISED
2015-04-10 F
Figure 13: Displaying Statistics for AAA Accounting Sessions 249
Figure 14: Configuring AAA Authorization Methods 250
Figure 15: Showing AAA Authorization Methods 251
Figure 16: Configuring AAA Authorization Methods for Exec Service 251
Figure 17: Displaying the Applied AAA Authorization Method 251
Figure 18: Configuring User Accounts 253
Figure 19: Showing User Accounts 253
Figure 20: Configuring Global Settings for Web Authentication 254
Figure 21: Configuring Interface Settings for Web Authentication 255
Figure 22: Configuring Global Settings for Network Access 259
Figure 23: Configuring Interface Settings for Network Access 260
Figure 24: Configuring Link Detection for Network Access 262
Figure 25: Configuring a MAC Address Filter for Network Access 263
Figure 26: Showing the MAC Address Filter Table for Network Access 263
IGURES
Figure 27: Showing Addresses Authenticated for Network Access 264
Figure 28: Configuring HTTPS 266
Figure 29: Downloading the Secure-Site Certificate 268
Figure 30: Configuring the SSH Server 271
Figure 31: Generating the SSH Host Key Pair 273
Figure 32: Showing the SSH Host Key Pair 273
Figure 33: Copying the SSH User’s Public Key 274
Figure 34: Showing the SSH User’s Public Key 275
Figure 35: Setting the Name of a Time Range 277
Figure 36: Showing a List of Time Ranges 277
Figure 37: Add a Rule to a Time Range 278
Figure 38: Showing the Rules Configured for a Time Range 278
Figure 39: Showing TCAM Utilization 279
Figure 40: Creating an ACL 281
Figure 41: Showing a List of ACLs 281
Figure 42: Configuring a Standard IPv4 ACL 282
Figure 43: Configuring an Extended IPv4 ACL 285
Figure 44: Configuring a Standard IPv6 ACL 286
Figure 45: Configuring an Extended IPv6 ACL 289
Figure 46: Configuring a MAC ACL 291
Figure 47: Configuring a ARP ACL 293
Figure 48: Binding a Port to an ACL 294
Sixnet Series MIL300 Software Manual - 21 -
F
IGURES
R
EVISED
2015-04-10
Figure 49: Configuring Global Settings for ARP Inspection 297
Figure 50: Configuring VLAN Settings for ARP Inspection 298
Figure 51: Configuring Interface Settings for ARP Inspection 299
Figure 52: Displaying Statistics for ARP Inspection 301
Figure 53: Displaying the ARP Inspection Log 302
Figure 54: Creating an IP Address Filter for Management Access 303
Figure 55: Showing IP Addresses Authorized for Management Access 303
Figure 56: Configuring Port Security 305
Figure 57: Configuring Port Security 306
Figure 58: Configuring Global Settings for 802.1X Port Authentication 307
Figure 59: Configuring Interface Settings for 802.1X Port Authenticator 311
Figure 60: Showing Statistics for 802.1X Port Authenticator 313
Figure 61: Setting the Filter Type for IP Source Guard 315
Figure 62: Configuring Static Bindings for IP Source Guard 316
Figure 63: Displaying Static Bindings for IP Source Guard 317
Figure 64: Showing the IP Source Guard Binding Table 318
Figure 65: Configuring Global Settings for DHCP Snooping 321
Figure 66: Configuring DHCP Snooping on a VLAN 322
Figure 67: Configuring the Port Mode for DHCP Snooping 323
Figure 68: Displaying the Binding Table for DHCP Snooping 324
Figure 1: Configuring Settings for System Memory Logs 327
Figure 2: Showing Error Messages Logged to System Memory 327
Figure 3: Configuring Settings for Remote Logging of Error Messages 329
Figure 4: Configuring SMTP Alert Messages 330
Figure 5: Configuring LLDP Timing Attributes 332
Figure 6: Configuring LLDP Interface Attributes 334
Figure 7: Displaying Local Device Information for LLDP (General) 336
Figure 8: Displaying Local Device Information for LLDP (Port) 337
Figure 9: Displaying Remote Device Information for LLDP (Port) 340
Figure 10: Displaying Remote Device Information for LLDP (Port Details) 341
Figure 11: Displaying LLDP Device Statistics (General) 342
Figure 12: Displaying LLDP Device Statistics (Port) 343
Figure 13: Configuring Global Settings for SNMP 346
Figure 14: Configuring the Local Engine ID for SNMP 347
Figure 15: Configuring a Remote Engine ID for SNMP 348
Figure 16: Showing Remote Engine IDs for SNMP 348
- 22 - Sixnet Series MIL300 Software Manual
R
EVISED
2015-04-10 F
Figure 17: Creating an SNMP View 349
Figure 18: Showing SNMP Views 350
Figure 19: Adding an OID Subtree to an SNMP View 350
Figure 20: Showing the OID Subtree Configured for SNMP Views 351
Figure 21: Creating an SNMP Group 354
Figure 22: Showing SNMP Groups 354
Figure 23: Setting Community Access Strings 355
Figure 24: Showing Community Access Strings 356
Figure 25: Configuring Local SNMPv3 Users 357
Figure 26: Showing Local SNMPv3 Users 358
Figure 27: Configuring Remote SNMPv3 Users 359
Figure 28: Showing Remote SNMPv3 Users 360
Figure 29: Configuring Trap Managers (SNMPv1) 363
Figure 30: Configuring Trap Managers (SNMPv2c) 363
IGURES
Figure 31: Configuring Trap Managers (SNMPv3) 364
Figure 32: Showing Trap Managers 364
Figure 33: Configuring an RMON Alarm 367
Figure 34: Showing Configured RMON Alarms 367
Figure 35: Configuring an RMON Event 369
Figure 36: Showing Configured RMON Events 369
Figure 37: Configuring an RMON History Sample 371
Figure 38: Showing Configured RMON History Samples 371
Figure 39: Showing Collected RMON History Samples 372
Figure 40: Configuring an RMON Statistical Sample 373
Figure 41: Showing Configured RMON Statistical Samples 373
Figure 42: Showing Collected RMON Statistical Samples 374
Figure 1: Multicast Filtering Concept 375
Figure 2: IGMP Protocol 377
Figure 3: Configuring General Settings for IGMP Snooping 382
Figure 4: Configuring a Static Interface for a Multicast Router 383
Figure 5: Showing Static Interfaces Attached a Multicast Router 383
Figure 6: Showing Current Interfaces Attached a Multicast Router 384
Figure 7: Assigning an Interface to a Multicast Service 385
Figure 8: Showing Static Interfaces Assigned to a Multicast Service 385
Figure 9: Showing Current Interfaces Assigned to a Multicast Service 386
Figure 10: Configuring IGMP Snooping on an Interface 390
Sixnet Series MIL300 Software Manual - 23 -
F
IGURES
R
EVISED
2015-04-10
Figure 11: Showing Interface Settings for IGMP Snooping 391
Figure 12: Dropping IGMP Query or Multicast Data Packets 391
Figure 13: Showing Multicast Groups Learned by IGMP Snooping 392
Figure 14: Enabling IGMP Filtering and Throttling 394
Figure 15: Creating an IGMP Filtering Profile 395
Figure 16: Showing the IGMP Filtering Profiles Created 395
Figure 17: Adding Multicast Groups to an IGMP Filtering Profile 396
Figure 18: Showing the Groups Assigned to an IGMP Filtering Profile 396
Figure 19: Configuring IGMP Filtering and Throttling Interface Settings 397
Figure 20: IGMP Proxy Routing 399
Figure 21: Configuring IGMP Proxy Routing 401
Figure 22: Configuring IGMP Interface Settings 403
Figure 23: Configuring Static IGMP Groups 404
Figure 24: Showing Static IGMP Groups 405
Figure 25: Displaying Multicast Groups Learned from IGMP (Information) 407
Figure 26: Displaying Multicast Groups Learned from IGMP (Detail) 407
Figure 27: MVR Concept 408
Figure 28: Configuring Global Settings for MVR 410
Figure 29: Configuring the Group Range for MVR 411
Figure 30: Showing the Configured Group Range for MVR 411
Figure 31: Configuring Interface Settings for MVR 413
Figure 32: Assigning Static MVR Groups to a Port 414
Figure 33: Showing the Static MVR Groups Assigned to a Port 414
Figure 34: Showing All MVR Groups Assigned to a Port 415
Figure 1: Configuring a Static IPv4 Address 419
Figure 2: Configuring a Dynamic IPv4 Address 419
Figure 3: Showing the Configured IP Address for an Interface 420
Figure 4: Configuring the IPv6 Default Gateway 421
Figure 5: Configuring General Settings for an IPv6 Interface 424
Figure 6: Configuring an IPv6 Address 426
Figure 7: Showing Configured IPv6 Addresses 428
Figure 8: Showing IPv6 Neighbors 429
Figure 9: Showing IPv6 Statistics (IPv6) 433
Figure 10: Showing IPv6 Statistics (ICMPv6) 434
Figure 11: Showing IPv6 Statistics (UDP) 434
Figure 12: Showing Reported MTU Values 435
- 24 - Sixnet Series MIL300 Software Manual
R
EVISED
2015-04-10 F
Figure 1: Virtual Interfaces and Layer 3 Routing 438
Figure 2: Pinging a Network Device 442
Figure 3: Tracing the Route to a Network Device 443
Figure 4: Proxy ARP 444
Figure 5: Configuring General Settings for ARP 445
Figure 6: Configuring Static ARP Entries 446
Figure 7: Displaying Static ARP Entries 447
Figure 8: Displaying Dynamic ARP Entries 447
Figure 9: Displaying Local ARP Entries 448
Figure 10: Displaying ARP Statistics 448
Figure 11: Configuring Static Routes 450
Figure 12: Displaying Static Routes 450
Figure 13: Displaying the Routing Table 452
Figure 14: Setting the Maximum ECMP Number 453
IGURES
Figure 1: Master Virtual Router with Backup Routers 455
Figure 2: Several Virtual Master Routers Using Backup Routers 455
Figure 3: Several Virtual Master Routers Configured for Mutual Backup and Load Sharing 456
Figure 4: Configuring the VRRP Group ID 459
Figure 5: Showing Configured VRRP Groups 460
Figure 6: Setting the Virtual Router Address for a VRRP Group 460
Figure 7: Showing the Virtual Addresses Assigned to VRRP Groups 461
Figure 8: Configuring Detailed Settings for a VRRP Group 461
Figure 9: Showing Counters for Errors Found in VRRP Packets 462
Figure 10: Showing Counters for Errors Found in a VRRP Group 464
Figure 1: Configuring General Settings for DNS 466
Figure 2: Configuring a List of Domain Names for DNS 467
Figure 3: Showing the List of Domain Names for DNS 467
Figure 4: Configuring a List of Name Servers for DNS 468
Figure 5: Showing the List of Name Servers for DNS 469
Figure 6: Configuring Static Entries in the DNS Table 470
Figure 7: Showing Static Entries in the DNS Table 470
Figure 8: Showing Entries in the DNS Cache 471
Figure 9: Specifying A DHCP Client Identifier 472
Figure 10: Layer 3 DHCP Relay Service 473
Figure 11: Configuring DHCP Relay Service 474
Figure 12: DHCP Server 474
Sixnet Series MIL300 Software Manual - 25 -
F
IGURES
R
EVISED
2015-04-10
Figure 13: Enabling the DHCP Server 475
Figure 14: Configuring Excluded Addresses on the DHCP Server 476
Figure 15: Showing Excluded Addresses on the DHCP Server 476
Figure 16: Configuring DHCP Server Address Pools (Network) 479
Figure 17: Configuring DHCP Server Address Pools (Host) 479
Figure 18: Showing Configured DHCP Server Address Pools 480
Figure 19: Shows Addresses Assigned by the DHCP Server 480
Figure 20: Enabling the UDP Helper 481
Figure 21: Specifying UDP Destination Ports 482
Figure 22: Showing the UDP Destination Ports 483
Figure 23: Specifying the Target Server or Subnet for UDP Requests 484
Figure 24: Showing the Target Server or Subnet for UDP Requests 484
Figure 1: Configuring RIP 486
Figure 2: Configuring General Settings for RIP 490
Figure 3: Clearing Entries from the Routing Table 491
Figure 4: Adding Network Interfaces to RIP 492
Figure 5: Showing Network Interfaces Using RIP 492
Figure 6: Specifying a Passive RIP Interface 493
Figure 7: Showing Passive RIP Interfaces 494
Figure 8: Specifying a Static RIP Neighbor 494
Figure 9: Showing Static RIP Neighbors 495
Figure 10: Redistributing External Routes into RIP 496
Figure 11: Showing External Routes Redistributed into RIP 496
Figure 12: Setting the Distance Assigned to External Routes 498
Figure 13: Showing the Distance Assigned to External Routes 498
Figure 14: Configuring a Network Interface for RIP 501
Figure 15: Showing RIP Network Interface Settings 502
Figure 16: Showing RIP Interface Settings 503
Figure 17: Showing RIP Peer Information 503
Figure 18: Resetting RIP Statistics 504
Figure 19: Configuring OSPF 505
Figure 20: OSPF Areas 506
Figure 21: Defining OSPF Network Areas Based on Addresses 508
Figure 22: Showing OSPF Network Areas 508
Figure 23: Showing OSPF Process Identifiers 508
Figure 24: AS Boundary Router 510
- 26 - Sixnet Series MIL300 Software Manual
R
EVISED
2015-04-10 F
Figure 25: Configure General Settings for OSPF 511
Figure 26: Showing General Settings for OSPF 513
Figure 27: Adding an NSSA or Stub 514
Figure 28: Showing NSSAs or Stubs 514
Figure 29: OSPF NSSA 515
Figure 30: Configuring Protocol Settings for an NSSA 517
Figure 31: OSPF Stub Area 517
Figure 32: Configuring Protocol Settings for a Stub 519
Figure 33: Displaying Information on NSSA and Stub Areas 520
Figure 34: Route Summarization for ABRs 520
Figure 35: Configuring Route Summaries for an Area Range 521
Figure 36: Showing Configured Route Summaries 522
Figure 37: Redistributing External Routes 522
Figure 38: Importing External Routes 523
IGURES
Figure 39: Showing Imported External Route Types 524
Figure 40: Summarizing External Routes 525
Figure 41: Showing Summary Addresses for External Routes 525
Figure 42: Configuring Settings for All Interfaces Assigned to a VLAN 529
Figure 43: Configuring Settings for a Specific Area Assigned to a VLAN 530
Figure 44: Showing OSPF Interfaces 530
Figure 45: Showing MD5 Authentication Keys 531
Figure 46: OSPF Virtual Link 531
Figure 47: Adding a Virtual Link 532
Figure 48: Showing Virtual Links 533
Figure 49: Configuring Detailed Settings for a Virtual Link 533
Figure 50: Showing MD5 Authentication Keys 534
Figure 51: Displaying Information in the Link State Database 536
Figure 52: Displaying Neighbor Routers Stored in the Link State Database 537
Figure 53: Creating a Routing Process 540
Figure 54: Showing Configured Routing Processes 540
Figure 55: Configure General Settings for OSPFv3 543
Figure 56: Showing General Settings for OSPFv3 544
Figure 57: Setting an Interface to Passive Mode 545
Figure 58: Adding a Stub 546
Figure 59: Configuring an Existing Stub 547
Figure 60: Showing All Stubs 547
Sixnet Series MIL300 Software Manual - 27 -
F
IGURES
R
EVISED
2015-04-10
Figure 61: Displaying Information on Stubs 548
Figure 62: Route Summarization for ABRs 548
Figure 63: Configuring Route Summaries for an Area Range 549
Figure 64: Modifying Route Summaries for an Area Range 550
Figure 65: Showing Configured Route Summaries 550
Figure 66: OSPF Virtual Link 551
Figure 67: Adding a Virtual Link 552
Figure 68: Showing Virtual Links 552
Figure 69: Configuring Detailed Settings for a Virtual Link 553
Figure 70: Binding an OSPFv3 Area to an Interface 555
Figure 71: Showing OSPFv3 Areas Bound to an Interface 556
Figure 72: Configuring OSPFv3 Parameters for an Interface 556
Figure 73: Displaying or Modifying OSPFv3 Parameters for an Interface 557
Figure 74: Showing Protocol Counters OSPFv3 Interfaces 557
Figure 75: Showing the Status of OSPFv3 Interfaces 558
Figure 76: Showing Protocol Counters OSPFv3 Interfaces 560
Figure 77: Displaying Neighbor Routers Stored in the Link State Database 561
Figure 78: Displaying Information on Virtual Neighbors 562
Figure 79: Displaying the OSPFv3 Routing Table 563
Figure 80: Displaying Virtual Links Stored in the Link State Database 564
Figure 1: Enabling Multicast Routing 568
Figure 2: Displaying the Multicast Routing Table 571
Figure 3: Displaying Detailed Entries from the Multicast Routing Table 571
Figure 4: Enabling PIM Multicast Routing 572
Figure 5: Configuring PIM Interface Settings (Dense Mode) 577
Figure 6: Configuring PIM Interface Settings (Sparse Mode) 577
Figure 7: Showing PIM Neighbors 578
Figure 8: Configuring Global Settings for PIM-SM 580
Figure 9: Configuring a BSR Candidate 581
Figure 10: Configuring a Static Rendezvous Point 582
Figure 11: Showing Static Rendezvous Points 583
Figure 12: Configuring an RP Candidate 584
Figure 13: Showing Settings for an RP Candidate 585
Figure 14: Showing Information About the BSR 586
Figure 15: Showing RP Mapping 587
Figure 16: Enabling PIMv6 Multicast Routing 588
- 28 - Sixnet Series MIL300 Software Manual
R
EVISED
2015-04-10 F
Figure 17: Configuring PIMv6 Interface Settings (Dense Mode) 591
Figure 18: Showing PIMv6 Neighbors 592
Figure 1: Storm Control by Limiting the Traffic Rate 840
Figure 2: Storm Control by Shutting Down a Port 841
Figure 1: Configuring VLAN Trunking 897
IGURES
Sixnet Series MIL300 Software Manual - 29 -
F
IGURES
R
EVISED
2015-04-10
- 30 - Sixnet Series MIL300 Software Manual
R
EVISED
2015-04-10 T
TABLES
Table 1: Key Features 39
Table 2: System Defaults 45
Table 1: Web Page Configuration Buttons 67
Table 2: Switch Main Menu 68
Table 1: Port Statistics 114
Table 2: LACP Port Counters 127
Table 3: LACP Internal Configuration Information 128
Table 4: LACP Internal Configuration Information 130
Table 1: Recommended STA Path Cost Range 188
ABLES
Table 2: Default STA Path Costs 188
Table 1: IEEE 802.1p Egress Queue Priority Mapping 208
Table 2: CoS Priority Levels 209
Table 3: Mapping DSCP Priority Values 212
Table 4: Usage of ToS Bits 214
Table 1: Dynamic QoS Profiles 257
Table 2: HTTPS System Support 265
Table 3: ARP Inspection Statistics 300
Table 4: ARP Inspection Log 301
Table 5: 802.1X Statistics 312
Table 1: Logging Levels 326
Table 2: Chassis ID Subtype 335
Table 3: System Capabilities 335
Table 4: Port ID Subtype 338
Table 5: Remote Port Auto-Negotiation Advertised Capability 339
Table 6: SNMPv3 Security Models and Levels 344
Table 7: Supported Notification Messages 352
Table 1: ShowIPv6 Neighbors - display description 428
Table 2: Show IPv6 Statistics - display description 430
Table 3: Show MTU - display description 435
Table 1: Address Resolution Protocol 443
Table 2: ARP Statistics 448
Table 1: VRRP Group Statistics 463
Sixnet Series MIL300 Software Manual - 31 -
T
ABLES
R
EVISED
2015-04-10
Table 1: OSPF System Information 512
Table 1: General Command Modes 604
Table 2: Configuration Command Modes 606
Table 3: Keystroke Commands 607
Table 4: Command Group Index 608
Table 1: General Commands 607
Table 1: System Management Commands 615
Table 2: Device Designation Commands 615
Table 3: System Status Commands 616
Table 4: Frame Size Commands 622
Table 5: Fan Control Commands 623
Table 6: Flash/File Commands 624
Table 7: File Directory Information 629
Table 8: Line Commands 630
Table 9: Event Logging Commands 640
Table 10: Logging Levels 641
Table 11: show logging flash/ram - display description 645
Table 12: show logging trap - display description 645
Table 13: Event Logging Commands 646
Table 14: Time Commands 649
Table 15: Time Range Commands 654
Table 1: SNMP Commands 659
Table 2: show snmp engine-id - display description 670
Table 3: show snmp group - display description 671
Table 4: show snmp user - display description 672
Table 5: show snmp view - display description 673
Table 1: RMON Commands 677
Table 1: sFlow Commands 685
Table 1: Authentication Commands 691
Table 2: User Access Commands 691
Table 3: Default Login Settings 693
Table 4: Authentication Sequence Commands 693
Table 5: RADIUS Client Commands 695
Table 6: TACACS+ Client Commands 700
Table 7: AAA Commands 703
Table 8: Web Server Commands 711
- 32 - Sixnet Series MIL300 Software Manual
R
EVISED
2015-04-10 T
Table 9: HTTPS System Support 713
Table 10: Telnet Server Commands 714
Table 11: Secure Shell Commands 716
Table 12: show ssh - display description 725
Table 13: 802.1X Port Authentication Commands 725
Table 14: Management IP Filter Commands 735
Table 1: General Security Commands 739
Table 2: Management IP Filter Commands 740
Table 3: Network Access Commands 742
Table 4: Dynamic QoS Profiles 746
Table 5: Web Authentication 755
Table 6: DHCP Snooping Commands 761
Table 7: IP Source Guard Commands 769
Table 8: ARP Inspection Commands 774
ABLES
Table 1: Access Control List Commands 783
Table 2: IPv4 ACL Commands 783
Table 3: IPv4 ACL Commands 790
Table 4: MAC ACL Commands 796
Table 5: ARP ACL Commands 801
Table 6: ACL Information Commands 803
Table 1: Interface Commands 805
Table 2: show interfaces switchport - display description 818
Table 1: Link Aggregation Commands 823
Table 2: show lacp counters - display description 829
Table 3: show lacp internal - display description 830
Table 4: show lacp neighbors - display description 831
Table 5: show lacp sysid - display description 831
Table 1: Port Mirroring Commands 833
Table 2: Mirror Port Commands 833
Table 1: Rate Limit Commands 837
Table 1: ATC Commands 839
Table 1: Address Table Commands 853
Table 1: Spanning Tree Commands 859
Table 2: Recommended STA Path Cost Range 872
Table 3: Default STA Path Costs 872
Table 1: VLAN Commands 885
Sixnet Series MIL300 Software Manual - 33 -
T
ABLES
R
EVISED
2015-04-10
Table 2: GVRP and Bridge Extension Commands 886
Table 3: Commands for Editing VLAN Groups 890
Table 4: Commands for Configuring VLAN Interfaces 892
Table 5: Commands for Displaying VLAN Information 898
Table 6: 802.1Q Tunneling Commands 899
Table 7: Commands for Configuring Traffic Segmentation 905
Table 8: Private VLAN Commands 907
Table 9: Protocol-based VLAN Commands 912
Table 10: IP Subnet VLAN Commands 915
Table 11: MAC Based VLAN Commands 917
Table 12: Voice VLAN Commands 919
Table 1: Priority Commands 927
Table 2: Priority Commands (Layer 2) 927
Table 3: Default CoS Priority Levels 928
Table 4: Priority Commands (Layer 3 and 4) 933
Table 5: Mapping IP DSCP to CoS Values 935
Table 6: Mapping IP Precedence to CoS Values 937
Table 1: Quality of Service Commands 941
Table 1: Multicast Filtering Commands 957
Table 2: IGMP Snooping Commands 957
Table 3: Static Multicast Interface Commands 974
Table 4: IGMP Filtering and Throttling Commands 975
Table 5: Multicast VLAN Registration Commands 984
Table 6: show mvr - display description 990
Table 7: show mvr interface - display description 990
Table 8: show mvr members - display description 991
Table 9: IGMP Commands (Layer 3) 991
Table 10: show ip igmp groups - display description 998
Table 11: show ip igmp groups detail - display description 999
Table 12: IGMP Proxy Commands 1000
Table 13: MLD Commands (Layer 3) 1002
Table 14: show ip igmp groups - display description 1009
Table 15: IGMP Proxy Commands 1010
Table 1: LLDP Commands 1013
Table 1: Address Table Commands 1031
Table 2: show dns cache - display description 1037
- 34 - Sixnet Series MIL300 Software Manual
R
EVISED
2015-04-10 T
Table 3: show hosts - display description 1038
Table 1: DHCP Commands 1039
Table 2: DHCP Client Commands 1039
Table 3: DHCP Relay Commands 1042
Table 4: DHCP Server Commands 1043
Table 1: VRRP Commands 1057
Table 2: show vrrp - display description 1063
Table 3: show vrrp brief - display description 1064
Table 1: IP Interface Commands 1067
Table 2: IPv4 Interface Commands 1067
Table 3: Basic IP Configuration Commands 1068
Table 4: Address Resolution Protocol Commands 1073
Table 5: UDP Helper Commands 1077
Table 6: IPv6 Configuration Commands 1081
ABLES
Table 7: show ipv6 interface - display description 1090
Table 8: show ipv6 mtu - display description 1091
Table 9: show ipv6 traffic - display description 1092
Table 10: show ipv6 traffic - display description 1103
Table 11: IPv6 to IPv4 Tunnelling Commands 1103
Table 1: IP Routing Commands 1113
Table 2: Global Routing Configuration Commands 1113
Table 3: Routing Information Protocol Commands 1120
Table 4: Open Shortest Path First Commands 1138
Table 5: show ip ospf - display description 1163
Table 6: show ip ospf database - display description 1166
Table 7: show ip ospf database summary - display description 1167
Table 8: show ip ospf database external - display description 1168
Table 9: show ip ospf database network - display description 1169
Table 10: show ip ospf database router - display description 1170
Table 11: show ip ospf database summary - display description 1171
Table 12: show ip ospf interface - display description 1171
Table 13: show ip ospf neighbor - display description 1173
Table 14: show ip ospf neighbor - display description 1174
Table 15: show ip protocols ospf - display description 1175
Table 16: Open Shortest Path First Commands (Version 3) 1175
Table 17: show ip ospf - display description 1195
Sixnet Series MIL300 Software Manual - 35 -
T
ABLES
R
EVISED
2015-04-10
Table 18: show ip ospf database - display description 1196
Table 19: show ip ospf interface - display description 1197
Table 20: show ipv6 ospf neighbor - display description 1199
Table 21: show ip ospf neighbor - display description 1200
Table 1: Multicast Routing Commands 1201
Table 2: General Multicast Routing Commands 1201
Table 3: show ip mroute - display description 1203
Table 4: show ip mroute - display description 1205
Table 5: Static Multicast Routing Commands 1206
Table 6: IPv4 and IPv6 PIM Commands 1208
Table 7: PIM-DM and PIM-SM Multicast Routing Commands 1208
Table 8: show ip pim neighbor - display description 1217
Table 9: show ip pim bsr-router - display description 1228
Table 10: show ip pim rp mapping - display description 1229
Table 11: show ip pim rp-hash - display description 1229
Table 12: PIM-DM and PIM-SM Multicast Routing Commands 1230
Table 13: show ipv6 pim neighbor - display description 1239
Table 1: Troubleshooting Chart 1249
- 36 - Sixnet Series MIL300 Software Manual
S
ECTION
I
| Getting Started
GETTING STARTED
This section provides an overview of the switch, and introduces some basic concepts
about network switches. It also describes the basic settings required to access the
management interface.
This section includes these chapters:
"Initial Switch Configuration" on page 49
Sixnet Series MIL300 Software Manual - 37 -
- 38 - Sixnet Series MIL300 Software Manual
R
EVISED
2015-04-10 I
1 INTRODUCTION
This switch provides a broad range of features for Layer 2 switching and Layer 3
routing. It includes a management agent that allows you to configure the features
listed in this manual. The default configuration can be used for most of the features
provided by this switch. However, there are many options that you should configure to
maximize the switch’s performance for your particular network environment.
KEY FEATURES
Table 1: Key Features
Feature Description
NTRODUCTION
KEY F
EATURES
Configuration Backup and
Restore
Authentication Console, Telnet, web – user name/password, RADIUS, TACACS+
General Security Measures AAA
Access Control Lists Supports up to 256 ACLs, 96 MAC rules, 96 IP rules, and 96 IPv6 rules
DHCP Client, Relay, Server
DNS Client and Proxy service
Port Configuration Speed and duplex mode and flow control
Port Trunking Supports up to 25 trunks per switch – static or dynamic trunking (LACP)
Port Mirroring 26 sessions, across switch, one or more source ports to one analysis port
Congestion Control Rate Limiting
Address Table Up to 16K MAC addresses in the forwarding table, 1024 static MAC
IP Version 4 and 6 Supports IPv4 and IPv6 addressing, and management
IEEE 802.1D Bridge Supports dynamic data switching and addresses learning
Using management station or FTP/TFTP server
Port – IEEE 802.1X, MAC address filtering
SNMP v1/2c - Community strings
SNMP version 3 – MD5 or SHA password
Telnet – SSH
Web – HTTPS
ARP inspection
DHCP Snooping (with Option 82 relay information)
IP Source Guard
Private VLANs
Port Authentication – IEEE 802.1X
Port Security – MAC address filtering
Throttling for broadcast storms
addresses;
Up to 8K IPv4 and 4K IPv6 entries in the host table;
8K entries in the ARP cache, 256 static ARP entries;
8K IPv4 and 4K IPv6 entries in the IP routing table, 512 static IP routes,
512 IP interfaces;
1024 L2 multicast groups
Sixnet Series MIL300 Software Manual - 39 -
R
EVISED
2015-04-10 I
D
ESCRIPTION OF SOFTWARE FEATURES
Table 1: Key Features (Continued)
Feature Description
Store-and-Forward
Switching
Spanning Tree Algorithm Supports standard STP, Rapid Spanning Tree Protocol (RSTP), and
Supported to ensure wire-speed switching while eliminating bad frames
Multiple Spanning Trees (MSTP)
NTRODUCTION
Virtual LANs Up to 256 using IEEE 802.1Q, port-based, protocol-based, private VLANs,
Traffic Prioritization Default port priority, traffic class map, queue scheduling, IP Precedence, or
Qualify of Service Supports Differentiated Services (DiffServ)
Link Layer Discovery
Protocol
Router Redundancy Router backup is provided with the Virtual Router Redundancy Protocol
IP Routing Routing Information Protocol (RIP), Open Shortest Path First (OSPFv2/v3),
ARP Static and dynamic address configuration, proxy ARP
Multicast Filtering Supports IGMP snooping and query for Layer 2, IGMP for Layer 3, and
Multicast Routing Supports PIM-DM and PIM-SM for IPv4 and PIM-SM for IPv6
DESCRIPTION OF SOFTWARE FEATURES
The switch provides a wide range of advanced performance enhancing features. Flow
control eliminates the loss of packets due to bottlenecks caused by port saturation.
Broadcast storm suppression prevents broadcast traffic storms from engulfing the
network. Untagged (port-based), tagged, and protocol-based VLANs, plus support for
automatic GVRP VLAN registration provide traffic security and efficient use of network
bandwidth. CoS priority queuing ensures the minimum delay for moving real-time
multimedia data across the network. While multicast filtering and routing provides
support for real-time network applications.
voice VLANs, and QinQ tunnel
Differentiated Services Code Point (DSCP), and TCP/UDP Port
Used to discover basic information about neighboring devices
(VRRP)
static routes, Equal-Cost Multipath Routing (ECMP)
Multicast VLAN Registration
Some of the management features are briefly described below.
Configuration
Backup and Restore
You can save the current configuration settings to a file on the management station
(using the web interface) or an FTP/TFTP server (using the web or console interface),
and later download this file to restore the switch configuration settings.
Authentication This switch authenticates management access via the console port, Telnet, or a web
browser. User names and passwords can be configured locally or can be verified via a
remote authentication server (i.e., RADIUS or TACACS+). Port-based authentication
is also supported via the IEEE 802.1X protocol. This protocol uses Extensible
Authentication Protocol over LANs (EAPOL) to request user credentials from the
802.1X client, and then uses the EAP between the switch and the authentication
server to verify the client’s right to access the network via an authentication server
(i.e., RADIUS or TACACS+ server).
Sixnet Series MIL300 Software Manual - 40 -
R
EVISED
2015-04-10 I
D
ESCRIPTION OF SOFTWARE FEATURES
Other authentication options include HTTPS for secure management access via the
web, SSH for secure management access over a Telnet-equivalent connection,
SNMP Version 3, IP address filtering for SNMP/Telnet/web management access.
MAC address filtering and IP source guard also provide authenticated port access.
While DHCP snooping is provided to prevent malicious attacks from insecure ports.
NTRODUCTION
Access Control
Lists
ACLs provide packet filtering for IP frames (based on address, protocol, TCP/UDP
port number or TCP control code) or any frames (based on MAC address or Ethernet
type). ACLs can by used to improve performance by blocking unnecessary network
traffic or to implement security controls by restricting access to specific network
resources or protocols.
DHCP A DHCP server is provided to assign IP addresses to host devices. Since DHCP uses
a broadcast mechanism, a DHCP server and its client must physically reside on the
same subnet. Since it is not practical to have a DHCP server on every subnet, DHCP
Relay is also supported to allow dynamic configuration of local clients from a DHCP
server located in a different network.
Port Configuration You can manually configure the speed, duplex mode, and flow control used on
specific ports, or use auto-negotiation to detect the connection settings used by the
attached device. Use full-duplex mode on ports whenever possible to double the
throughput of switch connections. Flow control should also be enabled to control
network traffic during periods of congestion and prevent the loss of packets when port
buffer thresholds are exceeded. The switch supports flow control based on the IEEE
802.3x standard (now incorporated in IEEE 802.3-2002).
Rate Limiting This feature controls the maximum rate for traffic transmitted or received on an
interface. Rate limiting is configured on interfaces at the edge of a network to limit
traffic into or out of the network. Packets that exceed the acceptable amount of traffic
are dropped.
Port Mirroring The switch can unobtrusively mirror traffic from any port to a monitor port. You can
then attach a protocol analyzer or RMON probe to this port to perform traffic analysis
and verify connection integrity.
Port Trunking Ports can be combined into an aggregate connection. Trunks can be manually set up
or dynamically configured using Link Aggregation Control Protocol (LACP – IEEE
802.3-2005). The additional ports dramatically increase the throughput across any
connection, and provide redundancy by taking over the load if a port in the trunk
should fail. The switch supports up to 9 trunks depending on the model.
Broadcast Storm
Control
Broadcast suppression prevents broadcast traffic from overwhelming the network.
When enabled on a port, the level of broadcast traffic passing through the port is
Sixnet Series MIL300 Software Manual - 41 -
R
EVISED
2015-04-10 I
D
ESCRIPTION OF SOFTWARE FEATURES
NTRODUCTION
restricted. If broadcast traffic rises above a pre-defined threshold, it will be throttled
until the level falls back beneath the threshold.
Static Addresses A static address can be assigned to a specific interface on this switch. Static
addresses are bound to the assigned interface and will not be moved. When a static
address is seen on another interface, the address will be ignored and will not be
written to the address table. Static addresses can be used to provide network security
by restricting access for a known host to a specific port.
IP Address Filtering Access to insecure ports can be controlled using DHCP Snooping which filters ingress
traffic based on static IP addresses and addresses stored in the DHCP Snooping
table. Traffic can also be restricted to specific source IP addresses or source IP/MAC
address pairs based on static entries or entries stored in the DHCP Snooping table.
IEEE 802.1D Bridge The switch supports IEEE 802.1D transparent bridging. The address table facilitates
data switching by learning addresses, and then filtering or forwarding traffic based on
this information. The address table supports up to 16K addresses.
Store-and-Forward
Switching
Spanning Tree
Algorithm
The switch copies each frame into its memory before forwarding them to another port.
This ensures that all frames are a standard Ethernet size and have been verified for
accuracy with the cyclic redundancy check (CRC). This prevents bad frames from
entering the network and wasting bandwidth.
To avoid dropping frames on congested ports, the switch provides 2 MB for frame
buffering. This buffer can queue packets awaiting transmission on congested
networks.
The switch supports these spanning tree protocols:
Spanning Tree Protocol (STP, IEEE 802.1D) – This protocol provides loop
detection. When there are multiple physical paths between segments, this
protocol will choose a single path and disable all others to ensure that only one
route exists between any two stations on the network. This prevents the creation
of network loops. However, if the chosen path should fail for any reason, an
alternate path will be activated to maintain the connection.
Rapid Spanning Tree Protocol (RSTP, IEEE 802.1w) – This protocol reduces the
convergence time for network topology changes to about 3 to 5 seconds,
compared to 30 seconds or more for the older IEEE 802.1D STP standard. It is
intended as a complete replacement for STP, but can still interoperate with
switches running the older standard by automatically reconfiguring ports to STPcompliant mode if they detect STP protocol messages from attached devices.
Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) – This protocol is a direct
extension of RSTP. It can provide an independent spanning tree for different
VLANs. It simplifies network management, provides for even faster convergence
than RSTP by limiting the size of each region, and prevents VLAN members from
Sixnet Series MIL300 Software Manual - 42 -
R
EVISED
2015-04-10 I
D
ESCRIPTION OF SOFTWARE FEATURES
NTRODUCTION
being segmented from the rest of the group (as sometimes occurs with IEEE
802.1D STP).
Virtual LANs The switch supports up to 4093 VLANs. A Virtual LAN is a collection of network nodes
that share the same collision domain regardless of their physical location or
connection point in the network. The switch supports tagged VLANs based on the
IEEE 802.1Q standard. Members of VLAN groups can be dynamically learned via
GVRP, or ports can be manually assigned to a specific set of VLANs. This allows the
switch to restrict traffic to the VLAN groups to which a user has been assigned. By
segmenting your network into VLANs, you can:
Eliminate broadcast storms which severely degrade performance in a flat network.
Simplify network management for node changes/moves by remotely configuring
VLAN membership for any port, rather than having to manually change the
network connection.
Provide data security by restricting all traffic to the originating VLAN, except where
a connection is explicitly defined via the switch's routing service.
Use private VLANs to restrict traffic to pass only between data ports and the uplink
ports, thereby isolating adjacent ports within the same VLAN, and allowing you to
limit the total number of VLANs that need to be configured.
Use protocol VLANs to restrict traffic to specified interfaces based on protocol
type.
IEEE 802.1Q
Tunneling (QinQ)
This feature is designed for service providers carrying traffic for multiple customers
across their networks. QinQ tunneling is used to maintain customer-specific VLAN
and Layer 2 protocol configurations even when different customers use the same
internal VLAN IDs. This is accomplished by inserting Service Provider VLAN
(SPVLAN) tags into the customer’s frames when they enter the service provider’s
network, and then stripping the tags when the frames leave the network.
Traffic Prioritization This switch prioritizes each packet based on the required level of service, using eight
priority queues with strict priority, Weighted Round Robin (WRR), or a combination of
strict and weighted queuing. It uses IEEE 802.1p and 802.1Q tags to prioritize
incoming traffic based on input from the end-station application. These functions can
be used to provide independent priorities for delay-sensitive data and best-effort data.
This switch also supports several common methods of prioritizing layer 3/4 traffic to
meet application requirements. Traffic can be prioritized based on the priority bits in
the IP frame’s Type of Service (ToS) octet using DSCP, IP Precedence, or TCP/UDP
port numbers. When these services are enabled, the priorities are mapped to a Class
of Service value by the switch, and the traffic then sent to the corresponding output
queue.
Quality of Service Differentiated Services (DiffServ) provides policy-based management mechanisms
used for prioritizing network resources to meet the requirements of specific traffic
Sixnet Series MIL300 Software Manual - 43 -
R
EVISED
2015-04-10 I
D
ESCRIPTION OF SOFTWARE FEATURES
types on a per-hop basis. Each packet is classified upon entry into the network based
on access lists, IP Precedence or DSCP values, or VLAN lists. Using access lists
allows you select traffic based on Layer 2, Layer 3, or Layer 4 information contained in
each packet. Based on network policies, different kinds of traffic can be marked for
different kinds of forwarding.
IP Routing The switch provides Layer 3 IP routing. To maintain a high rate of throughput, the
switch forwards all traffic passing within the same segment, and routes only traffic that
passes between different subnetworks. The wire-speed routing provided by this switch
lets you easily link network segments or VLANs together without having to deal with
the bottlenecks or configuration hassles normally associated with conventional
routers.
Routing for unicast traffic is supported with static routing, Routing Information Protocol
(RIP), Open Shortest Path First (OSPF) protocol.
Static Routing – Traffic is automatically routed between any IP interfaces configured
on the MIL300-switch. Routing to statically configured hosts or subnet addresses is
provided based on next-hop entries specified in the static routing table.
NTRODUCTION
RIP – This protocol uses a distance-vector approach to routing. Routes are
determined on the basis of minimizing the distance vector, or hop count, which serves
as a rough estimate of transmission cost.
OSPF – This approach uses a link state routing protocol to generate a shortest-path
tree, then builds up its routing table based on this tree. OSPF produces a more stable
network because the participating routers act on network changes predictably and
simultaneously, converging on the best route more quickly than RIP. OSPFv2 is
provided for routing IPv4 traffic, and OSPFv3 for routing IPv6 traffic.
Equal-cost
Multipath Load
Balancing
When multiple paths to the same destination and with the same path cost are found in
the routing table, the Equal-cost Multipath (ECMP) algorithm first checks if the cost is
lower than that of any other routing entries. If the cost is the lowest in the table, the
switch will use up to eight paths having the lowest path cost to balance traffic
forwarded to the destination. ECMP uses either equal-cost unicast multipaths
manually configured in the static routing table, or equal-cost multipaths dynamically
detected by the Open Shortest Path Algorithm (OSPF). In other words, it uses either
static or OSPF entries, not both.
Router Redundancy The Virtual Router Redundancy Protocol (VRRP) uses a virtual IP address to support
a primary router and multiple backup routers. The backups can be configured to take
over the workload if the master fails or to load share the traffic. The primary goal of
this protocol is to allow a host device which has been configured with a fixed gateway
to maintain network connectivity in case the primary gateway goes down.
Address Resolution
Protocol
The switch uses ARP and Proxy ARP to convert between IP addresses and MAC
(hardware) addresses. This switch supports conventional ARP, which locates the
MAC address corresponding to a given IP address. This allows the switch to use IP
addresses for routing decisions and the corresponding MAC addresses to forward
Sixnet Series MIL300 Software Manual - 44 -
R
EVISED
2015-04-10 I
NTRODUCTION
S
YSTEM DEFAULTS
packets from one hop to the next. Either static or dynamic entries can be configured in
the ARP cache.
Proxy ARP allows hosts that do not support routing to determine the MAC address of
a device on another network or subnet. When a host sends an ARP request for a
remote network, the switch checks to see if it has the best route. If it does, it sends its
own MAC address to the host. The host then sends traffic for the remote destination
via the switch, which uses its own routing table to reach the destination on the other
network.
Multicast Filtering Specific multicast traffic can be assigned to its own VLAN to ensure that it does not
interfere with normal network traffic and to guarantee real-time delivery by setting the
required priority level for the designated VLAN. The switch uses IGMP Snooping and
Query at Layer 2 and IGMP at Layer 3 to manage multicast group registration. It also
supports Multicast VLAN Registration (MVR) which allows common multicast traffic,
such as television channels, to be transmitted across a single network-wide multicast
VLAN shared by hosts residing in other standard or private VLAN groups, while
preserving security and data isolation for normal traffic.
Multicast Routing Routing for multicast packets is supported by the Protocol-Independent Multicasting -
Dense Mode and Sparse Mode (PIM-DM, PIM-SM) protocols. These protocols work in
conjunction with IGMP to filter and route multicast traffic. PIM is a very simple protocol
that uses the routing table of the unicast routing protocol enabled on an interface.
Dense Mode is designed for areas where the probability of multicast clients is
relatively high, and the overhead of frequent flooding is justified. While Sparse mode is
designed for network areas, such as the Wide Area Network, where the probability of
multicast clients is low. PIM-DM and PIM-SM are supported for IPv4 and PIM-SM for
IPv6.
SYSTEM DEFAULTS
The switch’s system defaults are provided in the configuration file
“Factory_Default_Config.cfg.” To reset the switch defaults, this file should be set as
the startup configuration file.
The following table lists some of the basic system defaults.
Table 2: System Defaults
Function Parameter Default
Console Port Connection Baud Rate 115200 bps
Data bits 8
Stop bits 1
Parity none
Local Console Timeout 0 (disabled)
Sixnet Series MIL300 Software Manual - 45 -
R
EVISED
2015-04-10 I
S
YSTEM DEFAULTS
Table 2: System Defaults (Continued)
Function Parameter Default
Authentication and Security
Measures
Privileged Exec Level Username “admin”
Password “admin”
Normal Exec Level Username “guest”
Password “guest”
NTRODUCTION
Enable Privileged Exec from Normal
Exec Level
Password “super”
RADIUS Authentication Disabled
TACACS+ Authentication Disabled
802.1X Port Authentication Disabled
MAC Authentication Disabled
HTTPS Enabled
SSH Disabled
Port Security Disabled
IP Filtering Disabled
DHCP Snooping Disabled
Web Management HTTP Server Enabled
HTTP Port Number 80
HTTP Secure Server Disabled
HTTP Secure Server Redirect Disabled
SNMP SNMP Agent Enabled
Community Strings “public” (read only)
“private” (read/write)
Traps Authentication traps: enabled
Link-up-down events: enabled
SNMP V3 View: defaultview
Group: public (read only); private
(read/write)
Port Configuration Admin Status Enabled
Auto-negotiation Enabled
Flow Control Disabled
Port Trunking Static Trunks None
LACP (all ports) Disabled
Congestion Control Rate Limiting Disabled
Storm Control Broadcast: Enabled
(500 packets/sec)
Address Table Aging Time 300 seconds
Spanning Tree Algorithm Status Enabled, RSTP
(Defaults: RSTP standard)
Edge Ports Enabled
LLDP Status Enabled
Sixnet Series MIL300 Software Manual - 46 -
R
EVISED
2015-04-10 I
S
YSTEM DEFAULTS
Table 2: System Defaults (Continued)
Function Parameter Default
Virtual LANs Default VLAN 1
PVID 1
Acceptable Frame Type All
Ingress Filtering Disabled
Switchport Mode (Egress Mode) Hybrid: tagged/untagged frames
GVRP (global) Disabled
GVRP (port interface) Disabled
QinQ Tunneling Disabled
Traffic Prioritization Ingress Port Priority 0
Queue Mode WRR
NTRODUCTION
Weighted Round Robin Queue: 0 1 2 3 4 5 6 7
Weight: 1 2 4 6 8 10 12 14
Class of Service Enabled
IP Precedence Priority Disabled
IP DSCP Priority Disabled
IP Port Priority Disabled
IP Settings Management. VLAN Any VLAN configured with an IP
address
IP Address DHCP assigned
Default Gateway 0.0.0.0
DHCP Client: Enabled
Relay: Disabled
Server: Disabled
DNS Client/Proxy service: Disabled
BOOTP Disabled
ARP Enabled
Cache Timeout: 20 minutes
Proxy: Disabled
Unicast Routing RIP Disabled
OSPFv2 Disabled
OSPFv3 Disabled
Router Redundancy VRRP Disabled
Multicast Filtering IGMP Snooping (Layer 2) Snooping: Enabled
Querier: Disabled
Multicast VLAN Registration Disabled
IGMP (Layer 3)
IGMP Proxy (Layer 3)
Disabled
Disabled
System Log Status Enabled
Messages Logged Levels 0-7 (all)
Messages Logged to Flash Levels 0-3
Sixnet Series MIL300 Software Manual - 47 -
R
EVISED
2015-04-10 I
S
YSTEM DEFAULTS
Table 2: System Defaults (Continued)
Function Parameter Default
SMTP Email Alerts Event Handler Enabled (but no server defined)
SNTP Clock Synchronization Disabled
NTRODUCTION
Sixnet Series MIL300 Software Manual - 48 -
R
EVISED
2015-04-10 I
NITIAL SWITCH CONFIGURATION
C
ONNECTING TO THE SWITCH
2 INITIAL SWITCH CONFIGURATION
This chapter includes information on connecting to the switch and basic configuration
procedures.
CONNECTING TO THE SWITCH
The switch includes a built-in network management agent. The agent offers a variety
of management options, including SNMP, RMON and a web-based interface. A PC
may also be connected directly to the switch for configuration and monitoring via a
command line interface (CLI).
Configuration
Options
N
OTE
:
An IPv4 address for this switch is obtained via DHCP by default. To change this
address, see "Setting an IP Address" on page 52.
The switch’s HTTP web agent allows you to configure switch parameters, monitor port
connections, and display statistics using a standard web browser such as Internet
Explorer 5.x or above, Netscape 6.2 or above, and Mozilla Firefox 2.0.0.0 or above.
The switch’s web management interface can be accessed from any computer
attached to the network.
The CLI program can be accessed by a direct connection to the RS-232 serial console
port on the switch, or remotely by a Telnet connection over the network.
The switch’s management agent also supports SNMP (Simple Network Management
Protocol). This SNMP agent permits the switch to be managed from any system in the
network using network management software.
The switch’s web interface, console interface, and SNMP agent allow you to perform
the following management functions:
Set user names and passwords
Set an IP interface for any VLAN
Configure SNMP parameters
Enable/disable any port
Set the speed/duplex mode for any port
Configure the bandwidth of any port by limiting input or output rates
Sixnet Series MIL300 Software Manual - 49 -
I
NITIAL SWITCH CONFIGURATION
C
ONNECTING TO THE SWITCH
R
EVISED
2015-04-10
Control port access through IEEE 802.1X security or static address filtering
Filter packets using Access Control Lists (ACLs)
Configure up to 4093 IEEE 802.1Q VLANs
Enable GVRP automatic VLAN registration
Configure IP routing for unicast or multicast traffic
Configure router redundancy
Configure IGMP multicast filtering
Upload and download system firmware or configuration files via HTTP (using the
web interface) or FTP/TFTP (using the command line or web interface)
Configure Spanning Tree parameters
Configure Class of Service (CoS) priority queuing
Required
Connections
Configure static or LACP trunks
Enable port mirroring
Set storm control on any port for excessive broadcast traffic
Display system information and statistics
The switch provides an RS-232 serial port that enables a connection to a PC or
terminal for monitoring and configuring the switch.
Attach a VT100-compatible terminal, or a PC running a terminal emulation program to
the switch. You can use the console cable provided with this package, or use a nullmodem cable that complies with the wiring assignments shown in the Installation
Guide.
To connect a terminal to the console port, complete the following steps:
1. Connect the console cable to the serial port on a terminal, or a PC running
terminal emulation software, and tighten the captive retaining screws on the DB-9
connector.
2. Connect the other end of the cable to the RS-232 serial port on the switch.
3. Make sure the terminal emulation software is set as follows:
Select the appropriate serial port (COM port 1 or COM port 2).
Set the baud rate to 115200 bps.
Set the data format to 8 data bits, 1 stop bit, and no parity.
- 50 - Sixnet Series MIL300 Software Manual
R
EVISED
2015-04-10 I
Set flow control to none.
Set the emulation mode to VT100.
When using HyperTerminal, select Terminal keys, not Windows keys.
N
OTE
:
Once you have set up the terminal correctly, the console login screen will be
displayed.
For a description of how to use the CLI, see "Using the Command Line Interface" on
page 599. For a list of all the CLI commands and detailed information on using the
CLI, refer to "CLI Command Groups" on page 608.
NITIAL SWITCH CONFIGURATION
B
ASIC CONFIGURATION
Remote
Connections
Prior to accessing the switch’s onboard agent via a network connection, you must first
configure it with a valid IP address, subnet mask, and default gateway using a console
connection, or DHCP protocol.
An IPv4 address for this switch is obtained via DHCP by default. To manually
configure this address or enable dynamic address assignment via DHCP, see "Setting
an IP Address" on page 52.
N
OTE
:
This switch supports four Telnet sessions or four SSH sessions.
N
OTE
:
Any VLAN group can be assigned an IP interface address (page 52) for
managing the switch. Also, note that the Master unit does not have to include an
active port member in the VLAN interface used for management access.
After configuring the switch’s IP parameters, you can access the onboard
configuration program from anywhere within the attached network. The onboard
configuration program can be accessed using Telnet from any computer attached to
the network. The switch can also be managed by any computer using a web browser
(Internet Explorer 5.0 or above, Netscape 6.2 or above, or Mozilla Firefox 2.0.0.0 or
above), or from a network computer using SNMP network management software.
The onboard program only provides access to basic configuration functions. To
access the full range of SNMP management functions, you must use SNMP-based
network management software.
BASIC CONFIGURATION
Console Connection The CLI program provides two different command levels — normal access level
(Normal Exec) and privileged access level (Privileged Exec). The commands
available at the Normal Exec level are a limited subset of those available at the
Privileged Exec level and allow you to only display information and use basic utilities.
To fully configure the switch parameters, you must access the CLI at the Privileged
Exec level.
Sixnet Series MIL300 Software Manual - 51 -
I
NITIAL SWITCH CONFIGURATION
B
ASIC CONFIGURATION
R
EVISED
2015-04-10
Access to both CLI levels are controlled by user names and passwords. The switch
has a default user name and password for each level. To log into the CLI at the
Privileged Exec level using the default user name and password, perform these steps:
1. To initiate your console connection, press <Enter>. The “User Access Verification”
procedure starts.
2. At the Username prompt, enter “admin.”
3. At the Password prompt, also enter “admin.” (The password characters are not
displayed on the console screen.)
4. The session is opened and the CLI displays the “Console#” prompt indicating you
have access at the Privileged Exec level.
Setting Passwords If this is your first time to log into the CLI program, you should define new passwords
for both default user names using the “username” command, record them and put
them in a safe place.
Passwords can consist of up to 8 alphanumeric characters and are case sensitive. To
prevent unauthorized access to the switch, set the passwords as follows:
1. Open the console interface with the default user name and password “admin” to
access the Privileged Exec level.
2. Type “configure” and press <Enter>.
3. Type “username guest password 0 password,” for the Normal Exec level, where
password is your new password. Press <Enter>.
4. Type “username admin password 0 password,” for the Privileged Exec level,
where password is your new password. Press <Enter>.
Username: admin
Password:
CLI session with the EL 326 is opened.
To end the CLI session, enter [Exit].
Console#configure
Console(config)#username guest password 0 [password]
Console(config)#username admin password 0 [password]
Console(config)#
* This manual is based on the EL326 switch. Other than the difference in the number of ports,
there are no significant differences. Therefore nearly all of the screen display examples are
based on the EL326.
Setting an IP
Address
The switch can be configured manually for a static IP address or dynamically to obtain
an IP address via BOOTP or DHCP
- 52 - Sixnet Series MIL300 Software Manual
R
EVISED
2015-04-10 I
Manual — You have to input the information, including IP address and subnet mask.
Dynamic — The switch can send IPv4 configuration requests to BOOTP or DHCP
address allocation servers on the network. An IPv6 link local address for use in a
local network can be dynamically generated as described in "Obtaining an IPv6
Address" on page 57.
The current software does not support DHCP for IPv6, so an IPv6 global unicast
address for use in a network containing more than one subnet can only be
manually configured as described in "Assigning an IPv6 Address" on page 54.
MANUAL CONFIGURATION
You can manually assign an IP address to the switch. You may also need to specify a
default gateway that resides between this device and management stations that exist
on another network segment. Valid IPv4 addresses consist of four decimal numbers, 0
to 255, separated by periods. Anything outside this format will not be accepted by the
CLI program.
N
OTE
:
The default IPv4 address for this switch is 192.168.0.1 255.255.255.0.
NITIAL SWITCH CONFIGURATION
B
ASIC CONFIGURATION
ASSIGNING AN IPV4 ADDRESS
Before you can assign an IP address to the switch, you must obtain the following
information from your network administrator:
IP address for the switch
Network mask for this network
Default gateway for the network
To assign an IPv4 address to the switch, complete the following steps
1. From the Global Configuration mode prompt, type “interface vlan 1” to access the
interface-configuration mode. Press <Enter>.
2. Type “ip address ip-address netmask,” where “ip-address” is the switch IP
address and “netmask” is the network mask for the network. Press <Enter>.
3. Type “exit” to return to the global configuration mode prompt. Press <Enter>.
4. To set the IP address of the default gateway for the network to which the switch
belongs, type “ip default-gateway gateway,” where “gateway” is the IP address of
the default gateway. Press <Enter>.
Console(config)#interface vlan 1
Console(config-if)#ip address 192.168.1.5 255.255.255.0
Console(config-if)#exit
Console(config)#ip default-gateway 192.168.1.254
Sixnet Series MIL300 Software Manual - 53 -
I
NITIAL SWITCH CONFIGURATION
B
ASIC CONFIGURATION
R
EVISED
2015-04-10
ASSIGNING AN IPV6 ADDRESS
This section describes how to configure a “link local” address for connectivity within
the local subnet only, and also how to configure a “global unicast” address, including a
network prefix for use on a multi-segment network and the host portion of the address.
An IPv6 prefix or address must be formatted according to RFC 2373 “IPv6 Addressing
Architecture,” using 8 colon-separated 16-bit hexadecimal values. One double colon
may be used to indicate the appropriate number of zeros required to fill the undefined
fields. For detailed information on the other ways to assign IPv6 addresses, see
"Setting the Switch’s IP Address (IP Version 6)" on page 420.
Link Local Address — All link-local addresses must be configured with a prefix of
FE80. Remember that this address type makes the switch accessible over IPv6 for all
devices attached to the same local subnet only. Also, if the switch detects that the
address you configured conflicts with that in use by another device on the subnet, it
will stop using the address in question, and automatically generate a link local
address that does not conflict with any other devices on the local subnet.
To configure an IPv6 link local address for the switch, complete the following steps:
1. From the Global Configuration mode prompt, type “interface vlan 1” to access the
interface-configuration mode. Press <Enter>.
2. Type “ipv6 address” followed by up to 8 colon-separated 16-bit hexadecimal
values for the ipv6-address similar to that shown in the example, followed by the
“link-local” command parameter. Then press <Enter>.
Console(config)#interface vlan 1
Console(config-if)#ipv6 address FE80::260:3EFF:FE11:6700 link-local
Console(config-if)#end
Console#show ipv6 interface
Vlan 1 is up
IPv6 is enable.
Link-local address:
FE80::260:3EFF:FE11:6700/64
Global unicast address(es):
Joined group address(es):
FF01::1/16
FF02::1/16
FF02::1:FF11:6700/104
MTU is 1500 bytes.
ND DAD is enabled, number of DAD attempts: 1.
ND retransmit interval is 1000 milliseconds
Console#
Address for Multi-segment Network — Before you can assign an IPv6 address to the
switch that will be used to connect to a multi-segment network, you must obtain the
following information from your network administrator:
Prefix for this network
IP address for the switch
Default gateway for the network
- 54 - Sixnet Series MIL300 Software Manual
R
EVISED
2015-04-10 I
For networks that encompass several different subnets, you must define the full
address, including a network prefix and the host address for the switch. You can
specify either the full IPv6 address, or the IPv6 address and prefix length. The prefix
length for an IPv6 network is the number of bits (from the left) of the prefix that form
the network address, and is expressed as a decimal number. For example, all IPv6
addresses that start with the first byte of 73 (hexadecimal) could be expressed as
73:0:0:0:0:0:0:0/8 or 73::/8.
To generate an IPv6 global unicast address for the switch, complete the following
steps:
1. From the global configuration mode prompt, type “interface vlan 1” to access the
interface-configuration mode. Press <Enter>.
2. From the interface prompt, type “ipv6 address ipv6-address” or “ipv6 address
ipv6-address/prefix-length,” where “prefix-length” indicates the address bits used
to form the network portion of the address. (The network address starts from the
left of the prefix and should encompass some of the ipv6-address bits.) The
remaining bits are assigned to the host interface. Press <Enter>.
NITIAL SWITCH CONFIGURATION
B
ASIC CONFIGURATION
3. Type “exit” to return to the global configuration mode prompt. Press <Enter>.
4. To set the IP address of the IPv6 default gateway for the network to which the
switch belongs, type “ipv6 default-gateway gateway,” where “gateway” is the IPv6
address of the default gateway. Press <Enter>.
Console(config)#interface vlan 1
Console(config-if)#ipv6 address 2001:DB8:2222:7272::/64
Console(config-if)#ipv6 enable
Console(config-if)#exit
Console(config)#ipv6 default-gateway 2001:DB8:2222:7272::254
Console(config)end
Console#show ipv6 interface
Vlan 1 is up
IPv6 is enable.
Link-local address:
FE80::200:E8FF:FE93:82A0/64
Global unicast address(es):
2001:DB8:2222:7272::/64, subnet is 2001:DB8:2222:7272::/64
2005::212:CFFF:FE0B:4600, subnet is ::
Joined group address(es):
FF02::1:2
FF02::1:FF00:0
FF02::1:FF93:82A0
FF02::1
IPv6 link MTU is 1280 bytes
ND DAD is enabled, number of DAD attempts: 2.
ND retransmit interval is 1000 milliseconds
Console#
DYNAMIC CONFIGURATION
Obtaining an IPv4 Address
If you select the “bootp” or “dhcp” option, the system will immediately start
broadcasting service requests. IP will be enabled but will not function until a BOOTP
or DHCP reply has been received. Requests are broadcast every few minutes using
Sixnet Series MIL300 Software Manual - 55 -
I
NITIAL SWITCH CONFIGURATION
B
ASIC CONFIGURATION
R
EVISED
2015-04-10
exponential backoff until IP configuration information is obtained from a BOOTP or
DHCP server. BOOTP and DHCP values can include the IP address, subnet mask,
and default gateway. If the DHCP/BOOTP server is slow to respond, you may need to
use the “ip dhcp restart client” command to re-start broadcasting service requests.
Note that the “ip dhcp restart client” command can also be used to start broadcasting
service requests for all VLANs configured to obtain address assignments through
BOOTP or DHCP. It may be necessary to use this command when DHCP is
configured on a VLAN, and the member ports which were previously shut down are
now enabled.
If the “bootp” or “dhcp” option is saved to the startup-config file (step 6), then the
switch will start broadcasting service requests as soon as it is powered on.
To automatically configure the switch by communicating with BOOTP or DHCP
address allocation servers on the network, complete the following steps:
1. From the Global Configuration mode prompt, type “interface vlan 1” to access the
interface-configuration mode. Press <Enter>.
2. At the interface-configuration mode prompt, use one of the following commands:
To obtain IP settings via DHCP, type “ip address dhcp” and press <Enter>.
To obtain IP settings via BOOTP, type “ip address bootp” and press <Enter>.
3. Type “end” to return to the Privileged Exec mode. Press <Enter>.
4. Wait a few minutes, and then check the IP configuration settings by typing the
“show ip interface” command. Press <Enter>.
5. Then save your configuration changes by typing “copy running-config startup-
config.” Enter the startup file name and press <Enter>.
Console(config)#interface vlan 1
Console(config-if)#ip address dhcp
Console(config-if)#end
Console#show ip interface
IP address and netmask: 192.168.1.54 255.255.255.0 on VLAN 1,
and address mode: DHCP
Console#copy running-config startup-config
Startup configuration file name []: startup
\Write to FLASH Programming.
\Write to FLASH finish.
Success.
- 56 - Sixnet Series MIL300 Software Manual
R
EVISED
2015-04-10 I
OBTAINING AN IPV6 ADDRESS
Link Local Address — There are several ways to configure IPv6 addresses. The
simplest method is to automatically generate a “link local” address (identified by an
address prefix of FE80). This address type makes the switch accessible over IPv6 for
all devices attached to the same local subnet.
To generate an IPv6 link local address for the switch, complete the following steps:
1. From the Global Configuration mode prompt, type “interface vlan 1” to access the
interface-configuration mode. Press <Enter>.
2. Type “ipv6 enable” and press <Enter>.
Console(config)#interface vlan 1
Console(config-if)#ipv6 enable
Console(config-if)#end
Console#show ipv6 interface
Vlan 1 is up
IPv6 is enable.
Link-local address:
FE80::200:E8FF:FE90:0/64
Global unicast address(es):
Joined group address(es):
FF01::1/16
FF02::1/16
FF02::1:FF90:0/104
MTU is 1500 bytes.
ND DAD is enabled, number of DAD attempts: 1.
ND retransmit interval is 1000 milliseconds
Console#
NITIAL SWITCH CONFIGURATION
B
ASIC CONFIGURATION
Enabling SNMP
Management
Access
Address for Multi-segment Network — An IPv6 address for use in a network
containing more than one subnet must be manually configured as described in
"Assigning an IPv6 Address" on page 54. The current software does not support
DHCP for IPv6.
The switch can be configured to accept management commands from Simple
Network Management Protocol (SNMP) applications. You can configure the switch to
respond to SNMP requests or generate SNMP traps.
When SNMP management stations send requests to the switch (either to return
information or to set a parameter), the switch provides the requested data or sets the
specified parameter. The switch can also be configured to send information to SNMP
managers (without being requested by the managers) through trap messages, which
inform the manager that certain events have occurred.
The switch includes an SNMP agent that supports SNMP version 1, 2c, and 3 clients.
To provide management access for version 1 or 2c clients, you must specify a
community string. The switch provides a default MIB View (i.e., an SNMPv3 construct)
for the default “public” community string that provides read access to the entire MIB
tree, and a default view for the “private” community string that provides read/write
access to the entire MIB tree. However, you may assign new views to version 1 or 2c
community strings that suit your specific security requirements (see "Setting SNMPv3
Views" on page 348).
Sixnet Series MIL300 Software Manual - 57 -
I
NITIAL SWITCH CONFIGURATION
B
ASIC CONFIGURATION
R
EVISED
2015-04-10
COMMUNITY STRINGS (FOR SNMP VERSION 1 AND 2C CLIENTS)
Community strings are used to control management access to SNMP version 1 and
2c stations, as well as to authorize SNMP stations to receive trap messages from the
switch. You therefore need to assign community strings to specified users, and set the
access level.
The default strings are:
public - with read-only access. Authorized management stations are only able to
retrieve MIB objects.
private - with read/write access. Authorized management stations are able to both
retrieve and modify MIB objects.
To prevent unauthorized access to the switch from SNMP version 1 or 2c clients, it is
recommended that you change the default community strings.
To configure a community string, complete the following steps:
1. From the Privileged Exec level global configuration mode prompt, type “snmp-
server community string mode,” where “string” is the community access string and
“mode” is rw (read/write) or ro (read only). Press <Enter>. (Note that the default
mode is read only.)
2. To remove an existing string, simply type “no snmp-server community string,”
where “string” is the community access string to remove. Press <Enter>.
Console(config)#snmp-server community admin rw
Console(config)#snmp-server community private
Console(config)#
N
OTE
:
If you do not intend to support access to SNMP version 1 and 2c clients, we
recommend that you delete both of the default community strings. If there are no
community strings, then SNMP management access from SNMP v1 and v2c clients is
disabled.
TRAP RECEIVERS
You can also specify SNMP stations that are to receive traps from the switch. To
configure a trap receiver, use the “snmp-server host” command. From the Privileged
Exec level global configuration mode prompt, type:
“snmp-server host host-address community-string [version {1 | 2c | 3 {auth |
noauth | priv}}]”
where “host-address” is the IP address for the trap receiver, “community-string”
specifies access rights for a version 1/2c host, or is the user name of a version 3 host,
“version” indicates the SNMP client version, and “auth | noauth | priv” means that
authentication, no authentication, or authentication and privacy is used for v3 clients.
Then press <Enter>. For a more detailed description of these parameters, see "snmp-
- 58 - Sixnet Series MIL300 Software Manual
R
EVISED
2015-04-10 I
server host" on page 664. The following example creates a trap host for each type of
SNMP client.
Console(config)#snmp-server host 10.1.19.23 batman
Console(config)#snmp-server host 10.1.19.98 robin version 2c
Console(config)#snmp-server host 10.1.19.34 barbie version 3 auth
Console(config)#
CONFIGURING ACCESS FOR SNMP VERSION 3 CLIENTS
To configure management access for SNMPv3 clients, you need to first create a view
that defines the portions of MIB that the client can read or write, assign the view to a
group, and then assign the user to a group. The following example creates one view
called “mib-2” that includes the entire MIB-2 tree branch, and then another view that
includes the IEEE 802.1d bridge MIB. It assigns these respective read and read/write
views to a group call “r&d” and specifies group authentication via MD5 or SHA. In the
last step, it assigns a v3 user to this group, indicating that MD5 will be used for
authentication, provides the password “greenpeace” for authentication, and the
password “einstien” for encryption.
NITIAL SWITCH CONFIGURATION
M
ANAGING SYSTEM FILES
Console(config)#snmp-server view mib-2 1.3.6.1.2.1 included
Console(config)#snmp-server view 802.1d 1.3.6.1.2.1.17 included
Console(config)#snmp-server group r&d v3 auth mib-2 802.1d
Console(config)#snmp-server user steve group r&d v3 auth md5 greenpeace priv des56 einstien
Console(config)#
For a more detailed explanation on how to configure the switch for access from SNMP
v3 clients, refer to "Simple Network Management Protocol" on page 343, or refer to
the specific CLI commands for SNMP starting on page 659
MANAGING SYSTEM FILES
The switch’s flash memory supports three types of system files that can be managed
by the CLI program, web interface, or SNMP. The switch’s file system allows files to be
uploaded and downloaded, copied, deleted, and set as a start-up file.
The types of files are:
Configuration — This file type stores system configuration information and is
created when configuration settings are saved. Saved configuration files can be
selected as a system start-up file or can be uploaded via FTP/TFTP to a server for
backup. The file named “Factory_Default_Config.cfg” contains all the system
default settings and cannot be deleted from the system. If the system is booted
with the factory default settings, the master unit will also create a file named
“startup1.cfg” that contains system settings information about the unit identifier,
MAC address for each unit, and installed module types for each unit. The
configuration settings from the factory defaults configuration file are copied to this
file, which is then used to boot the switch. See "Saving or Restoring Configuration
Settings" on page 60 for more information.
Sixnet Series MIL300 Software Manual - 59 -
I
NITIAL SWITCH CONFIGURATION
M
ANAGING SYSTEM FILES
R
EVISED
2015-04-10
Operation Code — System software that is executed after boot-up, also known as
run-time code. This code runs the switch operations and provides the CLI and
web management interfaces. See "Managing System Files" on page 90 for more
information.
Diagnostic Code — Software that is run during system boot-up, also known as
POST (Power On Self-Test).
Due to the size limit of the flash memory, the switch supports only two operation code
files. However, you can have as many diagnostic code files and configuration files as
available flash memory space allows. The switch has a total of 32 Mbytes of flash
memory for system files.
In the system flash memory, one file of each type must be set as the start-up file.
During a system boot, the diagnostic and operation code files set as the start-up file
are run, and then the start-up configuration file is loaded.
Note that configuration files should be downloaded using a file name that reflects the
contents or usage of the file settings. If you download directly to the running-config,
the system will reboot, and the settings will have to be copied from the running-config
to a permanent file.
Saving or Restoring
Configuration
Settings
Configuration commands only modify the running configuration file and are not saved
when the switch is rebooted. To save all your configuration changes in nonvolatile
storage, you must copy the running configuration file to the start-up configuration file
using the “copy” command.
New startup configuration files must have a name specified. File names on the switch
are case-sensitive, can be from 1 to 31 characters, must not contain slashes (\ or /),
and the leading letter of the file name must not be a period (.). (Valid characters: A-Z,
a-z, 0-9, “.”, “-”, “_”)
There can be more than one user-defined configuration file saved in the switch’s flash
memory, but only one is designated as the “startup” file that is loaded when the switch
boots. The copy running-config startup-config command always sets the new file
as the startup file. To select a previously saved configuration file, use the boot
system config:<filename> command.
The maximum number of saved configuration files depends on available flash
memory. The amount of available flash memory can be checked by using the dir
command.
To save the current configuration settings, enter the following command:
1. From the Privileged Exec mode prompt, type “copy running-config startup-config”
and press <Enter>.
2. Enter the name of the start-up file. Press <Enter>.
Console#copy running-config startup-config
Startup configuration file name []: startup
\Write to FLASH Programming.
- 60 - Sixnet Series MIL300 Software Manual
R
EVISED
2015-04-10 I
\Write to FLASH finish.
Success.
Console#
To restore configuration settings from a backup server, enter the following command:
1. From the Privileged Exec mode prompt, type “copy tftp startup-config” and press
<Enter>.
2. Enter the address of the TFTP server. Press <Enter>.
3. Enter the name of the startup file stored on the server. Press <Enter>.
4. Enter the name for the startup file on the switch. Press <Enter>.
Console#copy tftp startup-config
TFTP server IP address: 192.168.0.4
Source configuration file name: startup-rd.cfg
Startup configuration file name [startup1.cfg]:
NITIAL SWITCH CONFIGURATION
M
ANAGING SYSTEM FILES
Success.
Console#
Sixnet Series MIL300 Software Manual - 61 -
I
NITIAL SWITCH CONFIGURATION
M
ANAGING SYSTEM FILES
R
EVISED
2015-04-10
- 62 - Sixnet Series MIL300 Software Manual
R
EVISED
2015-04-10 S
WEB CONFIGURATION
This section describes the basic switch features, along with a detailed description of
how to configure each feature via a web browser.
ECTION
| Web Configuration
This section includes these chapters:
"Using the Web Interface" on page 65
"Basic Management Tasks" on page 85
"Interface Configuration" on page 107
"VLAN Configuration" on page 137
"Address Table Settings" on page 169
"Spanning Tree Algorithm" on page 177
"Rate Limit Configuration" on page 199
"Storm Control Configuration" on page 201
"Class of Service" on page 203
"Quality of Service" on page 217
"VoIP Traffic Configuration" on page 231
"Security Measures" on page 237
"Basic Administration Protocols" on page 325
"Multicast Filtering" on page 375
"IP Configuration" on page 417
"General IP Routing" on page 437
– 63 –
S
ECTION
II
| Web Configuration
"Configuring Router Redundancy" on page 455
"IP Services" on page 465
"Unicast Routing" on page 485
"Multicast Routing" on page 565
R
EVISED
2015-04-2015
– 64 –
R
EVISED
2015-04-10 U
C
ONNECTING TO THE WEB INTERFACE
SING THE WEB INTERFACE
3 USING THE WEB INTERFACE
This switch provides an embedded HTTP web agent. Using a web browser you can
configure the switch and view statistics to monitor network activity. The web agent can
be accessed by any computer on the network using a standard web browser (Internet
Explorer 5.0 or above, Netscape 6.2 or above, or Mozilla Firefox 2.0.0.0 or above).
N
OTE
:
You can also use the Command Line Interface (CLI) to manage the switch over
a serial connection to the console port or via Telnet. For more information on using the
CLI, refer to "Using the Command Line Interface" on page 599.”
CONNECTING TO THE WEB INTERFACE
Prior to accessing the switch from a web browser, be sure you have first performed
the following tasks:
1. Configure the switch with a valid IP address, subnet mask, and default gateway
using an out-of-band serial connection, BOOTP or DHCP protocol. (See "Setting
an IP Address" on page 52.)
2. Set user names and passwords using an out-of-band serial connection. Access to
the web agent is controlled by the same user names and passwords as the
onboard configuration program. (See "Setting Passwords" on page 52.)
3. After you enter a user name and password, you will have access to the system
configuration program.
N
OTE
:
You are allowed three attempts to enter the correct password; on the third failed
attempt the current connection is terminated.
N
OTE
:
If you log into the web interface as guest (Normal Exec level), you can view the
configuration settings or change the guest password. If you log in as “admin”
(Privileged Exec level), you can change the settings on any page.
N
OTE
:
If the path between your management station and this switch does not pass
through any device that uses the Spanning Tree Algorithm, then you can set the
switch port attached to your management station to fast forwarding (i.e., enable Admin
Edge Port) to improve the switch’s response time to management commands issued
through the web interface. See "Configuring Interface Settings for STA" on page 187.
Sixnet Series MIL300 Software Manual - 65 -
U
SING THE WEB INTERFACE
N
AVIGATING THE WEB BROWSER INTERFACE
NAVIGATING THE WEB BROWSER INTERFACE
To access the web-browser interface you must first enter a user name and password.
The administrator has Read/Write access to all configuration parameters and
statistics. The default user name and password for the administrator is “admin.”
Home Page When your web browser connects with the switch’s web agent, the home page is
displayed as shown below. The home page displays the Main Menu on the left side of
the screen and System Information on the right side. The Main Menu links are used to
navigate to other menus, and display configuration parameters and statistics.
Figure 1: Home Page
R
EVISED
2015-04-10
N
OTE
:
This manual is based on the EL 326 Gigabit Ethernet switch. Other than the
number of ports supported by these models, there are no significant differences.
Therefore nearly all of the screen display examples are based on the EL 326. The
panel graphics for the switch types are shown on the following page.
N
OTE
:
You can open a connection to the manufacturer’s web site by clicking on the
®
Sixnet
logo.
- 66 - Sixnet Series MIL300 Software Manual
R
EVISED
2015-04-10 U
N
AVIGATING THE WEB BROWSER INTERFACE
SING THE WEB INTERFACE
Configuration
Options
Configurable parameters have a dialog box or a drop-down list. Once a configuration
change has been made on a page, be sure to click on the Apply button to confirm the
new setting. The following table summarizes the web page configuration buttons.
Table 1: Web Page Configuration Buttons
Button Action
Apply Sets specified values to the system.
Revert Cancels specified values and restores current values
prior to pressing “Apply.”
Displays help for the selected page.
Refreshes the current page.
Displays the site map.
Logs out of the management interface.
Sends mail to the manufacturer.
Links to the manufacture’s web site.
N
OTE
:
To ensure proper screen refresh, be sure that Internet Explorer 5.x is
configured as follows: Under the menu “Tools / Internet Options / General / Temporary
Internet Files / Settings,” the setting for item “Check for newer versions of stored
pages” should be “Every visit to the page.”
Panel Display The web agent displays an image of the switch’s ports. The Mode can be set to
display different information for the ports, including Active (i.e., up or down), Duplex
(i.e., half or full duplex), or Flow Control (i.e., with or without flow control).
Figure 2: Front Panel Indicators
Sixnet Series MIL300 Software Manual - 67 -
U
SING THE WEB INTERFACE
N
AVIGATING THE WEB BROWSER INTERFACE
R
EVISED
2015-04-10
Main Menu Using the onboard web agent, you can define system parameters, manage and
control the switch, and all its ports, or monitor network conditions. The following table
briefly describes the selections available from this program.
Table 2: Switch Main Menu
Menu Description Page
System
General Provides basic system description, including contact information 85
Switch Shows the number of ports, hardware version, power status, and firmware
Capability Enables support for jumbo frames;
File 90
Copy Allows the transfer and copying files 90
Set Startup Sets the startup file 93
Show Shows the files stored in flash memory; allows deletion of files 94
Time 95
Configure General
version numbers
shows the bridge extension parameters
86
88
Manual Manually sets the current time 95
SNTP Configures SNTP polling interval 96
Configure Time Server Configures a list of SNTP servers 97
Configure Time Zone Sets the local time zone for the system clock 98
Console Sets console port connection parameters 98
Telnet Sets Telnet connection parameters 100
CPU Utilization Displays information on CPU utilization 102
Memory Status Shows memory utilization parameters 102
Reset Restarts the switch immediately, at a specified time, after a specified delay,
Interface
Port
General
Configure by Port List Configures connection settings per port 107
Configure by Port Range Configures connection settings for a range of ports 110
Show Information Displays port connection status 110
Mirror
Add Sets the source and target ports for mirroring 112
Show Shows the configured mirror sessions 112
Statistics Shows Interface, Etherlike, RMON and Utilization port statistics 11 3
or at a periodic interval
103
Chart Shows Interface, Etherlike, RMON and Utilization port statistics 113
Cable Test Performs cable diagnostics for selected port to diagnose any cable faults
(short, open etc.) and report the cable length
- 68 - Sixnet Series MIL300 Software Manual
117
R
EVISED
2015-04-10 U
N
AVIGATING THE WEB BROWSER INTERFACE
SING THE WEB INTERFACE
Table 2: Switch Main Menu (Continued)
Menu Description Page
Trunk
Static
Configure Trunk
Add Creates a trunk, along with the first port member 119
Show Shows the configured trunk identifiers 119
Add Member Specifies ports to group into static trunks 11 9
Show Member Shows the port members for the selected trunk 119
Configure General
Configure Configures trunk connection settings 119
Show Information Displays trunk connection settings 119
Dynamic 122
Configure Aggregator Configures administration key for specific LACP groups 122
Configure Aggregation Port
Configure
General Allows ports to dynamically join trunks 122
Actor Configures parameters for link aggregation group members on the local
side
Partner Configures parameters for link aggregation group members on the remote
122
122
side
Show Information
Counters Displays statistics for LACP protocol messages 127
Internal Displays configuration settings and operational state for the local side of a
link aggregation
Neighbors Displays configuration settings and operational state for the remote side of
128
130
a link aggregation
Configure Trunk
Configure Configures connection settings 122
Show Displays port connection status 122
Show Member Shows the active members in a trunk 122
Statistics Shows Interface, Etherlike, RMON and Utilization trunk statistics 11 3
Chart Shows Interface, Etherlike, RMON and Utilization trunk statistics 113
sFlow Configures flow sampling for source and destination ports 131
Traffic Segmentation
Configure Global Enables traffic segmentation globally 133
Configure Session Configures the uplink and down-link ports for a segmented group of ports 134
VLAN Trunking Allows unknown VLAN groups to pass through the specified interface 135
Sixnet Series MIL300 Software Manual - 69 -
U
SING THE WEB INTERFACE
N
AVIGATING THE WEB BROWSER INTERFACE
R
EVISED
2015-04-10
Table 2: Switch Main Menu (Continued)
Menu Description Page
VLAN Virtual LAN
Static
Add Creates VLAN groups 140
Show Displays configured VLAN groups 140
Modify Configures group name and administrative status 140
Edit Member by VLAN Specifies VLAN attributes per VLAN 142
Edit Member by Interface Specifies VLAN attributes per interface 142
Edit Member by Interface Range Specifies VLAN attributes per interface range 142
Dynamic
Configure General Enables GVRP VLAN registration protocol globally 147
Configure Interface Configures GVRP status and timers per interface 147
Show Dynamic VLAN
Show VLAN Shows the VLANs this switch has joined through GVRP 147
Show VLAN Member Shows the interfaces assigned to a VLAN through GVRP 147
Private
Configure VLAN
Add Creates primary or community VLANs 150
Show Display configured primary and community VLANs 150
Add Community VLAN Associates a community VLAN with a primary VLAN 152
Show Community VLAN Shows the community VLANs associated with a primary VLAN 152
Configure Interface Sets the private VLAN interface type, and associates the
interfaces with a private VLAN
Tunnel IEEE 802.1Q (QinQ) Tunneling 155
Configure Global Sets tunnel mode for the switch 158
Configure Interface Sets the tunnel mode for any participating interface 159
Protocol
Configure Protocol
Add Creates a protocol group, specifying supported protocols 162
Show Shows configured protocol groups 162
Configure Interface
Add Maps a protocol group to a VLAN 163
Show Shows the protocol groups mapped to each VLAN 163
IP Subnet
Add Maps IP subnet traffic to a VLAN 165
Show Shows IP subnet to VLAN mapping 165
153
MAC-Based
Add Maps traffic with specified source MAC address to a VLAN 167
- 70 - Sixnet Series MIL300 Software Manual
R
EVISED
2015-04-10 U
N
AVIGATING THE WEB BROWSER INTERFACE
SING THE WEB INTERFACE
Table 2: Switch Main Menu (Continued)
Menu Description Page
Show Shows source MAC address to VLAN mapping 167
MAC Address
Learning Status Enables MAC address learning on selected interfaces 169
Static
Add Configures static entries in the address table 170
Show Displays static entries in the address table 170
Dynamic
Configure Aging Sets timeout for dynamically learned entries 172
Show Dynamic MAC Displays dynamic entries in the address table 173
Clear Dynamic MAC Removes any learned entries from the forwarding database and clears the
transmit and receive counts for any static or system configured entries
Spanning Tree
Loopback Detection Configures Loopback Detection parameters 179
174
STA Spanning Tree Algorithm
Configure Global
Configure Configures global bridge settings for STP, RSTP and MSTP 181
Show Information Displays STA values used for the bridge 186
Configure Interface
Configure Configures interface settings for STA 187
Show Informaton Displays interface settings for STA 190
MSTP Multiple Spanning Tree Algorithm
Configure Global
Add Configures initial VLAN and priority for an MST instance 193
Show Configures global settings for an MST instance 193
Modify Modify priority for an MST instance 193
Add Member Adds VLAN members for an MST instance 193
Show Member Displays or deletes VLAN members for an MST instance 193
Show Information Displays MSTP values used for the bridge 193
Configure Interface
Configure Configures interface settings for an MST instance 197
Show Informaton Displays interface settings for an MST instance 197
Traffic
Rate Limit Sets the input and output rate limits for a port 199
Storm Control Sets the broadcast storm threshold for each interface 201
Priority
Default Priority Sets the default priority for each port or trunk 203
Sixnet Series MIL300 Software Manual - 71 -
U
SING THE WEB INTERFACE
N
AVIGATING THE WEB BROWSER INTERFACE
R
EVISED
2015-04-10
Table 2: Switch Main Menu (Continued)
Menu Description Page
Queue Sets queue mode for the switch; sets the service weight for each queue that
CoS to Queue Specifies the hardware output queues to use for CoS priority tagged traffic 207
IP DSCP to CoS Maps IP DSCP priorities found in ingress packets to CoS values for internal
IP Precedence to CoS Maps IP Precedence priorities found in ingress packets to CoS values for
will use a weighted or hybrid mode
priority processing
internal priority processing
204
210
213
IP Port to CoS Maps network applications designated by a TCP/UDP destination port
DiffServ
Configure Class
Add Creates a class map for a type of traffic 218
Show Shows configured class maps 218
Modify Modifies the name of a class map 218
Add Rule Configures the criteria used to classify ingress traffic 218
Show Rule Shows the traffic classification rules for a class map 218
Configure Policy
Add Creates a policy map to apply to multiple interfaces 221
Show Shows configured policy maps 221
Modify Modifies the name of a policy map 221
Add Rule Sets the boundary parameters used for monitoring inbound traffic, and the
Show Rule Shows the rules used to enforce bandwidth policing for a policy map 221
Configure Interface Applies a policy map to an ingress port 230
VoIP Voice over IP 231
Configure Global Configures auto-detection of VoIP traffic, sets the Voice VLAN, and VLAN
number in the frame header to CoS values for internal processing
action to take for conforming and non-conforming traffic
aging time
215
221
231
Configure OUI 232
Add Maps the OUI in the source MAC address of ingress packets to the VoIP
Show Shows the OUI telephony list 232
Configure Interface Configures VoIP traffic settings for ports, including the way in which a port is
Security 237
AAA Authentication, Authorization and Accounting
System Authentication Configures authentication sequence – local, RADIUS, and TACACS 239
Server 240
Configure Server Configures RADIUS and TACACS server message exchange settings 240
Configure Group
Add Specifies a group of authentication servers and sets the priority sequence 240
device manufacturer
added to the Voice VLAN, filtering of non-VoIP packets, the method of
detecting VoIP traffic, and the priority assigned to the voice traffic
- 72 - Sixnet Series MIL300 Software Manual
232
234
R
EVISED
2015-04-10 U
N
AVIGATING THE WEB BROWSER INTERFACE
SING THE WEB INTERFACE
Table 2: Switch Main Menu (Continued)
Menu Description Page
Show Shows the authentication server groups and priority sequence 240
Accounting Enables accounting of requested services for billing or security purposes 244
Configure Global Specifies the interval at which the local accounting service updates
information to the accounting server
Configure Method 244
Add Configures accounting for various service types 244
Show Shows the accounting settings used for various service types 244
244
Configure Service Sets the accounting method applied to specific interfaces for 802.1X, CLI
command privilege levels for the console port, and for Telnet
244
Show Information 244
Summary Shows the configured accounting methods, and the methods applied to
specific interfaces
244
Statistics Shows basic accounting information recorded for user sessions 244
Authorization Enables authorization of requested services 249
Configure Method 249
Add Configures authorization for various service types 249
Show Shows the authorization settings used for various service types 249
Configure Service Sets the authorization method applied used for the console port, and for
249
Telnet
Show Information Shows the configured authorization methods, and the methods applied to
specific interfaces
249
User Accounts 252
Add Configures user names, passwords, and access levels 252
Show Shows authorized users 252
Modify Modifies user attributes 252
Web Authentication Allows stations to authenticate and access the network in situations where
802.1X or MAC Authentication are infeasible or impractical
253
Configure Global Enables web authentication globally, and sets message exchange
parameters
254
Configure Interface Enables web authentication on specified ports 255
Network Access MAC address-based network access authentication 256
Configure Global Enables aging for authenticated MAC addresses, and sets the time period
after which a connected MAC address must be reauthenticated
258
Configure Interface 259
General Enables MAC authentication on a port; sets the maximum number of
address that can be authenticated, the guest VLAN, dynamic VLAN and
259
dynamic QoS
Link Detection Configures detection of changes in link status, and the response (i.e., send
trap or shut down port)
261
Configure MAC Filter 262
Add Specifies MAC addresses exempt from authentication 262
Show Shows the list of exempt MAC addresses 262
Sixnet Series MIL300 Software Manual - 73 -
U
SING THE WEB INTERFACE
N
AVIGATING THE WEB BROWSER INTERFACE
R
EVISED
2015-04-10
Table 2: Switch Main Menu (Continued)
Menu Description Page
Show Information Shows the authenticated MAC address list 263
HTTPS Secure HTTP 265
Configure Global Enables HTTPs, and specifies the UDP port to use 265
Copy Certificate Replaces the default secure-site certificate 266
SSH Secure Shell 268
Configure Global Configures SSH server settings 270
Configure Host Key 272
Generate Generates the host key pair (public and private) 272
Show Displays RSA and DSA host keys; deletes host keys 272
Configure User Key 273
Copy Imports user public keys from TFTP server 273
Show Displays RSA and DSA user keys; deletes user keys 273
ACL Access Control Lists 275
Configure Time Range Configures the time to apply an ACL 276
Add Specifies the name of a time range 276
Show Shows the name of configured time ranges 276
Add Rule 276
Absolute Sets exact time or time range 276
Periodic Sets a recurrent time 276
Show Rule Shows the time specified by a rule 276
Configure ACL 280
Show TCAM Shows utilization parameters for TCAM 279
Add Adds an ACL based on IP or MAC address filtering 280
Show Shows the name and type of configured ACLs 280
Add Rule Configures packet filtering based on IP or MAC addresses and other packet
Show Rule Shows the rules specified for an ACL 280
Configure Interface Binds a port to the specified ACL and time range 293
ARP Inspection 294
Configure General Enables inspection globally, configures validation of additional address
Configure VLAN Enables ARP inspection on specified VLANs 297
Configure Interface Sets the trust mode for ports, and sets the rate limit for packet inspection 298
Show Information
Show Statistics Displays statistics on the inspection process 300
Show Log Shows the inspection log list 301
attributes
components, and sets the log rate for packet inspection
280
295
IP Filter 302
- 74 - Sixnet Series MIL300 Software Manual
R
EVISED
2015-04-10 U
N
AVIGATING THE WEB BROWSER INTERFACE
SING THE WEB INTERFACE
Table 2: Switch Main Menu (Continued)
Menu Description Page
Add Sets IP addresses of clients allowed management access via the web,
SNMP, and Telnet
Show Shows the addresses to be allowed management access 302
Port Security Configures per port security, including status, response for security breach,
and maximum allowed MAC addresses
Port Authentication IEEE 802.1X 305
Configure Global Enables authentication and EAPOL pass-through 307
Configure Interface Sets authentication parameters for individual ports 308
Show Statistics Displays protocol statistics for the selected port 312
IP Source Guard Filters IP traffic based on static entries in the IP Source Guard table, or
dynamic entries in the DHCP Snooping table
Port Configuration Enables IP source guard and selects filter type per port 313
Static Binding 315
Add Adds a static addresses to the source-guard binding table 315
Show Shows static addresses in the source-guard binding table 315
302
304
313
Dynamic Binding Displays the source-guard binding table for a selected interface 317
Administration 325
Log 325
System 325
Configure Global Stores error messages in local memory 325
Show System Logs Shows logged error messages 325
Remote Configures the logging of messages to a remote logging process 328
SMTP Sends an SMTP client message to a participating server 329
LLDP Link Layer Discovery Protocol 330
Configure Global Configures global LLDP timing parameters 330
Configure Interface Sets the message transmission mode; enables SNMP notification; and sets
the LLDP attributes to advertise
332
Show Local Device Information 335
General Displays general information about the local device 335
Port/Trunk Displays information about each interface 335
Show Remote Device Information 337
Port/Trunk Displays information about a remote device connected to a port on this
Port/Trunk Details Displays detailed information about a remote device connected to this
switch
switch
337
337
Show Device Statistics 341
General Displays statistics for all connected remote devices 341
Port/Trunk Displays statistics for remote devices on a selected port or trunk 341
SNMP Simple Network Management Protocol 343
Sixnet Series MIL300 Software Manual - 75 -
U
SING THE WEB INTERFACE
N
AVIGATING THE WEB BROWSER INTERFACE
R
EVISED
2015-04-10
Table 2: Switch Main Menu (Continued)
Menu Description Page
Configure Global Enables SNMP agent status, and sets related trap functions 345
Configure Engine
Set Engine ID Sets the SNMP v3 engine ID on this switch 346
Add Remote Engine Sets the SNMP v3 engine ID for a remote device 347
Show Remote Engine Shows configured engine ID for remote devices 347
Configure View 348
Add View Adds an SNMP v3 view of the OID MIB 348
Show View Shows configured SNMP v3 views 348
Add OID Subtree Specifies a part of the subtree for the selected view 348
Show OID Subtree Shows the subtrees assigned to each view 348
Configure Group 351
Add Adds a group with access policies for assigned users 351
Show Shows configured groups and access policies 351
Configure User
Add Community Configures community strings and access mode 354
Show Community Shows community strings and access mode 354
Add SNMPv3 Local User Configures SNMPv3 users on this switch 356
Show SNMPv3 Local User Shows SNMPv3 users configured on this switch 356
Change SNMPv3 Local User Group Assign a local user to a new group 356
Add SNMPv3 Remote User Configures SNMPv3 users from a remote device 358
Show SNMPv3 Remote User Shows SNMPv3 users set from a remote device 358
Configure Trap 360
Add Configures trap managers to receive messages on key events that occur
Show Shows configured trap managers 360
RMON Remote Monitoring 364
Configure Global
Add
Alarm Sets threshold bounds for a monitored variable 365
Event Creates a response event for an alarm 367
Show
Alarm Shows all configured alarms 365
Event Shows all configured events 367
this switch
360
Configure Interface
Add
History Periodically samples statistics on a physical interface 369
Statistics Enables collection of statistics on a physical interface 372
- 76 - Sixnet Series MIL300 Software Manual
R
EVISED
2015-04-10 U
N
AVIGATING THE WEB BROWSER INTERFACE
SING THE WEB INTERFACE
Table 2: Switch Main Menu (Continued)
Menu Description Page
Show
History Shows sampling parameters for each entry in the history group 369
Statistics Shows sampling parameters for each entry in the statistics group 372
Show Details
History Shows sampled data for each entry in the history group 369
Statistics Shows sampled data for each entry in the history group 372
IP
General
Routing Interface
Add Configures an IP interface for a VLAN 417
Show Shows the IP interfaces assigned to a VLAN 417
Ping Sends ICMP echo request packets to another node on the network 440
Trace Route Shows the route packets take to the specified
442
destination
ARP Address Resolution Protocol 443
Configure General Sets the protocol timeout, and enables or disables proxy ARP for the
specified VLAN
444
Configure Static Address 445
Add Statically maps a physical address to an IP address 445
Show Shows the MAC to IP address static table 445
Show Information
Dynamic Address Shows dynamically learned entries in the IP routing table 447
Other Address Shows internal addresses used by the switch 447
Statistics Shows statistics on ARP requests sent and received 448
Routing
Static Routes 449
Add Configures static routing entries 449
Show Shows static routing entries 449
Modify Modifies the selected static routing entry 449
Routing Table
Show Information Shows all routing entries, including local, static and dynamic routes 450
Configure ECMP Number Sets the maximum number of equal-cost paths to the same destination that
452
can be installed in the routing table
VRRP Virtual Router Redundancy Protocol 455
Configure Group ID 456
Add Adds a VRRP group identifier to a VLAN 456
Show Shows the VRRP group identifier list 456
Add IP Address Sets a virtual interface address for a VRRP group 456
Sixnet Series MIL300 Software Manual - 77 -
U
SING THE WEB INTERFACE
N
AVIGATING THE WEB BROWSER INTERFACE
R
EVISED
2015-04-10
Table 2: Switch Main Menu (Continued)
Menu Description Page
Show IP Addresses Shows the virtual interface address assigned to a VRRP group 456
Configure Detail Configure detailed settings, such as advertisement interval, preemption,
Show Statistics
Global Statistics Displays global statistics for VRRP protocol packet
Group Statistics Displays statistics for VRRP protocol events and errors on the specified
IPv6 Configuration 420
Configure Global Sets an IPv6 default gateway for traffic with no known next hop 421
Configure Interface Configures IPv6 interface address using auto-configuration or link-local
Add IPv6 Address Adds an global unicast, EUI-64, or link-local IPv6 address to an interface 424
Show IPv6 Address Show the IPv6 addresses assigned to an interface 426
Show IPv6 Neighbor Cache Displays information in the IPv6 neighbor discovery cache 428
Show Statistics 429
IPv6 Shows statistics about IPv6 traffic 429
ICMPv6 Shows statistics about ICMPv6 messages 429
UDP Shows statistics about UDP messages 429
Show MTU Shows the maximum transmission unit (MTU) cache for destinations that
IP Service
priority, and authentication
errors
VRRP group and interface
address, and sets related protocol settings
have returned an ICMP packet-too-big message along with an acceptable
MTU to this switch
456
462
462
421
435
DNS Domain Name Service 465
General
Configure Global Enables DNS lookup; defines the default domain name appended to
Add Domain Name Defines a list of domain names that can be appended to incomplete host
Show Domain Names Shows the configured domain name list 466
Add Name Server Specifies IP address of name servers for dynamic lookup 468
Show Name Servers Shows the name server address list 468
Static Host Table
Add Configures static entries for domain name to address mapping 469
Show Shows the list of static mapping entries 469
Modify Modifies the static address mapped to the selected host name 469
Cache Displays cache entries discovered by designated name servers 470
DHCP Dynamic Host Configuration Protocol 471
Client Specifies the DHCP client identifier for an interface 471
Relay Specifies DHCP relay servers 472
incomplete host names
names
465
466
- 78 - Sixnet Series MIL300 Software Manual
R
EVISED
2015-04-10 U
N
AVIGATING THE WEB BROWSER INTERFACE
SING THE WEB INTERFACE
Table 2: Switch Main Menu (Continued)
Menu Description Page
Snooping 318
Configure Global Enables DHCP snooping globally, MAC-address verification, information
option; and sets the information policy
320
Configure VLAN Enables DHCP snooping on a VLAN 321
Configure Interface Sets the trust mode for an interface 322
Show Information Displays the DHCP Snooping binding information 323
Server 474
Configure Global Enables DHCP service on this switch 474
Configure Excluded Address 475
Add Adds excluded addresses 475
Show Shows excluded addresses 475
Configure Pool 476
Add 476
Network Add address pool for network groups 476
Host Add address entry for specified host 476
Show Shows DHCP pool list 476
Modify Modifies the specified pool entry 476
Show IP Binding Displays addresses currently bound to DHCP clients 480
UDP Helper 481
General Enables UDP helper globally on the switch 481
Forwarding 482
Add Specifies the UDP destination ports for which broadcast traffic will be
forwarded
482
Show Shows the list of UDP ports to which broadcast traffic will be forwarded 482
Address 483
Add Specifies the servers to which designated UDP protocol packets are
Show Shows the servers to which designated UDP protocol packets are
forwarded
forwarded
483
483
Multicast 375
IGMP Snooping 377
General Enables multicast filtering; configures parameters for multicast snooping 379
Multicast Router 382
Add Static Multicast Router Assigns ports that are attached to a neighboring multicast router 382
Show Static Multicast Router Displays ports statically configured as attached to a neighboring multicast
Show Current Multicast Router Displays ports attached to a neighboring multicast router, either through
router
static or dynamic configuration
382
382
IGMP Member 384
Sixnet Series MIL300 Software Manual - 79 -
U
SING THE WEB INTERFACE
N
AVIGATING THE WEB BROWSER INTERFACE
R
EVISED
2015-04-10
Table 2: Switch Main Menu (Continued)
Menu Description Page
Add Static Member Statically assigns multicast addresses to the selected VLAN 384
Show Static Member Shows multicast addresses statically configured on the selected VLAN 384
Show Current Member Shows multicast addresses associated with the selected VLAN, either
Interface
Configure VLAN Configures IGMP snooping per VLAN interface 386
Show VLAN Information Shows IGMP snooping settings per VLAN interface 386
through static or dynamic configuration
384
Configure Port Configures the interface to drop IGMP query packets or all multicast data
Configure Trunk Configures the interface to drop IGMP query packets or all multicast data
Forwarding Entry Displays the current multicast groups learned through IGMP Snooping 392
Filter 393
Configure General Enables IGMP filtering for the switch 393
Configure Profile 394
Add Adds IGMP filter profile; and sets access mode 394
Show Shows configured IGMP filter profiles 394
Add Multicast Group Range Assigns multicast groups to selected profile 394
Show Multicast Group Range Shows multicast groups assigned to a profile 394
Configure Interface Assigns IGMP filter profiles to port interfaces and sets throttling action 396
IGMP Internet Group Management Protocol 397
Proxy Configures IGMP proxy service for multicast routing 398
Interface Configures Layer 3 IGMP settings for the selected VLAN interface 401
Static Group 403
Add Configures the router to be a static member of a multicast group on the
Show Shows multicast group statically assigned to a VLAN interface 403
packets
packets
specified VLAN interface
391
391
403
Group Information 405
Show Information Shows the current multicast groups learned through IGMP for each VLAN 405
Show Detail Shows detailed information on each multicast group associated with a
Multicast Routing 565
General Globally enables multicast routing 568
Information 569
Show Summary Shows each multicast route the switch has learned 569
Show Detail Shows additional information for each multicast route the switch has
MVR Multicast VLAN Registration 408
Configure General Globally enables MVR, sets the MVR VLAN 409
VLAN interface
learned, including upstream router, and downstream interfaces
- 80 - Sixnet Series MIL300 Software Manual
405
569
R
EVISED
2015-04-10 U
N
AVIGATING THE WEB BROWSER INTERFACE
SING THE WEB INTERFACE
Table 2: Switch Main Menu (Continued)
Menu Description Page
Configure Group Range
Add Configures multicast stream addresses 410
Show Shows multicast stream addresses 410
Configure Interface Configures MVR interface type and immediate leave status 411
Configure Static Group Member 413
Add Statically assigns MVR multicast streams to an interface 413
Show Show MVR multicast streams statically assigned to an interface 413
Show Member Shows information about the interfaces associated with multicast groups
assigned to the MVR VLAN
Routing Protocol
RIP Routing Information Protocol 486
General 487
Configure Enables or disables RIP, sets the global RIP attributes and timer values 487
Clear Route Clears the specified route type or network interface from the routing table 490
Network 491
Add Sets the network interfaces that will use RIP 491
Show Shows the network interfaces that will use RIP 491
Passive Interface 493
Add Stops RIP broadcast and multicast messages from being sent on specified
network interfaces
Show Shows the configured passive interfaces 493
Neighbor Address 494
Add Configures the router to directly exchange routing information with a static
neighbor
Show Shows adjacent hosts or interfaces configured as a neighboring router 494
Redistribute 495
Add Imports external routing information from other routing domains (that is,
protocols) into the autonomous system
Show Shows the external routing information to be imported from other routing
domains
415
493
494
495
495
Distance 496
Add Defines an administrative distance for external routes learned from other
Show Shows the administrative distances assigned to external routes learned
routing protocols
from other routing protocols
496
496
Interface 498
Add Configures RIP parameters for each interface, including send and receive
versions, authentication, and method of loopback prevention
498
Show Shows the RIP parameters set for each interface 498
Modify Modifies RIP parameters for an interface 498
Statistic s
Sixnet Series MIL300 Software Manual - 81 -
U
SING THE WEB INTERFACE
N
AVIGATING THE WEB BROWSER INTERFACE
R
EVISED
2015-04-10
Table 2: Switch Main Menu (Continued)
Menu Description Page
Show Interface Information Shows RIP settings, and statistics on RIP protocol messages 502
Show Peer Information Displays information on neighboring RIP routers 503
Reset Statistics Clears statistics for RIP protocol messages 503
OSPF Open Shortest Path First (Version 2) 504
Network Area 506
Add Defines OSPF area address, area ID, and process ID 506
Show Shows configured areas 506
Show Process Show configured processes 506
System 509
Configure Configures the Router ID, global settings, and default information 509
Show Shows LSA statistics, administrative status, ABR/ASBR, area count, and
Area 513
Configure Area 513
Add Area Adds NSSA or stub 513
Show Area Shows configured NSSA or stub 513
Configure NSSA Area Configures settings for importing routes into or exporting routes
Configure Stub Area Configures default cost, and settings for importing routes into a stub 517
Show Information Shows statistics for each area, including SPF startups, ABR/ASBR count,
Area Range 520
Add Configures route summaries to advertise at an area boundary 520
Show Shows route summaries advertised at an area boundary 520
Modify Modifies route summaries advertised at an area boundary 520
Redistribute 522
Add Redistributes routes from one routing domain to another 522
Show Shows route types redistributed to another domain 522
Modify Modifies configuration settings for redistributed routes 522
version number
out of not-so-stubby areas
LSA count, and LSA checksum
511
514
519
Summary Address 524
Add Aggregates routes learned from other protocols for advertising
into other autonomous systems
Show Shows configured summary addresses 524
Interface 525
Show Shows area ID and designated router settings for each interface 525
Configure by VLAN Configures OSPF protocol settings and authentication for specified VLAN 525
Configure by Address Configures OSPF protocol settings and authentication for specified
Show MD5 Key Shows MD5 key ID used for each area 525
interface address
- 82 - Sixnet Series MIL300 Software Manual
524
525
R
EVISED
2015-04-10 U
N
AVIGATING THE WEB BROWSER INTERFACE
SING THE WEB INTERFACE
Table 2: Switch Main Menu (Continued)
Menu Description Page
Virtual Link 531
Add Configures a virtual link through a transit area to the backbone 531
Show Shows virtual links, neighbor address, and state 531
Configure Detailed Settings Configures detailed protocol and authentication settings 531
Show MD5 Key Shows the MD5 key ID used for each neighbor 531
Information
LSDB Shows information about different OSPF Link State
Advertisements (LSAs)
Neighbor Shows information about each OSPF neighbor 536
OSPFv3 Open Shortest Path First (Version 3) 537
General 539
Add Creates an OSPFv3 routing process 539
Show Shows the configured OSPFv3 routing processes 539
Ta g 540
534
Configure Configures general protocol settings for OSPF 540
Show Shows administrative settings and statistics for OSPF 540
Configure Passive Interface Suppresses OSPF routing traffic on a specified interface 544
Area Configures stubs 545
Configure Area 545
Add Area Adds a stubby area 545
Show Area Shows the protocol settings for all stubs 545
Configure Area Configures protocol settings for an existing stub 545
Show Information Displays protocol information on stubs 547
Area Range Configures an ABR to advertise a single summary route that covers all the
individual networks within its area
548
Add Adds a summary route that covers all the individual networks within an area 548
Show Shows the summary routes configured for individual networks within an
area
548
Modify Modifies the advertising parameter for summary routes 548
Virtual Link 550
Add Adds a virtual link from an area that does not have a direct physical
connection to the OSPF backbone
550
Show Shows the virtual links configured on this router 550
Configure Detailed Settings Configures detailed settings for existing virtual links 550
Interface Configures interface-specific parameters used by OSPF 553
Show Area Shows the OSPF areas bound to an interface 553
Add Area Binds an OSPF area to a Layer 3 interface 553
Configure Configures OSPF protocol settings for a Layer 3 interface 553
Sixnet Series MIL300 Software Manual - 83 -
U
SING THE WEB INTERFACE
N
AVIGATING THE WEB BROWSER INTERFACE
R
EVISED
2015-04-10
Table 2: Switch Main Menu (Continued)
Menu Description Page
Modify Detailed Settings Modifies the OSPF protocol settings for a Layer 3 interface 553
Show Shows the status of OSPFv3 interfaces 557
Show Counters Shows information on neighboring routers and the exchange of protocol
Information
Neighbor Displays information about neighboring routers on each interface 560
Virtual Neighbor Shows information about the neighbor router assigned to the other end of a
Route Shows the OSPF routing table 562
Virtual Link Shows the Link State Advertisements (LSAs) stored in the link state
PIM Protocol Independent Multicasting 572
General Enables PIM globally for the switch 572
Interface Enables PIM per interface, and sets the mode to dense or sparse 572
Neighbor Displays information neighboring PIM routers 578
messages for OSPFv3 interfaces
virtual link
database for virtual links
559
561
563
PIM-SM Protocol Independent Multicasting – Sparse Mode
Configure Global Configures settings for register messages, and use of the SPT 578
BSR Candidate Configures the switch as a BSR candidate 580
RP Address 581
Add Sets a static address for an RP and the associated multicast group(s) 581
Show Shows the static addresses configured for each RP and the associated
RP Candidate 583
Add Advertises the switch as an RP candidate to the BSR for the specified
Show Shows the multicast groups for which this switch is advertising itself as an
Show Information
Show BSR Router Displays information about the BSR 585
Show RP Mapping Displays the active RPs and associated multicast routing entries 586
PIM6 PIM for IPv6
General Enables PIM globally for the switch 587
Interface Enables PIM per interface, and sets the mode to dense or sparse 588
Neighbor Displays information neighboring PIM routers 591
multicast groups
multicast groups
RP candidate to the BSR
581
583
583
- 84 - Sixnet Series MIL300 Software Manual
R
EVISED
2015-04-10 B
D
ASIC MANAGEMENT TASKS
ISPLAYING SYSTEM INFORMATION
4 BASIC MANAGEMENT TASKS
This chapter describes the following topics:
Displaying System Information – Provides basic system description, including
contact information.
Displaying Switch Hardware/Software Versions – Shows the hardware version,
power status, and firmware versions
Configuring Support for Jumbo Frames – Enables support for jumbo frames.
Displaying Bridge Extension Capabilities – Shows the bridge extension parameters.
Managing System Files – Describes how to upgrade operating software or
configuration files, and set the system start-up files.
Setting the System Clock – Sets the current time manually or through specified
SNTP servers.
Console Port Settings – Sets console port connection parameters.
Telnet Settings – Sets Telnet connection parameters.
Displaying CPU Utilization – Displays information on CPU utilization.
Displaying Memory Utilization – Shows memory utilization parameters.
Resetting the System – Restarts the switch immediately, at a specified time, after a
specified delay, or at a periodic interval.
DISPLAYING SYSTEM INFORMATION
Use the System > General page to identify the system by displaying information such
as the device name, location and contact information.
CLI REFERENCES
"System Management Commands" on page 615
"SNMP Commands" on page 659
PARAMETERS
These parameters are displayed in the web interface:
System Description – Brief description of device type.
System Object ID – MIB II object ID for switch’s network management subsystem.
Sixnet Series MIL300 Software Manual - 85 -
B
ASIC MANAGEMENT TASKS
D
ISPLAYING SWITCH HARDWARE/SOFTWARE VERSIONS
System Up Time – Length of time the management agent has been up.
System Name – Name assigned to the switch system.
System Location – Specifies the system location.
System Contact – Administrator responsible for the system.
WEB INTERFACE
To configure general system information:
1. Click System, General.
2. Specify the system name, location, and contact information for the system
administrator.
3. Click Apply.
Figure 1: System Information
R
EVISED
2015-04-10
DISPLAYING SWITCH HARDWARE/SOFTWARE VERSIONS
Use the System > Switch page to display hardware/firmware version numbers for the
main board and management software, as well as the power status of the system.
CLI REFERENCES
"System Management Commands" on page 615
PARAMETERS
The following parameters are displayed in the web interface:
Main Board Information
Serial Number – The serial number of the switch.
Number of Ports – Number of built-in ports.
Hardware Version – Hardware version of the main board.
- 86 - Sixnet Series MIL300 Software Manual
R
EVISED
2015-04-10 B
D
ISPLAYING SWITCH HARDWARE/SOFTWARE VERSIONS
Internal Power Status – Displays the status of the internal power supply.
Management Software Information
Role – Shows that this switch is operating as Master or Slave.
EPLD Version – Version number of EEPROM Programmable Logic Device.
Loader Version – Version number of loader code.
Diagnostics Code Version – Version of Power-On Self-Test (POST) and boot
code.
Operation Code Version – Version number of runtime code.
Thermal Detector – The first detector is near the air flow intake vents on both
models. The second detector is near the switch ASIC on the EL326.
Tem p erature – Temperature at specified thermal detection point.
ASIC MANAGEMENT TASKS
WEB INTERFACE
To view hardware and software version information.
1. Click System, then Switch.
Figure 2: General Switch Information
Sixnet Series MIL300 Software Manual - 87 -
B
ASIC MANAGEMENT TASKS
C
ONFIGURING SUPPORT FOR JUMBO FRAMES
CONFIGURING SUPPORT FOR JUMBO FRAMES
Use the System > Capability page to configure support for jumbo frames. The switch
provides more efficient throughput for large sequential data transfers by supporting
jumbo frames up to 10KB for Gigabit Ethernet. Compared to standard Ethernet frames
that run only up to 1.5 KB, using jumbo frames significantly reduces the per-packet
overhead required to process protocol encapsulation fields.
CLI REFERENCES
"System Management Commands" on page 615
USAGE GUIDELINES
To use jumbo frames, both the source and destination end nodes (such as a computer
or server) must support this feature. Also, when the connection is operating at full
duplex, all switches in the network between the two end nodes must be able to accept
the extended frame size. And for half-duplex connections, all devices in the collision
domain would need to support jumbo frames.
PARAMETERS
The following parameters are displayed in the web interface:
R
EVISED
2015-04-10
Jumbo Frame – Configures support for jumbo frames. (Default: Disabled)
WEB INTERFACE
To configure support for jumbo frames:
1. Click System, then Capability.
2. Enable or disable support for jumbo frames.
3. Click Apply.
Figure 3: Configuring Support for Jumbo Frames
- 88 - Sixnet Series MIL300 Software Manual
R
EVISED
2015-04-10 B
DISPLAYING BRIDGE EXTENSION CAPABILITIES
Use the System > Capability page to display settings based on the Bridge MIB. The
Bridge MIB includes extensions for managed devices that support Multicast Filtering,
Traffic Classes, and Virtual LANs. You can access these extensions to display default
settings for the key variables.
CLI REFERENCES
"GVRP and Bridge Extension Commands" on page 886
PARAMETERS
The following parameters are displayed in the web interface:
Extended Multicast Filtering Services – This switch does not support the filtering
of individual multicast addresses based on GMRP (GARP Multicast Registration
Protocol).
Traffic Classes – This switch provides mapping of user priorities to multiple traffic
classes. (Refer to "Class of Service" on page 203.)
ASIC MANAGEMENT TASKS
D
ISPLAYING BRIDGE EXTENSION CAPABILITIES
Static Entry Individual Port – This switch allows static filtering for unicast and
multicast addresses. (Refer to "Setting Static Addresses" on page 170.)
VLAN Version Number – Based on IEEE 802.1Q, “1” indicates Bridges that support
only single spanning tree (SST) operation, and “2” indicates Bridges that support
multiple spanning tree (MST) operation.
VLAN Learning – This switch uses Independent VLAN Learning (IVL), where each
port maintains its own filtering database.
Local VLAN Capable – This switch does not support multiple local bridges outside
of the scope of 802.1Q defined VLANs.
Configurable PVID Tagging – This switch allows you to override the default Port
VLAN ID (PVID used in frame tags) and egress status (VLAN-Tagged or
Untagged) on each port. (Refer to "VLAN Configuration" on page 137.)
Max Supported VLAN Numbers – The maximum number of VLANs supported on
this switch.
Max Supported VLAN ID – The maximum configurable VLAN identifier supported
on this switch.
GMRP – GARP Multicast Registration Protocol (GMRP) allows network devices to
register end stations with multicast groups. This switch does not support GMRP; it
uses the Internet Group Management Protocol (IGMP) to provide automatic
multicast filtering.
WEB INTERFACE
To view Bridge Extension information:
1. Click System, then Capability.
Sixnet Series MIL300 Software Manual - 89 -
B
ASIC MANAGEMENT TASKS
M
ANAGING SYSTEM FILES
Figure 4: Displaying Bridge Extension Configuration
R
EVISED
2015-04-10
MANAGING SYSTEM FILES
This section describes how to upgrade the switch operating software or configuration
files, and set the system start-up files.
Copying Files via
FTP/TFTP or HTTP
Use the System > File (Copy) page to upload/download firmware or configuration
settings using FTP, TFTP or HTTP. By backing up a file to an FTP or TFTP server or
management station, that file can later be downloaded to the switch to restore
operation. Specify the method of file transfer, along with the file type and file names as
required.
You can also set the switch to use new firmware or configuration settings without
overwriting the current version. Just download the file using a different name from the
current version, and then set the new file as the startup file.
CLI REFERENCES
"copy" on page 625
PARAMETERS
The following parameters are displayed in the web interface:
Copy Type – The firmware copy operation includes these options:
FTP Upgrade – Copies a file from an FTP server to the switch.
FTP Download – Copies a file from the switch to an FTP server.
- 90 - Sixnet Series MIL300 Software Manual
R
EVISED
2015-04-10 B
HTTP Upgrade – Copies a file from a management station to the switch.
HTTP Download – Copies a file from the switch to a management station
TFTP Upgrade – Copies a file from a TFTP server to the switch.
TFTP Download – Copies a file from the switch to a TFTP server.
FTP/TFTP Server IP Address – IP address of an FTP or TFTP server.
User Name – The user name for FTP server access.
Password – The password for FTP server access.
File Type – Specify Operation Code to copy firmware.
ASIC MANAGEMENT TASKS
M
ANAGING SYSTEM FILES
File Name –
The file name should not contain slashes (\ or /),
the leading letter of the
file name should not be a period (.), and the maximum length for file names is 31
characters for files on the switch. (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”)
N
OTE
:
Up to two copies of the system software (i.e., the runtime firmware) can be
stored in the file directory on the switch.
N
OTE
:
The maximum number of user-defined configuration files is limited only by
available flash memory space.
N
OTE
:
The file “Factory_Default_Config.cfg” can be copied to a file server or
management station, but cannot be used as the destination file name on the switch.
WEB INTERFACE
To copy firmware files:
1. Click System, then File.
2. Select Copy from the Action list.
3. Select FTP Upgrade, HTTP Upgrade, or TFTP Upgrade as the file transfer
method.
4. If FTP or TFTP Upgrade is used, enter the IP address of the file server.
5. If FTP Upgrade is used, enter the user name and password for your account on
the FTP server.
6. Set the file type to Operation Code.
7. Enter the name of the file to download.
8. Select a file on the switch to overwrite or specify a new file name.
9. Then click Apply.
Sixnet Series MIL300 Software Manual - 91 -
B
ASIC MANAGEMENT TASKS
M
ANAGING SYSTEM FILES
R
EVISED
2015-04-10
Figure 5: Copy Firmware
If you replaced a file currently used for startup and want to start using the new file,
reboot the system via the System > Reset menu.
Saving the Running
Configuration to a
Local File
Use the System > File (Copy) page to save the current configuration settings to a local
file on the switch. The configuration settings are not automatically saved by the
system for subsequent use when the switch is rebooted. You must save these settings
to the current startup file, or to another file which can be subsequently set as the
startup file.
CLI REFERENCES
"copy" on page 625
PARAMETERS
The following parameters are displayed in the web interface:
Copy Type – The copy operation includes this option:
Running-Config – Copies the current configuration settings to a local file on
the switch.
Destination File Name – Copy to the currently designated startup file, or to a new
The file name should not contain slashes (\ or /),
file.
the leading letter of the file
name should not be a period (.), and the maximum length for file names is 31
characters for files on the switch. (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”)
N
OTE
:
The maximum number of user-defined configuration files is limited only by
available flash memory space.
WEB INTERFACE
To save the running configuration file:
1. Click System, then File.
- 92 - Sixnet Series MIL300 Software Manual
R
EVISED
2015-04-10 B
2. Select Copy from the Action list.
3. Select Running-Config from the Copy Type list.
4. Select the current startup file on the switch to overwrite or specify a new file name.
5. Then click Apply.
Figure 6: Saving the Running Configuration
ASIC MANAGEMENT TASKS
M
ANAGING SYSTEM FILES
Setting The Start-Up
File
If you replaced a file currently used for startup and want to start using the new file,
reboot the system via the System > Reset menu.
Use the System > File (Set Start-Up) page to specify the firmware or configuration file
to use for system initialization.
CLI REFERENCES
"whichboot" on page 630
"boot system" on page 625
WEB INTERFACE
To set a file to use for system initialization:
1. Click System, then File.
2. Select Set Start-Up from the Action list.
3. Mark the operation code or configuration file to be used at startup
4. Then click Apply.
Sixnet Series MIL300 Software Manual - 93 -
B
ASIC MANAGEMENT TASKS
M
ANAGING SYSTEM FILES
R
EVISED
2015-04-10
Figure 7: Setting Start-Up Files
To start using the new firmware or configuration settings, reboot the system via the
System > Reset menu.
Showing System
Files
Use the System > File (Show) page to show the files in the system directory, or to
delete a file.
N
OTE
:
Files designated for start-up, and the Factory_Default_Config.cfg file, cannot be
deleted.
CLI REFERENCES
"dir" on page 629
"delete" on page 628
WEB INTERFACE
To show the system files:
1. Click System, then File.
2. Select Show from the Action list.
3. To delete a file, mark it in the File List and click Delete.
Figure 8: Displaying System Files
- 94 - Sixnet Series MIL300 Software Manual
R
EVISED
2015-04-10 B
SETTING THE SYSTEM CLOCK
Simple Network Time Protocol (SNTP) allows the switch to set its internal clock based
on periodic updates from a time server (SNTP or NTP). Maintaining an accurate time
on the switch enables the system log to record meaningful dates and times for event
entries. You can also manually set the clock. If the clock is not set manually or via
SNTP, the switch will only record the time from the factory default set at the last
bootup.
When the SNTP client is enabled, the switch periodically sends a request for a time
update to a configured time server. You can configure up to three time server IP
addresses. The switch will attempt to poll each server in the configured sequence.
ASIC MANAGEMENT TASKS
S
ETTING THE SYSTEM CLOCK
Setting the Time
Manually
Use the System > Time (Configure General - Manual) page to set the system time on
the switch manually without using SNTP.
CLI REFERENCES
"calendar set" on page 653
"show calendar" on page 654
PARAMETERS
The following parameters are displayed in the web interface:
Current Time – Shows the current time set on the switch.
Hours – Sets the hour. (Range: 0-23; Default: 0)
Minutes – Sets the minute value. (Range: 0-59; Default: 0)
Seconds – Sets the second value. (Range: 0-59; Default: 0)
Month – Sets the month. (Range: 1-12; Default: 1)
Day – Sets the day of the month. (Range: 1-31; Default: 1)
Year – Sets the year. (Range: 2001-2100; Default: 2009)
WEB INTERFACE
To manually set the system clock:
1. Click System, then Time.
2. Select Configure General from the Action list.
3. Select Manual from the Maintain Type list.
4. Enter the time and date in the appropriate fields.
5. Click Apply
Sixnet Series MIL300 Software Manual - 95 -
B
ASIC MANAGEMENT TASKS
S
ETTING THE SYSTEM CLOCK
Figure 9: Manually Setting the System Clock
R
EVISED
2015-04-10
Configuring SNTP Use the System > Time (Configure General - SNTP) page to configure the switch to
send time synchronization requests to time servers. Set the SNTP polling interval,
SNTP servers, and also the time zone.
CLI REFERENCES
"Time" on page 649
SETTING THE POLLING INTERVAL
Specify the polling interval at which the switch will query the time servers.
PARAMETERS
The following parameters are displayed in the web interface:
Current Time – Shows the current time set on the switch.
SNTP Polling Interval – Sets the interval between sending requests for a time
update from a time server. (Range: 16-16384 seconds; Default: 16 seconds)
WEB INTERFACE
To set the polling interval for SNTP:
1. Click System, then Time.
2. Select Configure General from the Action list.
3. Select SNTP from the Maintain Type list.
4. Modify the polling interval if required.
5. Click Apply
- 96 - Sixnet Series MIL300 Software Manual
R
EVISED
2015-04-10 B
S
Figure 10: Setting the Polling Interval for SNTP
ASIC MANAGEMENT TASKS
ETTING THE SYSTEM CLOCK
Specifying SNTP
Time Servers
Use the System > Time (Configure Time Server) page to specify the IP address for up
to three SNTP time servers.
CLI REFERENCES
"sntp server" on page 651
PARAMETERS
The following parameters are displayed in the web interface:
SNTP Server IP Address – Sets the IPv4 or IPv6 address for up to three time
servers. The switch attempts to update the time from the first server, if this fails it
attempts an update from the next server in the sequence.
WEB INTERFACE
To set the SNTP time servers:
1. Click System, then Time.
2. Select Configure Time Server from the Action list.
3. Enter the IP address of up to three time servers.
4. Click Apply.
Figure 11: Specifying SNTP Time Servers
Sixnet Series MIL300 Software Manual - 97 -
B
ASIC MANAGEMENT TASKS
C
ONSOLE PORT SETTINGS
R
EVISED
2015-04-10
Setting the Time
Zone
Use the System > Time (Configure Time Server) page to set the time zone. SNTP
uses Coordinated Universal Time (or UTC, formerly Greenwich Mean Time, or GMT)
based on the time at the Earth’s prime meridian, zero degrees longitude, which
passes through Greenwich, England. To display a time corresponding to your local
time, you must indicate the number of hours and minutes your time zone is east
(before) or west (after) of UTC. You can choose one of the 80 predefined time zone
definitions, or your can manually configure the parameters for your local time zone.
PARAMETERS
The following parameters are displayed in the web interface:
Direction: Configures the time zone to be before (east of) or after (west of) UTC.
Name – Assigns a name to the time zone. (Range: 1-29 characters)
Hours (0-13) – The number of hours before/after UTC. The maximum value before
UTC is 12. The maximum value after UTC is 13.
Minutes (0-59) – The number of minutes before/after UTC.
WEB INTERFACE
To set your local time zone:
1. Click System, then Time.
2. Select Configure Time Zone from the Action list.
3. Set the offset for your time zone relative to the UTC in hours and minutes.
4. Click Apply.
Figure 12: Setting the Time Zone
CONSOLE PORT SETTINGS
Use the System > Console menu to configure connection parameters for the switch’s
console port. You can access the onboard configuration program by attaching a
- 98 - Sixnet Series MIL300 Software Manual
Loading...